Page 2 of 3 FirstFirst 123 LastLast
Results 11 to 20 of 23

Thread: Yet another Virtumonde victim...

  1. #11
    Security Expert: Emeritus
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    29,374

    Default

    Looks like we need other methods.

    Please download Malwarebytes Anti-Malware and save it to your desktop.
    alternate download link 1
    alternate download link 2
    • Make sure you are connected to the Internet.
    • Double-click on mbam-setup.exe to install the application.
    • When the installation begins, follow the prompts and do not make any changes to default settings.
    • When installation has finished, make sure you leave both of these checked:
      • Update Malwarebytes' Anti-Malware
      • Launch Malwarebytes' Anti-Malware
    • Then click Finish.
    • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
    • On the Scanner tab:
      • Make sure the "Perform Full Scan" option is selected.
      • Then click on the Scan button.
    • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
    • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
    • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
    • Click OK to close the message box and continue with the removal process.
    • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
    • Make sure that everything is checked, and click Remove Selected.
    • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
    • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
    • Copy and paste the contents of that report in your next reply and exit MBAM.
    Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

    Re-run rsit.

    Post:

    - a fresh rsit log
    - mbam log
    Microsoft MVP Consumer Security 2008-2011

    Member of ASAP and UNITE since 2006

  2. #12
    Junior Member
    Join Date
    Jan 2009
    Location
    Venezuela
    Posts
    14

    Default

    ... is that effing thing immortal? Dang!

  3. #13
    Security Expert: Emeritus
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    29,374

    Default

    No, just stubborn.

    If that doesn't work, we have other methods left
    Microsoft MVP Consumer Security 2008-2011

    Member of ASAP and UNITE since 2006

  4. #14
    Junior Member
    Join Date
    Jan 2009
    Location
    Venezuela
    Posts
    14

    Default MBAM log

    I don't see the blasted thing now, neither does the KAV. I hope it's removed, though I confess I froze when I saw Vundo in those logs. I still tremble seeing it on the Quarantine. Do I get to delete them from there? And do you happen to you why the thing never put a full attack on me?

    MBAM

    Malwarebytes' Anti-Malware 1.33
    Database version: 1673
    Windows 5.1.2600 Service Pack 2

    21/01/2009 03:03:55 p.m.
    mbam-log-2009-01-21 (15-03-55).txt

    Scan type: Full Scan (C:\|E:\|F:\|)
    Objects scanned: 119798
    Time elapsed: 32 minute(s), 1 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 1
    Registry Keys Infected: 7
    Registry Values Infected: 1
    Registry Data Items Infected: 4
    Folders Infected: 0
    Files Infected: 4

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    C:\WINDOWS\system32\geBsQIXN.dll (Trojan.Vundo.H) -> Delete on reboot.

    Registry Keys Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{148e59aa-42ac-407c-8049-546a9a0a696a} (Trojan.Vundo.H) -> Delete on reboot.
    HKEY_CLASSES_ROOT\CLSID\{148e59aa-42ac-407c-8049-546a9a0a696a} (Trojan.Vundo.H) -> Delete on reboot.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{148e59aa-42ac-407c-8049-546a9a0a696a} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{53fe12c2-4429-488f-847b-7b285f8f6778} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

    Registry Values Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{53fe12c2-4429-488f-847b-7b285f8f6778} (Trojan.Vundo) -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\gebsqixn -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\gebsqixn -> Delete on reboot.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSMHelp (Hijack.Help) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    C:\WINDOWS\system32\geBsQIXN.dll (Trojan.Vundo.H) -> Delete on reboot.
    C:\WINDOWS\system32\NXIQsBeg.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\NXIQsBeg.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.

  5. #15
    Junior Member
    Join Date
    Jan 2009
    Location
    Venezuela
    Posts
    14

    Default RSIT fresh log

    I want to thank you for helping me out and for being patient with me for free; since I'm a high school teacher I live off being paid to be patient when I'm not XD. I certainly wasn't patient when waiting for the MBAM to finish XD. And if you see the thing gone, I'd like you to give me some pointers to be protected... by the way, is it okay that Windows Firewall apppears to be disabled? I just noticed this today.

    Sorry, talking too much. But I have a ton of things to ask...


