1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

system error trojan horses.....again

Discussion in 'Malware and Virus Removal Archive' started by anazul, 2008/07/14.

  1. 2008/07/14
    anazul

    anazul Inactive Thread Starter

    Joined:
    2008/07/14
    Messages:
    2
    Likes Received:
    0
    Hi can noahdfear help me please!!!! I have solve that problem but it's back again...i already have the mbam log and Hijackthis and Deckard's System Scanne..can you hlp me????

    I post the MDAM log:

    Malwarebytes' Anti-Malware 1.20
    Versión de la Base de Datos: 949
    Windows 5.1.2600 Service Pack 2

    02:09:38 p.m. 14/07/2008
    mbam-log-7-14-2008 (14-09-38).txt

    Tipo de examen : Examen Rápido
    Objetos examinados: 49336
    Tiempo transcurrido: 10 minute(s), 41 second(s)

    Procesos en Memoria Infectados: 0
    Módulos en Memoria Infectados: 1
    Claves del Registro Infectadas: 22
    Valores del Registro Infectados: 0
    Elementos de Datos del Registro Infectados: 0
    Carpetas Infectadas: 0
    Ficheros Infectados: 3

    Procesos en Memoria Infectados:
    (No se han detectado elementos maliciosos)

    Módulos en Memoria Infectados:
    C:\WINDOWS\system32\AswBHO.dll (Trojan.BHO) -> Unloaded module successfully.

    Claves del Registro Infectadas:
    HKEY_CLASSES_ROOT\aswbho.aswplugin (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{f8ade252-1bba-4fc0-8a0c-3e6e164e13c8} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{284aaad9-fdf9-49a3-93ed-9cae4aa26805} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{284aaad9-fdf9-49a3-93ed-9cae4aa26805} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{bb3b8af6-8886-4525-aae9-339da17e23c7} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\aswbho.aswplugin.1 (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\AppID\{a93a1ba9-9ee8-469f-a9fe-fd1c26700bda} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\alewinsecure.winsecure (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\alewinsecure.winsecure.1 (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{a1789eb6-b263-4bd6-8830-d3daaf78949a} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a75e294e-c047-4d29-b07e-37b792881bef} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\AppID\AleWinSecure.EXE (Adware.Agent) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\mywebsearch.htmlpanel (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    Valores del Registro Infectados:
    (No se han detectado elementos maliciosos)

    Elementos de Datos del Registro Infectados:
    (No se han detectado elementos maliciosos)

    Carpetas Infectadas:
    (No se han detectado elementos maliciosos)

    Ficheros Infectados:
    C:\WINDOWS\system32\AswBHO.dll (Trojan.BHO) -> Delete on reboot.
    C:\WINDOWS\system32\ide21201.vxd (Adware.Winad) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\clbinit.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
     
    Last edited: 2008/07/14
    anazul,
    #1
  2. 2008/07/14
    anazul

    anazul Inactive Thread Starter

    Joined:
    2008/07/14
    Messages:
    2
    Likes Received:
    0
    DDS main:

    Deckard's System Scanner v20071014.68
    Run by LM on 2008-07-14 14:20:47
    Computer is in Normal Mode.
    --------------------------------------------------------------------------------

    -- System Restore --------------------------------------------------------------

    Failed to create restore point; unknown error code 0x0000007E


    -- Last 5 Restore Point(s) --
    19: 2008-07-14 20:20:49 UTC - RP19 - Deckard's System Scanner Restore Point
    18: 2008-07-13 23:02:59 UTC - RP18 - Software Distribution Service 3.0
    17: 2008-07-13 21:38:56 UTC - RP17 - Instalado OpenOffice.org Installer 1.0
    16: 2008-07-13 21:24:48 UTC - RP16 - Instalado Java(TM) 6 Update 7
    15: 2008-07-12 23:03:44 UTC - RP15 - Software Distribution Service 3.0


    -- First Restore Point --
    1: 2008-07-09 12:53:51 UTC - RP1 - Punto de control del sistema


    Backed up registry hives.
    Performed disk cleanup.



    -- HijackThis (run as LM.exe) --------------------------------------------------

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 14:22:51, on 14/07/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16674)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\S24EvMon.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Archivos de programa\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
    C:\Archivos de programa\WIDCOMM\Software Bluetooth\bin\btwdins.exe
    C:\WINDOWS\system32\crypserv.exe
    C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\System32\RegSrvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZCfgSvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\Archivos de programa\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Archivos de programa\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Archivos de programa\HP\HP Software Update\HPWuSchd2.exe
    C:\Archivos de programa\Java\jre1.6.0_07\bin\jusched.exe
    C:\Archivos de programa\iTunes\iTunesHelper.exe
    C:\Archivos de programa\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Archivos de programa\WIDCOMM\Software Bluetooth\BTTray.exe
    C:\Archivos de programa\HP\Digital Imaging\bin\hpqtra08.exe
    C:\WINDOWS\system32\VirtualExpander\VirtualExpander.exe
    C:\Archivos de programa\iPod\bin\iPodService.exe
    C:\Archivos de programa\Microsoft Office\Office10\msoffice.exe
    C:\Archivos de programa\HP\Digital Imaging\bin\hpqgalry.exe
    C:\ARCHIV~1\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Documents and Settings\andy.ANDRES\Escritorio\dss.exe
    C:\ARCHIV~1\TRENDM~1\HIJACK~1\LM.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
    R3 - URLSearchHook: Barra Yahoo! con bloqueador de ventanas emergentes - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Archivos de programa\Java\jre1.6.0_07\bin\ssv.dll
    O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
    O4 - HKLM\..\Run: [ATIPTA] C:\Archivos de programa\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Archivos de programa\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe "
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [Cpqset] C:\Archivos de programa\HPQ\Default Settings\cpqset.exe
    O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Archivos de programa\Intel\NCS\PROSet\PRONoMgr.exe
    O4 - HKLM\..\Run: [HP Software Update] "C:\Archivos de programa\HP\HP Software Update\HPWuSchd2.exe "
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Archivos de programa\Java\jre1.6.0_07\bin\jusched.exe "
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Archivos de programa\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Archivos de programa\iTunes\iTunesHelper.exe "
    O4 - HKLM\..\Run: [AVP] "C:\Archivos de programa\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe "
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICIO LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Servicio de red')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Startup: VirtualExpander.lnk = C:\WINDOWS\system32\VirtualExpander\VirtualExpander.exe
    O4 - Global Startup: BTTray.lnk = ?
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Archivos de programa\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Inicio rápido de Adobe Reader.lnk = C:\Archivos de programa\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Inicio rápido de HP Image Zone.lnk = C:\Archivos de programa\HP\Digital Imaging\bin\hpqthb08.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Archivos de programa\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: Add to Anti-Banner - C:\Archivos de programa\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Archivos de programa\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\System32\shdocvw.dll
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\System32\shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
    O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - C:\WINDOWS\System32\shdocvw.dll (HKCU)
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - http://messenger.zone.msn.com/binary/MJSS.cab69309.cab
    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120479644823
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
    O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{5004D877-DA30-4780-8E08-9A6DABF0AF93}: NameServer = 10.0.0.1
    O20 - AppInit_DLLs: C:\ARCHIV~1\KASPER~1\KASPER~1.0\adialhk.dll
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Archivos de programa\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
    O23 - Service: Bluetooth Service (btwdins) - Unknown owner - C:\Archivos de programa\WIDCOMM\Software Bluetooth\bin\btwdins.exe
    O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Archivos de programa\Archivos comunes\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Servicio del iPod (iPod Service) - Apple Inc. - C:\Archivos de programa\iPod\bin\iPodService.exe
    O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Archivos de programa\Archivos comunes\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: Windows Network Service (MCIService) - Unknown owner - (no file)
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Archivos de programa\Intel\NCS\Sync\NetSvc.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
    O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe

    --
    End of file - 9609 bytes

    -- File Associations -----------------------------------------------------------

    .reg - regfile - shell\open\command - regedit.exe "%1" %*
    .scr - scrfile - shell\open\command - "%1" %*


    -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

    R0 ENECBPTH (ENE Cardbus Patch Driver) - c:\windows\system32\drivers\enecbpth.sys <Not Verified; EnE Technology Inc.; EnE Cardbus Patch Driver for Windows (R) 2000/XP>
    R1 NetworkX - c:\windows\system32\ckldrv.sys
    R2 BTSERIAL (Bluetooth Serial Driver) - c:\windows\system32\drivers\btserial.sys
    R2 BTSLBCSP (Bluetooth Port Client Driver) - c:\windows\system32\drivers\btslbcsp.sys <Not Verified; ; Bluetooth Software 1.4.1 Build 3>
    R2 s24trans (WLAN Transport) - c:\windows\system32\drivers\s24trans.sys <Not Verified; Intel Corporation; Intel Wireless LAN Packet Driver>

    S2 FILESpy - c:\archivos de programa\bullguard\filespy.sys (file missing)
    S2 REGSpy - c:\archivos de programa\bullguard\regspy.sys (file missing)
    S3 PCANDIS5 (PCANDIS5 Protocol Driver) - c:\windows\system32\pcandis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
    S3 pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
    S3 PNDIS5 (PNDIS5 NDIS Protocol Driver) - e:\pndis5.sys (file missing)
    S3 Profos - c:\archivos de programa\archivos comunes\bitdefender\bitdefender threat scanner\profos.sys (file missing)
    S3 PROX11AB (ORiNOCO 802.11a/b Network Adapter Service) - c:\windows\system32\drivers\ntpr11ab.sys <Not Verified; Proxim Corp.; ORiNOCO 802.11a/b ComboCard>
    S3 TNET1130 (D-Link AirPlus XtremeG+ Wireless Adapter) - c:\windows\system32\drivers\gplus.sys <Not Verified; D-Link; >
    S3 Trufos - c:\archivos de programa\archivos comunes\bitdefender\bitdefender threat scanner\trufos.sys (file missing)


    -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

    R2 Apple Mobile Device - "c:\archivos de programa\archivos comunes\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
    R2 Crypkey License - crypserv.exe <Not Verified; Kenonic Controls Ltd.; CrypKey Software Licensing System>
    R2 RegSrvc - c:\windows\system32\regsrvc.exe <Not Verified; Intel Corporation; RegSrvc Module>

    S2 MCIService (Windows Network Service) -
    S3 FLEXnet Licensing Service - "c:\archivos de programa\archivos comunes\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>


    -- Device Manager: Disabled ----------------------------------------------------

    No disabled devices found.


    -- Scheduled Tasks -------------------------------------------------------------

    2008-07-13 17:28:31 394 --a------ C:\WINDOWS\Tasks\Symantec NetDetect.job
    2008-07-05 15:14:01 298 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


    -- Files created between 2008-06-14 and 2008-07-14 -----------------------------

    2008-07-14 14:18:25 0 d-------- C:\Archivos de programa\Trend Micro
    2008-07-14 13:55:13 0 d-------- C:\Archivos de programa\Malwarebytes' Anti-Malware
    2008-07-13 15:38:57 0 d-------- C:\Archivos de programa\Sun
    2008-07-12 14:16:09 96966 --a------ C:\WINDOWS\system32\drivers\klin.dat
    2008-07-12 14:16:09 88774 --a------ C:\WINDOWS\system32\drivers\klick.dat
    2008-07-12 14:14:23 23328 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
    2008-07-12 14:14:23 3440672 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
    2008-07-12 14:14:23 0 d-------- C:\Archivos de programa\Kaspersky Lab
    2008-07-10 14:53:57 0 d------c- C:\RegUnlocker Backups
    2008-07-10 14:17:28 0 d------c- C:\327882R2FWJFW
    2008-07-10 06:36:37 0 d------c- C:\!KillBox
    2008-07-09 22:25:31 0 d-------- C:\Archivos de programa\Disk Cleaner
    2008-07-09 21:04:33 0 d-------- C:\Archivos de programa\Regseeker <REGSEE~1>
    2008-07-08 17:40:45 10752 --a------ C:\WINDOWS\system32\clb.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
    2008-07-08 07:18:22 81984 --a------ C:\WINDOWS\system32\bdod.bin
    2008-06-30 14:50:42 0 d-------- C:\Archivos de programa\iPod
    2008-06-30 14:49:26 0 d-------- C:\Archivos de programa\iTunes
    2008-06-30 14:33:18 0 d-------- C:\Archivos de programa\QuickTime
    2008-06-30 14:24:10 0 d-------- C:\Archivos de programa\Apple Software Update
    2008-06-30 14:11:43 0 d-------- C:\Archivos de programa\Archivos comunes\Apple


    -- Find3M Report ---------------------------------------------------------------

    2008-07-14 14:13:44 8405015 --a------ C:\WINDOWS\TempFile
    2008-07-14 13:55:20 0 d-------- C:\Documents and Settings\andy.ANDRES\Datos de programa\Malwarebytes
    2008-07-13 15:37:59 0 d-------- C:\Archivos de programa\Java
    2008-07-13 11:34:46 109400 --a------ C:\Documents and Settings\andy.ANDRES\Datos de programa\GDIPFONTCACHEV1.DAT
    2008-07-12 14:33:32 0 d-------- C:\Archivos de programa\Archivos comunes
    2008-07-12 07:24:56 0 d-------- C:\Documents and Settings\andy.ANDRES\Datos de programa\uTorrent
    2008-07-11 18:31:51 0 d-------- C:\Archivos de programa\Archivos comunes\Adobe
    2008-07-11 18:20:08 0 d-------- C:\Documents and Settings\andy.ANDRES\Datos de programa\AdobeUM
    2008-07-11 17:57:11 0 d-------- C:\Documents and Settings\andy.ANDRES\Datos de programa\Adobe
    2008-07-10 06:29:04 469676 --a----c- C:\WINDOWS\system32\perfh00A.dat
    2008-07-10 06:29:04 83308 --a----c- C:\WINDOWS\system32\perfc00A.dat
    2008-07-10 06:04:14 0 d-------- C:\Documents and Settings\andy.ANDRES\Datos de programa\Macromedia
    2008-07-09 06:55:14 109400 --a------ C:\WINDOWS\system32\GDIPFONTCACHEV1.DAT
    2008-07-09 06:28:14 0 d-------- C:\Archivos de programa\Yahoo!
    2008-07-08 20:11:31 0 d-------- C:\Archivos de programa\Archivos comunes\BitDefender
    2008-06-30 15:36:39 0 d-------- C:\Documents and Settings\andy.ANDRES\Datos de programa\Apple Computer
    2008-06-27 07:27:13 0 d-------- C:\Archivos de programa\LimeWire
    2008-06-13 23:15:24 0 d-------- C:\Archivos de programa\Mozilla Firefox 3 Beta 3
    2008-06-13 22:37:08 0 d-------- C:\Documents and Settings\andy.ANDRES\Datos de programa\Serif
    2008-06-08 19:33:42 0 d-------- C:\Archivos de programa\StuffPlug3
    2008-06-08 11:19:43 0 d-------- C:\Documents and Settings\andy.ANDRES\Datos de programa\Thinstall
    2008-06-08 09:38:42 0 d-------- C:\Documents and Settings\andy.ANDRES\Datos de programa\U3
    2008-06-04 07:16:05 0 d-------- C:\Documents and Settings\andy.ANDRES\Datos de programa\Mozilla
    2008-06-02 01:25:18 0 d-------- C:\Archivos de programa\Archivos comunes\Cisco Systems
    2008-06-02 01:15:57 0 d-------- C:\Archivos de programa\Movie Maker
    2008-06-02 01:14:27 0 d-------- C:\Archivos de programa\Microsoft Works
    2008-06-02 01:14:09 0 d-------- C:\Archivos de programa\Messenger
    2008-06-02 01:14:07 0 d-------- C:\Archivos de programa\Easy Internet signup
    2008-06-02 00:49:50 0 d-------- C:\Documents and Settings\andy.ANDRES\Datos de programa\vlc
    2008-06-02 00:49:50 0 d-------- C:\Archivos de programa\VideoLAN
    2008-06-01 20:43:59 0 d-------- C:\Documents and Settings\andy.ANDRES\Datos de programa\SiteAdvisor
    2008-05-31 20:20:32 0 d-------- C:\Documents and Settings\andy.ANDRES\Datos de programa\BitTorrent
    2008-05-12 13:54:03 1169 --a------ C:\WINDOWS\mozver.dat
    2008-05-11 21:41:59 0 --a------ C:\WINDOWS\nsreg.dat
    2008-05-04 15:19:50 33 --a------ C:\Documents and Settings\andy.ANDRES\Datos de programa\pcouffin.log
    2008-05-04 15:19:48 47360 --a------ C:\Documents and Settings\andy.ANDRES\Datos de programa\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
    2008-05-04 15:19:48 1144 --a------ C:\Documents and Settings\andy.ANDRES\Datos de programa\pcouffin.inf
    2008-05-04 15:19:48 7887 --a------ C:\Documents and Settings\andy.ANDRES\Datos de programa\pcouffin.cat
    2008-04-28 17:40:00 191488 --a------ C:\WINDOWS\system32\hlvdd.dll <Not Verified; Aladdin Knowledge Systems Ltd.; Hardlock Win32 DLL>
    2008-04-21 21:29:37 249856 --a------ C:\WINDOWS\system32\pdfmona.dll <Not Verified; TODO: <Company name>; TODO: <Product name>>
    2008-04-21 21:29:37 51716 --a------ C:\WINDOWS\system32\pdf995mon.dll
    2008-04-14 14:30:57 1961476 --a------ C:\Documents and Settings\andy.ANDRES\Datos de programa\vso_ts_preview.xml


    -- Registry Dump ---------------------------------------------------------------

    *Note* empty entries & legit default entries are not shown


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ATIPTA "= "C:\Archivos de programa\ATI Technologies\ATI Control Panel\atiptaxx.exe" [24/04/2003 14:00]
    "AdaptecDirectCD "= "C:\Archivos de programa\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [10/09/2007 20:15]
    "AGRSMMSG "= "AGRSMMSG.exe" [04/03/2005 15:01 C:\WINDOWS\AGRSMMSG.exe]
    "Cpqset "= "C:\Archivos de programa\HPQ\Default Settings\cpqset.exe" [01/05/2003 06:59]
    "PRONoMgr.exe "= "C:\Archivos de programa\Intel\NCS\PROSet\PRONoMgr.exe" [11/09/2007 06:19]
    "HP Software Update "= "C:\Archivos de programa\HP\HP Software Update\HPWuSchd2.exe" [10/09/2007 20:15]
    "SunJavaUpdateSched "= "C:\Archivos de programa\Java\jre1.6.0_07\bin\jusched.exe" [10/06/2008 04:27]
    "QuickTime Task "= "C:\Archivos de programa\QuickTime\qttask.exe" [27/05/2008 10:50]
    "iTunesHelper "= "C:\Archivos de programa\iTunes\iTunesHelper.exe" [02/06/2008 11:13]
    "AVP "= "C:\Archivos de programa\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [30/01/2008 18:53]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE "= "C:\WINDOWS\system32\ctfmon.exe" [19/08/2004 16:42]

    C:\Documents and Settings\andy.ANDRES\Men£ Inicio\Programas\Inicio\
    VirtualExpander.lnk - C:\WINDOWS\system32\VirtualExpander\VirtualExpander.exe [10/09/2007 07:35:52 p.m.]

    C:\Documents and Settings\All Users.WINDOWS\Men£ Inicio\Programas\Inicio\
    BTTray.lnk - C:\Archivos de programa\WIDCOMM\Software Bluetooth\BTTray.exe [24/03/2003 02:07:50 p.m.]
    HP Digital Imaging Monitor.lnk - C:\Archivos de programa\HP\Digital Imaging\bin\hpqtra08.exe [04/11/2004 07:28:24 p.m.]
    Inicio r pido de Adobe Reader.lnk - C:\Archivos de programa\Adobe\Acrobat 7.0\Reader\reader_sl.exe [23/04/2008 03:38:16 a.m.]
    Inicio r pido de HP Image Zone.lnk - C:\Archivos de programa\HP\Digital Imaging\bin\hpqthb08.exe [04/11/2004 07:50:52 p.m.]
    Microsoft Office.lnk - C:\Archivos de programa\Microsoft Office\Office10\OSA.EXE [13/02/2001 01:01:04 a.m.]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring]
    C:\WINDOWS\System32\LgNotify.dll 24/03/2003 05:26 110592 C:\WINDOWS\system32\LgNotify.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "appinit_dlls "=C:\ARCHIV~1\KASPER~1\KASPER~1.0\adialhk.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccRegVfy]
    "C:\Archivos de programa\Archivos comunes\Symantec Shared\ccRegVfy.exe "


    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1f63a780-0a23-11d8-a443-000423554610}]
    AutoRun\command- F:\setupSNK.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8c0cbce0-fd28-11dc-b724-000423554610}]
    AutoRun\command- F:\kxax.cmd
    explore\Command- F:\kxax.cmd
    open\Command- F:\kxax.cmd

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8c0cbce1-fd28-11dc-b724-000423554610}]
    AutoRun\command- G:\kxax.cmd
    explore\Command- G:\kxax.cmd
    open\Command- G:\kxax.cmd

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bbb54682-42f2-11dc-b698-000423554610}]
    Auto\command- AdobeR.exe e
    AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e




    -- Hosts -----------------------------------------------------------------------

    127.0.0.1 update.bitdefender.com127.0.0.1 update.bitdefender.com127.0.0.1 update.bitdefender.com


    -- End of Deckard's System Scanner: finished at 2008-07-14 14:24:31 ------------
     
    anazul,
    #2


  3. to hide this advert.

  4. 2008/07/15
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Download ComboFix by sUBs from here, saving the file to your desktop.


    Please disable realtime protection applications as they sometimes interfere with the tool. Check this link for your applicable programs.

    • Close all open programs and windows
    • Double click combofix.exe and follow the prompts.
    • It may reboot your computer and resume running when you logon. Wait for it to complete. When finished, it will open a log for you. Post that log and a new HijackThis log in your next reply.
    Note: Do not mouseclick combofix's window while its running. That may cause it to stall
     
    noahdfear,
    #3

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...