Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Dss Log, Please Help With Viruses, Worms, Trojans, And Weird Browser


  • Please log in to reply
8 replies to this topic

#1 J-son

J-son

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:03:06 AM

Posted 29 May 2008 - 03:42 PM

I've been redirected from my "Am I Infected thread " to here.

I have a virus problem. Malwarebytes and Avira (my main AV) seem to be detecting 2-3 trojans/worms/viruses a day. I've tried to run several online scanners and I've run a-squared. A-squared took forever and didn't detect anything. I've run Housecall and it detected 10+ malware/spyware infections but when tried to delete all the infections it crashed (ie tells me it needs to restart). Ive run it twice with the same result. [update may 30: kaspersky log is now included at the bottom]

Every site that requires a password I get logged out as soon as I leave the site, even if I have "remember me" checked. For instance, if I where to open a new tab or window right now and navigate too bleepingcomputer.com I would be logged out. I am not sure if this is malware or If someone was messing with IE settings. It wasn't like this a few days ago.

My windows update doesn't work either. There are always 6 updates there (i don't seem to get new ones?) and whenever I try to update some succeed and some fail, but when I restart the same 6 updates are waiting to be updated in windows update. I am using windows vista ultimate x64.

I should also note that I have 2 roommates who like to click on every porn popup they see and download every crack/keygen on the internet. I will definitely be doing something about this soon, but first I have to know how bad my pc is.

Please help, any advice is greatly appreciated. Thanks in advance.

Deckard's System Scanner v20071014.68
Run by David on 2008-05-29 16:28:32
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as David.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:34:07 PM, on 5/29/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Ideazon\ZEngine\Zboard.exe
C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
C:\PROGRAM FILES (X86)\JAVA\JRE1.6.0_05\BIN\JUSCHED.EXE
C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
C:\PROGRA~2\Crawler\CToolbar.exe
C:\PROGRAM FILES (X86)\A-SQUARED ANTI-MALWARE\A2GUARD.EXE
C:\PROGRAM FILES (X86)\SPYWAREGUARD\SGMAIN.EXE
C:\PROGRAM FILES (X86)\SPYWAREGUARD\sgbhp.exe
C:\PROGRAM FILES (X86)\COMODO\CBOCLEAN\BOC426.EXE
C:\Program Files (x86)\Winamp\winamp.exe
C:\Program Files (x86)\JGsoft\EditPadLite\EditPadLite.exe
C:\Users\David\Desktop\dss.exe
C:\PROGRA~2\TRENDM~1\HIJACK~1\David.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~2\Crawler\ctbr.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files (x86)\SpywareGuard\dlprotect.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files (x86)\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files (x86)\google\googletoolbar1.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~2\Crawler\ctbr.dll
O4 - HKLM\..\Run: [Zboard] C:\Program Files (x86)\Ideazon\ZEngine\Zboard.exe
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [WinPatrol] "C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe" -expressboot
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [msnmsgr] C:\PROGRAM FILES (X86)\WINDOWS LIVE\MESSENGER\msnmsgr.exe /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Servicio de red')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: 802.11n PCI Wireless LAN Utility.lnk.disabled
O4 - Global Startup: Logitech SetPoint.lnk = ?
O8 - Extra context menu item: &Winamp Toolbar Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: Download Link Using DownloadStudio... - C:\Program Files (x86)\Conceiva\DownloadStudio\ds_file.htm
O8 - Extra context menu item: Download List Of Files Using DownloadStudio... - C:\Program Files (x86)\Conceiva\DownloadStudio\ds_list.htm
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Subscribe To RSS/Podcast Using DownloadStudio... - C:\Program Files (x86)\Conceiva\DownloadStudio\ds_rss.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab
O16 - DPF: {2019DC25-D1C0-11D6-97B3-0008A124F542} (StreamPlug Class) - http://www.streamplug.com/StreamPlug/beta/SP.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...303/mcfscan.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~2\Crawler\ctbr.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files (x86)\a-squared Anti-Malware\a2service.exe
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files (x86)\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files (x86)\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: BOCore - COMODO - C:\Program Files (x86)\Comodo\CBOClean\BOCORE.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files (x86)\Norton Ghost\Agent\VProSvc.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files (x86)\WinPcap\rpcapd.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files (x86)\Spyware Terminator\sp_rsser.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 13622 bytes

-- File Associations -----------------------------------------------------------

.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - scrfile - shell\open\command - "%1" %*
.txt - txtfile - shell\open\command - "C:\Program Files (x86)\JGsoft\EditPadLite\EditPadLite.exe" "%1"