    RSIT

    Logfile of random's system information tool 1.05 (written by random/random)
    Run by Administrador at 2009-01-21 15:06:22
    Microsoft Windows XP Professional Service Pack 2
    System drive C: has 49 GB (82%) free of 60 GB
    Total RAM: 895 MB (39% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 03:06:26 p.m., on 21/01/2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0011)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\RTHDCPL.EXE
    C:\Archivos de programa\CyberLink\PowerDVD\PDVDServ.exe
    C:\Archivos de programa\Adobe\Reader 8.0\Reader\Reader_sl.exe
    C:\Archivos de programa\Unlocker\UnlockerAssistant.exe
    C:\Archivos de programa\Microsoft Office\Office12\GrooveMonitor.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Archivos de programa\HP\HP Software Update\HPWuSchd2.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Archivos de programa\UpsPilot\Winpower.exe
    C:\Archivos de programa\UpsPilot\jre\bin\javaw.exe
    C:\WINDOWS\system32\WService.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Archivos de programa\Picasa2\PicasaMediaDetector.exe
    C:\Archivos de programa\Archivos comunes\Ahead\Lib\NMBgMonitor.exe
    C:\Archivos de programa\Spybot - Search & Destroy\TeaTimer.exe
    C:\Archivos de programa\Archivos comunes\Ahead\Lib\NMIndexStoreSvr.exe
    C:\Archivos de programa\IVT Corporation\BlueSoleil\BlueSoleil.exe
    C:\Archivos de programa\IVT Corporation\BlueSoleil\BTNtService.exe
    C:\Archivos de programa\Bonjour\mDNSResponder.exe
    C:\Archivos de programa\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Archivos de programa\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
    C:\Archivos de programa\Archivos comunes\LightScribe\LSSrvc.exe
    C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
    C:\Archivos de programa\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
    C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
    C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
    C:\Archivos de programa\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Archivos de programa\CyberLink\Shared files\RichVideo.exe
    C:\WINDOWS\system32\svchost.exe
    C:\ARCHIV~1\UpsPilot\monitor.exe
    C:\WINDOWS\system32\DRIVERS\WtSrv.exe
    C:\Archivos de programa\UpsPilot\jre\bin\javaw.exe
    C:\Archivos de programa\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
    C:\Archivos de programa\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\ARCHIV~1\UpsPilot\wpRMI.exe
    C:\Archivos de programa\UpsPilot\jre\bin\javaw.exe
    C:\Archivos de programa\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
    C:\Documents and Settings\Administrador\Escritorio\RSIT.exe
    C:\Archivos de programa\trend micro\Administrador.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: Barra Yahoo! con bloqueador de ventanas emergentes - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: Aplicación auxiliar de vínculos de Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Archivos comunes\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Archivos de programa\FlashGet\jccatch.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARCHIV~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {583DC601-BBD7-4D0E-A9EA-485D9769986E} - (no file)
    O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Archivos de programa\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARCHIV~1\MICROS~1\Office12\GRA8E1~1.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Archivos de programa\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Archivos de programa\FlashGet\getflash.dll
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [RemoteControl] "C:\Archivos de programa\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [LanguageShortcut] "C:\Archivos de programa\CyberLink\PowerDVD\Language\Language.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Archivos de programa\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Archivos de programa\Unlocker\UnlockerAssistant.exe"
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Archivos de programa\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Archivos de programa\Archivos comunes\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Archivos de programa\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [Winpower] C:\Archivos de programa\UpsPilot\Winpower.exe
    O4 - HKLM\..\Run: [WService] WService.EXE
    O4 - HKLM\..\Run: [AVP] "C:\Archivos de programa\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Picasa Media Detector] C:\Archivos de programa\Picasa2\PicasaMediaDetector.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Archivos de programa\Archivos comunes\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Archivos de programa\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICIO LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICIO LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Servicio de red')
    O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Servicio de red')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
    O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
    O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
    O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
    O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
    O4 - Global Startup: BlueSoleil.lnk = ?
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Archivos de programa\HP\Digital Imaging\bin\hpqtra08.exe
    O8 - Extra context menu item: &Download All with FlashGet - C:\ARCHIV~1\FlashGet\jc_all.htm
    O8 - Extra context menu item: &Download with FlashGet - C:\ARCHIV~1\FlashGet\jc_link.htm
    O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~1\Office12\EXCEL.EXE/3000
    O9 - Extra button: Estadísticas de protección del tráfico Web - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Archivos de programa\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
    O9 - Extra button: Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARCHIV~1\MICROS~1\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: &Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARCHIV~1\MICROS~1\Office12\ONBttnIE.dll
    O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Archivos de programa\FlashGet\FlashGet.exe
    O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Archivos de programa\FlashGet\FlashGet.exe
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARCHIV~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARCHIV~1\SPYBOT~1\SDHelper.dll
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/spanish...an_unicode.cab
    O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/actives.../as2stubie.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Archivos de programa\Yahoo!\Common\yinsthelper.dll
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARCHIV~1\MICROS~1\Office12\GR99D3~1.DLL
    O20 - AppInit_DLLs: C:\ARCHIV~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\ARCHIV~1\KASPER~1\KASPER~1\mzvkbd3.dll
    O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Archivos de programa\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
    O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Archivos de programa\IVT Corporation\BlueSoleil\BTNtService.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Archivos de programa\Bonjour\mDNSResponder.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Archivos de programa\Archivos comunes\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Archivos de programa\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Archivos de programa\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Archivos de programa\Archivos comunes\LightScribe\LSSrvc.exe
    O23 - Service: NBService - Nero AG - C:\Archivos de programa\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Archivos de programa\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
    O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Archivos de programa\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Archivos de programa\CyberLink\Shared files\RichVideo.exe
    O23 - Service: Winpowermanager - Macrovision - C:\ARCHIV~1\UpsPilot\manager.exe
    O23 - Service: Winpowermonitor - Macrovision - C:\ARCHIV~1\UpsPilot\monitor.exe
    O23 - Service: WinpowerRMI - Macrovision - C:\ARCHIV~1\UpsPilot\wpRMI.exe
    O23 - Service: WinTab Service (WinTabService) - Tablet Driver - C:\WINDOWS\system32\DRIVERS\WtSrv.exe

    --
    End of file - 11868 bytes

    ======Scheduled tasks folder======

    C:\WINDOWS\tasks\Mantenimiento con 1 clic.job

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
    Aplicación auxiliar de vínculos de Adobe PDF Reader - C:\Archivos de programa\Archivos comunes\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}]
    FGCatchUrl - C:\Archivos de programa\FlashGet\jccatch.dll [2007-08-06 94308]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
    Spybot-S&D IE Protection - C:\ARCHIV~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{583DC601-BBD7-4D0E-A9EA-485D9769986E}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
    IEVkbdBHO Class - C:\Archivos de programa\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll [2008-11-11 62728]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
    Groove GFS Browser Helper - C:\ARCHIV~1\MICROS~1\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
    SSVHelper Class - C:\Archivos de programa\Java\jre1.6.0_03\bin\ssv.dll [2007-09-25 501136]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F156768E-81EF-470C-9057-481BA8380DBA}]
    FlashGet GetFlash Class - C:\Archivos de programa\FlashGet\getflash.dll [2007-05-18 163840]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-11-06 16855552]
    "Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
    "RemoteControl"=C:\Archivos de programa\CyberLink\PowerDVD\PDVDServ.exe [2007-02-07 71216]
    "LanguageShortcut"=C:\Archivos de programa\CyberLink\PowerDVD\Language\Language.exe [2007-02-07 54832]
    "Adobe Reader Speed Launcher"=C:\Archivos de programa\Adobe\Reader 8.0\Reader\Reader_sl.exe [2007-10-10 39792]
    "UnlockerAssistant"=C:\Archivos de programa\Unlocker\UnlockerAssistant.exe [2006-09-07 15872]
    "GrooveMonitor"=C:\Archivos de programa\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]
    "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-10-31 7634944]
    "nwiz"=nwiz.exe /install []
    "NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2006-10-31 86016]
    "NeroFilterCheck"=C:\Archivos de programa\Archivos comunes\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]
    "HP Software Update"=C:\Archivos de programa\HP\HP Software Update\HPWuSchd2.exe [2005-05-11 49152]
    "BluetoothAuthenticationAgent"=C:\WINDOWS\system32\bthprops.cpl [2004-08-19 110592]
    "Winpower"=C:\Archivos de programa\UpsPilot\Winpower.exe [2008-09-03 114688]
    "WService"=C:\WINDOWS\system32\WService.EXE [2002-09-07 28672]
    "AVP"=C:\Archivos de programa\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe [2008-11-11 206088]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-19 15360]
    "Picasa Media Detector"=C:\Archivos de programa\Picasa2\PicasaMediaDetector.exe [2007-10-23 443968]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Archivos de programa\Archivos comunes\Ahead\Lib\NMBgMonitor.exe [2006-11-16 139264]
    "SpybotSD TeaTimer"=C:\Archivos de programa\Spybot - Search & Destroy\TeaTimer.exe [2008-09-16 1833296]

