Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

calling.com [CLOSED] [RESOLVED]

Started by aven_steph , Aug 03 2008 11:57 AM

  • This topic is locked This topic is locked

#16
emeraldnzl
Posted 17 August 2008 - 05:24 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello aven_steph,

We are making progress here believe it or not. Just a bit more to go. :)

what do you mean extra text...i pasted everything that was there confused1.gif
unless you meant this but i think this is old


Yep that is the right one but you are right it is an old one.

Now

  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    [kill explorer]
C:\Documents and Settings\HP_Propietario\Escritorio\testdisk-6.10-WIP\win\recup_dir.1100\f157268312.dll
C:\Documents and Settings\HP_Propietario\Escritorio\testdisk-6.10-WIP\win\recup_dir.1232\f168819056.exe
C:\Documents and Settings\HP_Propietario\Escritorio\testdisk-6.10-WIP\win\recup_dir.1332\f174526472.dll
C:\Documents and Settings\HP_Propietario\Escritorio\testdisk-6.10-WIP\win\recup_dir.1415\f178989616.exe
C:\Documents and Settings\HP_Propietario\Escritorio\testdisk-6.10-WIP\win\recup_dir.1553\f190340456.dll
C:\Documents and Settings\HP_Propietario\Escritorio\testdisk-6.10-WIP\win\recup_dir.158\f35469736.dll
C:\Documents and Settings\HP_Propietario\Escritorio\testdisk-6.10-WIP\win\recup_dir.1641\f194921256.exe
C:\Documents and Settings\HP_Propietario\Escritorio\testdisk-6.10-WIP\win\recup_dir.1759\f204564072.dll
C:\Documents and Settings\HP_Propietario\Escritorio\testdisk-6.10-WIP\win\recup_dir.1843\f208966320.exe
C:\Documents and Settings\HP_Propietario\Escritorio\testdisk-6.10-WIP\win\recup_dir.1914\f218263392.dll
C:\Documents and Settings\HP_Propietario\Escritorio\testdisk-6.10-WIP\win\recup_dir.1995\f223184272.exe
C:\Documents and Settings\HP_Propietario\Escritorio\testdisk-6.10-WIP\win\recup_dir.2030\f230464392.dll
C:\Documents and Settings\HP_Propietario\Escritorio\testdisk-6.10-WIP\win\recup_dir.2094\f234623624.exe
C:\Documents and Settings\HP_Propietario\Escritorio\testdisk-6.10-WIP\win\recup_dir.2142\f241384200.dll
C:\Documents and Settings\HP_Propietario\Escritorio\testdisk-6.10-WIP\win\recup_dir.2212\f246962200.exe
C:\Documents and Settings\HP_Propietario\Escritorio\testdisk-6.10-WIP\win\recup_dir.2266\f253703312.dll
C:\Documents and Settings\HP_Propietario\Escritorio\testdisk-6.10-WIP\win\recup_dir.2330\f259084360.exe
C:\Documents and Settings\HP_Propietario\Escritorio\testdisk-6.10-WIP\win\recup_dir.2364\f264056432.dll
C:\Documents and Settings\HP_Propietario\Escritorio\testdisk-6.10-WIP\win\recup_dir.2432\f269769224.exe
C:\Documents and Settings\HP_Propietario\Escritorio\testdisk-6.10-WIP\win\recup_dir.2443\f270317240.dll
C:\Documents and Settings\HP_Propietario\Escritorio\testdisk-6.10-WIP\win\recup_dir.2529\f280525896.exe
C:\Documents and Settings\HP_Propietario\Escritorio\testdisk-6.10-WIP\win\recup_dir.2561\f282013512.dll
C:\Documents and Settings\HP_Propietario\Escritorio\testdisk-6.10-WIP\win\recup_dir.2642\f291702888.dll
C:\Documents and Settings\HP_Propietario\Escritorio\testdisk-6.10-WIP\win\recup_dir.2643\f291805504.exe
C:\Documents and Settings\HP_Propietario\Escritorio\testdisk-6.10-WIP\win\recup_dir.265\f69806232.exe
C:\Documents and Settings\HP_Propietario\Escritorio\testdisk-6.10-WIP\win\recup_dir.2738\f301453456.dll
C:\Documents and Settings\HP_Propietario\Escritorio\testdisk-6.10-WIP\win\recup_dir.2760\f302913288.exe
C:\Documents and Settings\HP_Propietario\Escritorio\testdisk-6.10-WIP\win\recup_dir.390\f87361968.dll
C:\Documents and Settings\HP_Propietario\Escritorio\testdisk-6.10-WIP\win\recup_dir.506\f103984576.exe
C:\Documents and Settings\HP_Propietario\Escritorio\testdisk-6.10-WIP\win\recup_dir.632\f116140248.dll
C:\Documents and Settings\HP_Propietario\Escritorio\testdisk-6.10-WIP\win\recup_dir.752\f129950672.exe
C:\Documents and Settings\HP_Propietario\Escritorio\testdisk-6.10-WIP\win\recup_dir.870\f138339384.dll
C:\Documents and Settings\HP_Propietario\Escritorio\testdisk-6.10-WIP\win\recup_dir.998\f150820992.exe
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{55ae64a5-4242-11dd-8f27-001731db2208}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{28ABC5C0-4FCB-11CF-AAX5-81CX1C635612}
purity
EmptyTemp
[start explorer]
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Next

Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingc...to-use-combofix.

Included in the tutorial are instructions for the installation of a recovery program if you don't already have it - Windows XP Recovery Console.

For more information on the Windows XP Recovery Console read http://support.microsoft.com/kb/314058.

When you reboot your computer after installation, you will see the additional option for the Recovery Console present. Don't select Recovery Console as we don't need it. It is only there for emergency recovery use. By default, your main OS is selected here. The screen stays for 2 seconds and then it proceeds to load Windows. That is normal.

Once you have completed installation of the the Recovery Console.

--------------------------------------------------------------------

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new HijackThis log for further review.

When you come back please post
  • OTMoveIt2 report
  • ComboFix report
  • a new HijackThis log
  • and tell me how you computer is running
  • 0

Advertisements

#17
aven_steph
Posted 17 August 2008 - 08:08 PM

aven_steph

    Member

  • Topic Starter
  • Member
  • PipPip
  • 75 posts
i dont have my windows xp cd so i dont no how to download that windows xp recovery thing...what should i do?
heres my log file for otmoveit.exe so far


Explorer killed successfully
LoadLibrary failed for C:\Documents and Settings\HP_Propietario\Escritorio\testdisk-6.10-WIP\win\recup_dir.1100\f157268312.dll
C:\Documents and Settings\HP_Propietario\Escritorio\testdisk-6.10-WIP\win\recup_dir.1100\f157268312.dll NOT unregistered.
C:\Documents and Settings\HP_Propietario\Escritorio\testdisk-6.10-WIP\win\recup_dir.1100\f157268312.dll moved successfully.
C:\Documents and Settings\HP_Propietario\Escritorio\testdisk-6.10-WIP\win\recup_dir.1232\f168819056.exe moved successfully.
LoadLibrary failed for C:\Documents and Settings\HP_Propietario\Escritorio\testdisk-6.10-WIP\win\recup_dir.1332\f174526472.dll
C:\Documents and Settings\HP_Propietario\Escritorio\testdisk-6.10-WIP\win\recup_dir.1332\f174526472.dll NOT unregistered.
C:\Documents and Settings\HP_Propietario\Escritorio\testdisk-6.10-WIP\win\recup_dir.1332\f174526472.dll moved successfully.
C:\Documents and Settings\HP_Propietario\Escritorio\testdisk-6.10-WIP\win\recup_dir.1415\f178989616.exe moved successfully.
LoadLibrary failed for C:\Documents and Settings\HP_Propietario\Escritorio\testdisk-6.10-WIP\win\recup_dir.1553\f190340456.dll
C:\Documents and Settings\HP_Propietario\Escritorio\testdisk-6.10-WIP\win\recup_dir.1553\f190340456.dll NOT unregistered.
C:\Documents and Settings\HP_Propietario\Escritorio\testdisk-6.10-WIP\win\recup_dir.1553\f190340456.dll moved successfully.
LoadLibrary failed for C:\Documents and Settings\HP_Propietario\Escritorio\testdisk-6.10-WIP\win\recup_dir.158\f35469736.dll
C:\Documents and Settings\HP_Propietario\Escritorio\testdisk-6.10-WIP\win\recup_dir.158\f35469736.dll NOT unregistered.
C:\Documents and Settings\HP_Propietario\Escritorio\testdisk-6.10-WIP\win\recup_dir.158\f35469736.dll moved successfully.
C:\Documents and Settings\HP_Propietario\Escritorio\testdisk-6.10-WIP\win\recup_dir.1641\f194921256.exe moved successfully.
LoadLibrary failed for C:\Documents and Settings\HP_Propietario\Escritorio\testdisk-6.10-WIP\win\recup_dir.1759\f204564072.dll
C:\Documents and Settings\HP_Propietario\Escritorio\testdisk-6.10-WIP\win\recup_dir.1759\f204564072.dll NOT unregistered.
C:\Documents and Settings\HP_Propietario\Escritorio\testdisk-6.10-WIP\win\recup_dir.1759\f204564072.dll moved successfully.
C:\Documents and Settings\HP_Propietario\Escritorio\testdisk-6.10-WIP\win\recup_dir.1843\f208966320.exe moved successfully.
LoadLibrary failed for C:\Documents and Settings\HP_Propietario\Escritorio\testdisk-6.10-WIP\win\recup_dir.1914\f218263392.dll
C:\Documents and Settings\HP_Propietario\Escritorio\testdisk-6.10-WIP\win\recup_dir.1914\f218263392.dll NOT unregistered.
C:\Documents and Settings\HP_Propietario\Escritorio\testdisk-6.10-WIP\win\recup_dir.1914\f218263392.dll moved successfully.
C:\Documents and Settings\HP_Propietario\Escritorio\testdisk-6.10-WIP\win\recup_dir.1995\f223184272.exe moved successfully.
LoadLibrary failed for C:\Documents and Settings\HP_Propietario\Escritorio\testdisk-6.10-WIP\win\recup_dir.2030\f230464392.dll
C:\Documents and Settings\HP_Propietario\Escritorio\testdisk-6.10-WIP\win\recup_dir.2030\f230464392.dll NOT unregistered.
C:\Documents and Settings\HP_Propietario\Escritorio\testdisk-6.10-WIP\win\recup_dir.2030\f230464392.dll moved successfully.
C:\Documents and Settings\HP_Propietario\Escritorio\testdisk-6.10-WIP\win\recup_dir.2094\f234623624.exe moved successfully.
LoadLibrary failed for C:\Documents and Settings\HP_Propietario\Escritorio\testdisk-6.10-WIP\win\recup_dir.2142\f241384200.dll
C:\Documents and Settings\HP_Propietario\Escritorio\testdisk-6.10-WIP\win\recup_dir.2142\f241384200.dll NOT unregistered.
C:\Documents and Settings\HP_Propietario\Escritorio\testdisk-6.10-WIP\win\recup_dir.2142\f241384200.dll moved successfully.
C:\Documents and Settings\HP_Propietario\Escritorio\testdisk-6.10-WIP\win\recup_dir.2212\f246962200.exe moved successfully.
LoadLibrary failed for C:\Documents and Settings\HP_Propietario\Escritorio\testdisk-6.10-WIP\win\recup_dir.2266\f253703312.dll
C:\Documents and Settings\HP_Propietario\Escritorio\testdisk-6.10-WIP\win\recup_dir.2266\f253703312.dll NOT unregistered.
C:\Documents and Settings\HP_Propietario\Escritorio\testdisk-6.10-WIP\win\recup_dir.2266\f253703312.dll moved successfully.
C:\Documents and Settings\HP_Propietario\Escritorio\testdisk-6.10-WIP\win\recup_dir.2330\f259084360.exe moved successfully.
LoadLibrary failed for C:\Documents and Settings\HP_Propietario\Escritorio\testdisk-6.10-WIP\win\recup_dir.2364\f264056432.dll
C:\Documents and Settings\HP_Propietario\Escritorio\testdisk-6.10-WIP\win\recup_dir.2364\f264056432.dll NOT unregistered.
C:\Documents and Settings\HP_Propietario\Escritorio\testdisk-6.10-WIP\win\recup_dir.2364\f264056432.dll moved successfully.
C:\Documents and Settings\HP_Propietario\Escritorio\testdisk-6.10-WIP\win\recup_dir.2432\f269769224.exe moved successfully.
LoadLibrary failed for C:\Documents and Settings\HP_Propietario\Escritorio\testdisk-6.10-WIP\win\recup_dir.2443\f270317240.dll
C:\Documents and Settings\HP_Propietario\Escritorio\testdisk-6.10-WIP\win\recup_dir.2443\f270317240.dll NOT unregistered.
C:\Documents and Settings\HP_Propietario\Escritorio\testdisk-6.10-WIP\win\recup_dir.2443\f270317240.dll moved successfully.
C:\Documents and Settings\HP_Propietario\Escritorio\testdisk-6.10-WIP\win\recup_dir.2529\f280525896.exe moved successfully.
LoadLibrary failed for C:\Documents and Settings\HP_Propietario\Escritorio\testdisk-6.10-WIP\win\recup_dir.2561\f282013512.dll
C:\Documents and Settings\HP_Propietario\Escritorio\testdisk-6.10-WIP\win\recup_dir.2561\f282013512.dll NOT unregistered.
C:\Documents and Settings\HP_Propietario\Escritorio\testdisk-6.10-WIP\win\recup_dir.2561\f282013512.dll moved successfully.
LoadLibrary failed for C:\Documents and Settings\HP_Propietario\Escritorio\testdisk-6.10-WIP\win\recup_dir.2642\f291702888.dll
C:\Documents and Settings\HP_Propietario\Escritorio\testdisk-6.10-WIP\win\recup_dir.2642\f291702888.dll NOT unregistered.
C:\Documents and Settings\HP_Propietario\Escritorio\testdisk-6.10-WIP\win\recup_dir.2642\f291702888.dll moved successfully.
C:\Documents and Settings\HP_Propietario\Escritorio\testdisk-6.10-WIP\win\recup_dir.2643\f291805504.exe moved successfully.
C:\Documents and Settings\HP_Propietario\Escritorio\testdisk-6.10-WIP\win\recup_dir.265\f69806232.exe moved successfully.
LoadLibrary failed for C:\Documents and Settings\HP_Propietario\Escritorio\testdisk-6.10-WIP\win\recup_dir.2738\f301453456.dll
C:\Documents and Settings\HP_Propietario\Escritorio\testdisk-6.10-WIP\win\recup_dir.2738\f301453456.dll NOT unregistered.
C:\Documents and Settings\HP_Propietario\Escritorio\testdisk-6.10-WIP\win\recup_dir.2738\f301453456.dll moved successfully.
C:\Documents and Settings\HP_Propietario\Escritorio\testdisk-6.10-WIP\win\recup_dir.2760\f302913288.exe moved successfully.
LoadLibrary failed for C:\Documents and Settings\HP_Propietario\Escritorio\testdisk-6.10-WIP\win\recup_dir.390\f87361968.dll
C:\Documents and Settings\HP_Propietario\Escritorio\testdisk-6.10-WIP\win\recup_dir.390\f87361968.dll NOT unregistered.
C:\Documents and Settings\HP_Propietario\Escritorio\testdisk-6.10-WIP\win\recup_dir.390\f87361968.dll moved successfully.
C:\Documents and Settings\HP_Propietario\Escritorio\testdisk-6.10-WIP\win\recup_dir.506\f103984576.exe moved successfully.
LoadLibrary failed for C:\Documents and Settings\HP_Propietario\Escritorio\testdisk-6.10-WIP\win\recup_dir.632\f116140248.dll
C:\Documents and Settings\HP_Propietario\Escritorio\testdisk-6.10-WIP\win\recup_dir.632\f116140248.dll NOT unregistered.
C:\Documents and Settings\HP_Propietario\Escritorio\testdisk-6.10-WIP\win\recup_dir.632\f116140248.dll moved successfully.
C:\Documents and Settings\HP_Propietario\Escritorio\testdisk-6.10-WIP\win\recup_dir.752\f129950672.exe moved successfully.
LoadLibrary failed for C:\Documents and Settings\HP_Propietario\Escritorio\testdisk-6.10-WIP\win\recup_dir.870\f138339384.dll
C:\Documents and Settings\HP_Propietario\Escritorio\testdisk-6.10-WIP\win\recup_dir.870\f138339384.dll NOT unregistered.
C:\Documents and Settings\HP_Propietario\Escritorio\testdisk-6.10-WIP\win\recup_dir.870\f138339384.dll moved successfully.
C:\Documents and Settings\HP_Propietario\Escritorio\testdisk-6.10-WIP\win\recup_dir.998\f150820992.exe moved successfully.
< HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{55ae64a5-4242-11dd-8f27-001731db2208} >
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{55ae64a5-4242-11dd-8f27-001731db2208}\\ deleted successfully.
< HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{28ABC5C0-4FCB-11CF-AAX5-81CX1C635612} >
Registry key HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{28ABC5C0-4FCB-11CF-AAX5-81CX1C635612}\\ deleted successfully.
< purity >
< EmptyTemp >
File delete failed. C:\DOCUME~1\HP_PRO~1\CONFIG~1\Temp\etilqs_62CGp6OhbQFgSFPVVAfy scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\HP_PRO~1\CONFIG~1\Temp\~DF1672.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\HP_PRO~1\CONFIG~1\Temp\~DF169B.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\HP_PRO~1\CONFIG~1\Temp\~DFD15A.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\HP_PRO~1\CONFIG~1\Temp\~DFD167.tmp scheduled to be deleted on reboot.
Temp folders emptied.
IE temp folders emptied.
Explorer started successfully

