Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hi! Need Help Please! :(


  • This topic is locked This topic is locked
3 replies to this topic

#1 Ale0185

Ale0185

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Costa Rica
  • Local time:12:05 PM

Posted 01 June 2008 - 12:51 PM

Hi!!
I put a topic two days ago and haven´t got any help
i´m desperate!! please! :thumbsup:
some moderator told me not do anything instead someone from the HJT Team told, but anyone has answered
and i really don´t know what to

My both computers are working too slow,
first one start two days ago with a message appearing every 5 min,
that message came from the antivirus (it was NOD32),
showed me a that a trojan was trying to create some files,
i tried to find and fixed it, first scanning with the antivirus but a lot of files appears blocked
and later i tried getting in to C: where i find a lot of "hidden files"
next day it just don´t start

So I came to the other computer (that have McAfee antivirus)
and tried to scann the computer...acording with that antivirus every was clean
but then a looked into "C:" and find a lot of hidden files again
this time i could watch the files
so i put one of the names in google and it send me to this page

These are all the things that my computer have...(the one that still works)

i really appreciate if you could explain me what had happen,
i want to learn about it...
as you could see i´m a complete ignorant in this kind of things

thaks...


PD: I didn´t put kapersky scan cause the page don´t let me:
it says that the file is too big

--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------

Microsoft® Windows Vista™ Home Premium (build 6000)
Architecture: X86; Language: Spanish

CPU 0: Intel® Core™2 CPU 4300 @ 1.80GHz
Percentage of Memory in Use: 77%
Physical Memory (total/avail): 1013.32 MiB / 225.64 MiB
Pagefile Memory (total/avail): 2295 MiB / 955 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1916.52 MiB

C: is Fixed (NTFS) - 138.97 GiB total, 68.96 GiB free.
D: is Fixed (NTFS) - 10 GiB total, 6 GiB free.
E: is CDROM (No Media)
F: is CDROM (No Media)
H: is CDROM (CDFS)
I: is Removable (FAT32)
J: is Removable (FAT32)

\\.\PHYSICALDRIVE0 - ST3160812AS - 149.01 GiB - 3 partitions
\PARTITION0 - Unknown - 39.19 MiB
\PARTITION1 - Sistema de archivos instalables - 10 GiB - D:
\PARTITION2 (bootable) - Sistema de archivos instalables - 138.97 GiB - C:

\\.\PHYSICALDRIVE1 - Generic USB Flash Disk USB Device - 243.17 MiB - 1 partition
\PARTITION0 (bootable) - Unknown - 245.98 MiB - I:

\\.\PHYSICALDRIVE2 - SanDisk U3 Cruzer Micro USB Device - 3.81 GiB - 1 partition
\PARTITION0 (bootable) - Unknown - 3.82 GiB - J:

-- Security Center -------------------------------------------------------------
AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FW: McAfee Personal Firewall v (McAfee)
AV: McAfee VirusScan v (McAfee)
AS: McAfee VirusScan v (McAfee)
AS: Windows Defender v1.1.1505.0 (Microsoft Corporation)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\Ennie\AppData\Roaming
CLASSPATH=.;C:\Program Files\Java\jre1.6.0\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=JIMNEZ-ARRIETA
ComSpec=C:\Windows\system32\cmd.exe
FP_NO_HOST_CHECK=NO
LOCALAPPDATA=C:\Users\Ennie\AppData\Local
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\;c:\Program Files\Microsoft SQL Server\90\Tools\binn\;C:\PROGRA~1\MSOLUT~1\MCONVE~2.0);C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 2, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f02
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files
PROMPT=$P$G
PUBLIC=C:\Users\Public
QTJAVA=C:\Program Files\Java\jre1.6.0\lib\ext\QTJava.zip
RoxioCentral=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\Ennie\AppData\Local\Temp
TMP=C:\Users\Ennie\AppData\Local\Temp
USERDOMAIN=Jim‚nez-Arrieta
USERNAME=Ennie
USERPROFILE=C:\Users\Ennie
windir=C:\Windows

-- User Profiles ---------------------------------------------------------------

Ennie (admin)
Esteban
Carlos
Manuel
CaRoOo
Ale

-- Add/Remove Programs ---------------------------------------------------------

--> MsiExec.exe /I{0F122737-72B2-4095-8B3E-7AAE753DFD3D}
Adobe Flash Player 9 ActiveX --> C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Reader 8.1.2 - Español --> MsiExec.exe /I{AC76BA86-7AD7-1034-7B44-A81200000003}
Adobe Shockwave Player --> C:\Windows\System32\Macromed\SHOCKW~1\UNWISE.EXE C:\Windows\System32\Macromed\SHOCKW~1\Install.log
Age of Mythology Gold --> "C:\Program Files\Microsoft Games\Age of Mythology\UNINSTAL.EXE" /runtemp /uninstall
Alive iPod Video Converter (version 2.1.6.2) --> "C:\Program Files\AliveMedia\iPod Video Converter\unins000.exe"
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
Archivos auxiliares de instalación de Microsoft SQL Server (español) --> MsiExec.exe /X{44FEB532-0908-4A87-BC22-32F0960717EC}
Ares 2.0.9 --> "C:\Program Files\Ares\uninstall.exe"
Asistente para la personalización de sistemas Dell --> MsiExec.exe /I{44134B23-012F-473B-A5CB-9AFB59405E3A}
Business Contact Manager para Outlook 2007 SP1 --> "C:\Program Files\Microsoft Small Business\Business Contact Manager\SetupBootstrap\Setup.exe" /remove {b8cf3068-5c78-438c-8cc5-aee3eec17953}
Business Contact Manager para Outlook 2007 SP1 --> MsiExec.exe /X{B8CF3068-5C78-438C-8CC5-AEE3EEC17953}
Conexant D850 PCI V.92 Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1\HXFSETUP.EXE -U -IDel200fz.inf
Digital Line Detect --> C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\Setup.exe -runfromtemp -l0x000a -removeonly
Escritor de VSS de Microsoft SQL Server --> MsiExec.exe /I{6B8818D3-984D-421C-AB70-07D63AEF3298}
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
Guías del usuario --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}\setup.exe"
Herramienta de diagnóstico del módem --> MsiExec.exe /I{F63A3748-B93D-4360-9AD4-B064481A5C7B}
Intel® Graphics Media Accelerator Driver --> C:\Windows\system32\igxpun.exe -uninstall
Intel® Matrix Storage Manager --> C:\Windows\System32\Imsmudlg.exe
iPod Converter 3.8.27 --> "C:\Program Files\iPodConverter\unins000.exe"
iTunes --> MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}
Java™ SE Runtime Environment 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}
Kaspersky Online Scanner --> C:\Windows\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
Learning Essentials para Microsoft Office --> MsiExec.exe /X{B348E585-E872-41DF-8234-E2D49917CFBB}
Lexmark 2300 Series --> C:\Windows\system32\spool\DRIVERS\W32X86\3\lxcgUNST.EXE -NOLICENSE
LogMeIn --> MsiExec.exe /I{7E7658A2-CD3F-48A7-93EA-0882BCA4FD2A}
M²Convert for iPod (2.0) --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4E54E619-6E78-40E1-9CB7-AF19DC08421D}\setup.exe" -l0x9 -removeonly
M²Convert Pro (2.0) --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4869EC7F-58F3-4053-BE83-BD3A6569EB9A}\setup.exe" -l0x9 -removeonly
Matemáticas de Microsoft --> MsiExec.exe /I{07143840-959A-4B0D-8825-2C533F0DDB19}
McAfee SecurityCenter --> C:\Program Files\McAfee\MSC\mcuninst.exe
Microsoft Age of Empires II --> "C:\Program Files\Microsoft Games\Age of Empires II\UNINSTAL.EXE" /runtemp /uninstall
Microsoft Age of Empires II: The Conquerors Expansion --> "C:\Program Files\Microsoft Games\Age of Empires II\UNINSTALX.EXE" /runtemp /addremove
Microsoft Office 2003 Web Components --> MsiExec.exe /I{90A40C0A-6000-11D3-8CFE-0150048383C9}
Microsoft Office 2007 Primary Interop Assemblies --> MsiExec.exe /X{50120000-1105-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (Spanish) 2007 --> MsiExec.exe /X{90120000-0016-0C0A-0000-0000000FF1CE}
Microsoft Office Outlook MUI (Spanish) 2007 --> MsiExec.exe /X{90120000-001A-0C0A-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Spanish) 2007 --> MsiExec.exe /X{90120000-0018-0C0A-0000-0000000FF1CE}
Microsoft Office Proof (Basque) 2007 --> MsiExec.exe /X{90120000-001F-042D-0000-0000000FF1CE}
Microsoft Office Proof (Catalan) 2007 --> MsiExec.exe /X{90120000-001F-0403-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Galician) 2007 --> MsiExec.exe /X{90120000-001F-0456-0000-0000000FF1CE}
Microsoft Office Proof (Portuguese (Brazil)) 2007 --> MsiExec.exe /X{90120000-001F-0416-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (Spanish) 2007 --> MsiExec.exe /X{90120000-002C-0C0A-0000-0000000FF1CE}
Microsoft Office Publisher MUI (Spanish) 2007 --> MsiExec.exe /X{90120000-0019-0C0A-0000-0000000FF1CE}
Microsoft Office Shared MUI (Spanish) 2007 --> MsiExec.exe /X{90120000-006E-0C0A-0000-0000000FF1CE}
Microsoft Office Small Business 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall SMALLBUSINESSR /dll OSETUP.DLL
Microsoft Office Small Business 2007 --> MsiExec.exe /X{91120000-00CA-0000-0000-0000000FF1CE}
Microsoft Office Small Business Connectivity Components --> MsiExec.exe /X{A939D341-5A04-4E0A-BB55-3E65B386432D}
Microsoft Office Word MUI (Spanish) 2007 --> MsiExec.exe /X{90120000-001B-0C0A-0000-0000000FF1CE}
Microsoft SQL Server 2005 --> "c:\Program Files\Microsoft SQL Server\90\Setup Bootstrap\ARPWrapper.exe" /Remove
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ) --> MsiExec.exe /I{7018D165-FE75-44A9-8C82-EB1A4B376899}
Microsoft SQL Server Native Client --> MsiExec.exe /I{E8E4ED05-BCC2-483D-B1CD-49657398AA21}
MSXML 4.0 SP2 (KB927978) --> MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181) --> MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833) --> MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML4 Parser --> MsiExec.exe /I{01501EBA-EC35-4F9F-8889-3BE346E5DA13}
NetWaiting --> C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x000a -removeonly
Nokia Connectivity Cable Driver --> MsiExec.exe /X{6882DD11-33B8-4DEA-8305-7E765BF74BD3}
Nokia PC Connectivity Solution --> MsiExec.exe /I{0D80391C-0A72-43BB-9BC2-143F63CC111D}
Nokia PC Suite --> MsiExec.exe /I{531317A5-586A-4E36-87C1-CA823447B375}
PartyPoker --> "C:\Programs\PartyGaming\PartyPoker\Uninstall.exe" "C:\Programs\PartyGaming\PartyPoker\install.log"
Project64 1.6 --> MsiExec.exe /X{9559F7CA-5E34-4237-A2D9-D856464AD727}
QuickTime --> MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
Roxio Creator Audio --> MsiExec.exe /I{83FFCFC7-88C6-41c6-8752-958A45325C82}
Roxio Creator BDAV Plugin --> MsiExec.exe /I{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}
Roxio Creator Copy --> MsiExec.exe /I{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}
Roxio Creator Data --> MsiExec.exe /I{0D397393-9B50-4c52-84D5-77E344289F87}
Roxio Creator DE --> MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
Roxio Creator Tools --> MsiExec.exe /I{0394CDC8-FABD-4ed8-B104-03393876DFDF}
Roxio Drag-to-Disc --> MsiExec.exe /I{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}
Roxio Express Labeler --> MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Roxio MyDVD DE --> MsiExec.exe /I{D639085F-4B6E-4105-9F37-A0DBB023E2FB}
Roxio Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Security Update for Excel 2007 (KB946974) --> msiexec /package {91120000-00CA-0000-0000-0000000FF1CE} /uninstall {85E83E2E-AF9B-439B-B4F9-EB9B7EF6A00E}
Security Update for Microsoft Office Publisher 2007 (KB950114) --> msiexec /package {91120000-00CA-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB951808) --> msiexec /package {91120000-00CA-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}
Security Update for Microsoft Office Word 2007 (KB950113) --> msiexec /package {91120000-00CA-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}
Security Update for Office 2007 (KB934062) --> msiexec /package {91120000-00CA-0000-0000-0000000FF1CE} /uninstall {305D509B-F194-4638-9F0F-D9E4C05F9D33}
Security Update for Office 2007 (KB947801) --> msiexec /package {91120000-00CA-0000-0000-0000000FF1CE} /uninstall {02B5A17B-01BE-4BA6-95F1-1CBB46EBC76E}
Security Update for Outlook 2007 (KB946983) --> msiexec /package {91120000-00CA-0000-0000-0000000FF1CE} /uninstall {66B9496E-C0C3-4065-9868-85CCA92126C3}
Security Update for the 2007 Microsoft Office System (KB936960) --> msiexec /package {91120000-00CA-0000-0000-0000000FF1CE} /uninstall {5E5BD655-7AA9-47F9-BB6D-A1D8CE29AC86}
Security Update for Visio 2007 (KB947590) --> msiexec /package {91120000-00CA-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41}
SigmaTel Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0xa -remove -removeonly
Soluciones de fax de Lexmark --> C:\Program Files\Lexmark Fax Solutions\Install\x86\Uninst.exe
Sonic Activation Module --> MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
SpeedSim --> C:\Users\Manuel\Desktop\ogame\SpeedSim\uninst.exe
Update for Office 2007 (KB932080) --> msiexec /package {91120000-00CA-0000-0000-0000000FF1CE} /uninstall {EDC9CA29-6BC1-471C-828C-7A36109005D7}
Update for Office 2007 (KB934391) --> msiexec /package {91120000-00CA-0000-0000-0000000FF1CE} /uninstall {B3091818-7C56-4C45-BE7D-CA23027A5EA5}
Update for Office 2007 (KB946691) --> msiexec /package {91120000-00CA-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb950378) --> msiexec /package {91120000-00CA-0000-0000-0000000FF1CE} /uninstall {F6296086-AED5-4EC0-938B-08EA0254F20E}
Windows Live installer --> MsiExec.exe /X{9E1DDBE7-BF44-4AC8-87CA-3D25FC63C6E1}
Windows Live Messenger --> MsiExec.exe /I{1692CC0E-8798-493A-9580-23555E21C14B}
Windows Live Sign-in Assistant --> MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7}
Worms2 --> C:\Windows\IsUninst.exe -fC:\MicroProse\Worms2\Uninst.isu

-- Application Event Log -------------------------------------------------------

Event Record #/Type132167 / Warning
Event Submitted/Written: 05/28/2008 09:39:05 PM
Event ID/Source: 1530 / profsvc
Event Description:
Windows detectó que otras aplicaciones o servicios siguen usando el archivo de Registro. El archivo se descargará ahora. Puede las aplicaciones o servicios que lo usen no funcionen correctamente más adelante.

DETALLE -
1 user registry handles leaked from \Registry\User\S-1-5-21-2894220575-1783688560-3472423718-1007_Classes:
Process 3732 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2894220575-1783688560-3472423718-1007_CLASSES

Event Record #/Type132166 / Warning
Event Submitted/Written: 05/28/2008 09:39:01 PM
Event ID/Source: 1530 / profsvc
Event Description:
Windows detectó que otras aplicaciones o servicios siguen usando el archivo de Registro. El archivo se descargará ahora. Puede las aplicaciones o servicios que lo usen no funcionen correctamente más adelante.

DETALLE -
16 user registry handles leaked from \Registry\User\S-1-5-21-2894220575-1783688560-3472423718-1007:
Process 3732 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2894220575-1783688560-3472423718-1007
Process 620 (\Device\HarddiskVolume3\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2894220575-1783688560-3472423718-1007
Process 620 (\Device\HarddiskVolume3\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2894220575-1783688560-3472423718-1007
Process 620 (\Device\HarddiskVolume3\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2894220575-1783688560-3472423718-1007
Process 620 (\Device\HarddiskVolume3\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2894220575-1783688560-3472423718-1007
Process 620 (\Device\HarddiskVolume3\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2894220575-1783688560-3472423718-1007\Software\Microsoft\SystemCertificates\TrustedPeople
Process 620 (\Device\HarddiskVolume3\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2894220575-1783688560-3472423718-1007\Software\Policies\Microsoft\SystemCertificates
Process 620 (\Device\HarddiskVolume3\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2894220575-1783688560-3472423718-1007\Software\Policies\Microsoft\SystemCertificates
Process 620 (\Device\HarddiskVolume3\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2894220575-1783688560-3472423718-1007\Software\Policies\Microsoft\SystemCertificates
Process 620 (\Device\HarddiskVolume3\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2894220575-1783688560-3472423718-1007\Software\Policies\Microsoft\SystemCertificates
Process 620 (\Device\HarddiskVolume3\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2894220575-1783688560-3472423718-1007\Software\Microsoft\SystemCertificates\Root
Process 620 (\Device\HarddiskVolume3\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2894220575-1783688560-3472423718-1007\Software\Microsoft\SystemCertificates\Disallowed
Process 620 (\Device\HarddiskVolume3\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2894220575-1783688560-3472423718-1007\Software\Microsoft\SystemCertificates\trust
Process 620 (\Device\HarddiskVolume3\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2894220575-1783688560-3472423718-1007\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 620 (\Device\HarddiskVolume3\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2894220575-1783688560-3472423718-1007\Software\Microsoft\SystemCertificates\My
Process 620 (\Device\HarddiskVolume3\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2894220575-1783688560-3472423718-1007\Software\Microsoft\SystemCertificates\CA

Event Record #/Type132151 / Error
Event Submitted/Written: 05/28/2008 09:07:43 PM
Event ID/Source: 1002 / Application Hang
Event Description:
El programa WINWORD.EXE, versión 12.0.6308.5000, dejó de interactuar con Windows y se cerró. Para ver si hay más información disponible acerca del problema, compruebe el historial de problemas en el panel de control de Informes de problemas y soluciones.
Id. de proceso: 1c5c
Hora de inicio: 01c8c138df381e8a
Hora de finalización: 324

Event Record #/Type132149 / Success
Event Submitted/Written: 05/28/2008 09:07:18 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type132069 / Success
Event Submitted/Written: 05/28/2008 05:11:16 PM
Event ID/Source: 5617 / WinMgmt
Event Description:

-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.

-- System Event Log ------------------------------------------------------------

Event Record #/Type192109 / Warning
Event Submitted/Written: 05/28/2008 09:44:03 PM
Event ID/Source: 3004 / WinDefend
Event Description:
El agente de Protección en tiempo real %Jiménez-Arrieta27 detectó cambios. Microsoft recomienda analizar el software que realizó estos cambios para comprobar la existencia de posibles riesgos. Puede usar información sobre el funcionamiento de estos programas para elegir si permite su ejecución o los quita del equipo. Permita los cambios sólo si confía en el programa o el editor de software. %Jiménez-Arrieta27 no podrá deshacer los cambios que permita.

Consulte la siguiente información para obtener más detalles:
%Jiménez-Arrieta275
Id. del examen: {EC4B3572-2FF5-49A0-96AE-6DE9EBE09A5B}

Usuario: Jiménez-Arrieta\Ale

Nombre: %Jiménez-Arrieta271

Id.: %Jiménez-Arrieta272

Id. de la gravedad: %Jiménez-Arrieta273

Id. de la categoría: %Jiménez-Arrieta274

Ruta en la que se encontró: %Jiménez-Arrieta276

Tipo de alerta: %Jiménez-Arrieta278

Tipo de detección: 1.1.1505.02

Event Record #/Type192108 / Warning
Event Submitted/Written: 05/28/2008 09:44:03 PM
Event ID/Source: 3004 / WinDefend
Event Description:
El agente de Protección en tiempo real %Jiménez-Arrieta27 detectó cambios. Microsoft recomienda analizar el software que realizó estos cambios para comprobar la existencia de posibles riesgos. Puede usar información sobre el funcionamiento de estos programas para elegir si permite su ejecución o los quita del equipo. Permita los cambios sólo si confía en el programa o el editor de software. %Jiménez-Arrieta27 no podrá deshacer los cambios que permita.

Consulte la siguiente información para obtener más detalles:
%Jiménez-Arrieta275
Id. del examen: {52673CBE-C2E5-40F9-AB21-E620578908E2}

Usuario: Jiménez-Arrieta\Ale

Nombre: %Jiménez-Arrieta271

Id.: %Jiménez-Arrieta272

Id. de la gravedad: %Jiménez-Arrieta273

Id. de la categoría: %Jiménez-Arrieta274

Ruta en la que se encontró: %Jiménez-Arrieta276

Tipo de alerta: %Jiménez-Arrieta278

Tipo de detección: 1.1.1505.02

Event Record #/Type192098 / Warning
Event Submitted/Written: 05/28/2008 09:28:10 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP alcanzó el límite de seguridad impuesto sobre el número de intentos de conexión TCP simultáneas.

Event Record #/Type192097 / Warning
Event Submitted/Written: 05/28/2008 09:25:49 PM
Event ID/Source: 4 / Client Side Rendering Spooler
Event Description:
El administrador de trabajos de impresión no pudo volver a abrir una conexión a la impresora existente porque no pudo leer la información de configuración desde la clave del registro S-1-5-18\Printers\Connections. El administrador de trabajos de impresión no pudo abrir la clave de registro. Este problema puede ocurrir si la clave del registro falta o está dañada o si el registro no estuvo disponible recientemente.

Event Record #/Type192096 / Warning
Event Submitted/Written: 05/28/2008 09:25:49 PM
Event ID/Source: 4 / Client Side Rendering Spooler
Event Description:
El administrador de trabajos de impresión no pudo volver a abrir una conexión a la impresora existente porque no pudo leer la información de configuración desde la clave del registro S-1-5-18\Printers\Connections. El administrador de trabajos de impresión no pudo abrir la clave de registro. Este problema puede ocurrir si la clave del registro falta o está dañada o si el registro no estuvo disponible recientemente.

-- End of Deckard's System Scanner: finished at 2008-05-28 21:46:30 ------------
Deckard's System Scanner v20071014.68
Run by Ennie on 2008-05-28 21:35:16
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- Last 5 Restore Point(s) --
15: 2008-05-29 03:01:49 UTC - RP313 - Windows Update
14: 2008-05-28 23:16:33 UTC - RP312 - Windows Update
13: 2008-05-28 12:11:27 UTC - RP311 - Punto de control programado
12: 2008-05-27 03:23:21 UTC - RP310 - Installed Nokia PC Suite
11: 2008-05-27 03:12:05 UTC - RP309 - Installed Nokia PC Suite

-- First Restore Point --
1: 2008-05-17 01:55:13 UTC - RP299 - Punto de control programado

Backed up registry hives.
Performed disk cleanup.

Percentage of Memory in Use: 76% (more than 75%).
Total Physical Memory: 1014 MiB (1024 MiB recommended).

-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-05-28 21:43:43
Platform: Windows Vista (6.00.6000)
MSIE: Internet Explorer (7.00.6000.16386)
Boot mode: Normal

Running processes:
C:\Windows\System32\taskeng.exe
C:\Windows\System32\dwm.exe
C:\Windows\explorer.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Windows\sttray.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\McAfee\MSK\mskagent.exe
C:\Program Files\Lexmark 2300 Series\lxcgmon.exe
C:\Program Files\Lexmark 2300 Series\ezprint.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Ares\Ares.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Users\Ale\Desktop\dss.exe
C:\Windows\System32\conime.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.la.dell.com/content/default.as...;l=es&s=gen
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
F2 - REG:system.ini: UserInit=Userinit.exe
O2 - BHO: Aplicación auxiliar de vínculos de Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptcl.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "c:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
O4 - HKLM\..\Run: [lxcgmon.exe] "C:\Program Files\Lexmark 2300 Series\lxcgmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2300 Series\ezprint.exe"
O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'NETWORK SERVICE')
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe
O10 - Unknown file in Winsock LSP: C:\Windows\System32\wpclsp.dll
O10 - Unknown file in Winsock LSP: C:\Windows\System32\wpclsp.dll
O10 - Unknown file in Winsock LSP: C:\Windows\System32\wpclsp.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/ES-LA/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\microsoft shared\Web Components\11\OWC11.DLL
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Unknown owner - C:\Users\Ennie\Desktop\Ares\chatServer.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\EmProxy\emproxy.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Servicio del iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\ramaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: lxcg_device - Unknown owner - C:\Windows\System32\lxcgcoms.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\Program Files\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\Program Files\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\RedirSvc\RedirSvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\Mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MpfSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\Program Files\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\msksrver.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\stacsv.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\System32\drivers\XAudio.exe

--
End of file - 12183 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

All drivers whitelisted.


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 STacSV (SigmaTel Audio Service) - c:\program files\sigmatel\c-major audio\wdm\stacsv.exe <Not Verified; SigmaTel, Inc.; C-Major Audio>
R3 ServiceLayer - "c:\program files\common files\pcsuite\services\servicelayer.exe" <Not Verified; Nokia.; PC Connectivity Solution>

S3 AresChatServer (Ares Chatroom server) - c:\users\ennie\desktop\ares\chatserver.exe (file missing)
S3 stllssvr - "c:\program files\common files\surething shared\stllssvr.exe" <Not Verified; MicroVision Development, Inc.; SureThing CD Labeler>

-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.

-- Files created between 2008-04-28 and 2008-05-28 -----------------------------

2008-05-28 21:34:32 0 d-------- \Deckard
2008-05-28 19:02:46 0 d-------- C:\Windows\system32\Kaspersky Lab
2008-05-26 21:23:42 0 d-------- C:\Program Files\Common Files\Nokia
2008-05-26 21:23:38 0 d-------- C:\Program Files\Nokia
2008-05-26 21:11:32 0 d-------- C:\Program Files\Common Files\PCSuite
2008-05-23 15:21:26 0 d-------- C:\Program Files\Project64 1.6
2008-05-06 20:44:31 0 d-------- C:\Program Files\iPod
2008-05-06 20:10:08 0 d-------- C:\Program Files\Apple Software Update
2008-05-06 17:20:28 1489528 --a------ C:\Windows\system32\xvidcore.dll
2008-05-06 17:20:28 794773 --a------ C:\Windows\system32\libogg-0.dll
2008-05-06 17:20:28 1130002 --a------ C:\Windows\system32\libmp3lame-0.dll
2008-05-06 17:20:27 5232128 --a------ C:\Windows\system32\AVipccore.exe
2008-05-06 17:20:27 0 d-------- C:\Program Files\iPodConverter
2008-05-06 17:11:06 0 d-------- C:\Program Files\AliveMedia

-- Find3M Report ---------------------------------------------------------------

2008-05-28 21:13:29 14936 --a------ C:\Windows\system32\perfh00A.dat
2008-05-28 21:13:29 5012 --a------ C:\Windows\system32\perfc00A.dat
2008-05-28 17:10:55 0 d-------- C:\Program Files\McAfee
2008-05-28 17:09:47 1377112064 --ahs---- \pagefile.sys
2008-05-28 05:12:29 0 d-------- C:\Program Files\LogMeIn
2008-05-26 21:44:34 645414 --a------ C:\Users\Ennie\AppData\Roaming\NMM-MetaData.db
2008-05-26 21:27:47 0 d-------- C:\Users\Ennie\AppData\Roaming\Nokia
2008-05-26 21:23:42 0 d-------- C:\Program Files\Common Files
2008-05-14 15:22:59 0 d-------- C:\Program Files\Windows Mail
2008-05-06 20:44:42 0 d-------- C:\Program Files\iTunes
2008-05-06 20:43:05 0 d-------- C:\Program Files\QuickTime
2008-04-29 18:01:04 0 d-------- C:\Program Files\Lx_cats
2008-04-21 13:25:30 0 d-------- C:\Program Files\M² Solutions, Inc
2008-04-21 13:25:27 0 d--h----- C:\Program Files\InstallShield Installation Information