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 ACPI (Controlador Microsoft ACPI) - c:\windows\system32\drivers\acpi.sys (file missing)
R0 atapi (Canal IDE) - c:\windows\system32\drivers\atapi.sys (file missing)
R0 CLFS (Common Log (CLFS)) - c:\windows\system32\clfs.sys (file missing)
R0 crcdisk (Crcdisk Filter Driver) - c:\windows\system32\drivers\crcdisk.sys (file missing)
R0 disk (Controlador de disco) - c:\windows\system32\drivers\disk.sys (file missing)
R0 Ecache (ReadyBoost Caching Driver) - c:\windows\system32\drivers\ecache.sys (file missing)
R0 FileInfo (File Information FS MiniFilter) - c:\windows\system32\drivers\fileinfo.sys (file missing)
R0 FltMgr - c:\windows\system32\drivers\fltmgr.sys (file missing)
R0 fvevol (BitLocker Drive Encryption Filter Driver) - c:\windows\system32\drivers\fvevol.sys (file missing)
R0 JRAID - c:\windows\system32\drivers\jraid.sys (file missing)
R0 KSecDD - c:\windows\system32\drivers\ksecdd.sys (file missing)
R0 MountMgr (Mount Point Manager) - c:\windows\system32\drivers\mountmgr.sys (file missing)
R0 msisadrv (Controlador de clase ISA/EISA) - c:\windows\system32\drivers\msisadrv.sys (file missing)
R0 Mup - c:\windows\system32\drivers\mup.sys (file missing)
R0 NDIS (NDIS System Driver) - c:\windows\system32\drivers\ndis.sys (file missing)
R0 partmgr (Partition Manager) - c:\windows\system32\drivers\partmgr.sys (file missing)
R0 pci (Controlador de bus PCI) - c:\windows\system32\drivers\pci.sys (file missing)
R0 pciide - c:\windows\system32\drivers\pciide.sys (file missing)
R0 spldr (Security Processor Loader Driver) - c:\windows\system32\drivers\spldr.sys (file missing)
R0 symsnap (Symantec Volume Snap Shot Driver) - c:\windows\system32\drivers\symsnap.sys (file missing)
R0 volmgr (Controlador del administrador de volumen) - c:\windows\system32\drivers\volmgr.sys (file missing)
R0 volmgrx (Dynamic Volume Manager) - c:\windows\system32\drivers\volmgrx.sys (file missing)
R0 volsnap (Volúmenes de almacenamiento) - c:\windows\system32\drivers\volsnap.sys (file missing)
R0 Wdf01000 (Kernel Mode Driver Frameworks service) - c:\windows\system32\drivers\wdf01000.sys (file missing)
R1 AFD (Ancilliary Function Driver for Winsock) - c:\windows\system32\drivers\afd.sys (file missing)
R1 cdrom (Controlador de CD-ROM) - c:\windows\system32\drivers\cdrom.sys (file missing)
R1 CSC (Offline Files Driver) - c:\windows\system32\drivers\csc.sys (file missing)
R1 DfsC (Dfs Client Driver) - c:\windows\system32\drivers\dfsc.sys (file missing)
R1 kbdclass (Controlador de clase de teclado) - c:\windows\system32\drivers\kbdclass.sys (file missing)
R1 kbdhid (Controlador HID de teclado) - c:\windows\system32\drivers\kbdhid.sys (file missing)
R1 mouclass (Controlador de clase de mouse) - c:\windows\system32\drivers\mouclass.sys (file missing)
R1 Msfs - c:\windows\system32\drivers\msfs.sys (file missing)
R1 NetBIOS (NetBIOS Interface) - c:\windows\system32\drivers\netbios.sys (file missing)
R1 netbt - c:\windows\system32\drivers\netbt.sys (file missing)
R1 Npfs - c:\windows\system32\drivers\npfs.sys (file missing)
R1 nsiproxy (NSI proxy service) - c:\windows\system32\drivers\nsiproxy.sys (file missing)
R1 Null - c:\windows\system32\drivers\null.sys (file missing)
R1 PSched (Programador de paquetes QoS) - c:\windows\system32\drivers\pacer.sys (file missing)
R1 RasAcd (Remote Access Auto Connection Driver) - c:\windows\system32\drivers\rasacd.sys (file missing)
R1 rdbss (Redirected Buffering Sub Sysytem) - c:\windows\system32\drivers\rdbss.sys (file missing)
R1 RDPCDD - c:\windows\system32\drivers\rdpcdd.sys (file missing)
R1 RDPENCDD (RDP Encoder Mirror Driver) - c:\windows\system32\drivers\rdpencdd.sys (file missing)
R1 Smb (Protocolo TCP/IP y TCP/IPv6 orientado a mensajes (sesión SMB)) - c:\windows\system32\drivers\smb.sys (file missing)
R1 Tcpip (Controlador de protocolo TCP/IP) - c:\windows\system32\drivers\tcpip.sys (file missing)
R1 tdx (Controlador de soporte TDI heredado NetIO) - c:\windows\system32\drivers\tdx.sys (file missing)
R1 TermDD (Controlador de dispositivo de terminal) - c:\windows\system32\drivers\termdd.sys (file missing)
R1 UGURU - c:\windows\system32\drivers\uguru.sys (file missing)
R1 VgaSave - c:\windows\system32\drivers\vga.sys (file missing)
R1 Wanarpv6 (Remote Access IPv6 ARP Driver) - c:\windows\system32\drivers\wanarp.sys (file missing)
R2 atksgt - c:\windows\system32\drivers\atksgt.sys (file missing)
R2 avgntflt - c:\windows\system32\drivers\avgntflt.sys (file missing)
R2 lirsgt - c:\windows\system32\drivers\lirsgt.sys (file missing)
R2 lltdio (Link-Layer Topology Discovery Mapper I/O Driver) - c:\windows\system32\drivers\lltdio.sys (file missing)
R2 luafv (UAC File Virtualization) - c:\windows\system32\drivers\luafv.sys (file missing)
R2 PEAUTH - c:\windows\system32\drivers\peauth.sys (file missing)
R2 rspndr (Link-Layer Topology Discovery Responder) - c:\windows\system32\drivers\rspndr.sys (file missing)
R2 secdrv (Security Driver) - c:\windows\system32\drivers\secdrv.sys (file missing)
R2 tcpipreg (TCP/IP Registry Compatibility) - c:\windows\system32\drivers\tcpipreg.sys (file missing)
R2 v2imount (Symantec V2i Mount Driver) - c:\windows\system32\drivers\v2imount.sys (file missing)
R3 Alpham1 (Ideazon Merc USB Human Interface Device) - c:\windows\system32\drivers\alpham164.sys (file missing)
R3 Alpham2 (Ideazon Merc MM USB Human Interface Device) - c:\windows\system32\drivers\alpham264.sys (file missing)
R3 bowser - c:\windows\system32\drivers\bowser.sys (file missing)
R3 DXGKrnl (LDDM Graphics Subsystem) - c:\windows\system32\drivers\dxgkrnl.sys (file missing)
R3 fastfat (FAT12/16/32 File System Driver) - c:\windows\system32\drivers\fastfat.sys (file missing)
R3 fdc (Controlador de la unidad de disquete) - c:\windows\system32\drivers\fdc.sys (file missing)
R3 flpydisk (Controlador de disquete) - c:\windows\system32\drivers\flpydisk.sys (file missing)
R3 GEARAspiWDM - c:\windows\system32\drivers\gearaspiwdm.sys (file missing)
R3 HDAudBus (Controlador de bus Microsoft UAA para High Definition Audio) - c:\windows\system32\drivers\hdaudbus.sys (file missing)
R3 HidUsb (Controlador de clases HID de Microsoft) - c:\windows\system32\drivers\hidusb.sys (file missing)
R3 HTTP - c:\windows\system32\drivers\http.sys (file missing)
R3 IntcAzAudAddService (Service for Realtek HD Audio (WDM)) - c:\windows\system32\drivers\rtkvhd64.sys (file missing)
R3 intelppm (Controlador de procesador Intel) - c:\windows\system32\drivers\intelppm.sys (file missing)
R3 iScsiPrt (Controlador iScsiPort) - c:\windows\system32\drivers\msiscsi.sys (file missing)
R3 ksthunk (Kernel Streaming Thunks) - c:\windows\system32\drivers\ksthunk.sys (file missing)
R3 LHidFilt (Logitech SetPoint KMDF HID Filter Driver) - c:\windows\system32\drivers\lhidfilt.sys (file missing)
R3 LMouFilt (Logitech SetPoint KMDF Mouse Filter Driver) - c:\windows\system32\drivers\lmoufilt.sys (file missing)
R3 monitor (Servicio de controladores de función de clase para monitores de Microsoft) - c:\windows\system32\drivers\monitor.sys (file missing)
R3 mouhid (Controlador HID de mouse) - c:\windows\system32\drivers\mouhid.sys (file missing)
R3 mpsdrv (Controlador de autorización de Firewall de Windows) - c:\windows\system32\drivers\mpsdrv.sys (file missing)
R3 MRxDAV (WebDav Client Redirector Driver) - c:\windows\system32\drivers\mrxdav.sys (file missing)
R3 mrxsmb (SMB MiniRedirector Wrapper and Engine) - c:\windows\system32\drivers\mrxsmb.sys (file missing)
R3 mrxsmb10 (SMB 1.x MiniRedirector) - c:\windows\system32\drivers\mrxsmb10.sys (file missing)
R3 mrxsmb20 (SMB 2.0 MiniRedirector) - c:\windows\system32\drivers\mrxsmb20.sys (file missing)
R3 mssmbios (Controlador BIOS de Microsoft System Management) - c:\windows\system32\drivers\mssmbios.sys (file missing)
R3 NativeWifiP (NativeWiFi Filter) - c:\windows\system32\drivers\nwifi.sys (file missing)
R3 NdisTapi (Controlador TAPI NDIS de acceso remoto) - c:\windows\system32\drivers\ndistapi.sys (file missing)
R3 Ndisuio (NDIS Usermode I/O Protocol) - c:\windows\system32\drivers\ndisuio.sys (file missing)
R3 NdisWan (Controlador WAN NDIS de acceso remoto) - c:\windows\system32\drivers\ndiswan.sys (file missing)
R3 NDProxy (NDIS Proxy) - c:\windows\system32\drivers\ndproxy.sys (file missing)
R3 netr28x (Ralink 802.11n Wireless Driver for Windows Vista) - c:\windows\system32\drivers\netr28x.sys (file missing)
R3 Ntfs - c:\windows\system32\drivers\ntfs.sys (file missing)
R3 nvlddmkm - c:\windows\system32\drivers\nvlddmkm.sys (file missing)
R3 ohci1394 (Controladora de host Texas Instruments OHCI Compliant IEEE 1394) - c:\windows\system32\drivers\ohci1394.sys (file missing)
R3 pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys (file missing)
R3 pgfilter - \??\c:\program files\peerguardian2\pgfilter.sys
R3 PptpMiniport (Minipuerto WAN (PPTP)) - c:\windows\system32\drivers\raspptp.sys (file missing)
R3 Rasl2tp (Minipuerto WAN (L2TP)) - c:\windows\system32\drivers\rasl2tp.sys (file missing)
R3 RasPppoe (Controlador de acceso remoto PPPOE) - c:\windows\system32\drivers\raspppoe.sys (file missing)
R3 rdpdr (Controlador de redirección de dispositivos de Terminal Server) - c:\windows\system32\drivers\rdpdr.sys (file missing)
R3 RTL8169 (Realtek 8169 NT Driver) - c:\windows\system32\drivers\rtlh64.sys (file missing)
R3 srv - c:\windows\system32\drivers\srv.sys (file missing)
R3 srv2 - c:\windows\system32\drivers\srv2.sys (file missing)
R3 srvnet - c:\windows\system32\drivers\srvnet.sys (file missing)
R3 swenum (Controlador del bus de software) - c:\windows\system32\drivers\swenum.sys (file missing)
R3 tunmp (Controlador de adaptador de minipuerto Tun de Microsoft) - c:\windows\system32\drivers\tunmp.sys (file missing)
R3 tunnel (Controlador de adaptador de minipuerto de túnel IPv6 de Microsoft) - c:\windows\system32\drivers\tunnel.sys (file missing)
R3 umbus (Controlador de enumerador de UMBus) - c:\windows\system32\drivers\umbus.sys (file missing)
R3 usbccgp (Controlador primario genérico USB de Microsoft) - c:\windows\system32\drivers\usbccgp.sys (file missing)
R3 usbehci (Controlador minipuerto de la controladora mejorada USB 2.0 de Microsoft) - c:\windows\system32\drivers\usbehci.sys (file missing)
R3 usbhub (Controlador de concentrador estándar USB de Microsoft) - c:\windows\system32\drivers\usbhub.sys (file missing)
R3 usbprint (Clase de impresora USB de Microsoft) - c:\windows\system32\drivers\usbprint.sys (file missing)
R3 usbuhci (Controlador minipuerto de la controladora de host universal USB de Microsoft) - c:\windows\system32\drivers\usbuhci.sys (file missing)
R4 cdfs (CD/DVD File System Reader) - c:\windows\system32\drivers\cdfs.sys (file missing)

S1 i8042prt (Teclado i8042 y controlador de puerto de mouse PS/2) - c:\windows\system32\drivers\i8042prt.sys (file missing)
S3 agp440 (Intel AGP Bus Filter) - c:\windows\system32\drivers\agp440.sys (file missing)
S3 AsyncMac (Controlador de medios asincrónicos de RAS) - c:\windows\system32\drivers\asyncmac.sys (file missing)
S3 BrFiltLo (Brother USB Mass-Storage Lower Filter Driver) - c:\windows\system32\drivers\brfiltlo.sys (file missing)
S3 BrFiltUp (Brother USB Mass-Storage Upper Filter Driver) - c:\windows\system32\drivers\brfiltup.sys (file missing)
S3 BrUsbSer (Brother MFC USB Serial WDM Driver) - c:\windows\system32\drivers\brusbser.sys (file missing)
S3 drmkaud (Descodificador de audio DRM del kernel de Microsoft) - c:\windows\system32\drivers\drmkaud.sys (file missing)
S3 E1G60 (Intel® PRO/1000 NDIS 6 Adapter Driver) - c:\windows\system32\drivers\e1g6032e.sys (file missing)
S3 Filetrace - c:\windows\system32\drivers\filetrace.sys (file missing)
S3 gagp30kx (Microsoft Generic AGPv3.0 Filter for K8 Processor Platforms) - c:\windows\system32\drivers\gagp30kx.sys (file missing)
S3 HdAudAddService (Controlador de la función Microsoft 1.1 UAA para el servicio High Definition Audio) - c:\windows\system32\drivers\hdaudio.sys (file missing)
S3 IpFilterDriver (IP Traffic Filter Driver) - c:\windows\system32\drivers\ipfltdrv.sys (file missing)
S3 IPNAT (IP Network Address Translator) - c:\windows\system32\drivers\ipnat.sys (file missing)
S3 IRENUM (IR Bus Enumerator) - c:\windows\system32\drivers\irenum.sys (file missing)
S3 Modem - c:\windows\system32\drivers\modem.sys (file missing)
S3 MSKSSRV (Proxy de servicio de transmisión por secuencias de Microsoft) - c:\windows\system32\drivers\mskssrv.sys (file missing)
S3 MSPCLOCK (Proxy del reloj de transmisión por secuencias de Microsoft) - c:\windows\system32\drivers\mspclock.sys (file missing)
S3 MSPQM (Proxy del administrador de calidad de transmisión por secuencias de Microsoft) - c:\windows\system32\drivers\mspqm.sys (file missing)
S3 MsRPC - c:\windows\system32\drivers\msrpc.sys (file missing)
S3 MSTEE (Convertidor Tee/Sink-to-Sink de transmisión por secuencias de Microsoft) - c:\windows\system32\drivers\mstee.sys (file missing)
S3 NPF (NetGroup Packet Filter Driver) - c:\windows\system32\drivers\npf.sys (file missing)
S3 nv_agp (NVIDIA nForce AGP Bus Filter) - c:\windows\system32\drivers\nv_agp.sys (file missing)
S3 QWAVEdrv (Controlador de QWAVE) - c:\windows\system32\drivers\qwavedrv.sys (file missing)
S3 RDPWD (RDP Winstation Driver) - c:\windows\system32\drivers\rdpwd.sys (file missing)
S3 rt61x64 (Belkin RT61 Wireless Driver for Windows Vista) - c:\windows\system32\drivers\netr6164.sys (file missing)
S3 SASENUM - \??\c:\program files (x86)\superantispyware\sasenum.sys
S3 Serenum (Serenum Filter Driver) - c:\windows\system32\drivers\serenum.sys (file missing)
S3 sffp_mmc (SFF Storage Protocol Driver for MMC) - c:\windows\system32\drivers\sffp_mmc.sys (file missing)
S3 sffp_sd (SFF Storage Protocol Driver for SDBus) - c:\windows\system32\drivers\sffp_sd.sys (file missing)
S3 Tcpip6 (Microsoft IPv6 Protocol Driver) - c:\windows\system32\drivers\tcpip.sys (file missing)
S3 TDPIPE - c:\windows\system32\drivers\tdpipe.sys (file missing)
S3 TDTCP - c:\windows\system32\drivers\tdtcp.sys (file missing)
S3 tssecsrv (Terminal Services Security Filter Driver) - c:\windows\system32\drivers\tssecsrv.sys (file missing)
S3 uagp35 (Microsoft AGPv3.5 Filter) - c:\windows\system32\drivers\uagp35.sys (file missing)
S3 uliagpkx (Uli AGP Bus Filter) - c:\windows\system32\drivers\uliagpkx.sys (file missing)
S3 USBSTOR (Controlador de dispositivo de almacenamiento USB) - c:\windows\system32\drivers\usbstor.sys (file missing)
S3 vga - c:\windows\system32\drivers\vgapnp.sys (file missing)
S3 VProEventMonitor (Symantec Event Monitor Driver) - c:\windows\system32\drivers\vproeventmonitor.sys (file missing)
S3 Wanarp (Remote Access IP ARP Driver) - c:\windows\system32\drivers\wanarp.sys (file missing)
S3 WimFltr - c:\windows\system32\drivers\wimfltr.sys (file missing)
S3 WUDFRd - c:\windows\system32\drivers\wudfrd.sys (file missing)
S4 adp94xx - c:\windows\system32\drivers\adp94xx.sys (file missing)
S4 adpahci - c:\windows\system32\drivers\adpahci.sys (file missing)
S4 adpu160m - c:\windows\system32\drivers\adpu160m.sys (file missing)
S4 adpu320 - c:\windows\system32\drivers\adpu320.sys (file missing)
S4 aic78xx - c:\windows\system32\drivers\djsvs.sys (file missing)
S4 aliide - c:\windows\system32\drivers\aliide.sys (file missing)
S4 amdide - c:\windows\system32\drivers\amdide.sys (file missing)
S4 AmdK8 (AMD K8 Processor Driver) - c:\windows\system32\drivers\amdk8.sys (file missing)
S4 arc - c:\windows\system32\drivers\arc.sys (file missing)
S4 arcsas - c:\windows\system32\drivers\arcsas.sys (file missing)
S4 Brserid (Brother MFC Serial Port Interface Driver (WDM)) - c:\windows\system32\drivers\brserid.sys (file missing)
S4 BrSerWdm (Brother WDM Serial driver) - c:\windows\system32\drivers\brserwdm.sys (file missing)
S4 BrUsbMdm (Brother MFC USB Fax Only Modem) - c:\windows\system32\drivers\brusbmdm.sys (file missing)
S4 BTHMODEM (Bluetooth Serial Communications Driver) - c:\windows\system32\drivers\bthmodem.sys (file missing)
S4 circlass (Consumer IR Devices) - c:\windows\system32\drivers\circlass.sys (file missing)
S4 cmdide - c:\windows\system32\drivers\cmdide.sys (file missing)
S4 Compbatt (Microsoft Composite Battery Driver) - c:\windows\system32\drivers\compbatt.sys (file missing)
S4 elxstor - c:\windows\system32\drivers\elxstor.sys (file missing)
S4 HidBth (Microsoft Bluetooth HID Miniport) - c:\windows\system32\drivers\hidbth.sys (file missing)
S4 HidIr (Microsoft Infrared HID Driver) - c:\windows\system32\drivers\hidir.sys (file missing)
S4 HpCISSs - c:\windows\system32\drivers\hpcisss.sys (file missing)
S4 i2omp - c:\windows\system32\drivers\i2omp.sys (file missing)
S4 iaStorV (Intel RAID Controller Vista) - c:\windows\system32\drivers\iastorv.sys (file missing)
S4 iirsp - c:\windows\system32\drivers\iirsp.sys (file missing)
S4 intelide - c:\windows\system32\drivers\intelide.sys (file missing)
S4 IPMIDRV - c:\windows\system32\drivers\ipmidrv.sys (file missing)
S4 isapnp (PnP ISA/EISA Bus Driver) - c:\windows\system32\drivers\isapnp.sys (file missing)
S4 iteatapi (ITEATAPI_Service_Install) - c:\windows\system32\drivers\iteatapi.sys (file missing)
S4 iteraid (ITERAID_Service_Install) - c:\windows\system32\drivers\iteraid.sys (file missing)
S4 LSI_FC - c:\windows\system32\drivers\lsi_fc.sys (file missing)
S4 LSI_SAS - c:\windows\system32\drivers\lsi_sas.sys (file missing)
S4 LSI_SCSI - c:\windows\system32\drivers\lsi_scsi.sys (file missing)
S4 megasas - c:\windows\system32\drivers\megasas.sys (file missing)
S4 mpio (Microsoft Multi-Path Bus Driver) - c:\windows\system32\drivers\mpio.sys (file missing)
S4 Mraid35x - c:\windows\system32\drivers\mraid35x.sys (file missing)
S4 msahci - c:\windows\system32\drivers\msahci.sys (file missing)
S4 msdsm (Microsoft Multi-Path Device Specific Module) - c:\windows\system32\drivers\msdsm.sys (file missing)
S4 nfrd960 - c:\windows\system32\drivers\nfrd960.sys (file missing)
S4 nvraid - c:\windows\system32\drivers\nvraid.sys (file missing)
S4 nvstor - c:\windows\system32\drivers\nvstor.sys (file missing)
S4 Parport (Parallel port driver) - c:\windows\system32\drivers\parport.sys (file missing)
S4 pcmcia - c:\windows\system32\drivers\pcmcia.sys (file missing)
S4 Processor (Processor Driver) - c:\windows\system32\drivers\processr.sys (file missing)
S4 ql2300 (QLogic Fibre Channel Miniport Driver) - c:\windows\system32\drivers\ql2300.sys (file missing)
S4 ql40xx (QLogic iSCSI Miniport Driver) - c:\windows\system32\drivers\ql40xx.sys (file missing)
S4 sbp2port (SBP-2 Transport/Protocol Bus Driver) - c:\windows\system32\drivers\sbp2port.sys (file missing)
S4 Serial (Serial Port Driver) - c:\windows\system32\drivers\serial.sys (file missing)
S4 sermouse (Serial Mouse Driver) - c:\windows\system32\drivers\sermouse.sys (file missing)
S4 sffdisk (SFF Storage Class Driver) - c:\windows\system32\drivers\sffdisk.sys (file missing)
S4 sfloppy (High-Capacity Floppy Disk Drive) - c:\windows\system32\drivers\sfloppy.sys (file missing)
S4 SiSRaid2 - c:\windows\system32\drivers\sisraid2.sys (file missing)
S4 SiSRaid4 - c:\windows\system32\drivers\sisraid4.sys (file missing)
S4 Sym_hi - c:\windows\system32\drivers\sym_hi.sys (file missing)
S4 Sym_u3 - c:\windows\system32\drivers\sym_u3.sys (file missing)
S4 Symc8xx - c:\windows\system32\drivers\symc8xx.sys (file missing)
S4 udfs - c:\windows\system32\drivers\udfs.sys (file missing)
S4 uliahci - c:\windows\system32\drivers\uliahci.sys (file missing)
S4 UlSata - c:\windows\system32\drivers\ulsata.sys (file missing)
S4 ulsata2 - c:\windows\system32\drivers\ulsata2.sys (file missing)
S4 usbcir (eHome Infrared Receiver (USBCIR)) - c:\windows\system32\drivers\usbcir.sys (file missing)
S4 usbohci (Microsoft USB Open Host Controller Miniport Driver) - c:\windows\system32\drivers\usbohci.sys (file missing)
S4 viaide - c:\windows\system32\drivers\viaide.sys (file missing)
S4 vsmraid - c:\windows\system32\drivers\vsmraid.sys (file missing)
S4 WacomPen (Wacom Serial Pen HID Driver) - c:\windows\system32\drivers\wacompen.sys (file missing)
S4 Wd (Microsoft Watchdog Timer Driver) - c:\windows\system32\drivers\wd.sys (file missing)
S4 WmiAcpi (Microsoft Windows Management Interface for ACPI) - c:\windows\system32\drivers\wmiacpi.sys (file missing)
S4 ws2ifsl (Winsock IFS driver) - c:\windows\system32\drivers\ws2ifsl.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 AntiVirScheduler (AntiVir PersonalEdition Classic Scheduler) - "c:\program files (x86)\avira\antivir personaledition classic\sched.exe"
R2 BOCore - c:\program files (x86)\comodo\cboclean\bocore.exe
R2 Diskeeper - "c:\program files\diskeeper corporation\diskeeper\dkservice.exe"
R2 Nero BackItUp Scheduler 3 - c:\program files (x86)\nero\nero8\nero backitup\nbservice.exe
R2 nTuneService (nTune Service) - c:\program files (x86)\nvidia corporation\ntune\ntuneservice.exe /startservice
R2 nvsvc (NVIDIA Display Driver Service) - c:\windows\system32\nvvsvc.exe (file missing)
R2 SamSs (Administrador de cuentas de seguridad) - c:\windows\system32\lsass.exe (file missing)
R2 SBSDWSCService (SBSD Security Center Service) - c:\program files (x86)\spybot - search & destroy\sdwinsec.exe
R2 slsvc (Licencias de software) - c:\windows\system32\slsvc.exe (file missing)
R2 sp_rssrv (Spyware Terminator Realtime Shield Service) - "c:\program files (x86)\spyware terminator\sp_rsser.exe"
R2 Spooler (Cola de impresión) - c:\windows\system32\spoolsv.exe (file missing)
R2 StarWindService (StarWind iSCSI Service) - c:\program files (x86)\alcohol soft\alcohol 120\starwind\starwindservice.exe
R3 KeyIso (Aislamiento de claves CNG) - c:\windows\system32\lsass.exe (file missing)
R3 ProtectedStorage (Almacenamiento protegido) - c:\windows\system32\lsass.exe (file missing)

S3 ALG (Servicio de puerta de enlace de nivel de aplicación) - c:\windows\system32\alg.exe (file missing)
S3 DFSR (Replicación DFS) - c:\windows\system32\dfsr.exe (file missing)
S3 Fax - c:\windows\system32\fxssvc.exe (file missing)
S3 MSDTC (Coordinador de transacciones distribuidas) - c:\windows\system32\msdtc.exe (file missing)
S3 Netlogon (Net Logon) - c:\windows\system32\lsass.exe (file missing)
S3 rpcapd (Remote Packet Capture Protocol v.0 (experimental)) - "c:\program files\winpcap\rpcapd.exe" -d -f "c:\program files\winpcap\rpcapd.ini" (file missing)
S3 RpcLocator (Ubicador de llamada a procedimiento remoto (RPC)) - c:\windows\system32\locator.exe (file missing)
S3 SNMPTRAP (Captura SNMP) - c:\windows\system32\snmptrap.exe (file missing)
S3 Steam Client Service - c:\program files (x86)\common files\steam\steamservice.exe /runasservice
S3 UI0Detect (Detección de servicios interactivos) - c:\windows\system32\ui0detect.exe (file missing)
S3 vds (Disco virtual) - c:\windows\system32\vds.exe (file missing)
S3 VSS (Instantáneas de volumen) - c:\windows\system32\vssvc.exe (file missing)
S3 wbengine (Servicio del módulo de copia de seguridad a nivel de bloque) - "c:\windows\system32\wbengine.exe" (file missing)
S3 WLSetupSvc (Windows Live Setup Service) - "c:\program files (x86)\windows live\installer\wlsetupsvc.exe"
S3 wmiApSrv (Adaptador de rendimiento de WMI) - c:\windows\system32\wbem\wmiapsrv.exe (file missing)


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Files created between 2008-04-29 and 2008-05-29 -----------------------------

2008-05-29 14:44:37 692224 -----n--- C:\Windows\system32\drivers\hldrrr.exe
2008-05-28 20:34:40 692224 --a------ C:\Windows\system32\drivers\mdelk.exe
2008-05-28 20:28:48 0 d-------- C:\Program Files (x86)\XVideoConverter
2008-05-28 20:28:39 3082 --a------ C:\Windows\system32\affv9553p4now.sys
2008-05-28 20:28:10 0 d-------- C:\Windows\system32\drivers\downld
2008-05-27 22:26:19 0 d-------- C:\Program Files (x86)\TrojanHunter 4.5
2008-05-26 20:33:09 0 d-------- C:\Windows\system32\Kaspersky Lab
2008-05-26 16:04:50 0 d-------- C:\Windows\McAfee.com
2008-05-25 15:59:32 0 d-------- C:\Users\All Users\Lavasoft
2008-05-25 15:59:32 0 d-------- C:\Program Files (x86)\Lavasoft
2008-05-25 15:51:14 0 d-------- C:\Program Files (x86)\BillP Studios
2008-05-25 15:37:54 0 d-------- C:\Program Files (x86)\JGsoft
2008-05-25 14:36:07 0 d-------- C:\Users\All Users\Malwarebytes
2008-05-25 14:36:06 0 d-------- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2008-05-24 21:42:00 0 d-------- C:\Program Files (x86)\SpywareGuard
2008-05-24 21:35:19 0 d-------- C:\Users\All Users\BOC426
2008-05-24 21:35:12 0 d-------- C:\Program Files (x86)\Comodo
2008-05-24 21:22:11 0 d-------- C:\Program Files (x86)\a-squared Anti-Malware
2008-05-24 20:50:14 0 d-------- C:\ie-spyad_zo
2008-05-24 20:13:21 0 d-------- C:\Program Files (x86)\Crawler
2008-05-23 19:49:36 0 d-------- C:\Windows\nvidia icons
2008-05-23 19:49:21 0 d-------- C:\Windows\nvtmpinst
2008-05-23 19:17:25 0 d-------- C:\Program Files (x86)\ImgBurn
2008-05-23 15:46:21 0 d-------- C:\Program Files (x86)\NFR
2008-05-12 21:53:16 3596288 --a------ C:\Windows\system32\qt-dx331.dll
2008-05-12 21:50:16 196608 --a------ C:\Windows\system32\dtu100.dll
2008-05-12 21:50:16 81920 --a------ C:\Windows\system32\dpl100.dll
2008-05-12 21:50:08 802816 --a------ C:\Windows\system32\divx_xx11.dll
2008-05-12 21:50:08 823296 --a------ C:\Windows\system32\divx_xx0c.dll
2008-05-12 21:50:08 831488 --a------ C:\Windows\system32\divx_xx0a.dll
2008-05-12 21:50:08 823296 --a------ C:\Windows\system32\divx_xx07.dll
2008-05-12 21:50:06 682496 --a------ C:\Windows\system32\DivX.dll
2008-05-12 21:49:02 12288 --a------ C:\Windows\system32\DivXWMPExtType.dll
2008-05-11 17:00:42 141312 --a------ C:\Windows\system32\drivers\sp_rsdrv2.sys
2008-05-11 17:00:42 0 d-------- C:\Users\All Users\Spyware Terminator
2008-05-11 17:00:40 0 d-------- C:\Program Files (x86)\Spyware Terminator
2008-05-10 18:58:09 57436 --a------ C:\Windows\DASShp.dll
2008-05-10 18:58:09 0 d-------- C:\Program Files (x86)\Microsoft Reader
2008-05-08 19:08:12 0 d-------- C:\Program Files (x86)\None
2008-05-07 15:55:01 0 d-------- C:\Users\All Users\SUPERAntiSpyware.com
2008-05-07 15:54:49 0 d-------- C:\Program Files (x86)\SUPERAntiSpyware
2008-05-06 22:40:30 0 d-------- C:\Program Files (x86)\EsetOnlineScanner
2008-05-02 17:00:01 0 d-------- C:\Program Files (x86)\VideoLAN


-- Find3M Report ---------------------------------------------------------------

2008-05-28 21:08:11 0 d-------- C:\Users\David\AppData\Roaming\Vso
2008-05-28 17:17:22 0 d-------- C:\Users\David\AppData\Roaming\U3
2008-05-27 23:43:33 0 d-------- C:\Program Files (x86)\DivX
2008-05-25 19:15:04 0 d-------- C:\Users\David\AppData\Roaming\Spyware Terminator
2008-05-25 15:58:28 0 d-------- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2008-05-25 15:51:20 0 d-------- C:\Users\David\AppData\Roaming\WinPatrol
2008-05-25 15:38:05 0 d-------- C:\Users\David\AppData\Roaming\JGsoft
2008-05-25 14:36:11 0 d-------- C:\Users\David\AppData\Roaming\Malwarebytes
2008-05-25 14:06:02 0 d-------- C:\Program Files (x86)\SpywareBlaster
2008-05-24 22:05:53 0 d-------- C:\Program Files (x86)\Microsoft Silverlight
2008-05-24 22:03:21 0 d-------- C:\Program Files (x86)\Windows Mail
2008-05-23 19:19:19 0 d-------- C:\Users\David\AppData\Roaming\ImgBurn
2008-05-23 19:03:29 0 d-------- C:\Program Files (x86)\Microsoft Games
2008-05-10 18:58:09 0 d--h----- C:\Program Files (x86)\InstallShield Installation Information
2008-05-09 22:14:35 0 d-------- C:\Program Files (x86)\Windows Calendar
2008-05-08 22:03:04 174 --ahs---- C:\Program Files (x86)\desktop.ini
2008-05-08 18:44:35 0 d-------- C:\Users\David\AppData\Roaming\Winamp
2008-05-07 15:54:49 0 d-------- C:\Users\David\AppData\Roaming\SUPERAntiSpyware.com
2008-05-07 15:00:49 0 d-------- C:\Program Files (x86)\CapCom
2008-05-02 17:05:25 0 d-------- C:\Users\David\AppData\Roaming\vlc
2008-05-01 20:11:07 0 d-------- C:\Program Files (x86)\Diablo II
2008-04-21 17:59:58 0 d-------- C:\Program Files (x86)\Web Publish
2008-04-18 16:11:20 0 d-------- C:\Users\David\AppData\Roaming\gtk-2.0
2008-04-15 18:39:59 0 d-------- C:\Users\David\AppData\Roaming\Ubisoft
2008-04-15 18:27:55 0 d-------- C:\Program Files (x86)\Ubisoft
2008-04-15 17:56:18 0 d-------- C:\Users\David\AppData\Roaming\TrojanHunter
2008-04-15 17:52:27 0 d-------- C:\Program Files (x86)\ColorPicker.info Full
2008-04-14 16:15:38 0 d-------- C:\Program Files (x86)\Trend Micro
2008-04-14 15:53:13 0 d-------- C:\Program Files (x86)\Belarc
2008-04-13 12:58:12 0 d-------- C:\Program Files (x86)\eclipse
2008-04-10 14:47:43 0 d-------- C:\Program Files (x86)\Guitar Pro 5
2008-04-04 16:22:57 0 d-------- C:\Program Files (x86)\SpeedFan
2008-03-29 01:16:55 0 d-------- C:\Users\David\AppData\Roaming\Adobe
2008-03-29 00:50:37 0 d-------- C:\Program Files (x86)\Common Files\Adobe
2008-03-29 00:50:12 0 d-------- C:\Program Files (x86)\Common Files
2008-03-29 00:50:12 0 d-------- C:\Program Files (x86)\Common Files\Adobe Systems Shared
2008-03-20 20:50:54 43520 --a------ C:\Windows\system32\CmdLineExt03.dll
2008-03-15 20:38:29 98304 --a------ C:\Windows\system32\CmdLineExt.dll
2008-03-01 19:47:13 171136 --a------ C:\grldr


-- Registry Dump ---------------------------------------------------------------



-- Hosts -----------------------------------------------------------------------

127.0.0.1 007guard.com
127.0.0.1 www.007guard.com
127.0.0.1 008i.com
127.0.0.1 008k.com
127.0.0.1 www.008k.com
127.0.0.1 00hq.com
127.0.0.1 www.00hq.com
127.0.0.1 010402.com
127.0.0.1 032439.com
127.0.0.1 www.032439.com

8546 more entries in hosts file.



-------------------------------------------------------------------------------


-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Friday, May 30, 2008 2:29:53 PM
Operating System: Microsoft Windows Vista, (Build 6000)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 30/05/2008
Kaspersky Anti-Virus database records: 813686
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
I:\
J:\
K:\
L:\
S:\

Scan Statistics:
Total number of scanned objects: 398475
Number of viruses found: 1
Number of infected objects: 4
Number of suspicious objects: 0
Duration of the scan process: 10:05:05

Infected Object Name / Virus Name / Last Action
C:\Program Files\PeerGuardian2\history.db Object is locked skipped
C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2008-05-29.14-43-52.log Object is locked skipped
C:\Program Files (x86)\Crawler\Update\domains_001_diff.cab Object is locked skipped
C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\BIU7828.txt Object is locked skipped
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe Object is locked skipped
C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.90.Crwl Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.90.gthr Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSStmp.log Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010001.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010002.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010003.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010004.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010005.ci Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010005.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010005.wsb Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010006.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010007.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010008.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010009.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000A.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000B.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000C.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000D.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010023.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010024.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010025.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010026.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010027.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001002F.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\INDEX.000 Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\INDEX.002 Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.000 Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\Used0000.000 Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.000 Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.chk1.gthr Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.chk2.gthr Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.Ntfy5020.gthr Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc\NtfA265.tmp Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc\NtfA266.tmp Object is locked skipped
C:\ProgramData\Microsoft\Windows Defender\Support\MPLog-11022006-074131.log Object is locked skipped
C:\ProgramData\Nero\Nero8\Nero BackItUp\Cache\NeroBackItUpScheduler3.log Object is locked skipped
C:\ProgramData\Symantec\LiveUpdate\2008-05-30_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\Users\David\AppData\Local\Microsoft\CardSpace\CardSpace.db Object is locked skipped
C:\Users\David\AppData\Local\Microsoft\CardSpace\CardSpace.db.shadow Object is locked skipped
C:\Users\David\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT Object is locked skipped
C:\Users\David\AppData\Local\Microsoft\Windows\Explorer\thumbcache_1024.db Object is locked skipped
C:\Users\David\AppData\Local\Microsoft\Windows\Explorer\thumbcache_256.db Object is locked skipped
C:\Users\David\AppData\Local\Microsoft\Windows\Explorer\thumbcache_32.db Object is locked skipped
C:\Users\David\AppData\Local\Microsoft\Windows\Explorer\thumbcache_96.db Object is locked skipped
C:\Users\David\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.db Object is locked skipped
C:\Users\David\AppData\Local\Microsoft\Windows\Explorer\thumbcache_sr.db Object is locked skipped
C:\Users\David\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat Object is locked skipped
C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Users\David\AppData\Local\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Users\David\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 Object is locked skipped
C:\Users\David\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 Object is locked skipped
C:\Users\David\AppData\Local\Microsoft\Windows\UsrClass.dat{ffb67fd7-29ff-11dd-8b26-00508db5548e}.TM.blf Object is locked skipped
C:\Users\David\AppData\Local\Microsoft\Windows\UsrClass.dat{ffb67fd7-29ff-11dd-8b26-00508db5548e}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Users\David\AppData\Local\Microsoft\Windows\UsrClass.dat{ffb67fd7-29ff-11dd-8b26-00508db5548e}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Users\David\AppData\Local\Temp\FXSAPIDebugLogFile.txt Object is locked skipped
C:\Users\David\AppData\Local\Temp\JET90E1.tmp Object is locked skipped
C:\Users\David\AppData\Local\Temp\~DFBF9C.tmp Object is locked skipped
C:\Users\David\AppData\Local\Temp\~DFF9CD.tmp Object is locked skipped
C:\Users\David\AppData\Roaming\Ideazon\ZEngine\data\mods\IDeazon.ldb Object is locked skipped
C:\Users\David\AppData\Roaming\Ideazon\ZEngine\data\mods\IDeazon.zbd Object is locked skipped
C:\Users\David\AppData\Roaming\Microsoft\Windows\Cookies\index.dat Object is locked skipped
C:\Users\David\Downloads\eMule\Temp\001.part Object is locked skipped
C:\Users\David\Downloads\eMule\Temp\002.part Object is locked skipped
C:\Users\David\Downloads\eMule\Temp\005.part Object is locked skipped
C:\Users\David\Downloads\eMule\Temp\006.part Object is locked skipped
C:\Users\David\Downloads\eMule\Temp\011.part Object is locked skipped
C:\Users\David\Downloads\eMule\Temp\015.part Object is locked skipped
C:\Users\David\Downloads\eMule\Temp\019.part Object is locked skipped
C:\Users\David\Downloads\eMule\Temp\020.part Object is locked skipped
C:\Users\David\Downloads\eMule\Temp\021.part Object is locked skipped
C:\Users\David\Downloads\eMule\Temp\022.part Object is locked skipped
C:\Users\David\Downloads\eMule\Temp\023.part Object is locked skipped
C:\Users\David\Downloads\eMule\Temp\024.part Object is locked skipped
C:\Users\David\Downloads\eMule\Temp\025.part Object is locked skipped
C:\Users\David\Downloads\eMule\Temp\026.part Object is locked skipped
C:\Users\David\Downloads\eMule\Temp\027.part Object is locked skipped
C:\Users\David\Downloads\eMule\Temp\028.part Object is locked skipped
C:\Users\David\Downloads\eMule\Temp\031.part Object is locked skipped
C:\Users\David\Downloads\eMule\Temp\032.part Object is locked skipped
C:\Users\David\Downloads\eMule\Temp\034.part Object is locked skipped
C:\Users\David\Downloads\eMule\Temp\035.part Object is locked skipped
C:\Users\David\Downloads\eMule\Temp\036.part Object is locked skipped
C:\Users\David\Downloads\eMule\Temp\037.part Object is locked skipped
C:\Users\David\Downloads\eMule\Temp\038.part Object is locked skipped
C:\Users\David\Downloads\eMule\Temp\040.part Object is locked skipped
C:\Users\David\Downloads\eMule\Temp\044.part Object is locked skipped
C:\Users\David\Downloads\eMule\Temp\046.part Object is locked skipped
C:\Users\David\Downloads\eMule\Temp\047.part Object is locked skipped
C:\Users\David\Downloads\eMule\Temp\048.part Object is locked skipped
C:\Users\David\Downloads\eMule\Temp\051.part Object is locked skipped
C:\Users\David\Downloads\eMule\Temp\052.part Object is locked skipped
C:\Users\David\Downloads\eMule\Temp\053.part Object is locked skipped
C:\Users\David\Downloads\eMule\Temp\054.part Object is locked skipped
C:\Users\David\Downloads\eMule\Temp\055.part Object is locked skipped
C:\Users\David\Downloads\eMule\Temp\056.part Object is locked skipped
C:\Users\David\Downloads\eMule\Temp\057.part Object is locked skipped
C:\Users\David\Downloads\eMule\Temp\058.part Object is locked skipped
C:\Users\David\Downloads\eMule\Temp\059.part Object is locked skipped
C:\Users\David\Downloads\eMule\Temp\061.part Object is locked skipped
C:\Users\David\Downloads\eMule\Temp\062.part Object is locked skipped
C:\Users\David\Downloads\eMule\Temp\064.part Object is locked skipped
C:\Users\David\Downloads\eMule\Temp\066.part Object is locked skipped
C:\Users\David\Downloads\eMule\Temp\067.part Object is locked skipped
C:\Users\David\Downloads\eMule\Temp\068.part Object is locked skipped
C:\Users\David\Downloads\eMule\Temp\069.part Object is locked skipped
C:\Users\David\Downloads\eMule\Temp\070.part Object is locked skipped
C:\Users\David\Downloads\eMule\Temp\071.part Object is locked skipped
C:\Users\David\Downloads\eMule\Temp\072.part Object is locked skipped
C:\Users\David\Downloads\eMule\Temp\075.part Object is locked skipped
C:\Users\David\Downloads\eMule\Temp\077.part Object is locked skipped
C:\Users\David\Downloads\eMule\Temp\078.part Object is locked skipped
C:\Users\David\Downloads\eMule\Temp\083.part Object is locked skipped
C:\Users\David\Downloads\eMule\Temp\084.part Object is locked skipped
C:\Users\David\Downloads\eMule\Temp\085.part Object is locked skipped
C:\Users\David\Downloads\eMule\Temp\086.part Object is locked skipped
C:\Users\David\Downloads\eMule\Temp\089.part Object is locked skipped
C:\Users\David\Downloads\eMule\Temp\092.part Object is locked skipped
C:\Users\David\Downloads\eMule\Temp\097.part Object is locked skipped
C:\Users\David\Downloads\eMule\Temp\098.part Object is locked skipped
C:\Users\David\Downloads\eMule\Temp\099.part Object is locked skipped
C:\Users\David\Downloads\eMule\Temp\100.part Object is locked skipped
C:\Users\David\Downloads\eMule\Temp\101.part Object is locked skipped
C:\Users\David\Downloads\eMule\Temp\102.part Object is locked skipped
C:\Users\David\Downloads\eMule\Temp\103.part Object is locked skipped
C:\Users\David\Downloads\eMule\Temp\104.part Object is locked skipped
C:\Users\David\Downloads\eMule\Temp\105.part Object is locked skipped
C:\Users\David\Downloads\eMule\Temp\106.part Object is locked skipped
C:\Users\David\Downloads\eMule\Temp\108.part Object is locked skipped
C:\Users\David\ntuser.dat Object is locked skipped
C:\Users\David\ntuser.dat.LOG1 Object is locked skipped
C:\Users\David\ntuser.dat.LOG2 Object is locked skipped
C:\Users\David\ntuser.dat{ffb67fd5-29ff-11dd-8b26-00508db5548e}.TM.blf Object is locked skipped
C:\Users\David\ntuser.dat{ffb67fd5-29ff-11dd-8b26-00508db5548e}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Users\David\ntuser.dat{ffb67fd5-29ff-11dd-8b26-00508db5548e}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Windows\CSC\v2.0.6\pq Object is locked skipped
C:\Windows\Debug\PASSWD.LOG Object is locked skipped
C:\Windows\Debug\sam.log Object is locked skipped
C:\Windows\Debug\WIA\wiatrace.log Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WindowsUpdate.log Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\ntuser.dat Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1 Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG2 Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\ntuser.dat{ffb67fd3-29ff-11dd-8b26-00508db5548e}.TM.blf Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\ntuser.dat{ffb67fd3-29ff-11dd-8b26-00508db5548e}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\ntuser.dat{ffb67fd3-29ff-11dd-8b26-00508db5548e}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\ntuser.dat Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1 Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG2 Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\ntuser.dat{ffb67fd1-29ff-11dd-8b26-00508db5548e}.TM.blf Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\ntuser.dat{ffb67fd1-29ff-11dd-8b26-00508db5548e}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\ntuser.dat{ffb67fd1-29ff-11dd-8b26-00508db5548e}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Windows\SoftwareDistribution\EventCache\{9F277F6D-E22E-48D1-AE31-A080FBBCAE68}.bin Object is locked skipped
C:\Windows\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\Windows\System32\drivers\hldrrr.exe Infected: Trojan-Downloader.Win32.Bagle.qt skipped
C:\Windows\System32\drivers\mdelk.exe Infected: Trojan-Downloader.Win32.Bagle.qt skipped
C:\Windows\System32\LogFiles\Scm\SCM.EVM Object is locked skipped
C:\Windows\System32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\Windows\SysWOW64\drivers\hldrrr.exe Infected: Trojan-Downloader.Win32.Bagle.qt skipped
C:\Windows\SysWOW64\drivers\mdelk.exe Infected: Trojan-Downloader.Win32.Bagle.qt skipped
C:\Windows\Tasks\SCHEDLGU.TXT Object is locked skipped
C:\Windows\Temp\a2cache_733DFEF6.dat Object is locked skipped
C:\Windows\WindowsUpdate.log Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
E:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
G:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
S:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

Scan process completed.


-- End of Deckard's System Scanner: finished at 2008-05-29 16:35:41 ------------

Edited by J-son, 30 May 2008 - 01:35 PM.


BC AdBot (Login to Remove)

 


#2 bamajim

bamajim

  • Members
  • 894 posts
  • OFFLINE
  •  
  • Local time:02:06 AM

Posted 11 June 2008 - 09:24 AM

J-son

Sorry for the delay.

Please post a fresh DSS (deckard System Scanner) scan and we will get started.
Posted Image
Microsoft MVP - Windows Security

#3 J-son

J-son
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:03:06 AM

Posted 11 June 2008 - 03:12 PM

hey thanks!

here it is:

Deckard's System Scanner v20071014.68
Run by David on 2008-06-11 16:10:34
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as David.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:10:56 PM, on 6/11/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Ideazon\ZEngine\Zboard.exe
C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
C:\PROGRAM FILES (X86)\JAVA\JRE1.6.0_05\BIN\JUSCHED.EXE
C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
C:\PROGRAM FILES (X86)\A-SQUARED ANTI-MALWARE\A2GUARD.EXE
C:\PROGRAM FILES (X86)\SPYWAREGUARD\SGMAIN.EXE
C:\PROGRAM FILES (X86)\SPYWAREGUARD\sgbhp.exe
C:\PROGRAM FILES (X86)\COMODO\CBOCLEAN\BOC426.EXE
C:\Program Files (x86)\JGsoft\EditPadLite\EditPadLite.exe
C:\Users\David\AppData\Roaming\U3\000015672B60CE76\LaunchPad.exe
C:\Program Files (x86)\CoreTemp\CoreTemp\Core Temp.exe
C:\Program Files (x86)\Opera\Opera.exe
C:\Users\David\Desktop\Utilities\Security\dss.exe
C:\PROGRA~2\TRENDM~1\HIJACK~1\David.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~2\Crawler\ctbr.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files (x86)\SpywareGuard\dlprotect.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files (x86)\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files (x86)\google\googletoolbar1.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~2\Crawler\ctbr.dll
O4 - HKLM\..\Run: [Zboard] C:\Program Files (x86)\Ideazon\ZEngine\Zboard.exe
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [WinPatrol] "C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe" -expressboot
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Servicio de red')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: 802.11n PCI Wireless LAN Utility.lnk.disabled
O4 - Global Startup: Logitech SetPoint.lnk = ?
O8 - Extra context menu item: &Winamp Toolbar Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: Download Link Using DownloadStudio... - C:\Program Files (x86)\Conceiva\DownloadStudio\ds_file.htm
O8 - Extra context menu item: Download List Of Files Using DownloadStudio... - C:\Program Files (x86)\Conceiva\DownloadStudio\ds_list.htm
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Subscribe To RSS/Podcast Using DownloadStudio... - C:\Program Files (x86)\Conceiva\DownloadStudio\ds_rss.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab
O16 - DPF: {2019DC25-D1C0-11D6-97B3-0008A124F542} (StreamPlug Class) - http://www.streamplug.com/StreamPlug/beta/SP.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...303/mcfscan.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~2\Crawler\ctbr.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files (x86)\a-squared Anti-Malware\a2service.exe
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files (x86)\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files (x86)\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: BOCore - COMODO - C:\Program Files (x86)\Comodo\CBOClean\BOCORE.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files (x86)\Norton Ghost\Agent\VProSvc.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files (x86)\WinPcap\rpcapd.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files (x86)\Spyware Terminator\sp_rsser.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 13728 bytes

-- Files created between 2008-05-11 and 2008-06-11 -----------------------------

2008-06-11 00:24:09 0 d-------- C:\Users\All Users\NCH Swift Sound
2008-06-11 00:24:06 0 d-------- C:\Program Files (x86)\NCH Swift Sound
2008-06-11 00:24:03 0 d-------- C:\Users\All Users\NCH Software
2008-06-11 00:23:27 0 d-------- C:\Program Files (x86)\NCH Software
2008-06-10 20:02:27 110592 --a------ C:\Windows\system32\OpenAL32.dll <Not Verified; Portions © Creative Labs Inc. and NVIDIA Corp.; Standard OpenAL™ Library>
2008-06-10 15:22:03 0 d-------- C:\Windows\system32\TmpInstall
2008-06-10 15:21:13 0 d-------- C:\Program Files (x86)\Aspell
2008-05-30 21:52:27 0 d-------- C:\Program Files (x86)\ExtractNow
2008-05-30 19:22:48 802816 --a------ C:\Windows\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-05-30 19:22:48 823296 --a------ C:\Windows\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-30 19:22:48 823296 --a------ C:\Windows\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-30 19:22:46 815104 --a------ C:\Windows\system32\divx_xx0a.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-30 19:22:46 683520 --a------ C:\Windows\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-29 22:49:46 0 d-------- C:\Users\All Users\Kaspersky Lab
2008-05-28 20:28:48 0 d-------- C:\Program Files (x86)\XVideoConverter
2008-05-28 20:28:39 3082 --a------ C:\Windows\system32\affv9553p4now.sys
2008-05-28 20:28:10 0 d-------- C:\Windows\system32\drivers\downld
2008-05-27 22:26:19 0 d-------- C:\Program Files (x86)\TrojanHunter 4.5
2008-05-26 20:33:09 0 d-------- C:\Windows\system32\Kaspersky Lab
2008-05-26 16:04:50 0 d-------- C:\Windows\McAfee.com
2008-05-25 15:59:32 0 d-------- C:\Users\All Users\Lavasoft
2008-05-25 15:59:32 0 d-------- C:\Program Files (x86)\Lavasoft
2008-05-25 15:51:14 0 d-------- C:\Program Files (x86)\BillP Studios
2008-05-25 15:37:54 0 d-------- C:\Program Files (x86)\JGsoft
2008-05-25 14:36:07 0 d-------- C:\Users\All Users\Malwarebytes
2008-05-25 14:36:06 0 d-------- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2008-05-24 21:42:00 0 d-------- C:\Program Files (x86)\SpywareGuard
2008-05-24 21:35:19 0 d-------- C:\Users\All Users\BOC426
2008-05-24 21:35:12 0 d-------- C:\Program Files (x86)\Comodo
2008-05-24 21:22:11 0 d-------- C:\Program Files (x86)\a-squared Anti-Malware
2008-05-24 20:50:14 0 d-------- C:\ie-spyad_zo
2008-05-24 20:13:21 0 d-------- C:\Program Files (x86)\Crawler
2008-05-23 19:49:36 0 d-------- C:\Windows\nvidia icons
2008-05-23 19:49:21 0 d-------- C:\Windows\nvtmpinst
2008-05-23 19:17:25 0 d-------- C:\Program Files (x86)\ImgBurn
2008-05-23 15:46:21 0 d-------- C:\Program Files (x86)\NFR
2008-05-22 18:22:18 3596288 --a------ C:\Windows\system32\qt-dx331.dll
2008-05-22 18:19:46 196608 --a------ C:\Windows\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-05-22 18:19:46 81920 --a------ C:\Windows\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-05-22 18:18:54 12288 --a------ C:\Windows\system32\DivXWMPExtType.dll
2008-05-11 17:00:42 141312 --a------ C:\Windows\system32\drivers\sp_rsdrv2.sys
2008-05-11 17:00:42 0 d-------- C:\Users\All Users\Spyware Terminator
2008-05-11 17:00:40 0 d-------- C:\Program Files (x86)\Spyware Terminator


-- Find3M Report ---------------------------------------------------------------

2008-06-11 00:41:57 0 d-------- C:\Program Files (x86)\DivX
2008-06-11 00:24:06 0 d-------- C:\Users\David\AppData\Roaming\NCH Swift Sound
2008-06-11 00:24:02 0 d-------- C:\Users\David\AppData\Roaming\NCH Software
2008-06-10 23:00:50 0 d-------- C:\Program Files (x86)\eclipse
2008-06-10 20:02:27 413696 --a------ C:\Windows\system32\wrap_oal.dll <Not Verified; Creative Labs; Creative Labs OpenAL32>
2008-06-10 19:47:40 0 d-------- C:\Users\David\AppData\Roaming\U3
2008-06-09 13:58:23 0 d-------- C:\Program Files (x86)\Windows Calendar
2008-06-02 21:54:16 0 d-------- C:\Users\David\AppData\Roaming\gtk-2.0
2008-05-31 23:29:23 0 d-------- C:\Program Files (x86)\Diablo II
2008-05-31 23:29:15 43520 --a------ C:\Windows\system32\CmdLineExt03.dll
2008-05-28 21:08:11 0 d-------- C:\Users\David\AppData\Roaming\Vso
2008-05-25 19:15:04 0 d-------- C:\Users\David\AppData\Roaming\Spyware Terminator
2008-05-25 15:58:28 0 d-------- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2008-05-25 15:51:20 0 d-------- C:\Users\David\AppData\Roaming\WinPatrol
2008-05-25 15:38:05 0 d-------- C:\Users\David\AppData\Roaming\JGsoft
2008-05-25 14:36:11 0 d-------- C:\Users\David\AppData\Roaming\Malwarebytes
2008-05-25 14:06:02 0 d-------- C:\Program Files (x86)\SpywareBlaster
2008-05-24 22:05:53 0 d-------- C:\Program Files (x86)\Microsoft Silverlight
2008-05-24 22:03:21 0 d-------- C:\Program Files (x86)\Windows Mail
2008-05-24 21:11:24 0 d-------- C:\Program Files (x86)\SUPERAntiSpyware
2008-05-23 19:19:19 0 d-------- C:\Users\David\AppData\Roaming\ImgBurn
2008-05-23 19:03:29 0 d-------- C:\Program Files (x86)\Microsoft Games
2008-05-10 18:58:10 0 d-------- C:\Program Files (x86)\Microsoft Reader
2008-05-10 18:58:09 0 d--h----- C:\Program Files (x86)\InstallShield Installation Information
2008-05-08 22:03:04 174 --ahs---- C:\Program Files (x86)\desktop.ini
2008-05-08 19:08:13 0 d-------- C:\Program Files (x86)\None
2008-05-08 18:44:35 0 d-------- C:\Users\David\AppData\Roaming\Winamp
2008-05-07 15:54:49 0 d-------- C:\Users\David\AppData\Roaming\SUPERAntiSpyware.com
2008-05-07 15:00:49 0 d-------- C:\Program Files (x86)\CapCom
2008-05-07 03:36:51 0 d-------- C:\Program Files (x86)\EsetOnlineScanner
2008-05-02 17:05:25 0 d-------- C:\Users\David\AppData\Roaming\vlc
2008-05-02 17:00:01 0 d-------- C:\Program Files (x86)\VideoLAN
2008-04-21 17:59:58 0 d-------- C:\Program Files (x86)\Web Publish
2008-04-15 18:39:59 0 d-------- C:\Users\David\AppData\Roaming\Ubisoft
2008-04-15 18:27:55 0 d-------- C:\Program Files (x86)\Ubisoft
2008-04-15 17:56:18 0 d-------- C:\Users\David\AppData\Roaming\TrojanHunter
2008-04-15 17:52:27 0 d-------- C:\Program Files (x86)\ColorPicker.info Full
2008-04-14 16:15:38 0 d-------- C:\Program Files (x86)\Trend Micro
2008-04-14 15:53:13 0 d-------- C:\Program Files (x86)\Belarc
2008-03-15 20:38:29 98304 --a------ C:\Windows\system32\CmdLineExt.dll <Not Verified; Sony DADC Austria AG.; >


-- Registry Dump ---------------------------------------------------------------



-- End of Deckard's System Scanner: finished at 2008-06-11 16:11:11 ------------

#4 bamajim

bamajim

  • Members
  • 894 posts
  • OFFLINE
  •  
  • Local time:02:06 AM

Posted 11 June 2008 - 04:08 PM

J-son

There seems to be some differences between the 2 DSS logs you posted. Have you been removing some infections?

And what are the problems you are still having?
Posted Image
Microsoft MVP - Windows Security

#5 J-son

J-son
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:03:06 AM

Posted 11 June 2008 - 04:25 PM

well yes, its been 2 weeks of regular computer use, and whenever Avira detects a virus I delete it.

I'm sorry I couldn't do what the sticky said: not change any system settings or delete viruses etc.... I thought my infection was pretty dangerous atm and I wasn't even sure if anybody was going to help me out here anyways...

When I made my first post I was detecting 2-3 viruses/trojans/etc a day, now things seem to have settled down.

My windows update still doesn't work, it is still exactly as described in my first post. And IE is messed up too. I don't use IE anymore, I've switched to Opera and I kinda like Opera now, but IE takes a long time to load. It also logs me out from whatever page I was visiting in IE. For instance, if I where logged in at bleepingcomputers.com right now in IE, and I clicked on the "HijackThis Logs and Malware Removal" I would then be logged out. It happens with every site, not just this one. But im not sure if thats malware related or what.

I'm also conserned about what my roomates might have done to this computer. I don't let them use it anymore, but like I said they used to click on every porn-popup and download tons of cracks/keygens stuff.

edit: I dunno why my second DSS log is so much shorter than the first...

Edited by J-son, 11 June 2008 - 04:27 PM.


#6 bamajim

bamajim

  • Members
  • 894 posts
  • OFFLINE
  •  
  • Local time:02:06 AM

Posted 11 June 2008 - 04:42 PM

J-son

There's no problem with what you did. I just want to make sure we are on the 'same page' so to speak. So I'm not trying to fix somehthing that's not there.

There is not much showing in your logs that is infection related, so your current issues may or may not be infection related.

I would like to run another Kaspersky

Run an online virus scan called Kaspersky from HERE.1. Click on "Kaspersky Online Scanner"
2. A new smaller window will pop up. Press on "Accept". After reading the contents.
3. Now Kaspersky will update the anti-virus database. Let it run.
4. Click on "Next"->>"Scan Settings", and make sure the database is set to "extended". And check both the scan options. Then click OK.
5. Then click on "My Computer". And the scan will start.
6. When the scan is complete Select "Save error report as"
Then in the file name just type in kaspersky
Under "save as type" select text .txt
Save it to your Desktop.
Copy and post the results of the Kaspersky Online scan
Posted Image
Microsoft MVP - Windows Security

#7 J-son

J-son
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:03:06 AM

Posted 12 June 2008 - 07:41 AM

I guess I'm clean now

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Thursday, June 12, 2008
Operating System: Microsoft Windows Vista Ultimate Edition, 64-bit (build 6000)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Thursday, June 12, 2008 03:07:07
Records in database: 854438
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
I:\
J:\
K:\
L:\
S:\

Scan statistics:
Files scanned: 410539
Threat name: 0
Infected objects: 0
Suspicious objects: 0
Duration of the scan: 06:34:22

No malware has been detected. The scan area is clean.

The selected area was scanned.

#8 bamajim

bamajim

  • Members
  • 894 posts
  • OFFLINE
  •  
  • Local time:02:06 AM

Posted 12 June 2008 - 09:24 AM

J-Son

Looks that way. If you are still have update issues you may want to repost your request here

http://www.bleepingcomputer.com/forums/f/72/windows-vista/
Posted Image
Microsoft MVP - Windows Security

#9 J-son

J-son
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:03:06 AM

Posted 13 June 2008 - 09:28 PM

Ok, ill do that then.

Thanks alot for your help, I appreciate it.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users