    C:\Documents and Settings\All Users\Menú Inicio\Programas\Inicio
    BlueSoleil.lnk - C:\Archivos de programa\IVT Corporation\BlueSoleil\BlueSoleil.exe
    HP Digital Imaging Monitor.lnk - C:\Archivos de programa\HP\Digital Imaging\bin\hpqtra08.exe

    C:\Documents and Settings\Administrador\Menú Inicio\Programas\Inicio
    RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
    TransBar.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
    UberIcon.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
    Y'z Shadow.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLS"="C:\ARCHIV~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\ARCHIV~1\KASPER~1\KASPER~1\mzvkbd3.dll"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
    C:\WINDOWS\system32\klogon.dll [2008-11-11 218376]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
    C:\WINDOWS\system32\WgaLogon.dll [2007-04-10 236928]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll [2008-01-09 133632]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\ARCHIV~1\MICROS~1\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveTypeAutoRun"=36
    "ForceClassicControlPanel"=1
    "NoSMConfigurePrograms"=1
    "NoResolveTrack"=1
    "NoResolveSearch"=1
    "NoDriveAutoRun"=FFFFFFFF

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\Archivos de programa\CyberLink\PowerDVD\PowerDVD.exe"="C:\Archivos de programa\CyberLink\PowerDVD\PowerDVD.exe:*:Enabled:CyberLink PowerDVD"
    "C:\Archivos de programa\FlashGet\flashget.exe"="C:\Archivos de programa\FlashGet\flashget.exe:*:Enabled:Flashget"
    "C:\Archivos de programa\Windows Live\Messenger\msnmsgr.exe"="C:\Archivos de programa\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\Archivos de programa\Windows Live\Messenger\livecall.exe"="C:\Archivos de programa\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
    "C:\Archivos de programa\Bonjour\mDNSResponder.exe"="C:\Archivos de programa\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
    "C:\Archivos de programa\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Archivos de programa\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
    "C:\Archivos de programa\Microsoft Office\Office12\GROOVE.EXE"="C:\Archivos de programa\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
    "C:\Archivos de programa\Microsoft Office\Office12\ONENOTE.EXE"="C:\Archivos de programa\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
    "C:\Archivos de programa\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe"="C:\Archivos de programa\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe:*:Enabled:Apache HTTP Server"
    "C:\Archivos de programa\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Archivos de programa\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
    "C:\Archivos de programa\HP\Digital Imaging\bin\hpqste08.exe"="C:\Archivos de programa\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
    "C:\Archivos de programa\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Archivos de programa\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
    "C:\Archivos de programa\HP\Digital Imaging\bin\hposfx08.exe"="C:\Archivos de programa\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
    "C:\Archivos de programa\HP\Digital Imaging\bin\hposid01.exe"="C:\Archivos de programa\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
    "C:\Archivos de programa\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Archivos de programa\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
    "C:\Archivos de programa\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Archivos de programa\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
    "C:\Archivos de programa\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Archivos de programa\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
    "C:\Archivos de programa\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Archivos de programa\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
    "C:\Archivos de programa\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Archivos de programa\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
    "C:\Archivos de programa\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Archivos de programa\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
    "C:\Archivos de programa\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Archivos de programa\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
    "C:\Archivos de programa\HP\Digital Imaging\bin\hpoews01.exe"="C:\Archivos de programa\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
    "C:\Archivos de programa\IVT Corporation\BlueSoleil\BlueSoleil.exe"="C:\Archivos de programa\IVT Corporation\BlueSoleil\BlueSoleil.exe:*:Enabled:BlueSoleil"
    "C:\Archivos de programa\Malwarebytes' Anti-Malware\mbam.exe"="C:\Archivos de programa\Malwarebytes' Anti-Malware\mbam.exe:*:Enabled:Malwarebytes' Anti-Malware"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\Archivos de programa\Windows Live\Messenger\msnmsgr.exe"="C:\Archivos de programa\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\Archivos de programa\Windows Live\Messenger\livecall.exe"="C:\Archivos de programa\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

    ======List of files/folders created in the last 1 months======

    2009-01-21 14:21:34 ----D---- C:\Documents and Settings\Administrador\Datos de programa\Malwarebytes
    2009-01-21 14:21:29 ----D---- C:\Documents and Settings\All Users\Datos de programa\Malwarebytes
    2009-01-21 14:21:29 ----D---- C:\Archivos de programa\Malwarebytes' Anti-Malware
    2009-01-21 13:52:37 ----A---- C:\WINDOWS\system32\e7581d93-.txt
    2009-01-21 13:50:40 ----D---- C:\_OTMoveIt
    2009-01-21 13:47:25 ----D---- C:\WINDOWS\ERDNT
    2009-01-21 13:46:39 ----D---- C:\Archivos de programa\ERUNT
    2009-01-21 12:39:00 ----RASHD---- C:\autorun.inf
    2009-01-17 08:08:12 ----D---- C:\Archivos de programa\trend micro
    2009-01-17 08:08:11 ----D---- C:\rsit
    2009-01-17 07:16:06 ----A---- C:\WINDOWS\wininit.ini
    2009-01-04 07:53:15 ----A---- C:\WINDOWS\system32\NCTWMAFile2.dll
    2009-01-04 07:53:15 ----A---- C:\WINDOWS\system32\NCTAudioInformation2.dll
    2009-01-04 07:53:15 ----A---- C:\WINDOWS\system32\NCTAudioFile2.dll
    2009-01-04 07:53:15 ----A---- C:\WINDOWS\system32\NCTAudioCDGrabber2.dll
    2009-01-04 07:53:15 ----A---- C:\WINDOWS\system32\msvcr70.dll
    2009-01-04 07:53:14 ----D---- C:\Archivos de programa\Free Mp3WmaOgg Converter
    2009-01-04 07:53:14 ----A---- C:\WINDOWS\system32\lame_enc.dll
    2009-01-04 06:39:19 ----A---- C:\WINDOWS\amcap.exe
    2009-01-04 06:39:14 ----A---- C:\WINDOWS\vsnpstd.exe
    2009-01-04 06:39:14 ----A---- C:\WINDOWS\system32\dsnpstd.dll
    2009-01-04 06:39:14 ----A---- C:\WINDOWS\snpstd.ini
    2009-01-04 06:39:06 ----D---- C:\Archivos de programa\Archivos comunes\snpstd
    2009-01-04 06:39:06 ----A---- C:\WINDOWS\usnpstd.exe
    2009-01-04 06:39:06 ----A---- C:\WINDOWS\system32\vsnpstd.dll
    2009-01-04 06:39:06 ----A---- C:\WINDOWS\system32\rsnpstd.dll
    2009-01-04 06:39:06 ----A---- C:\WINDOWS\system32\csnpstd.dll
    2008-12-24 10:24:50 ----D---- C:\Documents and Settings\Administrador\Datos de programa\Mozilla
    2008-12-23 20:10:38 ----D---- C:\Documents and Settings\All Users\Datos de programa\Kaspersky Lab
    2008-12-23 20:10:38 ----D---- C:\Archivos de programa\Kaspersky Lab
    2008-12-23 20:06:29 ----D---- C:\Documents and Settings\All Users\Datos de programa\Kaspersky Lab Setup Files
    2008-12-23 19:36:58 ----D---- C:\WINDOWS\system32\Kaspersky Lab

    ======List of files/folders modified in the last 1 months======

    2009-01-21 15:05:32 ----D---- C:\WINDOWS\Temp
    2009-01-21 15:04:47 ----D---- C:\WINDOWS
    2009-01-21 15:04:41 ----D---- C:\WINDOWS\system32\drivers
    2009-01-21 15:04:41 ----D---- C:\WINDOWS\system32
    2009-01-21 15:04:21 ----A---- C:\WINDOWS\SchedLgU.Txt
    2009-01-21 14:24:22 ----D---- C:\WINDOWS\system32\CatRoot2
    2009-01-21 14:21:29 ----RD---- C:\Archivos de programa
    2009-01-21 13:57:15 ----D---- C:\Archivos de programa\Mozilla Firefox
    2009-01-21 13:16:23 ----D---- C:\Documents and Settings\All Users\Datos de programa\Spybot - Search & Destroy
    2009-01-20 17:56:28 ----D---- C:\Archivos de programa\UpsPilot
    2009-01-20 15:58:44 ----A---- C:\WINDOWS\NeroDigital.ini
    2009-01-18 16:18:16 ----D---- C:\Documents and Settings\Administrador\Datos de programa\Adobe
    2009-01-18 15:30:50 ----RSD---- C:\WINDOWS\Fonts
    2009-01-17 07:00:51 ----D---- C:\Archivos de programa\Spybot - Search & Destroy
    2009-01-15 16:42:15 ----HD---- C:\Config.Msi
    2009-01-14 18:22:04 ----D---- C:\Archivos de programa\FlashGet
    2009-01-14 15:03:36 ----A---- C:\WINDOWS\avisplitter.INI
    2009-01-14 14:46:29 ----SHD---- C:\WINDOWS\Installer
    2009-01-14 14:46:21 ----D---- C:\Documents and Settings\All Users\Datos de programa\Microsoft Help
    2009-01-14 14:45:53 ----D---- C:\Archivos de programa\Archivos comunes\Microsoft Shared
    2009-01-14 14:45:49 ----HD---- C:\WINDOWS\inf
    2009-01-04 08:41:56 ----SD---- C:\Documents and Settings\Administrador\Datos de programa\Microsoft
    2009-01-04 06:39:14 ----D---- C:\WINDOWS\twain_32
    2009-01-04 06:39:06 ----D---- C:\Archivos de programa\Archivos comunes
    2009-01-04 06:39:00 ----HD---- C:\Archivos de programa\InstallShield Installation Information
    2008-12-24 11:31:05 ----D---- C:\WINDOWS\system32\wbem
    2008-12-24 11:31:04 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
    2008-12-23 20:38:57 ----SD---- C:\WINDOWS\Downloaded Program Files
    2008-12-23 20:00:31 ----D---- C:\Archivos de programa\CCleaner
    2008-12-23 19:36:09 ----HDC---- C:\WINDOWS\ie7
    2008-12-23 18:26:29 ----D---- C:\WINDOWS\Help
    2008-12-22 16:57:29 ----D---- C:\WINDOWS\security

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-06-19 36864]
    R1 KLIF;Kaspersky Lab Driver; C:\WINDOWS\system32\DRIVERS\klif.sys [2008-12-23 227344]
    R1 Tcpip6;Controlador de protocolo IPv6 de Microsoft; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2008-01-15 225664]
    R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B}; \??\C:\Archivos de programa\CyberLink\PowerDVD\000.fcl []
    R3 BlueletAudio;Bluetooth Audio Service; C:\WINDOWS\system32\DRIVERS\blueletaudio.sys [2005-02-01 20096]
    R3 BT;Bluetooth PAN Network Adapter; C:\WINDOWS\system32\DRIVERS\btnetdrv.sys [2004-09-21 10804]
    R3 BTHidEnum;Bluetooth HID Enumerator; C:\WINDOWS\system32\DRIVERS\vbtenum.sys [2005-04-07 11860]
    R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2006-02-26 138752]
    R3 HidUsb;Controlador de clases HID de Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
    R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-11-14 4625408]
    R3 klim5;Kaspersky Anti-Virus NDIS Filter; C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-04-30 24592]
    R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-10-31 3964256]
    R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-07-11 57856]
    R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-07-11 20480]
    R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2001-08-24 5888]
    R3 tunmp;Controlador de adaptador de minipuerto Tun de Microsoft; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-01-15 12416]
    R3 usbehci;Controlador minipuerto de la controladora mejorada USB 2.0 de Microsoft; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-01-15 30208]
    R3 usbhub;Concentrador habilitado USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-01-15 59264]
    R3 usbohci;Controlador minipuerto de la controladora de host abierto USB de Microsoft; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-01-15 17152]
    R3 VComm;Virtual Serial port driver; C:\WINDOWS\system32\DRIVERS\VComm.sys [2004-10-19 61312]
    R3 VcommMgr;Bluetooth VComm Manager Service; C:\WINDOWS\System32\Drivers\VcommMgr.sys [2005-03-25 82148]
    S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\WINDOWS\System32\Drivers\btcusb.sys [2005-04-06 23000]
    S3 BthEnum;Servicio de enumerador de Bluetooth; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2004-08-03 17024]
    S3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2004-08-03 100992]
    S3 BTHPORT;Controlador de puertos Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2004-08-19 274688]
    S3 BTHUSB;Controlador USB de ondas de radio Bluetooth; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2004-08-03 18944]
    S3 CCDECODE;Descodificador de título cerrado; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
    S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-03-08 51120]
    S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-03-08 16496]
    S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-03-08 21744]
    S3 motccgp;Motorola USB Composite Device Driver; C:\WINDOWS\system32\DRIVERS\motccgp.sys [2007-04-02 17920]
    S3 motccgpfl;MotCcgpFlService; C:\WINDOWS\system32\DRIVERS\motccgpfl.sys [2007-01-23 7680]
    S3 motmodem;Motorola USB CDC ACM Driver; C:\WINDOWS\system32\DRIVERS\motmodem.sys [2007-04-02 21632]
    S3 motport;Motorola USB Diagnostic Port; C:\WINDOWS\system32\DRIVERS\motport.sys [2007-04-02 21632]
    S3 mouhid;Controlador HID de mouse; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-22 12416]
    S3 MSTEE;Convertidor Tee/Sink-to-Sink de transferencia de Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
    S3 NABTSFEC;Códec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
    S3 NdisIP;Conexión de TV/Vídeo de Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
    S3 RFCOMM;Dispositivo Bluetooth (TDI protocolo RFCOMM); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2004-08-03 59648]
    S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
    S3 streamip;Receptor BDA IP; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
    S3 Tablet2k;Serial Tablet Port Driver; C:\WINDOWS\System32\Drivers\Tablet2k.sys [2000-06-13 15370]
    S3 TClass2k;Tablet Class Driver; C:\WINDOWS\system32\DRIVERS\TClass2k.sys [2003-03-05 23202]
    S3 UCTblHid;HID Tablet Port Driver; C:\WINDOWS\system32\DRIVERS\UCTblHid.sys [2003-03-05 11090]
    S3 usbccgp;Controlador primario genérico USB de Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
    S3 usbprint;Clase de impresora USB de Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
    S3 usbscan;Controlador de escáner USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
    S3 USBSTOR;Dispositivo de almacenamiento masivo de datos USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
    S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
    S3 WSTCODEC;Códec de teletexto estándar mundial; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
    S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2008-01-09 77568]
    S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-01-09 82944]
    S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 6to4;Servicio de ayuda de IPv6; C:\WINDOWS\system32\svchost.exe [2004-08-19 14336]
    R2 AVP;Kaspersky Anti-Virus; C:\Archivos de programa\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe [2008-11-11 206088]
    R2 BlueSoleil Hid Service;BlueSoleil Hid Service; C:\Archivos de programa\IVT Corporation\BlueSoleil\BTNtService.exe [2005-04-06 110592]
    R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Archivos de programa\Bonjour\mDNSResponder.exe [2006-02-28 229376]
    R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2004-08-19 14336]
    R2 ForcewareWebInterface;Forceware Web Interface; C:\Archivos de programa\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe [2006-04-03 20543]
    R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Archivos de programa\Archivos comunes\LightScribe\LSSrvc.exe [2006-10-19 61440]
    R2 nSvcIp;ForceWare IP service; C:\Archivos de programa\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe [2006-07-13 131131]
    R2 nSvcLog;ForceWare user log service; C:\Archivos de programa\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe [2006-07-13 65599]
    R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-10-31 155715]
    R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Archivos de programa\CyberLink\Shared files\RichVideo.exe [2007-02-07 173616]
    R2 UxTuneUp;TuneUp Ampliación del thema; C:\WINDOWS\System32\svchost.exe [2004-08-19 14336]
    R2 Winpowermonitor;Winpowermonitor; C:\ARCHIV~1\UpsPilot\monitor.exe [2008-09-03 114688]
    R2 WinTabService;WinTab Service; C:\WINDOWS\system32\DRIVERS\WtSrv.exe [2003-09-29 40960]
    R3 WinpowerRMI;WinpowerRMI; C:\ARCHIV~1\UpsPilot\wpRMI.exe [2008-09-03 114688]
    S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2004-09-29 69632]
    S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
    S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Archivos de programa\Archivos comunes\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-09-02 654848]
    S3 gusvc;Google Updater Service; C:\Archivos de programa\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-03 136120]
    S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Archivos de programa\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
    S3 NBService;NBService; C:\Archivos de programa\Nero\Nero 7\Nero BackItUp\NBService.exe [2006-11-10 774144]
    S3 odserv;Microsoft Office Diagnostics Service; C:\Archivos de programa\Archivos comunes\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
    S3 ose;Office Source Engine; C:\Archivos de programa\Archivos comunes\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
    S3 usnjsvc;Servicio Lector del diario USN de Carpetas para compartir de Messenger; C:\Archivos de programa\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
    S3 Winpowermanager;Winpowermanager; C:\ARCHIV~1\UpsPilot\manager.exe [2008-09-03 114688]
    S3 WMPNetworkSvc;Servicio de uso compartido de red del Reproductor de Windows Media; C:\Archivos de programa\Windows Media Player\WMPNetwk.exe [2006-11-03 916480]
    S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-19 14336]

    -----------------EOF----------------

  6. #16
    Security Expert: Emeritus
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    29,374

    Default

    Please enable windows firewall next if possible.

    Delete this file:

    C:\WINDOWS\system32\e7581d93-.txt

    Empty Recycle Bin.

    Please go to Kaspersky website and perform an online antivirus scan.

    Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select ''Run as administrator'' to perform this scan.

    1. Read through the requirements and privacy statement and click on Accept button.
    2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
    3. When the downloads have finished, click on Settings.
    4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      • Spyware, Adware, Dialers, and other potentially dangerous programs
        Archives
    5. Click on My Computer under Scan.
    6. Once the scan is complete, it will display the results. Click on View Scan Report.
    7. You will see a list of infected items there. Click on Save Report As....
    8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
    9. Please post this log in your next reply along with a fresh HijackThis log.


    If you need a tutorial, see here
    Microsoft MVP Consumer Security 2008-2011

    Member of ASAP and UNITE since 2006

  7. #17
    Junior Member
    Join Date
    Jan 2009
    Location
    Venezuela
    Posts
    14

    Default

    Sorry for the delay, windows firewall enabled, but the online antivirus scan is made of fail for me. The program gets installed, but it fails at the updates (after seven refreshes and new tries, it's only at 7%) because my internet connection isn't very good. I'll keep trying, but I'd like to know if there's some alternative I could try in the meantime.

  8. #18
    Security Expert: Emeritus
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    29,374

    Default

    You can try this instead:

    Please go to Eset website to perform an online scan. Please use Internet Explorer as it uses ActiveX.

    1. Check (tick) this box: YES, I accept the Terms of Use.
    2. Click on the Start button next to it.
    3. When prompted to run ActiveX. click Yes.
    4. You will be asked to install an ActiveX. Click Install.
    5. Once installed, the scanner will be initialized.
    6. After the scanner is initialized, click Start.
    7. Uncheck (untick) Remove found threats box.
    8. Check (tick) Scan unwanted applications.
    9. Click on Scan.
    10. It will start scanning. Please be patient.
    11. Once the scan is done, you will find a log in C:\Program Files\esetonlinescanner\log.txt. Please post this log in your next reply.
    Microsoft MVP Consumer Security 2008-2011

    Member of ASAP and UNITE since 2006

  9. #19
    Junior Member
    Join Date
    Jan 2009
    Location
    Venezuela
    Posts
    14

    Default ESET online scan log

    # version=4
    # OnlineScanner.ocx=1.0.0.635
    # OnlineScannerDLLA.dll=1, 0, 0, 79
    # OnlineScannerDLLW.dll=1, 0, 0, 78
    # OnlineScannerUninstaller.exe=1, 0, 0, 49
    # vers_standard_module=3790 (20090122)
    # vers_arch_module=1.032 (20050726)
    # vers_adv_heur_module=1.064 (20070717)
    # EOSSerial=1c0ead9e3e06ff429cbe15d4748fb6fe
    # end=finished
    # remove_checked=false
    # unwanted_checked=true
    # utc_time=2009-01-22 06:40:11
    # local_time=2009-01-22 03:40:11 (-0300, Hora est. de Sudamérica E.)
    # country="Argentina"
    # osver=5.1.2600 NT Service Pack 2
    # scanned=248712
    # found=0
    # scan_time=2233

  10. #20
    Security Expert: Emeritus
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    29,374

    Default

    That looks good

    Still problems?
    Microsoft MVP Consumer Security 2008-2011

    Member of ASAP and UNITE since 2006

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •