nagefipi.dll and SHEUR2.AEOL, are my computer save now?

[Qbo]

EDIT: its SHEUR2.AEOL (not SHEAL... , sorry )
hi!,
this is my first time here, and sorry for my english, its not really good.
Its the first time that i got a virus. AVG told me, and the spybot too....but it was too late. After scan one and another time with AVG, allways the same troyan come back (and more malwares with diferent names always).
The effect that i could see: iexplorer using like 500mbytes of the ram, always when i start the computer ask me for the file nagefipi.dll (say that rundll32 doesnt find it), ad everytime with firefox, and suddenly the computer turn off!

I did all the step that you told me, and this is the answer of every logs...but after all everything seems fine, no problems...but i wanna be sure, cos i have to make the presentation of my project (for the end of my degree! ) and i dont wanna have problems the day of the presentation (In june).
looking foward to hearing from somone, THANKS SO MUCH FOR EVERYTHING!!!!

PS: do i have to install again Spybot, or i can leave only the Superantyspyware? (i guess that is the same...isnt it?)

PS.2: i have service pack 1, but i have Vista, so i dont know if exist a new version....

Malwarebytes' Anti-Malware 1.36
Versión de la Base de Datos: 2145
Windows 6.0.6001 Service Pack 1

17/05/2009 23:24:25
mbam-log-2009-05-17 (23-24-25).txt

Tipo de examen : Examen Rápido
Objetos examinados: 73817
Tiempo transcurrido: 10 minute(s), 10 second(s)

Procesos en Memoria Infectados: 0
Módulos en Memoria Infectados: 1
Claves del Registro Infectadas: 21
Valores del Registro Infectados: 1
Elementos de Datos del Registro Infectados: 2
Carpetas Infectadas: 3
Ficheros Infectados: 4

Procesos en Memoria Infectados:
(No se han detectado elementos maliciosos)

Módulos en Memoria Infectados:
C:\Program Files\Mozilla Firefox\components\WWShow.dll (Adware.BHO) -> Delete on reboot.

Claves del Registro Infectadas:
HKEY_CLASSES_ROOT\bho_cpv.workhorse (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\bho_cpv.workhorse.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\bho_myjavacore.mjcore (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\bho_myjavacore.mjcore.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{17e44256-51e0-4d46-a0c8-44e80ab4ba5b} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e4a04a1-a24d-45ae-aca4-949778400813} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d88e1558-7c2d-407a-953a-c044f5607cea} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{15421b84-3488-49a7-ad18-cbf84a3efaf6} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{80ef304a-b1c4-425c-8535-95ab6f1eefb8} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{26a98aa8-07fe-46e6-b6df-26704f3b895f} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d88e1558-7c2d-407a-953a-c044f5607cea} (Trojan.BHO) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{15421b84-3488-49a7-ad18-cbf84a3efaf6} (Trojan.BHO) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a} (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d88e1558-7c2d-407a-953a-c044f5607cea} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{15421b84-3488-49a7-ad18-cbf84a3efaf6} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\xpreapp (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\BHO_MyJavaCore.DLL (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\BHO_CPV.DLL (Trojan.BHO) -> Quarantined and deleted successfully.

Valores del Registro Infectados:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpmbbff0427 (Trojan.Vundo.H) -> Quarantined and deleted successfully.

Elementos de Datos del Registro Infectados:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyComputer (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Carpetas Infectadas:
C:\Users\Arturo\AppData\Roaming\ptidle (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\WWShow (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Jcore (Trojan.BHO) -> Quarantined and deleted successfully.

Ficheros Infectados:
C:\Program Files\Mozilla Firefox\components\WWShow.dll (Adware.BHO) -> Delete on reboot.
C:\Windows\System32\drivers\ovfsthxkixqgdrqxrbenttviafbddrmflfdmni.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\ovfsthawqdvjnvtpurvwbcrtewsycpmmdgmvdm.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\ovfsthcxvigvcenkanxpemtnjexbxkfoeisdhi.dat (Trojan.Agent) -> Quarantined and deleted successfully.











-------------------------











SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 05/17/2009 at 06:30 PM

Application Version : 4.26.1002

Core Rules Database Version : 3897
Trace Rules Database Version: 1844

Scan type       : Complete Scan
Total Scan Time : 02:52:54

Memory items scanned      : 370
Memory threats detected   : 0
Registry items scanned    : 8169
Registry threats detected : 35
File items scanned        : 232834
File threats detected     : 3