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [10/04/2007 09:44 p.m.]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [09/02/2007 12:32 p.m.]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [09/02/2007 12:32 p.m.]
"Persistence"="C:\Windows\system32\igfxpers.exe" [09/02/2007 12:32 p.m.]
"SunJavaUpdateSched"="c:\Program Files\Java\jre1.6.0\bin\jusched.exe" [22/03/2007 12:07 p.m.]
"SigmatelSysTrayApp"="sttray.exe" [07/02/2007 11:16 p.m. C:\Windows\sttray.exe]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [29/09/2006 11:39 a.m.]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [03/10/2006 10:37 a.m.]
"@"="" []
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [05/11/2006 10:22 a.m.]
"RoxioDragToDisc"="C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe" [17/08/2006 08:00 a.m.]
"MskAgentexe"="C:\Program Files\McAfee\MSK\MskAgent.exe" [17/01/2007 04:30 p.m.]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [03/10/2006 10:35 a.m.]
"WPCUMI"="C:\Windows\system32\WpcUmi.exe" [02/11/2006 06:35 a.m.]
"lxcgmon.exe"="C:\Program Files\Lexmark 2300 Series\lxcgmon.exe" [21/07/2005 12:08 a.m.]
"EzPrint"="C:\Program Files\Lexmark 2300 Series\ezprint.exe" [01/08/2005 06:05 a.m.]
"LXCGCATS"="C:\Windows\system32\spool\DRIVERS\W32X86\3\LXCGtime.dll" [20/07/2005 11:48 a.m.]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [05/08/2007 06:21 p.m.]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/01/2008 10:16 p.m.]
"LogMeIn GUI"="C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" [03/08/2007 03:09 p.m.]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [28/03/2008 11:37 p.m.]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [30/03/2008 10:36 a.m.]
"PCSuiteTrayApplication"="C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.exe" [15/06/2006 12:36 p.m.]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [09/01/2008 11:25 a.m.]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [19/01/2007 12:55 p.m.]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [02/11/2006 06:35 a.m.]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [05/08/2007 06:21 p.m.]
"ares"="C:\Program Files\Ares\Ares.exe" [20/02/2008 08:33 a.m.]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [02/11/2006 06:36 a.m.]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [27/06/2006 04:21 p.m.]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [22/03/2007 12:10:39 p.m.]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"LogonHoursAction"=2 (0x2)
"DontDisplayLogonHoursWarnings"=1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e806c912-d30f-11dc-b937-0019d141d4ca}]
AutoRun\command- G:\LaunchU3.exe -a

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI

-- End of Deckard's System Scanner: finished at 2008-05-28 21:46:30 ------------

:wacko:

BC AdBot (Login to Remove)

 


#2 Ale0185

Ale0185
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Costa Rica
  • Local time:12:05 PM

Posted 01 June 2008 - 12:58 PM

these are the results of Kapersky scan
i added it in a compressed carpet cause it was too big too attached it in its original form

Attached Files


Edited by Ale0185, 01 June 2008 - 12:59 PM.


#3 steamwiz

steamwiz

  • Members
  • 1,039 posts
  • OFFLINE
  •  
  • Local time:04:05 PM

Posted 29 June 2008 - 02:50 PM

HI

Sorry for the delay in responding to you, we have a long list of posters waiting for their threads to be analysed.

As it has been some time since you posted, you may have resolved your problem, please let us know if you have ?

If you still require help, Please make sure you have read this :-

http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/

Please follow all the directions in the above thread, then come back here & copy & paste the requested updated logs... do NOT attach them

Logs requested :-

1. Deckard's System Scanner main.txt & extra.txt

Note: you'll find extra.txt here :- C:\Deckard\System Scanner\extra.txt

Please remember to post both txt files ...

2. KASPERSKY ONLINE SCANNER 7 REPORT

Please be sure to give as detailed an explanation of your problem as you can, tell us what programs you may have run whilst waiting for a reply & if you have received help elsewhere ... also any new developments with your problem ?

cheers

steam
MICROSOFT MVP - Windows Security 2004/9
member of ASAP since 2004
member of U.N.I.T.E

If I have helped you, please consider a small donation to help me continue my online fight in the war against malware Posted Image

#4 steamwiz

steamwiz

  • Members
  • 1,039 posts
  • OFFLINE
  •  
  • Local time:04:05 PM

Posted 25 July 2008 - 03:22 PM

Due to lack of feedback this topic is now closed.

If the original poster would like it re-opened, please send me a PM with a link to this thread.

cheers

steam
MICROSOFT MVP - Windows Security 2004/9
member of ASAP since 2004
member of U.N.I.T.E

If I have helped you, please consider a small donation to help me continue my online fight in the war against malware Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users