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 08172008_195323

Files moved on Reboot...
File C:\DOCUME~1\HP_PRO~1\CONFIG~1\Temp\etilqs_62CGp6OhbQFgSFPVVAfy not found!
File C:\DOCUME~1\HP_PRO~1\CONFIG~1\Temp\~DF1672.tmp not found!
File C:\DOCUME~1\HP_PRO~1\CONFIG~1\Temp\~DF169B.tmp not found!
File C:\DOCUME~1\HP_PRO~1\CONFIG~1\Temp\~DFD15A.tmp not found!
File C:\DOCUME~1\HP_PRO~1\CONFIG~1\Temp\~DFD167.tmp not found!
  • 0

#18
emeraldnzl
Posted 17 August 2008 - 09:51 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello aven_steph,

If you use Windows XP and do not have the Windows CD, ComboFix includes a method of installing the Windows Recovery console by downloading a file from Microsoft. To install the Windows Recovery Console when you do not have the Windows XP CD, please follow these instructions:

1. Click on the following link to go to Microsoft's Web site:

http://support.microsoft.com/kb/310994

2. At that page, scroll down and click on the appropriate download for your version of Windows XP (Home or Professional) and the service pack level that you have installed. When you click on the link to download the file, make sure you save it directly to your desktop. If you are using Windows XP Service Pack 3 (SP3), then select the Service Pack 2 download. If you are unsure what version of Windows you have and what Service Pack is installed, you can follow these instructions to gain that information.

1. Click on the Start button.
2. Click on the Run menu option.
3. In the Open: field type the following: sysdm.cpl and then click on the OK button.
4. A screen will appear showing information about your installation. Under the System: category you should see your Windows version and the installed Service Pack. When you are done determining this information continue with Step 2.

3. Once the Microsoft file has finished downloading, you should drag it on top of the ComboFix icon and let your mouse button go.

-------------------------



If the foregoing doesn't work for you then you will have to make a choice as to whether you want to run ComboFix without the Recovery Console.

Generally this will work but the Recovery Console is an important backup position should your computer run into one of those rare situations where ComboFix causes your machine to collapse.
  • 0

#19
aven_steph
Posted 18 August 2008 - 12:49 AM

aven_steph

    Member

  • Topic Starter
  • Member
  • PipPip
  • 75 posts
combofix didnt leave a logfile that i know of o.O and i looked in its folder and everything.
everything seems to be working ok so far but are these files still suppose to be here?

Posted Image

and when i run spybot it gets stuck and i have to close it, when that happens usually its because i have a virus



heres my hijackthis log file


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:45:40 a.m., on 18/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Archivos de programa\Bonjour\mDNSResponder.exe
C:\Archivos de programa\Archivos comunes\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\RTHDCPL.EXE
C:\HP\KBD\KBD.EXE
C:\windows\system\hpsysdrv.exe
C:\Archivos de programa\Java\jre1.6.0_05\bin\jusched.exe
C:\Archivos de programa\iTunes\iTunesHelper.exe
C:\Archivos de programa\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Archivos de programa\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Archivos de programa\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Archivos de programa\Spybot - Search & Destroy\TeaTimer.exe
C:\Archivos de programa\iPod\bin\iPodService.exe
C:\Archivos de programa\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Archivos de programa\Windows Live\Messenger\usnsvc.exe
C:\Archivos de programa\Java\jre1.6.0_05\bin\jucheck.exe
C:\Archivos de programa\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Archivos comunes\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARCHIV~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Archivos de programa\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\archivos de programa\google\googletoolbar1.dll
O2 - BHO: Catcher Class - {ADECBED6-0366-4377-A739-E69DFBA04663} - M:\Documents\Downloads\FLV Downloader\MoyeaCth.dll (file missing)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Archivos de programa\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\archivos de programa\google\googletoolbar1.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [ALCMTR] ALCMTR.EXE
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Archivos de programa\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Archivos de programa\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Archivos de programa\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Archivos de programa\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Archivos de programa\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Archivos de programa\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Archivos de programa\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [swg] C:\Archivos de programa\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Archivos de programa\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Servicio de red')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Archivos de programa\Archivos comunes\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Archivos de programa\Archivos comunes\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\ARCHIV~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARCHIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARCHIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Ayuda para la conexión - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Ayuda para la conexión - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebo...toUploader5.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Archivos de programa\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Archivos de programa\Archivos comunes\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Servicio Bonjour (Bonjour Service) - Apple Inc. - C:\Archivos de programa\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Archivos de programa\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Archivos de programa\Archivos comunes\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Servicio del iPod (iPod Service) - Apple Inc. - C:\Archivos de programa\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Archivos de programa\Archivos comunes\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 8667 bytes
  • 0

#20
emeraldnzl
Posted 18 August 2008 - 01:45 AM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
I don't know what happened there.

Did you download ComboFix to your desktop and follow the instructions to close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix?

Then double click on ComboFix.exe & follow the prompts.

If so it should have produced a report for you.

I get the feeling it didn't actually run.

Possibly because of interference. Could well be TeaTimer part of Spybot Search and Destroy.

We need to disable TeaTimer so it does not interfere.

  • Start Spybot-S&D
  • Go to the Mode menu and make sure Advanced Mode is selected
  • On the left hand side choose Tools and then click on Resident
  • Uncheck Resident Tea Timer and choose OK for any other prompts
  • Restart your computer

Once you have done that and disabled all other anti-virus/anti-malware programs double click on ComboFix and follow the prompts.

Post the ComboFix report back here.

Let me know how you get on.
  • 0

#21
aven_steph
Posted 18 August 2008 - 10:46 AM

aven_steph

    Member

  • Topic Starter
  • Member
  • PipPip
  • 75 posts
i did everything that way...well maybe i didnt kill the teatimer process by accident. heres the report, those files are still there in that folder though and spybot still doesnt work, i dont know if i have to restart for everything to take effect or something


ComboFix 08-08-17.03 - HP_Propietario 2008-08-18 9:51:43.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.34.3082.18.596 [GMT -6:00]
Se ejecuta desde: C:\Documents and Settings\HP_Propietario\Escritorio\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((( Otras eliminaciones )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\sam\Cookies\[email protected][2].txt
C:\Documents and Settings\sam\Cookies\sam@hi5[1].txt

.
(((((((((((((((((( Archivos creados desde 2008-07-18 - 2008-08-18 )))))))))))))))))))))))))))))))))
.

2008-08-15 10:05 . 2008-08-15 10:07 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-08-07 19:42 . 2008-06-19 17:24 28,544 --a------ C:\WINDOWS\system32\drivers\pavboot.sys
2008-08-07 19:40 . 2008-08-07 19:40 <DIR> d-------- C:\Archivos de programa\Panda Security
2008-08-07 18:06 . 2008-08-07 18:06 <DIR> d-------- C:\_OTMoveIt
2008-08-05 20:10 . 2008-08-05 20:10 <DIR> d-------- C:\WINDOWS\ERUNT
2008-08-05 20:09 . 2008-08-06 21:16 <DIR> d-------- C:\SDFix
2008-08-05 13:28 . 2008-08-05 13:28 <DIR> d-------- C:\Documents and Settings\All Users\Datos de programa\ESET
2008-08-04 12:01 . 2008-08-16 11:58 <DIR> d-------- C:\WINDOWS\system32\drive
2008-08-04 10:35 . 2008-08-04 10:35 <DIR> d-------- C:\Deckard
2008-08-03 10:45 . 2008-08-03 10:49 <DIR> d-------- C:\Archivos de programa\RegCleaner
2008-08-01 22:40 . 2008-08-01 22:40 <DIR> d--h----- C:\WINDOWS\PIF
2008-08-01 22:39 . 2008-08-01 22:39 <DIR> d-------- C:\Archivos de programa\Unlocker
2008-08-01 11:11 . 2008-08-01 11:11 <DIR> d-------- C:\Archivos de programa\Macromedia
2008-08-01 11:11 . 2008-08-01 11:12 <DIR> d-------- C:\Archivos de programa\Archivos comunes\Macromedia
2008-07-31 19:05 . 2008-07-31 19:05 <DIR> d-------- C:\Documents and Settings\HP_Propietario\Datos de programa\HPQ
2008-07-31 17:30 . 2008-07-31 17:32 <DIR> d-------- C:\Archivos de programa\Ares
2008-07-30 19:24 . 2004-09-29 14:36 15,360 -rah----- C:\WINDOWS\system32\drivers\NetMotCM.sys
2008-07-29 22:30 . 2008-07-29 22:30 <DIR> d-------- C:\Documents and Settings\liz\Datos de programa\Apple Computer
2008-07-29 22:05 . 2008-07-29 22:05 <DIR> d-------- C:\VundoFix Backups
2008-07-29 22:01 . 2008-07-29 22:01 <DIR> d-------- C:\Archivos de programa\Trend Micro
2008-07-29 21:41 . 2008-07-29 21:52 <DIR> d-------- C:\Documents and Settings\All Users\Datos de programa\Spybot - Search & Destroy
2008-07-29 21:41 . 2008-07-29 21:41 <DIR> d-------- C:\Archivos de programa\Spybot - Search & Destroy
2008-07-26 14:04 . 2008-07-29 00:14 <DIR> d-------- C:\Documents and Settings\HP_Propietario\Datos de programa\FrostWire
2008-07-26 14:03 . 2008-07-26 14:03 <DIR> d-------- C:\Archivos de programa\Xilisoft
2008-07-21 01:30 . 2008-07-21 01:30 <DIR> d-------- C:\Archivos de programa\OJOsoft
2008-07-21 01:30 . 2008-07-21 01:30 <DIR> d-------- C:\Archivos de programa\Archivos comunes\Common Share
2008-07-21 01:19 . 2006-11-01 14:52 765,952 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-07-21 01:19 . 2007-02-25 15:36 383,238 --a------ C:\WINDOWS\system32\libmp3lame-0.dll
2008-07-21 01:13 . 2008-07-21 01:13 <DIR> d-------- C:\Documents and Settings\HP_Propietario\Datos de programa\Moyea
2008-07-19 19:47 . 2008-07-19 19:47 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-07-19 19:47 . 2008-07-19 19:47 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_motmodem_01005.Wdf
2008-07-19 19:45 . 2008-07-19 19:45 <DIR> d-------- C:\Archivos de programa\Archivos comunes\Motorola Shared
2008-07-19 19:45 . 2006-11-13 14:45 1,419,232 --a------ C:\WINDOWS\system32\wdfcoinstaller01005.dll
2008-07-19 19:45 . 2006-12-13 17:52 20,992 --a------ C:\WINDOWS\system32\drivers\motmodem.sys
2008-07-19 19:14 . 2008-07-19 19:14 <DIR> d-------- C:\Archivos de programa\Motorola
2008-07-19 19:12 . 2008-07-19 19:19 <DIR> d-------- C:\Documents and Settings\All Users\Datos de programa\BVRP Software
2008-07-19 19:12 . 2008-07-19 19:13 <DIR> d-------- C:\Archivos de programa\mobile PhoneTools
2008-07-19 19:12 . 2004-08-03 23:08 25,600 --a------ C:\WINDOWS\system32\drivers\usbser.sys
2008-07-19 19:12 . 2004-08-03 23:08 25,600 --a------ C:\WINDOWS\system32\dllcache\usbser.sys
2008-07-19 00:11 . 2008-07-18 23:08 719,872 --a------ C:\WINDOWS\system32\devil.dll
2008-07-19 00:11 . 2008-07-18 23:08 351,744 --a------ C:\WINDOWS\system32\avisynth.dll