Trojan.Unclassified/TestCPV
   HKLM\Software\Classes\CLSID\{15421B84-3488-49A7-AD18-CBF84A3EFAF6}
   HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{15421B84-3488-49A7-AD18-CBF84A3EFAF6}
   HKU\S-1-5-21-1811891860-318180347-1914469365-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{15421B84-3488-49A7-AD18-CBF84A3EFAF6}
   HKCR\CLSID\{15421B84-3488-49A7-AD18-CBF84A3EFAF6}
   HKCR\CLSID\{15421B84-3488-49A7-AD18-CBF84A3EFAF6}\ProgID
   HKCR\CLSID\{15421B84-3488-49A7-AD18-CBF84A3EFAF6}\Programmable
   HKCR\CLSID\{15421B84-3488-49A7-AD18-CBF84A3EFAF6}\VersionIndependentProgID
   HKCR\Interface\{2e4a04a1-a24d-45ae-aca4-949778400813}
   HKCR\Interface\{2e4a04a1-a24d-45ae-aca4-949778400813}\ProxyStubClsid
   HKCR\Interface\{2e4a04a1-a24d-45ae-aca4-949778400813}\ProxyStubClsid32
   HKCR\Interface\{2e4a04a1-a24d-45ae-aca4-949778400813}\TypeLib
   HKCR\Interface\{2e4a04a1-a24d-45ae-aca4-949778400813}\TypeLib#Version
   HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{15421b84-3488-49a7-ad18-cbf84a3efaf6}#NoExplorer

Browser Hijacker.MJCore
   HKLM\Software\Classes\CLSID\{D88E1558-7C2D-407A-953A-C044F5607CEA}
   HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D88E1558-7C2D-407A-953A-C044F5607CEA}
   HKU\S-1-5-21-1811891860-318180347-1914469365-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D88E1558-7C2D-407A-953A-C044F5607CEA}
   HKCR\CLSID\{D88E1558-7C2D-407A-953A-C044F5607CEA}
   HKCR\CLSID\{D88E1558-7C2D-407A-953A-C044F5607CEA}\ProgID
   HKCR\CLSID\{D88E1558-7C2D-407A-953A-C044F5607CEA}\Programmable
   HKCR\CLSID\{D88E1558-7C2D-407A-953A-C044F5607CEA}\TypeLib
   HKCR\CLSID\{D88E1558-7C2D-407A-953A-C044F5607CEA}\VersionIndependentProgID
   HKLM\SOFTWARE\Classes\BHO_MyJavaCore.Mjcore
   HKLM\SOFTWARE\Classes\BHO_MyJavaCore.Mjcore\CLSID
   HKLM\SOFTWARE\Classes\BHO_MyJavaCore.Mjcore\CurVer

Adware.Vundo Variant
   HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler#{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}

Trojan.DNSChanger-Codec
   HKU\S-1-5-21-1811891860-318180347-1914469365-1000\Software\fcn

Adware.JavaCore/NoDNS
   HKLM\SOFTWARE\CLASSES\APPID\BHO_MYJAVACORE.DLL
   HKLM\SOFTWARE\CLASSES\APPID\BHO_MYJAVACORE.DLL#AppID

Adware.Vundo Variant/Rel
   HKLM\SOFTWARE\Microsoft\contim
   HKLM\SOFTWARE\Microsoft\contim#SysShell
   HKLM\SOFTWARE\Microsoft\rdfa
   HKLM\SOFTWARE\Microsoft\rdfa#F
   HKLM\SOFTWARE\Microsoft\rdfa#N
   HKCR\AppID\{80ef304a-b1c4-425c-8535-95ab6f1eefb8}

Rogue.Component/Trace
   HKU\S-1-5-21-1811891860-318180347-1914469365-1000\Software\Microsoft\FIAS4057

Trojan.Agent/Gen-AppX
   C:\USERS\ARTURO\APPDATA\LOCAL\QAYSMIU.EXE

Trojan.Agent/Gen-FSG
   D:\ARTURO\PROGRAMAS\RECUPERADORARCHIVOS\CD_DVD_DATA_RECOVERY_1.0.759\CD DVD DATA RECOVERY 1.0.759\KEYGEN\KEYGEN\KEYGEN.EXE

Unclassified.Unknown Origin
   D:\ARTURO\PROGRAMAS\RECUPERADORARCHIVOS\CD_DVD_DATA_RECOVERY_1.0.759\CD DVD DATA RECOVERY 1.0.759\KEYGEN\KEYGEN.NFO










-----------------













Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 0:04:39, on 18/05/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18226)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Windows\Domino.exe
C:\Windows\VMSnap1.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\AVG\AVG8\avgtray.exe
D:\Program Files\PopTray\PopTray.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Users\Arturo\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Trend Micro\HijackThis\sniper.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://es.rd.yahoo.com/customize/ycomp/defaults/sp/*http://es.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://es.rd.yahoo.com/customize/ycomp/defaults/su/*http://es.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Barra Yahoo! con bloqueador de ventanas emergentes - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {7da8f4ed-c8b3-4378-b03b-965b021194f2} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [domino] C:\Windows\domino.exe
O4 - HKLM\..\Run: [VMSnap1] C:\Windows\VMSnap1.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [] ??e
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Servicio de red')
O4 - Startup: AVG Free Tray Icon.lnk = C:\Program Files\AVG\AVG8\avgtray.exe
O4 - Startup: PopTray.lnk = D:\Program Files\PopTray\PopTray.exe
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://D:\ARCHIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\ARCHIV~1\MICROS~1\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/VistaMSNPUpldes-es.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://arteqbo.spaces.live.com/PhotoUpload/VistaMsnPUpldes-es.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-447553540000} - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: eNetHook.dll avgrsstx.dll C:\Windows\system32\zimuroha.dll c:\windows\system32\nagefipi.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apache2 - Apache Software Foundation - C:\Program Files\Apache Group\Apache2\bin\Apache.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Servicio del iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: OracleMTSRecoveryService - Oracle Corporation - D:\oraclexe\app\oracle\product\10.2.0\server\BIN\omtsreco.exe
O23 - Service: OracleServiceXE - Oracle Corporation - d:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE
O23 - Service: OracleXEClrAgent - Unknown owner - D:\oraclexe\app\oracle\product\10.2.0\server\bin\OraClrAgnt.exe
O23 - Service: OracleXETNSListener - Unknown owner - D:\oraclexe\app\oracle\product\10.2.0\server\BIN\tnslsnr.exe
O23 - Service: Programador de LiveUpdate automático - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 10374 bytes

[harry 48]

leave superantispyware in and run it every week

why not update to windows sp3

[Qbo]

thanks harry48, i will.
About service pack 3 in Vista...i dindnt cos i only could find service pack 1 in microsoft website which is the one that i already have, so i thought that doesnt exist anymore highter

Yesterday and today with checked again if Malwarebytes' Anti-Malware, and.....again i got the troyan! ...., i leave you the log



Malwarebytes' Anti-Malware 1.36
Versión de la Base de Datos: 2145
Windows 6.0.6001 Service Pack 1

18/05/2009 10:00:56
mbam-log-2009-05-18 (10-00-56).txt

Tipo de examen : Examen Rápido
Objetos examinados: 74163
Tiempo transcurrido: 9 minute(s), 54 second(s)

Procesos en Memoria Infectados: 0
Módulos en Memoria Infectados: 0
Claves del Registro Infectadas: 2
Valores del Registro Infectados: 0
Elementos de Datos del Registro Infectados: 0
Carpetas Infectadas: 0
Ficheros Infectados: 0

Procesos en Memoria Infectados:
(No se han detectado elementos maliciosos)

Módulos en Memoria Infectados:
(No se han detectado elementos maliciosos)

Claves del Registro Infectadas:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d88e1558-7c2d-407a-953a-c044f5607cea} (Trojan.BHO) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{15421b84-3488-49a7-ad18-cbf84a3efaf6} (Trojan.BHO) -> Delete on reboot.

Valores del Registro Infectados:
(No se han detectado elementos maliciosos)

Elementos de Datos del Registro Infectados:
(No se han detectado elementos maliciosos)

Carpetas Infectadas:
(No se han detectado elementos maliciosos)

Ficheros Infectados:
(No se han detectado elementos maliciosos)





------------------------








Malwarebytes' Anti-Malware 1.36
Versión de la Base de Datos: 2145
Windows 6.0.6001 Service Pack 1

19/05/2009 10:06:48
mbam-log-2009-05-19 (10-06-48).txt

Tipo de examen : Examen Rápido
Objetos examinados: 73949
Tiempo transcurrido: 10 minute(s), 19 second(s)

Procesos en Memoria Infectados: 0
Módulos en Memoria Infectados: 0
Claves del Registro Infectadas: 2
Valores del Registro Infectados: 0
Elementos de Datos del Registro Infectados: 0
Carpetas Infectadas: 0
Ficheros Infectados: 0

Procesos en Memoria Infectados:
(No se han detectado elementos maliciosos)

Módulos en Memoria Infectados:
(No se han detectado elementos maliciosos)

Claves del Registro Infectadas:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d88e1558-7c2d-407a-953a-c044f5607cea} (Trojan.BHO) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{15421b84-3488-49a7-ad18-cbf84a3efaf6} (Trojan.BHO) -> Delete on reboot.

Valores del Registro Infectados:
(No se han detectado elementos maliciosos)

Elementos de Datos del Registro Infectados:
(No se han detectado elementos maliciosos)

Carpetas Infectadas:
(No se han detectado elementos maliciosos)

Ficheros Infectados:
(No se han detectado elementos maliciosos)

[harry 48]

http://www.microsoft.com/downloads/details.aspx?familyid=E8562A64-9CE3-4975-BBFC-C3BD71844DA6&displaylang=en

go to above for vista 2

[Qbo]

thanks for your help, but i was trying and this is the version Windows Product Management group at Microsoft, so i cant download. I was reading and the SP2 will be for users the end of june, so i have to wait until then.
thanks anyway!