Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Please help diagnose RSIT Log & HijackThisLog


  • This topic is locked This topic is locked
2 replies to this topic

#1 ConcernedUser

ConcernedUser

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:09:31 AM

Posted 07 December 2008 - 10:45 AM

Not sure what is infecting the machine but the desktop screen only displays the wallpaper, but no icons or start menu.

I´ve been running everything through the Task Manager but haven´t seemed to have found a solution yet.

Even after a system restore, the problem is the same.

Hopefully this RSIT Log and the HijackThisLog (below) will give some answers.

Hope someone can help.

Thanks.


Logfile of random's system information tool 1.04 (written by random/random)
Run by Administrador at 2008-12-06 16:38:18
Microsoft Windows XP Professional Service Pack 2
System drive C: has 10 GB (28%) free of 35 GB
Total RAM: 1014 MB (67% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:38:19, on 06/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Archivos de programa\Intel\Wireless\Bin\EvtEng.exe
C:\Archivos de programa\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Archivos de programa\Microsoft LifeCam\MSCamS32.exe
C:\Archivos de programa\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Archivos de programa\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Archivos de programa\Skype\Phone\Skype.exe
C:\Archivos de programa\Skype\Plugin Manager\SkypePM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Archivos de programa\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrador\Escritorio\RSIT.exe
C:\Archivos de programa\Trend Micro\HijackThis\Administrador.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT1960542
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows uE10 Last Edition BY:GP
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: (no name) - {4d1ffece-97fa-4a4b-8a80-038b1b5e818c} - C:\WINDOWS\system32\ruguheju.dll (file missing)
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Archivos de programa\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Archivos de programa\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Archivos de programa\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [ViStart] C:\WINDOWS\Resources\Themes\ViStart\ViStart.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Archivos de programa\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Archivos de programa\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Archivos de programa\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [webHancer Agent] C:\Archivos de programa\webHancer\Programs\whagent.exe
O4 - HKLM\..\Run: [CPM8f99088e] Rundll32.exe "c:\windows\system32\riyijuvu.dll",a
O4 - HKLM\..\Run: [godawiwasu] Rundll32.exe "C:\WINDOWS\system32\wetidehu.dll",s
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Archivos de programa\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu
O4 - HKLM\..\RunOnce: [*Restore] C:\WINDOWS\system32\restore\rstrui.exe -i
O4 - HKLM\..\RunOnce: [PackFolders] C:\WINDOWS\BricoPackFoldersDelete.cmd
O4 - HKCU\..\Run: [Skype] "C:\Archivos de programa\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Archivos de programa\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [amva] C:\WINDOWS\system32\amvo.exe
O4 - HKCU\..\Run: [daoli] "c:\documents and settings\administrador\configuración local\datos de programa\daoli.exe" daoli
O4 - HKCU\..\Run: [SpyBrowser] "C:\Archivos de programa\SpyBro\SpyBro.exe" /autostart
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [godawiwasu] Rundll32.exe "C:\WINDOWS\system32\wetidehu.dll",s (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Servicio de red')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Servicio de red')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Startup: Deewoo.lnk = C:\Avenger\rcnttsdl.exe
O4 - Startup: DW_Start.lnk = C:\WINDOWS\system32\dwwnw64r.exe
O4 - Startup: Recorte de pantalla e Inicio rápido de OneNote 2007.lnk = C:\Archivos de programa\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARCHIV~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARCHIV~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\ARCHIV~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~3\Office12\REFIEBAR.DLL
O17 - HKLM\System\CCS\Services\Tcpip\..\{27EF22B5-C5C0-4E01-AF03-2DF632AB886D}: NameServer = 195.235.113.3,195.235.96.90
O17 - HKLM\System\CS1\Services\Tcpip\..\{27EF22B5-C5C0-4E01-AF03-2DF632AB886D}: NameServer = 195.235.113.3,195.235.96.90
O17 - HKLM\System\CS2\Services\Tcpip\..\{27EF22B5-C5C0-4E01-AF03-2DF632AB886D}: NameServer = 195.235.113.3,195.235.96.90
O17 - HKLM\System\CS3\Services\Tcpip\..\{27EF22B5-C5C0-4E01-AF03-2DF632AB886D}: NameServer = 195.235.113.3,195.235.96.90
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARCHIV~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARCHIV~1\ARCHIV~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: karna.dat tbvyyt.dll C:\WINDOWS\system32\yodutiti.dll c:\windows\system32\riyijuvu.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\riyijuvu.dll (file missing)
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\riyijuvu.dll (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Archivos de programa\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Archivos de programa\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Servicio del iPod (iPod Service) - Apple Inc. - C:\Archivos de programa\iPod\bin\iPodService.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Archivos de programa\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Archivos de programa\Intel\Wireless\Bin\S24EvMon.exe

--
End of file - 8032 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\bghgbvax.job
C:\WINDOWS\tasks\Mantenimiento con 1 clic.job
C:\WINDOWS\tasks\Microsoft_Hardware_Launch_IcePick_exe.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4d1ffece-97fa-4a4b-8a80-038b1b5e818c}]
C:\WINDOWS\system32\ruguheju.dll []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-01-30 16116224]
"SkyTel"=C:\WINDOWS\SkyTel.EXE [2006-05-16 2879488]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"AzMixerSel"=C:\Archivos de programa\Realtek\InstallShield\AzMixerSel.exe [2006-01-25 53248]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2006-08-30 89542]
"Adobe Reader Speed Launcher"=C:\Archivos de programa\Adobe\Reader 8.0\Reader\Reader_sl.exe [2007-05-11 40048]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2007-03-23 138008]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2007-03-23 162584]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2007-03-23 138008]
"GrooveMonitor"=C:\Archivos de programa\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]
"ViStart"=C:\WINDOWS\Resources\Themes\ViStart\ViStart.exe []
"LifeCam"=C:\Archivos de programa\Microsoft LifeCam\LifeExp.exe [2007-05-17 279912]
"QuickTime Task"=C:\Archivos de programa\QuickTime\qttask.exe [2008-09-06 413696]
"iTunesHelper"=C:\Archivos de programa\iTunes\iTunesHelper.exe [2008-09-08 289576]
"webHancer Agent"=C:\Archivos de programa\webHancer\Programs\whagent.exe []
"CPM8f99088e"=c:\windows\system32\riyijuvu.dll []
"godawiwasu"=C:\WINDOWS\system32\wetidehu.dll []
"Malwarebytes Anti-Malware (reboot)"=C:\Archivos de programa\Malwarebytes' Anti-Malware\mbam.exe /runcleanupscript []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"WIAWizardMenu"=C:\WINDOWS\system32\sti_ci.dll [2004-08-19 137728]
"*Restore"=C:\WINDOWS\system32\restore\rstrui.exe [2004-08-19 382976]
"PackFolders"=C:\WINDOWS\BricoPackFoldersDelete.cmd [2008-07-09 5997]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"=C:\Archivos de programa\Skype\Phone\Skype.exe [2006-12-18 25365032]
"msnmsgr"=C:\Archivos de programa\MSN Messenger\msnmsgr.exe /background []
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-19 15360]
"amva"=C:\WINDOWS\system32\amvo.exe []
"daoli"=c:\documents and settings\administrador\configuración local\datos de programa\daoli.exe daoli []
"SpyBrowser"=C:\Archivos de programa\SpyBro\SpyBro.exe [2007-02-22 4811264]

C:\Documents and Settings\Administrador\Menú Inicio\Programas\Inicio
Deewoo.lnk - C:\Avenger\rcnttsdl.exe
DW_Start.lnk - C:\WINDOWS\system32\dwwnw64r.exe
Recorte de pantalla e Inicio rápido de OneNote 2007.lnk - C:\Archivos de programa\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="karna.dat tbvyyt.dll C:\WINDOWS\system32\yodutiti.dll c:\windows\system32\riyijuvu.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2007-02-26 204800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\riyijuvu.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\riyijuvu.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\ARCHIV~1\MICROS~3\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
C:\WINDOWS\system32\yodutiti.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Archivos de programa\MSN Messenger\msnmsgr.exe"="C:\Archivos de programa\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Archivos de programa\MSN Messenger\livecall.exe"="C:\Archivos de programa\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Archivos de programa\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Archivos de programa\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Archivos de programa\Microsoft Office\Office12\GROOVE.EXE"="C:\Archivos de programa\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Archivos de programa\Microsoft Office\Office12\ONENOTE.EXE"="C:\Archivos de programa\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Archivos de programa\uTorrent\uTorrent.exe"="C:\Archivos de programa\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Archivos de programa\Microsoft LifeCam\LifeCam.exe"="C:\Archivos de programa\Microsoft LifeCam\LifeCam.exe:*:Enabled:LifeCam.exe"
"C:\Archivos de programa\Microsoft LifeCam\LifeExp.exe"="C:\Archivos de programa\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe"
"C:\Archivos de programa\iTunes\iTunes.exe"="C:\Archivos de programa\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe:*:Enabled:Explorer"
"C:\WINDOWS\system32\logonui.exe"="C:\WINDOWS\system32\logonui.exe:*:Enabled:logonui"
"C:\WINDOWS\system32\winlogon.exe"="C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon"
"C:\Archivos de programa\Intel\Wireless\Bin\EvtEng.exe"="C:\Archivos de programa\Intel\Wireless\Bin\EvtEng.exe:*:Enabled:EvtEng"
"C:\WINDOWS\system32\spoolsv.exe"="C:\WINDOWS\system32\spoolsv.exe:*:Enabled:spoolsv"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:rundll32"
"C:\Archivos de programa\Alwil Software\Avast4\ashMaiSv.exe"="C:\Archivos de programa\Alwil Software\Avast4\ashMaiSv.exe:*:Enabled:ashMaiSv"
"C:\Archivos de programa\Microsoft LifeCam\MSCamS32.exe"="C:\Archivos de programa\Microsoft LifeCam\MSCamS32.exe:*:Enabled:MSCamS32"
"C:\WINDOWS\system32\lsass.exe"="C:\WINDOWS\system32\lsass.exe:*:Enabled:lsass"
"C:\Archivos de programa\Skype\Phone\Skype.exe"="C:\Archivos de programa\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Archivos de programa\MSN Messenger\msnmsgr.exe"="C:\Archivos de programa\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Archivos de programa\MSN Messenger\livecall.exe"="C:\Archivos de programa\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5f927922-680d-11dd-8d8e-001eec094431}]
shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{75816fbc-6007-11dd-8d7a-001eec094431}]
shell\AutoRun\command - F:\semo2x.exe
shell\explore\command - F:\semo2x.exe
shell\open\command - F:\semo2x.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c13ca248-5e57-11dd-8d75-001eec094431}]
shell\AutoRun\command - F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\isi32.exe
shell\open\command - F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\isi32.exe


======List of files/folders created in the last 1 months======

2008-12-06 16:38:18 ----D---- C:\rsit
2008-12-06 15:57:16 ----D---- C:\Archivos de programa\Trend Micro
2008-12-06 15:52:17 ----D---- C:\WINDOWS\Sun
2008-12-06 15:51:10 ----D---- C:\Avenger
2008-12-06 15:51:10 ----AD---- C:\Documents and Settings\All Users\Datos de programa\TEMP
2008-12-06 15:51:06 ----D---- C:\Archivos de programa\SpyBro
2008-12-06 14:18:43 ----D---- C:\WINDOWS\ERUNT
2008-12-06 14:10:40 ----D---- C:\SDFix
2008-12-06 14:03:16 ----A---- C:\WINDOWS\ntbtlog.txt
2008-12-06 13:10:12 ----SHD---- C:\Config.Msi
2008-12-06 12:58:57 ----A---- C:\avenger.txt
2008-12-06 00:32:08 ----A---- C:\WINDOWS\IE4 Error Log.txt
2008-12-06 00:19:29 ----D---- C:\Archivos de programa\ThreatFire
2008-12-05 02:31:48 ----D---- C:\Archivos de programa\Alwil Software
2008-12-05 02:15:56 ----D---- C:\Archivos de programa\Conduit
2008-12-03 21:54:08 ----D---- C:\Documents and Settings\Administrador\Datos de programa\Twain
2008-12-02 21:27:13 ----A---- C:\WINDOWS\system32\jznjwyearyxpuojhv.exe
2008-12-02 21:16:44 ----D---- C:\Documents and Settings\Administrador\Datos de programa\NI.GSCNS
2008-12-02 21:13:59 ----A---- C:\WINDOWS\system32\8789ff6c-.txt
2008-11-30 16:29:34 ----D---- C:\Documents and Settings\Administrador\Datos de programa\Move Networks
2008-11-30 01:20:21 ----D---- C:\Documents and Settings\Administrador\Datos de programa\Apple Computer
2008-11-30 01:20:16 ----A---- C:\WINDOWS\system32\GEARAspi.dll
2008-11-30 01:20:07 ----D---- C:\Archivos de programa\iPod
2008-11-30 01:20:05 ----D---- C:\Documents and Settings\All Users\Datos de programa\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-30 01:20:05 ----D---- C:\Archivos de programa\iTunes
2008-11-30 01:19:29 ----D---- C:\Archivos de programa\QuickTime
2008-11-30 01:19:27 ----D---- C:\Documents and Settings\All Users\Datos de programa\Apple Computer
2008-11-30 01:19:13 ----D---- C:\Archivos de programa\Apple Software Update
2008-11-30 01:18:53 ----D---- C:\Archivos de programa\Archivos comunes\Apple
2008-11-30 01:18:52 ----D---- C:\Documents and Settings\All Users\Datos de programa\Apple
2008-11-28 16:18:30 ----D---- C:\Documents and Settings\Administrador\Datos de programa\Graboid Inc
2008-11-28 00:19:21 ----D---- C:\Documents and Settings\Administrador\Datos de programa\vlc
2008-11-27 19:10:22 ----D---- C:\Documents and Settings\All Users\Datos de programa\Launcher
2008-11-27 18:59:27 ----D---- C:\Documents and Settings\All Users\Datos de programa\Graboid Inc
2008-11-27 18:59:18 ----D---- C:\Documents and Settings\Administrador\Datos de programa\MozillaControl
2008-11-27 18:59:18 ----D---- C:\Documents and Settings\Administrador\Datos de programa\Mozilla
2008-11-27 18:58:46 ----D---- C:\Archivos de programa\VideoLAN
2008-11-27 18:58:44 ----D---- C:\Archivos de programa\Graboid
2008-11-25 22:00:22 ----D---- C:\Archivos de programa\eMule
2008-11-16 22:06:27 ----A---- C:\WINDOWS\system32\LCCoin14.dll
2008-11-16 22:02:46 ----A---- C:\WINDOWS\system32\vfwwdm32.dll
2008-11-16 22:02:10 ----D---- C:\Archivos de programa\Microsoft LifeCam
2008-11-16 22:00:50 ----A---- C:\WINDOWS\system32\xinput1_3.dll
2008-11-16 22:00:50 ----A---- C:\WINDOWS\system32\xactengine2_4.dll
2008-11-16 22:00:50 ----A---- C:\WINDOWS\system32\x3daudio1_1.dll
2008-11-16 22:00:49 ----A---- C:\WINDOWS\system32\xinput1_2.dll
2008-11-16 22:00:49 ----A---- C:\WINDOWS\system32\xactengine2_3.dll
2008-11-16 22:00:49 ----A---- C:\WINDOWS\system32\xactengine2_2.dll
2008-11-16 22:00:49 ----A---- C:\WINDOWS\system32\xactengine2_1.dll
2008-11-16 22:00:49 ----A---- C:\WINDOWS\system32\d3dx9_31.dll
2008-11-16 22:00:43 ----A---- C:\WINDOWS\system32\xactengine2_0.dll
2008-11-16 22:00:43 ----A---- C:\WINDOWS\system32\x3daudio1_0.dll
2008-11-11 21:40:41 ----D---- C:\Documents and Settings\Administrador\Datos de programa\Malwarebytes
2008-11-11 21:40:37 ----D---- C:\Documents and Settings\All Users\Datos de programa\Malwarebytes
2008-11-11 17:32:49 ----A---- C:\WINDOWS\xonusah.dll
2008-11-11 17:32:49 ----A---- C:\WINDOWS\rorudis.vbs
2008-11-11 17:32:49 ----A---- C:\WINDOWS\huzexoci.dll
2008-11-11 17:32:49 ----A---- C:\Documents and Settings\All Users\Datos de programa\nylozaxy.com
2008-11-08 19:57:37 ----A---- C:\WINDOWS\Sysvxd.exe

======List of files/folders modified in the last 1 months======

2008-12-06 15:57:16 ----RD---- C:\Archivos de programa
2008-12-06 15:57:13 ----D---- C:\WINDOWS\system32
2008-12-06 15:57:13 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-12-06 15:51:02 ----D---- C:\Documents and Settings\Administrador\Datos de programa\uTorrent
2008-12-06 15:51:01 ----D---- C:\WINDOWS
2008-12-06 15:50:44 ----D---- C:\WINDOWS\system32\drivers
2008-12-06 15:50:03 ----SHD---- C:\WINDOWS\Installer
2008-12-06 15:49:45 ----D---- C:\Archivos de programa\Eset
2008-12-06 15:46:41 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-12-06 15:45:07 ----D---- C:\Archivos de programa\Outlook Express
2008-12-06 15:45:07 ----D---- C:\Archivos de programa\Internet Explorer
2008-12-06 15:36:49 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-06 14:35:29 ----D---- C:\WINDOWS\Temp
2008-12-06 13:08:28 ----A---- C:\WINDOWS\imsins.BAK
2008-12-06 13:00:18 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-06 11:10:07 ----ASH---- C:\boot.ini
2008-12-06 11:10:07 ----A---- C:\WINDOWS\win.ini
2008-12-06 11:10:07 ----A---- C:\WINDOWS\system.ini
2008-12-06 11:01:47 ----D---- C:\WINDOWS\system32\config
2008-12-06 11:01:37 ----D---- C:\WINDOWS\system32\wbem
2008-12-06 11:01:37 ----D---- C:\WINDOWS\Registration
2008-12-06 10:55:37 ----D---- C:\WINDOWS\system32\Restore
2008-12-06 00:32:01 ----D---- C:\Archivos de programa\uTorrent
2008-12-06 00:27:16 ----A---- C:\WINDOWS\NeroDigital.ini
2008-12-05 02:37:27 ----D---- C:\WINDOWS\Prefetch
2008-12-02 21:41:10 ----A---- C:\WINDOWS\system32\svchost.exe
2008-12-02 21:08:25 ----SD---- C:\WINDOWS\Tasks
2008-11-30 01:20:16 ----HD---- C:\WINDOWS\inf
2008-11-30 01:20:16 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-11-30 01:19:02 ----D---- C:\WINDOWS\WinSxS
2008-11-30 01:18:53 ----D---- C:\Archivos de programa\Archivos comunes
2008-11-30 00:05:07 ----D---- C:\Archivos de programa\Windows Media Player
2008-11-29 23:58:35 ----D---- C:\WINDOWS\Help
2008-11-18 10:42:46 ----D---- C:\Documents and Settings\Administrador\Datos de programa\Skype
2008-11-16 22:00:49 ----RSD---- C:\WINDOWS\assembly
2008-11-16 22:00:13 ----D---- C:\WINDOWS\system32\DirectX
2008-11-11 22:03:26 ----RSHD---- C:\RECYCLER

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Controlador de procesador Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-19 40320]
R1 WmiAcpi;Interfaz de administración para ACPI de Microsoft Windows; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2004-08-03 8832]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.6.0.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2008-07-09 21425]
R2 rimmptsk;rimmptsk; C:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2007-02-24 39936]
R2 rimsptsk;rimsptsk; C:\WINDOWS\system32\DRIVERS\rimsptsk.sys [2007-01-23 42496]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\WINDOWS\system32\DRIVERS\rixdptsk.sys [2007-01-23 37376]
R2 s24trans;Transporte WLAN; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2006-11-08 12544]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2006-08-30 1161152]
R3 Arp1394;Protocolo de cliente ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-01-15 60800]
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2007-02-16 160256]
R3 CmBatt;Controlador de batería de método de control ACPI de Microsoft; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-03 14080]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2007-02-26 5700096]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-01-30 4474368]
R3 NETw3x32;Controlador del adaptador Intel® PRO/Wireless 3945ABG para Windows XP de 32 bits; C:\WINDOWS\system32\DRIVERS\NETw3x32.sys [2006-11-15 1711488]
R3 NIC1394;Controlador de red 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-01-15 61824]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2004-08-03 67584]
R3 usbehci;Controlador minipuerto de la controladora mejorada USB 2.0 de Microsoft; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;Concentrador habilitado USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 USBSTOR;Dispositivo de almacenamiento masivo de datos USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
R3 usbuhci;Controlador minipuerto de la controladora de host universal USB de Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]
S1 rdbsss;rdbsss; C:\WINDOWS\System32\drivers\rdbsss.sys []
S3 catchme;catchme; \??\C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\catchme.sys []
S3 CCDECODE;Descodificador de título cerrado; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 HidUsb;Controlador de clases HID de Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-18 9600]
S3 mouhid;Controlador HID de mouse; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-22 12416]
S3 MSHUSBVideo;NX6000/NX3000/VX7000 Filter Driver; C:\WINDOWS\System32\Drivers\nx6000.sys [2007-04-12 34136]
S3 MSTEE;Convertidor Tee/Sink-to-Sink de transferencia de Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;Códec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Conexión de TV/Vídeo de Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 streamip;Receptor BDA IP; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 usbaudio;Controlador de audio USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264]
S3 usbccgp;Controlador primario genérico USB de Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbprint;Clase de impresora USB de Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 25856]
S3 usbvideo;USB Video Device (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2004-08-03 78464]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys []
S3 WSTCODEC;Códec de teletexto estándar mundial; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 WS2IFSL;Entorno de compatibilidad con proveedores de servicios no IFS de Windows Socket 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-24 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-09-05 116040]
R2 EvtEng;Intel® PROSet/Wireless Event Log; C:\Archivos de programa\Intel\Wireless\Bin\EvtEng.exe [2006-11-08 434176]
R2 MSCamSvc;MSCamSvc; C:\Archivos de programa\Microsoft LifeCam\MSCamS32.exe [2007-05-17 271720]
R2 RegSrvc;Intel® PROSet/Wireless Registry Service; C:\Archivos de programa\Intel\Wireless\Bin\RegSrvc.exe [2006-11-08 327680]
R2 S24EventMonitor;Intel® PROSet/Wireless Service; C:\Archivos de programa\Intel\Wireless\Bin\S24EvMon.exe [2006-11-08 950272]
R2 UxTuneUp;TuneUp Ampliación del thema; C:\WINDOWS\System32\svchost.exe [2008-12-02 14336]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-12-02 14336]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-04-12 33632]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-04-12 68952]
S3 gusvc;Google Updater Service; C:\Archivos de programa\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-03 136120]
S3 iPod Service;Servicio del iPod; C:\Archivos de programa\iPod\bin\iPodService.exe [2008-09-08 536872]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Archivos de programa\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Archivos de programa\Archivos comunes\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Archivos de programa\Archivos comunes\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

-----------------EOF-----------------

info.txt logfile of random's system information tool 1.04 2008-12-06 16:38:20

======Uninstall list======

-->MsiExec.exe /I{0F122737-72B2-4095-8B3E-7AAE753DFD3D}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-042D-0000-0000000FF1CE} /uninstall {042190ED-F17C-4A8D-95D8-87A37B4095BD}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0456-0000-0000000FF1CE} /uninstall {D3064ADE-5D4C-4AA4-8F71-C63D87D4A263}
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.0 - Español-->MsiExec.exe /I{AC76BA86-7AD7-1034-7B44-A81000000003}
Agere Systems HDA Modem-->agrsmdel
Apple Mobile Device Support-->MsiExec.exe /I{C7C895CA-331B-4D7D-A0FB-D3BC637949F9}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Complemento Guardar como PDF o XPS de Microsoft para programas de Microsoft Office 2007-->MsiExec.exe /X{90120000-00B2-0C0A-0000-0000000FF1CE}
Compresor WinRAR-->C:\Archivos de programa\WinRAR\uninstall.exe
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Archivos de programa\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"
Intel® Graphics Media Accelerator Driver-->C:\WINDOWS\system32\igxpun.exe -uninstall
iTunes-->MsiExec.exe /I{EA418519-2160-43A0-AABD-6608DDD8D87F}
Java™ 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
K-Lite Codec Pack 3.3.0 Standard-->"C:\Archivos de programa\K-Lite Codec Pack\unins000.exe"
Learning Essentials para Microsoft Office-->MsiExec.exe /X{75F3A4B2-F6E8-434D-A2EF-DBBC016C6CB2}
Matemáticas de Microsoft-->MsiExec.exe /I{07143840-959A-4B0D-8825-2C533F0DDB19}
mCore-->MsiExec.exe /I{E81667C6-2856-46D6-ABEA-6A2F42166779}
mDriver-->MsiExec.exe /I{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 with Security Updates-->MsiExec.exe /X{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft LifeCam-->MsiExec.exe /X{3DC172E8-CA66-4E10-A1D3-8282F4CBFCEA}
Microsoft Office Access MUI (Spanish) 2007-->MsiExec.exe /X{90120000-0015-0C0A-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Archivos de programa\Archivos comunes\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (Spanish) 2007-->MsiExec.exe /X{90120000-0016-0C0A-0000-0000000FF1CE}
Microsoft Office Groove MUI (Spanish) 2007-->MsiExec.exe /X{90120000-00BA-0C0A-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (Spanish) 2007-->MsiExec.exe /X{90120000-0044-0C0A-0000-0000000FF1CE}
Microsoft Office OneNote MUI (Spanish) 2007-->MsiExec.exe /X{90120000-00A1-0C0A-0000-0000000FF1CE}
Microsoft Office Outlook MUI (Spanish) 2007-->MsiExec.exe /X{90120000-001A-0C0A-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Spanish) 2007-->MsiExec.exe /X{90120000-0018-0C0A-0000-0000000FF1CE}
Microsoft Office Proof (Basque) 2007-->MsiExec.exe /X{90120000-001F-042D-0000-0000000FF1CE}
Microsoft Office Proof (Catalan) 2007-->MsiExec.exe /X{90120000-001F-0403-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Galician) 2007-->MsiExec.exe /X{90120000-001F-0456-0000-0000000FF1CE}
Microsoft Office Proof (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-001F-0416-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (Spanish) 2007-->MsiExec.exe /X{90120000-002C-0C0A-0000-0000000FF1CE}
Microsoft Office Publisher MUI (Spanish) 2007-->MsiExec.exe /X{90120000-0019-0C0A-0000-0000000FF1CE}
Microsoft Office Shared MUI (Spanish) 2007-->MsiExec.exe /X{90120000-006E-0C0A-0000-0000000FF1CE}
Microsoft Office Word MUI (Spanish) 2007-->MsiExec.exe /X{90120000-001B-0C0A-0000-0000000FF1CE}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
mMHouse-->MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
mPfMgr-->MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mProSafe-->MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
MSXML 6.0 Parser-->MsiExec.exe /I{AEB9948B-4FF2-47C9-990E-47014492A0FE}
mWlsSafe-->MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
mXML-->MsiExec.exe /I{9CC89556-3578-48DD-8408-04E66EBEF401}
Nero 7.10.1.0-->"C:\Archivos de programa\Nero\unins000.exe"
Picasa 2-->"C:\Archivos de programa\Picasa2\Uninstall.exe"
PowerDVD-->RunDll32 C:\ARCHIV~1\ARCHIV~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Archivos de programa\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
Realtek High Definition Audio Driver-->RunDll32 C:\ARCHIV~1\ARCHIV~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Archivos de programa\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0xa -removeonly
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.32-->RunDll32 C:\ARCHIV~1\ARCHIV~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Archivos de programa\InstallShield Installation Information\{59F6A514-9813-47A3-948C-8A155460CC2A}\setup.exe" -l0xa anything
Samsung Master-->C:\Archivos de programa\InstallShield Installation Information\{AEC0CEBC-0FC7-4716-8222-1C4A742719B1}\Setup.exe -runfromtemp -l0x000a -removeonly
Samsung USB Driver-->"C:\Archivos de programa\InstallShield Installation Information\{86D6A20D-3910-4441-A3E5-EB6977251C86}\Setup.exe" -runfromtemp -l0x0009 anything -removeonly
Shockwave Player-->MsiExec.exe /X{103906AD-C60E-4E65-BC84-CE980D19CE41}
Skype 3.0-->"C:\Archivos de programa\Skype\Phone\unins000.exe"
Skype add-on for IE-->rundll32 "C:\Archivos de programa\Skype\Phone\IEPlugin\SkypeIEPlugin.dll",FriendlyUnregisterServer 0
Skype Plugin Manager-->MsiExec.exe /I{3D5E5C0A-5B36-4F98-99A7-287F7DBDCE03}
Software Intel® PROSet/Wireless-->C:\WINDOWS\Installer\iProInst.exe
TuneUp Utilities 2007-->MsiExec.exe /I{C8BB4912-12D9-42AE-B571-E580D8CD1B5B}
Windows Media Player Enterprise Deployment-->MsiExec.exe /I{C2CDE75C-CA51-4335-9C13-84C00E6093A5}

======Hosts File======

127.0.0.1 localhost

Securitycenter WMI appears to be broken

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Archivos de programa\Intel\Wireless\Bin\;C:\Archivos de programa\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 22 Stepping 1, GenuineIntel
"PROCESSOR_REVISION"=1601
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Archivos de programa\Java\jre1.6.0_02\lib\ext\QTJava.zip
"QTJAVA"=C:\Archivos de programa\Java\jre1.6.0_02\lib\ext\QTJava.zip

-----------------EOF-----------------


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:57:46, on 06/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Archivos de programa\Intel\Wireless\Bin\EvtEng.exe
C:\Archivos de programa\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Archivos de programa\Microsoft LifeCam\MSCamS32.exe
C:\Archivos de programa\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Archivos de programa\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT1960542
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows uE10 Last Edition BY:GP
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: (no name) - {4d1ffece-97fa-4a4b-8a80-038b1b5e818c} - C:\WINDOWS\system32\ruguheju.dll (file missing)
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Archivos de programa\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Archivos de programa\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Archivos de programa\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [ViStart] C:\WINDOWS\Resources\Themes\ViStart\ViStart.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Archivos de programa\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Archivos de programa\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Archivos de programa\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [webHancer Agent] C:\Archivos de programa\webHancer\Programs\whagent.exe
O4 - HKLM\..\Run: [CPM8f99088e] Rundll32.exe "c:\windows\system32\riyijuvu.dll",a
O4 - HKLM\..\Run: [godawiwasu] Rundll32.exe "C:\WINDOWS\system32\wetidehu.dll",s
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Archivos de programa\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu
O4 - HKLM\..\RunOnce: [*Restore] C:\WINDOWS\system32\restore\rstrui.exe -i
O4 - HKLM\..\RunOnce: [PackFolders] C:\WINDOWS\BricoPackFoldersDelete.cmd
O4 - HKCU\..\Run: [Skype] "C:\Archivos de programa\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Archivos de programa\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [amva] C:\WINDOWS\system32\amvo.exe
O4 - HKCU\..\Run: [daoli] "c:\documents and settings\administrador\configuración local\datos de programa\daoli.exe" daoli
O4 - HKCU\..\Run: [SpyBrowser] "C:\Archivos de programa\SpyBro\SpyBro.exe" /autostart
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [godawiwasu] Rundll32.exe "C:\WINDOWS\system32\wetidehu.dll",s (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Servicio de red')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Servicio de red')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Startup: Deewoo.lnk = C:\Avenger\rcnttsdl.exe
O4 - Startup: DW_Start.lnk = C:\WINDOWS\system32\dwwnw64r.exe
O4 - Startup: Recorte de pantalla e Inicio rápido de OneNote 2007.lnk = C:\Archivos de programa\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARCHIV~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARCHIV~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\ARCHIV~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~3\Office12\REFIEBAR.DLL
O17 - HKLM\System\CCS\Services\Tcpip\..\{27EF22B5-C5C0-4E01-AF03-2DF632AB886D}: NameServer = 195.235.113.3,195.235.96.90
O17 - HKLM\System\CS1\Services\Tcpip\..\{27EF22B5-C5C0-4E01-AF03-2DF632AB886D}: NameServer = 195.235.113.3,195.235.96.90
O17 - HKLM\System\CS2\Services\Tcpip\..\{27EF22B5-C5C0-4E01-AF03-2DF632AB886D}: NameServer = 195.235.113.3,195.235.96.90
O17 - HKLM\System\CS3\Services\Tcpip\..\{27EF22B5-C5C0-4E01-AF03-2DF632AB886D}: NameServer = 195.235.113.3,195.235.96.90
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARCHIV~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARCHIV~1\ARCHIV~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: karna.dat tbvyyt.dll C:\WINDOWS\system32\yodutiti.dll c:\windows\system32\riyijuvu.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\riyijuvu.dll (file missing)
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\riyijuvu.dll (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Archivos de programa\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Archivos de programa\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Servicio del iPod (iPod Service) - Apple Inc. - C:\Archivos de programa\iPod\bin\iPodService.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Archivos de programa\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Archivos de programa\Intel\Wireless\Bin\S24EvMon.exe

--
End of file - 7678 bytes

BC AdBot (Login to Remove)

 


#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:10:31 AM

Posted 16 December 2008 - 09:49 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.

Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results, click no to the Optional_Scan
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE

Also, Your system is severly infected. Problem with these infections nowadays is, it causes a lot of damage. Even if we clean the malware off your system, I can't guarantee that your system will be clean afterwards, because these infections/bundles leave a lot of leftovers behind that most scanners won't even recognise and logs won't show.
Also, I can't promise you we can repair all the damage it caused... Even after cleaning the malware, you can still get errors afterwards because of the damage. Solving these is not always possible since it will be searching for a needle in a haystack to find the right cause and solution.
So, we can try to clean this up and do what we can, but keep in mind that we can't solve ALL problems this malware already caused.

In light of this it would be wise for you to back up any files and folders that you don't want to lose before we start. Reason I am telling this is because when a system is so terribly infected and we try to clean this up manually, the damage that is already present may interfere with our removal attempts.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:10:31 AM

Posted 07 January 2009 - 06:38 AM

Since there is no feedback anymore, I assume this issue is resolved ... so, this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users