.
(((((((((((((((((((((((((((((((((((((( Reporte Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-18 15:48 --------- d-----w C:\Documents and Settings\HP_Propietario\Datos de programa\uTorrent
2008-08-15 16:06 --------- d-----w C:\Documents and Settings\All Users\Datos de programa\Microsoft Help
2008-07-26 17:21 --------- d--h--w C:\Archivos de programa\InstallShield Installation Information
2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\dllcache\es.dll
2008-07-07 03:47 --------- d-----w C:\Archivos de programa\Google
2008-07-01 01:51 --------- d---a-w C:\Documents and Settings\All Users\Datos de programa\TEMP
2008-06-27 14:11 --------- d-----w C:\Archivos de programa\SUPERAntiSpyware
2008-06-26 01:25 --------- d-----w C:\Archivos de programa\Malwarebytes' Anti-Malware
2008-06-26 01:22 --------- d-----w C:\Documents and Settings\HP_Propietario\Datos de programa\Malwarebytes
2008-06-26 01:22 --------- d-----w C:\Documents and Settings\All Users\Datos de programa\Malwarebytes
2008-06-26 01:17 --------- d-----w C:\Documents and Settings\All Users\Datos de programa\SUPERAntiSpyware.com
2008-06-26 01:16 --------- d-----w C:\Documents and Settings\HP_Propietario\Datos de programa\SUPERAntiSpyware.com
2008-06-26 01:15 --------- d-----w C:\Archivos de programa\Archivos comunes\Wise Installation Wizard
2008-06-26 01:12 --------- d-----w C:\Archivos de programa\CCleaner
2008-06-26 01:10 --------- d-----w C:\Archivos de programa\CleanUp!
2008-06-25 19:29 --------- d-----w C:\Archivos de programa\Webteh
2008-06-25 18:58 --------- d-----w C:\Archivos de programa\Java
2008-06-25 18:47 --------- d-----w C:\Archivos de programa\uTorrent
2008-06-25 11:21 --------- d-----w C:\Archivos de programa\Microsoft CAPICOM 2.1.0.2
2008-06-25 02:23 --------- d-----w C:\Documents and Settings\HP_Propietario\Datos de programa\Apple Computer
2008-06-25 00:24 --------- d-----w C:\Archivos de programa\Windows Media Connect 2
2008-06-25 00:23 --------- d-----w C:\Documents and Settings\All Users\Datos de programa\Apple Computer
2008-06-25 00:22 --------- d-----w C:\Documents and Settings\All Users\Datos de programa\Apple
2008-06-25 00:22 --------- d-----w C:\Archivos de programa\Archivos comunes\Apple
2008-06-25 00:22 --------- d-----w C:\Archivos de programa\Apple Software Update
2008-06-25 00:04 --------- d-----w C:\Archivos de programa\Archivos comunes\Adobe
2008-06-25 00:00 --------- d-----w C:\Archivos de programa\Archivos comunes\InstallShield
2008-06-24 23:42 --------- d-----w C:\Documents and Settings\All Users\Datos de programa\Adobe Systems
2008-06-24 23:42 --------- d-----w C:\Archivos de programa\Archivos comunes\Adobe Systems Shared
2008-06-24 23:40 --------- d-----w C:\Archivos de programa\Sonic
2008-06-24 23:39 --------- d-----w C:\Documents and Settings\All Users\Datos de programa\Symantec
2008-06-24 23:39 --------- d-----w C:\Archivos de programa\Archivos comunes\Symantec Shared
2008-06-24 23:34 --------- d-----w C:\Documents and Settings\All Users\Datos de programa\Yahoo!
2008-06-24 23:33 --------- d-----w C:\Archivos de programa\Yahoo!
2008-06-24 23:29 --------- d-----w C:\Archivos de programa\Hewlett-Packard
2008-06-24 23:27 --------- d-----w C:\Archivos de programa\HP
2008-06-24 23:24 --------- d-----w C:\Archivos de programa\iTunes
2008-06-24 23:24 --------- d-----w C:\Archivos de programa\iPod
2008-06-24 23:24 --------- d-----w C:\Archivos de programa\Bonjour
2008-06-24 23:23 --------- d-----w C:\Archivos de programa\QuickTime
2008-06-24 23:13 --------- d-----w C:\Archivos de programa\Microsoft.NET
2008-06-24 23:07 --------- d-----w C:\Archivos de programa\Windows Live
2008-06-24 23:01 --------- dcsh--w C:\Archivos de programa\Archivos comunes\WindowsLiveInstaller
2008-06-24 22:59 --------- d-----w C:\Documents and Settings\All Users\Datos de programa\WLInstaller
2008-06-24 22:46 1,828 --sha-r C:\WINDOWS\system32\drivers\103C_HP_CPC_EX414AA-ABM w5510la_YC_0Pavi_QMXX632_E63LAheBLA1_48_INAGAMI2_SASUSTek Computer INC._V2.00_B3.11_T060919_WXH2_LC0A_M959_J200_7AMD_8Athlon 64_92.2_#080624_N_Z11C10620_G10DE0241_OHL-DT-ST DVDRRW GSA-H20L.MRK
2008-06-24 16:28 3,592,192 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\dllcache\mscms.dll
2008-06-23 09:20 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-06-23 09:20 625,664 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-06-23 09:20 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-06-21 05:23 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-06-20 17:41 248,320 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 17:41 248,320 ----a-w C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 17:41 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-19 22:48 34,296 ----a-w C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-19 22:47 17,144 ----a-w C:\WINDOWS\system32\drivers\mbam.sys
2008-06-14 17:59 272,512 ------w C:\WINDOWS\system32\dllcache\bthport.sys
.

((((((((((((((((((((((((((((((((( Cargando Puntos Reg ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* entradas vacías & entradas legítimas predeterminadas no son mostradas

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Archivos de programa\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 10:34 5724184]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 22:00 15360]
"Messenger (Yahoo!)"="C:\Archivos de programa\Yahoo!\Messenger\YahooMessenger.exe" [2008-05-27 20:58 4269296]
"ares"="C:\Archivos de programa\Ares\Ares.exe" [2008-02-20 08:33 963072]
"SUPERAntiSpyware"="C:\Archivos de programa\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-06-27 08:11 1506544]
"swg"="C:\Archivos de programa\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-07-06 21:47 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-01-24 20:15 7311360]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2005-07-22 21:14 237568]
"KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 17:44 61440]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 10:04 52736]
"SunJavaUpdateSched"="C:\Archivos de programa\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 03:25 144784]
"Adobe Reader Speed Launcher"="C:\Archivos de programa\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 21:16 39792]
"QuickTime Task"="C:\Archivos de programa\QuickTime\qttask.exe" [2008-05-27 09:50 413696]
"iTunesHelper"="C:\Archivos de programa\iTunes\iTunesHelper.exe" [2008-06-02 10:13 267048]
"RTHDCPL"="RTHDCPL.EXE" [2006-03-08 05:54 16010240 C:\WINDOWS\RTHDCPL.EXE]
"nwiz"="nwiz.exe" [2006-01-24 20:15 1519616 C:\WINDOWS\system32\nwiz.exe]

C:\Documents and Settings\liz\MenŁ Inicio\Programas\Inicio\
Pin.lnk - C:\hp\bin\CLOAKER.EXE [2006-05-18 20:22:50 27136]

C:\Documents and Settings\HP_Propietario\MenŁ Inicio\Programas\Inicio\
Adobe Gamma.lnk - C:\Archivos de programa\Archivos comunes\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 18:16:50 110592]
ćTorrent.lnk - C:\Archivos de programa\uTorrent\uTorrent.exe [2008-06-25 12:47:06 219952]

C:\Documents and Settings\sam\MenŁ Inicio\Programas\Inicio\
Pin.lnk - C:\hp\bin\CLOAKER.EXE [2006-05-18 20:22:50 27136]

C:\Documents and Settings\All Users\MenŁ Inicio\Programas\Inicio\
Adobe Gamma Loader.lnk - C:\Archivos de programa\Archivos comunes\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 18:16:50 110592]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Archivos de programa\SUPERAntiSpyware\SASSEH.DLL" [2008-06-27 08:11 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-06-27 08:11 294912 C:\Archivos de programa\SUPERAntiSpyware\SASWINLO.DLL

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Archivos de programa\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Archivos de programa\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Archivos de programa\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Archivos de programa\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Archivos de programa\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Archivos de programa\\Bonjour\\mDNSResponder.exe"=
"C:\\Archivos de programa\\iTunes\\iTunes.exe"=
"C:\\Archivos de programa\\Ares\\Ares.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Archivos de programa\\uTorrent\\uTorrent.exe"=

R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [2008-06-19 17:24]
R3 USBSTOR;Dispositivo de almacenamiento masivo de datos USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 05:08]
S3 usbscan;Controlador de escáner USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 21:58]

*Newly Created Service* - PROCEXP90
.
Contenido de carpeta 'Tareas Programadas'

2008-08-16 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Archivos de programa\Apple Software Update\SoftwareUpdate.exe [2007-08-29 13:57]
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\HP_Propietario\Datos de programa\Mozilla\Firefox\Profiles\0wlwz0nk.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - www.google.com
FF -: plugin - C:\Archivos de programa\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - C:\Archivos de programa\Yahoo!\Shared\npYState.dll


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-18 09:56:56
Windows 5.1.2600 Service Pack 2 NTFS

escaneando procesos ocultos ...

escaneando entradas ocultas de autostart ...

escaneando archivos ocultos ...

el escaneo se completo con exito
archivos ocultos: 0

**************************************************************************
.
Tiempo completado: 2008-08-18 10:32:28
ComboFix-quarantined-files.txt 2008-08-18 16:32:25

Pre-Run: 117,305,442,304 bytes libres
Post-Run: 117,796,769,792 bytes libres

201 --- E O F --- 2008-08-15 16:07:15
  • 0

#22
emeraldnzl
Posted 19 August 2008 - 01:37 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello aven_steph,

Looking much better now.

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

Folder::
C:\WINDOWS\system32\drive

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{28ABC5C0-4FCB-11CF-AAX5-81CX1C635612}]
[-HKEY_CLASSES_ROOT\CLSID\{28ABC5C0-4FCB-11CF-AAX5-81CX1C635612}]

SysRst::


Save this as CFScript.txt, in the same location as ComboFix.exe

Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Next

You have had Malwarebytes on your computer. If you still have it please ensure all updates have been downloaded and run.

Post the scan results back here.

If you nolonger have the program please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

When you come back please post
  • ComboFix report
  • MBAM scan results
  • and tell me how your computer is performing now
  • 0

#23
aven_steph
Posted 19 August 2008 - 06:42 PM

aven_steph

    Member

  • Topic Starter
  • Member
  • PipPip
  • 75 posts
those same files are still there im not sure if theyre suppose to stay there or what or if i should just delete the folder myself


ComboFix 08-08-18.05 - HP_Propietario 2008-08-19 15:03:25.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.34.3082.18.656 [GMT -6:00]
Se ejecuta desde: C:\Documents and Settings\HP_Propietario\Escritorio\ComboFix.exe
Command switches used :: C:\Documents and Settings\HP_Propietario\Escritorio\CFScript.txt
* Creado un nuevo punto de restauración
.

(((((((((((((((((((((((((((((((((((( Otras eliminaciones )))))))))))))))))))))))))))))))))))))))))))))))))
.

J:\autorun.inf

.
(((((((((((((((((( Archivos creados desde 2008-07-19 - 2008-08-19 )))))))))))))))))))))))))))))))))
.

2008-08-18 18:58 . 2008-08-18 18:58 <DIR> d-------- C:\Documents and Settings\All Users\SonicStage
2008-08-18 18:51 . 2008-08-18 18:51 <DIR> d-------- C:\Archivos de programa\Sony Corporation
2008-08-18 18:51 . 2001-09-13 02:15 90,112 --------- C:\WINDOWS\snymsico.dll
2008-08-18 18:51 . 2002-08-08 15:51 38,951 --------- C:\WINDOWS\system32\drivers\NETMDUSB.sys
2008-08-18 18:51 . 2003-11-10 12:31 36,232 --------- C:\WINDOWS\system32\drivers\NETMD033.sys
2008-08-18 18:51 . 2003-04-01 18:55 35,319 --------- C:\WINDOWS\system32\drivers\NETMD031.sys
2008-08-18 18:51 . 2001-08-31 15:07 27,255 --------- C:\WINDOWS\system32\drivers\NWWMUSB.sys
2008-08-18 18:51 . 2002-09-11 10:20 11,510 --------- C:\WINDOWS\system32\drivers\VMCUSB.sys
2008-08-18 18:50 . 2008-08-18 18:50 <DIR> d-------- C:\Documents and Settings\All Users\Datos de programa\Sony Corporation
2008-08-18 18:49 . 2008-08-18 18:58 <DIR> d-------- C:\Documents and Settings\HP_Propietario\Datos de programa\Sony Corporation
2008-08-18 18:49 . 2008-08-18 18:51 <DIR> d-------- C:\Archivos de programa\Sony
2008-08-18 18:49 . 2008-08-18 18:51 <DIR> d-------- C:\Archivos de programa\Archivos comunes\Sony Shared
2008-08-15 10:05 . 2008-08-15 10:07 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-08-07 19:42 . 2008-06-19 17:24 28,544 --a------ C:\WINDOWS\system32\drivers\pavboot.sys
2008-08-07 19:40 . 2008-08-07 19:40 <DIR> d-------- C:\Archivos de programa\Panda Security
2008-08-07 18:06 . 2008-08-07 18:06 <DIR> d-------- C:\_OTMoveIt
2008-08-05 20:10 . 2008-08-05 20:10 <DIR> d-------- C:\WINDOWS\ERUNT
2008-08-05 20:09 . 2008-08-06 21:16 <DIR> d-------- C:\SDFix
2008-08-05 13:28 . 2008-08-05 13:28 <DIR> d-------- C:\Documents and Settings\All Users\Datos de programa\ESET
2008-08-04 12:01 . 2008-08-16 11:58 <DIR> d-------- C:\WINDOWS\system32\drive
2008-08-04 10:35 . 2008-08-04 10:35 <DIR> d-------- C:\Deckard
2008-08-03 10:45 . 2008-08-03 10:49 <DIR> d-------- C:\Archivos de programa\RegCleaner
2008-08-01 22:40 . 2008-08-01 22:40 <DIR> d--h----- C:\WINDOWS\PIF
2008-08-01 22:39 . 2008-08-01 22:39 <DIR> d-------- C:\Archivos de programa\Unlocker
2008-08-01 11:11 . 2008-08-01 11:11 <DIR> d-------- C:\Archivos de programa\Macromedia
2008-08-01 11:11 . 2008-08-01 11:12 <DIR> d-------- C:\Archivos de programa\Archivos comunes\Macromedia
2008-07-31 19:05 . 2008-07-31 19:05 <DIR> d-------- C:\Documents and Settings\HP_Propietario\Datos de programa\HPQ
2008-07-30 19:24 . 2004-09-29 14:36 15,360 -rah----- C:\WINDOWS\system32\drivers\NetMotCM.sys
2008-07-29 22:30 . 2008-07-29 22:30 <DIR> d-------- C:\Documents and Settings\liz\Datos de programa\Apple Computer
2008-07-29 22:05 . 2008-07-29 22:05 <DIR> d-------- C:\VundoFix Backups
2008-07-29 22:01 . 2008-07-29 22:01 <DIR> d-------- C:\Archivos de programa\Trend Micro
2008-07-29 21:41 . 2008-07-29 21:52 <DIR> d-------- C:\Documents and Settings\All Users\Datos de programa\Spybot - Search & Destroy
2008-07-29 21:41 . 2008-07-29 21:41 <DIR> d-------- C:\Archivos de programa\Spybot - Search & Destroy
2008-07-26 14:03 . 2008-07-26 14:03 <DIR> d-------- C:\Archivos de programa\Xilisoft
2008-07-21 01:30 . 2008-07-21 01:30 <DIR> d-------- C:\Archivos de programa\OJOsoft
2008-07-21 01:30 . 2008-07-21 01:30 <DIR> d-------- C:\Archivos de programa\Archivos comunes\Common Share
2008-07-21 01:19 . 2006-11-01 14:52 765,952 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-07-21 01:19 . 2007-02-25 15:36 383,238 --a------ C:\WINDOWS\system32\libmp3lame-0.dll
2008-07-21 01:13 . 2008-07-21 01:13 <DIR> d-------- C:\Documents and Settings\HP_Propietario\Datos de programa\Moyea
2008-07-19 19:47 . 2008-07-19 19:47 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-07-19 19:47 . 2008-07-19 19:47 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_motmodem_01005.Wdf
2008-07-19 19:45 . 2008-07-19 19:45 <DIR> d-------- C:\Archivos de programa\Archivos comunes\Motorola Shared
2008-07-19 19:45 . 2006-11-13 14:45 1,419,232 --a------ C:\WINDOWS\system32\wdfcoinstaller01005.dll
2008-07-19 19:45 . 2006-12-13 17:52 20,992 --a------ C:\WINDOWS\system32\drivers\motmodem.sys
2008-07-19 19:14 . 2008-07-19 19:14 <DIR> d-------- C:\Archivos de programa\Motorola
2008-07-19 19:12 . 2008-07-19 19:19 <DIR> d-------- C:\Documents and Settings\All Users\Datos de programa\BVRP Software
2008-07-19 19:12 . 2008-07-19 19:13 <DIR> d-------- C:\Archivos de programa\mobile PhoneTools
2008-07-19 19:12 . 2004-08-03 23:08 25,600 --a------ C:\WINDOWS\system32\drivers\usbser.sys
2008-07-19 19:12 . 2004-08-03 23:08 25,600 --a------ C:\WINDOWS\system32\dllcache\usbser.sys
2008-07-19 00:11 . 2008-07-18 23:08 719,872 --a------ C:\WINDOWS\system32\devil.dll
2008-07-19 00:11 . 2008-07-18 23:08 351,744 --a------ C:\WINDOWS\system32\avisynth.dll

