My Hijack This logfile [P]

Status
Not open for further replies.
T

Thief12

Solid State Member
Messages
12
My problem


-------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:03:08 PM, on 6/19/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\WINDOWS\system32\fxssvc.exe
C:\HijackThis.exe

O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5299/mcfscan.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

--
End of file - 3793 bytes
 
main.txt

Deckard's System Scanner v20071014.68
Run by Jessenia Pagán on 2008-06-19 22:36:58
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
62: 2008-06-20 03:37:06 UTC - RP210 - Deckard's System Scanner Restore Point
61: 2008-06-19 22:29:13 UTC - RP209 - Removed Norton Security Center
60: 2008-06-19 22:26:09 UTC - RP208 - Installed ESET NOD32 Antivirus
59: 2008-06-19 22:22:17 UTC - RP207 - Removed Norton Security Center
58: 2008-06-19 20:51:24 UTC - RP206 - Last known good configuration


-- First Restore Point --
1: 2008-06-19 20:50:25 UTC - RP149 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Jessenia Pagán.exe) --------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:39:04 PM, on 6/19/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\system32\svchost.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\Documents and Settings\Jessenia Pagán\Desktop\dss.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Jessenia Pagán.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0F8F84CF-DCBA-4426-AC18-30A8AB00C526} - C:\WINDOWS\system32\awtuSJCv.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {C7453184-6DF9-4F63-B6AA-8C1EB3590648} - C:\WINDOWS\system32\qoMfgfCv.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5299/mcfscan.cab
O20 - Winlogon Notify: awtuSJCv - C:\WINDOWS\SYSTEM32\awtuSJCv.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

--
End of file - 4822 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 IABFilt (Iomega Snapshot Volume Filter) - c:\windows\system32\drivers\iabfilt.sys <Not Verified; Iomega; Iomega Volume Filter Driver>
R0 Ovy03 - c:\windows\system32\drivers\ovy03.sys
R1 SbcpHid - c:\windows\system32\drivers\sbcphid.sys
R2 LxrJD31d - c:\windows\system32\drivers\lxrjd31d.sys
R3 tcpsr - c:\windows\system32\drivers\tcpsr.sys (file missing)

S1 narqwe - c:\windows\system32\narqwe.sys
S3 DSproct - c:\program files\dellsupport\gtaction\triggers\dsproct.sys <Not Verified; Gteko Ltd.; processt>
S3 pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour>
R2 LxrJD31s (Lexar JD31) - lxrjd31s.exe

S2 Automatic LiveUpdate Scheduler - "c:\program files\symantec\liveupdate\aluschedulersvc.exe" (file missing)


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-06-19 21:05:00 366 --a------ C:\WINDOWS\Tasks\Symantec NetDetect.job
2008-06-13 20:04:01 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-05-19 and 2008-06-19 -----------------------------

2008-06-19 22:36:14 192512 --a------ C:\WINDOWS\system32\cbOCR.dll <Not Verified; TODO: <Company name>; TODO: <Product name>>
2008-06-19 18:18:45 0 dr-h----- C:\Documents and Settings\Jessenia Pagán\Recent
2008-06-19 18:09:24 162304 --a------ C:\WINDOWS\system32\ztvunrar36.dll
2008-06-19 18:09:24 77312 --a------ C:\WINDOWS\system32\ztvunace26.dll
2008-06-19 18:09:24 69632 --a------ C:\WINDOWS\system32\ztvcabinet.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) 2000 Operating System>
2008-06-19 18:09:24 153088 --a------ C:\WINDOWS\system32\UNRAR3.dll
2008-06-19 18:09:24 75264 --a------ C:\WINDOWS\system32\unacev2.dll
2008-06-19 18:09:03 0 d-------- C:\Documents and Settings\All Users\Application Data\Simply Super Software
2008-06-19 17:26:17 0 d-------- C:\Documents and Settings\All Users\Application Data\ESET
2008-06-19 16:53:15 86016 --a------ C:\WINDOWS\system32\yqpnbfoa.dll
2008-06-19 15:50:14 16288 --ahs---- C:\WINDOWS\system32\vCfgfMoq.ini2
2008-06-19 15:50:07 283136 --a------ C:\WINDOWS\system32\qoMfgfCv.dll
2008-06-18 23:51:16 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2008-06-18 21:47:33 2 --a------ C:\1885922393 <188592~1>
2008-06-18 21:47:11 30208 --a------ C:\WINDOWS\system32\drivers\Ovy03.sys
2008-06-18 21:47:10 0 --a------ C:\WINDOWS\system32\narqwe.sys
2008-06-18 21:46:51 33792 --a------ C:\WINDOWS\system32\awtuSJCv.dll
2008-06-18 21:25:29 0 d-------- C:\Documents and Settings\Jessenia Pagán\Application Data\CyberLink
2008-06-18 15:18:39 86016 --a------ C:\WINDOWS\unvise32.exe <Not Verified; MindVision Software; Installer VISE>
2008-06-18 15:18:37 0 d-------- C:\Program Files\DivXLand
2008-06-18 15:01:01 47360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2008-06-18 15:01:01 47360 --a------ C:\Documents and Settings\Jessenia Pagán\Application Data\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2008-06-18 15:01:00 0 d-------- C:\Documents and Settings\Jessenia Pagán\Application Data\Vso
2008-06-17 16:03:52 0 d-------- C:\Program Files\Windows Media Connect 2
2008-06-09 22:51:18 0 d-------- C:\Documents and Settings\Carlo Giovannetti\Application Data\Simply Super Software
2008-05-30 10:59:10 0 d-------- C:\Program Files\GIF Movie Gear
2008-05-21 23:10:02 0 dr-h----- C:\Documents and Settings\Carlo Giovannetti\Recent
2008-05-21 21:16:41 0 d-------- C:\cuidado-con-este-megavirustroyanoyspywa_files <CUIDAD~1>
2008-05-21 20:17:13 0 d-------- C:\Documents and Settings\Jessenia Pagán\.housecall6.6
2008-05-21 16:15:14 0 d-------- C:\WINDOWS\McAfee.com
2008-05-21 13:46:40 0 d-------- C:\Documents and Settings\Administrator\Contacts
2008-05-21 13:45:35 0 d-------- C:\Documents and Settings\Administrator\Application Data\Mozilla
2008-05-21 10:51:38 0 d-------- C:\Documents and Settings\Jessenia Pagán\Application Data\Simply Super Software


-- Find3M Report ---------------------------------------------------------------

2008-06-19 18:14:05 0 d-------- C:\Program Files\Norton AntiVirus
2008-06-19 18:14:05 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-06-19 18:11:13 0 d-------- C:\Program Files\Trojan Remover
2008-06-19 17:28:56 0 d-------- C:\Program Files\Symantec
2008-06-19 17:19:24 0 d-------- C:\Program Files\Common Files
2008-06-19 00:10:31 0 -r-hs---- C:\config.sys
2008-06-19 00:09:53 0 d-------- C:\Documents and Settings\Jessenia Pagán\Application Data\Walgreens
2008-06-19 00:05:11 0 d-------- C:\Program Files\LimeWire
2008-06-18 22:06:08 0 d-------- C:\Program Files\MagicISO
2008-06-18 15:13:59 33 --a------ C:\Documents and Settings\Jessenia Pagán\Application Data\pcouffin.log
2008-06-18 15:13:56 1144 --a------ C:\Documents and Settings\Jessenia Pagán\Application Data\pcouffin.inf
2008-06-18 15:13:56 7887 --a------ C:\Documents and Settings\Jessenia Pagán\Application Data\pcouffin.cat
2008-06-18 15:13:07 668 --a------ C:\Documents and Settings\Jessenia Pagán\Application Data\vso_ts_preview.xml
2008-06-18 14:28:04 0 d-------- C:\Program Files\Xvid
2008-06-10 00:16:08 0 d-------- C:\Program Files\Microsoft Works
2008-05-11 23:37:44 72192 -r-hs---- C:\WINDOWS\system32\amvo1.dll
2008-05-07 22:12:03 0 d-------- C:\Program Files\CCleaner
2008-05-07 22:11:25 0 d-------- C:\Program Files\MSConfig CleanUp
2008-05-07 21:40:33 1256118 --a------ C:\WINDOWS\system32\ddram.exe <Not Verified; instyler installation software; instyler ex-it!>
2008-04-23 19:01:58 0 d-------- C:\Program Files\Common Files\xing shared
2008-04-23 19:01:52 0 d-------- C:\Program Files\Common Files\Real
2008-04-21 15:38:01 0 d-------- C:\Program Files\Apple Software Update
2008-04-10 22:04:44 290816 -----n--- C:\WINDOWS\Setup1.exe <Not Verified; Microsoft Corporation; Microsoft Visual Basic para Windows>
2008-04-10 22:04:43 74240 --a------ C:\WINDOWS\ST6UNST.EXE <Not Verified; Microsoft Corporation; Microsoft® Visual Basic para Windows>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0F8F84CF-DCBA-4426-AC18-30A8AB00C526}]
06/18/2008 09:46 PM 33792 --a------ C:\WINDOWS\system32\awtuSJCv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C7453184-6DF9-4F63-B6AA-8C1EB3590648}]
06/19/2008 03:50 PM 283136 --a------ C:\WINDOWS\system32\qoMfgfCv.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [11/14/2007 03:05 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 05:00 AM]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{0F8F84CF-DCBA-4426-AC18-30A8AB00C526}"= C:\WINDOWS\system32\awtuSJCv.dll [06/18/2008 09:46 PM 33792]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtuSJCv]
awtuSJCv.dll 06/18/2008 09:46 PM 33792 C:\WINDOWS\system32\awtuSJCv.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\qoMfgfCv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ovy03.sys]
@="Driver"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{88a7711d-110c-11dd-835f-00123faa2178}]
AutoRun\command- F:\80avp08.com
explore\Command- F:\80avp08.com
open\Command- F:\80avp08.com


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A5CDF7EC-751B-46aa-AD69-4005FE080DE8}]
C:\WINDOWS\system32\wmipst.exe s



-- End of Deckard's System Scanner: finished at 2008-06-19 22:40:07 ------------
 
extra.txt

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
-----------------------
-- System Information
-----------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel(R) Pentium(R) 4 CPU 2.80GHz
CPU 1: Intel(R) Pentium(R) 4 CPU 2.80GHz
Percentage of Memory in Use: 39%
Physical Memory (total/avail): 1014.07 MiB / 616.07 MiB
Pagefile Memory (total/avail): 2441.27 MiB / 1890.15 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1928.39 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 145.96 GiB total, 24.65 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - ST3160023AS - 149.01 GiB - 3 partitions
\PARTITION0 - Unknown - 39.19 MiB
\PARTITION1 (bootable) - Installable File System - 145.96 GiB - C:
\PARTITION2 - Unknown - 3 GiB

-- Security Center ------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

AV: ESET NOD32 Antivirus 3.0 v3.0 (ESET, spol. s r. o.)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019"
"C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000"
"C:\\Program Files\\Soulseek\\slsk.exe"="C:\\Program Files\\Soulseek\\slsk.exe:*:Enabled:SoulSeek"
"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"="C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe:*:Enabled:EasyShare"
"E:\\NAT Manager\\natmgr.exe"="E:\\NAT Manager\\natmgr.exe:*:Enabled:SpeedTouch NAT manager"
"E:\\Setup Wizard\\SetupST.exe"="E:\\Setup Wizard\\SetupST.exe:*:Enabled:SpeedTouch Setup Wizard"
"C:\\Program Files\\Motorola\\Software Update\\msu.exe"="C:\\Program Files\\Motorola\\Software Update\\msu.exe:*:Enabled:msu"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"

-- Environment Variables -----

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Jessenia Pag n\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=JORGE
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Jessenia Pag n
LOGONSERVER=\\JORGE
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 1, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0401
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
SESSIONNAME=Console
SonicCentral=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\JESSEN~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\JESSEN~1\LOCALS~1\Temp
USERDOMAIN=JORGE
USERNAME=Jessenia Pag n
USERPROFILE=C:\Documents and Settings\Jessenia Pag n
windir=C:\WINDOWS


-- User Profiles ---------

Jorge Giovannetti (admin)
Camillia Cowling (admin)
Carlo Giovannetti (admin)
Jessenia Pagán (admin)
Administrator (admin)


-- Add/Remove Programs --------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
--> MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Premiere 6.0 --> C:\WINDOWS\UNINST.EXE -f"C:\Program Files\Adobe\Premiere 6.0\DeIsL1.isu" -c"C:\Program Files\Adobe\Premiere 6.0\Uninst.dll"
Adobe Reader 7.0.8 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
Advanced RealMedia Export Plug-in for Premiere 6.0 --> C:\Program Files\Adobe\Premiere 6.0\Plug-ins\RNCompiler\rnuninst.exe RealNetworks|RNCompiler|6.0
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
ArcSoft Panorama Maker 3 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A5F68DC8-0278-4AD8-B413-861509B5F25B}\Setup.exe" -l0x9
Avanquest update --> C:\Program Files\InstallShield Installation Information\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}\Setup.exe -runfromtemp -l0x0009 -removeonly
Bonjour --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{E0A96F36-D546-4A2A-BDAA-2A2A578B2C0D} /l1033
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
CCScore --> MsiExec.exe /I{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}
CleanUp! --> C:\Program Files\CleanUp!\uninstall.exe
Dell Driver Reset Tool --> MsiExec.exe /I{5905F42D-3F5F-4916-ADA6-94A3646AEE76}
DellSupport --> MsiExec.exe /X{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}
DivXLand Media Subtitler --> C:\WINDOWS\unvise32.exe C:\Program Files\DivXLand\Media Subtitler\uninstal.log
ESET NOD32 Antivirus --> MsiExec.exe /I{BB703122-AF65-4AD9-BCA0-273E165DABEE}
ESSBrwr --> MsiExec.exe /I{643EAE81-920C-4931-9F0B-4B343B225CA6}
ESSCDBK --> MsiExec.exe /I{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}
ESScore --> MsiExec.exe /I{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}
ESSgui --> MsiExec.exe /I{91517631-A9F3-4B7C-B482-43E0068FD55A}
ESShelp --> MsiExec.exe /I{87843A41-7808-4F2E-B13F-25C1E67CF2FD}
ESSini --> MsiExec.exe /I{8E92D746-CD9F-4B90-9668-42B74C14F765}
ESSPCD --> MsiExec.exe /I{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}
ESSPDock --> MsiExec.exe /I{FCDB1C92-03C6-4C76-8625-371224256091}
ESSSONIC --> MsiExec.exe /I{073F22CE-9A5B-4A40-A604-C7270AC6BF34}
ESSTOOLS --> MsiExec.exe /I{8A502E38-29C9-49FA-BCFA-D727CA062589}
essvatgt --> MsiExec.exe /I{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}
essvcpt --> MsiExec.exe /I{D1973749-F5E7-40EB-B528-F2B78685B9FF}
GIF Movie Gear 4.1.1 --> "C:\Program Files\GIF Movie Gear\unins000.exe"
High Definition Audio Driver Package - KB835221 --> C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 2.0.2 --> "C:\Documents and Settings\Carlo Giovannetti\My Documents\Cleanup Tools\HijackThis.exe" /uninstall
HLPPDOCK --> MsiExec.exe /I{154508C0-07C5-4659-A7A0-E49968750D21}
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Intel(R) 537EP V9x DF PCI Modem --> rundll32 IntelCci.dll,iSMUninstallation "Intel(R) 537EP V9x DF PCI Modem"
Intel(R) Graphics Media Accelerator Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2776 PCI\VEN_8086&DEV_2772
Intel(R) PRO Network Connections Drivers --> Prounstl.exe
Intel(R) PROSet for Wired Connections --> MsiExec.exe /I{83F793B5-8BBF-42FD-A8A6-868CB3E2AAEA}
Iomega Automatic Backup Pro --> MsiExec.exe /X{6ABAF1E2-BEB6-4C32-BD9F-0CA733EE7453}
iTunes --> MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}
J2SE Runtime Environment 5.0 Update 10 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
J2SE Runtime Environment 5.0 Update 11 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
J2SE Runtime Environment 5.0 Update 8 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150080}
J2SE Runtime Environment 5.0 Update 9 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
Java 2 Runtime Environment, SE v1.4.2_03 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
JD Secure 3.1 --> C:\WINDOWS\System32\JDSecure31.exe /u
Jeopardy! --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Hasbro Interactive\Jeopardy!\Uninst.isu"
kgcbaby --> MsiExec.exe /I{E18B549C-5D15-45DA-8D8F-8FD2BD946344}
kgcbase --> MsiExec.exe /I{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}
kgchday --> MsiExec.exe /I{11F3F858-4131-4FFA-A560-3FE282933B6E}
kgchlwn --> MsiExec.exe /I{03EDED24-8375-407D-A721-4643D9768BE1}
kgcinvt --> MsiExec.exe /I{9BD54685-1496-46A5-AB62-357CD140ED8B}
kgckids --> MsiExec.exe /I{693C08A7-9E76-43FF-B11E-9A58175474C4}
kgcmove --> MsiExec.exe /I{A1588373-1D86-4D44-86C9-78ABD190F9CC}
kgcvday --> MsiExec.exe /I{8A8664E1-84C8-4936-891C-BC1F07797549}
KSU --> MsiExec.exe /I{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}
Macromedia Flash Player 8 --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\swflash.inf,DefaultUninstall,5
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 --> "C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{91110409-6000-11D3-8CFE-0150048383C9}
Microsoft Office XP Professional with FrontPage --> MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft Plus! Digital Media Edition Installer --> MsiExec.exe /X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}
Microsoft Plus! Photo Story 2 LE --> MsiExec.exe /X{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Modem Event Monitor --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}\setup.exe" -l0x9
Modem Helper --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Modem On Hold --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
Motorola Phone Tools --> C:\Program Files\InstallShield Installation Information\{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}\setup.exe -runfromtemp -l0x0009 -removeonly
Motorola Software Update --> MsiExec.exe /I{CCF32FF9-D408-42AB-AE29-46B9183E4EB7}
Move Networks Media Player for Internet Explorer --> C:\Documents and Settings\Jessenia Pagán\Application Data\Move Networks\ie_bin\Uninst.exe
Mozilla Firefox (2.0.0.14) --> C:\PROGRA~1\Mozilla Firefox\uninstall\helper.exe
MSConfig CleanUp 1.2 --> "C:\Program Files\MSConfig CleanUp\UninsHs.exe"
MSN --> C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
Nikon Message Center --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}\Setup.exe" -l0x9 UNINSTALL
Notifier --> MsiExec.exe /I{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}
OfotoXMI --> MsiExec.exe /I{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}
OTtBP --> MsiExec.exe /I{F71760CD-0F8B-4DCC-B7B7-6B223CC3843C}
OTtBPSDK --> MsiExec.exe /I{3CA39B0C-BA85-4D42-AC0F-1FF5F60C3353}
Picasa 2 --> "C:\Program Files\Picasa2\Uninstall.exe"
PictureProject --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FF3999BE-1A7B-4738-88AA-97BF14094A4A}\Setup.exe" -l0x9 UNINSTALL
PowerDVD 5.5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
ProCite 5 --> C:\PROGRA~1\ProCite5\_UNINST.EXE C:\PROGRA~1\ProCite5\INSTALL.LOG
QuickTime --> MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
SFR --> MsiExec.exe /I{DB02F716-6275-42E9-B8D2-83BA2BF5100B}
SHASTA --> MsiExec.exe /I{605A4E39-613C-4A12-B56F-DEFBE6757237}
SKIN0001 --> MsiExec.exe /I{FDF9943A-3D5C-46B3-9679-586BD237DDEE}
SKINXSDK --> MsiExec.exe /I{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}
Skype 2.5 --> "C:\Program Files\Skype\Phone\unins000.exe"
Software Kodak EasyShare --> C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_140010_c358c\Setup.exe /APR-REMOVE
Sonic DLA --> MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic RecordNow Audio --> MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic RecordNow Copy --> MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic RecordNow Data --> MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Sonic Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
staticcr --> MsiExec.exe /I{8943CE61-53BD-475E-90E1-A580869E98A2}
Trojan Remover 6.7.0 --> "C:\Program Files\Trojan Remover\unins000.exe"
VPRINTOL --> MsiExec.exe /I{999D43F4-9709-4887-9B1A-83EBB15A8370}
WebCyberCoach 3.2 Dell --> "C:\Program Files\WebCyberCoach\b_Dell\WCC_Wipe.exe" "WebCyberCoach ext\wtrb" /inf "engine.inf,RealUninstallSection,,4" /infcfg "enginecf.inf,RealUninstallSection,,4"
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WIRELESS --> MsiExec.exe /I{F9593CFB-D836-49BC-BFF1-0E669A411D9F}
WordPerfect Office 12 --> MsiExec.exe /I{AF19F291-F22F-4798-9662-525305AE9E48}
Wubi --> C:\WINDOWS\wubi-uninstall.exe
Xvid 1.1.3 final uninstall --> "C:\Program Files\Xvid\unins000.exe"
Zune --> MsiExec.exe /X{FE0256DB-509C-40AC-B888-2543AD4298E6}
Zune Language Pack (ES) --> MsiExec.exe /I{EE4ACABF-531E-419A-9225-B8E0FA4955AF}
Zune Language Pack (FR) --> MsiExec.exe /I{0076E1AC-9E7B-4B9F-A62A-4CC9511AD8E3}

(cont.)
 
Re: My Hijack This logfile

(cont.)


-- Application Event Log --------------

Event Record #/Type19666 / Warning
Event Submitted/Written: 06/19/2008 05:17:42 PM
Event ID/Source: 1015 / MsiInstaller
Event Description:
Failed to connect to server. Error: 0x800401F0

Event Record #/Type19643 / Success
Event Submitted/Written: 06/19/2008 03:57:28 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type19628 / Error
Event Submitted/Written: 06/19/2008 11:37:55 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application services.exe, version 5.1.2600.2180, faulting module services.exe, version 5.1.2600.2180, fault address 0x00008e40.
Processing media-specific event for [services.exe!ws!]

Event Record #/Type19617 / Error
Event Submitted/Written: 06/19/2008 09:57:38 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application services.exe, version 5.1.2600.2180, faulting module services.exe, version 5.1.2600.2180, fault address 0x00008e40.
Processing media-specific event for [services.exe!ws!]

Event Record #/Type19606 / Error
Event Submitted/Written: 06/19/2008 07:33:35 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application services.exe, version 5.1.2600.2180, faulting module services.exe, version 5.1.2600.2180, fault address 0x00008e40.
Processing media-specific event for [services.exe!ws!]



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type106334 / Warning
Event Submitted/Written: 06/19/2008 10:38:43 PM
Event ID/Source: 8021 / BROWSER
Event Description:
The browser was unable to retrieve a list of servers from the browser master \\JESSIE-PC on the network \Device\NetBT_Tcpip_{42EF7A98-CA31-4093-BDD9-0D461E976F9A}.
The data is the error code.

Event Record #/Type106333 / Warning
Event Submitted/Written: 06/19/2008 10:38:34 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type106319 / Error
Event Submitted/Written: 06/19/2008 10:38:11 PM
Event ID/Source: 7022 / Service Control Manager
Event Description:
The Bonjour Service service hung on starting.

Event Record #/Type106317 / Error
Event Submitted/Written: 06/19/2008 10:36:20 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The Automatic LiveUpdate Scheduler service failed to start due to the following error:
%%3

Event Record #/Type106312 / Error
Event Submitted/Written: 06/19/2008 10:35:04 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}



-- End of Deckard's System Scanner: finished at 2008-06-19 22:40:07 ------------
 
Re: My Hijack This logfile

Hello Thief12,

Download ComboFix from Here or Here to your Desktop.
Read first: "How to download and use ComboFix"
If you downloaded ComboFix previously, delete that version and download it again as the tool is frequently updated!
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Double click combofix.exe and follow the prompts.
  • When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
  • Be sure to re-enable your anti-virus and other security programs, after ComboFix finished.
Note: Do not mouseclick combofix's window while its running. That may cause it to stall.

Extra-Note: Please, DO NOT use ComboFix on your own. It is a very powerful tool designed to deal with sophisticated infections and if something goes wrong or you use it incorrectly, you could possibly lose the use of your computer. It is ONLY meant to be used under the direct supervision of a malware removal specialist. Please read Combofix's Disclaimer

Logs needed in your next post:

ComboFix

Regards,
Mak213
 
ComboFix.txt

Done...

ComboFix 08-06-19.2 - Jessenia Pagán 2008-06-20 0:40:18.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.486 [GMT -5:00]
Running from: C:\Documents and Settings\Jessenia Pagán\Desktop\ComboFix.exe
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Jessenia Pagán\Application Data\inst.exe
C:\WINDOWS\msacm32.drv
C:\WINDOWS\system32\amvo1.dll
C:\WINDOWS\system32\aofbnpqy.ini
C:\WINDOWS\system32\awtuSJCv.dll
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\WINDOWS\system32\drivers\Ovy03.sys
C:\WINDOWS\system32\narqwe.sys
C:\WINDOWS\system32\qoMfgfCv.dll
C:\WINDOWS\system32\vCfgfMoq.ini
C:\WINDOWS\system32\vCfgfMoq.ini2

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_OVY03
-------\Legacy_tcpsr
-------\Service_narqwe
-------\Service_Ovy03
-------\Service_tcpsr


((((((((((((((((((((((((( Files Created from 2008-05-20 to 2008-06-20 )))))))))))))))))))))))))))))))
.

2008-06-19 22:38 . 2007-06-28 14:36 401,720 --a------ C:\Jessenia Pag n.exe
2008-06-19 22:36 . 2008-06-19 22:36 <DIR> d-------- C:\Deckard
2008-06-19 22:36 . 2008-06-19 22:36 192,512 --a------ C:\WINDOWS\system32\cbOCR.dll
2008-06-19 18:10 . 2007-06-28 14:36 401,720 --a------ C:\HijackThis.exe
2008-06-19 18:09 . 2008-06-19 18:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Simply Super Software
2008-06-19 18:09 . 2006-05-25 15:52 162,304 --a------ C:\WINDOWS\system32\ztvunrar36.dll
2008-06-19 18:09 . 2003-02-02 20:06 153,088 --a------ C:\WINDOWS\system32\UNRAR3.dll
2008-06-19 18:09 . 2005-08-26 01:50 77,312 --a------ C:\WINDOWS\system32\ztvunace26.dll
2008-06-19 18:09 . 2002-03-06 01:00 75,264 --a------ C:\WINDOWS\system32\unacev2.dll
2008-06-19 18:09 . 2006-06-19 13:01 69,632 --a------ C:\WINDOWS\system32\ztvcabinet.dll
2008-06-19 17:26 . 2008-06-19 17:26 <DIR> d-------- C:\Program Files\ESET
2008-06-19 17:26 . 2008-06-19 17:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ESET
2008-06-19 16:53 . 2008-06-19 16:53 86,016 --a------ C:\WINDOWS\system32\yqpnbfoa.dll
2008-06-18 21:47 . 2008-06-18 21:47 2 --a------ C:\1885922393
2008-06-18 15:18 . 2008-06-18 15:18 <DIR> d-------- C:\Program Files\DivXLand
2008-06-18 15:18 . 1999-12-17 10:13 86,016 --a------ C:\WINDOWS\unvise32.exe
2008-06-18 15:01 . 2008-06-18 15:01 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys
2008-06-17 16:03 . 2008-06-17 16:03 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2008-06-10 14:25 . 2008-04-14 06:01 272,128 --a------ C:\WINDOWS\system32\drivers\bthport.sys
2008-06-10 14:25 . 2008-04-14 06:01 272,128 --------- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-09 22:51 . 2008-06-09 22:51 <DIR> d-------- C:\Documents and Settings\Carlo Giovannetti\Application Data\Simply Super Software
2008-05-30 15:22 . 2008-06-18 23:16 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-30 15:22 . 2008-06-17 20:37 1,409 --a------ C:\WINDOWS\QTFont.for
2008-05-30 10:59 . 2008-05-30 10:59 <DIR> d-------- C:\Program Files\GIF Movie Gear
2008-05-21 21:16 . 2008-05-21 21:16 <DIR> d-------- C:\cuidado-con-este-megavirustroyanoyspywa_files
2008-05-21 21:16 . 2008-05-21 21:16 106,751 --a------ C:\cuidado-con-este-megavirustroyanoyspywa.html
2008-05-21 16:15 . 2008-05-21 16:15 <DIR> d-------- C:\WINDOWS\McAfee.com
2008-05-21 13:46 . 2008-05-21 13:46 <DIR> d-------- C:\Documents and Settings\Administrator\Contacts

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-20 01:02 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-19 23:14 --------- d-----w C:\Program Files\Norton AntiVirus
2008-06-19 23:14 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-06-19 23:11 --------- d-----w C:\Program Files\Trojan Remover
2008-06-19 22:28 --------- d-----w C:\Program Files\Symantec
2008-06-19 22:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-06-19 05:05 --------- d-----w C:\Program Files\LimeWire
2008-06-19 03:06 --------- d-----w C:\Program Files\MagicISO
2008-06-18 19:28 --------- d-----w C:\Program Files\Xvid
2008-06-10 05:16 --------- d-----w C:\Program Files\Microsoft Works
2008-05-22 03:18 --------- d-----w C:\Program Files\CleanUp!
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-08 03:12 --------- d-----w C:\Program Files\CCleaner
2008-05-08 03:11 --------- d-----w C:\Program Files\MSConfig CleanUp
2008-04-24 00:01 --------- d-----w C:\Program Files\Common Files\xing shared
2008-04-24 00:01 --------- d-----w C:\Program Files\Common Files\Real
2008-04-21 20:38 --------- d-----w C:\Program Files\Apple Software Update
2008-04-11 03:04 74,240 ----a-w C:\WINDOWS\ST6UNST.EXE
2008-04-11 03:04 290,816 ------w C:\WINDOWS\Setup1.exe
2007-06-28 19:36 401,720 ----a-w C:\Program Files\HijackThis.exe
2007-05-27 17:39 20 ---h--w C:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT
2007-11-08 03:54 56 --sh--r C:\WINDOWS\system32\590C45F905.sys
2007-11-08 03:54 1,682 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-11-14 15:05 1410304]

C:\Documents and Settings\Jorge Giovannetti\Start Menu\Programs\Startup\
Iomega Product Registration.lnk - C:\Program Files\Iomega\Registration\Register.exe [2004-02-12 13:26:03 16175104]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\StubInstaller.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"C:\\Program Files\\Motorola\\Software Update\\msu.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

R0 IABFilt;Iomega Snapshot Volume Filter;C:\WINDOWS\system32\DRIVERS\IABFilt.sys [2004-11-04 16:11]
R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2007-11-14 15:06]
R2 zumbus;Zune Bus Enumerator Driver;C:\WINDOWS\system32\DRIVERS\zumbus.sys [2007-11-15 21:38]
R2 ZuneBusEnum;Zune Bus Enumerator;c:\WINDOWS\system32\ZuneBusEnum.exe [2007-11-15 21:51]
S3 motccgp;Motorola USB Composite Device Driver;C:\WINDOWS\system32\DRIVERS\motccgp.sys [2007-06-18 15:19]
S3 motccgpfl;MotCcgpFlService;C:\WINDOWS\system32\DRIVERS\motccgpfl.sys [2007-01-22 19:33]
S3 motport;Motorola USB Diagnostic Port;C:\WINDOWS\system32\DRIVERS\motport.sys [2007-06-18 15:18]
S3 ZuneWlanCfgSvc;Zune Wireless Configuration Service;c:\WINDOWS\system32\ZuneWlanCfgSvc.exe [2007-11-15 21:51]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{88a7711d-110c-11dd-835f-00123faa2178}]
\Shell\AutoRun\command - F:\80avp08.com
\Shell\explore\Command - F:\80avp08.com
\Shell\open\Command - F:\80avp08.com

.
Contents of the 'Scheduled Tasks' folder
"2008-06-14 01:04:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-06-20 05:50:00 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDetect.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-20 00:48:02
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
.
**************************************************************************
.
Completion time: 2008-06-20 0:53:56 - machine was rebooted [Jessenia Pag n]
ComboFix-quarantined-files.txt 2008-06-20 05:53:49

Pre-Run: 26,329,481,216 bytes free
Post-Run: 26,346,995,712 bytes free

154 --- E O F --- 2008-06-11 04:40:59
 
New HijackThis.log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:03:08 PM, on 6/19/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\WINDOWS\system32\fxssvc.exe
C:\HijackThis.exe

O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5299/mcfscan.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

--
End of file - 3793 bytes
 
Re: My Hijack This logfile

There is a infection on your PC. I will develop your fix ASAP and get it to you. Please just bear with me. Thank you.
 
Re: My Hijack This logfile

Hello Thief12,

Step1 | CFScript

1. Please open Notepad
  • Click Start, then Run
  • Type "notepad.exe" in the Run Box.
2. Now copy/paste the entire content of the codebox below into the Notepad window:
Code: 
KillAll::
C:\WINDOWS\system32\cbOCR.dll
File::
C:\WINDOWS\system32\yqpnbfoa.dll
C:\1885922393
C:\WINDOWS\system32\cbOCR.dll
Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"C:\\StubInstaller.exe"=
3. Then in the text file go to FILE => SAVE AS and in the dropdown box select SAVE AS TYPE to ALL FILES

4. Save the above as CFScript.txt

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

CFScript.gif


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply

Logs needed in next post:

ComboFix

Regards,
Mak
 
ComboFix.txt

ComboFix 08-06-19.2 - Jessenia Pagán 2008-06-20 15:38:11.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.684 [GMT -5:00]
Running from: C:\Documents and Settings\Jessenia Pagán\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Jessenia Pagán\Desktop\CFScript.txt
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\1885922393
C:\WINDOWS\system32\cbOCR.dll
C:\WINDOWS\system32\yqpnbfoa.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\1885922393
C:\WINDOWS\system32\yqpnbfoa.dll

.
((((((((((((((((((((((((( Files Created from 2008-05-20 to 2008-06-20 )))))))))))))))))))))))))))))))
.

2008-06-20 01:04 . 2008-06-20 01:05 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-06-20 00:53 . 2008-06-20 00:53 <DIR> d-------- C:\Documents and Settings\Jessenia Pagán
2008-06-20 00:53 . <DIR> C:\Documents and Settings\Jessenia Pagßn\Local Settings
2008-06-20 00:53 . <DIR> C:\Documents and Settings\Jessenia Pagßn\Local Settings
2008-06-19 22:36 . 2008-06-19 22:36 <DIR> d-------- C:\Deckard
2008-06-19 18:10 . 2007-06-28 14:36 401,720 --a------ C:\HijackThis.exe
2008-06-19 18:09 . 2008-06-19 18:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Simply Super Software
2008-06-19 18:09 . 2006-05-25 15:52 162,304 --a------ C:\WINDOWS\system32\ztvunrar36.dll
2008-06-19 18:09 . 2003-02-02 20:06 153,088 --a------ C:\WINDOWS\system32\UNRAR3.dll
2008-06-19 18:09 . 2005-08-26 01:50 77,312 --a------ C:\WINDOWS\system32\ztvunace26.dll
2008-06-19 18:09 . 2002-03-06 01:00 75,264 --a------ C:\WINDOWS\system32\unacev2.dll
2008-06-19 18:09 . 2006-06-19 13:01 69,632 --a------ C:\WINDOWS\system32\ztvcabinet.dll
2008-06-19 17:26 . 2008-06-19 17:26 <DIR> d-------- C:\Program Files\ESET
2008-06-19 17:26 . 2008-06-19 17:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ESET
2008-06-18 15:18 . 2008-06-18 15:18 <DIR> d-------- C:\Program Files\DivXLand
2008-06-18 15:18 . 1999-12-17 10:13 86,016 --a------ C:\WINDOWS\unvise32.exe
2008-06-18 15:01 . 2008-06-18 15:01 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys
2008-06-17 16:03 . 2008-06-17 16:03 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2008-06-10 14:25 . 2008-06-13 08:10 272,128 --a------ C:\WINDOWS\system32\drivers\bthport.sys
2008-06-10 14:25 . 2008-06-13 08:10 272,128 --------- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-09 22:51 . 2008-06-09 22:51 <DIR> d-------- C:\Documents and Settings\Carlo Giovannetti\Application Data\Simply Super Software
2008-05-30 15:22 . 2008-06-18 23:16 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-30 15:22 . 2008-06-17 20:37 1,409 --a------ C:\WINDOWS\QTFont.for
2008-05-30 10:59 . 2008-05-30 10:59 <DIR> d-------- C:\Program Files\GIF Movie Gear
2008-05-21 21:16 . 2008-05-21 21:16 <DIR> d-------- C:\cuidado-con-este-megavirustroyanoyspywa_files
2008-05-21 21:16 . 2008-05-21 21:16 106,751 --a------ C:\cuidado-con-este-megavirustroyanoyspywa.html
2008-05-21 16:15 . 2008-05-21 16:15 <DIR> d-------- C:\WINDOWS\McAfee.com
2008-05-21 13:46 . 2008-05-21 13:46 <DIR> d-------- C:\Documents and Settings\Administrator\Contacts

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-20 01:02 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-19 23:14 --------- d-----w C:\Program Files\Norton AntiVirus
2008-06-19 23:14 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-06-19 23:11 --------- d-----w C:\Program Files\Trojan Remover
2008-06-19 22:28 --------- d-----w C:\Program Files\Symantec
2008-06-19 22:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-06-19 05:05 --------- d-----w C:\Program Files\LimeWire
2008-06-19 03:06 --------- d-----w C:\Program Files\MagicISO
2008-06-18 19:28 --------- d-----w C:\Program Files\Xvid
2008-06-10 05:16 --------- d-----w C:\Program Files\Microsoft Works
2008-05-22 03:18 --------- d-----w C:\Program Files\CleanUp!
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-08 03:12 --------- d-----w C:\Program Files\CCleaner
2008-05-08 03:11 --------- d-----w C:\Program Files\MSConfig CleanUp
2008-04-24 00:01 --------- d-----w C:\Program Files\Common Files\xing shared
2008-04-24 00:01 --------- d-----w C:\Program Files\Common Files\Real
2008-04-21 20:38 --------- d-----w C:\Program Files\Apple Software Update
2008-04-11 03:04 74,240 ----a-w C:\WINDOWS\ST6UNST.EXE
2008-04-11 03:04 290,816 ------w C:\WINDOWS\Setup1.exe
2007-06-28 19:36 401,720 ----a-w C:\Program Files\HijackThis.exe
2007-05-27 17:39 20 ---h--w C:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT
2007-11-08 03:54 56 --sh--r C:\WINDOWS\system32\590C45F905.sys
2007-11-08 03:54 1,682 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( snapshot@2008-06-20_ 0.53.31.04 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-20 05:47:28 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-20 20:41:58 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-04-14 11:01:02 272,128 ------w C:\WINDOWS\Driver Cache\i386\bthport.sys
+ 2008-06-13 13:10:50 272,128 ------w C:\WINDOWS\Driver Cache\i386\bthport.sys
- 2006-11-01 23:31:34 315,904 ----a-w C:\WINDOWS\inf\unregmp2.exe
+ 2007-06-27 03:10:26 317,440 ----a-w C:\WINDOWS\inf\unregmp2.exe
- 2006-11-01 23:31:34 315,904 ----a-w C:\WINDOWS\system32\dllcache\unregmp2.exe
+ 2007-06-27 03:10:26 317,440 ----a-w C:\WINDOWS\system32\dllcache\unregmp2.exe
- 2006-10-19 02:47:20 10,834,432 ----a-w C:\WINDOWS\system32\dllcache\wmp.dll
+ 2007-06-12 04:51:12 10,834,944 ----a-w C:\WINDOWS\system32\dllcache\wmp.dll
- 2006-09-25 22:58:48 14,640 ----a-w C:\WINDOWS\system32\spmsg.dll
+ 2007-11-30 11:18:51 17,272 ------w C:\WINDOWS\system32\spmsg.dll
- 2006-10-19 02:47:20 10,834,432 ----a-w C:\WINDOWS\system32\wmp.dll
+ 2007-06-12 04:51:12 10,834,944 ----a-w C:\WINDOWS\system32\wmp.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-11-14 15:05 1410304]

C:\Documents and Settings\Jorge Giovannetti\Start Menu\Programs\Startup\
Iomega Product Registration.lnk - C:\Program Files\Iomega\Registration\Register.exe [2004-02-12 13:26:03 16175104]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\StubInstaller.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"C:\\Program Files\\Motorola\\Software Update\\msu.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

R0 IABFilt;Iomega Snapshot Volume Filter;C:\WINDOWS\system32\DRIVERS\IABFilt.sys [2004-11-04 16:11]
R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2007-11-14 15:06]
R2 zumbus;Zune Bus Enumerator Driver;C:\WINDOWS\system32\DRIVERS\zumbus.sys [2007-11-15 21:38]
R2 ZuneBusEnum;Zune Bus Enumerator;c:\WINDOWS\system32\ZuneBusEnum.exe [2007-11-15 21:51]
S3 motccgp;Motorola USB Composite Device Driver;C:\WINDOWS\system32\DRIVERS\motccgp.sys [2007-06-18 15:19]
S3 motccgpfl;MotCcgpFlService;C:\WINDOWS\system32\DRIVERS\motccgpfl.sys [2007-01-22 19:33]
S3 motport;Motorola USB Diagnostic Port;C:\WINDOWS\system32\DRIVERS\motport.sys [2007-06-18 15:18]
S3 ZuneWlanCfgSvc;Zune Wireless Configuration Service;c:\WINDOWS\system32\ZuneWlanCfgSvc.exe [2007-11-15 21:51]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{88a7711d-110c-11dd-835f-00123faa2178}]
\Shell\AutoRun\command - F:\80avp08.com
\Shell\explore\Command - F:\80avp08.com
\Shell\open\Command - F:\80avp08.com

.
Contents of the 'Scheduled Tasks' folder
"2008-06-14 01:04:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-06-20 20:45:00 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDetect.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-20 15:42:24
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
.
**************************************************************************
.
Completion time: 2008-06-20 15:47:53 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-20 20:47:48
ComboFix2.txt 2008-06-20 05:53:57

Pre-Run: 30,532,960,256 bytes free
Post-Run: 30,520,692,736 bytes free

162 --- E O F --- 2008-06-20 06:05:29
 
Status
Not open for further replies.

Similar threads

XWrench3
hijack this scan
Replies
6
Views
2K
XWrench3
XWrench3
G
Computer slow and work in background
Replies
0
Views
3K
grecycle99
G
N
Laptop slowing down in function (internet and general apps)
Replies
1
Views
3K
Trotter
Trotter
M
computer suddenly slowed down.
Replies
0
Views
3K
mike3dp
M
N
Your computer appears to be correctly configured, but the device or resource (DNS server) is not responding"
Replies
0
Views
4K
nev
N
Back
Top Bottom