Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible Malware Or Code Added By Previously Used Aplications


  • Please log in to reply
1 reply to this topic

#1 Calvi

Calvi

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:10:45 PM

Posted 05 August 2008 - 12:55 PM

Hello Everybody.

I had a viral infection two days ago and my KIS 7 antivirus has crashed at every attempt of my computer scan I have made since then.

I have scaned the computer using Panda Activescan, Norton Antivirus Online and Kaspersky Antivirus Online and I have installed in my computer Avira antivirus and CalmWin and run them. I have found that even many of the My Computer > Administrator > Program Files > Kaspersky folder files and My Computer > All users > Program Files > Kaspersky folder files were infected. I have cleaned the computer and then I have installed Lavasoft Adaware and Spyboot Search and Destroy and run them.

Then I have uninstalled all those aplications from my computer using the Control Panel and manualy deleting all the traces of those aplications left in all the "Program Files" directories existing in my computer. Then I have run RegSupreme Pro.

When I have tried to reinstall KIS 7, and just after uncompress some files, a prompt has appeared telling me that I must restart my computer and providing me with the appropiate OK button. When I have clicked the OK button a second prompt has appeared telling my that the installation process has been permanently interrupted due to an error.

The same thing has happened when I have tried to install a trial version of KIS 2009.

So you can help me, here are the DSS main.txt logfile and the HijackThis logfile. Please excuse me for there is some text in Spanish, as I am a Spaniard and my OS language is that one:

Deckard's System Scanner v20071014.68
Run by Administrador on 2008-08-05 19:17:39
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

System Restore is disabled; attempting to re-enable...success.


-- Last 1 Restore Point(s) --
1: 2008-08-05 17:17:42 UTC - RP1 - Punto de control del sistema


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Administrador.exe) ---------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:19:03 p.m., on 05/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\Ati2evxx.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\Ati2evxx.exe
F:\WINDOWS\system32\spoolsv.exe
F:\WINDOWS\system32\devldr32.exe
F:\WINDOWS\Explorer.EXE
F:\Archivos de programa\Analog Devices\Core\smax4pnp.exe
F:\Archivos de programa\Creative\News\NewsUpd.EXE
F:\Archivos de programa\Creative\ShareDLL\CtNotify.exe
F:\Archivos de programa\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
F:\Archivos de programa\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
F:\WINDOWS\system32\ctfmon.exe
F:\Archivos de programa\Creative\ShareDLL\MediaDet.Exe
F:\Archivos de programa\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
F:\Archivos de programa\Bonjour\mDNSResponder.exe
F:\WINDOWS\system32\svchost.exe
F:\Archivos de programa\Internet Explorer\iexplore.exe
F:\Archivos de programa\Internet Explorer\iexplore.exe
F:\Documents and Settings\Administrador\Escritorio\dss.exe
F:\ARCHIV~1\TRENDM~1\HIJACK~1\Administrador.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://dt-updates.com/activate?query=jrmmI...uvktWeCS3ebI%3d
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Barra Yahoo! con bloqueador de ventanas emergentes - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - F:\Archivos de programa\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - F:\Archivos de programa\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aplicación auxiliar de vínculos de Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Archivos de programa\Archivos comunes\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Archivos de programa\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - F:\Archivos de programa\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Barra Yahoo! con bloqueador de ventanas emergentes - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - F:\Archivos de programa\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SoundMAXPnP] F:\Archivos de programa\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [StartCCC] "F:\Archivos de programa\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [UpdReg] F:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [Register MediaRing Talk] F:\Archivos de programa\MediaRing Talk\register.exe
O4 - HKLM\..\Run: [NewsUpd] F:\Archivos de programa\Creative\News\NewsUpd.EXE /q
O4 - HKLM\..\Run: [Disc Detector] F:\Archivos de programa\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [OpwareSE2] "F:\Archivos de programa\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'Servicio de red')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Servicio de red')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O8 - Extra context menu item: Adición a la lista de impresión de Easy-WebPrint - res://F:\Archivos de programa\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://F:\ARCHIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Impresión a alta velocidad de Easy-WebPrint - res://F:\Archivos de programa\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Impresión de Easy-WebPrint - res://F:\Archivos de programa\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Vista previa de Easy-WebPrint - res://F:\Archivos de programa\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - F:\Archivos de programa\Yahoo!\Common\yinsthelper.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - F:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - F:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - F:\Archivos de programa\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - F:\Archivos de programa\Archivos comunes\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

--
End of file - 6801 bytes

-- HijackThis Fixed Entries (F:\ARCHIV~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080805-142750-477 O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
backup-20080805-142750-522 O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R3 ADIHdAudAddService (ADI UAA Function Driver for High Definition Audio Service) - f:\windows\system32\drivers\adihdaud.sys <Not Verified; Analog Devices, Inc.; SoundMAX Digital HD Audio Driver>
R3 AEAudio (AE Audio Service) - f:\windows\system32\drivers\aeaudio.sys <Not Verified; Andrea Electronics Corporation; Andrea Audio Driver>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) - "f:\archivos de programa\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour>

S3 FLEXnet Licensing Service - "f:\archivos de programa\archivos comunes\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Files created between 2008-07-05 and 2008-08-05 -----------------------------

2008-08-04 22:30:17 0 d-------- F:\Archivos de programa\Trend Micro
2008-08-04 21:37:35 0 d-------- F:\Archivos de programa\SmartClose
2008-08-04 21:15:52 23 --ahs---- F:\WINDOWS\system32\bdfea6_d.dll
2008-08-04 21:15:48 0 d-------- F:\Archivos de programa\RegSupreme Pro
2008-08-04 20:17:26 0 d-------- F:\WINDOWS\system32\appmgm


-- Find3M Report ---------------------------------------------------------------

2008-08-03 16:32:31 0 d-------- F:\Archivos de programa\Archivos comunes
2008-08-02 17:31:39 0 d-------- F:\Documents and Settings\Administrador\Datos de programa\Real
2008-07-20 21:49:52 0 d-------- F:\Documents and Settings\Administrador\Datos de programa\Media Player Classic
2008-07-18 13:47:17 0 d-------- F:\Archivos de programa\VideoLAN
2008-07-07 17:08:33 0 d-------- F:\Documents and Settings\Administrador\Datos de programa\Talkback
2008-07-04 17:08:19 0 d-------- F:\Archivos de programa\Yahoo!
2008-06-17 13:58:06 0 d-------- F:\Documents and Settings\Administrador\Datos de programa\Adobe
2008-06-17 13:47:55 463048 --a------ F:\WINDOWS\system32\perfh00A.dat
2008-06-17 13:47:55 81560 --a------ F:\WINDOWS\system32\perfc00A.dat
2008-06-15 19:45:41 0 d-------- F:\Documents and Settings\Administrador\Datos de programa\ScanSoft
2008-06-15 19:45:07 0 d-------- F:\Archivos de programa\ScanSoft
2008-06-15 19:45:07 0 d-------- F:\Archivos de programa\Archivos comunes\ScanSoft Shared
2008-06-15 19:44:06 0 d-------- F:\Archivos de programa\ArcSoft
2008-06-15 19:44:05 0 d--h----- F:\Archivos de programa\InstallShield Installation Information
2008-06-15 19:38:22 0 d-------- F:\Archivos de programa\Canon
2008-06-15 18:40:02 0 d-------- F:\Archivos de programa\Creative
2008-06-15 18:38:38 0 d-------- F:\Archivos de programa\PixAround.com
2008-06-15 18:38:10 0 d-------- F:\Archivos de programa\Archivos comunes\PixAround.com
2008-06-15 18:37:40 0 d-------- F:\Archivos de programa\MediaRing Talk
2008-06-15 17:59:08 0 d-------- F:\Documents and Settings\Administrador\Datos de programa\ATI
2008-06-15 17:58:58 0 --a------ F:\WINDOWS\ativpsrm.bin
2008-06-15 17:53:24 0 d-------- F:\Archivos de programa\ATI Technologies
2008-06-15 17:46:45 0 d-------- F:\Archivos de programa\Archivos comunes\ATI Technologies
2008-06-15 17:40:56 0 d-------- F:\Archivos de programa\Archivos comunes\InstallShield
2008-06-09 19:01:36 0 d-------- F:\Documents and Settings\Administrador\Datos de programa\Macromedia
2008-06-09 18:56:42 0 d-------- F:\Documents and Settings\Administrador\Datos de programa\Identities
2008-06-09 18:56:41 0 d-------- F:\Archivos de programa\Windows Live Safety Center
2008-06-09 18:44:27 0 d-------- F:\Archivos de programa\Bonjour
2008-06-09 18:43:24 0 d-------- F:\Archivos de programa\Archivos comunes\Macrovision Shared
2008-06-09 18:40:37 0 d-------- F:\Archivos de programa\XnView
2008-06-09 18:39:56 0 d-------- F:\Archivos de programa\Windows Live
2008-06-09 18:39:41 0 d-------- F:\Documents and Settings\Administrador\Datos de programa\Winamp
2008-06-09 18:39:33 0 d-------- F:\Archivos de programa\Winamp
2008-06-09 18:39:01 0 d-------- F:\Archivos de programa\Real Alternative
2008-06-09 18:38:57 0 d-------- F:\Archivos de programa\QuickTime Alternative
2008-06-09 18:37:51 298104 --a------ F:\WINDOWS\system32\imon.dll <Not Verified; Eset; NOD32 Antivirus System>
2008-06-09 18:37:36 0 d-------- F:\Archivos de programa\Nero
2008-06-09 18:37:24 0 d-------- F:\Archivos de programa\Archivos comunes\Nero
2008-06-09 18:37:14 0 d-------- F:\Documents and Settings\Administrador\Datos de programa\Mozilla
2008-06-09 18:37:03 0 d-------- F:\Archivos de programa\K-Lite Codec Pack
2008-06-09 18:36:38 0 d-------- F:\Archivos de programa\Archivos comunes\Adobe
2008-06-09 18:36:12 218624 --a------ F:\WINDOWS\system32\uxtheme.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-06-09 18:36:12 52748 --a------ F:\WINDOWS\BricoPackUninst.cmd
2008-06-09 18:36:12 5997 --a------ F:\WINDOWS\BricoPackFoldersDelete.cmd
2008-06-09 18:35:25 0 d-------- F:\Archivos de programa\Opera
2008-06-09 18:35:08 0 d-------- F:\Archivos de programa\CCleaner
2008-06-09 18:34:52 0 d-------- F:\Documents and Settings\Administrador\Datos de programa\BSplayer PRO
2008-06-09 18:34:48 0 d-------- F:\Archivos de programa\Webteh
2008-06-09 18:34:34 0 d-------- F:\Archivos de programa\Java
2008-06-09 18:34:18 0 d-------- F:\Archivos de programa\Archivos comunes\Java
2008-06-09 18:34:12 0 d-------- F:\Documents and Settings\Administrador\Datos de programa\Sun
2008-06-09 18:34:02 0 d-------- F:\Archivos de programa\MSECache
2008-06-09 18:31:45 0 d-------- F:\Archivos de programa\Microsoft.NET
2008-06-09 18:22:24 0 d-------- F:\Archivos de programa\MSXML 4.0
2008-06-09 18:19:44 0 d--h----- F:\Archivos de programa\WindowsUpdate
2008-06-09 18:19:40 0 d-------- F:\Archivos de programa\Servicios en línea
2008-06-09 18:18:53 0 d-------- F:\Archivos de programa\Archivos comunes\MSSoap
2008-06-09 18:18:40 0 d-------- F:\Archivos de programa\Movie Maker
2008-06-09 18:17:42 21900 --a------ F:\WINDOWS\system32\emptyregdb.dat
2008-06-09 18:17:13 0 d-------- F:\Archivos de programa\Windows Media Connect 2
2008-06-09 18:17:04 0 d-------- F:\Archivos de programa\MSN Gaming Zone
2008-06-09 18:16:54 0 d-------- F:\Archivos de programa\Windows NT
2008-06-09 14:13:45 0 d-------- F:\Archivos de programa\Analog Devices
2008-06-09 14:08:43 0 d-------- F:\Archivos de programa\Archivos comunes\ODBC
2008-06-09 14:08:39 0 d-------- F:\Archivos de programa\Archivos comunes\SpeechEngines
2008-06-09 14:08:04 62 --ahs---- F:\Documents and Settings\Administrador\Datos de programa\desktop.ini


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="F:\Archivos de programa\Analog Devices\Core\smax4pnp.exe" [16/03/2007 08:06 a.m.]
"StartCCC"="F:\Archivos de programa\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [10/11/2006 05:35 p.m.]
"UpdReg"="F:\WINDOWS\Updreg.exe" [11/05/2000 06:00 a.m.]
"Register MediaRing Talk"="F:\Archivos de programa\MediaRing Talk\register.exe" [05/10/1999 12:23 a.m.]
"NewsUpd"="F:\Archivos de programa\Creative\News\NewsUpd.exe" [04/08/2000 07:50 a.m.]
"Disc Detector"="F:\Archivos de programa\Creative\ShareDLL\CtNotify.exe" [30/08/1999 06:55 a.m.]
"OpwareSE2"="F:\Archivos de programa\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [08/05/2003 04:00 p.m.]
"KernelFaultCheck"="F:\WINDOWS\system32\dumprep 0 -k" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"nltide_3"=rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoDesktopCleanupWizard"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"=1 (0x1)
"NoStartBanner"=1 (0x1)
"NoRecentDocsMenu"=1 (0x1)
"NoRecentDocsHistory"=1 (0x1)
"NoSMHelp"=1 (0x1)
"NoSMConfigurePrograms"=1 (0x1)
"NoResolveTrack"=1 (0x1)
"LinkResolveIgnoreLinkInfo"=1 (0x1)
"NoResolveSearch"=1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"=1 (0x1)
"NoStartBanner"=1 (0x1)
"NoRecentDocsMenu"=1 (0x1)
"NoRecentDocsHistory"=1 (0x1)
"NoSMHelp"=1 (0x1)
"NoSMConfigurePrograms"=1 (0x1)
"NoResolveTrack"=1 (0x1)
"LinkResolveIgnoreLinkInfo"=1 (0x1)
"NoResolveSearch"=1 (0x1)




-- Hosts -----------------------------------------------------------------------

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

8940 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-08-05 19:19:23 ------------


Here is the DSS extra.txt logfile:


Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: Spanish

CPU 0: Procesador Intel Pentium III Xeon
CPU 1: Procesador Intel Pentium III Xeon
CPU 2: Procesador Intel Pentium III Xeon
CPU 3: Procesador Intel Pentium III Xeon
Percentage of Memory in Use: 15%
Physical Memory (total/avail): 3071.04 MiB / 2580.09 MiB
Pagefile Memory (total/avail): 4956.42 MiB / 4538.27 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1924.82 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 465.75 GiB total, 3.29 GiB free.
D: is Fixed (NTFS) - 233.76 GiB total, 50.65 GiB free.
E: is Fixed (NTFS) - 233.76 GiB total, 13.14 GiB free.
F: is Fixed (NTFS) - 49.81 GiB total, 36.72 GiB free.
G: is Fixed (NTFS) - 136.5 GiB total, 46.77 GiB free.
H: is CDROM (No Media)
I: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - Maxtor 7H500F0 - 465.76 GiB - 1 partition
\PARTITION0 (bootable) - Sistema de archivos instalables - 465.75 GiB - C:

\\.\PHYSICALDRIVE1 - Maxtor 7Y250M0 - 233.76 GiB - 1 partition
\PARTITION0 - Sistema de archivos instalables - 233.76 GiB - D:

\\.\PHYSICALDRIVE3 - Maxtor 7Y250M0 - 233.76 GiB - 1 partition
\PARTITION0 (bootable) - Sistema de archivos instalables - 233.76 GiB - E:

\\.\PHYSICALDRIVE2 - ST31000340AS - 931.51 GiB - 0 partitions

\\.\PHYSICALDRIVE4 - ST320082 2A SCSI Disk Device - 186.31 GiB - 2 partitions
\PARTITION0 (bootable) - Sistema de archivos instalables - 49.81 GiB - F:
\PARTITION1 - Sistema de archivos instalables - 136.5 GiB - G:



-- Security Center -------------------------------------------------------------

AUOptions is disabled.
Windows Internal Firewall is enabled.

Unable to create WMI object.

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=F:\Documents and Settings\All Users
APPDATA=F:\Documents and Settings\Administrador\Datos de programa
CLIENTNAME=Console
CommonProgramFiles=F:\Archivos de programa\Archivos comunes
COMPUTERNAME=COLOSSUS
ComSpec=F:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=F:
HOMEPATH=\Documents and Settings\Administrador
LOGONSERVER=\\COLOSSUS
NUMBER_OF_PROCESSORS=4
OS=Windows_NT
Path=F:\WINDOWS\system32;F:\WINDOWS;F:\WINDOWS\System32\Wbem;F:\Archivos de programa\ATI Technologies\ATI.ACE\Core-Static
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 23 Stepping 7, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=1707
ProgramFiles=F:\Archivos de programa
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=F:
SystemRoot=F:\WINDOWS
TEMP=F:\DOCUME~1\ADMINI~1\CONFIG~1\Temp
TMP=F:\DOCUME~1\ADMINI~1\CONFIG~1\Temp
USERDOMAIN=COLOSSUS
USERNAME=Administrador
USERPROFILE=F:\Documents and Settings\Administrador
windir=F:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Administrador (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> F:\Archivos de programa\Creative\SBLive2k\Program\Upddrv2k.EXE
--> F:\WINDOWS\IsUn040a.exe -f"F:\Archivos de programa\Creative\Uninstall\Installer.isu"
--> F:\WINDOWS\IsUninst.exe -f"F:\Archivos de programa\Creative\News\CTNews.isu"
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 F:\WINDOWS\INF\PCHealth.inf
Actualización de seguridad para Windows XP (KB923789) --> F:\WINDOWS\system32\MacroMed\Flash\genuinst.exe F:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Actualización de seguridad para Windows XP (KB932168) -->
Actualización de seguridad para Windows XP (KB941569) -->
Actualización para Windows XP (KB946627) -->
Adobe Anchor Service CS3 --> MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Color Common Settings --> MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
Adobe Color NA Extra Settings --> MsiExec.exe /I{6179A7D2-A668-4F1D-BC9A-DCC6A10C7871}
Adobe Flash Player ActiveX --> F:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> F:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Fonts All --> MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3 --> MsiExec.exe /I{7ACFB90E-8FD0-4397-AD3A-5195412623A3}
Adobe Illustrator CS3 --> F:\Archivos de programa\Archivos comunes\Adobe\Installers\56826538eb4b55660fce64c49519aa8\Setup.exe
Adobe Illustrator CS3 --> MsiExec.exe /I{E36B3D75-67C4-4DC2-A46D-7574995C53A1}
Adobe Photoshop CS3 --> F:\Archivos de programa\Archivos comunes\Adobe\Installers\f71ab8e844401b26368c703a0178381\Setup.exe
Adobe Photoshop CS3 --> MsiExec.exe /I{FB124956-B0E3-4D78-AB94-6E53430004B7}
Adobe Reader 8.1.1 - Español --> MsiExec.exe /I{AC76BA86-7AD7-1034-7B44-A81000000003}
Adobe Setup --> MsiExec.exe /I{43255228-C677-4439-8926-84C2B49FF0AE}
Adobe Setup --> MsiExec.exe /I{ACD238D4-5E74-42E1-8B11-A477BCE70D2F}
Adobe Shockwave Player --> MsiExec.exe /X{103906AD-C60E-4E65-BC84-CE980D19CE41}
Adobe Type Support --> MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Version Cue CS3 Client --> MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
ArcSoft PhotoStudio 5.5 --> RunDll32 F:\ARCHIV~1\ARCHIV~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "F:\Archivos de programa\InstallShield Installation Information\{85309D89-7BE9-4094-BB17-24999C6118FC}\SETUP.EXE" -l0xa
ATI - Utilidad de desinstalación de software --> F:\Archivos de programa\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI AVIVO Codecs --> MsiExec.exe /I{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}
ATI Catalyst Control Center --> RunDll32 F:\ARCHIV~1\ARCHIV~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "F:\Archivos de programa\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x0
ATI Display Driver --> rundll32 F:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
ATI HYDRAVISION --> RunDll32 F:\ARCHIV~1\ARCHIV~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "F:\Archivos de programa\InstallShield Installation Information\{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}\setup.exe"
ATI Parental Control & Encoder --> MsiExec.exe /I{36CDA33B-909B-4719-97D1-C4B99309BDC7}
ATI Problem Report Wizard --> MsiExec.exe /X{5DA6F06A-B389-407B-BF8C-1548767914D8}
Barra Yahoo! con bloqueador de ventanas emergentes --> F:\ARCHIV~1\Yahoo!\Common\unyt.exe
BS.Player PRO --> "F:\Archivos de programa\Webteh\BSplayerPro\uninstall.exe"
Canon MP Navigator 2.0 --> "F:\Archivos de programa\Canon\MP Navigator 2.0\Maint.exe" /UninstallRemove F:\Archivos de programa\Canon\MP Navigator 2.0\uninst.ini
Canon MP150 --> "F:\WINDOWS\system32\CanonMP Uninstaller Information\{CA9A3609-3ECC-4574-8824-A8161A71A603}\DelDrv.exe" /U:{CA9A3609-3ECC-4574-8824-A8161A71A603} /L0x000a
Canon Utilities Easy-PhotoPrint --> F:\Archivos de programa\Canon\Easy-PhotoPrint\uninst.exe uninst.ini
CCleaner (remove only) --> "F:\Archivos de programa\CCleaner\uninst.exe"
Compresor WinRAR --> F:\Archivos de programa\WinRAR\uninstall.exe
Easy-WebPrint --> F:\WINDOWS\IsUn040a.exe -f"F:\Archivos de programa\Canon\Easy-WebPrint\Uninst.isu"
High Definition Audio Driver Package - KB888111 --> "F:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2 --> "F:\Archivos de programa\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
K-Lite Codec Pack 3.6.5 Standard --> "F:\Archivos de programa\K-Lite Codec Pack\unins000.exe"
MediaRing Talk Release 7.2.026 --> F:\WINDOWS\mruninst.exe
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110C0A-6000-11D3-8CFE-0150048383C9}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (2.0.0.11) --> F:\Archivos de programa\Mozilla Firefox\uninstall\helper.exe
Nero 8 Lite 8.2.8.0 --> "F:\Archivos de programa\Nero\unins000.exe"
OmniPage SE 2.0 --> MsiExec.exe /I{79D5997E-BF79-48BB-8B41-9BE59C15C2D7}
Oozic Player --> F:\WINDOWS\IsUninst.exe -f"F:\Archivos de programa\Creative\Oozic Player\OZPLAY30.isu"
Pack Vista Inspirat 2 1.0 --> F:\WINDOWS\BricoPacks\Vista Inspirat 2\Remove.exe
Paquete de compatibilidad para 2007 Office system --> MsiExec.exe /X{90120000-0020-0C0A-0000-0000000FF1CE}
PixMaker --> RunDll32 F:\ARCHIV~1\ARCHIV~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "F:\Archivos de programa\InstallShield Installation Information\{A37161C1-F990-11D3-BE64-00104B229E8F}\Setup.exe"
PixScreen_CE --> RunDll32 F:\ARCHIV~1\ARCHIV~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "F:\Archivos de programa\InstallShield Installation Information\{2A6E3140-FF44-11D3-BE64-00104B229E8F}\Setup.exe"
QuickTime Alternative 2.2.0 --> "F:\Archivos de programa\QuickTime Alternative\unins000.exe"
Real Alternative 1.7.5 --> "F:\Archivos de programa\Real Alternative\unins000.exe"
Realtek High Definition Audio Driver --> RtkUpd.exe -r -m
RegSupreme Pro --> "F:\Archivos de programa\RegSupreme Pro\unins000.exe"
SmartClose 1.1 --> "F:\Archivos de programa\SmartClose\unins000.exe"
Sound Blaster Live! Value --> F:\Archivos de programa\Creative\Uninstall\CTUNINST.EXE /U:UNINST1.INI
Unlocker 1.8.5 --> F:\Archivos de programa\Unlocker\uninst.exe
Winamp AudioPlayer --> MsiExec.exe /X{F6095AAF-6E38-4536-AFE0-FC9706575DE2}
Windows Live Messenger --> MsiExec.exe /X{FC411B47-30BF-428C-9C1E-F6C54A94EA7E}
Windows Live Safety Scanner --> RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Vista Sounds Pack --> MsiExec.exe /I{E1230694-33DA-4E74-82E1-06CC9D545E9B}
WinZip 11.1 --> MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}
XnView 1.92 --> "F:\Archivos de programa\XnView\unins000.exe"
Yahoo! Install Manager --> F:\WINDOWS\system32\regsvr32 /u F:\ARCHIV~1\Yahoo!\Common\YINSTH~1.DLL


-- Application Event Log -------------------------------------------------------

Event Record #/Type574 / Error
Event Submitted/Written: 08/05/2008 02:29:41 PM
Event ID/Source: 10005 / MsiInstaller
Event Description:
Product: Kaspersky Internet Security 7.0 -- You must restart your computer before proceeding with the installation.

Event Record #/Type569 / Error
Event Submitted/Written: 08/04/2008 10:06:00 PM
Event ID/Source: 10005 / MsiInstaller
Event Description:
Product: Kaspersky Internet Security 7.0 -- You must restart your computer before proceeding with the installation.

Event Record #/Type567 / Error
Event Submitted/Written: 08/04/2008 10:04:04 PM
Event ID/Source: 10005 / MsiInstaller
Event Description:
Product: Kaspersky Internet Security 7.0 -- You must restart your computer before proceeding with the installation.

Event Record #/Type565 / Error
Event Submitted/Written: 08/04/2008 09:58:26 PM
Event ID/Source: 1013 / MsiInstaller
Event Description:
Product: Kaspersky Internet Security 2009 -- You must restart your computer before proceeding with the installation.

Event Record #/Type563 / Error
Event Submitted/Written: 08/04/2008 09:57:41 PM
Event ID/Source: 1013 / MsiInstaller
Event Description:
Product: Kaspersky Internet Security 2009 -- You must restart your computer before proceeding with the installation.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type1624 / Error
Event Submitted/Written: 08/05/2008 00:45:44 PM / 08/05/2008 00:46:14 PM
Event ID/Source: 13316 / ati2mtag
Event Description:
CV can't load required graphics object

Event Record #/Type1594 / Error
Event Submitted/Written: 08/04/2008 09:49:46 PM / 08/04/2008 09:50:16 PM
Event ID/Source: 13316 / ati2mtag
Event Description:
CV can't load required graphics object

Event Record #/Type1590 / Error
Event Submitted/Written: 08/04/2008 09:47:53 PM
Event ID/Source: 7031 / Service Control Manager
Event Description:
El servicio Cola de impresión terminó inesperadamente. Lo ha hecho 2 veces. Se realizará la siguiente acción correctora en 60000 milisegundos: Reiniciar el servicio.

Event Record #/Type1589 / Error
Event Submitted/Written: 08/04/2008 09:47:53 PM
Event ID/Source: 7034 / Service Control Manager
Event Description:
El servicio Windows Installer se terminó de manera inesperada. Esto ha sucedido 1 veces.

Event Record #/Type1585 / Error
Event Submitted/Written: 08/04/2008 09:39:37 PM
Event ID/Source: 7031 / Service Control Manager
Event Description:
El servicio Cola de impresión terminó inesperadamente. Lo ha hecho 1 veces. Se realizará la siguiente acción correctora en 60000 milisegundos: Reiniciar el servicio.



-- End of Deckard's System Scanner: finished at 2008-08-05 19:19:23 ------------


Waiting anxiously for your replies.

Best Regards.

Calvi

Edited by Calvi, 05 August 2008 - 01:04 PM.


BC AdBot (Login to Remove)

 


#2 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:04:45 PM

Posted 16 August 2008 - 09:09 AM

Hello Calvi

Welcome to BleepingComputer :thumbsup:
========================
If you are still in need of assistance please post a new Hijackthis log.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users