.
(((((((((((((((((((((((((((((((((((((( Reporte Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-19 00:51 --------- d--h--w C:\Archivos de programa\InstallShield Installation Information
2008-08-19 00:50 20,576 ------w C:\WINDOWS\system32\drivers\PxHelp20.sys
2008-08-19 00:50 151,552 ------w C:\WINDOWS\system32\pxwma.dll
2008-08-19 00:50 108,544 ------w C:\WINDOWS\system32\pxcpyi64.exe
2008-08-19 00:50 104,960 ------w C:\WINDOWS\system32\pxinsi64.exe
2008-08-15 16:06 --------- d-----w C:\Documents and Settings\All Users\Datos de programa\Microsoft Help
2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\dllcache\es.dll
2008-07-07 03:47 --------- d-----w C:\Archivos de programa\Google
2008-07-01 01:51 --------- d---a-w C:\Documents and Settings\All Users\Datos de programa\TEMP
2008-06-27 14:11 --------- d-----w C:\Archivos de programa\SUPERAntiSpyware
2008-06-26 01:25 --------- d-----w C:\Archivos de programa\Malwarebytes' Anti-Malware
2008-06-26 01:22 --------- d-----w C:\Documents and Settings\HP_Propietario\Datos de programa\Malwarebytes
2008-06-26 01:22 --------- d-----w C:\Documents and Settings\All Users\Datos de programa\Malwarebytes
2008-06-26 01:17 --------- d-----w C:\Documents and Settings\All Users\Datos de programa\SUPERAntiSpyware.com
2008-06-26 01:16 --------- d-----w C:\Documents and Settings\HP_Propietario\Datos de programa\SUPERAntiSpyware.com
2008-06-26 01:15 --------- d-----w C:\Archivos de programa\Archivos comunes\Wise Installation Wizard
2008-06-26 01:12 --------- d-----w C:\Archivos de programa\CCleaner
2008-06-26 01:10 --------- d-----w C:\Archivos de programa\CleanUp!
2008-06-25 19:29 --------- d-----w C:\Archivos de programa\Webteh
2008-06-25 18:58 --------- d-----w C:\Archivos de programa\Java
2008-06-25 11:21 --------- d-----w C:\Archivos de programa\Microsoft CAPICOM 2.1.0.2
2008-06-25 02:23 --------- d-----w C:\Documents and Settings\HP_Propietario\Datos de programa\Apple Computer
2008-06-25 00:24 --------- d-----w C:\Archivos de programa\Windows Media Connect 2
2008-06-25 00:23 --------- d-----w C:\Documents and Settings\All Users\Datos de programa\Apple Computer
2008-06-25 00:22 --------- d-----w C:\Documents and Settings\All Users\Datos de programa\Apple
2008-06-25 00:22 --------- d-----w C:\Archivos de programa\Archivos comunes\Apple
2008-06-25 00:22 --------- d-----w C:\Archivos de programa\Apple Software Update
2008-06-25 00:04 --------- d-----w C:\Archivos de programa\Archivos comunes\Adobe
2008-06-25 00:00 --------- d-----w C:\Archivos de programa\Archivos comunes\InstallShield
2008-06-24 23:42 --------- d-----w C:\Documents and Settings\All Users\Datos de programa\Adobe Systems
2008-06-24 23:42 --------- d-----w C:\Archivos de programa\Archivos comunes\Adobe Systems Shared
2008-06-24 23:40 --------- d-----w C:\Archivos de programa\Sonic
2008-06-24 23:39 --------- d-----w C:\Documents and Settings\All Users\Datos de programa\Symantec
2008-06-24 23:39 --------- d-----w C:\Archivos de programa\Archivos comunes\Symantec Shared
2008-06-24 23:34 --------- d-----w C:\Documents and Settings\All Users\Datos de programa\Yahoo!
2008-06-24 23:33 --------- d-----w C:\Archivos de programa\Yahoo!
2008-06-24 23:29 --------- d-----w C:\Archivos de programa\Hewlett-Packard
2008-06-24 23:27 --------- d-----w C:\Archivos de programa\HP
2008-06-24 23:24 --------- d-----w C:\Archivos de programa\iTunes
2008-06-24 23:24 --------- d-----w C:\Archivos de programa\iPod
2008-06-24 23:24 --------- d-----w C:\Archivos de programa\Bonjour
2008-06-24 23:23 --------- d-----w C:\Archivos de programa\QuickTime
2008-06-24 23:13 --------- d-----w C:\Archivos de programa\Microsoft.NET
2008-06-24 23:07 --------- d-----w C:\Archivos de programa\Windows Live
2008-06-24 23:01 --------- dcsh--w C:\Archivos de programa\Archivos comunes\WindowsLiveInstaller
2008-06-24 22:59 --------- d-----w C:\Documents and Settings\All Users\Datos de programa\WLInstaller
2008-06-24 22:46 1,828 --sha-r C:\WINDOWS\system32\drivers\103C_HP_CPC_EX414AA-ABM w5510la_YC_0Pavi_QMXX632_E63LAheBLA1_48_INAGAMI2_SASUSTek Computer INC._V2.00_B3.11_T060919_WXH2_LC0A_M959_J200_7AMD_8Athlon 64_92.2_#080624_N_Z11C10620_G10DE0241_OHL-DT-ST DVDRRW GSA-H20L.MRK
2008-06-24 16:28 3,592,192 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\dllcache\mscms.dll
2008-06-23 09:20 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-06-23 09:20 625,664 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-06-23 09:20 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-06-21 05:23 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-06-20 17:41 248,320 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 17:41 248,320 ----a-w C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 17:41 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-19 22:48 34,296 ----a-w C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-19 22:47 17,144 ----a-w C:\WINDOWS\system32\drivers\mbam.sys
2008-06-14 17:59 272,512 ------w C:\WINDOWS\system32\dllcache\bthport.sys
.

((((((((((((((((((((((((((((( snapshot@2008-08-18_10.32.12.40 )))))))))))))))))))))))))))))))))))))))))
.
+ 2003-08-26 23:01:28 630,784 ----a-w C:\WINDOWS\system32\CDDBControl.dll
+ 2003-08-26 23:03:54 757,760 ----a-w C:\WINDOWS\system32\CDDBUI.dll
+ 2008-08-19 00:50:31 360,448 ------w C:\WINDOWS\system32\px.dll
+ 2008-08-19 00:50:31 56,832 ------w C:\WINDOWS\system32\pxcpya64.exe
+ 2008-08-19 00:50:31 397,312 ------w C:\WINDOWS\system32\pxdrv.dll
+ 2008-08-19 00:50:31 57,344 ------w C:\WINDOWS\system32\pxhpinst.exe
+ 2008-08-19 00:50:31 54,272 ------w C:\WINDOWS\system32\pxinsa64.exe
+ 2008-08-19 00:50:31 155,648 ------w C:\WINDOWS\system32\pxmas.dll
+ 2008-08-19 00:50:31 339,968 ------w C:\WINDOWS\system32\pxwave.dll
+ 2001-10-24 22:00:40 524,288 ----a-w C:\WINDOWS\system32\TDI-SonyOMG.dll
+ 2008-08-19 00:50:31 28,672 ------w C:\WINDOWS\system32\vxblock.dll
.
((((((((((((((((((((((((((((((((((((((( System Restore )))))))))))))))))))))))))))))))))))))))))))))))))))
.

2008-06-25 18:54 15227 C:\_OTMoveIt\MovedFiles\08162008_115800\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe
2008-06-25 18:54 15227 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP9\A0003952.exe

2005-02-08 15:49 258048 C:\Archivos de programa\Archivos comunes\Sony Shared\AVLib\OpcWAV.dll
2005-01-24 19:20 258048 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP16\A0004185.dll

2008-05-01 08:31 331776 C:\Archivos de programa\Archivos comunes\System\msadc\msadce.dll
2004-08-19 22:00 331776 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP9\A0003794.dll

C:\Archivos de programa\Eset\dmon.dll
2008-07-31 18:56 101496 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP1\A0000064.dll

C:\Archivos de programa\Eset\emon.dll
2008-07-31 18:56 134264 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP1\A0000065.dll

C:\Archivos de programa\Eset\ESET NOD32 Antivirus\unins000.exe
2008-08-05 13:29 667914 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP7\A0001573.exe

C:\Archivos de programa\Eset\nod32.exe
2008-07-31 18:56 494712 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP1\A0000060.exe

C:\Archivos de programa\Eset\nod32api.dll
2008-07-31 18:56 212096 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP1\A0000057.dll

C:\Archivos de programa\Eset\nod32aui.dll
2008-07-31 18:56 52352 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP1\A0000058.dll

C:\Archivos de programa\Eset\nod32fix.reg
2007-02-09 21:04 1088 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP1\A0000073.reg

C:\Archivos de programa\Eset\nod32krn.exe
2008-07-31 18:56 552064 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP1\A0000110.exe

C:\Archivos de programa\Eset\nod32kui.exe
2008-07-31 18:56 949376 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP1\A0000111.exe

C:\Archivos de programa\Eset\nodshex.dll
2008-07-31 18:56 60544 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP1\A0000114.dll

C:\Archivos de programa\Eset\nodshex64.dll
2008-07-31 18:56 52792 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP1\A0000061.dll

C:\Archivos de programa\Eset\ps_amon.dll
2008-07-31 18:56 199808 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP1\A0000117.dll

C:\Archivos de programa\Eset\ps_amon64.dll
2008-07-31 18:56 277616 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP1\A0000063.dll

C:\Archivos de programa\Eset\ps_dmon.dll
2008-07-31 18:56 183352 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP1\A0000119.dll

C:\Archivos de programa\Eset\ps_emon.dll
2008-07-31 18:56 207992 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP1\A0000124.dll

C:\Archivos de programa\Eset\ps_nod32.dll
2008-07-31 18:56 191544 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP1\A0000115.dll

C:\Archivos de programa\Eset\ps_upd.dll
2008-07-31 18:56 318584 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP1\A0000113.dll

C:\Archivos de programa\Eset\pu_amon.dll
2008-07-31 18:56 134200 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP1\A0000118.dll

C:\Archivos de programa\Eset\pu_dmon.dll
2008-07-31 18:56 72760 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP1\A0000120.dll

C:\Archivos de programa\Eset\pu_emon.dll
2008-07-31 18:56 142456 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP1\A0000123.dll

C:\Archivos de programa\Eset\pu_imon.dll
2008-07-31 18:56 187512 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP1\A0000122.dll

C:\Archivos de programa\Eset\pu_nod32.dll
2008-07-31 18:56 93312 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP1\A0000116.dll

C:\Archivos de programa\Eset\pu_upd.dll
2008-07-31 18:56 187512 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP1\A0000112.dll

C:\Archivos de programa\Eset\Setup\00\imon.dll
2008-07-31 18:56 298104 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP1\A0000101.dll

C:\Archivos de programa\Eset\Setup\00\krnstp.dll
2008-07-31 18:56 146552 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP1\A0000102.dll

C:\Archivos de programa\Eset\Setup\00\krnvis.dll
2008-07-31 18:56 81016 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP1\A0000050.dll

C:\Archivos de programa\Eset\Setup\00\ps_amon.dll
2008-07-31 18:56 199808 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP1\A0000103.dll

C:\Archivos de programa\Eset\Setup\00\ps_dmon.dll
2008-07-31 18:56 183352 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP1\A0000104.dll

C:\Archivos de programa\Eset\Setup\00\ps_emon.dll
2008-07-31 18:56 207992 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP1\A0000105.dll

C:\Archivos de programa\Eset\Setup\00\ps_nod32.dll
2008-07-31 18:56 191544 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP1\A0000106.dll

C:\Archivos de programa\Eset\Setup\00\ps_upd.dll
2008-07-31 18:56 318584 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP1\A0000107.dll

C:\Archivos de programa\Eset\Setup\00\pu_amon.dll
2008-07-31 18:56 134200 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP1\A0000051.dll

C:\Archivos de programa\Eset\Setup\00\pu_dmon.dll
2008-07-31 18:56 72760 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP1\A0000052.dll

C:\Archivos de programa\Eset\Setup\00\pu_emon.dll
2008-07-31 18:56 142456 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP1\A0000053.dll

C:\Archivos de programa\Eset\Setup\00\pu_imon.dll
2008-07-31 18:56 187512 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP1\A0000054.dll

C:\Archivos de programa\Eset\Setup\00\pu_nod32.dll
2008-07-31 18:56 93312 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP1\A0000055.dll

