Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijac Log/infected?


  • This topic is locked This topic is locked
5 replies to this topic

#1 yanky128

yanky128

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:02:04 AM

Posted 12 February 2007 - 06:12 PM

here is a log from hijac INFECTED???????????Please helpLogfile of HijackThis v1.99.1
Scan saved at 7:04:52 PM, on 3/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Lexmark 3400 Series\lxcymon.exe
C:\Program Files\Lexmark 3400 Series\ezprint.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Morpheus\Morpheus.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\lxcycoms.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\MSN Messenger\livecall.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Windows Live Toolbar\msn_sl.exe
C:\DOCUME~1\JUANTE~1.JUA\LOCALS~1\Temp\Temporary Directory 1 for hijackthis[1].zip\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [lxcymon.exe] "C:\Program Files\Lexmark 3400 Series\lxcymon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 3400 Series\ezprint.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [LXCYCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCYtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Startup: Morpheus.lnk = C:\Program Files\Morpheus\Morpheus.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {339234B4-4E14-4280-B8B4-8BAE5AF99063} (Chess Object) - http://zone.msn.com/bingame/zpagames/zpa_kqrp.cab53083.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
O16 - DPF: {4B9F2C37-C0CF-42BC-BB2D-DCFA8B25CABF} - http://zone.msn.com/bingame/rock/default/popcaploader1.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase9602.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1173494734343
O16 - DPF: {64D01C7F-810D-446E-A07E-16C764235644} (AtlAtomadersCtlAttrib Class) - http://zone.msn.com/bingame/amad/default/atomaders.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/amun/default/mjolauncher.cab
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (ZPA_TexasHoldem Object) - http://zone.msn.com/bingame/zpagames/zpa_txhe.cab53083.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab55579.cab
O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} (CBankshotZoneCtrl Class) - http://zone.msn.com/bingame/zpagames/zpa_pool.cab42858.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://zone.msn.com/bingame/feed/default/SproutLauncher.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/cnma/default/ct.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
O16 - DPF: {DA80E089-4648-43D5-93B4-7F37917084E6} (CacheManager.CacheManagerCtrl) - http://www.candystand.com/assets/activex/v...acheManager.CAB
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxcy_device - - C:\WINDOWS\system32\lxcycoms.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe :thumbsup:

BC AdBot (Login to Remove)

 


#2 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:07:04 AM

Posted 12 February 2007 - 06:56 PM

Welcome yanky128 :thumbsup:

Please move HijackThis to a permanent folder on the hard drive such as C:\HJT. Create a new folder and place your HijackThis.exe inside that folder so that the backups of log changes it creates are saved in the same folder and can be used to reverse the line entry deletion. If HijackThis is used from a temp folder it is in danger of being accidentally deleted by Disk Cleanup or similar tools. If you run Hijackthis from the desktop, the files it removes will not be backed up properly.

************************

Please download DrWeb-CureIt & save it to your desktop. DO NOT perform a scan yet.

You should copy/print the following because you need to be in Safe Mode from here on.

Reboot your computer into SAFE MODE" using the F8 method.
To do this,restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly.
A menu will appear with several options.
Use the arrow keys on your keyboard to navigate and select the option to run Windows in "Safe Mode".

Scan with DrWeb-CureIt as follows:
* Double-click on drweb-cureit.exe to start the program. An "Express Scan of your PC" notice will appear.
* Under "Start the Express Scan Now", Click "OK" to start. This is a short scan that will scan the files currently running in memory and when something is found, click the Yes button when it asks you if you want to cure it.
* Once the short scan has finished, Click Options > Change settings
* Choose the "Scan tab" and UNcheck "Heuristic analysis"
* Back at the main window, click "Select drives" (a red dot will show which drives have been chosen)
* Then click the "Start/Stop Scanning" button (green arrow on the right) and the scan will start.
* When done, a message will be displayed at the bottom advising if any viruses were found.
* Click "Yes to all" if it asks if you want to cure/move the file.
* When the scan has finished, look if you can see the icon next to the files found. If so, click it, then click the next icon right below and select "Move incurable".
(This will move it to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if it can't be cured)
* Next, in the Dr.Web CureIt menu on top, click file and choose save report list.
* Save the DrWeb.csv report to your desktop.
* Exit Dr.Web Cureit when done.
* Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
* After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)

*************************

Please download Combofix and save to the desktop:
http://download.bleepingcomputer.com/sUBs/combofix.exe
http://www.techsupportforum.com/sectools/combofix.exe
Note:
It is important that it is saved directly to your desktop

Close any open browsers.
Double click on combofix.exe & follow the prompts.
When finished, it will produce a log.
Post the C:\ComboFix.txt in your next reply.
Note:
Do not mouseclick combofix's window whilst it's running.
That may cause the program to freeze/hang.


Reboot,post the DrWeb.cvs report,the C:\ComboFix.txt,and a new Hijackthis log into your next reply.
Posted Image
Posted Image

#3 yanky128

yanky128
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:02:04 AM

Posted 13 February 2007 - 03:14 PM

1st THANKS richieUK very much for helping me here's the log for the prog'sLogfile of HijackThis v1.99.1
Scan saved at 5:01:16 PM, on 3/13/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Lexmark 3400 Series\lxcymon.exe
C:\Program Files\Lexmark 3400 Series\ezprint.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Morpheus\Morpheus.exe
C:\WINDOWS\system32\OSK.exe
C:\WINDOWS\system32\MSSWCHX.EXE
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\lxcycoms.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\hijackth\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [lxcymon.exe] "C:\Program Files\Lexmark 3400 Series\lxcymon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 3400 Series\ezprint.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [LXCYCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCYtime.dll,_RunDLLEntry@16
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Startup: Morpheus.lnk = C:\Program Files\Morpheus\Morpheus.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {339234B4-4E14-4280-B8B4-8BAE5AF99063} (Chess Object) - http://zone.msn.com/bingame/zpagames/zpa_kqrp.cab53083.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
O16 - DPF: {4B9F2C37-C0CF-42BC-BB2D-DCFA8B25CABF} - http://zone.msn.com/bingame/rock/default/popcaploader1.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase9602.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1173494734343
O16 - DPF: {64D01C7F-810D-446E-A07E-16C764235644} (AtlAtomadersCtlAttrib Class) - http://zone.msn.com/bingame/amad/default/atomaders.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/amun/default/mjolauncher.cab
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (ZPA_TexasHoldem Object) - http://zone.msn.com/bingame/zpagames/zpa_txhe.cab53083.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab55579.cab
O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} (CBankshotZoneCtrl Class) - http://zone.msn.com/bingame/zpagames/zpa_pool.cab42858.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://zone.msn.com/bingame/feed/default/SproutLauncher.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/cnma/default/ct.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
O16 - DPF: {DA80E089-4648-43D5-93B4-7F37917084E6} (CacheManager.CacheManagerCtrl) - http://www.candystand.com/assets/activex/v...acheManager.CAB
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxcy_device - - C:\WINDOWS\system32\lxcycoms.exe=====================================================
Dr.Web® Scanner for Windows v4.33.2 (4.33.2.10060)
Copyright © Igor Daniloff, 1992-2006
Log generated on: 2007-03-13, 14:19:20 [Juan Tellado]
Command-line: "C:\DOCUME~1\JUANTE~1.JUA\LOCALS~1\Temp\RarSFX0\cureit.exe" /lng /ini:cureit_XP.ini
Operating system:Windows XP Home Edition x86 (Build 2600), Service Pack 2
=============================================================================
Engine version: 4.33 (4.33.5.10110)
Engine API version: 2.01
[Virus base] C:\DOCUME~1\JUANTE~1.JUA\LOCALS~1\Temp\RarSFX0\crwtoday.cdb - 397 virus records
[Virus base] C:\DOCUME~1\JUANTE~1.JUA\LOCALS~1\Temp\RarSFX0\crw43374.cdb - 2090 virus records
[Virus base] C:\DOCUME~1\JUANTE~1.JUA\LOCALS~1\Temp\RarSFX0\crw43373.cdb - 1252 virus records
[Virus base] C:\DOCUME~1\JUANTE~1.JUA\LOCALS~1\Temp\RarSFX0\crw43372.cdb - 1289 virus records
[Virus base] C:\DOCUME~1\JUANTE~1.JUA\LOCALS~1\Temp\RarSFX0\crw43371.cdb - 2370 virus records
[Virus base] C:\DOCUME~1\JUANTE~1.JUA\LOCALS~1\Temp\RarSFX0\crw43370.cdb - 2022 virus records
[Virus base] C:\DOCUME~1\JUANTE~1.JUA\LOCALS~1\Temp\RarSFX0\crw43369.cdb - 687 virus records
[Virus base] C:\DOCUME~1\JUANTE~1.JUA\LOCALS~1\Temp\RarSFX0\crw43368.cdb - 1099 virus records
[Virus base] C:\DOCUME~1\JUANTE~1.JUA\LOCALS~1\Temp\RarSFX0\crw43367.cdb - 1834 virus records
[Virus base] C:\DOCUME~1\JUANTE~1.JUA\LOCALS~1\Temp\RarSFX0\crw43366.cdb - 4015 virus records
[Virus base] C:\DOCUME~1\JUANTE~1.JUA\LOCALS~1\Temp\RarSFX0\crw43365.cdb - 1342 virus records
[Virus base] C:\DOCUME~1\JUANTE~1.JUA\LOCALS~1\Temp\RarSFX0\crw43364.cdb - 1335 virus records
[Virus base] C:\DOCUME~1\JUANTE~1.JUA\LOCALS~1\Temp\RarSFX0\crw43363.cdb - 1152 virus records
[Virus base] C:\DOCUME~1\JUANTE~1.JUA\LOCALS~1\Temp\RarSFX0\crw43362.cdb - 1006 virus records
[Virus base] C:\DOCUME~1\JUANTE~1.JUA\LOCALS~1\Temp\RarSFX0\crw43361.cdb - 878 virus records
[Virus base] C:\DOCUME~1\JUANTE~1.JUA\LOCALS~1\Temp\RarSFX0\crw43360.cdb - 988 virus records
[Virus base] C:\DOCUME~1\JUANTE~1.JUA\LOCALS~1\Temp\RarSFX0\crw43359.cdb - 1205 virus records
[Virus base] C:\DOCUME~1\JUANTE~1.JUA\LOCALS~1\Temp\RarSFX0\crw43358.cdb - 1139 virus records
[Virus base] C:\DOCUME~1\JUANTE~1.JUA\LOCALS~1\Temp\RarSFX0\crw43357.cdb - 1302 virus records
[Virus base] C:\DOCUME~1\JUANTE~1.JUA\LOCALS~1\Temp\RarSFX0\crw43356.cdb - 1332 virus records
[Virus base] C:\DOCUME~1\JUANTE~1.JUA\LOCALS~1\Temp\RarSFX0\crw43355.cdb - 2456 virus records
[Virus base] C:\DOCUME~1\JUANTE~1.JUA\LOCALS~1\Temp\RarSFX0\crw43354.cdb - 1283 virus records
[Virus base] C:\DOCUME~1\JUANTE~1.JUA\LOCALS~1\Temp\RarSFX0\crw43353.cdb - 795 virus records
[Virus base] C:\DOCUME~1\JUANTE~1.JUA\LOCALS~1\Temp\RarSFX0\crw43352.cdb - 2016 virus records
[Virus base] C:\DOCUME~1\JUANTE~1.JUA\LOCALS~1\Temp\RarSFX0\crw43351.cdb - 941 virus records
[Virus base] C:\DOCUME~1\JUANTE~1.JUA\LOCALS~1\Temp\RarSFX0\crw43350.cdb - 1020 virus records
[Virus base] C:\DOCUME~1\JUANTE~1.JUA\LOCALS~1\Temp\RarSFX0\crw43349.cdb - 1008 virus records
[Virus base] C:\DOCUME~1\JUANTE~1.JUA\LOCALS~1\Temp\RarSFX0\crw43348.cdb - 1096 virus records
[Virus base] C:\DOCUME~1\JUANTE~1.JUA\LOCALS~1\Temp\RarSFX0\crw43347.cdb - 707 virus records
[Virus base] C:\DOCUME~1\JUANTE~1.JUA\LOCALS~1\Temp\RarSFX0\crw43346.cdb - 1428 virus records
[Virus base] C:\DOCUME~1\JUANTE~1.JUA\LOCALS~1\Temp\RarSFX0\crw43345.cdb - 1358 virus records
[Virus base] C:\DOCUME~1\JUANTE~1.JUA\LOCALS~1\Temp\RarSFX0\crw43344.cdb - 694 virus records
[Virus base] C:\DOCUME~1\JUANTE~1.JUA\LOCALS~1\Temp\RarSFX0\crw43343.cdb - 1186 virus records
[Virus base] C:\DOCUME~1\JUANTE~1.JUA\LOCALS~1\Temp\RarSFX0\crw43342.cdb - 744 virus records
[Virus base] C:\DOCUME~1\JUANTE~1.JUA\LOCALS~1\Temp\RarSFX0\crw43341.cdb - 841 virus records
[Virus base] C:\DOCUME~1\JUANTE~1.JUA\LOCALS~1\Temp\RarSFX0\crw43340.cdb - 822 virus records
[Virus base] C:\DOCUME~1\JUANTE~1.JUA\LOCALS~1\Temp\RarSFX0\crw43339.cdb - 1071 virus records
[Virus base] C:\DOCUME~1\JUANTE~1.JUA\LOCALS~1\Temp\RarSFX0\crw43338.cdb - 989 virus records
[Virus base] C:\DOCUME~1\JUANTE~1.JUA\LOCALS~1\Temp\RarSFX0\crw43337.cdb - 855 virus records
[Virus base] C:\DOCUME~1\JUANTE~1.JUA\LOCALS~1\Temp\RarSFX0\crw43336.cdb - 1297 virus records
[Virus base] C:\DOCUME~1\JUANTE~1.JUA\LOCALS~1\Temp\RarSFX0\crw43335.cdb - 1195 virus records
[Virus base] C:\DOCUME~1\JUANTE~1.JUA\LOCALS~1\Temp\RarSFX0\crw43334.cdb - 900 virus records
[Virus base] C:\DOCUME~1\JUANTE~1.JUA\LOCALS~1\Temp\RarSFX0\crw43333.cdb - 1381 virus records
[Virus base] C:\DOCUME~1\JUANTE~1.JUA\LOCALS~1\Temp\RarSFX0\crw43332.cdb - 1340 virus records
[Virus base] C:\DOCUME~1\JUANTE~1.JUA\LOCALS~1\Temp\RarSFX0\crw43331.cdb - 2735 virus records
[Virus base] C:\DOCUME~1\JUANTE~1.JUA\LOCALS~1\Temp\RarSFX0\crw43330.cdb - 2078 virus records
[Virus base] C:\DOCUME~1\JUANTE~1.JUA\LOCALS~1\Temp\RarSFX0\crw43329.cdb - 2490 virus records
[Virus base] C:\DOCUME~1\JUANTE~1.JUA\LOCALS~1\Temp\RarSFX0\crw43328.cdb - 743 virus records
[Virus base] C:\DOCUME~1\JUANTE~1.JUA\LOCALS~1\Temp\RarSFX0\crw43327.cdb - 958 virus records
[Virus base] C:\DOCUME~1\JUANTE~1.JUA\LOCALS~1\Temp\RarSFX0\crw43326.cdb - 793 virus records
[Virus base] C:\DOCUME~1\JUANTE~1.JUA\LOCALS~1\Temp\RarSFX0\crw43325.cdb - 713 virus records
[Virus base] C:\DOCUME~1\JUANTE~1.JUA\LOCALS~1\Temp\RarSFX0\crw43324.cdb - 655 virus records
[Virus base] C:\DOCUME~1\JUANTE~1.JUA\LOCALS~1\Temp\RarSFX0\crw43323.cdb - 655 virus records
[Virus base] C:\DOCUME~1\JUANTE~1.JUA\LOCALS~1\Temp\RarSFX0\crw43322.cdb - 778 virus records
[Virus base] C:\DOCUME~1\JUANTE~1.JUA\LOCALS~1\Temp\RarSFX0\crw43321.cdb - 846 virus records
[Virus base] C:\DOCUME~1\JUANTE~1.JUA\LOCALS~1\Temp\RarSFX0\crw43320.cdb - 808 virus records
[Virus base] C:\DOCUME~1\JUANTE~1.JUA\LOCALS~1\Temp\RarSFX0\crw43319.cdb - 764 virus records
[Virus base] C:\DOCUME~1\JUANTE~1.JUA\LOCALS~1\Temp\RarSFX0\crw43318.cdb - 838 virus records
[Virus base] C:\DOCUME~1\JUANTE~1.JUA\LOCALS~1\Temp\RarSFX0\crw43317.cdb - 363 virus records
[Virus base] C:\DOCUME~1\JUANTE~1.JUA\LOCALS~1\Temp\RarSFX0\crw43316.cdb - 730 virus records
[Virus base] C:\DOCUME~1\JUANTE~1.JUA\LOCALS~1\Temp\RarSFX0\crw43315.cdb - 627 virus records
[Virus base] C:\DOCUME~1\JUANTE~1.JUA\LOCALS~1\Temp\RarSFX0\crw43314.cdb - 824 virus records
[Virus base] C:\DOCUME~1\JUANTE~1.JUA\LOCALS~1\Temp\RarSFX0\crw43313.cdb - 842 virus records
[Virus base] C:\DOCUME~1\JUANTE~1.JUA\LOCALS~1\Temp\RarSFX0\crw43312.cdb - 830 virus records
[Virus base] C:\DOCUME~1\JUANTE~1.JUA\LOCALS~1\Temp\RarSFX0\crw43311.cdb - 862 virus records
[Virus base] C:\DOCUME~1\JUANTE~1.JUA\LOCALS~1\Temp\RarSFX0\crw43310.cdb - 853 virus records
[Virus base] C:\DOCUME~1\JUANTE~1.JUA\LOCALS~1\Temp\RarSFX0\crw43309.cdb - 733 virus records
[Virus base] C:\DOCUME~1\JUANTE~1.JUA\LOCALS~1\Temp\RarSFX0\crw43308.cdb - 708 virus records
[Virus base] C:\DOCUME~1\JUANTE~1.JUA\LOCALS~1\Temp\RarSFX0\crw43307.cdb - 839 virus records
[Virus base] C:\DOCUME~1\JUANTE~1.JUA\LOCALS~1\Temp\RarSFX0\crw43306.cdb - 930 virus records
[Virus base] C:\DOCUME~1\JUANTE~1.JUA\LOCALS~1\Temp\RarSFX0\crw43305.cdb - 759 virus records
[Virus base] C:\DOCUME~1\JUANTE~1.JUA\LOCALS~1\Temp\RarSFX0\crw43304.cdb - 721 virus records
[Virus base] C:\DOCUME~1\JUANTE~1.JUA\LOCALS~1\Temp\RarSFX0\crw43303.cdb - 638 virus records
[Virus base] C:\DOCUME~1\JUANTE~1.JUA\LOCALS~1\Temp\RarSFX0\crw43302.cdb - 806 virus records
[Virus base] C:\DOCUME~1\JUANTE~1.JUA\LOCALS~1\Temp\RarSFX0\crw43301.cdb - 504 virus records
[Virus base] C:\DOCUME~1\JUANTE~1.JUA\LOCALS~1\Temp\RarSFX0\crw43300.cdb - 24 virus records
[Virus base] C:\DOCUME~1\JUANTE~1.JUA\LOCALS~1\Temp\RarSFX0\crwebase.cdb - 78674 virus records
[Virus base] C:\DOCUME~1\JUANTE~1.JUA\LOCALS~1\Temp\RarSFX0\cwrtoday.cdb - 416 virus records
[Virus base] C:\DOCUME~1\JUANTE~1.JUA\LOCALS~1\Temp\RarSFX0\cwr43301.cdb - 697 virus records
[Virus base] C:\DOCUME~1\JUANTE~1.JUA\LOCALS~1\Temp\RarSFX0\crwrisky.cdb - 1271 virus records
[Virus base] C:\DOCUME~1\JUANTE~1.JUA\LOCALS~1\Temp\RarSFX0\cwntoday.cdb - 764 virus records
[Virus base] C:\DOCUME~1\JUANTE~1.JUA\LOCALS~1\Temp\RarSFX0\cwn43306.cdb - 781 virus records
[Virus base] C:\DOCUME~1\JUANTE~1.JUA\LOCALS~1\Temp\RarSFX0\cwn43305.cdb - 752 virus records
[Virus base] C:\DOCUME~1\JUANTE~1.JUA\LOCALS~1\Temp\RarSFX0\cwn43304.cdb - 793 virus records
[Virus base] C:\DOCUME~1\JUANTE~1.JUA\LOCALS~1\Temp\RarSFX0\cwn43303.cdb - 766 virus records
[Virus base] C:\DOCUME~1\JUANTE~1.JUA\LOCALS~1\Temp\RarSFX0\cwn43302.cdb - 850 virus records
[Virus base] C:\DOCUME~1\JUANTE~1.JUA\LOCALS~1\Temp\RarSFX0\cwn43301.cdb - 772 virus records
[Virus base] C:\DOCUME~1\JUANTE~1.JUA\LOCALS~1\Temp\RarSFX0\crwnasty.cdb - 4867 virus records
Total virus records: 176007
Key file: C:\DOCUME~1\JUANTE~1.JUA\LOCALS~1\Temp\RarSFX0\cureit.key
License key number: 0010092936
Registered to: Dr.Web CureIt Project
License key activates: 2007-02-05
License key expires: 2010-02-11

-----------------------------------------------------------------------------
Scan statistics
-----------------------------------------------------------------------------
Objects scanned: 0
Infected objects found: 0
Objects with modifications found: 0
Suspicious objects found: 0
Adware programs found: 0
Dialer programs found: 0
Joke programs found: 0
Riskware programs found: 0
Hacktool programs found: 0
Objects cured: 0
Objects deleted: 0
Objects renamed: 0
Objects moved: 0
Objects ignored: 0
Scan speed: 0 Kb/s
Scan time: 00:00:00
-----------------------------------------------------------------------------

[Scan path] c:\documents and settings\all users.windows\start menu\programs\startup\desktop.ini
[Scan path] c:\documents and settings\juan tellado.juan-2ba7d1036a\desktop\cureit.exe
[Scan path] c:\documents and settings\juan tellado.juan-2ba7d1036a\local settings\temp\rarsfx0\_start.exe
[Scan path] c:\documents and settings\juan tellado.juan-2ba7d1036a\local settings\temp\rarsfx0\cureit.exe
[Scan path] c:\documents and settings\juan tellado.juan-2ba7d1036a\start menu\programs\startup\desktop.ini
[Scan path] c:\program files\adobe\acrobat 5.0\reader\activex\acroiehelper.ocx
[Scan path] c:\program files\ahead\incd\incd.exe
[Scan path] c:\program files\ahead\incd\incdshx.dll
[Scan path] c:\program files\ahead\incd\incdsrv.exe
[Scan path] c:\program files\antivir personaledition classic\avgio.sys
[Scan path] c:\program files\antivir personaledition classic\avgnt.exe
[Scan path] c:\program files\antivir personaledition classic\avgntflt.sys
[Scan path] c:\program files\antivir personaledition classic\avguard.exe
[Scan path] c:\program files\antivir personaledition classic\sched.exe
[Scan path] c:\program files\antivir personaledition classic\shlext.dll
[Scan path] c:\program files\common files\microsoft shared\dw\dwtrig20.exe
[Scan path] c:\program files\common files\microsoft shared\information retrieval\msitss.dll
[Scan path] c:\program files\common files\microsoft shared\office11\msoxmlmf.dll
[Scan path] c:\program files\common files\microsoft shared\source engine\ose.exe
[Scan path] c:\program files\common files\microsoft shared\vs7debug\mdm.exe
[Scan path] c:\program files\common files\microsoft shared\web components\10\owc10.dll
[Scan path] c:\program files\common files\microsoft shared\web components\11\owc11.dll
[Scan path] c:\program files\common files\microsoft shared\web folders\msonsext.dll
[Scan path] c:\program files\common files\system\ole db\oledb32.dll
[Scan path] c:\program files\google\common\google updater\googleupdaterservice.exe
[Scan path] c:\program files\google\google updater\googleupdater.exe
[Scan path] c:\program files\google\googletoolbar1.dll
[Scan path] c:\program files\google\googletoolbarnotifier\1.2.1128.5462\googletoolbarnotifier.exe
[Scan path] c:\program files\ipod\bin\ipodservice.exe
[Scan path] c:\program files\itunes\ituneshelper.exe
[Scan path] c:\program files\itunes\itunesminiplayer.dll
[Scan path] c:\program files\java\jre1.6.0\bin\jusched.exe
[Scan path] c:\program files\java\jre1.6.0\bin\ssv.dll
[Scan path] c:\program files\lexmark 3400 series\ezprint.exe
[Scan path] c:\program files\lexmark 3400 series\lxcymon.exe
[Scan path] c:\program files\lexmark fax solutions\fm3032.exe
[Scan path] c:\program files\messenger\msmsgs.exe
[Scan path] c:\program files\microsoft office\office11\mlshext.dll
[Scan path] c:\program files\microsoft office\office11\msohev.dll
[Scan path] c:\program files\microsoft office\office11\olkfstub.dll
[Scan path] c:\program files\morpheus\morpheus.exe
[Scan path] c:\program files\outlook express\setup50.exe
[Scan path] c:\program files\outlook express\wabfind.dll
[Scan path] c:\program files\spybot - search & destroy\sdhelper.dll
[Scan path] c:\program files\via\raid\raid_tool.exe
[Scan path] c:\program files\windows defender\mpshhook.dll
[Scan path] c:\program files\windows defender\msascui.exe
[Scan path] c:\program files\windows defender\msmpeng.exe
[Scan path] c:\windows\explorer.exe
[Scan path] c:\windows\inf\unregmp2.exe
[Scan path] c:\windows\msagent\agentpsh.dll
[Scan path] c:\windows\network diagnostic\xpnetdiag.exe
[Scan path] c:\windows\soundman.exe
[Scan path] c:\windows\system32\advapi32.dll
[Scan path] c:\windows\system32\advpack.dll
[Scan path] c:\windows\system32\alg.exe
[Scan path] c:\windows\system32\appwiz.cpl
[Scan path] c:\windows\system32\autochk.exe
[Scan path] c:\windows\system32\browseui.dll
[Scan path] c:\windows\system32\cabview.dll
[Scan path] c:\windows\system32\cdfview.dll
[Scan path] c:\windows\system32\cisvc.exe
[Scan path] c:\windows\system32\clipsrv.exe
[Scan path] c:\windows\system32\cnbjmon.dll
[Scan path] c:\windows\system32\comdlg32.dll
[Scan path] c:\windows\system32\crypt32.dll
[Scan path] c:\windows\system32\cryptext.dll
[Scan path] c:\windows\system32\cryptnet.dll
[Scan path] c:\windows\system32\cscdll.dll
[Scan path] c:\windows\system32\cscui.dll
[Scan path] c:\windows\system32\csrss.exe
[Scan path] c:\windows\system32\ctfmon.exe
[Scan path] c:\windows\system32\deskadp.dll
[Scan path] c:\windows\system32\deskmon.dll
[Scan path] c:\windows\system32\deskperf.dll
[Scan path] c:\windows\system32\dfsshlex.dll
[Scan path] c:\windows\system32\diskcopy.dll
[Scan path] c:\windows\system32\dllhost.exe
[Scan path] c:\windows\system32\dmadmin.exe
[Scan path] c:\windows\system32\docprop.dll
[Scan path] c:\windows\system32\docprop2.dll
[Scan path] c:\windows\system32\drivers\acpi.sys
[Scan path] c:\windows\system32\drivers\aec.sys
[Scan path] c:\windows\system32\drivers\afd.sys
[Scan path] c:\windows\system32\drivers\alcxwdm.sys
[Scan path] c:\windows\system32\drivers\asyncmac.sys
[Scan path] c:\windows\system32\drivers\atapi.sys
[Scan path] c:\windows\system32\drivers\atmarpc.sys
[Scan path] c:\windows\system32\drivers\audstub.sys
[Scan path] c:\windows\system32\drivers\bios.sys
[Scan path] c:\windows\system32\drivers\cdrom.sys
[Scan path] c:\windows\system32\drivers\disk.sys
[Scan path] c:\windows\system32\drivers\dmboot.sys
[Scan path] c:\windows\system32\drivers\dmusic.sys
[Scan path] c:\windows\system32\drivers\drmkaud.sys
[Scan path] c:\windows\system32\drivers\fdc.sys
[Scan path] c:\windows\system32\drivers\fetnd5bv.sys
[Scan path] c:\windows\system32\drivers\flpydisk.sys
[Scan path] c:\windows\system32\drivers\fltmgr.sys
[Scan path] c:\windows\system32\drivers\ftdisk.sys
[Scan path] c:\windows\system32\drivers\gearaspiwdm.sys
[Scan path] c:\windows\system32\drivers\hidusb.sys
[Scan path] c:\windows\system32\drivers\http.sys
[Scan path] c:\windows\system32\drivers\i8042prt.sys
[Scan path] c:\windows\system32\drivers\imapi.sys
[Scan path] c:\windows\system32\drivers\incdpass.sys
[Scan path] c:\windows\system32\drivers\intelppm.sys
[Scan path] c:\windows\system32\drivers\ip6fw.sys
[Scan path] c:\windows\system32\drivers\ipfltdrv.sys
[Scan path] c:\windows\system32\drivers\ipinip.sys
[Scan path] c:\windows\system32\drivers\ipnat.sys
[Scan path] c:\windows\system32\drivers\ipsec.sys
[Scan path] c:\windows\system32\drivers\irenum.sys
[Scan path] c:\windows\system32\drivers\isapnp.sys
[Scan path] c:\windows\system32\drivers\kbdclass.sys
[Scan path] c:\windows\system32\drivers\kmixer.sys
[Scan path] c:\windows\system32\drivers\lmimirr.sys
[Scan path] c:\windows\system32\drivers\modemcsa.sys
[Scan path] c:\windows\system32\drivers\mouclass.sys
[Scan path] c:\windows\system32\drivers\mrxdav.sys
[Scan path] c:\windows\system32\drivers\mrxsmb.sys
[Scan path] c:\windows\system32\drivers\msgpc.sys
[Scan path] c:\windows\system32\drivers\mskssrv.sys
[Scan path] c:\windows\system32\drivers\mspclock.sys
[Scan path] c:\windows\system32\drivers\mspqm.sys
[Scan path] c:\windows\system32\drivers\mssmbios.sys
[Scan path] c:\windows\system32\drivers\mtlmnt5.sys
[Scan path] c:\windows\system32\drivers\mtlstrm.sys
[Scan path] c:\windows\system32\drivers\ndistapi.sys
[Scan path] c:\windows\system32\drivers\ndisuio.sys
[Scan path] c:\windows\system32\drivers\ndiswan.sys
[Scan path] c:\windows\system32\drivers\netbios.sys
[Scan path] c:\windows\system32\drivers\netbt.sys
[Scan path] c:\windows\system32\drivers\ntmtlfax.sys
[Scan path] c:\windows\system32\drivers\nwlnkflt.sys
[Scan path] c:\windows\system32\drivers\nwlnkfwd.sys
[Scan path] c:\windows\system32\drivers\parport.sys
[Scan path] c:\windows\system32\drivers\pci.sys
[Scan path] c:\windows\system32\drivers\pcouffin.sys
[Scan path] c:\windows\system32\drivers\psched.sys
[Scan path] c:\windows\system32\drivers\ptilink.sys
[Scan path] c:\windows\system32\drivers\rasacd.sys
[Scan path] c:\windows\system32\drivers\rasl2tp.sys
[Scan path] c:\windows\system32\drivers\raspppoe.sys
[Scan path] c:\windows\system32\drivers\raspptp.sys
[Scan path] c:\windows\system32\drivers\raspti.sys
[Scan path] c:\windows\system32\drivers\rdbss.sys
[Scan path] c:\windows\system32\drivers\rdpcdd.sys
[Scan path] c:\windows\system32\drivers\recagent.sys
[Scan path] c:\windows\system32\drivers\redbook.sys
[Scan path] c:\windows\system32\drivers\secdrv.sys
[Scan path] c:\windows\system32\drivers\serenum.sys
[Scan path] c:\windows\system32\drivers\serial.sys
[Scan path] c:\windows\system32\drivers\slntamr.sys
[Scan path] c:\windows\system32\drivers\slnthal.sys
[Scan path] c:\windows\system32\drivers\slwdmsup.sys
[Scan path] c:\windows\system32\drivers\splitter.sys
[Scan path] c:\windows\system32\drivers\sr.sys
[Scan path] c:\windows\system32\drivers\srv.sys
[Scan path] c:\windows\system32\drivers\swenum.sys
[Scan path] c:\windows\system32\drivers\swmidi.sys
[Scan path] c:\windows\system32\drivers\sysaudio.sys
[Scan path] c:\windows\system32\drivers\tcpip.sys
[Scan path] c:\windows\system32\drivers\termdd.sys
[Scan path] c:\windows\system32\drivers\uagp35.sys
[Scan path] c:\windows\system32\drivers\update.sys
[Scan path] c:\windows\system32\drivers\usbccgp.sys
[Scan path] c:\windows\system32\drivers\usbehci.sys
[Scan path] c:\windows\system32\drivers\usbhub.sys
[Scan path] c:\windows\system32\drivers\usbprint.sys
[Scan path] c:\windows\system32\drivers\usbscan.sys
[Scan path] c:\windows\system32\drivers\usbstor.sys
[Scan path] c:\windows\system32\drivers\usbuhci.sys
[Scan path] c:\windows\system32\drivers\vga.sys
[Scan path] c:\windows\system32\drivers\viaide.sys
[Scan path] c:\windows\system32\drivers\viamraid.sys
[Scan path] c:\windows\system32\drivers\vtmini.sys
[Scan path] c:\windows\system32\drivers\wanarp.sys
[Scan path] c:\windows\system32\drivers\wdmaud.sys
[Scan path] c:\windows\system32\dskquoui.dll
[Scan path] c:\windows\system32\dsquery.dll
[Scan path] c:\windows\system32\dssec.dll
[Scan path] c:\windows\system32\dsuiext.dll
[Scan path] c:\windows\system32\extmgr.dll
[Scan path] c:\windows\system32\fontext.dll
[Scan path] c:\windows\system32\gdi32.dll
[Scan path] c:\windows\system32\hticons.dll
[Scan path] c:\windows\system32\icmui.dll
[Scan path] c:\windows\system32\ie4uinit.exe
[Scan path] c:\windows\system32\iedkcs32.dll
[Scan path] c:\windows\system32\ieframe.dll
[Scan path] c:\windows\system32\ieudinit.exe
[Scan path] c:\windows\system32\imagehlp.dll
[Scan path] c:\windows\system32\imapi.exe
[Scan path] c:\windows\system32\inetcomm.dll
[Scan path] c:\windows\system32\itss.dll
[Scan path] c:\windows\system32\kerberos.dll
[Scan path] c:\windows\system32\kernel32.dll
[Scan path] c:\windows\system32\localspl.dll
[Scan path] c:\windows\system32\locator.exe
[Scan path] c:\windows\system32\logonui.exe
[Scan path] c:\windows\system32\lsass.exe
[Scan path] c:\windows\system32\lxcycoms.exe
[Scan path] c:\windows\system32\lxcylmpm.dll
[Scan path] c:\windows\system32\lxprmon.dll
[Scan path] c:\windows\system32\lz32.dll
[Scan path] c:\windows\system32\mdimon.dll
[Scan path] c:\windows\system32\mmcshext.dll
[Scan path] c:\windows\system32\mmsys.cpl
[Scan path] c:\windows\system32\mnmsrvc.exe
[Scan path] c:\windows\system32\msdtc.exe
[Scan path] c:\windows\system32\mshtml.dll
[Scan path] c:\windows\system32\msieftp.dll
[Scan path] c:\windows\system32\msiexec.exe
[Scan path] c:\windows\system32\mstask.dll
[Scan path] c:\windows\system32\msv1_0.dll
[Scan path] c:\windows\system32\msvidctl.dll
[Scan path] c:\windows\system32\mswsock.dll
[Scan path] c:\windows\system32\mydocs.dll
[Scan path] c:\windows\system32\nerocheck.exe
[Scan path] c:\windows\system32\netdde.exe
[Scan path] c:\windows\system32\netplwiz.dll
[Scan path] c:\windows\system32\netshell.dll
[Scan path] c:\windows\system32\ntlanui2.dll
[Scan path] c:\windows\system32\ntsd.exe
[Scan path] c:\windows\system32\ntshrui.dll
[Scan path] c:\windows\system32\occache.dll
[Scan path] c:\windows\system32\ole32.dll
[Scan path] c:\windows\system32\oleaut32.dll
[Scan path] c:\windows\system32\olecli32.dll
[Scan path] c:\windows\system32\olecnv32.dll
[Scan path] c:\windows\system32\olesvr32.dll
[Scan path] c:\windows\system32\olethk32.dll
[Scan path] c:\windows\system32\osk.exe
[Scan path] c:\windows\system32\photowiz.dll
[Scan path] c:\windows\system32\pjlmon.dll
[Scan path] c:\windows\system32\printui.dll
[Scan path] c:\windows\system32\regsvr32.exe
[Scan path] c:\windows\system32\remotepg.dll
[Scan path] c:\windows\system32\rpcrt4.dll
[Scan path] c:\windows\system32\rpcss.dll
[Scan path] c:\windows\system32\rshx32.dll
[Scan path] c:\windows\system32\rsvp.exe
[Scan path] c:\windows\system32\rsvpsp.dll
[Scan path] c:\windows\system32\rundll32.exe
[Scan path] c:\windows\system32\scardsvr.exe
[Scan path] c:\windows\system32\scecli.dll
[Scan path] c:\windows\system32\schannel.dll
[Scan path] c:\windows\system32\sclgntfy.dll
[Scan path] c:\windows\system32\sendmail.dll
[Scan path] c:\windows\system32\services.exe
[Scan path] c:\windows\system32\sessmgr.exe
[Scan path] c:\windows\system32\setupapi.dll
[Scan path] c:\windows\system32\setupnt.sys
[Scan path] c:\windows\system32\shdocvw.dll
[Scan path] c:\windows\system32\shell32.dll
[Scan path] c:\windows\system32\shimgvw.dll
[Scan path] c:\windows\system32\shmedia.dll
[Scan path] c:\windows\system32\shmgrate.exe
[Scan path] c:\windows\system32\shscrap.dll
[Scan path] c:\windows\system32\slayerxp.dll
[Scan path] c:\windows\system32\slserv.exe
[Scan path] c:\windows\system32\smlogsvc.exe
[Scan path] c:\windows\system32\smss.exe
[Scan path] c:\windows\system32\spool\drivers\w32x86\3\lxcyserv.exe
[Scan path] c:\windows\system32\spool\drivers\w32x86\3\lxcytime.dll
[Scan path] c:\windows\system32\spoolsv.exe
[Scan path] c:\windows\system32\ssstars.scr
[Scan path] c:\windows\system32\stobject.dll
[Scan path] c:\windows\system32\svchost.exe
[Scan path] c:\windows\system32\syncui.dll
[Scan path] c:\windows\system32\tcpmon.dll
[Scan path] c:\windows\system32\themeui.dll
[Scan path] c:\windows\system32\twext.dll
[Scan path] c:\windows\system32\ups.exe
[Scan path] c:\windows\system32\url.dll
[Scan path] c:\windows\system32\urlmon.dll
[Scan path] c:\windows\system32\usbmon.dll
[Scan path] c:\windows\system32\user32.dll
[Scan path] c:\windows\system32\version.dll
[Scan path] c:\windows\system32\vssvc.exe
[Scan path] c:\windows\system32\vttimer.exe
[Scan path] c:\windows\system32\vttrayp.exe
[Scan path] c:\windows\system32\wbem\wmiapsrv.exe
[Scan path] c:\windows\system32\wdigest.dll
[Scan path] c:\windows\system32\webcheck.dll
[Scan path] c:\windows\system32\wiascr.dll
[Scan path] c:\windows\system32\wiashext.dll
[Scan path] c:\windows\system32\wininet.dll
[Scan path] c:\windows\system32\winlogon.exe
[Scan path] c:\windows\system32\wldap32.dll
[Scan path] c:\windows\system32\wlnotify.dll
[Scan path] c:\windows\system32\wmpshell.dll
[Scan path] c:\windows\system32\wshext.dll
[Scan path] c:\windows\system32\wuaucpl.cpl
[Scan path] c:\windows\system32\zipfldr.dll
-----------------------------------------------------------------------------
Scan statistics
-----------------------------------------------------------------------------
Objects scanned: 302
Infected objects found: 0
Objects with modifications found: 0
Suspicious objects found: 0
Adware programs found: 0
Dialer programs found: 0
Joke programs found: 0
Riskware programs found: 0
Hacktool programs found: 0
Objects cured: 0
Objects deleted: 0
Objects renamed: 0
Objects moved: 0
Objects ignored: 0
Scan speed: 3331 Kb/s
Scan time: 00:00:30
-----------------------------------------------------------------------------

[Scan path] C:\
C:\Documents and Settings\Juan Tellado.JUAN-2BA7D1036A\NTUSER.DAT - read error
C:\Documents and Settings\Juan Tellado.JUAN-2BA7D1036A\NTUSER~1.LOG - read error

Invalid path to file C:\Documents and Settings\Juan Tellado.JUAN-2BA7D1036A\Incomplete\Preview-T-51095813-German 17 yo girl wants the job and the boss-reluctantly she excepts 25 minutes of brutal anal sex before he cums inside her mouth and all over her face-Hi Guys! Dr Dibbers Spr.mpg
C:\Documents and Settings\Juan Tellado.JUAN-2BA7D1036A\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - read error
C:\Documents and Settings\Juan Tellado.JUAN-2BA7D1036A\Local Settings\Application Data\Microsoft\Windows\USRCLA~1.LOG - read error
C:\Documents and Settings\NetworkService.NT AUTHORITY\NTUSER.DAT - read error
C:\Documents and Settings\NetworkService.NT AUTHORITY\NTUSER~1.LOG - read error
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - read error
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\USRCLA~1.LOG - read error
C:\Downloads\MLBPlayballSetup-dm[1].exe is adware program Adware.TryMedia
>C:\Downloads\SHOW_VIDEO_FILE(1).exe is adware program Adware.Relevance
>C:\Downloads\SHOW_VIDEO_FILE.exe is adware program Adware.Relevance
C:\Program Files\Screensavers.com\SSSInst\bin\SSSInst.dll is adware program Adware.Comet
C:\WINDOWS\Downloaded Program Files\CacheManager.ocx is adware program Adware.Cashman
C:\WINDOWS\system32\config\default - read error
C:\WINDOWS\system32\config\default.LOG - read error
C:\WINDOWS\system32\config\SAM - read error
C:\WINDOWS\system32\config\SAM.LOG - read error
C:\WINDOWS\system32\config\SECURITY - read error
C:\WINDOWS\system32\config\SECURITY.LOG - read error
C:\WINDOWS\system32\config\software - read error
C:\WINDOWS\system32\config\software.LOG - read error
C:\WINDOWS\system32\config\system - read error
C:\WINDOWS\system32\config\system.LOG - read error

-----------------------------------------------------------------------------
Scan statistics
-----------------------------------------------------------------------------
Objects scanned: 159600
Infected objects found: 0
Objects with modifications found: 0
Suspicious objects found: 0
Adware programs found: 5
Dialer programs found: 0
Joke programs found: 0
Riskware programs found: 0
Hacktool programs found: 0
Objects cured: 0
Objects deleted: 0
Objects renamed: 0
Objects moved: 0
Objects ignored: 0
Scan speed: 206 Kb/s
Scan time: 01:03:37
-----------------------------------------------------------------------------

C:\Downloads\MLBPlayballSetup-dm[1].exe - incurable - deleted
C:\Downloads\SHOW_VIDEO_FILE(1).exe - incurable - deleted
C:\Downloads\SHOW_VIDEO_FILE.exe - incurable - deleted
C:\Program Files\Screensavers.com\SSSInst\bin\SSSInst.dll - incurable - deleted
C:\WINDOWS\Downloaded Program Files\CacheManager.ocx - incurable - deleted

=============================================================================
Total session statistics
=============================================================================
Objects scanned: 159902
Infected objects found: 0
Objects with modifications found: 0
Suspicious objects found: 0
Adware programs found: 5
Dialer programs found: 0
Joke programs found: 0
Riskware programs found: 0
Hacktool programs found: 0
Objects cured: 0
Objects deleted: 5
Objects renamed: 0
Objects moved: 0
Objects ignored: 0
Scan speed: 230 Kb/s
Scan time: 01:04:07
==============="Juan Tellado" - 07-03-13 15:33:19 Service Pack 2
ComboFix 07-02-11 - Running from: "C:\Documents and Settings\Juan Tellado.JUAN-2BA7D1036A\Desktop"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67


((((((((((((((((((((((((((((((( Files Created from 2007-02-13 to 2007-03-13 ))))))))))))))))))))))))))))))))))


2007-03-13 14:19 <DIR> d-------- C:\DOCUME~1\JUANTE~1.JUA\DoctorWeb
2007-03-13 14:11 <DIR> d-------- C:\hijackth
2007-03-13 13:59 692,224 --a------ C:\WINDOWS\system32\lxcydrs.dll
2007-03-13 13:59 65,536 --a------ C:\WINDOWS\system32\lxcycaps.dll
2007-03-13 13:59 61,440 --a------ C:\WINDOWS\system32\lxcycnv4.dll
2007-03-13 13:59 409,600 --a------ C:\WINDOWS\system32\lxcyinpa.dll
2007-03-13 13:59 40,960 --a------ C:\WINDOWS\system32\LXPRMON.DLL
2007-03-13 13:59 40,960 --a------ C:\WINDOWS\system32\lxcyvs.dll
2007-03-13 13:59 393,216 --a------ C:\WINDOWS\system32\lxcyiesc.dll
2007-03-13 13:59 32,768 --a------ C:\WINDOWS\system32\LXPMONUI.DLL
2007-03-13 13:59 303,104 --a------ C:\WINDOWS\system32\lxcycoin.dll
2007-03-13 13:58 12,288 --a------ C:\WINDOWS\system32\LXPMONRC.DLL
2007-03-13 13:58 <DIR> d-------- C:\Program Files\Lexmark Fax Solutions
2007-03-13 13:57 995,328 --a------ C:\WINDOWS\system32\lxcyusb1.dll
2007-03-13 13:57 983,107 --a------ C:\WINDOWS\system32\lxcygf.dll
2007-03-13 13:57 86,016 --a------ C:\WINDOWS\system32\lxcycub.dll
2007-03-13 13:57 73,728 --a------ C:\WINDOWS\system32\lxcycu.dll
2007-03-13 13:57 73,728 --a------ C:\WINDOWS\system32\lxcycfg.dll
2007-03-13 13:57 696,320 --a------ C:\WINDOWS\system32\lxcyhbn3.dll
2007-03-13 13:57 667,648 --a------ C:\WINDOWS\system32\lxcypmui.dll
2007-03-13 13:57 610,304 --a------ C:\WINDOWS\system32\lxcycomc.dll
2007-03-13 13:57 536,576 --a------ C:\WINDOWS\system32\lxcylmpm.dll
2007-03-13 13:57 495,616 --a------ C:\WINDOWS\system32\lxcycoms.exe
2007-03-13 13:57 446,464 --a------ C:\WINDOWS\system32\lxcyutil.dll
2007-03-13 13:57 421,888 --a------ C:\WINDOWS\system32\lxcycomm.dll
2007-03-13 13:57 385,024 --a------ C:\WINDOWS\system32\lxcycfg.exe
2007-03-13 13:57 380,928 --a------ C:\WINDOWS\system32\lxcyih.exe
2007-03-13 13:57 36,864 --a------ C:\WINDOWS\system32\lxcycur.dll
2007-03-13 13:57 233,472 --a------ C:\WINDOWS\system32\lxcyinst.dll
2007-03-13 13:57 200,704 --a------ C:\WINDOWS\system32\lxcyinsb.dll
2007-03-13 13:57 163,840 --a------ C:\WINDOWS\system32\lxcyprox.dll
2007-03-13 13:57 155,648 --a------ C:\WINDOWS\system32\lxcyins.dll
2007-03-13 13:57 139,264 --a------ C:\WINDOWS\system32\lxcyjswr.dll
2007-03-13 13:57 114,688 --a------ C:\WINDOWS\system32\lxcypplc.dll
2007-03-13 13:57 106,496 --a------ C:\WINDOWS\system32\lxcyinsr.dll
2007-03-13 13:57 1,183,744 --a------ C:\WINDOWS\system32\lxcyserv.dll
2007-03-13 13:57 <DIR> d-------- C:\Program Files\Lexmark 3400 Series
2007-03-13 10:47 1,168 --a------ C:\WINDOWS\mozver.dat
2007-03-13 07:42 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2007-03-13 07:18 0 --a------ C:\WINDOWS\nsreg.dat
2007-03-13 07:17 <DIR> d-------- C:\Program Files\Mozilla Firefox
2007-03-12 16:42 87,608 --a------ C:\DOCUME~1\JUANTE~1.JUA\Application Data\ezpinst.exe
2007-03-12 16:42 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys
2007-03-12 16:42 47,360 --a------ C:\DOCUME~1\JUANTE~1.JUA\Application Data\pcouffin.sys
2007-03-12 16:42 <DIR> d-------- C:\DOCUME~1\JUANTE~1.JUA\Application Data\Vso
2007-03-12 15:32 <DIR> d-------- C:\WINDOWS\_ISTMP1.DIR
2007-03-12 15:30 1,974,272 --------- C:\WINDOWS\NuNinst.exe
2007-03-12 15:29 91,136 --a------ C:\WINDOWS\system32\drivers\InCDfs.sys
2007-03-12 15:29 5,760 --a------ C:\WINDOWS\system32\drivers\InCDrec.sys
2007-03-12 15:29 28,544 --a------ C:\WINDOWS\system32\drivers\InCDpass.sys
2007-03-12 15:29 <DIR> d-------- C:\WINDOWS\InCD
2007-03-12 15:27 569,344 --------- C:\WINDOWS\system32\imagr5.dll
2007-03-12 15:27 544,768 --------- C:\WINDOWS\system32\imagx5.dll
2007-03-12 15:27 38,912 --------- C:\WINDOWS\system32\picn20.dll
2007-03-12 15:27 283,920 --------- C:\WINDOWS\system32\ImagXpr5.dll
2007-03-12 15:27 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2007-03-12 15:27 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2007-03-12 15:12 <DIR> d-------- C:\DOCUME~1\JUANTE~1.JUA\Application Data\Media Player Classic
2007-03-11 22:01 <DIR> d-------- C:\Program Files\Ashampoo
2007-03-11 21:22 <DIR> d-------- C:\DOCUME~1\JUANTE~1.JUA\Application Data\IDM
2007-03-11 21:19 <DIR> d-------- C:\Program Files\KeePass Password Safe
2007-03-11 20:57 765,952 --a------ C:\WINDOWS\system32\xvidcore.dll
2007-03-11 20:57 73,728 --a------ C:\WINDOWS\system32\dpl100.dll
2007-03-11 20:57 635,486 --a------ C:\WINDOWS\system32\divx.dll
2007-03-11 20:57 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2007-03-11 20:57 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2007-03-11 20:57 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-03-11 20:57 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-03-11 20:57 196,608 --a------ C:\WINDOWS\system32\dtu100.dll
2007-03-11 20:57 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2007-03-11 20:57 10,752 --a------ C:\WINDOWS\system32\ff_vfw.dll
2007-03-11 20:57 1,565,480 --a------ C:\WINDOWS\system32\wmv9vcm.dll
2007-03-11 20:57 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2007-03-11 20:57 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2007-03-11 20:57 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\Application Data\Real
2007-03-09 22:02 <DIR> d-------- C:\Program Files\Morpheus
2007-03-09 22:02 <DIR> d-------- C:\DOCUME~1\JUANTE~1.JUA\Application Data\Morpheus
2007-03-09 21:58 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\Application Data\Google Updater
2007-03-09 21:33 <DIR> d-------- C:\WINDOWS\Prefetch
2007-03-09 21:24 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-03-09 21:10 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2007-03-09 21:10 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2007-03-08 10:36 289,280 --a------ C:\WINDOWS\uninst.exe
2007-03-08 10:32 <DIR> d-------- C:\Program Files\directx
2007-03-08 10:01 667 --a------ C:\WINDOWS\eReg.dat
2007-03-07 14:18 756,736 -ra------ C:\WINDOWS\system32\IR41_32.DLL
2007-03-07 14:18 56,832 -ra------ C:\WINDOWS\system32\IYVU9_32.DLL
2007-03-07 14:16 <DIR> d-------- C:\Program Files\Firaxis Games
2007-03-07 14:11 782,336 -ra------ C:\WINDOWS\system32\VTChromo.dll
2007-03-07 14:11 69,706 -ra------ C:\WINDOWS\system32\VTuninst.exe
2007-03-07 14:11 53,248 -ra------ C:\WINDOWS\system32\VTTimer.exe
2007-03-07 14:11 475,136 -ra------ C:\WINDOWS\system32\VTDisply.dll
2007-03-07 14:11 352,256 -ra------ C:\WINDOWS\system32\VTovrlay.dll
2007-03-07 14:11 352,256 -ra------ C:\WINDOWS\system32\VTGamma2.dll
2007-03-07 14:11 3,324,800 -ra------ C:\WINDOWS\system32\vtdisp.dll
2007-03-07 14:11 290,816 -ra------ C:\WINDOWS\system32\VTCfg3d.dll
2007-03-07 14:11 229,376 -ra------ C:\WINDOWS\system32\VTInfo2.dll
2007-03-07 14:11 173,312 -ra------ C:\WINDOWS\system32\drivers\vtmini.sys
2007-03-07 14:11 143,360 -ra------ C:\WINDOWS\system32\VTTrayp.exe
2007-03-07 14:11 1,810,432 -ra------ C:\WINDOWS\system32\vticd.dll
2007-03-07 14:11 <DIR> d-------- C:\DOCUME~1\JUANTE~1.JUA\WINDOWS
2007-03-07 14:05 60,672 -ra------ C:\WINDOWS\system32\drivers\viamraid.sys
2007-03-07 13:52 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2007-03-07 13:52 52,864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys
2007-03-07 13:52 40,960 --a------ C:\WINDOWS\system32\ChCfg.exe
2007-03-07 13:50 577,536 --a------ C:\WINDOWS\soundman.exe
2007-03-07 13:50 307,200 --a------ C:\WINDOWS\alcupd.exe
2007-03-07 13:50 3,845,696 --a------ C:\WINDOWS\system32\drivers\alcxwdm.sys
2007-03-07 13:50 217,088 --a------ C:\WINDOWS\Alcrmv.exe
2007-03-07 13:50 135,168 --a------ C:\WINDOWS\system32\RtlCPAPI.dll
2007-03-07 13:50 10,477,568 --a------ C:\WINDOWS\system32\RTLCPL.exe
2007-03-07 13:50 <DIR> d-------- C:\Program Files\Realtek AC97
2007-03-07 13:49 13,696 -ra------ C:\WINDOWS\system32\drivers\BIOS.sys
2007-03-02 09:31 <DIR> d-------- C:\DOCUME~1\JUANTE~1.JUA\Shared
2007-03-02 09:31 <DIR> d-------- C:\DOCUME~1\JUANTE~1.JUA\Incomplete
2007-03-02 09:31 <DIR> d-------- C:\DOCUME~1\JUANTE~1.JUA\Application Data\LimeWire


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-03-13 15:30 -------- d-------- C:\Program Files\lx_cats
2007-03-13 07:44 -------- d-------- C:\Program Files\windows live toolbar
2007-03-13 07:18 -------- d-------- C:\DOCUME~1\JUANTE~1.JUA\Application Data\mozilla
2007-03-12 18:32 -------- d-------- C:\Program Files\java
2007-03-12 16:51 7824 --a------ C:\DOCUME~1\JUANTE~1.JUA\Application Data\pcouffin.cat
2007-03-12 16:51 33 --a------ C:\DOCUME~1\JUANTE~1.JUA\Application Data\pcouffin.log
2007-03-12 16:51 1144 --a------ C:\DOCUME~1\JUANTE~1.JUA\Application Data\pcouffin.inf
2007-03-12 15:44 -------- d-------- C:\DOCUME~1\JUANTE~1.JUA\Application Data\real
2007-03-12 15:29 -------- d-------- C:\Program Files\ahead
2007-03-11 22:06 -------- d-------- C:\Program Files\antivir personaledition classic
2007-03-11 21:23 -------- d-------- C:\DOCUME~1\JUANTE~1.JUA\Application Data\dmcache
2007-03-11 20:56 -------- d-------- C:\Program Files\quicktime
2007-03-11 20:55 -------- d-------- C:\Program Files\Common Files\real
2007-03-10 23:40 -------- d-------- C:\Program Files\windows defender
2007-03-09 21:59 -------- d-------- C:\Program Files\google
2007-03-09 21:22 22720 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-03-07 13:50 -------- d-------- C:\Program Files\Common Files\installshield
2007-03-02 12:45 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-01-31 16:17 -------- d---s---- C:\DOCUME~1\JUANTE~1.JUA\Application Data\microsoft
2007-01-31 15:29 -------- d-------- C:\DOCUME~1\JUANTE~1.JUA\Application Data\wb05d1se
2007-01-31 15:13 -------- d--h----- C:\Program Files\installshield installation information
2007-01-30 17:32 -------- d-------- C:\Program Files\msn games
2007-01-30 17:09 -------- d-------- C:\Program Files\windows live safety center
2007-01-28 20:39 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2007-01-15 19:55 -------- d-------- C:\Program Files\virtools
2007-01-15 19:27 -------- d-------- C:\DOCUME~1\JUANTE~1.JUA\Application Data\macromedia
2007-01-15 11:03 -------- d-------- C:\DOCUME~1\JUANTE~1.JUA\Application Data\apple computer
2007-01-15 11:00 -------- d-------- C:\Program Files\itunes
2007-01-15 11:00 -------- d------

#4 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:07:04 AM

Posted 13 February 2007 - 03:58 PM

DrWeb deleted some adware,your Hijackthis log is clean,hows your pc running please.

If all's ok,please do the following:

Turn off System Restore,then turn it back on again:
Help if needed:
http://www.pchell.com/virus/systemrestore.shtml

Create a new System Restore Point:
Help if needed:
Click on Start/All Programs/Accessories/System Tools/System Restore.
In the System Restore window,click "Create a Restore Point" button,then click 'Next'.
In the window that appears,enter a description,then click on "Create", then "Close".
The date and time is created automatically.

You should now go to Windows Update and install any available critical/high priority updates.

Read through the info found here,to help you prevent any possible future infections.
How did I get infected?
http://www.bleepingcomputer.com/forums/t/2520/how-did-i-get-infected/

Edited by RichieUK, 13 February 2007 - 03:59 PM.

Posted Image
Posted Image

#5 yanky128

yanky128
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:02:04 AM

Posted 13 February 2007 - 08:10 PM

It's running way better again THANK YOU very much for everything and I'll take the advice and read and save the info to prevent this from happ. again again TY :thumbsup:

#6 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:07:04 AM

Posted 13 February 2007 - 08:32 PM

You're most welcome :thumbsup:

This thread will now be closed.
If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request. If you should have a new issue, please start a new topic. This applies only to the original topic starter. Everyone else please begin a New Topic.
Posted Image
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users