Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Nasty Trojan


  • This topic is locked This topic is locked
11 replies to this topic

#1 locomotion182

locomotion182

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:09 AM

Posted 09 June 2008 - 07:18 PM

hi there. new here.
ive been affected by this trojan thats making my computer run sloww.

I checked the forums and ive found some cases, qhich in the end were fixed, but there are some variations on the filenames so thats why i rather make a new topic.
Im being affected by the comine/severe trojan

Hope u guys can help me out.




heres the log file of hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:13:26, on 09/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Archivos de programa\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Archivos de programa\802.11 Wireless LAN\802.11g Pen Size Wireless USB 2.0 Adapter HW.32 V1.10\SiSWLSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I4R1.EXE
C:\WINDOWS\system32\severe.exe
C:\Archivos de programa\ESET\ESET NOD32 Antivirus\egui.exe
C:\Archivos de programa\802.11 Wireless LAN\802.11g Pen Size Wireless USB 2.0 Adapter HW.32 V1.10\WlanCU.exe
C:\WINDOWS\system32\drivers\conime.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Archivos de programa\MSN Messenger\msnmsgr.exe
C:\Archivos de programa\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\mmlucj.exe
C:\Archivos de programa\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\mmlucj.exe
C:\WINDOWS\system32\mmlucj.exe
C:\WINDOWS\system32\severe.exe
C:\ARCHIV~1\FREEDO~1\fdm.exe
C:\Archivos de programa\WinRAR\WinRAR.exe
C:\Archivos de programa\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer proporcionado por Windows uE
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = V璯culos
R3 - URLSearchHook: Yahoo! 工具列 - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\ARCHIV~1\Yahoo!\Companion\Installs\cpn0\yt.dll
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\drivers\conime.exe
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\ARCHIV~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARCHIV~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Archivos de programa\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARCHIV~1\MICROS~1\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Archivos de programa\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Archivos de programa\Free Download Manager\iefdm2.dll
O3 - Toolbar: Yahoo! 工具列 - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\ARCHIV~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARCHIV~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [IntelAudioStudio] "C:\Archivos de programa\Intel Audio Studio\IntelAudioStudio.exe" BOOT
O4 - HKLM\..\Run: [EPSON Stylus C85 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I4R1.EXE /P23 "EPSON Stylus C85 Series" /O6 "USB001" /M "Stylus C85"
O4 - HKLM\..\Run: [avipit] C:\WINDOWS\system32\mmlucj.exe
O4 - HKLM\..\Run: [mmlucj] C:\WINDOWS\system32\severe.exe
O4 - HKLM\..\Run: [egui] "C:\Archivos de programa\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide2] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,L,,4,N (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Servicio de red')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Servicio de red')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Archivos de programa\Archivos comunes\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Wireless Configuration Utility HW.32.lnk = ?
O8 - Extra context menu item: Descargar con Free Download Manager - file://C:\Archivos de programa\Free Download Manager\dllink.htm
O8 - Extra context menu item: Descargar la selecci鏮 con Free Download Manager - file://C:\Archivos de programa\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Descargar todo con Free Download Manager - file://C:\Archivos de programa\Free Download Manager\dlall.htm
O8 - Extra context menu item: Descargar video con Free Download Manager - file://C:\Archivos de programa\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARCHIV~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARCHIV~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Archivos de programa\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.windowsue.com
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Archivos de programa\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7D90FF9B-051C-45D6-B259-E24F56C3C075}: NameServer = 201.247.155.225,201.247.157.225
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARCHIV~1\MICROS~1\Office12\GR99D3~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Archivos de programa\Archivos comunes\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Archivos de programa\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Archivos de programa\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: SiS WirelessLan Service (SiSWLSvc) - Unknown owner - C:\Archivos de programa\802.11 Wireless LAN\802.11g Pen Size Wireless USB 2.0 Adapter HW.32 V1.10\SiSWLSvc.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 9399 bytes

BC AdBot (Login to Remove)

 


#2 locomotion182

locomotion182
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:09 AM

Posted 10 June 2008 - 12:01 AM

anyone?

Edit:
*im sorry i didnt know we couldnt bump. i do appologize*

Edited by locomotion182, 10 June 2008 - 12:37 AM.


#3 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:08:09 PM

Posted 16 June 2008 - 09:08 PM

Hello locomotion182, my name is fenzodahl512 and welcome to Bleeping Computer.. Please do the following...


Please download Deckard's System Scanner (DSS) from HERE or HERE and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • Please let your firewall allow the scanning/downloading process.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.


Regards
fenzodahl512

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#4 locomotion182

locomotion182
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:09 AM

Posted 20 June 2008 - 09:01 AM

thanks alot for replying. =)

here are the logs.

Deckard's System Scanner v20071014.68
Run by Diego on 2008-06-20 07:53:54
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

System Restore is disabled; attempting to re-enable...success.


-- Last 1 Restore Point(s) --
1: 2008-06-20 13:53:56 UTC - RP1 - Punto de control del sistema


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Diego.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:56:02, on 20/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Archivos de programa\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Archivos de programa\802.11 Wireless LAN\802.11g Pen Size Wireless USB 2.0 Adapter HW.32 V1.10\SiSWLSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I4R1.EXE
C:\Archivos de programa\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Archivos de programa\802.11 Wireless LAN\802.11g Pen Size Wireless USB 2.0 Adapter HW.32 V1.10\WlanCU.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\rundll32.exe
C:\Archivos de programa\MSN Messenger\msnmsgr.exe
C:\Archivos de programa\Real Alternative\Media Player Classic\mplayerc.exe
C:\Archivos de programa\MSN Messenger\usnsvc.exe
C:\Archivos de programa\MSN Messenger\livecall.exe
C:\Archivos de programa\Internet Explorer\iexplore.exe
C:\ARCHIV~1\FREEDO~1\fdm.exe
C:\Documents and Settings\Diego\Configuraci鏮 local\Archivos temporales de Internet\Content.IE5\25DKT6EW\dss[1].exe
C:\ARCHIV~1\TRENDM~1\HIJACK~1\Diego.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer proporcionado por Windows uE
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = V璯culos
R3 - URLSearchHook: Yahoo! 工具列 - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\ARCHIV~1\Yahoo!\Companion\Installs\cpn0\yt.dll
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\drivers\conime.exe
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\ARCHIV~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARCHIV~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Archivos de programa\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARCHIV~1\MICROS~1\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Archivos de programa\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Archivos de programa\Free Download Manager\iefdm2.dll
O3 - Toolbar: Yahoo! 工具列 - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\ARCHIV~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARCHIV~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [IntelAudioStudio] "C:\Archivos de programa\Intel Audio Studio\IntelAudioStudio.exe" BOOT
O4 - HKLM\..\Run: [EPSON Stylus C85 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I4R1.EXE /P23 "EPSON Stylus C85 Series" /O6 "USB001" /M "Stylus C85"
O4 - HKLM\..\Run: [avipit] C:\WINDOWS\system32\mmlucj.exe
O4 - HKLM\..\Run: [mmlucj] C:\WINDOWS\system32\severe.exe
O4 - HKLM\..\Run: [egui] "C:\Archivos de programa\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide2] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,L,,4,N (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Servicio de red')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Servicio de red')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Archivos de programa\Archivos comunes\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Wireless Configuration Utility HW.32.lnk = ?
O8 - Extra context menu item: Descargar con Free Download Manager - file://C:\Archivos de programa\Free Download Manager\dllink.htm
O8 - Extra context menu item: Descargar la selecci鏮 con Free Download Manager - file://C:\Archivos de programa\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Descargar todo con Free Download Manager - file://C:\Archivos de programa\Free Download Manager\dlall.htm
O8 - Extra context menu item: Descargar video con Free Download Manager - file://C:\Archivos de programa\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARCHIV~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARCHIV~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Archivos de programa\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.windowsue.com
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Archivos de programa\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7D90FF9B-051C-45D6-B259-E24F56C3C075}: NameServer = 201.247.155.225,201.247.157.225
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARCHIV~1\MICROS~1\Office12\GR99D3~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Archivos de programa\Archivos comunes\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Archivos de programa\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Archivos de programa\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: SiS WirelessLan Service (SiSWLSvc) - Unknown owner - C:\Archivos de programa\802.11 Wireless LAN\802.11g Pen Size Wireless USB 2.0 Adapter HW.32 V1.10\SiSWLSvc.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 9378 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 ANIO (ANIO Service) - c:\windows\system32\anio.sys <Not Verified; Alpha Networks Inc.; ANIO (NT5) Driver>
R3 tap0801 (Smarthide TAP driver) - c:\windows\system32\drivers\tap0801.sys <Not Verified; The SHVPN Project; TAP-Win32 Virtual Network Driver>

S3 SIS163u (SiS 163 usb Wireless LAN Adapter Driver) - c:\windows\system32\drivers\sis163u.sys <Not Verified; SiS Corporation; NDIS NIC Driver>
S3 XDva098 - c:\windows\system32\xdva098.sys (file missing)
S3 XDva143 - c:\windows\system32\xdva143.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 SiSWLSvc (SiS WirelessLan Service) - c:\archivos de programa\802.11 wireless lan\802.11g pen size wireless usb 2.0 adapter hw.32 v1.10\siswlsvc.exe


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-06-13 17:18:25 390 --a------ C:\WINDOWS\Tasks\1-Click Maintenance.job


-- Files created between 2008-05-20 and 2008-06-20 -----------------------------

2008-06-15 11:33:08 0 d-------- C:\Archivos de programa\Disney Interactive Studios
2008-06-09 18:03:04 0 d-------- C:\Archivos de programa\Trend Micro
2008-06-09 17:58:13 0 d-------- C:\Downloads
2008-06-09 17:04:35 33130 --a------ C:\WINDOWS\system32\qq.exe
2008-06-02 14:49:54 0 d-------- C:\Archivos de programa\Trillian
2008-05-27 19:31:37 0 d-------- C:\Program Files
2008-05-27 19:28:35 4682 --a------ C:\WINDOWS\system32\npptNT2.sys <Not Verified; INCA Internet Co., Ltd.; nProtect NPSC Kernel Mode Driver for NT>
2008-05-27 19:04:30 0 d-------- C:\Rohan
2008-05-26 19:11:19 0 d-------- C:\Archivos de programa\Outspark
2008-05-23 22:38:58 0 d-------- C:\Archivos de programa\Free Download Manager


-- Find3M Report ---------------------------------------------------------------

2008-06-20 07:56:02 0 d-------- C:\Documents and Settings\Diego\Datos de programa\Free Download Manager
2008-06-15 11:52:40 0 dr-h----- C:\Documents and Settings\Diego\Datos de programa\SecuROM
2008-06-13 07:32:44 0 d-------- C:\Documents and Settings\Diego\Datos de programa\uTorrent
2008-05-27 22:10:18 0 d-------- C:\Archivos de programa\DOSBox-0.65
2008-05-15 18:00:53 0 d-------- C:\Documents and Settings\Diego\Datos de programa\vlc
2008-05-15 18:00:13 0 d-------- C:\Archivos de programa\VideoLAN
2008-05-12 23:51:01 454014 --a------ C:\WINDOWS\system32\perfh00A.dat
2008-05-12 23:51:01 76882 --a------ C:\WINDOWS\system32\perfc00A.dat
2008-04-22 18:54:02 0 d-------- C:\Archivos de programa\SmartHide


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelAudioStudio"="C:\Archivos de programa\Intel Audio Studio\IntelAudioStudio.exe" [09/08/2005 09:35]
"@"="" []
"EPSON Stylus C85 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I4R1.exe" [25/11/2003 03:00]
"avipit"="C:\WINDOWS\system32\mmlucj.exe" []
"mmlucj"="C:\WINDOWS\system32\severe.exe" []
"egui"="C:\Archivos de programa\ESET\ESET NOD32 Antivirus\egui.exe" [13/03/2008 16:48]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [19/08/2004 07:42]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"nltide3"=cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N

C:\Documents and Settings\Diego\Men Inicio\Programas\Inicio\
Adobe Gamma.lnk - C:\Archivos de programa\Archivos comunes\Adobe\Calibration\Adobe Gamma Loader.exe [16/03/2005 11:16:50]

C:\Documents and Settings\All Users\Men Inicio\Programas\Inicio\
Wireless Configuration Utility HW.32.lnk - C:\WINDOWS\Installer\{BDC88E5A-F47B-4314-AB38-994592E32C95}\NewShortcut1.exe [20/09/2007 9:00:41]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableStatusMessages"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoDesktopCleanupWizard"=1 (0x1)
"ForceClassicControlPanel"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"=1 (0x1)
"NoStartBanner"=1 (0x1)
"NoSMHelp"=1 (0x1)
"NoSMConfigurePrograms"=1 (0x1)
"NoSMMyPictures"=1 (0x1)
"NoLowDiskSpaceChecks"=1 (0x1)
"NoResolveTrack"=1 (0x1)
"LinkResolveIgnoreLinkInfo"=1 (0x1)
"NoResolveSearch"=1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"=1 (0x1)
"NoStartBanner"=1 (0x1)
"NoSMHelp"=1 (0x1)
"NoSMConfigurePrograms"=1 (0x1)
"NoSMMyPictures"=1 (0x1)
"NoLowDiskSpaceChecks"=1 (0x1)
"NoResolveTrack"=1 (0x1)
"LinkResolveIgnoreLinkInfo"=1 (0x1)
"NoResolveSearch"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Shell"="Explorer.exe C:\WINDOWS\system32\drivers\conime.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\360Safe.exe]
Debugger=C:\WINDOWS\system32\drivers\avipit.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\adam.exe]
Debugger=C:\WINDOWS\system32\drivers\avipit.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avp.com]
Debugger=C:\WINDOWS\system32\drivers\avipit.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avp.exe]
Debugger=C:\WINDOWS\system32\drivers\avipit.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\EGHOST.exe]
Debugger=C:\WINDOWS\system32\drivers\avipit.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\IceSword.exe]
Debugger=C:\WINDOWS\system32\drivers\avipit.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\iparmo.exe]
Debugger=C:\WINDOWS\system32\drivers\avipit.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kabaload.exe]
Debugger=C:\WINDOWS\system32\drivers\avipit.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KRegEx.exe]
Debugger=C:\WINDOWS\system32\drivers\avipit.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KvDetect.exe]
Debugger=C:\WINDOWS\system32\drivers\avipit.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KVMonXP.kxp]
Debugger=C:\WINDOWS\system32\drivers\avipit.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KvXP.kxp]
Debugger=C:\WINDOWS\system32\drivers\avipit.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\MagicSet.exe]
Debugger=C:\WINDOWS\system32\drivers\avipit.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mmsk.exe]
Debugger=C:\WINDOWS\system32\drivers\avipit.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\msconfig.com]
Debugger=C:\WINDOWS\system32\drivers\avipit.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\msconfig.exe]
Debugger=C:\WINDOWS\system32\drivers\avipit.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NOD32.exe]
Debugger=C:\WINDOWS\system32\drivers\avipit.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\PFW.exe]
Debugger=C:\WINDOWS\system32\drivers\avipit.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\PFWLiveUpdate.exe]
Debugger=C:\WINDOWS\system32\drivers\avipit.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\QQDoctor.exe]
Debugger=C:\WINDOWS\system32\drivers\avipit.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Ras.exe]
Debugger=C:\WINDOWS\system32\drivers\avipit.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Rav.exe]
Debugger=C:\WINDOWS\system32\drivers\avipit.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RavMon.exe]
Debugger=C:\WINDOWS\system32\drivers\avipit.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\regedit.com]
Debugger=C:\WINDOWS\system32\drivers\avipit.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\regedit.exe]
Debugger=C:\WINDOWS\system32\drivers\avipit.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\runiep.exe]
Debugger=C:\WINDOWS\system32\drivers\avipit.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SREng.EXE]
Debugger=C:\WINDOWS\system32\drivers\avipit.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\TrojDie.kxp]
Debugger=C:\WINDOWS\system32\drivers\avipit.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\WoptiClean.exe]
Debugger=C:\WINDOWS\system32\drivers\avipit.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MsnMsgr"="C:\Archivos de programa\MSN Messenger\MsnMsgr.Exe" /background
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"GrooveMonitor"="C:\Archivos de programa\Microsoft Office\Office12\GrooveMonitor.exe"
"RemoteControl"="C:\Archivos de programa\CyberLink\PowerDVD\PDVDServ.exe"
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe
"LanguageShortcut"="C:\Archivos de programa\CyberLink\PowerDVD\Language\Language.exe"
"mmlucj"=C:\WINDOWS\system32\severe.exe
"mouseElf"=C:\ARCHIV~1\TWINTO~1\MouseElf.EXE
"Sony Ericsson PC Suite"="C:\Archivos de programa\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService Alerter WebClient LmHosts upnphost SSDPSRV

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1ae77131-0035-11dd-a0c2-001676c8b313}]
Auto\command- E:\OSO.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL OSO.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a01581f5-f9b2-11dc-a0ad-a2b448f162e4}]
AutoRun\command- E:\ntde1ect.com
explore\Command- E:\ntde1ect.com
open\Command- E:\ntde1ect.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dce6873a-3647-11dd-a101-001676c8b313}]
Auto\command- E:\OSO.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL OSO.exe




-- End of Deckard's System Scanner: finished at 2008-06-20 07:56:37 ------------








heres the extra log.

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: Spanish

CPU 0: Intel® Pentium® D CPU 3.40GHz
CPU 1: Intel® Pentium® D CPU 3.40GHz
Percentage of Memory in Use: 58%
Physical Memory (total/avail): 1014.02 MiB / 423.73 MiB
Pagefile Memory (total/avail): 2440.93 MiB / 1976.31 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1926.67 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 149.04 GiB total, 122.15 GiB free.
D: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - ST3160023AS - 149.05 GiB - 1 partition
\PARTITION0 (bootable) - Sistema de archivos instalables - 149.04 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is set to notify before download.
Windows Internal Firewall is disabled.

Unable to create WMI object.

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Diego\Datos de programa
CommonProgramFiles=C:\Archivos de programa\Archivos comunes
COMPUTERNAME=DESKTOP
ComSpec=C:\WINDOWS\system32\cmd.exe
DEFAULT_CA_NR=CA6
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Diego
LOGONSERVER=\\DESKTOP
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Archivos de programa\Internet Explorer;;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Archivos de programa\Archivos comunes\Adobe\AGL;C:\Archivos de programa\Archivos comunes\Teleca Shared
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 6 Stepping 4, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0604
ProgramFiles=C:\Archivos de programa
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\Windows\Temp\
TMP=C:\Windows\Temp\
USERDOMAIN=DESKTOP
USERNAME=Diego
USERPROFILE=C:\Documents and Settings\Diego
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Diego (admin)
Test (new local, admin)
Administrador (admin)
Invitado (guest)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\ARCHIV~1\Yahoo!\Common\UNYT_W~1.EXE
--> C:\WINDOWS\WEBDELC.EXE -[WebCam Control
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
802.11g Pen Size Wireless USB 2.0 Adapter HW.32 V1.10 --> C:\ARCHIV~1\ARCHIV~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{BDC88E5A-F47B-4314-AB38-994592E32C95}
Actualizaci鏮 de seguridad para el Reproductor de Windows Media 11 (KB936782) --> "C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Actualizaci鏮 de seguridad para Windows XP (KB918118) --> "C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Actualizaci鏮 de seguridad para Windows XP (KB921503) --> "C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"
Actualizaci鏮 de seguridad para Windows XP (KB924667) --> "C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Actualizaci鏮 de seguridad para Windows XP (KB925902) --> "C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Actualizaci鏮 de seguridad para Windows XP (KB926436) --> "C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Actualizaci鏮 de seguridad para Windows XP (KB927779) --> "C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Actualizaci鏮 de seguridad para Windows XP (KB927802) --> "C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Actualizaci鏮 de seguridad para Windows XP (KB928255) --> "C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Actualizaci鏮 de seguridad para Windows XP (KB928843) --> "C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Actualizaci鏮 de seguridad para Windows XP (KB929123) --> "C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Actualizaci鏮 de seguridad para Windows XP (KB930178) --> "C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Actualizaci鏮 de seguridad para Windows XP (KB931261) --> "C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Actualizaci鏮 de seguridad para Windows XP (KB931784) --> "C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Actualizaci鏮 de seguridad para Windows XP (KB932168) --> "C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Actualizaci鏮 de seguridad para Windows XP (KB933729) --> "C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Actualizaci鏮 de seguridad para Windows XP (KB935839) --> "C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Actualizaci鏮 de seguridad para Windows XP (KB935840) --> "C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Actualizaci鏮 de seguridad para Windows XP (KB936021) --> "C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
Actualizaci鏮 de seguridad para Windows XP (KB937894) --> "C:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.exe"
Actualizaci鏮 de seguridad para Windows XP (KB938829) --> "C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
Actualizaci鏮 de seguridad para Windows XP (KB941202) --> "C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Actualizaci鏮 de seguridad para Windows XP (KB941568) --> "C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
Actualizaci鏮 de seguridad para Windows XP (KB941569) --> "C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Actualizaci鏮 de seguridad para Windows XP (KB941644) --> "C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
Actualizaci鏮 de seguridad para Windows XP (KB941693) --> "C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"
Actualizaci鏮 de seguridad para Windows XP (KB943055) --> "C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
Actualizaci鏮 de seguridad para Windows XP (KB943460) --> "C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Actualizaci鏮 de seguridad para Windows XP (KB943485) --> "C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
Actualizaci鏮 de seguridad para Windows XP (KB944653) --> "C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Actualizaci鏮 de seguridad para Windows XP (KB945553) --> "C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
Actualizaci鏮 de seguridad para Windows XP (KB946026) --> "C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
Actualizaci鏮 de seguridad para Windows XP (KB948590) --> "C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"
Actualizaci鏮 de seguridad para Windows XP (KB948881) --> "C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe"
Actualizaci鏮 de seguridad para Windows XP (KB950749) --> "C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
Actualizaci鏮 para Windows XP (KB927891) --> "C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Actualizaci鏮 para Windows XP (KB930916) --> "C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Actualizaci鏮 para Windows XP (KB932823-v3) --> "C:\WINDOWS\$NtUninstallKB932823-v3$\spuninst\spuninst.exe"
Actualizaci鏮 para Windows XP (KB933360) --> "C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe"
Actualizaci鏮 para Windows XP (KB936357) --> "C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe"
Actualizaci鏮 para Windows XP (KB938828) --> "C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Actualizaci鏮 para Windows XP (KB942763) --> "C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Adobe Bridge 1.0 --> MsiExec.exe /I{B74D4E10-1033-0000-0000-000000000001}
Adobe Common File Installer --> MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Help Center 1.0 --> MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Photoshop CS2 --> msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Reader 7.0.8 - Espa隳l --> MsiExec.exe /I{AC76BA86-7AD7-1034-7B44-A70800000002}
Adobe Stock Photos 1.0 --> MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
AIM 6 --> C:\Archivos de programa\AIM6\uninst.exe
Air Utility --> C:\ARCHIV~1\ARCHIV~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{67BB93E2-60DD-49F5-97CB-3187BAE9D4E6}
ANIO Service --> RunDll32 C:\ARCHIV~1\ARCHIV~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Archivos de programa\InstallShield Installation Information\{7B5CE976-C7A9-4E38-A7F3-6C8EF025DD8E}\Setup.exe"
ANIWZCS Service --> RunDll32 C:\ARCHIV~1\ARCHIV~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Archivos de programa\InstallShield Installation Information\{74FCFEA6-7447-4BDB-BFEC-FF195AA62A13}\Setup.exe"
猥orrent --> "C:\Archivos de programa\uTorrent\uTorrent.exe" /UNINSTALL
Compresor WinRAR --> C:\Archivos de programa\WinRAR\uninstall.exe
Creative Video Blaster WebCam 3 USB/WebCam Plus Driver --> C:\WINDOWS\ctdrvins.exe -uninstall usb\vid_05a9&pid_a511 -plugin webc3pin.dll -pluginres webc3pin.dll
Creative WebCam Control --> C:\WINDOWS\IsUn040a.exe -f"C:\Archivos de programa\Creative\WebCam Control\DeIsL1.isu"
ESET NOD32 Antivirus --> MsiExec.exe /I{86A6E235-C08F-4A14-B14C-793C7D8844A0}
Fiesta --> C:\Archivos de programa\Outspark\Fiesta\uninstall.exe
Free Download Manager 2.5 --> "C:\Archivos de programa\Free Download Manager\unins000.exe"
High Definition Audio Driver Package - KB835221 --> C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 2.0.2 --> "C:\Archivos de programa\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Intel Audio Studio 2.0 --> RunDll32 C:\ARCHIV~1\ARCHIV~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Archivos de programa\InstallShield Installation Information\{3D1B20A6-E31D-4BB5-BC5C-DDD3B0D91728}\setup.exe" -l0x9
Intel® Graphics Media Accelerator Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2776 PCI\VEN_8086&DEV_2772
Intel® PRO Network Connections Drivers --> Prounstl.exe
Java™ SE Runtime Environment 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}
K-Lite Codec Pack 2.81 Full --> "C:\Archivos de programa\K-Lite Codec Pack\unins000.exe"
LimeWire PRO 4.12.6 --> "C:\Archivos de programa\LimeWire\uninstall.exe"
Macromedia Dreamweaver 8 --> MsiExec.exe /I{0837A661-FEC3-48B3-876C-91E7D32048A9}
Macromedia Extension Manager --> MsiExec.exe /I{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}
Megaupload Toolbar --> C:\Archivos de programa\MegauploadToolbar\uninstall.exe
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office Access MUI (Spanish) 2007 --> MsiExec.exe /X{90120000-0015-0C0A-0000-0000000FF1CE}
Microsoft Office Enterprise 2007 --> "C:\Archivos de programa\Archivos comunes\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007 --> MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (Spanish) 2007 --> MsiExec.exe /X{90120000-0016-0C0A-0000-0000000FF1CE}
Microsoft Office Groove MUI (Spanish) 2007 --> MsiExec.exe /X{90120000-00BA-0C0A-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (Spanish) 2007 (Beta) --> MsiExec.exe /X{30120000-0044-0C0A-0000-0000000FF1CE}
Microsoft Office OneNote MUI (Spanish) 2007 --> MsiExec.exe /X{90120000-00A1-0C0A-0000-0000000FF1CE}
Microsoft Office Outlook MUI (Spanish) 2007 --> MsiExec.exe /X{90120000-001A-0C0A-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Spanish) 2007 --> MsiExec.exe /X{90120000-0018-0C0A-0000-0000000FF1CE}
Microsoft Office Proof (Basque) 2007 --> MsiExec.exe /X{90120000-001F-042D-0000-0000000FF1CE}
Microsoft Office Proof (Catalan) 2007 --> MsiExec.exe /X{90120000-001F-0403-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Galician) 2007 --> MsiExec.exe /X{90120000-001F-0456-0000-0000000FF1CE}
Microsoft Office Proof (Portuguese (Brazil)) 2007 --> MsiExec.exe /X{90120000-001F-0416-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (Spanish) 2007 --> MsiExec.exe /X{90120000-002C-0C0A-0000-0000000FF1CE}
Microsoft Office Publisher MUI (Spanish) 2007 --> MsiExec.exe /X{90120000-0019-0C0A-0000-0000000FF1CE}
Microsoft Office Shared MUI (Spanish) 2007 --> MsiExec.exe /X{90120000-006E-0C0A-0000-0000000FF1CE}
Microsoft Office Word MUI (Spanish) 2007 --> MsiExec.exe /X{90120000-001B-0C0A-0000-0000000FF1CE}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Mozilla Firefox (2.0.0.1) --> C:\Archivos de programa\Mozilla Firefox\uninstall\uninst.exe
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{79ACDEE9-29B6-4E2A-8C65-4352774D5BEA}
Nero 7 Lite 7.10.1.0 --> "C:\Archivos de programa\Nero\unins000.exe"
Notepad++ --> C:\Archivos de programa\Notepad++\uninstall.exe
Outspark Launcher --> C:\Archivos de programa\Outspark\Launcher\uninstall.exe
PowerDVD --> RunDll32 C:\ARCHIV~1\ARCHIV~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Archivos de programa\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
QuickTime Alternative 1.78 --> "C:\Archivos de programa\QuickTime Alternative\unins000.exe"
Real Alternative 1.60 --> "C:\Archivos de programa\Real Alternative\unins000.exe"
Revisi鏮 para el Reproductor de Windows Media 11 (KB939683) --> "C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Rohan_USA --> C:\Rohan\GoUninstUSA.exe
Security Update for Excel 2007 (KB946974) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {85E83E2E-AF9B-439B-B4F9-EB9B7EF6A00E}
Security Update for Microsoft Office Publisher 2007 (KB950114) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB951808) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}
Security Update for Microsoft Office Word 2007 (KB950113) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}
Security Update for Office 2007 (KB934062) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {305D509B-F194-4638-9F0F-D9E4C05F9D33}
Security Update for Office 2007 (KB947801) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {02B5A17B-01BE-4BA6-95F1-1CBB46EBC76E}
Security Update for Outlook 2007 (KB946983) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {66B9496E-C0C3-4065-9868-85CCA92126C3}
Security Update for the 2007 Microsoft Office System (KB936960) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5E5BD655-7AA9-47F9-BB6D-A1D8CE29AC86}
Security Update for Visio 2007 (KB947590) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41}
SigmaTel Audio --> RunDll32 C:\ARCHIV~1\ARCHIV~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Archivos de programa\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\Setup.exe" -l0xa -remove -removeonly
SmartFTP Client --> MsiExec.exe /I{6F23C1A3-9F62-470C-BD12-B83F04E67865}
SmartFTP Client 3.0 Setup Files (remove only) --> C:\Archivos de programa\SmartFTP Client 3.0 Setup Files\uninst-sftp.exe
SmartHide 2.1.121 --> C:\Archivos de programa\SmartHide\uninst.exe
Software de impresora EPSON --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
Sony Ericsson PC Suite 1.20.224 --> MsiExec.exe /I{7689CA7A-1270-425A-9959-EB4CB25EA29A}
TeamSpeak 2 RC2 --> "C:\Archivos de programa\Teamspeak2_RC2\unins000.exe"
Trillian --> C:\Archivos de programa\Trillian\trillian.exe /uninstall
TuneUp Utilities 2008 --> MsiExec.exe /I{5888428E-699C-4E71-BF71-94EE06B497DA}
Update for Office 2007 (KB932080) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {EDC9CA29-6BC1-471C-828C-7A36109005D7}
Update for Office 2007 (KB934391) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {B3091818-7C56-4C45-BE7D-CA23027A5EA5}
Update for Office 2007 (KB946691) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb950378) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F6296086-AED5-4EC0-938B-08EA0254F20E}
VideoLAN VLC media player 0.8.6e --> C:\Archivos de programa\VideoLAN\VLC\uninstall.exe
Viewpoint Media Player --> C:\Archivos de programa\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
WinAVIVideoConverter --> "C:\Archivos de programa\WinAVIVideoConverter\unins000.exe"
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Yahoo! Anti-Spy --> C:\ARCHIV~1\Yahoo!\Common\unypsr.exe
Yahoo! Browser Services --> C:\ARCHIV~1\Yahoo!\Common\UNIN_Y~1.EXE /S
Yahoo! Install Manager --> C:\WINDOWS\system32\regsvr32 /u C:\ARCHIV~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Internet Mail --> C:\WINDOWS\system32\regsvr32 /u /s C:\ARCHIV~1\Yahoo!\Common\YMMAPI.dll
Yahoo! Messenger --> C:\ARCHIV~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\ARCHIV~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! 工具列 --> C:\ARCHIV~1\Yahoo!\Common\UNYT_W~1.EXE


-- Application Event Log -------------------------------------------------------

Event Record #/Type3107 / Success
Event Submitted/Written: 06/19/2008 04:15:09 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type3071 / Success
Event Submitted/Written: 06/18/2008 06:20:36 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type2985 / Success
Event Submitted/Written: 06/16/2008 11:44:02 AM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type2868 / Success
Event Submitted/Written: 06/13/2008 03:25:44 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type2822 / Success
Event Submitted/Written: 06/12/2008 08:16:35 AM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type267 / Warning
Event Submitted/Written: 06/20/2008 05:06:44 AM
Event ID/Source: 36 / W32Time
Event Description:
El servicio de hora no ha podido sincronizar la hora del sistema en 49152
segundos porque ninguno de los proveedores de hora ha podido proporcionar
un sello de hora que se pueda usar. El reloj del sistema no est sincronizado.

Event Record #/Type246 / Error
Event Submitted/Written: 06/19/2008 02:34:55 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM ha obtenido un error "%%1058" al intentar iniciar el servicio upnphost con argumentos ""
para ejecutar el servidor:
{204810B9-73B2-11D4-BF42-00B0D0118B56}

Event Record #/Type227 / Warning
Event Submitted/Written: 06/19/2008 07:56:38 AM
Event ID/Source: 36 / W32Time
Event Description:
El servicio de hora no ha podido sincronizar la hora del sistema en 49152
segundos porque ninguno de los proveedores de hora ha podido proporcionar
un sello de hora que se pueda usar. El reloj del sistema no est sincronizado.

Event Record #/Type191 / Warning
Event Submitted/Written: 06/17/2008 01:19:38 AM
Event ID/Source: 36 / W32Time
Event Description:
El servicio de hora no ha podido sincronizar la hora del sistema en 49152
segundos porque ninguno de los proveedores de hora ha podido proporcionar
un sello de hora que se pueda usar. El reloj del sistema no est sincronizado.

Event Record #/Type167 / Error
Event Submitted/Written: 06/16/2008 11:30:56 AM
Event ID/Source: 29 / W32Time
Event Description:
El proveedor de tiempo NtpClient se ha configurado para adquirir la hora desde
uno o m嫳 recursos de hora, sin embargo, ninguno de los recursos est accesible
No se har un intento de ponerse en contacto con un recurso durante 14 minutos.
NtpClient no tiene recurso de hora exacta.



-- End of Deckard's System Scanner: finished at 2008-06-20 07:56:37 ------------

#5 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:08:09 PM

Posted 20 June 2008 - 09:38 PM

Hello, thanks for the reply.. Apology for my late reply.. I was in hospital for two days due to bad food (food poisoning..) Please do the following...


Please visit below webpage for instructions for downloading and running ComboFix

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

This includes installing the Windows XP Recovery Console in case you have not installed it yet.

For more information on the Windows XP Recovery Console read http://support.microsoft.com/kb/314058.

Once you install the Recovery Console, when you reboot your computer, you'll see the option for the Recovery Console now as well. DO NOT select Recovery Console as we don't need it. By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows. That is normal.

Post the log from ComboFix (located in C:\combofix.txt) when you've accomplished that, along with a new HijackThis log.




Regards
fenzodahl512

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#6 locomotion182

locomotion182
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:09 AM

Posted 22 June 2008 - 12:42 PM

aah sorry to ehar that. are u ok now?

ALso if possible i wanted to ask you something. When i got the Trojan it ahd been only 2 days since avast! trial finished so after posting here i went ahead and instaled NOD32. The antivirus found the trojan but it also had problems removing it, and everytime i restarted windows he kept giving me the warning, until it seemed like nod32 deleted the files. now when i restart windows it gives me an error of "cannot find C:\.....WINDOWS\comine.exe"
I dont know if that will help eventually.


heres the cambo fixlog
ComboFix 08-06-20.4 - Diego 2008-06-22 11:29:34.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.3082.18.644 [GMT -6:00]
Se ejecuta desde: C:\Documents and Settings\Diego\Escritorio\ComboFix.exe
Command switches used :: C:\Documents and Settings\Diego\Escritorio\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
* Creado un nuevo punto de restauraci鏮
* Resident AV is active

.

(((((((((((((((((( Archivos creados desde 2008-05-22 - 2008-06-22 )))))))))))))))))))))))))))))))))
.

2008-06-20 12:45 . 2008-06-20 12:48 <DIR> d-------- C:\BROOD
2008-06-20 07:53 . 2008-06-20 07:53 <DIR> d-------- C:\Deckard
2008-06-19 15:15 . 2008-06-19 15:15 <DIR> d-------- C:\Documents and Settings\Invitado\Datos de programa\InstallShield
2008-06-15 11:52 . 2008-06-15 11:52 <DIR> dr-h----- C:\Documents and Settings\Diego\Datos de programa\SecuROM
2008-06-15 11:52 . 2008-06-15 11:52 108,144 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-06-15 11:33 . 2008-06-15 11:33 <DIR> d-------- C:\Archivos de programa\Disney Interactive Studios
2008-06-15 10:46 . 2008-06-15 11:52 55 --a------ C:\WINDOWS\disney.ini
2008-06-15 10:43 . 2008-06-15 11:49 200 --a------ C:\WINDOWS\disneysy.ini
2008-06-09 18:03 . 2008-06-09 18:03 <DIR> d-------- C:\Archivos de programa\Trend Micro
2008-06-09 17:58 . 2008-06-09 17:58 <DIR> d-------- C:\Downloads
2008-06-09 17:04 . 2008-06-09 17:04 33,130 --a------ C:\WINDOWS\system32\qq.exe
2008-06-09 16:07 . 2008-06-09 16:07 <DIR> d-------- C:\Documents and Settings\Administrador\Contacts
2008-06-09 15:58 . 2008-06-09 15:58 <DIR> d-------- C:\Documents and Settings\All Users\Datos de programa\ESET
2008-06-09 15:58 . 2008-06-09 15:58 <DIR> d-------- C:\Archivos de programa\ESET
2008-06-09 15:22 . 2008-06-09 15:22 <DIR> d-------- C:\Documents and Settings\Test\Datos de programa\Teleca
2008-06-09 15:22 . 2008-06-09 15:22 <DIR> d-------- C:\Documents and Settings\Test\Datos de programa\MEGAUPLOADTOOLBAR
2008-06-09 15:21 . 2008-06-09 15:21 <DIR> dr-h----- C:\Documents and Settings\Test\Reciente
2008-06-09 15:21 . 2007-09-05 11:54 <DIR> d--h----- C:\Documents and Settings\Test\Plantillas
2008-06-09 15:21 . 2008-06-09 15:21 <DIR> dr------- C:\Documents and Settings\Test\Mis documentos
2008-06-09 15:21 . 2007-09-05 11:54 <DIR> dr------- C:\Documents and Settings\Test\Men Inicio
2008-06-09 15:21 . 2007-09-05 11:54 <DIR> d--h----- C:\Documents and Settings\Test\Impresoras
2008-06-09 15:21 . 2008-06-09 15:22 <DIR> dr------- C:\Documents and Settings\Test\Favoritos
2008-06-09 15:21 . 2007-09-06 05:18 <DIR> d-------- C:\Documents and Settings\Test\Escritorio
2008-06-09 15:21 . 2007-09-05 11:54 <DIR> d--h----- C:\Documents and Settings\Test\Entorno de red
2008-06-09 15:21 . 2008-06-09 15:22 <DIR> dr-h----- C:\Documents and Settings\Test\Datos de programa
2008-06-09 15:21 . 2008-06-22 11:30 <DIR> d--h----- C:\Documents and Settings\Test\Configuraci鏮 local
2008-06-09 15:21 . 2007-09-05 11:13 <DIR> d-------- C:\Documents and Settings\Test\7zS4E8.tmp
2008-06-09 15:21 . 2008-06-09 15:21 <DIR> d-------- C:\Documents and Settings\Test
2008-06-02 14:49 . 2008-06-21 23:50 <DIR> d-------- C:\Archivos de programa\Trillian
2008-06-01 10:26 . 2008-06-20 09:26 58,030 --a------ C:\romini.dmp
2008-05-28 00:51 . 2008-02-26 06:00 294,912 --------- C:\WINDOWS\system32\dllcache\msctf.dll
2008-05-27 19:31 . 2008-06-19 15:09 <DIR> d-------- C:\Program Files
2008-05-27 19:28 . 2003-07-19 09:17 5,174 --a------ C:\WINDOWS\system32\nppt9x.vxd
2008-05-27 19:28 . 2005-01-03 00:43 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys
2008-05-27 19:04 . 2008-06-20 11:25 <DIR> d-------- C:\Rohan
2008-05-26 19:11 . 2008-05-26 19:18 <DIR> d-------- C:\Archivos de programa\Outspark
2008-05-23 22:39 . 2008-06-22 11:30 <DIR> d-------- C:\Documents and Settings\Diego\Datos de programa\Free Download Manager
2008-05-23 22:39 . 2008-05-23 22:39 <DIR> d-------- C:\Documents and Settings\All Users\Datos de programa\FreeDownloadManager.ORG
2008-05-23 22:38 . 2008-05-23 22:39 <DIR> d-------- C:\Archivos de programa\Free Download Manager

.
(((((((((((((((((((((((((((((((((((((( Reporte Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-20 21:54 --------- d-----w C:\Documents and Settings\Invitado\Datos de programa\MEGAUPLOADTOOLBAR
2008-06-13 13:32 --------- d-----w C:\Documents and Settings\Diego\Datos de programa\uTorrent
2008-05-28 04:10 --------- d-----w C:\Archivos de programa\DOSBox-0.65
2008-05-17 15:06 --------- d-----w C:\Documents and Settings\Invitado\Datos de programa\vlc
2008-05-16 00:00 --------- d-----w C:\Documents and Settings\Diego\Datos de programa\vlc
2008-05-16 00:00 --------- d-----w C:\Archivos de programa\VideoLAN
2008-05-14 08:33 --------- d-----w C:\Documents and Settings\All Users\Datos de programa\Microsoft Help
2008-04-23 00:54 --------- d-----w C:\Documents and Settings\All Users\Datos de programa\Arovax
2008-04-23 00:54 --------- d-----w C:\Archivos de programa\SmartHide
2008-03-26 11:27 306,432 ----a-w C:\WINDOWS\system32\TuneUpDefragService.exe
2008-03-25 16:20 219,936 ----a-w C:\WINDOWS\system32\msltus40.dll
2008-03-25 16:20 219,936 ------w C:\WINDOWS\system32\dllcache\msltus40.dll
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 621,344 ------w C:\WINDOWS\system32\dllcache\mswstr10.dll
2008-03-25 04:51 187,168 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-25 04:51 187,168 ------w C:\WINDOWS\system32\dllcache\msjint40.dll
.

((((((((((((((((((((((((((((((((( Cargando Puntos Reg ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* entradas vac燰s & entradas leg癃imas predeterminadas no son mostradas

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 07:42 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelAudioStudio"="C:\Archivos de programa\Intel Audio Studio\IntelAudioStudio.exe" [2005-08-09 09:35 8597586]
"EPSON Stylus C85 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I4R1.EXE" [2003-11-25 03:00 99840]
"avipit"="C:\WINDOWS\system32\mmlucj.exe" [ ]
"mmlucj"="C:\WINDOWS\system32\severe.exe" [ ]
"egui"="C:\Archivos de programa\ESET\ESET NOD32 Antivirus\egui.exe" [2008-03-13 16:48 1443072]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 07:42 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide3"="rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N" []

C:\Documents and Settings\Invitado\Men Inicio\Programas\Inicio\
Recorte de pantalla e Inicio rpido de OneNote 2007.lnk - C:\Archivos de programa\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 12:24:54 98632]

C:\Documents and Settings\Diego\Men Inicio\Programas\Inicio\
Adobe Gamma.lnk - C:\Archivos de programa\Archivos comunes\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 11:16:50 113664]

C:\Documents and Settings\All Users\Men Inicio\Programas\Inicio\
Wireless Configuration Utility HW.32.lnk - C:\WINDOWS\Installer\{BDC88E5A-F47B-4314-AB38-994592E32C95}\NewShortcut1.exe [2007-09-20 09:00:41 40960]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableStatusMessages"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoDesktopCleanupWizard"= 1 (0x1)
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoResolveSearch"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoResolveSearch"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MsnMsgr"="C:\Archivos de programa\MSN Messenger\MsnMsgr.Exe" /background
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"GrooveMonitor"="C:\Archivos de programa\Microsoft Office\Office12\GrooveMonitor.exe"
"RemoteControl"="C:\Archivos de programa\CyberLink\PowerDVD\PDVDServ.exe"
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe
"LanguageShortcut"="C:\Archivos de programa\CyberLink\PowerDVD\Language\Language.exe"
"mmlucj"=C:\WINDOWS\system32\severe.exe
"mouseElf"=C:\ARCHIV~1\TWINTO~1\MouseElf.EXE
"Sony Ericsson PC Suite"="C:\Archivos de programa\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Archivos de programa\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Archivos de programa\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Archivos de programa\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Archivos de programa\\LimeWire\\LimeWire.exe"=
"C:\\Archivos de programa\\MSN Messenger\\msnmsgr.exe"=
"C:\\Archivos de programa\\MSN Messenger\\livecall.exe"=
"C:\\Archivos de programa\\Archivos comunes\\AOL\\Loader\\aolload.exe"=
"C:\\Archivos de programa\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Archivos de programa\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Archivos de programa\\SmartFTP Client\\SmartFTP.exe"=
"C:\\Archivos de programa\\uTorrent\\uTorrent.exe"=
"C:\\Archivos de programa\\SmartHide\\SmartHide.exe"=

R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-03-13 16:52]
R2 UxTuneUp;TuneUp Ampliaci鏮 del thema;C:\WINDOWS\System32\svchost.exe [2004-08-19 07:43]
R3 CTL511Plus;Video Blaster WebCam 3/WebCam Plus (WDM);C:\WINDOWS\system32\DRIVERS\webc3vid.sys [2000-09-14 06:00]
R3 genmcmnUSB;USB Scroll Mouse Driver;C:\WINDOWS\system32\DRIVERS\gflmouhid.sys [2004-04-18 23:01]
R3 tap0801;Smarthide TAP driver;C:\WINDOWS\system32\DRIVERS\tap0801.sys [2007-10-12 07:07]
S3 dump_wmimmc;dump_wmimmc;C:\Rohan\GameGuard\dump_wmimmc.sys []
S3 PRISM;D-Link Air Wireless Prism3 Adapter Driver;C:\WINDOWS\system32\DRIVERS\PRISMNDS.sys [2003-09-19 07:00]
S3 SIS163u;SiS 163 usb Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\sis163u.sys [2004-12-29 01:34]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-03-26 05:27]
S3 USBSTOR;Dispositivo de almacenamiento masivo de datos USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2006-12-17 19:19]
S3 w300bus;Sony Ericsson W300 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\w300bus.sys [2006-03-13 16:49]
S3 XDva098;XDva098;C:\WINDOWS\system32\XDva098.sys []
S3 XDva143;XDva143;C:\WINDOWS\system32\XDva143.sys []

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1ae77131-0035-11dd-a0c2-001676c8b313}]
\Shell\Auto\command - E:\OSO.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL OSO.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a01581f5-f9b2-11dc-a0ad-a2b448f162e4}]
\Shell\AutoRun\command - E:\ntde1ect.com
\Shell\explore\Command - E:\ntde1ect.com
\Shell\open\Command - E:\ntde1ect.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dce6873a-3647-11dd-a101-001676c8b313}]
\Shell\Auto\command - E:\OSO.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL OSO.exe

*Newly Created Service* - CATCHME
.
Contenido de carpeta 'Tareas Programadas'
"2008-06-20 23:17:49 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Archivos de programa\TuneUp Utilities 2008\OneClick.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-22 11:31:11
Windows 5.1.2600 Service Pack 2 NTFS

escaneando procesos ocultos ...

escaneando entradas ocultas de autostart ...

escaneando archivos ocultos ...

el escaneo se completo con exito
archivos ocultos: 0

**************************************************************************
.
Tiempo completado: 2008-06-22 11:31:55
ComboFix-quarantined-files.txt 2008-06-22 17:31:52

14 dirs 129,890,361,344 bytes libres
18 dirs 130,673,131,520 bytes libres

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

194 --- E O F --- 2008-05-28 19:14:00









Hijackthis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:36:34, on 22/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Archivos de programa\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Archivos de programa\802.11 Wireless LAN\802.11g Pen Size Wireless USB 2.0 Adapter HW.32 V1.10\SiSWLSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I4R1.EXE
C:\Archivos de programa\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Archivos de programa\802.11 Wireless LAN\802.11g Pen Size Wireless USB 2.0 Adapter HW.32 V1.10\WlanCU.exe
C:\Archivos de programa\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Archivos de programa\MSN Messenger\usnsvc.exe
C:\ARCHIV~1\FREEDO~1\fdm.exe
C:\Archivos de programa\MSN Messenger\livecall.exe
C:\WINDOWS\explorer.exe
C:\Archivos de programa\Internet Explorer\iexplore.exe
C:\Archivos de programa\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = V璯culos
R3 - URLSearchHook: Yahoo! 工具列 - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\ARCHIV~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\ARCHIV~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARCHIV~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Archivos de programa\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARCHIV~1\MICROS~1\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Archivos de programa\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Archivos de programa\Free Download Manager\iefdm2.dll
O3 - Toolbar: Yahoo! 工具列 - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\ARCHIV~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARCHIV~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [IntelAudioStudio] "C:\Archivos de programa\Intel Audio Studio\IntelAudioStudio.exe" BOOT
O4 - HKLM\..\Run: [EPSON Stylus C85 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I4R1.EXE /P23 "EPSON Stylus C85 Series" /O6 "USB001" /M "Stylus C85"
O4 - HKLM\..\Run: [avipit] C:\WINDOWS\system32\mmlucj.exe
O4 - HKLM\..\Run: [mmlucj] C:\WINDOWS\system32\severe.exe
O4 - HKLM\..\Run: [egui] "C:\Archivos de programa\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide2] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,L,,4,N (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Servicio de red')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Servicio de red')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Archivos de programa\Archivos comunes\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Wireless Configuration Utility HW.32.lnk = ?
O8 - Extra context menu item: Descargar con Free Download Manager - file://C:\Archivos de programa\Free Download Manager\dllink.htm
O8 - Extra context menu item: Descargar la selecci鏮 con Free Download Manager - file://C:\Archivos de programa\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Descargar todo con Free Download Manager - file://C:\Archivos de programa\Free Download Manager\dlall.htm
O8 - Extra context menu item: Descargar video con Free Download Manager - file://C:\Archivos de programa\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARCHIV~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARCHIV~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Archivos de programa\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.windowsue.com
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Archivos de programa\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7D90FF9B-051C-45D6-B259-E24F56C3C075}: NameServer = 201.247.155.225,201.247.157.225
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARCHIV~1\MICROS~1\Office12\GR99D3~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Archivos de programa\Archivos comunes\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Indexing Service (CiSvc) - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Archivos de programa\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Archivos de programa\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: SiS WirelessLan Service (SiSWLSvc) - Unknown owner - C:\Archivos de programa\802.11 Wireless LAN\802.11g Pen Size Wireless USB 2.0 Adapter HW.32 V1.10\SiSWLSvc.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 8707 bytes

#7 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:08:09 PM

Posted 23 June 2008 - 05:34 PM

Looking at your system now, one or more of the identified infections is a backdoor Trojan. If this computer is ever used for on-line banking, I suggest you do the following IMMEDIATELY:

  • Call all of your banks, credit card companies, financial institutions and inform them that you may be a victim of identity theft and to put a watch on your accounts or change all your account numbers.
  • From a clean computer, change ALL your on-line passwords for email, for banks, financial accounts, PayPal, eBay, on-line companies, any on-line forums or groups you belong to.
Do NOT change passwords or do any transactions while using the infected computer because the attacker will get the new passwords and transaction information. Please refrain from using this computer for online-banking/financial purpose until we give it all clear




Hello thanks for the reply.. Looks like NOD32 does it job very well ;)


1. Please open Notepad
  • Click Start, then Run
  • Type notepad.exe in the Run Box.
2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
C:\WINDOWS\system32\qq.exe
C:\WINDOWS\system32\mmlucj.exe
C:\WINDOWS\system32\severe.exe
E:\OSO.exe
E:\ntde1ect.com

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1ae77131-0035-11dd-a0c2-001676c8b313}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a01581f5-f9b2-11dc-a0ad-a2b448f162e4}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dce6873a-3647-11dd-a101-001676c8b313}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avipit"=-
"mmlucj"=-

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#8 locomotion182

locomotion182
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:09 AM

Posted 24 June 2008 - 10:37 AM

Done with that. didnt ask me to reboot.


Cambofixlog

ComboFix 08-06-20.4 - Diego 2008-06-24 9:28:27.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.3082.18.595 [GMT -6:00]
Se ejecuta desde: C:\Documents and Settings\Diego\Escritorio\ComboFix.exe
Command switches used :: C:\Documents and Settings\Diego\Escritorio\CFScript.txt
* Creado un nuevo punto de restauraci鏮
* Resident AV is active


FILE ::
C:\WINDOWS\system32\mmlucj.exe
C:\WINDOWS\system32\qq.exe
C:\WINDOWS\system32\severe.exe
E:\ntde1ect.com
E:\OSO.exe
.

(((((((((((((((((((((((((((((((((((( Otras eliminaciones )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\qq.exe

.
(((((((((((((((((( Archivos creados desde 2008-05-24 - 2008-06-24 )))))))))))))))))))))))))))))))))
.

2008-06-23 16:59 . 2008-06-23 16:59 94,208 --a------ C:\WINDOWS\ScUnin.exe
2008-06-23 16:59 . 2008-06-23 16:59 21,660 --a------ C:\WINDOWS\scunin.dat
2008-06-23 16:59 . 2008-06-23 16:59 967 --a------ C:\WINDOWS\ScUnin.pif
2008-06-20 12:45 . 2008-06-20 12:48 <DIR> d-------- C:\BROOD
2008-06-20 07:53 . 2008-06-20 07:53 <DIR> d-------- C:\Deckard
2008-06-19 15:15 . 2008-06-19 15:15 <DIR> d-------- C:\Documents and Settings\Invitado\Datos de programa\InstallShield
2008-06-15 11:52 . 2008-06-15 11:52 <DIR> dr-h----- C:\Documents and Settings\Diego\Datos de programa\SecuROM
2008-06-15 11:52 . 2008-06-15 11:52 108,144 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-06-15 11:33 . 2008-06-15 11:33 <DIR> d-------- C:\Archivos de programa\Disney Interactive Studios
2008-06-15 10:46 . 2008-06-15 11:52 55 --a------ C:\WINDOWS\disney.ini
2008-06-15 10:43 . 2008-06-15 11:49 200 --a------ C:\WINDOWS\disneysy.ini
2008-06-09 18:03 . 2008-06-09 18:03 <DIR> d-------- C:\Archivos de programa\Trend Micro
2008-06-09 17:58 . 2008-06-09 17:58 <DIR> d-------- C:\Downloads
2008-06-09 16:07 . 2008-06-09 16:07 <DIR> d-------- C:\Documents and Settings\Administrador\Contacts
2008-06-09 15:58 . 2008-06-09 15:58 <DIR> d-------- C:\Documents and Settings\All Users\Datos de programa\ESET
2008-06-09 15:58 . 2008-06-09 15:58 <DIR> d-------- C:\Archivos de programa\ESET
2008-06-09 15:22 . 2008-06-09 15:22 <DIR> d-------- C:\Documents and Settings\Test\Datos de programa\Teleca
2008-06-09 15:22 . 2008-06-09 15:22 <DIR> d-------- C:\Documents and Settings\Test\Datos de programa\MEGAUPLOADTOOLBAR
2008-06-09 15:21 . 2008-06-09 15:21 <DIR> dr-h----- C:\Documents and Settings\Test\Reciente
2008-06-09 15:21 . 2007-09-05 11:54 <DIR> d--h----- C:\Documents and Settings\Test\Plantillas
2008-06-09 15:21 . 2008-06-09 15:21 <DIR> dr------- C:\Documents and Settings\Test\Mis documentos
2008-06-09 15:21 . 2007-09-05 11:54 <DIR> dr------- C:\Documents and Settings\Test\Men Inicio
2008-06-09 15:21 . 2007-09-05 11:54 <DIR> d--h----- C:\Documents and Settings\Test\Impresoras
2008-06-09 15:21 . 2008-06-09 15:22 <DIR> dr------- C:\Documents and Settings\Test\Favoritos
2008-06-09 15:21 . 2007-09-06 05:18 <DIR> d-------- C:\Documents and Settings\Test\Escritorio
2008-06-09 15:21 . 2007-09-05 11:54 <DIR> d--h----- C:\Documents and Settings\Test\Entorno de red
2008-06-09 15:21 . 2008-06-23 10:09 <DIR> dr-h----- C:\Documents and Settings\Test\Datos de programa
2008-06-09 15:21 . 2008-06-24 09:30 <DIR> d--h----- C:\Documents and Settings\Test\Configuraci鏮 local
2008-06-09 15:21 . 2007-09-05 11:13 <DIR> d-------- C:\Documents and Settings\Test\7zS4E8.tmp
2008-06-09 15:21 . 2008-06-09 15:21 <DIR> d-------- C:\Documents and Settings\Test
2008-06-02 14:49 . 2008-06-21 23:50 <DIR> d-------- C:\Archivos de programa\Trillian
2008-06-01 10:26 . 2008-06-20 09:26 58,030 --a------ C:\romini.dmp
2008-05-28 00:51 . 2008-02-26 06:00 294,912 --------- C:\WINDOWS\system32\dllcache\msctf.dll
2008-05-27 19:31 . 2008-06-19 15:09 <DIR> d-------- C:\Program Files
2008-05-27 19:28 . 2003-07-19 09:17 5,174 --a------ C:\WINDOWS\system32\nppt9x.vxd
2008-05-27 19:28 . 2005-01-03 00:43 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys
2008-05-27 19:04 . 2008-06-20 11:25 <DIR> d-------- C:\Rohan
2008-05-26 19:11 . 2008-05-26 19:18 <DIR> d-------- C:\Archivos de programa\Outspark

.
(((((((((((((((((((((((((((((((((((((( Reporte Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-23 16:01 --------- d-----w C:\Documents and Settings\Diego\Datos de programa\Free Download Manager
2008-06-20 21:54 --------- d-----w C:\Documents and Settings\Invitado\Datos de programa\MEGAUPLOADTOOLBAR
2008-06-13 13:32 --------- d-----w C:\Documents and Settings\Diego\Datos de programa\uTorrent
2008-05-28 04:10 --------- d-----w C:\Archivos de programa\DOSBox-0.65
2008-05-24 04:39 --------- d-----w C:\Documents and Settings\All Users\Datos de programa\FreeDownloadManager.ORG
2008-05-24 04:39 --------- d-----w C:\Archivos de programa\Free Download Manager
2008-05-17 15:06 --------- d-----w C:\Documents and Settings\Invitado\Datos de programa\vlc
2008-05-16 00:00 --------- d-----w C:\Documents and Settings\Diego\Datos de programa\vlc
2008-05-16 00:00 --------- d-----w C:\Archivos de programa\VideoLAN
2008-05-14 08:33 --------- d-----w C:\Documents and Settings\All Users\Datos de programa\Microsoft Help
2008-03-26 11:27 306,432 ----a-w C:\WINDOWS\system32\TuneUpDefragService.exe
2008-03-25 16:20 219,936 ----a-w C:\WINDOWS\system32\msltus40.dll
2008-03-25 16:20 219,936 ------w C:\WINDOWS\system32\dllcache\msltus40.dll
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 621,344 ------w C:\WINDOWS\system32\dllcache\mswstr10.dll
2008-03-25 04:51 187,168 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-25 04:51 187,168 ------w C:\WINDOWS\system32\dllcache\msjint40.dll
.

((((((((((((((((((((((((((((( snapshot@2008-06-22_11.31.40,91 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-06-24 15:31:06 53,248 ----a-w C:\WINDOWS\Temp\catchme.dll
.
((((((((((((((((((((((((((((((((( Cargando Puntos Reg ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* entradas vac燰s & entradas leg癃imas predeterminadas no son mostradas

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 07:42 15360]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="C:\WINDOWS\system32\Macromed\Flash\FlashUtil9e.exe" [2007-11-20 18:04 218496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelAudioStudio"="C:\Archivos de programa\Intel Audio Studio\IntelAudioStudio.exe" [2005-08-09 09:35 8597586]
"EPSON Stylus C85 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I4R1.EXE" [2003-11-25 03:00 99840]
"egui"="C:\Archivos de programa\ESET\ESET NOD32 Antivirus\egui.exe" [2008-03-13 16:48 1443072]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 07:42 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide3"="rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N" []

C:\Documents and Settings\Invitado\Men Inicio\Programas\Inicio\
Recorte de pantalla e Inicio rpido de OneNote 2007.lnk - C:\Archivos de programa\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 12:24:54 98632]

C:\Documents and Settings\Diego\Men Inicio\Programas\Inicio\
Adobe Gamma.lnk - C:\Archivos de programa\Archivos comunes\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 11:16:50 113664]

C:\Documents and Settings\All Users\Men Inicio\Programas\Inicio\
Wireless Configuration Utility HW.32.lnk - C:\WINDOWS\Installer\{BDC88E5A-F47B-4314-AB38-994592E32C95}\NewShortcut1.exe [2007-09-20 09:00:41 40960]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableStatusMessages"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoDesktopCleanupWizard"= 1 (0x1)
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoResolveSearch"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoResolveSearch"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MsnMsgr"="C:\Archivos de programa\MSN Messenger\MsnMsgr.Exe" /background
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"GrooveMonitor"="C:\Archivos de programa\Microsoft Office\Office12\GrooveMonitor.exe"
"RemoteControl"="C:\Archivos de programa\CyberLink\PowerDVD\PDVDServ.exe"
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe
"LanguageShortcut"="C:\Archivos de programa\CyberLink\PowerDVD\Language\Language.exe"
"mmlucj"=C:\WINDOWS\system32\severe.exe
"mouseElf"=C:\ARCHIV~1\TWINTO~1\MouseElf.EXE
"Sony Ericsson PC Suite"="C:\Archivos de programa\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Archivos de programa\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Archivos de programa\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Archivos de programa\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Archivos de programa\\LimeWire\\LimeWire.exe"=
"C:\\Archivos de programa\\MSN Messenger\\msnmsgr.exe"=
"C:\\Archivos de programa\\MSN Messenger\\livecall.exe"=
"C:\\Archivos de programa\\Archivos comunes\\AOL\\Loader\\aolload.exe"=
"C:\\Archivos de programa\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Archivos de programa\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Archivos de programa\\SmartFTP Client\\SmartFTP.exe"=
"C:\\Archivos de programa\\uTorrent\\uTorrent.exe"=
"C:\\Archivos de programa\\SmartHide\\SmartHide.exe"=

R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-03-13 16:52]
R2 UxTuneUp;TuneUp Ampliaci鏮 del thema;C:\WINDOWS\System32\svchost.exe [2004-08-19 07:43]
R3 CTL511Plus;Video Blaster WebCam 3/WebCam Plus (WDM);C:\WINDOWS\system32\DRIVERS\webc3vid.sys [2000-09-14 06:00]
R3 genmcmnUSB;USB Scroll Mouse Driver;C:\WINDOWS\system32\DRIVERS\gflmouhid.sys [2004-04-18 23:01]
R3 tap0801;Smarthide TAP driver;C:\WINDOWS\system32\DRIVERS\tap0801.sys [2007-10-12 07:07]
R3 XDva143;XDva143;C:\WINDOWS\system32\XDva143.sys []
S3 PRISM;D-Link Air Wireless Prism3 Adapter Driver;C:\WINDOWS\system32\DRIVERS\PRISMNDS.sys [2003-09-19 07:00]
S3 SIS163u;SiS 163 usb Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\sis163u.sys [2004-12-29 01:34]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-03-26 05:27]
S3 USBSTOR;Dispositivo de almacenamiento masivo de datos USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2006-12-17 19:19]
S3 w300bus;Sony Ericsson W300 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\w300bus.sys [2006-03-13 16:49]
S3 XDva098;XDva098;C:\WINDOWS\system32\XDva098.sys []

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

*Newly Created Service* - CATCHME
*Newly Created Service* - NPPTNT2
.
Contenido de carpeta 'Tareas Programadas'
"2008-06-20 23:17:49 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Archivos de programa\TuneUp Utilities 2008\OneClick.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-24 09:31:07
Windows 5.1.2600 Service Pack 2 NTFS

escaneando procesos ocultos ...

escaneando entradas ocultas de autostart ...

escaneando archivos ocultos ...

el escaneo se completo con exito
archivos ocultos: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\dump_wmimmc]
"ImagePath"="\??\C:\Rohan\GameGuard\dump_wmimmc.sys"
.
Tiempo completado: 2008-06-24 9:31:58
ComboFix-quarantined-files.txt 2008-06-24 15:31:55
ComboFix2.txt 2008-06-22 17:31:56

15 dirs 130,393,829,376 bytes libres
18 dirs 130,548,260,864 bytes libres

194 --- E O F --- 2008-05-28 19:14:00






Hijackthis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:33:30, on 24/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Archivos de programa\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Archivos de programa\802.11 Wireless LAN\802.11g Pen Size Wireless USB 2.0 Adapter HW.32 V1.10\SiSWLSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Archivos de programa\MSN Messenger\usnsvc.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I4R1.EXE
C:\Archivos de programa\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Archivos de programa\802.11 Wireless LAN\802.11g Pen Size Wireless USB 2.0 Adapter HW.32 V1.10\WlanCU.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Archivos de programa\MSN Messenger\msnmsgr.exe
C:\Archivos de programa\MSN Messenger\livecall.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Archivos de programa\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = V璯culos
R3 - URLSearchHook: Yahoo! 工具列 - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\ARCHIV~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\ARCHIV~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARCHIV~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Archivos de programa\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARCHIV~1\MICROS~1\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Archivos de programa\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Archivos de programa\Free Download Manager\iefdm2.dll
O3 - Toolbar: Yahoo! 工具列 - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\ARCHIV~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARCHIV~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [IntelAudioStudio] "C:\Archivos de programa\Intel Audio Studio\IntelAudioStudio.exe" BOOT
O4 - HKLM\..\Run: [EPSON Stylus C85 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I4R1.EXE /P23 "EPSON Stylus C85 Series" /O6 "USB001" /M "Stylus C85"
O4 - HKLM\..\Run: [egui] "C:\Archivos de programa\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide2] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,L,,4,N (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Servicio de red')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Servicio de red')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Archivos de programa\Archivos comunes\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Wireless Configuration Utility HW.32.lnk = ?
O8 - Extra context menu item: Descargar con Free Download Manager - file://C:\Archivos de programa\Free Download Manager\dllink.htm
O8 - Extra context menu item: Descargar la selecci鏮 con Free Download Manager - file://C:\Archivos de programa\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Descargar todo con Free Download Manager - file://C:\Archivos de programa\Free Download Manager\dlall.htm
O8 - Extra context menu item: Descargar video con Free Download Manager - file://C:\Archivos de programa\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARCHIV~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARCHIV~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Archivos de programa\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.windowsue.com
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Archivos de programa\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7D90FF9B-051C-45D6-B259-E24F56C3C075}: NameServer = 201.247.155.225,201.247.157.225
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARCHIV~1\MICROS~1\Office12\GR99D3~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Archivos de programa\Archivos comunes\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Indexing Service (CiSvc) - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Archivos de programa\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Archivos de programa\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: SiS WirelessLan Service (SiSWLSvc) - Unknown owner - C:\Archivos de programa\802.11 Wireless LAN\802.11g Pen Size Wireless USB 2.0 Adapter HW.32 V1.10\SiSWLSvc.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 8535 bytes

#9 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:08:09 PM

Posted 24 June 2008 - 07:22 PM

Erm.. looks like you have some new suspicious files in your computer.. Or do you just install StarCraft?


Lets do the following...


Please show hidden files and folders. Please visit HERE if you don't know how.

Jotti File Submission:
  • Please go to Jotti's malware scan
  • Copy and paste the following file path into the "File to upload & scan"box on the top of the page:
    • C:\WINDOWS\ScUnin.exe
      C:\WINDOWS\scunin.dat
  • Click on the submit button. You can submit only one file per round..
  • Please post the results in your next reply.
If Jotti server is too busy, please submit the file to VirusTotal instead.




NEXT


Please download Malwarebytes' Anti-Malware from HERE or HERE

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.





Please post the following logs in your next reply.. Post each log in separate post..

1. Jotti/VirusTotal result
2. Malwarebytes' log
3. Deckard System Scanner (after Malwarebytes' step)



Regards
fenzodahl512

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#10 locomotion182

locomotion182
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:09 AM

Posted 24 June 2008 - 08:58 PM

hey thanks for the constant help ^^
um yeah starcratf was indeed installed(blame my brother). and im positive those 2 files are from the game

Jotti didnt detect anything on either file.


I appologize for the log. its in spanish. but no files were found in the complete scan

Malwarebytes' Anti-Malware 1.18
Versi鏮 de la Base de Datos: 888

19:56:38 24/06/2008
mbam-log-6-24-2008 (19-56-38).txt

Tipo de examen : Examen Completo (C:\|)
Objetos examinados: 97353
Tiempo transcurrido: 19 minute(s), 15 second(s)

Procesos en Memoria Infectados: 0
M鏚ulos en Memoria Infectados: 0
Claves del Registro Infectadas: 0
Valores del Registro Infectados: 0
Elementos de Datos del Registro Infectados: 0
Carpetas Infectadas: 0
Ficheros Infectados: 0

Procesos en Memoria Infectados:
(No se han detectado elementos maliciosos)

M鏚ulos en Memoria Infectados:
(No se han detectado elementos maliciosos)

Claves del Registro Infectadas:
(No se han detectado elementos maliciosos)

Valores del Registro Infectados:
(No se han detectado elementos maliciosos)

Elementos de Datos del Registro Infectados:
(No se han detectado elementos maliciosos)

Carpetas Infectadas:
(No se han detectado elementos maliciosos)

Ficheros Infectados:
(No se han detectado elementos maliciosos)





anything else we should do?

#11 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:08:09 PM

Posted 25 June 2008 - 12:53 AM

That's actually a good sign.. now, lets do one more scan before I can set you free :thumbsup:


Please do an online scan with Kaspersky WebScanner

Click on Accept

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.


Also, tell me about your computer condition now :)


Regards
fenzodahl512

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#12 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:08:09 PM

Posted 06 July 2008 - 04:44 PM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users