C:\Archivos de programa\Eset\Setup\00\pu_upd.dll
2008-07-31 18:56 187512 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP1\A0000056.dll

C:\Archivos de programa\Eset\Setup\main.dll
2008-07-31 18:56 228472 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP1\A0000108.dll

C:\Archivos de programa\Eset\Setup\setup.exe
2008-07-31 18:56 253048 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP1\A0000109.exe

C:\Archivos de programa\Eset\sporder.dll
2008-07-31 18:56 8464 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP1\A0000066.dll

C:\Archivos de programa\Eset\unins000.exe
2008-07-31 18:48 679681 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP1\A0000074.exe

2008-06-23 03:20 625664 C:\Archivos de programa\Internet Explorer\iexplore.exe
2008-04-22 01:40 625664 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP9\A0003759.exe

2008-05-02 08:24 83968 C:\Archivos de programa\Messenger\msgsc.dll
2004-08-19 14:57 82944 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP9\A0003860.dll

2008-08-03 11:34 176 C:\Archivos de programa\RegCleaner\Backups\03.08.2008.10.48.39......0.reg
2008-08-03 10:48 176 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP1\A0000013.reg

2008-08-03 11:34 139 C:\Archivos de programa\RegCleaner\Backups\03.08.2008.10.48.41......2.reg
2008-08-03 10:48 139 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP1\A0000014.reg

2008-08-03 11:34 53 C:\Archivos de programa\RegCleaner\Backups\03.08.2008.10.48.42......4.reg
2008-08-03 10:48 53 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP1\A0000015.reg

2008-08-03 11:34 60 C:\Archivos de programa\RegCleaner\Backups\03.08.2008.10.48.44......6.reg
2008-08-03 10:48 60 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP1\A0000016.reg

2008-08-03 11:34 74 C:\Archivos de programa\RegCleaner\Backups\03.08.2008.10.48.45......7.reg
2008-08-03 10:48 74 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP1\A0000017.reg

2008-08-03 11:34 508 C:\Archivos de programa\RegCleaner\Backups\03.08.2008.10.48.47......9.reg
2008-08-03 10:48 508 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP1\A0000018.reg

2008-08-03 11:34 119 C:\Archivos de programa\RegCleaner\Backups\03.08.2008.10.48.48......11.reg
2008-08-03 10:48 119 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP1\A0000019.reg

2008-08-03 11:34 1120 C:\Archivos de programa\RegCleaner\Backups\03.08.2008.10.48.50......13.reg
2008-08-03 10:48 1120 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP1\A0000020.reg

2008-08-03 11:34 2498 C:\Archivos de programa\RegCleaner\Backups\03.08.2008.10.48.51......71.reg
2008-08-03 10:48 2498 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP1\A0000021.reg

2008-08-03 11:34 465 C:\Archivos de programa\RegCleaner\Backups\03.08.2008.10.48.53......72.reg
2008-08-03 10:48 465 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP1\A0000022.reg

2008-08-03 11:34 248 C:\Archivos de programa\RegCleaner\Backups\03.08.2008.10.48.54......133.reg
2008-08-03 10:48 248 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP1\A0000023.reg

2008-08-03 11:34 386 C:\Archivos de programa\RegCleaner\Backups\03.08.2008.10.48.56......147.reg
2008-08-03 10:48 386 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP1\A0000024.reg

2008-08-03 11:34 184 C:\Archivos de programa\RegCleaner\Backups\03.08.2008.10.48.57......148.reg
2008-08-03 10:48 184 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP1\A0000025.reg

2008-08-03 11:34 111 C:\Archivos de programa\RegCleaner\Backups\03.08.2008.10.48.59......149.reg
2008-08-03 10:48 111 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP1\A0000026.reg

2008-08-03 11:34 456 C:\Archivos de programa\RegCleaner\Backups\03.08.2008.10.49.00......168.reg
2008-08-03 10:49 456 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP1\A0000027.reg

2008-08-03 11:34 1474 C:\Archivos de programa\RegCleaner\Backups\03.08.2008.10.49.06......203.reg
2008-08-03 10:49 1474 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP1\A0000028.reg

C:\Archivos de programa\RegCleaner\Backups\03.08.2008.11.13.23......0.reg
2008-08-03 11:13 111 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP1\A0000029.reg

C:\Archivos de programa\RegCleaner\Backups\03.08.2008.11.19.52......3.reg
2008-08-03 11:19 89 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP1\A0000030.reg

2008-08-03 11:34 1568 C:\Archivos de programa\RegCleaner\Backups\03.08.2008.11.20.30......67.reg
2008-08-03 11:20 1568 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP1\A0000031.reg

2005-02-22 11:52 4775936 C:\Archivos de programa\Sony\SonicStage\Omgjbox.exe
{B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP16\A0004186.exeC:\Documents and Settings\TEMP\Datos de programa\Microsoft\IdentityCRL\Production\ppcrlconfig.dll
2008-08-18 17:22 20040 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP19\A0004227.dll

2008-08-18 09:50 3894 C:\Documents and Settings\All Users\Datos de programa\Spybot - Search & Destroy\Snapshots2\RegDPF-Global.reg
2008-08-16 12:03 3894 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP11\A0004117.reg
2008-08-07 18:16 4681 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP9\A0003970.reg

2008-08-18 09:50 1171 C:\Documents and Settings\All Users\Datos de programa\Spybot - Search & Destroy\Snapshots2\RegGS1-Global.reg
2008-08-03 11:21 1247 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP1\A0000035.reg
2008-08-07 17:17 1171 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP9\A0003902.reg

2008-08-18 09:50 86 C:\Documents and Settings\All Users\Datos de programa\Spybot - Search & Destroy\Snapshots2\RegGS2-Global.reg
2008-08-16 12:01 86 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP10\A0004047.reg
2008-08-16 11:58 170 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP9\A0003964.reg

2008-08-18 09:50 559 C:\Documents and Settings\All Users\Datos de programa\Spybot - Search & Destroy\Snapshots2\RegUS1-HP_Propietario.reg
2008-08-15 14:21 648 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP11\A0004120.reg
2008-08-04 17:48 648 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP9\A0003905.reg

C:\Documents and Settings\HP_Propietario\Escritorio\testdisk-6.10-WIP\win\recup_dir.1129\f158696480.exe
2008-06-24 21:30 81920 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP4\A0000279.exe

C:\Documents and Settings\HP_Propietario\Escritorio\testdisk-6.10-WIP\win\recup_dir.1346\f175116656.exe
2008-06-24 22:07 81920 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP4\A0000284.exe

C:\Documents and Settings\HP_Propietario\Escritorio\testdisk-6.10-WIP\win\recup_dir.1525\f189041968.exe
2008-06-24 22:35 81920 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP4\A0000285.exe

C:\Documents and Settings\HP_Propietario\Escritorio\testdisk-6.10-WIP\win\recup_dir.174\f36381016.exe
2008-06-24 18:17 81920 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP4\A0000286.exe

C:\Documents and Settings\HP_Propietario\Escritorio\testdisk-6.10-WIP\win\recup_dir.1754\f204381904.exe
2008-06-24 23:13 81920 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP4\A0000287.exe

C:\Documents and Settings\HP_Propietario\Escritorio\testdisk-6.10-WIP\win\recup_dir.1910\f218087648.exe
2008-06-24 23:38 81920 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP4\A0000288.exe

C:\Documents and Settings\HP_Propietario\Escritorio\testdisk-6.10-WIP\win\recup_dir.2042\f231711648.exe
2008-06-24 23:59 81920 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP4\A0000289.exe

C:\Documents and Settings\HP_Propietario\Escritorio\testdisk-6.10-WIP\win\recup_dir.2145\f241452528.exe
2008-06-25 00:15 81920 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP4\A0000290.exe

C:\Documents and Settings\HP_Propietario\Escritorio\testdisk-6.10-WIP\win\recup_dir.2263\f253611824.exe
2008-06-25 00:34 81920 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP4\A0000291.exe

C:\Documents and Settings\HP_Propietario\Escritorio\testdisk-6.10-WIP\win\recup_dir.2384\f265553664.exe
2008-06-25 00:54 81920 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP4\A0000292.exe

C:\Documents and Settings\HP_Propietario\Escritorio\testdisk-6.10-WIP\win\recup_dir.2502\f277221936.exe
2008-06-25 01:13 81920 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP4\A0000293.exe

C:\Documents and Settings\HP_Propietario\Escritorio\testdisk-6.10-WIP\win\recup_dir.2618\f288601080.exe
2008-06-25 01:32 81920 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP4\A0000294.exe

C:\Documents and Settings\HP_Propietario\Escritorio\testdisk-6.10-WIP\win\recup_dir.2732\f299777440.exe
2008-06-25 01:50 81920 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP4\A0000295.exe

C:\Documents and Settings\HP_Propietario\Escritorio\testdisk-6.10-WIP\win\recup_dir.410\f88125984.exe
2008-06-24 19:16 81920 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP4\A0000296.exe

C:\Documents and Settings\HP_Propietario\Escritorio\testdisk-6.10-WIP\win\recup_dir.651\f117009664.exe
2008-06-24 20:00 81920 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP4\A0000297.exe

2004-08-19 22:00 25600 C:\Documents and Settings\LocalService\Datos de programa\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2004-08-19 22:00 25600 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP19\A0004377.dll
2004-08-19 22:00 25600 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP9\A0003927.dll

C:\krk.exe
2008-08-07 17:04 1539 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP7\A0001621.exe
2008-08-07 18:34 1539 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP7\A0002614.exe

C:\SDFix\attrib.exe
2004-08-19 22:00 11264 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP4\A0001296.exe

C:\SDFix\backupreg\AppInit_DLLs.reg
2008-08-05 20:11 624 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP4\A0001266.reg

C:\SDFix\backupreg\bat_shell_open.reg
2008-08-05 20:11 204 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP4\A0001267.reg

C:\SDFix\backupreg\BHO.reg
2008-08-05 20:11 2532 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP4\A0001268.reg

C:\SDFix\backupreg\com_shell_open.reg
2008-08-05 20:11 204 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP4\A0001269.reg

C:\SDFix\backupreg\ControlPanel_Load.reg
2008-08-05 20:11 22976 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP4\A0001270.reg

C:\SDFix\backupreg\Drivers32.reg
2008-08-05 20:11 2732 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP4\A0001271.reg

C:\SDFix\backupreg\exe_shell_open.reg
2008-08-05 20:11 204 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP4\A0001272.reg

C:\SDFix\backupreg\HKCU_SOFTWARE_Policy.reg
2008-08-05 20:11 4504 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP4\A0001275.reg

C:\SDFix\backupreg\HKCU_WINDOWS_Policy.reg
2008-08-05 20:11 462 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP4\A0001276.reg

C:\SDFix\backupreg\HKCURun.reg
2008-08-05 20:11 1346 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP4\A0001273.reg

C:\SDFix\backupreg\HKCURunServices.reg
2008-08-05 20:11 74 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP4\A0001274.reg

C:\SDFix\backupreg\HKLM_SOFTWARE_Policy.reg
2008-08-05 20:11 119436 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP4\A0001279.reg

C:\SDFix\backupreg\HKLM_WINDOWS_Policy.reg
2008-08-05 20:11 1392 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP4\A0001280.reg

C:\SDFix\backupreg\HKLMRun.reg
2008-08-05 20:11 3088 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP4\A0001277.reg

C:\SDFix\backupreg\HKLMRunServices.reg
2008-08-05 20:11 74 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP4\A0001278.reg

C:\SDFix\backupreg\IEDesktop.reg
2008-08-05 20:11 5780 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP4\A0001281.reg

C:\SDFix\backupreg\IEMain.reg
2008-08-05 20:11 3828 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP4\A0001282.reg

C:\SDFix\backupreg\Installed_Components.reg
2008-08-05 20:11 32720 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP4\A0001283.reg

C:\SDFix\backupreg\pif_shell_open.reg
2008-08-05 20:11 204 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP4\A0001284.reg

C:\SDFix\backupreg\reg_shell_open.reg
2008-08-05 20:11 228 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP4\A0001285.reg

C:\SDFix\backupreg\SecurityProviders.reg
2008-08-05 20:11 8004 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP4\A0001286.reg

C:\SDFix\backupreg\SharedTaskScheduler.reg
2008-08-05 20:11 580 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP4\A0001287.reg

C:\SDFix\backupreg\ShellServiceObjectDelayLoad.reg
2008-08-05 20:11 816 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP4\A0001288.reg

C:\SDFix\backupreg\SubSystems.reg
2008-08-05 20:11 5282 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP4\A0001289.reg

C:\SDFix\backupreg\txt_shell_open.reg
2008-08-05 20:11 668 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP4\A0001290.reg

C:\SDFix\backupreg\Winlogon.reg
2008-08-05 20:11 20050 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP4\A0001291.reg

C:\SDFix\backupreg\WinlogonNotify.reg
2008-08-05 20:11 7600 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP4\A0001292.reg

C:\SDFix\dummy.exe
2008-08-03 04:05 6656 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP4\A0001293.exe

C:\SDFix\find.exe
2004-08-19 22:00 9216 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP4\A0001294.exe

C:\SDFix\findstr.exe
2004-08-19 22:00 28672 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP4\A0001295.exe

C:\SDFix\regedit.exe
2004-08-20 05:00 152064 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP4\A0001297.exe

C:\SDFix\userinfix.reg
2008-08-05 21:06 169 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP4\A0001298.reg

C:\WINDOWS\_000005_.tmp.dll
2008-04-11 13:18 12431 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP9\A0003733.dll
2008-06-24 11:03 12431 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP9\A0003863.dll

C:\WINDOWS\_000048_.tmp.dll
2008-06-26 12:15 32215 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP9\A0003737.dll

C:\WINDOWS\assembly\temp\1AIQY6FNV3\Microsoft.Office.Interop.PowerPoint.dll
2008-08-06 23:49 251272 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP9\A0003800.dll

C:\WINDOWS\assembly\temp\BKS09HPX5D\Microsoft.Office.Interop.Word.dll
2008-06-24 17:22 781104 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP6\A0001342.dll

C:\WINDOWS\assembly\temp\T2AIQZ6FNV\Microsoft.Office.Interop.PowerPoint.dll
2008-06-24 17:22 248632 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP6\A0001340.dll

C:\WINDOWS\inf\_000000_.tmp.dll
2008-06-20 11:56 926 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP9\A0003731.dll
2008-05-02 08:20 926 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP9\A0003861.dll

C:\WINDOWS\Installer\{7D974ACA-4EE5-412C-8E6A-A5B57B305727}\callmsi.exe
2008-08-05 13:29 10134 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP7\A0001567.exe

C:\WINDOWS\Installer\{7D974ACA-4EE5-412C-8E6A-A5B57B305727}\egui.exe
2008-08-05 13:29 136448 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP7\A0001568.exe

