1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

help with this hijack log please, thanks in advance

Discussion in 'Virus & Other Malware Removal' started by aquiros, Aug 9, 2006.

Thread Status:
Not open for further replies.
Advertisement
  1. aquiros

    aquiros Thread Starter

    Joined:
    Feb 22, 2005
    Messages:
    33
    hello, im having problems with some of the programs and tools in startup, they don't show like regularly, i think ive got some spyware or a virus maybe, the computer is behaving strange, and my antivirus software expired.. also when i start the computer there is a long list of iexplorer processes C:\Program Files\Internet Explorer\iexplore.exe, i dont know why, and

    thanks for the help, there's the hijack log:

    Logfile of HijackThis v1.99.1
    Scan saved at 11:00:08 PM, on 8/8/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Norton Internet Security\ISSVC.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    C:\WINDOWS\System32\CTsvcCDA.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\Belkin Bulldog Plus\upsd.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\WINDOWS\UpdReg.EXE
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\System32\DSentry.exe
    C:\Program Files\Common Files\Dell\EUSW\Support.exe
    C:\PROGRA~1\SYMNET~1\SNDMon.exe
    C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\WINDOWS\system32\NeroCheck.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
    C:\WINDOWS\system32\CTHELPER.EXE
    C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
    C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\WINDOWS\BCMSMMSG.exe
    C:\Program Files\Norton Password Manager\AcctMgr.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\ATI Multimedia\main\launchpd.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
    C:\Program Files\ATI Multimedia\RemCtrl\ATIX10.exe
    C:\Program Files\Belkin Bulldog Plus\MUPS.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\Andres\Desktop\HijackThis.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
    O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
    O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
    O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton Password Manager\AcctMgr.exe /startup
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\launchpd.exe"
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
    O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIX10.exe
    O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: MUPS.lnk = C:\Program Files\Belkin Bulldog Plus\MUPS.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
    O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\tv\EXPLBAR.DLL
    O9 - Extra button: Investigador - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1108525071984
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://mirror.worldwinner.com/games/shared/wwlaunch.cab
    O16 - DPF: {C4660846-8760-4852-8154-82438E33E383} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/es/filesharingctrl.cab
    O16 - DPF: {FAE74270-E5EE-49C3-B816-EA8B4D55F38F} (H2hPool Control) - http://mirror.worldwinner.com/games/v51/h2hpool/h2hpool.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{27F6C8C9-490D-4A96-8A3D-F1C7F128D688}: NameServer = 196.40.3.10,196.40.3.13,196.40.31.66,196.40.31.67
    O17 - HKLM\System\CS1\Services\Tcpip\..\{27F6C8C9-490D-4A96-8A3D-F1C7F128D688}: NameServer = 196.40.3.10,196.40.3.13,196.40.31.66,196.40.31.67
    O17 - HKLM\System\CS2\Services\Tcpip\..\{27F6C8C9-490D-4A96-8A3D-F1C7F128D688}: NameServer = 196.40.3.10,196.40.3.13,196.40.31.66,196.40.31.67
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    O23 - Service: UPS - UPSentry Service (UPSentry_Smart) - Delta - C:\Program Files\Belkin Bulldog Plus\upsd.exe
    O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)
     
  2. Jag11

    Jag11

    Joined:
    May 30, 2005
    Messages:
    1,244
    I don't see anything suspicious.. Let's try this :

    Download ATF Cleaner
    • Double-click ATF-Cleaner.exe to run the program.
    • Click Select All found at the bottom of the list.
    • Click the Empty Selected button.
    If you use Firefox browser, do this also:
    • Click Firefox at the top and choose Select All from the list.
    • Click the Empty Selected button.
    • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
    If you use Opera browser, do this also:
    • Click Opera at the top and choose Select All from the list.
    • Click the Empty Selected button.
    • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
    Click Exit on the Main menu to close the program.

    =====================================

    Run an online scan at Panda's ActiveScan
    • Please go here using Internet Explorer.
    • Once you are on the Panda site click the Scan your PC button.
    • A new window will open, click the big Check Now button.
      • Enter your Country.
      • Enter your State/Province.
      • Enter your e-mail address and click send.
      • Select either Home User or Company.
      • Click the big Scan Now button.
    • If it wants to install an ActiveX component allow it.
    • It will start downloading the files it requires for the scan.
    • When the download is complete, click on My Computer to start the scan.
    • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.
    NOTE: Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later.

    =====================================

    Rename "Hijackthis.exe" to "jet.exe" (w/out quotes) then run a scan w/ HJT again.

    In your next reply, please include these log(s):
    • HijackThis log (new)
    • Panda
     
  3. aquiros

    aquiros Thread Starter

    Joined:
    Feb 22, 2005
    Messages:
    33
    i'm doing this from anoter computer, its to late i lost the chance to use internet, its all blocked, here is the report from karspersky online scanner, it shows i have like 21 viruses and its all now blocked.. i ran this yesterday from my computer, and today i didn't had internet, this is the report, thanks

    -------------------------------------------------------------------------------
    KASPERSKY ONLINE SCANNER REPORT
    Saturday, August 12, 2006 9:44:18 AM
    Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
    Kaspersky Online Scanner version: 5.0.83.0
    Kaspersky Anti-Virus database last update: 12/08/2006
    Kaspersky Anti-Virus database records: 214276
    -------------------------------------------------------------------------------

    Scan Settings:
    Scan using the following antivirus database: extended
    Scan Archives: true
    Scan Mail Bases: true

    Scan Target - My Computer:
    A:\
    C:\
    D:\
    E:\
    F:\
    G:\
    I:\

    Scan Statistics:
    Total number of scanned objects: 98291
    Number of viruses found: 21
    Number of infected objects: 144 / 0
    Number of suspicious objects: 0
    Duration of the scan process: 02:00:41

    Infected Object Name / Virus Name / Last Action
    C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Confid.log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Content.log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Privacy.log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Restrict.log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\WebHist.log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2006-08-11_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
    C:\Documents and Settings\Andres\Cookies\index.dat Object is locked skipped
    C:\Documents and Settings\Andres\Local Settings\Application Data\Microsoft\Media Player\CurrentDatabase_59R.wmdb Object is locked skipped
    C:\Documents and Settings\Andres\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\Andres\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\Andres\Local Settings\History\History.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\Andres\Local Settings\Temp\t1155100096.dll Infected: Trojan-Downloader.Win32.Agent.asl skipped
    C:\Documents and Settings\Andres\Local Settings\Temp\t1155100112.dll Infected: Trojan-Downloader.Win32.Agent.asl skipped
    C:\Documents and Settings\Andres\Local Settings\Temp\t1155100113.dll Infected: Trojan-Downloader.Win32.Agent.asl skipped
    C:\Documents and Settings\Andres\Local Settings\Temp\t1155169069.dll Infected: Trojan-Downloader.Win32.Agent.asl skipped
    C:\Documents and Settings\Andres\Local Settings\Temp\t1155188765.dll Infected: Trojan-Downloader.Win32.Agent.asl skipped
    C:\Documents and Settings\Andres\Local Settings\Temp\t1155188777.dll Infected: Trojan-Downloader.Win32.Agent.asl skipped
    C:\Documents and Settings\Andres\Local Settings\Temp\t1155188837.dll Infected: Trojan-Downloader.Win32.Agent.asl skipped
    C:\Documents and Settings\Andres\Local Settings\Temp\t1155190597.dll Infected: Trojan-Downloader.Win32.Agent.asl skipped
    C:\Documents and Settings\Andres\Local Settings\Temp\t1155190605.dll Infected: Trojan-Downloader.Win32.Agent.asl skipped
    C:\Documents and Settings\Andres\Local Settings\Temp\t1155191227.dll Infected: Trojan-Downloader.Win32.Agent.asl skipped
    C:\Documents and Settings\Andres\Local Settings\Temp\t1155191234.dll Infected: Trojan-Downloader.Win32.Agent.asl skipped
    C:\Documents and Settings\Andres\Local Settings\Temp\t1155191239.dll Infected: Trojan-Downloader.Win32.Agent.asl skipped
    C:\Documents and Settings\Andres\Local Settings\Temp\t1155354720.dll Infected: Trojan-Downloader.Win32.Agent.asl skipped
    C:\Documents and Settings\Andres\Local Settings\Temp\t1155354730.dll Infected: Trojan-Downloader.Win32.Agent.asl skipped
    C:\Documents and Settings\Andres\Local Settings\Temp\t1155354733.dll Infected: Trojan-Downloader.Win32.Agent.asl skipped
    C:\Documents and Settings\Andres\Local Settings\Temp\t1155354737.dll Infected: Trojan-Downloader.Win32.Agent.asl skipped
    C:\Documents and Settings\Andres\Local Settings\Temp\t1155354743.dll Infected: Trojan-Downloader.Win32.Agent.asl skipped
    C:\Documents and Settings\Andres\Local Settings\Temp\t1155354747.dll Infected: Trojan-Downloader.Win32.Agent.asl skipped
    C:\Documents and Settings\Andres\Local Settings\Temp\t1155354794.dll Infected: Trojan-Downloader.Win32.Agent.asl skipped
    C:\Documents and Settings\Andres\Local Settings\Temp\t1155356106.dll Infected: Trojan-Downloader.Win32.Agent.asl skipped
    C:\Documents and Settings\Andres\Local Settings\Temp\t1155356134.dll Infected: Trojan-Downloader.Win32.Agent.asl skipped
    C:\Documents and Settings\Andres\Local Settings\Temp\t1155356135.dll Infected: Trojan-Downloader.Win32.Agent.asl skipped
    C:\Documents and Settings\Andres\Local Settings\Temp\t1155356206.dll Infected: Trojan-Downloader.Win32.Agent.asl skipped
    C:\Documents and Settings\Andres\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\Andres\My Documents\Cosas\Instalaciones\Programas\MSNPassDec.zip/MSN Password Decryptor.exe Infected: not-a-virus:pSWTool.Win32.MSNPassword.b skipped
    C:\Documents and Settings\Andres\My Documents\Cosas\Instalaciones\Programas\MSNPassDec.zip ZIP: infected - 1 skipped
    C:\Documents and Settings\Andres\My Documents\Cosas\Instalaciones\Programas\OmeNServE.zip/SDmirc.ini Infected: Backdoor.IRC.Bomber skipped
    C:\Documents and Settings\Andres\My Documents\Cosas\Instalaciones\Programas\OmeNServE.zip ZIP: infected - 1 skipped
    C:\Documents and Settings\Andres\My Documents\Cosas\Instalaciones\Programas\setup_ares.exe/data0020/NHInstall.exe Infected: not-a-virus:AdWare.Win32.NavExcel.d skipped
    C:\Documents and Settings\Andres\My Documents\Cosas\Instalaciones\Programas\setup_ares.exe/data0020/v2.0.4b.cab/NHelper.dll Infected: not-a-virus:AdWare.Win32.NavExcel.g skipped
    C:\Documents and Settings\Andres\My Documents\Cosas\Instalaciones\Programas\setup_ares.exe/data0020/v2.0.4b.cab/NHUninstaller.exe Infected: not-a-virus:AdWare.Win32.NavExcel skipped
    C:\Documents and Settings\Andres\My Documents\Cosas\Instalaciones\Programas\setup_ares.exe/data0020/v2.0.4b.cab/NHUpdater.exe Infected: not-a-virus:AdWare.Win32.NavExcel.b skipped
    C:\Documents and Settings\Andres\My Documents\Cosas\Instalaciones\Programas\setup_ares.exe/data0020/v2.0.4b.cab Infected: not-a-virus:AdWare.Win32.NavExcel.b skipped
    C:\Documents and Settings\Andres\My Documents\Cosas\Instalaciones\Programas\setup_ares.exe/data0020 Infected: not-a-virus:AdWare.Win32.NavExcel.b skipped
    C:\Documents and Settings\Andres\My Documents\Cosas\Instalaciones\Programas\setup_ares.exe/data0021 Infected: not-a-virus:AdWare.Win32.NavExcel.i skipped
    C:\Documents and Settings\Andres\My Documents\Cosas\Instalaciones\Programas\setup_ares.exe NSIS: infected - 7 skipped
    C:\Documents and Settings\Andres\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\Andres\ntuser.dat.LOG Object is locked skipped
    C:\Documents and Settings\LocalService\Cookies\INDEX.DAT Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\INDEX.DAT Object is locked skipped
    C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
    C:\Program Files\ATI Multimedia\main\launchpd.exe Infected: Trojan-Downloader.Win32.Agent.asl skipped
    C:\Program Files\ATI Multimedia\RemCtrl\ATIX10.exe Infected: Trojan-Downloader.Win32.Agent.asl skipped
    C:\Program Files\Common Files\Dell\EUSW\Support.exe Infected: Trojan-Downloader.Win32.Agent.asl skipped
    C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe Infected: Trojan-Downloader.Win32.Agent.asl skipped
    C:\Program Files\Common Files\Symantec Shared\AntiSpam\Log\Spam.log Object is locked skipped
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe Infected: Trojan-Downloader.Win32.Agent.asl skipped
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsys.dll Object is locked skipped
    C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped
    C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped
    C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped
    C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped
    C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped
    C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped
    C:\Program Files\Common Files\Symantec Shared\SPPolicy.log Object is locked skipped
    C:\Program Files\Common Files\Symantec Shared\SPStart.log Object is locked skipped
    C:\Program Files\Common Files\Symantec Shared\SPStop.log Object is locked skipped
    C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE Infected: Trojan-Downloader.Win32.Agent.asl skipped
    C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe Infected: Trojan-Downloader.Win32.Agent.asl skipped
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe Infected: Trojan-Downloader.Win32.Agent.asl skipped
    C:\Program Files\DAEMON Tools\daemon.exe Infected: Trojan-Downloader.Win32.Agent.asl skipped
    C:\Program Files\iTunes\iTunesHelper.exe Infected: Trojan-Downloader.Win32.Agent.asl skipped
    C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE Infected: Trojan-Downloader.Win32.Agent.asl skipped
    C:\Program Files\Norton Internet Security\Norton AntiVirus\AVApp.log Object is locked skipped
    C:\Program Files\Norton Internet Security\Norton AntiVirus\AVError.log Object is locked skipped
    C:\Program Files\Norton Internet Security\Norton AntiVirus\AVVirus.log Object is locked skipped
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\00153EAB.cla Infected: Trojan.Java.ClassLoader.k skipped
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\035E346E.cla Infected: Trojan.Java.ClassLoader.i skipped
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\06472660.cla Infected: Trojan.Java.ClassLoader.k skipped
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0B987FDA.cla Infected: Trojan.Java.ClassLoader.i skipped
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0D2F4172.dll Infected: Backdoor.Win32.Haxdoor.bh skipped
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0F8628FF.cla Infected: Trojan.Java.ClassLoader.i skipped
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0FA94B08.cla Infected: Trojan.Java.ClassLoader.k skipped
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0FF128CA.cla Infected: Trojan.Java.ClassLoader.i skipped
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\12256076.cla Infected: Trojan.Java.ClassLoader.k skipped
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\127212F2.cla Infected: Trojan.Java.ClassLoader.k skipped
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\1324306E.cla Infected: Trojan.Java.ClassLoader.k skipped
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\15296A0E.tmp Infected: Trojan-Downloader.Java.OpenStream.z skipped
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\15C527DC.cla Infected: Trojan.Java.ClassLoader.k skipped
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\171804AF.cla Infected: Trojan.Java.ClassLoader.i skipped
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\17844629.cla Infected: Trojan.Java.ClassLoader.k skipped
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\17D621CD.cla Infected: Trojan.Java.ClassLoader.k skipped
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\1BAF1D90.cla Infected: Trojan.Java.ClassLoader.i skipped
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\1D596606.zip/GetAccess.class Infected: Trojan.Java.ClassLoader.c skipped
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\1D596606.zip/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify skipped
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\1D596606.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a skipped
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\1D596606.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v skipped
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\1D596606.zip ZIP: infected - 4 skipped
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\1D596606.zip CryptFF: infected - 4 skipped
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\1D6A37F4.exe Infected: Trojan-Downloader.Win32.CWS.v skipped
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\1D855E66.cla Infected: Trojan.Java.ClassLoader.k skipped
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\1E3F6094.cla Infected: Trojan.Java.ClassLoader.i skipped
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\20E95EE3.cla Infected: Trojan.Java.ClassLoader.k skipped
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\23140228.cla Infected: Trojan.Java.ClassLoader.k skipped
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\23BB46CA.cla Infected: Trojan.Java.ClassLoader.k skipped
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\24150E9E.wmf Infected: Exploit.Win32.IMG-WMF.v skipped
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\2447071B.tmp Infected: Trojan.Java.ClassLoader.k skipped
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\25653C78.cla Infected: Trojan.Java.ClassLoader.i skipped
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\25BE60CB.wmf Infected: Exploit.Win32.IMG-WMF.v skipped
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\27D71221.cla Infected: Trojan.Java.ClassLoader.i skipped
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\299A7E09.cla Infected: Trojan.Java.ClassLoader.k skipped
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\2B1443E7.cla Infected: Trojan.Java.ClassLoader.k skipped
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\2EA43E27.cla Infected: Trojan.Java.ClassLoader.i skipped
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\2EBA58D2.cla Infected: Trojan.Java.ClassLoader.i skipped
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\2ED3087D.cla Infected: Trojan.Java.ClassLoader.k skipped
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\34C3166D.cla Infected: Trojan.Java.ClassLoader.k skipped
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\38F8074E.cla Infected: Trojan.Java.ClassLoader.k skipped
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\396D2205.cla Infected: Trojan.Java.ClassLoader.k skipped
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\3ABD2249.cla Infected: Trojan.Java.ClassLoader.k skipped
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\3B5967E3.zip/BlackBox.class Infected: Exploit.Java.ByteVerify skipped
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\3B5967E3.zip/VerifierBug.class Infected: Exploit.Java.ByteVerify skipped
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\3B5967E3.zip/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa skipped
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\3B5967E3.zip ZIP: infected - 3 skipped
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\3B5967E3.zip CryptFF: infected - 3 skipped
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\41DD7445.cla Infected: Trojan.Java.ClassLoader.k skipped
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\42896781.cla Infected: Trojan.Java.ClassLoader.k skipped
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\439849EC.cla Infected: Trojan.Java.ClassLoader.i skipped
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\446D5E46.cla Infected: Trojan.Java.ClassLoader.k skipped
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\4AC4166B.cla Infected: Trojan.Java.ClassLoader.i skipped
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\4F511C7D.cla Infected: Trojan.Java.ClassLoader.k skipped
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\4F6A7B1A.cla Infected: Trojan.Java.ClassLoader.i skipped
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\4FFE7AEE.cla Infected: Trojan.Java.ClassLoader.i skipped
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\50927AC2.cla Infected: Trojan.Java.ClassLoader.k skipped
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\51267A96.cla Infected: Trojan.Java.ClassLoader.i skipped
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\51A6787B.cla Infected: Trojan.Java.ClassLoader.k skipped
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\52A54872.cla Infected: Trojan.Java.ClassLoader.k skipped
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\531F3D67.cla Infected: Trojan.Java.ClassLoader.k skipped
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\53A4186A.cla Infected: Trojan.Java.ClassLoader.k skipped
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\56907F4E.cla Infected: Trojan.Java.ClassLoader.k skipped
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\58EF7AF2.tmp Infected: Trojan.Java.ClassLoader.i skipped
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\5AE62ABD.exe Infected: Trojan.Win32.Delf.qs skipped
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\5B535D04.tmp Infected: Trojan.Java.ClassLoader.k skipped
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\5D4C2429.cla Infected: Trojan.Java.ClassLoader.i skipped
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\5D6C3601.cla Infected: Trojan.Java.ClassLoader.i skipped
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\5D705FFD.cla Infected: Trojan.Java.ClassLoader.k skipped
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\5D7309FA.cla Infected: Trojan.Java.ClassLoader.k skipped
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\5D7633F6.cla Infected: Trojan.Java.ClassLoader.i skipped
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\5D795DF2.cla Infected: Trojan.Java.ClassLoader.k skipped
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\62484394.cla Infected: Trojan.Java.ClassLoader.i skipped
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\630731A0.cla Infected: Trojan.Java.ClassLoader.k skipped
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\65693D7E.exe Infected: Trojan.Win32.Delf.qs skipped
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\67DE33B0.cla Infected: Trojan.Java.ClassLoader.k skipped
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\68DC6027.cla Infected: Trojan.Java.ClassLoader.k skipped
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\69617439.cla Infected: Trojan.Java.ClassLoader.i skipped
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\6A28039B.cla Infected: Trojan.Java.ClassLoader.k skipped
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\6B3E6554.cla Infected: Trojan.Java.ClassLoader.k skipped
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\6F096E59.cla Infected: Trojan.Java.ClassLoader.k skipped
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\6F4C2725.cla Infected: Trojan.Java.ClassLoader.i skipped
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\71051ABF.cla Infected: Trojan.Java.ClassLoader.k skipped
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\71CD660D.cla Infected: Trojan.Java.ClassLoader.k skipped
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\731F3020.exe Infected: Trojan-Downloader.Win32.Small.ait skipped
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\74133D6C.cla Infected: Trojan.Java.ClassLoader.k skipped
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\76D34451.cla Infected: Trojan.Java.ClassLoader.k skipped
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\77353FDE.cla Infected: Trojan.Java.ClassLoader.k skipped
    C:\Program Files\Norton Password Manager\AcctMgr.exe Infected: Trojan-Downloader.Win32.Agent.asl skipped
    C:\Program Files\QuickTime\qttask.exe Infected: Trojan-Downloader.Win32.Agent.asl skipped
    C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe Infected: Trojan-Downloader.Win32.Agent.asl skipped
    C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe Infected: Trojan-Downloader.Win32.Agent.asl skipped
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe Infected: Trojan-Downloader.Win32.Agent.asl skipped
    C:\Program Files\SymNetDrv\SNDMon.exe Infected: Trojan-Downloader.Win32.Agent.asl skipped
    C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
    C:\WINDOWS\SchedLgU.Txt Object is locked skipped
    C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
    C:\WINDOWS\SYSTEM32\CatRoot2\edb.log Object is locked skipped
    C:\WINDOWS\SYSTEM32\CatRoot2\tmp.edb Object is locked skipped
    C:\WINDOWS\SYSTEM32\CONFIG\AppEvent.Evt Object is locked skipped
    C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT Object is locked skipped
    C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG Object is locked skipped
    C:\WINDOWS\SYSTEM32\CONFIG\NetLimit.evt Object is locked skipped
    C:\WINDOWS\SYSTEM32\CONFIG\SAM Object is locked skipped
    C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG Object is locked skipped
    C:\WINDOWS\SYSTEM32\CONFIG\SecEvent.Evt Object is locked skipped
    C:\WINDOWS\SYSTEM32\CONFIG\SECURITY Object is locked skipped
    C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG Object is locked skipped
    C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE Object is locked skipped
    C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG Object is locked skipped
    C:\WINDOWS\SYSTEM32\CONFIG\SysEvent.Evt Object is locked skipped
    C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM Object is locked skipped
    C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG Object is locked skipped
    C:\WINDOWS\SYSTEM32\dla\tfswctrl.exe Infected: Trojan-Downloader.Win32.Agent.asl skipped
    C:\WINDOWS\SYSTEM32\DRIVERS\atapi.sys Object is locked skipped
    C:\WINDOWS\SYSTEM32\DRIVERS\dtscsi.sys Object is locked skipped
    C:\WINDOWS\SYSTEM32\DRIVERS\sptd.sys Object is locked skipped
    C:\WINDOWS\SYSTEM32\DRIVERS\sptd9325.sys Object is locked skipped
    C:\WINDOWS\SYSTEM32\DSentry.exe Infected: Trojan-Downloader.Win32.Agent.asl skipped
    C:\WINDOWS\SYSTEM32\H323LOG.TXT Object is locked skipped
    C:\WINDOWS\SYSTEM32\NeroCheck.exe Infected: Trojan-Downloader.Win32.Agent.asl skipped
    C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.BTR Object is locked skipped
    C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.MAP Object is locked skipped
    C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING.VER Object is locked skipped
    C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING1.MAP Object is locked skipped
    C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING2.MAP Object is locked skipped
    C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.DATA Object is locked skipped
    C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.MAP Object is locked skipped
    C:\WINDOWS\UpdReg.EXE Infected: Trojan-Downloader.Win32.Agent.asl skipped
    C:\WINDOWS\WindowsUpdate.log Object is locked skipped
    C:\WINDOWS\{00000002-00000000-00000002-00001102-00000004-10031102}.CDF Object is locked skipped
    G:\guitar lessons\Guitar_Pro_Tabs_partitions_Complete_mysongbook_Collection_(22699_parts_30.ju.03).zip Object is locked skipped
    G:\My Movies 2\Documentaries\(Documentary) Free Energy - The Race to Zero Point (Bearden, Physics, Tesla, Conspiracy, Technology Supressed) .zip Object is locked skipped
    G:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

    Scan process completed.
     
  4. Jag11

    Jag11

    Joined:
    May 30, 2005
    Messages:
    1,244
    I asked for a Panda log, not a Kaspersky log..

    Oh well..

    Open this folder -

    C:\Documents and Settings\Andres\Local Settings\Temp

    Delete everything inside it.

    ===

    Empty Norton's Quarantine.

    ===

    Delete these files :

    C:\Documents and Settings\Andres\My Documents\Cosas\Instalaciones\Programas\MSNPassDec.zip ZIP
    C:\Documents and Settings\Andres\My Documents\Cosas\Instalaciones\Programas\OmeNServE.zip ZIP
    C:\Documents and Settings\Andres\My Documents\Cosas\Instalaciones\Programas\setup_ares.exe

    ===

    Post back a fresh Hijackthis log.
     
  5. aquiros

    aquiros Thread Starter

    Joined:
    Feb 22, 2005
    Messages:
    33
    here's the panda log:
    Incident Status Location

    Virus:Trj/Downloader.JUR Disinfected Operating system
    Adware:adware/sbsoft Not disinfected Windows Registry
    Virus:Trj/Bl4ck.A Disinfected C:\Documents and Settings\Andres\Local Settings\Temp\t1155425074.dll
    Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Andres\My Documents\Cosas Desktop\Musica y cosas desktop\Herramientas\HSFix.zip[HSFix/Process.exe]
    Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Andres\My Documents\Cosas Desktop\Musica y cosas desktop\HSFix\Process.exe
    Virus:Trj/Downloader.JUR Disinfected C:\Program Files\ATI Multimedia\RemCtrl\ATIX10.exe
    Virus:Trj/Downloader.JUR Disinfected C:\Program Files\Common Files\Dell\EUSW\Support.exe
    Virus:Trj/Downloader.JUR Disinfected C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
    Virus:Trj/Downloader.JUR Disinfected C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
    Virus:Trj/Downloader.JUR Disinfected C:\Program Files\Norton Password Manager\AcctMgr.exe
    Virus:Trj/Downloader.JUR Disinfected C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
    Virus:Trj/Downloader.JUR Disinfected C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
     
  6. aquiros

    aquiros Thread Starter

    Joined:
    Feb 22, 2005
    Messages:
    33
    i have deleted all of that..
     
  7. Jag11

    Jag11

    Joined:
    May 30, 2005
    Messages:
    1,244
    Hi,

    Do you recognize this IP?

    196.40.3.10

    It belongs to Costa Rica..

    ==

    Can you do this for me also?

    Download WindPFind

    Extract WinPFind.zip to your c:\ folder.

    Reboot your computer into Safe Mode

    Then open c:\WinPFind and double-click on WinPFind.exe.
    When the program is open, click on the Start Scan button to start scanning your computer. Be patient as this scan may take a while.
    When it is done, it will show a log and tell you the scan is completed. Reboot your computer back to normal mode and and post the contents of c:\WinPFind\WinPFind.txt as a reply to this topic. Also post a new Hijackthis log.
     
  8. aquiros

    aquiros Thread Starter

    Joined:
    Feb 22, 2005
    Messages:
    33
    yes, its my prefered DNS server, it was deleted by a virus but i configured it again, im now writing from my computer again, also i have been working in safe mode all the time, is there a problem with that?
     
  9. aquiros

    aquiros Thread Starter

    Joined:
    Feb 22, 2005
    Messages:
    33
    this is the winpfind scan:

    WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

    If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

    »»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600
    Internet Explorer Version: 6.0.2900.2180

    »»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

    Checking %SystemDrive% folder...

    Checking %ProgramFilesDir% folder...

    Checking %WinDir% folder...

    Checking %System% folder...
    aspack 5/26/2005 3:34:52 PM 2297552 C:\WINDOWS\SYSTEM32\d3dx9_26.dll
    PEC2 8/29/2002 5:00:00 AM 41397 C:\WINDOWS\SYSTEM32\DFRG.MSC
    UPX! 11/24/2001 2:31:48 PM 65536 C:\WINDOWS\SYSTEM32\DVDAudio.ax
    UPX! 11/24/2001 2:28:14 PM 86528 C:\WINDOWS\SYSTEM32\DVDVideo.ax
    UPX! 12/3/2002 4:47:16 PM 172032 C:\WINDOWS\SYSTEM32\lame_enc.dll
    UPX! 5/15/2004 4:10:42 PM 75264 C:\WINDOWS\SYSTEM32\MACDec.dll
    PEC2 6/17/1998 8015872 C:\WINDOWS\SYSTEM32\MFC42.PDB
    PEC2 6/17/1998 3944448 C:\WINDOWS\SYSTEM32\MFC42D.PDB
    PEC2 6/17/1998 2052096 C:\WINDOWS\SYSTEM32\MFCD42D.PDB
    PEC2 6/17/1998 1454080 C:\WINDOWS\SYSTEM32\MFCN42D.PDB
    PEC2 6/17/1998 4395008 C:\WINDOWS\SYSTEM32\MFCO42D.PDB
    UPX! 6/19/2004 6:28:44 PM 177152 C:\WINDOWS\SYSTEM32\MonkeySource.ax
    PECompact2 8/2/2006 6:22:52 PM 8255912 C:\WINDOWS\SYSTEM32\MRT.exe
    aspack 8/2/2006 6:22:52 PM 8255912 C:\WINDOWS\SYSTEM32\MRT.exe
    aspack 8/4/2004 1:56:36 AM 708096 C:\WINDOWS\SYSTEM32\ntdll.dll
    Umonitor 8/4/2004 1:56:44 AM 657920 C:\WINDOWS\SYSTEM32\rasdlg.dll
    winsync 8/29/2002 5:00:00 AM 1309184 C:\WINDOWS\SYSTEM32\WBDBASE.DEU
    UPX! 5/23/2005 4:09:36 PM 242688 C:\WINDOWS\SYSTEM32\wbocx450.ocx

    Checking %System%\Drivers folder and sub-folders...
    PTech 8/3/2004 11:41:38 PM 1309184 C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys

    Items found in C:\WINDOWS\SYSTEM32\drivers\ETC\HOSTS


    Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
    8/12/2006 5:15:38 PM S 2048 C:\WINDOWS\BOOTSTAT.DAT
    8/11/2006 10:20:56 PM H 0 C:\WINDOWS\LastGood\INF\oem16.inf
    8/11/2006 10:20:56 PM H 0 C:\WINDOWS\LastGood\INF\oem16.PNF
    8/12/2006 5:50:42 PM H 28672 C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG
    8/12/2006 5:16:32 PM H 1024 C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG
    8/13/2006 9:16:34 AM H 32768 C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG
    8/13/2006 9:38:30 AM H 335872 C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG
    8/13/2006 9:43:54 AM H 16384 C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG
    8/8/2006 11:17:22 PM H 1024 C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\NTUSER.DAT.LOG
    7/19/2006 8:53:56 PM HS 388 C:\WINDOWS\SYSTEM32\Microsoft\Protect\S-1-5-18\User\dcc5d2e0-38a8-47f3-a3e3-073cea3cb741
    7/19/2006 8:53:56 PM HS 24 C:\WINDOWS\SYSTEM32\Microsoft\Protect\S-1-5-18\User\Preferred
    8/12/2006 9:48:30 AM H 6 C:\WINDOWS\Tasks\SA.DAT

    Checking for CPL files...
    8/19/2003 9:20:04 AM 180224 C:\WINDOWS\SYSTEM32\ac3filter.cpl
    Microsoft Corporation 8/4/2004 1:56:58 AM 68608 C:\WINDOWS\SYSTEM32\access.cpl
    Microsoft Corporation 8/4/2004 1:56:58 AM 549888 C:\WINDOWS\SYSTEM32\appwiz.cpl
    Creative Technology Ltd. 5/28/2001 1:47:00 PM 32768 C:\WINDOWS\SYSTEM32\AudioHQU.cpl
    Broadcom Corporation 6/3/2003 10:38:44 AM 94208 C:\WINDOWS\SYSTEM32\BCMSM.CPL
    Microsoft Corporation 8/4/2004 1:56:58 AM 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl
    Microsoft Corporation 8/4/2004 1:56:58 AM 135168 C:\WINDOWS\SYSTEM32\desk.cpl
    Microsoft Corporation 8/4/2004 1:56:58 AM 80384 C:\WINDOWS\SYSTEM32\firewall.cpl
    Microsoft Corporation 8/4/2004 1:56:58 AM 155136 C:\WINDOWS\SYSTEM32\hdwwiz.cpl
    Ahead Software AG 12/23/2003 3:40:52 PM 57344 C:\WINDOWS\SYSTEM32\ImageDrive.cpl
    Microsoft Corporation 8/4/2004 1:56:58 AM 358400 C:\WINDOWS\SYSTEM32\inetcpl.cpl
    Microsoft Corporation 8/4/2004 1:56:58 AM 129536 C:\WINDOWS\SYSTEM32\intl.cpl
    Microsoft Corporation 8/4/2004 1:56:58 AM 380416 C:\WINDOWS\SYSTEM32\irprops.cpl
    Microsoft Corporation 8/4/2004 1:56:58 AM 68608 C:\WINDOWS\SYSTEM32\joy.cpl
    Sun Microsystems 11/25/2003 12:24:08 AM 53352 C:\WINDOWS\SYSTEM32\jpicpl32.cpl
    Microsoft Corporation 8/29/2002 5:00:00 AM 187904 C:\WINDOWS\SYSTEM32\MAIN.CPL
    AvantGo, Inc. 12/21/2003 7:28:12 PM 69632 C:\WINDOWS\SYSTEM32\MBLLNK.CPL
    Microsoft Corporation 8/4/2004 1:56:58 AM 618496 C:\WINDOWS\SYSTEM32\mmsys.cpl
    Microsoft Corporation 8/29/2002 5:00:00 AM 35840 C:\WINDOWS\SYSTEM32\NCPA.CPL
    Microsoft Corporation 8/4/2004 1:56:58 AM 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl
    Microsoft Corporation 8/4/2004 1:56:58 AM 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl
    NVIDIA Corporation 3/24/2004 10:04:00 AM 73728 C:\WINDOWS\SYSTEM32\nvtuicpl.cpl
    Microsoft Corporation 8/4/2004 1:56:58 AM 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl
    Autodesk, Inc. 2/14/2003 1:34:12 AM 205472 C:\WINDOWS\SYSTEM32\plotman.cpl
    Microsoft Corporation 8/4/2004 1:56:58 AM 114688 C:\WINDOWS\SYSTEM32\powercfg.cpl
    Intel(R) Corporation 3/11/2003 4:15:56 PM 77824 C:\WINDOWS\SYSTEM32\PRApplet.cpl
    Autodesk, Inc. 2/14/2003 1:34:14 AM 205472 C:\WINDOWS\SYSTEM32\styleman.cpl
    Microsoft Corporation 8/4/2004 1:56:58 AM 298496 C:\WINDOWS\SYSTEM32\sysdm.cpl
    Microsoft Corporation 8/29/2002 5:00:00 AM 28160 C:\WINDOWS\SYSTEM32\TELEPHON.CPL
    Microsoft Corporation 8/4/2004 1:56:58 AM 94208 C:\WINDOWS\SYSTEM32\timedate.cpl
    Microsoft Corporation 8/4/2004 1:56:58 AM 148480 C:\WINDOWS\SYSTEM32\wscui.cpl
    Microsoft Corporation 8/3/2004 2:03:24 PM 167704 C:\WINDOWS\SYSTEM32\wuaucpl.cpl

    »»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

    Checking files in %ALLUSERSPROFILE%\Startup folder...
    7/11/2005 7:09:28 PM 890 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk
    9/3/2002 9:00:00 AM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DESKTOP.INI
    3/28/2004 6:38:08 PM 1730 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
    2/10/2004 11:22:36 AM 1627 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MUPS.lnk

    Checking files in %ALLUSERSPROFILE%\Application Data folder...
    9/3/2002 8:50:46 AM HS 62 C:\Documents and Settings\All Users\Application Data\DESKTOP.INI
    6/22/2006 9:38:00 PM 1350 C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache

    Checking files in %USERPROFILE%\Startup folder...
    9/3/2002 9:00:00 AM HS 84 C:\Documents and Settings\Andres\Start Menu\Programs\Startup\DESKTOP.INI

    Checking files in %USERPROFILE%\Application Data folder...
    6/5/2006 11:28:12 PM HS 85 C:\Documents and Settings\Andres\Application Data\.zreglib
    9/3/2002 8:50:46 AM HS 62 C:\Documents and Settings\Andres\Application Data\DESKTOP.INI
    7/29/2004 10:07:20 PM 0 C:\Documents and Settings\Andres\Application Data\dm.ini
    9/23/2004 10:42:12 PM 55648 C:\Documents and Settings\Andres\Application Data\GDIPFONTCACHEV1.DAT

    »»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
    SV1 =
    iOpus-I-M =

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

    [HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
    HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\7-Zip
    {23170F69-40C1-278A-1000-000100020000} = C:\Program Files\7-Zip\7-zipn.dll
    HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\EncodeDivXExt
    {E9F5B111-CACC-4FD4-81FD-4EB4FD6765A3} =
    HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\HESHELL
    {34A071FF-EB10-46E9-9206-C7F14A31AA22} =
    HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
    {750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
    HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
    {09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
    HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
    {A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
    HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
    {5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} = C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinRAR
    {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
    HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinZip
    {E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
    HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
    Start Menu Pin = %SystemRoot%\system32\SHELL32.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\7-Zip
    {23170F69-40C1-278A-1000-000100020000} = C:\Program Files\7-Zip\7-zipn.dll
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\HESHELL
    {34A071FF-EB10-46E9-9206-C7F14A31AA22} =
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
    {5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} = C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinRAR
    {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinZip
    {E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\7-Zip
    {23170F69-40C1-278A-1000-000100020000} = C:\Program Files\7-Zip\7-zipn.dll
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
    {A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
    {750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
    {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinRAR
    {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinZip
    {E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
    = %SystemRoot%\system32\SHELL32.dll
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
    = %SystemRoot%\system32\SHELL32.dll
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
    = %SystemRoot%\system32\SHELL32.dll
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
    = %SystemRoot%\system32\SHELL32.dll

    [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
    AcroIEHlprObj Class = C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}
    = C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}
    DriveLetterAccess = C:\WINDOWS\system32\dla\tfswshx.dll
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9ECB9560-04F9-4bbc-943D-298DDF1699E1}
    CNisExtBho Class = C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}
    Google Toolbar Helper = c:\program files\google\googletoolbar1.dll
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDF3E430-B101-42AD-A544-FADC6B084872}
    CNavExtBho Class = C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
    &Tip of the Day = %SystemRoot%\System32\shdocvw.dll
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{9455301C-CF6B-11D3-A266-00C04F689C50}
    &Investigador de Encarta = C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROPROJ.DLL

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
    {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} = Norton Internet Security : C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = Norton AntiVirus : C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    {2318C2B1-4965-11d4-9B18-009027A5CD4F} = &Google : c:\program files\google\googletoolbar1.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F}
    ButtonText = Create Mobile Favorite :
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F}
    MenuText = Create Mobile Favorite... : C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{44226DFF-747E-4edc-B30C-78752E50CD0C}
    ButtonText = ATI TV :
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{9455301C-CF6B-11D3-A266-00C04F689C50}
    ButtonText = Investigador :
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}
    ButtonText = Messenger : C:\Program Files\Messenger\msmsgs.exe

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
    =

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
    {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = Norton AntiVirus : C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    {01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll
    {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} = :
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
    {01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll
    {0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll
    {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} = Norton Internet Security : C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = Norton AntiVirus : C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    {2318C2B1-4965-11D4-9B18-009027A5CD4F} = &Google : c:\program files\google\googletoolbar1.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    NvMediaCenter RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    nwiz nwiz.exe /install
    NvCplDaemon RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    CTHelper CTHELPER.EXE
    BCMSMMSG BCMSMMSG.exe

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
    IMAIL Installed = 1
    MAPI Installed = 1
    MSFS Installed = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    ctfmon.exe C:\WINDOWS\system32\ctfmon.exe
    msnmsgr "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg
    key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    item
    hkey HKCU
    command
    inimapping 0


    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\{0228e555-4f9c-4e35-a3ec-b109a192b4c2}
    key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    item gnotify
    hkey HKLM
    command C:\Program Files\Google\Gmail Notifier\G001-1.0.24.0\gnotify.exe
    inimapping 0

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state
    system.ini 0
    win.ini 0
    bootini 0
    services 0
    startup 2


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
    {BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
    {6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
    {0DF44EAA-FF21-4412-828E-260A8728E7F1} =


    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
    dontdisplaylastusername 0
    legalnoticecaption
    legalnoticetext
    shutdownwithoutlogon 1
    undockwithoutlogon 1


    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\comdlg32
    NoBackButton 0
    NoFileMru 0

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
    NoDriveTypeAutoRun 145


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
    CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
    WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll
    SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    UserInit = C:\WINDOWS\system32\userinit.exe,
    Shell = Explorer.exe
    System =

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
    = crypt32.dll

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
    = cryptnet.dll

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
    = cscdll.dll

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
    = wlnotify.dll

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
    = wlnotify.dll

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
    = sclgntfy.dll

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
    = WlNotify.dll

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
    = wlnotify.dll

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
    = wlnotify.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
    Debugger = ntsd -d

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    AppInit_DLLs


    »»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
    Scan completed on 8/13/2006 9:45:16 AM
     
  10. aquiros

    aquiros Thread Starter

    Joined:
    Feb 22, 2005
    Messages:
    33
    here's the new hijak this log:

    Logfile of HijackThis v1.99.1
    Scan saved at 9:50:29 AM, on 8/13/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Andres\Desktop\jet.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: MUPS.lnk = C:\Program Files\Belkin Bulldog Plus\MUPS.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
    O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\tv\EXPLBAR.DLL
    O9 - Extra button: Investigador - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1108525071984
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {C4660846-8760-4852-8154-82438E33E383} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/es/filesharingctrl.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{27F6C8C9-490D-4A96-8A3D-F1C7F128D688}: NameServer = 196.40.3.10,196.40.31.66
    O17 - HKLM\System\CS1\Services\Tcpip\..\{27F6C8C9-490D-4A96-8A3D-F1C7F128D688}: NameServer = 196.40.3.10,196.40.31.66
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    O23 - Service: UPS - UPSentry Service (UPSentry_Smart) - Delta - C:\Program Files\Belkin Bulldog Plus\upsd.exe
    O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)
     
  11. Jag11

    Jag11

    Joined:
    May 30, 2005
    Messages:
    1,244
    Hi,

    As you can see, these legit program files were infected :

    If you still use any of those programs, then you need to reinstall each of them because the files were infected and were already deleted by Panda.

    The WinPFind log came back clean.. Can you do this for me :

    Please download & Install - FixWareout.exe

    When you reach the final page of the installation process, make sure Run fixit is checked.
    Follow the on-screen prompts & reboot your computer when instructed to do so.

    NOTE : Do not be alarmed if your computer takes longer than usual to load -- this is normal

    FixWareOut will produce a logfile, located here - C:\fixwareout\report.txt. Post it on your next reply. Also post a new HJT log file. :)
     
  12. aquiros

    aquiros Thread Starter

    Joined:
    Feb 22, 2005
    Messages:
    33
    hi,
    sorry to keep bothering you, here's the hijack log and the report, i'm working right now in safe mode(the hijackthis log is from regular mode), because in regular mode internet is incredibly slow or not working at all, do you have any idea of what this could be? also the iexplorer initial page was changed to www.msn.com..

    thanks


    Logfile of HijackThis v1.99.1
    Scan saved at 6:23:08 PM, on 8/14/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Norton Internet Security\ISSVC.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    C:\WINDOWS\System32\CTsvcCDA.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\Belkin Bulldog Plus\upsd.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\WINDOWS\system32\CTHELPER.EXE
    C:\WINDOWS\BCMSMMSG.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Belkin Bulldog Plus\MUPS.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\taskmgr.exe
    C:\Documents and Settings\Andres\Desktop\jet.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahool.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: MUPS.lnk = C:\Program Files\Belkin Bulldog Plus\MUPS.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
    O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\tv\EXPLBAR.DLL
    O9 - Extra button: Investigador - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1108525071984
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {C4660846-8760-4852-8154-82438E33E383} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/es/filesharingctrl.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{27F6C8C9-490D-4A96-8A3D-F1C7F128D688}: NameServer = 196.40.3.10,196.40.31.66
    O17 - HKLM\System\CS1\Services\Tcpip\..\{27F6C8C9-490D-4A96-8A3D-F1C7F128D688}: NameServer = 196.40.3.10,196.40.31.66
    O17 - HKLM\System\CS2\Services\Tcpip\..\{27F6C8C9-490D-4A96-8A3D-F1C7F128D688}: NameServer = 196.40.3.10,196.40.31.66
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    O23 - Service: UPS - UPSentry Service (UPSentry_Smart) - Delta - C:\Program Files\Belkin Bulldog Plus\upsd.exe
    O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)

    --------------------------------------------------------------------------------------------------------

    Report of fixwareout:


    Fixwareout ver 1.003
    Last edited 8/11/2006
    Post this report in the forums please

    Reg Entries that were deleted
    ...

    Microsoft (R) Windows Script Host Version 5.6
    Random Runs removed from HKLM
    ...

    PLEASE NOTE, There WILL be LEGITIMATE FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.

    »»»»» Searching by size/names...

    »»»»»
    Search five digit cs, dm and jb files.
    This WILL/CAN also list Legit Files, Submit them at Virustotal

    Other suspects.
    Directory of C:\WINDOWS\system32

    »»»»» Misc files.

    »»»»» Checking for older varients covered by the Rem3 tool.
    ----------------------------------------------------------------------------------------------------------------------------

    Here's also another panda log:



    Incident Status Location

    Adware:adware/sbsoft Not disinfected Windows Registry
    Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Andres\Cookies\[email protected][1].txt
    Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Andres\Local Settings\Temp\Cookies\[email protected][2].txt
     
  13. Jag11

    Jag11

    Joined:
    May 30, 2005
    Messages:
    1,244
    Hmm.. I wonder why it's still slow. Your log looks fine now, and Panda just found some cookies.. Also your WinPFind log looks clean too. How much RAM do you have?
     
  14. aquiros

    aquiros Thread Starter

    Joined:
    Feb 22, 2005
    Messages:
    33
    hi,
    my ram is 1 gb, 2.8GHz, pentium 4 processor...
     
  15. aquiros

    aquiros Thread Starter

    Joined:
    Feb 22, 2005
    Messages:
    33
    i can't use msn messenger on regular mode either, only in safe mode, it sais there is a problem with the hosts file and key ports, could you help me with this also please?
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/490694

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice