SACHMO23
2010-05-11, 03:28
Hello,
I keep getting an alert from my antivirus tell me that an IP address has been blocked. ( i get the same alert about 30 times a day) and it is not just one address. it is Three different addresses. I have run Malewarebytes, Trojan Killer, and my current Antivirus ESET. i have removed several viruses and changed registry entries.. but still get this alert. and after running Malewarebytes i continue to get the same detections.
Thanking you in advance for your time and attention.
DDS (Ver_10-03-17.01) - NTFSx86
Run by LULY at 18:00:31.81 on 10/05/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Home Edition 5.1.2600.3.1252.52.1033.18.1014.386 [GMT -6:00]
AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\explorer.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxduserv.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\lxducoms.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Acer\Acer VCM\RS_Service.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Acer\Acer VCM\AcerVCM.exe
C:\WINDOWS\system32\igfxext.exe
C:\DOCUME~1\LULY\LOCALS~1\Temp\RtkBtMnt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Microsoft Office\Office12\EXCEL.EXE
C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Servidor\servidor.exe
C:\Documents and Settings\LULY\Application Data\mjusbsp\magicJack.exe
C:\Program Files\Acer\Acer VCM\Vc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\LULY\Local Settings\Temporary Internet Files\Content.IE5\YW9V46BF\dds[1].scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.yahoo.com/
uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=0&o=xph&d=0309&m=aspire_one
uInternet Settings,ProxyOverride = *.local
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live Aplicación auxiliar de inicio de sesión: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Lexmark : {d2c5e510-be6d-42cc-9f61-e4f939078474} - c:\program files\lexmark printable web\bho.dll
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.1203.0\msneshellx.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: {F0626A63-410B-45E2-99A1-3F2475B2D695} - No File
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.1203.0\msneshellx.dll
TB: {A057A204-BACC-4D26-DFC4-6BAE8BAD3DC9} - No File
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [cdloader] "c:\documents and settings\luly\application data\mjusbsp\cdloader2.exe" MAGICJACK
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [AzMixerSel] c:\program files\realtek\audio\drivers\AzMixerSel.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [LManager] c:\progra~1\launch~1\LManager.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [PLFSetL] c:\windows\PLFSetL.exe
mRun: [snp2uvc] rundll32.exe c:\windows\system32\csnp2uvc.dll,ResetCIDS
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\luly\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acervc~1.lnk - c:\program files\acer\acer vcm\AcerVCM.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/es/scan8/oscan8.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6087.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\acer\acer vcm\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {DA203138-C1BE-23FB-CD06-4FA99FDF503E} - c:\windows\system32\sistem\svchost.exe s
Hosts: 109.123.86.100 santander.com.cl
Hosts: 109.123.86.100 santander
Hosts: 109.123.86.100 santander.cl
Hosts: 109.123.86.100 www.santander.com.cl
Hosts: 109.123.86.100 www.santander.cl
Note: multiple HOSTS entries found. Please refer to Attach.txt
============= SERVICES / DRIVERS ===============
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2007-12-21 33800]
R2 ekrn;Eset Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2007-12-21 468224]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-4-8 54752]
R2 lxdu_device;lxdu_device;c:\windows\system32\lxducoms.exe -service --> c:\windows\system32\lxducoms.exe -service [?]
R2 lxduCATSCustConnectService;lxduCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxduserv.exe [2010-4-19 98984]
R2 RS_Service;Raw Socket Service;c:\program files\acer\acer vcm\RS_Service.exe [2009-1-16 237568]
S2 gupdate1c9ba3ddd17f138;Servicio de actualización de Google (gupdate1c9ba3ddd17f138);c:\program files\google\update\GoogleUpdate.exe [2009-4-10 133104]
S3 fsssvc;Servicio de Windows Live Protección infantil;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
S3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RTS5121.sys [2009-1-16 160256]
S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\drivers\rts516xir.sys --> c:\windows\system32\drivers\Rts516xIR.sys [?]
UnknownUnknown trutil;trutil; [x]
=============== Created Last 30 ================
2010-05-07 22:12:07 436 ----a-w- c:\program files\USBshield.bat
2010-05-07 19:55:08 0 d-----w- c:\program files\Loaris
2010-05-07 16:53:30 54016 ----a-w- c:\windows\system32\drivers\orov.sys
2010-05-07 06:01:05 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2010-05-07 06:01:05 75264 ----a-w- c:\windows\system32\unacev2.dll
2010-05-07 06:01:05 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2010-05-07 06:01:05 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2010-05-07 06:01:05 153088 ----a-w- c:\windows\system32\UNRAR3.dll
2010-05-07 05:34:40 0 d-----w- c:\windows\system32\sistem
2010-05-07 05:20:59 0 d-----w- c:\docume~1\luly\applic~1\Simply Super Software
2010-05-07 05:04:23 0 d-----w- c:\program files\Trojan Remover
2010-05-07 05:04:23 0 d-----w- c:\docume~1\alluse~1\applic~1\Simply Super Software
2010-05-07 01:13:05 0 dc-h--w- c:\windows\ie8
2010-05-06 18:49:56 0 d-----w- c:\windows\system32\NtmsData
2010-05-06 04:49:20 178 --sh--w- c:\documents and settings\luly\ntuser.ini
2010-05-03 06:50:39 0 d-----w- c:\program files\iPod
2010-05-03 06:50:27 0 d-----w- c:\program files\iTunes
2010-05-03 06:35:54 0 d-----w- c:\program files\Bonjour
2010-04-30 22:52:31 7168 --sha-w- c:\windows\system32\Thumbs.db
2010-04-21 21:38:27 0 d-----w- c:\program files\Panda Security
2010-04-21 20:57:08 4952 ----a-r- C:\Bootfont.bin
2010-04-21 07:20:51 0 d-----w- c:\docume~1\luly\applic~1\Malwarebytes
2010-04-21 05:51:53 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-21 05:51:50 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-21 05:51:50 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-21 05:51:50 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-04-19 18:37:00 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2010-04-19 18:37:00 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2010-04-19 18:36:01 0 d-----w- C:\logs
2010-04-19 18:34:49 40960 ----a-w- c:\windows\system32\lxduvs.dll
2010-04-19 18:34:43 360448 ----a-w- c:\windows\system32\lxducoin.dll
2010-04-19 18:34:03 87040 -c--a-w- c:\windows\system32\dllcache\wiafbdrv.dll
2010-04-19 18:34:03 87040 ----a-w- c:\windows\system32\wiafbdrv.dll
2010-04-19 18:33:52 81920 ----a-w- c:\windows\system32\lxducaps.dll
2010-04-19 18:33:52 69632 ----a-w- c:\windows\system32\lxducnv4.dll
2010-04-19 18:33:52 1036288 ----a-w- c:\windows\system32\lxdudrs.dll
2010-04-19 18:33:33 0 d-----w- c:\program files\Lexmark Printable Web
2010-04-19 18:33:28 44 ----a-w- c:\windows\system32\lxdurwrd.ini
2010-04-19 18:33:19 352256 ----a-w- c:\windows\system32\LXDUwupd.dll
2010-04-19 18:33:19 17064 ----a-w- c:\windows\system32\LXDUwupd.exe
2010-04-19 18:31:59 679936 ----a-w- c:\windows\system32\lxduhbn3.dll
2010-04-19 18:31:59 328360 ----a-w- c:\windows\system32\lxduih.exe
2010-04-19 18:31:58 983121 ----a-w- c:\windows\system32\lxdugf.dll
2010-04-19 18:31:58 90112 ----a-w- c:\windows\system32\lxducub.dll
2010-04-19 18:31:58 81920 ----a-w- c:\windows\system32\lxducu.dll
2010-04-19 18:31:58 36864 ----a-w- c:\windows\system32\lxducur.dll
2010-04-19 18:31:58 208896 ----a-w- c:\windows\system32\lxdugrd.dll
2010-04-19 18:31:57 594600 ----a-w- c:\windows\system32\lxducoms.exe
2010-04-19 18:31:56 376832 ----a-w- c:\windows\system32\lxducomm.dll
2010-04-19 18:31:55 765952 ----a-w- c:\windows\system32\lxducomc.dll
2010-04-19 18:31:55 369320 ----a-w- c:\windows\system32\lxducfg.exe
2010-04-19 18:31:53 77906 ----a-w- c:\windows\system32\LXDUcfg.dll
2010-04-19 05:55:06 0 d-----w- c:\windows\system32\wbem\Repository
2010-04-17 01:02:33 0 d-----w- c:\docume~1\alluse~1\applic~1\Lexmark 5600-6600 Series
2010-04-12 18:39:21 0 d-----w- c:\windows\pss
==================== Find3M ====================
2010-04-15 22:06:26 822 ----a-w- c:\docume~1\luly\applic~1\wklnhst.dat
2010-04-08 19:20:02 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-04-08 19:20:02 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-03-12 20:40:16 87608 ----a-w- c:\docume~1\luly\applic~1\inst.exe
2010-03-12 20:40:16 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2010-03-12 20:40:16 47360 ----a-w- c:\docume~1\luly\applic~1\pcouffin.sys
2010-02-24 16:16:06 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-16 14:08:49 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25:04 2024448 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 04:33:11 100864 ----a-w- c:\windows\system32\6to4svc.dll
2009-01-17 00:40:47 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\application data\microsoft\feeds cache\index.dat
2009-03-21 10:55:14 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009032120090322\index.dat
============= FINISH: 18:02:21.67 ===============
I keep getting an alert from my antivirus tell me that an IP address has been blocked. ( i get the same alert about 30 times a day) and it is not just one address. it is Three different addresses. I have run Malewarebytes, Trojan Killer, and my current Antivirus ESET. i have removed several viruses and changed registry entries.. but still get this alert. and after running Malewarebytes i continue to get the same detections.
Thanking you in advance for your time and attention.
DDS (Ver_10-03-17.01) - NTFSx86
Run by LULY at 18:00:31.81 on 10/05/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Home Edition 5.1.2600.3.1252.52.1033.18.1014.386 [GMT -6:00]
AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\explorer.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxduserv.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\lxducoms.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Acer\Acer VCM\RS_Service.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Acer\Acer VCM\AcerVCM.exe
C:\WINDOWS\system32\igfxext.exe
C:\DOCUME~1\LULY\LOCALS~1\Temp\RtkBtMnt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Microsoft Office\Office12\EXCEL.EXE
C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Servidor\servidor.exe
C:\Documents and Settings\LULY\Application Data\mjusbsp\magicJack.exe
C:\Program Files\Acer\Acer VCM\Vc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\LULY\Local Settings\Temporary Internet Files\Content.IE5\YW9V46BF\dds[1].scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.yahoo.com/
uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=0&o=xph&d=0309&m=aspire_one
uInternet Settings,ProxyOverride = *.local
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live Aplicación auxiliar de inicio de sesión: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Lexmark : {d2c5e510-be6d-42cc-9f61-e4f939078474} - c:\program files\lexmark printable web\bho.dll
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.1203.0\msneshellx.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: {F0626A63-410B-45E2-99A1-3F2475B2D695} - No File
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.1203.0\msneshellx.dll
TB: {A057A204-BACC-4D26-DFC4-6BAE8BAD3DC9} - No File
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [cdloader] "c:\documents and settings\luly\application data\mjusbsp\cdloader2.exe" MAGICJACK
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [AzMixerSel] c:\program files\realtek\audio\drivers\AzMixerSel.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [LManager] c:\progra~1\launch~1\LManager.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [PLFSetL] c:\windows\PLFSetL.exe
mRun: [snp2uvc] rundll32.exe c:\windows\system32\csnp2uvc.dll,ResetCIDS
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\luly\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acervc~1.lnk - c:\program files\acer\acer vcm\AcerVCM.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/es/scan8/oscan8.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6087.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\acer\acer vcm\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {DA203138-C1BE-23FB-CD06-4FA99FDF503E} - c:\windows\system32\sistem\svchost.exe s
Hosts: 109.123.86.100 santander.com.cl
Hosts: 109.123.86.100 santander
Hosts: 109.123.86.100 santander.cl
Hosts: 109.123.86.100 www.santander.com.cl
Hosts: 109.123.86.100 www.santander.cl
Note: multiple HOSTS entries found. Please refer to Attach.txt
============= SERVICES / DRIVERS ===============
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2007-12-21 33800]
R2 ekrn;Eset Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2007-12-21 468224]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-4-8 54752]
R2 lxdu_device;lxdu_device;c:\windows\system32\lxducoms.exe -service --> c:\windows\system32\lxducoms.exe -service [?]
R2 lxduCATSCustConnectService;lxduCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxduserv.exe [2010-4-19 98984]
R2 RS_Service;Raw Socket Service;c:\program files\acer\acer vcm\RS_Service.exe [2009-1-16 237568]
S2 gupdate1c9ba3ddd17f138;Servicio de actualización de Google (gupdate1c9ba3ddd17f138);c:\program files\google\update\GoogleUpdate.exe [2009-4-10 133104]
S3 fsssvc;Servicio de Windows Live Protección infantil;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
S3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RTS5121.sys [2009-1-16 160256]
S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\drivers\rts516xir.sys --> c:\windows\system32\drivers\Rts516xIR.sys [?]
UnknownUnknown trutil;trutil; [x]
=============== Created Last 30 ================
2010-05-07 22:12:07 436 ----a-w- c:\program files\USBshield.bat
2010-05-07 19:55:08 0 d-----w- c:\program files\Loaris
2010-05-07 16:53:30 54016 ----a-w- c:\windows\system32\drivers\orov.sys
2010-05-07 06:01:05 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2010-05-07 06:01:05 75264 ----a-w- c:\windows\system32\unacev2.dll
2010-05-07 06:01:05 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2010-05-07 06:01:05 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2010-05-07 06:01:05 153088 ----a-w- c:\windows\system32\UNRAR3.dll
2010-05-07 05:34:40 0 d-----w- c:\windows\system32\sistem
2010-05-07 05:20:59 0 d-----w- c:\docume~1\luly\applic~1\Simply Super Software
2010-05-07 05:04:23 0 d-----w- c:\program files\Trojan Remover
2010-05-07 05:04:23 0 d-----w- c:\docume~1\alluse~1\applic~1\Simply Super Software
2010-05-07 01:13:05 0 dc-h--w- c:\windows\ie8
2010-05-06 18:49:56 0 d-----w- c:\windows\system32\NtmsData
2010-05-06 04:49:20 178 --sh--w- c:\documents and settings\luly\ntuser.ini
2010-05-03 06:50:39 0 d-----w- c:\program files\iPod
2010-05-03 06:50:27 0 d-----w- c:\program files\iTunes
2010-05-03 06:35:54 0 d-----w- c:\program files\Bonjour
2010-04-30 22:52:31 7168 --sha-w- c:\windows\system32\Thumbs.db
2010-04-21 21:38:27 0 d-----w- c:\program files\Panda Security
2010-04-21 20:57:08 4952 ----a-r- C:\Bootfont.bin
2010-04-21 07:20:51 0 d-----w- c:\docume~1\luly\applic~1\Malwarebytes
2010-04-21 05:51:53 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-21 05:51:50 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-21 05:51:50 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-21 05:51:50 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-04-19 18:37:00 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2010-04-19 18:37:00 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2010-04-19 18:36:01 0 d-----w- C:\logs
2010-04-19 18:34:49 40960 ----a-w- c:\windows\system32\lxduvs.dll
2010-04-19 18:34:43 360448 ----a-w- c:\windows\system32\lxducoin.dll
2010-04-19 18:34:03 87040 -c--a-w- c:\windows\system32\dllcache\wiafbdrv.dll
2010-04-19 18:34:03 87040 ----a-w- c:\windows\system32\wiafbdrv.dll
2010-04-19 18:33:52 81920 ----a-w- c:\windows\system32\lxducaps.dll
2010-04-19 18:33:52 69632 ----a-w- c:\windows\system32\lxducnv4.dll
2010-04-19 18:33:52 1036288 ----a-w- c:\windows\system32\lxdudrs.dll
2010-04-19 18:33:33 0 d-----w- c:\program files\Lexmark Printable Web
2010-04-19 18:33:28 44 ----a-w- c:\windows\system32\lxdurwrd.ini
2010-04-19 18:33:19 352256 ----a-w- c:\windows\system32\LXDUwupd.dll
2010-04-19 18:33:19 17064 ----a-w- c:\windows\system32\LXDUwupd.exe
2010-04-19 18:31:59 679936 ----a-w- c:\windows\system32\lxduhbn3.dll
2010-04-19 18:31:59 328360 ----a-w- c:\windows\system32\lxduih.exe
2010-04-19 18:31:58 983121 ----a-w- c:\windows\system32\lxdugf.dll
2010-04-19 18:31:58 90112 ----a-w- c:\windows\system32\lxducub.dll
2010-04-19 18:31:58 81920 ----a-w- c:\windows\system32\lxducu.dll
2010-04-19 18:31:58 36864 ----a-w- c:\windows\system32\lxducur.dll
2010-04-19 18:31:58 208896 ----a-w- c:\windows\system32\lxdugrd.dll
2010-04-19 18:31:57 594600 ----a-w- c:\windows\system32\lxducoms.exe
2010-04-19 18:31:56 376832 ----a-w- c:\windows\system32\lxducomm.dll
2010-04-19 18:31:55 765952 ----a-w- c:\windows\system32\lxducomc.dll
2010-04-19 18:31:55 369320 ----a-w- c:\windows\system32\lxducfg.exe
2010-04-19 18:31:53 77906 ----a-w- c:\windows\system32\LXDUcfg.dll
2010-04-19 05:55:06 0 d-----w- c:\windows\system32\wbem\Repository
2010-04-17 01:02:33 0 d-----w- c:\docume~1\alluse~1\applic~1\Lexmark 5600-6600 Series
2010-04-12 18:39:21 0 d-----w- c:\windows\pss
==================== Find3M ====================
2010-04-15 22:06:26 822 ----a-w- c:\docume~1\luly\applic~1\wklnhst.dat
2010-04-08 19:20:02 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-04-08 19:20:02 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-03-12 20:40:16 87608 ----a-w- c:\docume~1\luly\applic~1\inst.exe
2010-03-12 20:40:16 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2010-03-12 20:40:16 47360 ----a-w- c:\docume~1\luly\applic~1\pcouffin.sys
2010-02-24 16:16:06 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-16 14:08:49 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25:04 2024448 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 04:33:11 100864 ----a-w- c:\windows\system32\6to4svc.dll
2009-01-17 00:40:47 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\application data\microsoft\feeds cache\index.dat
2009-03-21 10:55:14 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009032120090322\index.dat
============= FINISH: 18:02:21.67 ===============