C:\WINDOWS\LastGood.Tmp\system32\DRIVERS\eamon.sys
2008-02-20 11:01 39944 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP7\A0001592.sys

C:\WINDOWS\LastGood.Tmp\system32\DRIVERS\easdrv.sys
2008-02-20 11:02 29704 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP7\A0001593.sys

C:\WINDOWS\LastGood.Tmp\system32\DRIVERS\epfwtdir.sys
2008-02-20 11:11 33800 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP7\A0001594.sys

C:\WINDOWS\nod32fixtemdono.reg
2008-03-03 18:21 568 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP7\A0001572.reg

C:\WINDOWS\system32\_000004_.tmp.dll
2007-11-30 06:39 18808 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP9\A0003732.dll
2007-11-30 06:39 18808 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP9\A0003862.dll

2008-06-23 10:28 124928 C:\WINDOWS\system32\advpack.dll
2008-04-22 22:16 124928 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP9\A0003758.dll
2008-04-22 22:16 124928 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP9\A0003876.dll

2008-06-23 10:28 124928 C:\WINDOWS\system32\dllcache\advpack.dll
2008-04-22 22:16 124928 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP9\A0003790.dll

2008-06-23 10:28 347136 C:\WINDOWS\system32\dllcache\dxtmsft.dll
2008-04-22 22:16 347136 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP9\A0003789.dll

2008-06-23 10:28 214528 C:\WINDOWS\system32\dllcache\dxtrans.dll
2008-04-22 22:16 214528 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP9\A0003788.dll

2008-07-07 14:31 253952 C:\WINDOWS\system32\dllcache\es.dll
2005-07-26 05:39 243200 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP9\A0003838.dll

2008-06-23 10:28 133120 C:\WINDOWS\system32\dllcache\extmgr.dll
2008-04-22 22:16 133120 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP9\A0003787.dll

2008-06-23 10:28 63488 C:\WINDOWS\system32\dllcache\icardie.dll
2008-04-22 22:16 63488 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP9\A0003786.dll

2008-06-23 03:20 70656 C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-04-22 01:39 70656 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP9\A0003785.exe

2008-06-23 10:28 153088 C:\WINDOWS\system32\dllcache\ieakeng.dll
2008-04-22 22:16 153088 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP9\A0003784.dll

2008-06-23 10:28 230400 C:\WINDOWS\system32\dllcache\ieaksie.dll
2008-04-22 22:16 230400 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP9\A0003783.dll

2008-06-20 23:23 161792 C:\WINDOWS\system32\dllcache\ieakui.dll
2008-04-19 23:07 161792 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP9\A0003782.dll

2008-06-23 10:28 383488 C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-04-22 22:16 383488 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP9\A0003781.dll

2008-06-23 10:28 384512 C:\WINDOWS\system32\dllcache\iedkcs32.dll
2008-04-22 22:16 384512 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP9\A0003780.dll

2008-06-23 10:28 6066176 C:\WINDOWS\system32\dllcache\ieframe.dll
2008-04-22 22:16 6066176 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP9\A0003779.dll

2008-06-23 10:28 44544 C:\WINDOWS\system32\dllcache\iernonce.dll
2008-04-22 22:16 44544 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP9\A0003778.dll

2008-06-23 10:28 267776 C:\WINDOWS\system32\dllcache\iertutil.dll
2008-04-22 22:16 267776 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP9\A0003777.dll

2008-06-23 03:20 13824 C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-04-22 01:39 13824 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP9\A0003776.exe

2008-06-23 03:20 625664 C:\WINDOWS\system32\dllcache\iexplore.exe
2008-04-22 01:40 625664 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP9\A0003775.exe

2008-04-11 12:51 683520 C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-08-21 00:17 683520 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP9\A0003735.dll

2008-06-23 10:28 27648 C:\WINDOWS\system32\dllcache\jsproxy.dll
2008-04-22 22:16 27648 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP9\A0003773.dll

2008-05-01 08:31 331776 C:\WINDOWS\system32\dllcache\msadce.dll
2004-08-19 22:00 331776 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP9\A0003795.dll

2008-06-24 10:23 74240 C:\WINDOWS\system32\dllcache\mscms.dll
2005-06-29 02:49 74240 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP9\A0003865.dll

2008-06-23 10:28 459264 C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-04-22 22:16 459264 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP9\A0003772.dll

2008-06-23 10:28 52224 C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-04-22 22:16 52224 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP9\A0003771.dll

2008-06-24 10:28 3592192 C:\WINDOWS\system32\dllcache\mshtml.dll
2008-04-23 21:16 3591680 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP9\A0003770.dll

2008-06-23 10:28 477696 C:\WINDOWS\system32\dllcache\mshtmled.dll
2008-04-22 22:16 478208 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP9\A0003769.dll

2008-06-23 10:28 193024 C:\WINDOWS\system32\dllcache\msrating.dll
2008-04-22 22:16 193024 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP9\A0003768.dll

2008-06-23 10:28 671232 C:\WINDOWS\system32\dllcache\mstime.dll
2008-04-22 22:16 671232 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP9\A0003767.dll

2008-06-23 10:28 102912 C:\WINDOWS\system32\dllcache\occache.dll
2008-04-22 22:16 102912 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP9\A0003766.dll

2008-06-23 10:28 44544 C:\WINDOWS\system32\dllcache\pngfilt.dll
2008-04-22 22:16 44544 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP9\A0003765.dll

2008-06-23 10:28 105984 C:\WINDOWS\system32\dllcache\url.dll
2008-04-22 22:16 105984 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP9\A0003764.dll

2008-06-23 10:28 1159680 C:\WINDOWS\system32\dllcache\urlmon.dll
2008-04-22 22:16 1159680 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP9\A0003763.dll

2008-06-23 10:28 233472 C:\WINDOWS\system32\dllcache\webcheck.dll
2008-04-22 22:16 233472 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP9\A0003762.dll

2008-06-23 10:28 826368 C:\WINDOWS\system32\dllcache\wininet.dll
2008-04-22 22:16 826368 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP9\A0003761.dll

C:\WINDOWS\system32\drive\calling.com
2008-05-21 15:06 754176 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP1\A0000049.com
2008-05-21 15:06 754176 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP7\A0001571.com

C:\WINDOWS\system32\drive\d.dll
2003-03-16 15:49 33792 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP1\A0000041.dll
2003-03-16 15:49 33792 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP9\A0003889.dll

2007-09-05 11:02 61440 C:\WINDOWS\system32\drive\lam1.exe
2007-09-05 11:02 61440 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP1\A0000042.exe
2007-09-05 11:02 61440 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP9\A0003891.exe

C:\WINDOWS\system32\drive\lam2.exe
2007-09-05 11:02 90112 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP1\A0000043.exe
2007-09-05 11:02 90112 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP9\A0003892.exe

C:\WINDOWS\system32\drive\lam3.exe
{B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP1\A0000038.exe
2007-09-05 11:02 19968 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP9\A0003893.exe

C:\WINDOWS\system32\drive\lam4.exe
{B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP1\A0000033.exe
2007-09-05 11:02 17408 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP9\A0003894.exe

C:\WINDOWS\system32\drive\lam5.exe
2007-09-05 11:02 31744 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP1\A0000044.exe
2007-09-05 11:02 31744 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP9\A0003895.exe

C:\WINDOWS\system32\drive\lmz.exe
{B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP1\A0000039.exe
2008-05-25 20:30 35509 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP9\A0003896.exe

2006-03-15 21:51 18432 C:\WINDOWS\system32\drive\msn.dll
2006-03-15 21:51 18432 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP2\A0000186.dll
2006-03-15 21:51 18432 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP9\A0003897.dll

C:\WINDOWS\system32\drive\reg.dll
2003-04-19 11:43 86016 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP2\A0000188.dll
2003-04-19 11:43 86016 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP9\A0003899.dll

2002-08-27 18:03 29184 C:\WINDOWS\system32\drive\systemac.dll
2002-08-27 18:03 29184 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP2\A0000189.dll
2002-08-27 18:03 29184 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP9\A0003900.dll

C:\WINDOWS\system32\drivers\amon.sys
2008-07-31 18:56 512096 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP1\A0000062.sys

C:\WINDOWS\system32\drivers\eamon.sys
2008-02-20 11:01 39944 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP7\A0001496.sys

C:\WINDOWS\system32\drivers\easdrv.sys
2008-02-20 11:02 29704 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP7\A0001495.sys

C:\WINDOWS\system32\drivers\epfwtdir.sys
2008-02-20 11:11 33800 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP7\A0001497.sys

C:\WINDOWS\system32\drivers\nod32drv.sys
2008-07-31 18:56 15424 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP1\A0000059.sys

2008-06-23 10:28 347136 C:\WINDOWS\system32\dxtmsft.dll
2008-04-22 22:16 347136 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP9\A0003757.dll

2008-06-23 10:28 214528 C:\WINDOWS\system32\dxtrans.dll
2008-04-22 22:16 214528 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP9\A0003756.dll

2008-07-07 14:31 253952 C:\WINDOWS\system32\es.dll
2005-07-26 05:39 243200 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP9\A0003837.dll
2005-07-26 05:39 243200 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP9\A0003877.dll

2008-06-23 10:28 133120 C:\WINDOWS\system32\extmgr.dll
2008-04-22 22:16 133120 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP9\A0003760.dll

2008-06-23 10:28 63488 C:\WINDOWS\system32\icardie.dll
2008-04-22 22:16 63488 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP9\A0003875.dll

2008-06-23 03:20 70656 C:\WINDOWS\system32\ie4uinit.exe
2008-04-22 01:39 70656 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP9\A0003755.exe

2008-06-23 10:28 153088 C:\WINDOWS\system32\ieakeng.dll
2008-04-22 22:16 153088 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP9\A0003754.dll

2008-06-23 10:28 230400 C:\WINDOWS\system32\ieaksie.dll
2008-04-22 22:16 230400 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP9\A0003753.dll

2008-06-20 23:23 161792 C:\WINDOWS\system32\ieakui.dll
2008-04-19 23:07 161792 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP9\A0003752.dll

2008-06-23 10:28 383488 C:\WINDOWS\system32\ieapfltr.dll
2008-04-22 22:16 383488 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP9\A0003874.dll

2008-06-23 10:28 384512 C:\WINDOWS\system32\iedkcs32.dll
2008-04-22 22:16 384512 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP9\A0003751.dll

2008-06-23 10:28 6066176 C:\WINDOWS\system32\ieframe.dll
2008-04-22 22:16 6066176 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP9\A0003873.dll

2008-06-23 10:28 44544 C:\WINDOWS\system32\iernonce.dll
2008-04-22 22:16 44544 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP9\A0003750.dll

2008-06-23 10:28 267776 C:\WINDOWS\system32\iertutil.dll
2008-04-22 22:16 267776 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP9\A0003872.dll

2008-06-23 03:20 13824 C:\WINDOWS\system32\ieudinit.exe
2008-04-22 01:39 13824 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP9\A0003749.exe

C:\WINDOWS\system32\imon.dll
2008-07-31 18:56 298104 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP1\A0000121.dll

2008-04-11 12:51 683520 C:\WINDOWS\system32\inetcomm.dll
2007-08-21 00:17 683520 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP9\A0003734.dll

2008-06-23 10:28 27648 C:\WINDOWS\system32\jsproxy.dll
2008-04-22 22:16 27648 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP9\A0003747.dll

C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
2005-05-24 12:27 213048 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP9\A0003967.dll

C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
2007-08-29 15:47 94208 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP9\A0003969.exe

C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
2007-08-29 15:49 950272 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP9\A0003968.dll

2008-06-25 09:15 17972344 C:\WINDOWS\system32\MRT.exe
2008-06-25 09:15 17972344 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP7\A0002625.exe

2008-06-24 10:23 74240 C:\WINDOWS\system32\mscms.dll
2005-06-29 02:49 74240 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP9\A0003864.dll
2005-06-29 02:49 74240 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP9\A0003878.dll

2008-06-23 10:28 459264 C:\WINDOWS\system32\msfeeds.dll
2008-04-22 22:16 459264 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP9\A0003871.dll

2008-06-23 10:28 52224 C:\WINDOWS\system32\msfeedsbs.dll
2008-04-22 22:16 52224 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP9\A0003870.dll

2008-06-24 10:28 3592192 C:\WINDOWS\system32\mshtml.dll
2008-04-23 21:16 3591680 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP9\A0003869.dll

2008-06-23 10:28 477696 C:\WINDOWS\system32\mshtmled.dll
2008-04-22 22:16 478208 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP9\A0003746.dll

2008-06-23 10:28 193024 C:\WINDOWS\system32\msrating.dll
2008-04-22 22:16 193024 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP9\A0003745.dll

2008-06-23 10:28 671232 C:\WINDOWS\system32\mstime.dll
2008-04-22 22:16 671232 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP9\A0003744.dll

2008-06-23 10:28 102912 C:\WINDOWS\system32\occache.dll
2008-04-22 22:16 102912 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP9\A0003743.dll

2008-06-23 10:28 44544 C:\WINDOWS\system32\pngfilt.dll
2008-04-22 22:16 44544 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP9\A0003742.dll

2008-07-14 05:09 62976 C:\WINDOWS\system32\tzchange.exe
2008-03-27 03:24 60416 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP9\A0003799.exe

2008-06-23 10:28 105984 C:\WINDOWS\system32\url.dll
2008-04-22 22:16 105984 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP9\A0003741.dll
2008-04-22 22:16 105984 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP9\A0003868.dll

2008-06-23 10:28 1159680 C:\WINDOWS\system32\urlmon.dll
2008-04-22 22:16 1159680 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP9\A0003740.dll
2008-04-22 22:16 1159680 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP9\A0003867.dll

2008-06-23 10:28 233472 C:\WINDOWS\system32\webcheck.dll
2008-04-22 22:16 233472 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP9\A0003739.dll

2008-06-23 10:28 826368 C:\WINDOWS\system32\wininet.dll
2008-04-22 22:16 826368 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP9\A0003738.dll
2008-04-22 22:16 826368 {B3A1165A-B243-4636-9AD5-9D938ACB32AD}\RP9\A0003866.dll
.
((((((((((((((((((((((((((((((((( Cargando Puntos Reg ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* entradas vacías & entradas legítimas predeterminadas no son mostradas

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Archivos de programa\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 10:34 5724184]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 22:00 15360]
"Messenger (Yahoo!)"="C:\Archivos de programa\Yahoo!\Messenger\YahooMessenger.exe" [2008-05-27 20:58 4269296]
"ares"="C:\Archivos de programa\Ares\Ares.exe" [2008-02-20 08:33 963072]
"SUPERAntiSpyware"="C:\Archivos de programa\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-06-27 08:11 1506544]
"swg"="C:\Archivos de programa\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-07-06 21:47 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-01-24 20:15 7311360]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2005-07-22 21:14 237568]
"KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 17:44 61440]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 10:04 52736]
"SunJavaUpdateSched"="C:\Archivos de programa\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 03:25 144784]
"Adobe Reader Speed Launcher"="C:\Archivos de programa\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 21:16 39792]
"QuickTime Task"="C:\Archivos de programa\QuickTime\qttask.exe" [2008-05-27 09:50 413696]
"iTunesHelper"="C:\Archivos de programa\iTunes\iTunesHelper.exe" [2008-06-02 10:13 267048]
"SsAAD.exe"="C:\ARCHIV~1\Sony\SONICS~1\SsAAD.exe" [2005-01-24 19:58 81920]
"RTHDCPL"="RTHDCPL.EXE" [2006-03-08 05:54 16010240 C:\WINDOWS\RTHDCPL.EXE]
"nwiz"="nwiz.exe" [2006-01-24 20:15 1519616 C:\WINDOWS\system32\nwiz.exe]

C:\Documents and Settings\liz\MenŁ Inicio\Programas\Inicio\
Pin.lnk - C:\hp\bin\CLOAKER.EXE [2006-05-18 20:22:50 27136]

C:\Documents and Settings\sam\MenŁ Inicio\Programas\Inicio\
Pin.lnk - C:\hp\bin\CLOAKER.EXE [2006-05-18 20:22:50 27136]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-06-27 08:11 294912 C:\Archivos de programa\SUPERAntiSpyware\SASWINLO.DLL

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Archivos de programa\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Archivos de programa\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Archivos de programa\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Archivos de programa\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Archivos de programa\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Archivos de programa\\Bonjour\\mDNSResponder.exe"=
"C:\\Archivos de programa\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [2008-06-19 17:24]
R3 USBSTOR;Dispositivo de almacenamiento masivo de datos USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 05:08]
S3 usbscan;Controlador de escáner USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 21:58]
.
Contenido de carpeta 'Tareas Programadas'

2008-08-16 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Archivos de programa\Apple Software Update\SoftwareUpdate.exe [2007-08-29 13:57]
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-19 15:06:13
Windows 5.1.2600 Service Pack 2 NTFS

escaneando procesos ocultos ...

escaneando entradas ocultas de autostart ...

escaneando archivos ocultos ...

el escaneo se completo con exito
archivos ocultos: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\wuauserv]
"ServiceDll"="C:\WIND.
Tiempo completado: 2008-08-19 15:41:13
ComboFix-quarantined-files.txt 2008-08-19 21:41:10
ComboFix2.txt 2008-08-18 16:32:29

Pre-Run: 117,418,897,408 bytes libres
Post-Run: 117,449,416,704 bytes libres

687 --- E O F --- 2008-08-15 16:07:15





Malwarebytes' Anti-Malware 1.18
Database version: 893

06:38:23 p.m. 19/08/2008
mbam-log-8-19-2008 (18-38-23).txt

Scan type: Full Scan (C:\|)
Objects scanned: 1195719
Time elapsed: 2 hour(s), 46 minute(s), 23 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Edited by aven_steph, 19 August 2008 - 06:42 PM.

  • 0

#24
emeraldnzl
Posted 20 August 2008 - 02:33 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello aven_steph,

those same files are still there im not sure if theyre suppose to stay there or what or if i should just delete the folder myself


Yes those files are meant to be there.

It is System Restore and we will be dealing with it soon. Next post probably, at the same time we will clean up some other stuff.

I was just checking inside it to see if we had missed anything.

On another note you have some P2P sharing programs on your computer. I recommend that you remove them. P2P file sharing is responsible for a lot of infection. It is likely that is where your problems came from.

Your logs are looking much better now. Just lets run these ones to make sure they have gone.

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

KillAll::

Folder::
C:\Archivos de programa\Eset
C:\WINDOWS\system32\drive

File::
C:\krk.exe
C:\WINDOWS\_000005_.tmp.dll
C:\WINDOWS\_000048_.tmp.dll
C:\WINDOWS\inf\_000000_.tmp.dll
C:\WINDOWS\system32\_000004_.tmp.dll
C:\WINDOWS\nod32fixtemdono.reg
C:\WINDOWS\system32\drivers\nod32drv.sys
C:\WINDOWS\LastGood.Tmp\system32\DRIVERS\eamon.sys
C:\WINDOWS\LastGood.Tmp\system32\DRIVERS\easdrv.sys
C:\WINDOWS\LastGood.Tmp\system32\DRIVERS\epfwtdir.sys
C:\WINDOWS\system32\drivers\amon.sys
C:\WINDOWS\system32\drivers\eamon.sys
C:\WINDOWS\system32\drivers\easdrv.sys
C:\WINDOWS\system32\drivers\epfwtdir.sys


Save this as CFScript.txt, in the same location as ComboFix.exe

Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt which I will require in your next reply.

So when you come back please post
  • ComboFix text
  • and a new HijackThis log

Also please tell me how your computer is running now.
  • 0

#25
aven_steph
Posted 20 August 2008 - 05:43 PM

aven_steph

    Member

  • Topic Starter
  • Member
  • PipPip
  • 75 posts
my computer has been running fine so far i havent had any other problems :)

On another note you have some P2P sharing programs on your computer. I recommend that you remove them. P2P file sharing is responsible for a lot of infection. It is likely that is where your problems came from.


yeah i know it all started with frostwire thats why i deleted it off of my computer -_-



ComboFix 08-08-18.05 - HP_Propietario 2008-08-20 16:53:17.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.34.3082.18.652 [GMT -6:00]
Se ejecuta desde: C:\Documents and Settings\HP_Propietario\Escritorio\ComboFix.exe
Command switches used :: C:\Documents and Settings\HP_Propietario\Escritorio\CFScript.txt
* Creado un nuevo punto de restauración

FILE ::
C:\krk.exe
C:\WINDOWS\_000005_.tmp.dll
C:\WINDOWS\_000048_.tmp.dll
C:\WINDOWS\inf\_000000_.tmp.dll
C:\WINDOWS\LastGood.Tmp\system32\DRIVERS\eamon.sys
C:\WINDOWS\LastGood.Tmp\system32\DRIVERS\easdrv.sys
C:\WINDOWS\LastGood.Tmp\system32\DRIVERS\epfwtdir.sys
C:\WINDOWS\nod32fixtemdono.reg
C:\WINDOWS\system32\_000004_.tmp.dll
C:\WINDOWS\system32\drivers\amon.sys
C:\WINDOWS\system32\drivers\eamon.sys
C:\WINDOWS\system32\drivers\easdrv.sys
C:\WINDOWS\system32\drivers\epfwtdir.sys
C:\WINDOWS\system32\drivers\nod32drv.sys
.

(((((((((((((((((((((((((((((((((((( Otras eliminaciones )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\drive
C:\WINDOWS\system32\drive\aliases.ini
C:\WINDOWS\system32\drive\dbqp.fon
C:\WINDOWS\system32\drive\lam1.exe
C:\WINDOWS\system32\drive\lmz1.bmp
C:\WINDOWS\system32\drive\lmz2.bmp
C:\WINDOWS\system32\drive\lmz3.bmp
C:\WINDOWS\system32\drive\mirc.ini
C:\WINDOWS\system32\drive\msn.dll
C:\WINDOWS\system32\drive\poiyu
C:\WINDOWS\system32\drive\qaz
C:\WINDOWS\system32\drive\Refix.ocx
C:\WINDOWS\system32\drive\systemac.dll
C:\WINDOWS\system32\drive\winreg.oce
C:\WINDOWS\system32\drive\wsx

.
(((((((((((((((((( Archivos creados desde 2008-07-20 - 2008-08-20 )))))))))))))))))))))))))))))))))
.

2008-08-18 18:58 . 2008-08-18 18:58 <DIR> d-------- C:\Documents and Settings\All Users\SonicStage
2008-08-18 18:51 . 2008-08-18 18:51 <DIR> d-------- C:\Archivos de programa\Sony Corporation
2008-08-18 18:51 . 2001-09-13 02:15 90,112 --------- C:\WINDOWS\snymsico.dll
2008-08-18 18:51 . 2002-08-08 15:51 38,951 --------- C:\WINDOWS\system32\drivers\NETMDUSB.sys
2008-08-18 18:51 . 2003-11-10 12:31 36,232 --------- C:\WINDOWS\system32\drivers\NETMD033.sys
2008-08-18 18:51 . 2003-04-01 18:55 35,319 --------- C:\WINDOWS\system32\drivers\NETMD031.sys
2008-08-18 18:51 . 2001-08-31 15:07 27,255 --------- C:\WINDOWS\system32\drivers\NWWMUSB.sys
2008-08-18 18:51 . 2002-09-11 10:20 11,510 --------- C:\WINDOWS\system32\drivers\VMCUSB.sys
2008-08-18 18:50 . 2008-08-18 18:50 <DIR> d-------- C:\Documents and Settings\All Users\Datos de programa\Sony Corporation
2008-08-18 18:49 . 2008-08-18 18:58 <DIR> d-------- C:\Documents and Settings\HP_Propietario\Datos de programa\Sony Corporation
2008-08-18 18:49 . 2008-08-18 18:51 <DIR> d-------- C:\Archivos de programa\Sony
2008-08-18 18:49 . 2008-08-18 18:51 <DIR> d-------- C:\Archivos de programa\Archivos comunes\Sony Shared
2008-08-15 10:05 . 2008-08-15 10:07 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-08-07 19:42 . 2008-06-19 17:24 28,544 --a------ C:\WINDOWS\system32\drivers\pavboot.sys
2008-08-07 19:40 . 2008-08-07 19:40 <DIR> d-------- C:\Archivos de programa\Panda Security
2008-08-07 18:06 . 2008-08-07 18:06 <DIR> d-------- C:\_OTMoveIt
2008-08-05 20:10 . 2008-08-05 20:10 <DIR> d-------- C:\WINDOWS\ERUNT
2008-08-05 20:09 . 2008-08-06 21:16 <DIR> d-------- C:\SDFix
2008-08-05 13:28 . 2008-08-05 13:28 <DIR> d-------- C:\Documents and Settings\All Users\Datos de programa\ESET
2008-08-04 10:35 . 2008-08-04 10:35 <DIR> d-------- C:\Deckard
2008-08-03 10:45 . 2008-08-03 10:49 <DIR> d-------- C:\Archivos de programa\RegCleaner
2008-08-01 22:40 . 2008-08-01 22:40 <DIR> d--h----- C:\WINDOWS\PIF
2008-08-01 22:39 . 2008-08-01 22:39 <DIR> d-------- C:\Archivos de programa\Unlocker
2008-08-01 11:11 . 2008-08-01 11:11 <DIR> d-------- C:\Archivos de programa\Macromedia
2008-08-01 11:11 . 2008-08-01 11:12 <DIR> d-------- C:\Archivos de programa\Archivos comunes\Macromedia
2008-07-31 19:05 . 2008-07-31 19:05 <DIR> d-------- C:\Documents and Settings\HP_Propietario\Datos de programa\HPQ
2008-07-30 19:24 . 2004-09-29 14:36 15,360 -rah----- C:\WINDOWS\system32\drivers\NetMotCM.sys
2008-07-29 22:30 . 2008-07-29 22:30 <DIR> d-------- C:\Documents and Settings\liz\Datos de programa\Apple Computer
2008-07-29 22:05 . 2008-07-29 22:05 <DIR> d-------- C:\VundoFix Backups
2008-07-29 22:01 . 2008-07-29 22:01 <DIR> d-------- C:\Archivos de programa\Trend Micro
2008-07-29 21:41 . 2008-07-29 21:52 <DIR> d-------- C:\Documents and Settings\All Users\Datos de programa\Spybot - Search & Destroy
2008-07-29 21:41 . 2008-07-29 21:41 <DIR> d-------- C:\Archivos de programa\Spybot - Search & Destroy
2008-07-26 14:04 . 2008-07-29 00:14 <DIR> d-------- C:\Documents and Settings\HP_Propietario\Datos de programa\FrostWire
2008-07-26 14:03 . 2008-07-26 14:03 <DIR> d-------- C:\Archivos de programa\Xilisoft
2008-07-21 01:30 . 2008-07-21 01:30 <DIR> d-------- C:\Archivos de programa\OJOsoft
2008-07-21 01:30 . 2008-07-21 01:30 <DIR> d-------- C:\Archivos de programa\Archivos comunes\Common Share
2008-07-21 01:19 . 2006-11-01 14:52 765,952 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-07-21 01:19 . 2007-02-25 15:36 383,238 --a------ C:\WINDOWS\system32\libmp3lame-0.dll
2008-07-21 01:13 . 2008-07-21 01:13 <DIR> d-------- C:\Documents and Settings\HP_Propietario\Datos de programa\Moyea

.
(((((((((((((((((((((((((((((((((((((( Reporte Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-19 00:51 --------- d--h--w C:\Archivos de programa\InstallShield Installation Information
2008-08-19 00:50 20,576 ------w C:\WINDOWS\system32\drivers\PxHelp20.sys
2008-08-15 16:06 --------- d-----w C:\Documents and Settings\All Users\Datos de programa\Microsoft Help
2008-07-20 01:47 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-07-20 01:47 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_motmodem_01005.Wdf
2008-07-20 01:45 --------- d-----w C:\Archivos de programa\Archivos comunes\Motorola Shared
2008-07-20 01:19 --------- d-----w C:\Documents and Settings\All Users\Datos de programa\BVRP Software
2008-07-20 01:14 --------- d-----w C:\Archivos de programa\Motorola
2008-07-20 01:13 --------- d-----w C:\Archivos de programa\mobile PhoneTools
2008-07-07 03:47 --------- d-----w C:\Archivos de programa\Google
2008-07-01 01:51 --------- d---a-w C:\Documents and Settings\All Users\Datos de programa\TEMP
2008-06-27 14:11 --------- d-----w C:\Archivos de programa\SUPERAntiSpyware
2008-06-26 01:25 --------- d-----w C:\Archivos de programa\Malwarebytes' Anti-Malware
2008-06-26 01:22 --------- d-----w C:\Documents and Settings\HP_Propietario\Datos de programa\Malwarebytes
2008-06-26 01:22 --------- d-----w C:\Documents and Settings\All Users\Datos de programa\Malwarebytes
2008-06-26 01:17 --------- d-----w C:\Documents and Settings\All Users\Datos de programa\SUPERAntiSpyware.com
2008-06-26 01:16 --------- d-----w C:\Documents and Settings\HP_Propietario\Datos de programa\SUPERAntiSpyware.com
2008-06-26 01:15 --------- d-----w C:\Archivos de programa\Archivos comunes\Wise Installation Wizard
2008-06-26 01:12 --------- d-----w C:\Archivos de programa\CCleaner
2008-06-26 01:10 --------- d-----w C:\Archivos de programa\CleanUp!
2008-06-25 19:29 --------- d-----w C:\Archivos de programa\Webteh
2008-06-25 18:58 --------- d-----w C:\Archivos de programa\Java
2008-06-25 11:21 --------- d-----w C:\Archivos de programa\Microsoft CAPICOM 2.1.0.2
2008-06-25 02:23 --------- d-----w C:\Documents and Settings\HP_Propietario\Datos de programa\Apple Computer
2008-06-25 00:24 --------- d-----w C:\Archivos de programa\Windows Media Connect 2
2008-06-25 00:23 --------- d-----w C:\Documents and Settings\All Users\Datos de programa\Apple Computer
2008-06-25 00:22 --------- d-----w C:\Documents and Settings\All Users\Datos de programa\Apple
2008-06-25 00:22 --------- d-----w C:\Archivos de programa\Archivos comunes\Apple
2008-06-25 00:22 --------- d-----w C:\Archivos de programa\Apple Software Update
2008-06-25 00:04 --------- d-----w C:\Archivos de programa\Archivos comunes\Adobe
2008-06-25 00:00 --------- d-----w C:\Archivos de programa\Archivos comunes\InstallShield
2008-06-24 23:42 --------- d-----w C:\Documents and Settings\All Users\Datos de programa\Adobe Systems
2008-06-24 23:42 --------- d-----w C:\Archivos de programa\Archivos comunes\Adobe Systems Shared
2008-06-24 23:40 --------- d-----w C:\Archivos de programa\Sonic
2008-06-24 23:39 --------- d-----w C:\Documents and Settings\All Users\Datos de programa\Symantec
2008-06-24 23:39 --------- d-----w C:\Archivos de programa\Archivos comunes\Symantec Shared
2008-06-24 23:34 --------- d-----w C:\Documents and Settings\All Users\Datos de programa\Yahoo!
2008-06-24 23:33 --------- d-----w C:\Archivos de programa\Yahoo!
2008-06-24 23:29 --------- d-----w C:\Archivos de programa\Hewlett-Packard
2008-06-24 23:27 --------- d-----w C:\Archivos de programa\HP
2008-06-24 23:24 --------- d-----w C:\Archivos de programa\iTunes
2008-06-24 23:24 --------- d-----w C:\Archivos de programa\iPod
2008-06-24 23:24 --------- d-----w C:\Archivos de programa\Bonjour
2008-06-24 23:23 --------- d-----w C:\Archivos de programa\QuickTime
2008-06-24 23:13 --------- d-----w C:\Archivos de programa\Microsoft.NET
2008-06-24 23:07 --------- d-----w C:\Archivos de programa\Windows Live
2008-06-24 23:01 --------- dcsh--w C:\Archivos de programa\Archivos comunes\WindowsLiveInstaller
2008-06-24 22:59 --------- d-----w C:\Documents and Settings\All Users\Datos de programa\WLInstaller
2008-06-24 22:46 1,828 --sha-r C:\WINDOWS\system32\drivers\103C_HP_CPC_EX414AA-ABM w5510la_YC_0Pavi_QMXX632_E63LAheBLA1_48_INAGAMI2_SASUSTek Computer INC._V2.00_B3.11_T060919_WXH2_LC0A_M959_J200_7AMD_8Athlon 64_92.2_#080624_N_Z11C10620_G10DE0241_OHL-DT-ST DVDRRW GSA-H20L.MRK
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
.

((((((((((((((((((((((((((((( snapshot@2008-08-18_10.32.12.40 )))))))))))))))))))))))))))))))))))))))))
.
+ 2003-08-26 23:01:28 630,784 ----a-w C:\WINDOWS\system32\CDDBControl.dll
+ 2003-08-26 23:03:54 757,760 ----a-w C:\WINDOWS\system32\CDDBUI.dll
+ 2008-08-19 00:50:31 360,448 ------w C:\WINDOWS\system32\px.dll
+ 2008-08-19 00:50:31 56,832 ------w C:\WINDOWS\system32\pxcpya64.exe
+ 2008-08-19 00:50:31 108,544 ------w C:\WINDOWS\system32\pxcpyi64.exe
+ 2008-08-19 00:50:31 397,312 ------w C:\WINDOWS\system32\pxdrv.dll
+ 2008-08-19 00:50:31 57,344 ------w C:\WINDOWS\system32\pxhpinst.exe
+ 2008-08-19 00:50:31 54,272 ------w C:\WINDOWS\system32\pxinsa64.exe
+ 2008-08-19 00:50:31 104,960 ------w C:\WINDOWS\system32\pxinsi64.exe
+ 2008-08-19 00:50:31 155,648 ------w C:\WINDOWS\system32\pxmas.dll
+ 2008-08-19 00:50:31 339,968 ------w C:\WINDOWS\system32\pxwave.dll
+ 2008-08-19 00:50:31 151,552 ------w C:\WINDOWS\system32\pxwma.dll
+ 2001-10-24 22:00:40 524,288 ----a-w C:\WINDOWS\system32\TDI-SonyOMG.dll
+ 2008-08-19 00:50:31 28,672 ------w C:\WINDOWS\system32\vxblock.dll
.
((((((((((((((((((((((((((((((((( Cargando Puntos Reg ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* entradas vacˇas & entradas legˇtimas predeterminadas no son mostradas

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Archivos de programa\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 10:34 5724184]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 22:00 15360]
"Messenger (Yahoo!)"="C:\Archivos de programa\Yahoo!\Messenger\YahooMessenger.exe" [2008-05-27 20:58 4269296]
"SUPERAntiSpyware"="C:\Archivos de programa\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-06-27 08:11 1506544]
"swg"="C:\Archivos de programa\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-07-06 21:47 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-01-24 20:15 7311360]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2005-07-22 21:14 237568]
"KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 17:44 61440]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 10:04 52736]
"SunJavaUpdateSched"="C:\Archivos de programa\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 03:25 144784]
"Adobe Reader Speed Launcher"="C:\Archivos de programa\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 21:16 39792]
"QuickTime Task"="C:\Archivos de programa\QuickTime\qttask.exe" [2008-05-27 09:50 413696]
"iTunesHelper"="C:\Archivos de programa\iTunes\iTunesHelper.exe" [2008-06-02 10:13 267048]
"SsAAD.exe"="C:\ARCHIV~1\Sony\SONICS~1\SsAAD.exe" [2005-01-24 19:58 81920]
"RTHDCPL"="RTHDCPL.EXE" [2006-03-08 05:54 16010240 C:\WINDOWS\RTHDCPL.EXE]
"nwiz"="nwiz.exe" [2006-01-24 20:15 1519616 C:\WINDOWS\system32\nwiz.exe]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Archivos de programa\SUPERAntiSpyware\SASSEH.DLL" [2008-06-27 08:11 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-06-27 08:11 294912 C:\Archivos de programa\SUPERAntiSpyware\SASWINLO.DLL

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Archivos de programa\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Archivos de programa\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Archivos de programa\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Archivos de programa\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Archivos de programa\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Archivos de programa\\Bonjour\\mDNSResponder.exe"=
"C:\\Archivos de programa\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [2008-06-19 17:24]
R3 USBSTOR;Dispositivo de almacenamiento masivo de datos USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 05:08]
S3 usbscan;Controlador de escáner USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 21:58]
.
Contenido de carpeta 'Tareas Programadas'

2008-08-16 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Archivos de programa\Apple Software Update\SoftwareUpdate.exe [2007-08-29 13:57]
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-20 16:59:19
Windows 5.1.2600 Service Pack 2 NTFS

escaneando procesos ocultos ...

escaneando entradas ocultas de autostart ...

escaneando archivos ocultos ...

el escaneo se completo con exito
archivos ocultos: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Archivos de programa\Bonjour\mDNSResponder.exe
C:\Archivos de programa\Archivos comunes\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Archivos de programa\Archivos comunes\Sony Shared\AVLib\SSScsiSV.exe
C:\Archivos de programa\iPod\bin\iPodService.exe
C:\Archivos de programa\Yahoo!\Messenger\Ymsgr_tray.exe
C:\Archivos de programa\Java\jre1.6.0_05\bin\jucheck.exe
.
**************************************************************************
.
Tiempo completado: 2008-08-20 17:34:13 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-20 23:34:09
ComboFix2.txt 2008-08-19 21:41:14
ComboFix3.txt 2008-08-18 16:32:29

Pre-Run: 117,434,482,688 bytes libres
Post-Run: 117,493,911,552 bytes libres

236 --- E O F --- 2008-08-15 16:07:15





Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 05:41:03 p.m., on 20/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Archivos de programa\Bonjour\mDNSResponder.exe
C:\Archivos de programa\Archivos comunes\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\RTHDCPL.EXE
C:\HP\KBD\KBD.EXE
C:\windows\system\hpsysdrv.exe
C:\Archivos de programa\Java\jre1.6.0_05\bin\jusched.exe
C:\Archivos de programa\iTunes\iTunesHelper.exe
C:\ARCHIV~1\Sony\SONICS~1\SsAAD.exe
C:\Archivos de programa\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Archivos de programa\Archivos comunes\Sony Shared\AVLib\SSScsiSV.exe
C:\Archivos de programa\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Archivos de programa\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Archivos de programa\iPod\bin\iPodService.exe
C:\Archivos de programa\Yahoo!\Messenger\ymsgr_tray.exe
C:\Archivos de programa\Java\jre1.6.0_05\bin\jucheck.exe
C:\WINDOWS\explorer.exe
C:\Archivos de programa\Windows Live\Messenger\usnsvc.exe
C:\Archivos de programa\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Archivos comunes\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Archivos de programa\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\archivos de programa\google\googletoolbar1.dll
O2 - BHO: Catcher Class - {ADECBED6-0366-4377-A739-E69DFBA04663} - M:\Documents\Downloads\FLV Downloader\MoyeaCth.dll (file missing)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Archivos de programa\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\archivos de programa\google\googletoolbar1.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Archivos de programa\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Archivos de programa\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Archivos de programa\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Archivos de programa\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SsAAD.exe] C:\ARCHIV~1\Sony\SONICS~1\SsAAD.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Archivos de programa\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Archivos de programa\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Archivos de programa\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [swg] C:\Archivos de programa\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Servicio de red')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Archivos de programa\Archivos comunes\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Archivos de programa\Archivos comunes\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\ARCHIV~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Ayuda para la conexión - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Ayuda para la conexión - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebo...toUploader5.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Archivos de programa\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Archivos de programa\Archivos comunes\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Servicio Bonjour (Bonjour Service) - Apple Inc. - C:\Archivos de programa\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Archivos de programa\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Archivos de programa\Archivos comunes\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Servicio del iPod (iPod Service) - Apple Inc. - C:\Archivos de programa\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Archivos de programa\Archivos comunes\LightScribe\LSSrvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Archivos de programa\Archivos comunes\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Archivos de programa\Archivos comunes\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Archivos de programa\Archivos comunes\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Archivos de programa\Archivos comunes\Sony Shared\AVLib\SSScsiSV.exe

--
End of file - 8808 bytes

Edited by aven_steph, 20 August 2008 - 05:48 PM.

  • 0

Advertisements

#26
emeraldnzl
Posted 21 August 2008 - 01:59 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello aven_steph,

Congratulations your machine looks clean to me. :)

We have a couple of last steps to perform and then you're all set. :)

Follow these steps to uninstall Combofix and tools used in the removal of malware
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    Posted Image

  • Make sure you have an Internet Connection.
  • Double-click OTMoveIt2.exe to run it.
  • Click on the CleanUp! button
  • A list of tool components used in the Cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OtMoveit2 to rech the Internet, please allow the application to do so.
  • Click Yes to beging the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.

Next, we need to clean your restore points and set a new one:

Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)1. Turn off System Restore.On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
2. Restart your computer.

3. Turn ON System Restore.On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check Turn off System Restore.
Click Apply, and then click OK.
[/list]System Restore will now be active again.

-----Step 3-----

After that, please download JavaRa and unzip it to your Desktop.

Double click JavaRa.exe then click Remove Older Versions.

Follow any prompts; a log will popup (JavaRa.log)-- .

Next, open JavaRa.exe again, and select Search For Updates.

Select Update Using Sun Java's Website --> Search, and continue the instructions for downloading and installing the latest Java version.

-------------------------------------------------------------------------------------------------------------------

Now that you are clean here are some things I think are worth having a look at:

-------------------------------------------------------------------------------------------------------------------

Check your Adobe Acrobat Reader; it may be out of date. Older versions are vunerable to attack.

Please go to the link below to update.

http://www.adobe.com.../readstep2.html

---------------------------------------------------------------------------------------------------------------------

Be sure and give the Temp folders a cleaning out now and then. This helps with security and your computer will run more efficiently. I clean mine once a week. For ease of use, you might consider the following free program which works well with XP:--------------------------------------------------------------------------------------------------------------------

A great way to check that your Microsoft and Java have the latest updates is to go to Software Inspector at Secunia.

I do this weekly. Not only do they tell you which programs need updating but they give you the link to follow.

To bolster your security go to Secunia.com to ensure essential programs are up to date.

---------------------------------------------------------------------------------------------------------------------

Make Internet Explorer more secure
  • Click Start > Run
  • Type Inetcpl.cpl & click OK
  • Click on the Security tab
  • Click Reset all zones to default level
  • Make sure the Internet Zone is selected & Click Custom level
  • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
  • Next Click OK, then Apply button and then OK to exit the Internet Properties page.

* MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

* Consider using an alternate browser. Mozilla's Firefox browser is excellant; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up blocker (Note: this as an added benefit!) that I have seen. Firefox is my default browser but I retain Internet Explorer as well so that I can access the very few sites that require it.

Firefox may be downloaded from Here

-----------------------------------------------------------------------------------------------------------------------

To help protect your computer in the future here are some free programs you can look at:

  • SUPERAntiSpyware Free for Home Users to detect and remove spyware.
  • IESpy-Ad to block access to malicious websites so you cannot be redirected to them from an infected site or email.

    If your Microsoft Update is not working automatically. Keep your operating system up to date by visiting
  • Microsoft Windows Update
monthly. And to keep your system clean run these free malware scanners
weekly, and be aware of what emails you open and websites you visit.

To learn more about how to protect yourself while on the internet read this article by Tony Klein: So how did I get infected in the first place?

Have a safe and happy computing day!
  • 0

#27
aven_steph
Posted 21 August 2008 - 03:24 PM

aven_steph

    Member

  • Topic Starter
  • Member
  • PipPip
  • 75 posts
wait before i do all of that i have one thing to add....i just checked my add or remove aplications thing in control panel and miRC still appears :) though thats the only problem i have...will that affect anything in the future?
  • 0

#28
emeraldnzl
Posted 21 August 2008 - 03:27 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello aven_steph,

mirc.exe is a process belonging to the mIRC Internet Relay Chat utility which allows you to connect to Internet based servers. This is a non-essential process. Disabling or enabling it is down to user preference.

Up to you what you do but not a threat I think. :)

regards
emeraldnzl
  • 0

#29
aven_steph
Posted 21 August 2008 - 05:03 PM

aven_steph

    Member

  • Topic Starter
  • Member
  • PipPip
  • 75 posts
thanks so much for your help :) i already did all those things :)
  • 0

#30
Rorschach112
Posted 22 August 2008 - 04:22 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP