I can't be online - Here's HijackThis Log [Closed] - Geeks to Go Forums

Jump to content

Log in Register Register Malware removal guide How it works

I can't be online - Here's HijackThis Log [Closed] My computer just can't "get on line" unlees I'm in saf

#1 Lann

  • Group: Member
  • Posts: 18
  • Joined: 13-January 09

Posted 05 August 2009 - 09:43 PM



I don't know why, but since a couple of weeks ago I can't get on line (this is a shared PC) The PC just starts and evreything is ok, but it just don't... get online...

But when I start in safe mode, then there's no problem and I can egt on line (I don't know if I'm been clear...)

I'm posting the log file that I got from HiJack This (I downloaded Hijackthis from here: http://www.geekstogo.com/forum/Trend-Micro...his-file1.html), so here it goes, I hope someone can help me:















Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:33:39 p.m., on 05/08/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Archivos de programa\Mozilla Firefox\firefox.exe
C:\Archivos de programa\Windows Live\Messenger\msnmsgr.exe
C:\Archivos de programa\Windows Live\Contacts\wlcomm.exe
C:\Documents and Settings\Bossuet\Mis documentos\Programas\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Archivos de programa\Archivos comunes\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Archivos de programa\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (file missing)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Windows Live Aplicación auxiliar de inicio de sesión - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Archivos de programa\Archivos comunes\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Archivos de programa\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Archivos de programa\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Archivos de programa\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Archivos de programa\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: IEPluginBHO - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\Maskab\Datos de programa\Nowe Gadu-Gadu\_userdata\ggbho.1.dll (file missing)
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Archivos de programa\Archivos comunes\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Archivos de programa\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Archivos de programa\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [IS CfgWiz] C:\Archivos de programa\Norton Internet Security\cfgwiz.exe /GUID {257BBC47-1B26-432e-9F84-188603799DD3} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [TkBellExe] "C:\Archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Archivos de programa\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [AdobeUpdater6] "C:\Archivos de programa\Archivos comunes\Adobe\Updater6\Adobe_Updater.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Servicio de red')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Archivos de programa\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Archivos de programa\Paltalk Messenger\Paltalk.exe
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Archivos de programa\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Archivos de programa\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Archivos de programa\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARCHIV~1\ARCHIV~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Archivos de programa\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Servicio Bonjour (Bonjour Service) - Apple Inc. - C:\Archivos de programa\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\ccSetMgr.exe
O23 - Service: Servicio de actualización de Google (gupdate1c9fdce7c6f5572) (gupdate1c9fdce7c6f5572) - Unknown owner - C:\Archivos de programa\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: Google Software Updater (gusvc) - Google - C:\Archivos de programa\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Servicio del iPod (iPod Service) - Apple Inc. - C:\Archivos de programa\iPod\bin\iPodService.exe
O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Archivos de programa\Norton Internet Security\ISSVC.exe
O23 - Service: Servicio Auto-Protect de Norton AntiVirus (navapsvc) - Symantec Corporation - C:\Archivos de programa\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Archivos de programa\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Archivos de programa\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Archivos de programa\Eset\nod32krn.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Archivos de programa\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\ARCHIV~1\ARCHIV~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: ServiceLayer - Nokia. - C:\Archivos de programa\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--
End of file - 9081 bytes












Just for the record: I erased a month ago approximately the entire PC, to get it how it was when I bought it.

#2 emeraldnzl

  • Group: GeekU Moderator
  • Posts: 14,387
  • Joined: 19-November 07

Posted 09 August 2009 - 04:40 PM

Hello

One thing: Please just post in normal type. Using colour, bold and large type is not only confusing it is shouting in forum terms.

Now

Download RootRepeal.zip and unzip it to your Desktop.
  • Double click RootRepeal.exe to start the program
  • Click on the Report tab at the bottom of the program window
  • Click the Scan button
  • In the Select Scan dialog, check:

    • Drivers
    • Files
    • Processes
    • SSDT
    • Stealth Objects
    • Hidden Services

  • Click the OK button
  • In the next dialog, select all drives showing
  • Click OK to start the scan
    Note: The scan can take some time. DO NOT run any other programs while the scan is running

  • When the scan is complete, the Save Report button will become available
  • Click this and save the report to your Desktop as RootRepeal.txt
  • Go to File, then Exit to close the program

Next

You may have used Malwarebytes before. If you have, and still have it on your machine, please update and run. Post the scan report back here.

If you do not have Malwarebytes please download from Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Finally in this post
  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

So when you return please post
  • RootRepeal.txt
  • MBAM log
  • the two OTL logs - OTL.txt and Extras.txt


Note: Unless otherwise instructed always post the logs in the forum. If reports don't fit on one post. It might be necessary to break the logs up to get them on the forum. Just use as many posts as you need, that's fine. :)

#3 Lann

  • Group: Member
  • Posts: 18
  • Joined: 13-January 09

Posted 09 August 2009 - 06:31 PM

I can't download Rootrepeal from the place you're giving me...

#4 Lann

  • Group: Member
  • Posts: 18
  • Joined: 13-January 09

Posted 09 August 2009 - 07:00 PM

It's ok, I just downloaded Root repeal. Sorry...

#5 emeraldnzl

  • Group: GeekU Moderator
  • Posts: 14,387
  • Joined: 19-November 07

Posted 09 August 2009 - 07:11 PM

:)

#6 Lann

  • Group: Member
  • Posts: 18
  • Joined: 13-January 09

Posted 09 August 2009 - 08:23 PM

I've done what you told me with the three programs. Now I'm gonna post the four Log files.





a) First, the RootRepeal Report:






ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/08/09 20:40
Program Version: Version 1.3.3.0
Windows Version: Windows XP SP2
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xF7F51000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF8A75000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xF72F4000 Size: 49152 File Visible: No Signed: -
Status: -

==EOF==











b) In second place, here's the Malwarebytes Antimalware Log File:






Malwarebytes' Anti-Malware 1.40
Versión de la Base de Datos: 2588
Windows 5.1.2600 Service Pack 2 (Safe Mode)

09/08/2009 08:57:44 p.m.
mbam-log-2009-08-09 (20-57-44).txt

Tipo de examen : Examen Rápido
Objetos examinados: 104220
Tiempo transcurrido: 2 minute(s), 59 second(s)

Procesos en Memoria Infectados: 0
Módulos en Memoria Infectados: 0
Claves del Registro Infectadas: 0
Valores del Registro Infectados: 0
Elementos de Datos del Registro Infectados: 0
Carpetas Infectadas: 0
Ficheros Infectados: 1

Procesos en Memoria Infectados:
(No se han detectado elementos maliciosos)

Módulos en Memoria Infectados:
(No se han detectado elementos maliciosos)

Claves del Registro Infectadas:
(No se han detectado elementos maliciosos)

Valores del Registro Infectados:
(No se han detectado elementos maliciosos)

Elementos de Datos del Registro Infectados:
(No se han detectado elementos maliciosos)

Carpetas Infectadas:
(No se han detectado elementos maliciosos)

Ficheros Infectados:
C:\RECYCLER\S-1-5-21-1902057161-5126571349-588235064-5662\LpezObradr(2).exe (Backdoor.Sdbot) -> Quarantined and deleted successfully.






c) Now here's the first OTL Log File:






OTL logfile created on: 09/08/2009 09:02:50 p.m. - Run 1
OTL by OldTimer - Version 3.0.10.5 Folder = C:\Documents and Settings\Bossuet\Mis documentos
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 0000080A | Country: México | Language: ESM | Date Format: dd/MM/yyyy

503.37 Mb Total Physical Memory | 382.70 Mb Available Physical Memory | 76.03% Memory free
1.20 Gb Paging File | 1.14 Gb Available in Paging File | 94.83% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Archivos de programa
Drive C: | 52.83 Gb Total Space | 16.97 Gb Free Space | 32.12% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LÓPEZ
Current User Name: Bossuet
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Documents and Settings\Bossuet\Mis documentos\OTL.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (Apple Mobile Device [Auto | Stopped]) -- C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (Microsoft Corporation)
SRV - (Bonjour Service [Auto | Stopped]) -- C:\Archivos de programa\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (ccEvtMgr [Auto | Stopped]) -- C:\Archivos de programa\Archivos comunes\Symantec Shared\ccEvtMgr.exe (Symantec Corporation)
SRV - (ccProxy [Auto | Stopped]) -- C:\Archivos de programa\Archivos comunes\Symantec Shared\ccProxy.exe (Symantec Corporation)
SRV - (ccPwdSvc [On_Demand | Stopped]) -- C:\Archivos de programa\Archivos comunes\Symantec Shared\ccPwdSvc.exe (Symantec Corporation)
SRV - (ccSetMgr [Auto | Stopped]) -- C:\Archivos de programa\Archivos comunes\Symantec Shared\ccSetMgr.exe (Symantec Corporation)
SRV - (gupdate1c9fdce7c6f5572 [Auto | Stopped]) -- File not found
SRV - (gusvc [On_Demand | Stopped]) -- C:\Archivos de programa\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (iPod Service [On_Demand | Stopped]) -- C:\Archivos de programa\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (ISSVC [On_Demand | Stopped]) -- C:\Archivos de programa\Norton Internet Security\ISSVC.exe (Symantec Corporation)
SRV - (navapsvc [Auto | Stopped]) -- C:\Archivos de programa\Norton Internet Security\Norton AntiVirus\navapsvc.exe (Symantec Corporation)
SRV - (NetSvc [On_Demand | Stopped]) -- C:\Archivos de programa\Intel\PROSetWired\NCS\Sync\NetSvc.exe (Intel® Corporation)
SRV - (NICCONFIGSVC [Auto | Stopped]) -- C:\Archivos de programa\Dell\NICCONFIGSVC\NICCONFIGSVC.exe (Dell Inc.)
SRV - (NOD32krn [Auto | Stopped]) -- C:\Archivos de programa\Eset\nod32krn.exe (Eset )
SRV - (ose [On_Demand | Stopped]) -- C:\Archivos de programa\Archivos comunes\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (Pml Driver HPZ12 [Auto | Stopped]) -- C:\WINDOWS\System32\HPZipm12.exe (HP)
SRV - (SAVScan [On_Demand | Stopped]) -- C:\Archivos de programa\Norton Internet Security\Norton AntiVirus\SAVScan.exe (Symantec Corporation)
SRV - (SBService [Auto | Stopped]) -- C:\Archivos de programa\Archivos comunes\Symantec Shared\Script Blocking\SBServ.exe (Symantec Corporation)
SRV - (ServiceLayer [On_Demand | Stopped]) -- C:\Archivos de programa\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (SNDSrvc [On_Demand | Stopped]) -- C:\Archivos de programa\Archivos comunes\Symantec Shared\SNDSrvc.exe (Symantec Corporation)
SRV - (SPBBCSvc [On_Demand | Stopped]) -- C:\Archivos de programa\Archivos comunes\Symantec Shared\SPBBC\SPBBCSvc.exe (Symantec Corporation)
SRV - (SymWSC [Auto | Stopped]) -- C:\Archivos de programa\Archivos comunes\Symantec Shared\Security Center\SymWSC.exe (Symantec Corporation)
SRV - (TuneUp.Defrag [On_Demand | Stopped]) -- C:\WINDOWS\System32\TuneUpDefragService.exe (TuneUp Software)
SRV - (TuneUp.ProgramStatisticsSvc [Auto | Stopped]) -- C:\WINDOWS\System32\TUProgSt.exe (TuneUp Software)
SRV - (UxTuneUp [Auto | Stopped]) -- C:\WINDOWS\System32\uxtuneup.dll (TuneUp Software)
SRV - (wltrysvc [Auto | Stopped]) -- C:\WINDOWS\System32\wltrysvc.exe ()
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Archivos de programa\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (AegisP [Auto | Stopped]) -- C:\WINDOWS\System32\DRIVERS\AegisP.sys (Meetinghouse Data Communications)
DRV - (AliIde [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (amdagp [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (AMON [Auto | Stopped]) -- C:\WINDOWS\system32\drivers\amon.sys (Eset )
DRV - (APPDRV [System | Stopped]) -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS (Dell Inc)
DRV - (asc [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (BCM43XX [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\bcmwl5.sys (Broadcom Corporation)
DRV - (CmdIde [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (dac2w2k [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (drvmcdb [Boot | Running]) -- C:\WINDOWS\system32\drivers\drvmcdb.sys (Sonic Solutions)
DRV - (drvnddm [Auto | Stopped]) -- C:\WINDOWS\System32\drivers\drvnddm.sys (Sonic Solutions)
DRV - (E100B [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\e100b325.sys (Intel Corporation)
DRV - (EL90XBC [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\el90xbc5.sys (3Com Corporation)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (HPZid412 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\HPZid412.sys (HP)
DRV - (HPZipr12 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\HPZipr12.sys (HP)
DRV - (HPZius12 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\HPZius12.sys (HP)
DRV - (HSFHWICH [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\HSFHWICH.sys (Conexant Systems, Inc.)
DRV - (HSF_DP [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (ialm [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\ialmnt5.sys (Intel Corporation)
DRV - (mdmxsdk [Auto | Stopped]) -- C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys (Conexant)
DRV - (mraid35x [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (NAVENG [On_Demand | Stopped]) -- C:\Archivos de programa\Archivos comunes\Symantec Shared\VirusDefs\20050728.016\NAVENG.SYS (Symantec Corporation)
DRV - (NAVEX15 [On_Demand | Stopped]) -- C:\Archivos de programa\Archivos comunes\Symantec Shared\VirusDefs\20050728.016\NAVEX15.SYS (Symantec Corporation)
DRV - (nmwcd [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\ccdcmb.sys (Nokia)
DRV - (nmwcdc [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\ccdcmbo.sys (Nokia)
DRV - (nod32drv [System | Stopped]) -- C:\WINDOWS\system32\drivers\nod32drv.sys ()
DRV - (nv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (omci [System | Running]) -- C:\WINDOWS\System32\DRIVERS\omci.sys (Dell Inc)
DRV - (pccsmcfd [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\pccsmcfd.sys (Nokia)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (ql1080 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql12160 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1280 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (SAVRT [On_Demand | Stopped]) -- C:\Archivos de programa\Norton Internet Security\Norton AntiVirus\SAVRT.SYS (Symantec Corporation)
DRV - (SAVRTPEL [Auto | Stopped]) -- C:\Archivos de programa\Norton Internet Security\Norton AntiVirus\SAVRTPEL.SYS (Symantec Corporation)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys ()
DRV - (sisagp [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (Sparrow [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (SPBBCDrv [On_Demand | Stopped]) -- C:\Archivos de programa\Archivos comunes\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)
DRV - (sscdbhk5 [System | Running]) -- C:\WINDOWS\System32\drivers\sscdbhk5.sys (Sonic Solutions)
DRV - (ssrtln [System | Running]) -- C:\WINDOWS\System32\drivers\ssrtln.sys (Sonic Solutions)
DRV - (STAC97 [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\STAC97.sys (SigmaTel, Inc.)
DRV - (symc810 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (symc8xx [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (SYMDNS [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\SYMDNS.SYS (Symantec Corporation)
DRV - (SymEvent [On_Demand | Stopped]) -- C:\Archivos de programa\Symantec\SYMEVENT.SYS (Symantec Corporation)
DRV - (SYMFW [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\SYMFW.SYS (Symantec Corporation)
DRV - (SYMIDS [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\SYMIDS.SYS (Symantec Corporation)
DRV - (SYMNDIS [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\SYMNDIS.SYS (Symantec Corporation)
DRV - (SYMREDRV [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS (Symantec Corporation)
DRV - (SYMTDI [System | Stopped]) -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS (Symantec Corporation)
DRV - (sym_hi [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (sym_u3 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (SynTP [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\SynTP.sys (Synaptics, Inc.)
DRV - (tfsnboio [Auto | Stopped]) -- C:\WINDOWS\System32\dla\tfsnboio.sys (Sonic Solutions)
DRV - (tfsncofs [Auto | Stopped]) -- C:\WINDOWS\System32\dla\tfsncofs.sys (Sonic Solutions)
DRV - (tfsndrct [Auto | Stopped]) -- C:\WINDOWS\System32\dla\tfsndrct.sys (Sonic Solutions)
DRV - (tfsndres [Auto | Stopped]) -- C:\WINDOWS\System32\dla\tfsndres.sys (Sonic Solutions)
DRV - (tfsnifs [Auto | Stopped]) -- C:\WINDOWS\System32\dla\tfsnifs.sys (Sonic Solutions)
DRV - (tfsnopio [Auto | Stopped]) -- C:\WINDOWS\System32\dla\tfsnopio.sys (Sonic Solutions)
DRV - (tfsnpool [Auto | Stopped]) -- C:\WINDOWS\System32\dla\tfsnpool.sys (Sonic Solutions)
DRV - (tfsnudf [Auto | Stopped]) -- C:\WINDOWS\System32\dla\tfsnudf.sys (Sonic Solutions)
DRV - (tfsnudfa [Auto | Stopped]) -- C:\WINDOWS\System32\dla\tfsnudfa.sys (Sonic Solutions)
DRV - (ultra [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (upperdev [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\usbser_lowerflt.sys (Nokia)
DRV - (usbser [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\usbser.sys (Microsoft Corporation)
DRV - (UsbserFilt [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\usbser_lowerfltj.sys (Nokia)
DRV - (winachsf [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys (Conexant Systems, Inc.)

========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\System32\shdocvw.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.5
FF - prefs.js..extensions.enabledItems: bkmrksync@nokia.com:1.0.0.713
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.13

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2009/08/02 19:04:15 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Archivos de programa\Nokia\Nokia PC Suite 7\bkmrksync\ [2009/08/03 16:28:05 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.13\extensions\\Components: C:\Archivos de programa\Mozilla Firefox\components [2009/08/05 18:03:25 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.13\extensions\\Plugins: C:\Archivos de programa\Mozilla Firefox\plugins [2009/08/05 18:03:25 | 00,000,000 | ---D | M]

[2009/06/23 00:45:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bossuet\Datos de programa\mozilla\Extensions
[2009/06/23 00:45:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bossuet\Datos de programa\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/08/09 18:48:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bossuet\Datos de programa\mozilla\Firefox\Profiles\1due9uty.default\extensions
[2009/06/29 20:41:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bossuet\Datos de programa\mozilla\Firefox\Profiles\1due9uty.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2009/06/23 00:45:34 | 00,000,000 | ---D | M] -- C:\Archivos de programa\mozilla firefox\extensions
[2009/08/05 18:03:11 | 00,000,000 | ---D | M] -- C:\Archivos de programa\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/08/05 18:03:09 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Archivos de programa\mozilla firefox\components\browserdirprovider.dll
[2009/08/05 18:03:10 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Archivos de programa\mozilla firefox\components\brwsrcmp.dll
[2009/08/05 18:03:14 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Archivos de programa\mozilla firefox\plugins\npnul32.dll
[2007/03/22 19:23:30 | 00,017,248 | ---- | M] (Microsoft Corporation) -- C:\Archivos de programa\mozilla firefox\plugins\NPOFFICE.DLL
[2009/02/27 12:13:42 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Archivos de programa\mozilla firefox\plugins\nppdf32.dll
[2009/07/05 13:16:16 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Archivos de programa\mozilla firefox\plugins\npqtplugin.dll
[2009/07/05 13:16:16 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Archivos de programa\mozilla firefox\plugins\npqtplugin2.dll
[2009/07/05 13:16:16 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Archivos de programa\mozilla firefox\plugins\npqtplugin3.dll
[2009/07/05 13:16:16 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Archivos de programa\mozilla firefox\plugins\npqtplugin4.dll
[2009/07/05 13:16:16 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Archivos de programa\mozilla firefox\plugins\npqtplugin5.dll
[2009/07/05 13:16:16 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Archivos de programa\mozilla firefox\plugins\npqtplugin6.dll
[2009/07/05 13:16:16 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Archivos de programa\mozilla firefox\plugins\npqtplugin7.dll
[2009/08/05 18:03:18 | 00,001,534 | ---- | M] () -- C:\Archivos de programa\mozilla firefox\searchplugins\creativecommons.xml
[2009/08/05 18:03:18 | 00,003,996 | ---- | M] () -- C:\Archivos de programa\mozilla firefox\searchplugins\drae.xml
[2009/08/05 18:03:18 | 00,000,751 | ---- | M] () -- C:\Archivos de programa\mozilla firefox\searchplugins\eBay-es.xml
[2009/08/05 18:03:18 | 00,001,706 | ---- | M] () -- C:\Archivos de programa\mozilla firefox\searchplugins\google.xml
[2009/08/05 18:03:18 | 00,001,178 | ---- | M] () -- C:\Archivos de programa\mozilla firefox\searchplugins\wikipedia-es.xml
[2009/08/05 18:03:18 | 00,000,798 | ---- | M] () -- C:\Archivos de programa\mozilla firefox\searchplugins\yahoo-es.xml

O1 HOSTS File: (792 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Archivos de programa\Archivos comunes\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Archivos de programa\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll File not found
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Windows Live Aplicación auxiliar de inicio de sesión) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (CNisExtBho Class) - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Archivos de programa\Archivos comunes\Symantec Shared\AdBlocking\NISShExt.dll (Symantec Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Archivos de programa\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Archivos de programa\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (CNavExtBho Class) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Archivos de programa\Norton Internet Security\Norton AntiVirus\NavShExt.dll (Symantec Corporation)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Archivos de programa\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O2 - BHO: (IEPluginBHO Class) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\Maskab\Datos de programa\Nowe Gadu-Gadu\_userdata\ggbho.1.dll File not found
O3 - HKLM\..\Toolbar: (Norton Internet Security) - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Archivos de programa\Archivos comunes\Symantec Shared\AdBlocking\NISShExt.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Archivos de programa\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Norton AntiVirus) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Archivos de programa\Norton Internet Security\Norton AntiVirus\NavShExt.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Dirección) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (Norton AntiVirus) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Archivos de programa\Norton Internet Security\Norton AntiVirus\NavShExt.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Dirección) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Internet Security) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - C:\Archivos de programa\Archivos comunes\Symantec Shared\AdBlocking\NISShExt.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Vínculos) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\System32\SHELL32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Archivos de programa\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O4 - HKLM..\Run: [IS CfgWiz] C:\Archivos de programa\Norton Internet Security\cfgwiz.exe (Symantec Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe File not found
O4 - HKCU..\Run: [PC Suite Tray] C:\Archivos de programa\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Archivos de programa\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware (reboot)] C:\Archivos de programa\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Menú Inicio\Programas\Inicio\HP Digital Imaging Monitor.lnk = C:\Archivos de programa\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Development Company, L.P.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xportar a Microsoft Excel - C:\Archivos de programa\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Archivos de programa\Paltalk Messenger\Paltalk.exe (AVM Software Inc.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Archivos de programa\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Archivos de programa\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Archivos de programa\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Archivos de programa\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Archivos de programa\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\System32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\System32\imon.dll (Eset )
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.3.1.100 10.3.1.125
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\System32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Archivos de programa\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Archivos de programa\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Archivos de programa\Archivos comunes\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\System32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\System32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/octet-stream - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-complus - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-msdownload - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - Class Install Handler - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - deflate - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - gzip - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - lzdhtml - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/webviewhtml - C:\WINDOWS\System32\SHELL32.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Archivos de programa\Archivos comunes\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - x-sdch - C:\Archivos de programa\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\WlNotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\System32\SHELL32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\System32\SHELL32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\System32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\System32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\System32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Precargador Browseui - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Demonio de caché de las categorías de componente - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (Mi página de inicio actual) - About:Home
O27 - HKLM IFEO\Your Image File Name Here without a path: Debugger - C:\WINDOWS\System32\ntsd.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/09/09 17:57:56 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[5 C:\WINDOWS\System32\*.tmp files]
[2009/08/09 20:59:14 | 00,000,000 | ---D | C] -- C:\Avenger
[2009/08/09 20:38:50 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Bossuet\Mis documentos\settings.dat
[2009/08/09 20:38:44 | 00,470,528 | ---- | C] ( ) -- C:\Documents and Settings\Bossuet\Mis documentos\RootRepeal.exe
[2009/08/09 20:27:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bossuet\Datos de programa\Malwarebytes
[2009/08/09 20:27:31 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/08/09 20:27:30 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/08/09 20:27:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Datos de programa\Malwarebytes
[2009/08/09 20:27:29 | 00,000,000 | ---D | C] -- C:\Archivos de programa\Malwarebytes' Anti-Malware
[2009/08/09 20:24:41 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Bossuet\Mis documentos\OTL.exe
[2009/08/09 20:23:44 | 03,942,048 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Bossuet\Mis documentos\mbam-setup.exe
[2009/08/09 20:11:11 | 00,074,048 | ---- | C] () -- C:\Documents and Settings\Bossuet\Mis documentos\Horario 2010_1.pdf
[2009/08/09 20:01:15 | 99,614,720 | ---- | C] () -- C:\Documents and Settings\Bossuet\Mis documentos\BLBTH [DVD].part3.rar
[2009/08/09 19:27:46 | 99,614,720 | ---- | C] () -- C:\Documents and Settings\Bossuet\Mis documentos\BLBTH [DVD].part4.rar
[2009/08/09 18:42:15 | 00,195,056 | ---- | C] () -- C:\Documents and Settings\Bossuet\Mis documentos\Optativas06-8-2009.pdf
[2009/08/09 18:41:34 | 99,614,720 | ---- | C] () -- C:\Documents and Settings\Bossuet\Mis documentos\BLBTH [DVD].part5.rar
[2009/08/09 17:49:13 | 88,501,762 | ---- | C] () -- C:\Documents and Settings\Bossuet\Mis documentos\BLBTH [DVD].part6.rar
[2009/08/09 17:48:28 | 06,124,286 | ---- | C] () -- C:\Documents and Settings\Bossuet\Mis documentos\back2skewl.mp3
[2009/08/09 17:22:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bossuet\Mis documentos\09 08 09
[2009/08/09 15:34:09 | 00,129,024 | ---- | C] () -- C:\WINDOWS\System32\AVERM.dll
[2009/08/09 15:34:07 | 00,000,000 | ---D | C] -- C:\Archivos de programa\Ultra RM Converter
[2009/08/07 16:07:13 | 00,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/08/06 18:45:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bossuet\Mis documentos\K
[2009/08/05 22:30:57 | 00,001,622 | ---- | C] () -- C:\Documents and Settings\Bossuet\Escritorio\HijackThis.lnk
[2009/08/05 14:33:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bossuet\Mis documentos\Pcs
[2009/08/04 15:20:19 | 01,168,494 | ---- | C] () -- C:\Documents and Settings\Bossuet\Mis documentos\Horario Noveno.bmp
[2009/08/03 16:34:43 | 00,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf
[2009/08/03 16:34:36 | 00,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_user_01_07_00.Wdf
[2009/08/03 16:33:31 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbser.sys
[2009/08/03 16:33:31 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbser.sys
[2009/08/03 16:32:51 | 00,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
[2009/08/03 16:32:48 | 00,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
[2009/08/03 16:32:33 | 00,014,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsgXP_2k3.dll
[2009/08/03 16:29:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bossuet\Datos de programa\Nokia
[2009/08/03 16:29:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bossuet\Datos de programa\PC Suite
[2009/08/03 16:29:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Datos de programa\PC Suite
[2009/08/03 16:28:13 | 00,001,812 | ---- | C] () -- C:\Documents and Settings\All Users\Escritorio\Nokia PC Suite.lnk
[2009/08/03 16:28:07 | 00,000,000 | ---D | C] -- C:\Archivos de programa\Archivos comunes\PCSuite
[2009/08/03 16:27:53 | 00,000,000 | ---D | C] -- C:\Archivos de programa\Archivos comunes\Nokia
[2009/08/03 16:27:27 | 00,000,000 | ---D | C] -- C:\Archivos de programa\DIFX
[2009/08/03 16:27:25 | 00,018,816 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\pccsmcfd.sys
[2009/08/03 16:27:12 | 00,000,000 | ---D | C] -- C:\Archivos de programa\PC Connectivity Solution
[2009/08/03 16:27:00 | 00,007,808 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\usbser_lowerfltj.sys
[2009/08/03 16:26:59 | 00,007,808 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\usbser_lowerflt.sys
[2009/08/03 16:26:58 | 00,022,016 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\ccdcmbo.sys
[2009/08/03 16:24:58 | 00,017,664 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\ccdcmb.sys
[2009/08/03 16:24:57 | 01,112,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfcoinstaller01007.dll
[2009/08/03 16:24:57 | 00,659,968 | ---- | C] (Nokia) -- C:\WINDOWS\System32\nmwcdcocls.dll
[2009/08/03 16:24:53 | 00,091,136 | ---- | C] (Nokia) -- C:\WINDOWS\System32\nmwcdcls.dll
[2009/08/03 16:24:52 | 00,000,000 | ---D | C] -- C:\Archivos de programa\Nokia
[2009/08/03 16:22:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bossuet\Mis documentos\The KMPlayer
[2009/08/03 16:17:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Datos de programa\Installations
[2009/08/02 19:02:27 | 00,000,000 | ---D | C] -- C:\Archivos de programa\Archivos comunes\DESIGNER
[2009/08/02 14:06:17 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Bossuet\Datos de programa\bcrypt.html
[2009/07/30 14:34:59 | 00,000,000 | ---D | C] -- C:\Archivos de programa\ALA
[2009/07/23 01:11:53 | 00,000,000 | ---- | C] () -- C:\bcrypt.html
[2009/07/22 22:11:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Datos de programa\Office Genuine Advantage
[2009/07/18 19:00:47 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2009/07/18 19:00:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Datos de programa\Apple
[2009/07/18 19:00:23 | 00,000,000 | ---D | C] -- C:\Archivos de programa\MSXML 4.0
[2009/07/18 18:59:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bossuet\Datos de programa\Sonic
[2009/07/18 18:59:52 | 00,000,000 | ---D | C] -- C:\WINDOWS\Easy CD-DA Extractor 11.9.9 build 668
[2009/07/18 18:59:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Datos de programa\TEMP
[2009/07/18 18:46:54 | 00,000,394 | ---- | C] () -- C:\WINDOWS\tasks\Symantec NetDetect.job
[2009/07/12 18:51:49 | 00,278,838 | ---- | C] () -- C:\WINDOWS\KMPBitmap.bmp
[2009/07/12 16:47:46 | 00,000,574 | ---- | C] () -- C:\WINDOWS\tasks\Norton AntiVirus - Analizar el equipo - Maskab.job
[2009/07/04 18:44:33 | 00,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2009/06/24 14:24:15 | 00,000,379 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/06/23 01:57:21 | 00,015,424 | ---- | C] () -- C:\WINDOWS\System32\drivers\nod32drv.sys
[2005/09/14 13:03:27 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/09/14 12:53:35 | 00,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/09/14 12:51:30 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
[2005/09/14 12:37:04 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\stac97co.dll
[2005/09/14 12:36:32 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2005/09/14 12:36:30 | 00,000,445 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/04/09 17:04:54 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/09/09 17:54:20 | 00,003,656 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/09/09 17:41:38 | 00,000,562 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/09/09 17:41:35 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2004/09/09 17:41:29 | 00,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2001/07/06 16:30:02 | 00,003,269 | ---- | C] () -- C:\WINDOWS\System32\HPTCPMON.INI

========== Files - Modified Within 30 Days ==========

[5 C:\WINDOWS\System32\*.tmp files]
[2009/08/09 20:59:28 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/08/09 20:58:41 | 04,768,656 | -H-- | M] () -- C:\Documents and Settings\Bossuet\Configuración local\Datos de programa\IconCache.db
[2009/08/09 20:38:50 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Bossuet\Mis documentos\settings.dat
[2009/08/09 20:31:26 | 99,614,720 | ---- | M] () -- C:\Documents and Settings\Bossuet\Mis documentos\BLBTH [DVD].part3.rar
[2009/08/09 20:26:15 | 03,942,048 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Bossuet\Mis documentos\mbam-setup.exe
[2009/08/09 20:24:55 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bossuet\Mis documentos\OTL.exe
[2009/08/09 20:14:38 | 00,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/08/09 20:11:29 | 00,074,048 | ---- | M] () -- C:\Documents and Settings\Bossuet\Mis documentos\Horario 2010_1.pdf
[2009/08/09 19:54:27 | 99,614,720 | ---- | M] () -- C:\Documents and Settings\Bossuet\Mis documentos\BLBTH [DVD].part4.rar
[2009/08/09 19:12:19 | 99,614,720 | ---- | M] () -- C:\Documents and Settings\Bossuet\Mis documentos\BLBTH [DVD].part5.rar
[2009/08/09 18:42:20 | 00,195,056 | ---- | M] () -- C:\Documents and Settings\Bossuet\Mis documentos\Optativas06-8-2009.pdf
[2009/08/09 18:20:49 | 88,501,762 | ---- | M] () -- C:\Documents and Settings\Bossuet\Mis documentos\BLBTH [DVD].part6.rar
[2009/08/09 17:54:22 | 06,124,286 | ---- | M] () -- C:\Documents and Settings\Bossuet\Mis documentos\back2skewl.mp3
[2009/08/09 09:45:24 | 00,002,307 | ---- | M] () -- C:\Documents and Settings\All Users\Escritorio\Skype.lnk
[2009/08/07 16:37:27 | 00,007,680 | ---- | M] () -- C:\Documents and Settings\Bossuet\Configuración local\Datos de programa\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/07 15:24:47 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/08/07 15:24:00 | 00,001,038 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2009/08/07 15:00:03 | 00,000,536 | ---- | M] () -- C:\WINDOWS\tasks\Mantenimiento con 1 clic.job
[2009/08/07 14:53:00 | 00,000,394 | ---- | M] () -- C:\WINDOWS\tasks\Symantec NetDetect.job
[2009/08/07 13:11:36 | 00,001,034 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2009/08/05 22:30:57 | 00,001,622 | ---- | M] () -- C:\Documents and Settings\Bossuet\Escritorio\HijackThis.lnk
[2009/08/04 15:20:19 | 01,168,494 | ---- | M] () -- C:\Documents and Settings\Bossuet\Mis documentos\Horario Noveno.bmp
[2009/08/03 16:34:43 | 00,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf
[2009/08/03 16:34:36 | 00,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_user_01_07_00.Wdf
[2009/08/03 16:32:51 | 00,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
[2009/08/03 16:32:48 | 00,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
[2009/08/03 16:32:47 | 00,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/08/03 16:28:14 | 00,001,812 | ---- | M] () -- C:\Documents and Settings\All Users\Escritorio\Nokia PC Suite.lnk
[2009/08/03 13:36:28 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/08/03 13:36:06 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/08/02 19:05:55 | 00,202,528 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/08/02 18:58:44 | 00,000,000 | ---- | M] () -- C:\bcrypt.html
[2009/08/02 18:54:47 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Bossuet\Datos de programa\bcrypt.html
[2009/08/02 14:14:33 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/07/30 15:45:38 | 00,470,528 | ---- | M] ( ) -- C:\Documents and Settings\Bossuet\Mis documentos\RootRepeal.exe
[2009/07/30 14:04:20 | 00,000,562 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/07/30 14:04:20 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/07/19 00:22:21 | 00,278,838 | ---- | M] () -- C:\WINDOWS\KMPBitmap.bmp
[2009/07/12 16:47:46 | 00,000,574 | ---- | M] () -- C:\WINDOWS\tasks\Norton AntiVirus - Analizar el equipo - Maskab.job

========== LOP Check ==========

[2009/08/09 20:27:30 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Datos de programa
[2009/06/25 09:43:19 | 00,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Datos de programa\{55A29068-F2CE-456C-9148-C869879E2357}
[2009/07/05 13:18:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/08/03 16:17:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\Installations
[2009/06/25 02:31:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\OpenFM
[2009/08/03 16:33:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\PC Suite
[2009/07/18 18:59:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\TEMP
[2009/06/25 00:27:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\Tlen.pl
[2009/06/25 09:43:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\TuneUp Software
[2009/08/09 20:27:40 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Bossuet\Datos de programa
[2009/07/02 22:12:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bossuet\Datos de programa\Leadertech
[2009/08/03 16:29:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bossuet\Datos de programa\Nokia
[2009/06/25 06:45:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bossuet\Datos de programa\OpenFM
[2009/08/03 16:33:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bossuet\Datos de programa\PC Suite
[2009/06/25 09:44:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bossuet\Datos de programa\TuneUp Software
[2009/07/06 23:30:03 | 00,000,298 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
[2004/08/20 12:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/08/07 13:11:36 | 00,001,034 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
[2009/08/07 15:24:00 | 00,001,038 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
[2009/08/07 15:00:03 | 00,000,536 | ---- | M] () -- C:\WINDOWS\Tasks\Mantenimiento con 1 clic.job
[2009/07/12 16:47:46 | 00,000,574 | ---- | M] () -- C:\WINDOWS\Tasks\Norton AntiVirus - Analizar el equipo - Maskab.job
[2009/08/07 15:24:47 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT
[2009/08/07 14:53:00 | 00,000,394 | ---- | M] () -- C:\WINDOWS\Tasks\Symantec NetDetect.job

========== Purity Check ==========


< End of report >












d) And finally, the second OTL Log File (called Extras):






OTL Extras logfile created on: 09/08/2009 09:02:50 p.m. - Run 1
OTL by OldTimer - Version 3.0.10.5 Folder = C:\Documents and Settings\Bossuet\Mis documentos
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 0000080A | Country: México | Language: ESM | Date Format: dd/MM/yyyy

503.37 Mb Total Physical Memory | 382.70 Mb Available Physical Memory | 76.03% Memory free
1.20 Gb Paging File | 1.14 Gb Available in Paging File | 94.83% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Archivos de programa
Drive C: | 52.83 Gb Total Space | 16.97 Gb Free Space | 32.12% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LÓPEZ
Current User Name: Bossuet
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Archivos de programa\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Archivos de programa\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Archivos de programa\Windows Live\Messenger\wlcsdk.exe" = C:\Archivos de programa\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Archivos de programa\Windows Live\Messenger\msnmsgr.exe" = C:\Archivos de programa\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Archivos de programa\Windows Live\Messenger\wlcsdk.exe" = C:\Archivos de programa\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Archivos de programa\Windows Live\Messenger\msnmsgr.exe" = C:\Archivos de programa\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Archivos de programa\Tlen.pl\tlen.exe" = C:\Archivos de programa\Tlen.pl\tlen.exe:*:Enabled:Komunikator Tlen.pl -- (o2.pl Sp. z o.o.)
"C:\Archivos de programa\Nowe Gadu-Gadu\gg.exe" = C:\Archivos de programa\Nowe Gadu-Gadu\gg.exe:*:Enabled:Nowe Gadu-Gadu -- (GG Network S.A.)
"C:\Archivos de programa\Paltalk Messenger\paltalk.exe" = C:\Archivos de programa\Paltalk Messenger\paltalk.exe:*:Enabled:PaltalkScene -- (AVM Software Inc.)
"C:\Archivos de programa\ICQ6.5\ICQ.exe" = C:\Archivos de programa\ICQ6.5\ICQ.exe:*:Enabled:ICQ6 -- (ICQ, LLC.)
"C:\Archivos de programa\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Archivos de programa\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Archivos de programa\HP\Digital Imaging\bin\hpqste08.exe" = C:\Archivos de programa\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Archivos de programa\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Archivos de programa\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Archivos de programa\HP\Digital Imaging\bin\hposfx08.exe" = C:\Archivos de programa\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Archivos de programa\HP\Digital Imaging\bin\hposid01.exe" = C:\Archivos de programa\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Archivos de programa\HP\Digital Imaging\bin\hpqscnvw.exe" = C:\Archivos de programa\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe -- ()
"C:\Archivos de programa\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Archivos de programa\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)
"C:\Archivos de programa\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Archivos de programa\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Co.)
"C:\Archivos de programa\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Archivos de programa\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Archivos de programa\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Archivos de programa\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Archivos de programa\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Archivos de programa\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- ()
"C:\Archivos de programa\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Archivos de programa\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
"C:\Archivos de programa\HP\Digital Imaging\bin\hpoews01.exe" = C:\Archivos de programa\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Archivos de programa\HP\Digital Imaging\bin\hpqnrs08.exe" = C:\Archivos de programa\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Archivos de programa\Bonjour\mDNSResponder.exe" = C:\Archivos de programa\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Archivos de programa\iTunes\iTunes.exe" = C:\Archivos de programa\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Archivos de programa\Real\RealPlayer\realplay.exe" = C:\Archivos de programa\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- File not found
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- File not found
"C:\Archivos de programa\Skype\Phone\Skype.exe" = C:\Archivos de programa\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05C56753-F144-44BC-BA67-83CC5DBF395C}" = F300
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{0BF5FBE7-3907-4A1F-9E48-8B66E52850D6}" = TrayApp
"{0C973594-7DDF-4BD0-84ED-3517F7622037}" = PC Connectivity Solution
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{12E2B9E9-05B1-407d-B0FD-B5F350535125}" = Norton Internet Security
"{17334AAF-C9E7-483B-9F45-E3FCAF07FFA7}" = Intel® PROSet for Wired Connections
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1E1F1E70-14D8-4380-8652-BD1A895A7D65}" = Status
"{1F528948-0E80-4C96-B455-DE4167CB1DF7}" = Configuración de la NIC interna
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Herramienta de carga de Windows Live
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23B35809-5E4A-4F14-8332-1CDEDDFAC089}" = CP_Package_Variety2
"{24BEBF2E-73F3-4599-840B-EDC612CCDD0D}" = Destinations
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}" = SymNet
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{31263605-FC84-4787-B847-BA445B147E24}" = ScannerCopy
"{34F3FCF1-817B-4D61-B6AF-19D9486AFEA0}" = Unload
"{350C9C0A-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{37C70655-506A-4F4E-B3DE-7402A67580A4}" = Microsoft Works 7.0
"{38A0481D-544D-4C01-BB32-39332391D012}" = Windows Live Call
"{3B29A786-5803-4e9e-9B58-3014A5B4E519}" = Norton AntiSpam
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D39E775-DDDA-4327-B747-0BDC5F191331}" = Nokia PC Suite
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{4041C245-7099-4C96-9738-5EBC23827B3C}" = BufferChm
"{449F3A9E-9903-4a0d-A209-08030D45A935}" = Norton Internet Security
"{48185814-A224-447a-81DA-71BD20580E1B}" = Norton Internet Security
"{4BE53DB2-C1F2-44D1-A9AB-1630BA7F2AF1}" = SolutionCenter
"{503AA035-41E2-4858-B31F-1E49AC66C309}" = Norton Security Center
"{522D1D79-9C0A-4361-91F8-2AFF8EC6C2E1}" = CP_Package_Variety1
"{526AD5DC-CFC4-4f2a-8442-C84CC91D6C7F}" = Norton Internet Security
"{52D02A2B-03D2-4E34-A358-DC5D951FD296}" = Nokia Connectivity Cable Driver
"{55A29068-F2CE-456C-9148-C869879E2357}" = TuneUp Utilities 2009
"{5677563D-0CB1-485f-9E18-C5025306BB3F}" = Norton AntiSpam
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5D601655-6D54-4384-B52C-17EC5385FBBD}" = iTunes
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.5
"{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{71D9B000-CD43-4DE9-9729-49434415B8F7}" = F300Trb
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{7593234B-2AEB-4FC9-B02D-C9B30D86084C}" = Windows Live Asistente para el inicio de sesión
"{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC
"{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}" = ProductContextNPI
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{83169D43-4660-4347-BC95-E9D6E6BE65CE}" = Microsoft .NET Framework 1.1 Spanish Language Pack
"{8355F970-601D-442D-A79B-1D7DB4F24CAD}" = Apple Mobile Device Support
"{853BAA28-5C1E-4678-ADAC-6A37B8A526AB}" = Windows Live Essentials
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver for Mobile
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90110C0A-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A93C9E60-29B6-49da-BA21-F70AC6AADE20}" = Norton Internet Security
"{AAA11090-6E99-4655-AAF5-57EB5F677D0C}" = MarketResearch
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{AC76BA86-7AD7-1034-7B44-A91000000001}" = Adobe Reader 9.1.2 - Español
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B57F2FF0-5A25-4332-B503-4592B370C02F}" = CP_Package_Variety3
"{B7C61755-DB48-4003-948F-3D34DB8EAF69}" = MSRedist
"{BD1BBE79-BB25-460D-A2BD-D496A5E13786}" = Windows Live Messenger
"{BF4E9ED0-EF26-4A4C-A123-6A6A1ABEE411}" = DocProc
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{C6812939-B117-48E6-A3BA-1709C14A3C8C}" = Scan
"{C6F5B6CF-609C-428E-876F-CA83176C021B}" = Norton AntiVirus 2005
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
"{C98E8D9D-21DE-4F87-A9B7-142BB89840FC}" = Toolbox
"{C9D599E1-6B68-4a1f-8A4F-A1DB433DB1BF}" = Norton Internet Security
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D327AFC9-7BAA-473A-8319-6EB7A0D40138}" = Symantec Script Blocking Installer
"{D7CAE58E-26DE-49B7-A75D-EAEDF76726BE}" = HP Photosmart Essential
"{DA42FDCA-7C5A-43EF-9A05-CCE148ADF919}" = CC_ccProxyExt
"{DBC3FDEC-D5F4-439C-9A18-EF454A74E3DE}_is1" = NOD32 FiX v2.1
"{DC367608-64A7-4BF7-92F4-8BAA25BA02DB}" = ccCommon
"{DEBB2986-15B0-4D28-95FA-5C966A396589}" = HPProductAssistant
"{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}" = Norton Internet Security
"{E5966E4C-0A93-4F59-A981-BD3173D4799F}" = F300_Help
"{E5A8DDAB-AE80-48C6-A75B-D0FAB83B299D}" = HP PSC & OfficeJet 6.1.A
"{E5EE9939-259F-4DE2-8023-5C49E16A4F43}" = Norton Internet Security
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E85FA9A1-C241-4698-893B-DD99509B8DB0}" = Norton WMI Update
"{EC2715CE-C182-483C-84CC-81D7D914CF14}" = WebReg
"{ECFDD6BD-E0C0-41CC-A171-E6D6AF4C0E93}" = HP Software Update
"{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA
"{F64306A5-4C32-41bb-B153-53986527FAB4}" = Norton WMI Update
"{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA
"{FC08587A-4F01-4188-819F-F55880022917}" = ccPxyCore
"{FC2C0536-583C-46c0-844A-62CECAE01F22}" = Norton Internet Security
"504244733D18C8F63FF584AEB290E3904E791693" = Paquete de controladores de Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Audacity_is1" = Audacity 1.2.6
"Audio Editor Gold_is1" = Audio Editor Gold v9.2.19.1
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1" = Conexant D110 MDC V.9x Modem
"E8A6D621B6D3FC5D43C68C549D959DE76EEF5D84" = Paquete de controladores de Windows - Nokia Modem (06/01/2009 4.1)
"Easy CD-DA Extractor 12" = Easy CD-DA Extractor 12
"F779F5541ABD99C95C03B0FD5E3C058B22DA0FF7" = Paquete de controladores de Windows - Nokia Modem (06/01/2009 7.01.0.3)
"Google Chrome" = Google Chrome
"HijackThis" = HijackThis 2.0.2
"HP Imaging Device Functions" = HP Imaging Device Functions 6.1
"HP Solution Center & Imaging Support Tools" = HP Solution Center and Imaging Support Tools 6.1
"HPExtendedCapabilities" = HP Extended Capabilities 6.1
"LiveReg" = LiveReg (Symantec Corporation)
"LiveUpdate" = LiveUpdate 2.5 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox (3.0.13)" = Mozilla Firefox (3.0.13)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"NOD32" = NOD32 antivirus system
"Nokia PC Suite" = Nokia PC Suite
"Nowe Gadu-Gadu" = Nowe Gadu-Gadu
"PalTalk8.2" = PaltalkScene
"PROSet" = Intel® PRO Network Adapters and Drivers
"RealPlayer 6.0" = RealPlayer
"SymSetup.{A93C9E60-29B6-49da-BA21-F70AC6AADE20}" = Norton Internet Security 2005 (Symantec Corporation)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"The KMPlayer" = The KMPlayer 2.9.3.1433
"Tlen.pl" = Tlen.pl
"Ultra RM Converter_is1" = Ultra RM Converter 3.3.0916
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Reproductor de Windows Media 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01007" = Microsoft User-Mode Driver Framework Feature Pack 1.7

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 18/07/2009 08:24:26 p.m. | Computer Name = LÓPEZ | Source = Google Update | ID = 20
Description =

Error - 18/07/2009 09:25:02 p.m. | Computer Name = LÓPEZ | Source = Google Update | ID = 20
Description =

Error - 18/07/2009 10:25:11 p.m. | Computer Name = LÓPEZ | Source = Google Update | ID = 20
Description =

Error - 18/07/2009 11:24:26 p.m. | Computer Name = LÓPEZ | Source = Google Update | ID = 20
Description =

Error - 19/07/2009 12:24:27 a.m. | Computer Name = LÓPEZ | Source = Google Update | ID = 20
Description =

Error - 19/07/2009 01:24:26 a.m. | Computer Name = LÓPEZ | Source = Google Update | ID = 20
Description =

Error - 19/07/2009 09:24:26 p.m. | Computer Name = LÓPEZ | Source = Google Update | ID = 20
Description =

Error - 20/07/2009 01:24:31 p.m. | Computer Name = LÓPEZ | Source = Google Update | ID = 20
Description =

Error - 20/07/2009 02:25:16 p.m. | Computer Name = LÓPEZ | Source = Google Update | ID = 20
Description =

Error - 20/07/2009 03:24:29 p.m. | Computer Name = LÓPEZ | Source = Google Update | ID = 20
Description =

[ System Events ]
Error - 09/08/2009 09:22:19 p.m. | Computer Name = LÓPEZ | Source = DCOM | ID = 10005
Description = DCOM ha obtenido un error "%1084" al intentar iniciar el servicio
StiSvc con argumentos "" para ejecutar el servidor: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 09/08/2009 09:38:39 p.m. | Computer Name = LÓPEZ | Source = DCOM | ID = 10005
Description = DCOM ha obtenido un error "%1084" al intentar iniciar el servicio
StiSvc con argumentos "" para ejecutar el servidor: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 09/08/2009 09:38:41 p.m. | Computer Name = LÓPEZ | Source = DCOM | ID = 10005
Description = DCOM ha obtenido un error "%1084" al intentar iniciar el servicio
StiSvc con argumentos "" para ejecutar el servidor: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 09/08/2009 09:50:55 p.m. | Computer Name = LÓPEZ | Source = DCOM | ID = 10005
Description = DCOM ha obtenido un error "%1084" al intentar iniciar el servicio
StiSvc con argumentos "" para ejecutar el servidor: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 09/08/2009 09:52:11 p.m. | Computer Name = LÓPEZ | Source = DCOM | ID = 10005
Description = DCOM ha obtenido un error "%1084" al intentar iniciar el servicio
StiSvc con argumentos "" para ejecutar el servidor: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 09/08/2009 09:52:12 p.m. | Computer Name = LÓPEZ | Source = DCOM | ID = 10005
Description = DCOM ha obtenido un error "%1084" al intentar iniciar el servicio
StiSvc con argumentos "" para ejecutar el servidor: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 09/08/2009 09:58:21 p.m. | Computer Name = LÓPEZ | Source = DCOM | ID = 10005
Description = DCOM ha obtenido un error "%1084" al intentar iniciar el servicio
StiSvc con argumentos "" para ejecutar el servidor: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 09/08/2009 09:58:43 p.m. | Computer Name = LÓPEZ | Source = DCOM | ID = 10005
Description = DCOM ha obtenido un error "%1084" al intentar iniciar el servicio
EventSystem con argumentos "" para ejecutar el servidor: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 09/08/2009 10:00:05 p.m. | Computer Name = LÓPEZ | Source = DCOM | ID = 10005
Description = DCOM ha obtenido un error "%1084" al intentar iniciar el servicio
EventSystem con argumentos "" para ejecutar el servidor: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 09/08/2009 10:01:14 p.m. | Computer Name = LÓPEZ | Source = Service Control Manager | ID = 7026
Description = El controlador de inicialización siguiente no se cargó correctamente:
APPDRV Fips IntelIde intelppm nod32drv SYMTDI


< End of report >













That's all. Thanks for everything...

#7 emeraldnzl

  • Group: GeekU Moderator
  • Posts: 14,387
  • Joined: 19-November 07

Posted 09 August 2009 - 08:29 PM

Hello Lann,

Please download ComboFix from one of these locations:

NOTE: If you are guest watching this topic. ComboFix is a very powerful tool. The disclaimer clearly states that you should not use it without supervision. There is good reason for this as ComboFix can, and sometimes does, run into conflict on a computer and render it unusable.

Link 1
Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.
  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.


**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

#8 Lann

  • Group: Member
  • Posts: 18
  • Joined: 13-January 09

Posted 09 August 2009 - 08:53 PM

This is the result of running ComboFix (I didn't pass through the Microsoft Windows Recovery Console procedure):




ComboFix 09-08-09.04 - Bossuet 09/08/2009 21:42.1.1 - NTFSx86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.2.1252.34.3082.18.503.376 [GMT -5:00]
Running from: c:\documents and settings\Bossuet\Escritorio\ComboFix.exe
AV: ESET NOD32 antivirus system 2.70 *On-access scanning enabled* (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
AV: Norton Internet Security *On-access scanning enabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Bossuet\Datos de programa\bcrypt.html
c:\recycler\S-1-5-21-1902057161-5126571349-588235064-5662
c:\recycler\S-1-5-21-2565375783-230368801-2809375961-501

.
((((((((((((((((((((((((( Files Created from 2009-07-10 to 2009-08-10 )))))))))))))))))))))))))))))))
.

2009-08-10 01:27 . 2009-08-10 01:27 -------- d-----w- c:\documents and settings\Bossuet\Datos de programa\Malwarebytes
2009-08-10 01:27 . 2009-08-03 18:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-10 01:27 . 2009-08-10 01:27 -------- d-----w- c:\documents and settings\All Users\Datos de programa\Malwarebytes
2009-08-10 01:27 . 2009-08-03 18:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-10 01:27 . 2009-08-10 01:27 -------- d-----w- c:\archivos de programa\Malwarebytes' Anti-Malware
2009-08-10 01:08 . 2009-08-10 01:08 0 ----a-w- c:\documents and settings\Bossuet\settings.dat
2009-08-09 20:34 . 2007-04-12 19:19 129024 ----a-w- c:\windows\system32\AVERM.dll
2009-08-09 20:34 . 2009-08-09 20:42 -------- d-----w- c:\archivos de programa\Ultra RM Converter
2009-08-07 21:07 . 2009-08-10 01:14 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-08-03 21:33 . 2004-08-04 04:08 25600 ----a-w- c:\windows\system32\drivers\usbser.sys
2009-08-03 21:33 . 2004-08-04 04:08 25600 ----a-w- c:\windows\system32\dllcache\usbser.sys
2009-08-03 21:32 . 2008-03-21 18:57 14640 ------w- c:\windows\system32\spmsgXP_2k3.dll
2009-08-03 21:29 . 2009-08-03 21:29 -------- d-----w- c:\documents and settings\Bossuet\Datos de programa\Nokia
2009-08-03 21:29 . 2009-08-03 21:33 -------- d-----w- c:\documents and settings\Bossuet\Datos de programa\PC Suite
2009-08-03 21:29 . 2009-08-03 21:33 -------- d-----w- c:\documents and settings\All Users\Datos de programa\PC Suite
2009-08-03 21:18 . 2009-08-03 21:01 33714512 ----a-w- c:\documents and settings\All Users\Datos de programa\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Nokia_PC_Suite_7_1_30_9_spa_co_web.exe
2009-08-03 21:17 . 2009-08-03 21:17 95232 ----a-w- c:\documents and settings\All Users\Datos de programa\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\pcswpcsi.exe
2009-08-03 21:17 . 2009-08-03 21:17 8192 ----a-w- c:\documents and settings\All Users\Datos de programa\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstCCD.exe
2009-08-03 21:17 . 2009-08-03 21:17 61440 ----a-w- c:\documents and settings\All Users\Datos de programa\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2009-08-03 21:17 . 2009-08-03 21:17 10240 ----a-w- c:\documents and settings\All Users\Datos de programa\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstPCS.exe
2009-08-03 21:17 . 2009-08-03 21:17 -------- d-----w- c:\documents and settings\All Users\Datos de programa\Installations
2009-08-03 00:04 . 2009-08-03 00:04 -------- d-----w- c:\windows\system32\wbem\Repository
2009-07-30 19:34 . 2009-07-30 19:34 -------- d-----w- c:\archivos de programa\ALA
2009-07-27 16:52 . 2009-08-03 00:00 -------- d-----w- c:\documents and settings\Invitado\Configuración local
2009-07-27 16:52 . 2009-08-03 00:00 -------- d-s---w- c:\documents and settings\Invitado
2009-07-27 16:52 . 2009-08-03 00:00 -------- d-----w- c:\documents and settings\Invitado\Datos de programa
2009-07-27 16:52 . 2009-08-03 00:00 -------- d-----w- c:\documents and settings\Invitado\Plantillas
2009-07-27 16:52 . 2009-08-03 00:00 -------- d-----w- c:\documents and settings\Invitado\Favoritos
2009-07-23 03:11 . 2009-07-23 03:11 -------- d-----w- c:\documents and settings\All Users\Datos de programa\Office Genuine Advantage
2009-07-19 00:00 . 2009-08-03 21:28 -------- dc----w- c:\windows\system32\DRVSTORE
2009-07-19 00:00 . 2009-07-19 00:00 -------- d-----w- c:\documents and settings\All Users\Datos de programa\Apple
2009-07-19 00:00 . 2009-07-19 00:00 -------- d-----w- c:\archivos de programa\MSXML 4.0
2009-07-18 23:59 . 2009-07-18 23:59 -------- d-----w- c:\documents and settings\Bossuet\Datos de programa\Sonic
2009-07-18 23:59 . 2009-07-18 23:59 -------- d-----w- c:\windows\Easy CD-DA Extractor 11.9.9 build 668
2009-07-18 23:59 . 2009-07-18 23:59 -------- d---a-w- c:\documents and settings\All Users\Datos de programa\TEMP

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-07 05:55 . 2009-06-23 07:15 -------- d-----w- c:\archivos de programa\The KMPlayer
2009-08-03 21:34 . 2009-08-03 21:34 0 ---ha-w- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf
2009-08-03 21:34 . 2009-08-03 21:34 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_user_01_07_00.Wdf
2009-08-03 21:32 . 2009-08-03 21:32 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2009-08-03 21:32 . 2009-08-03 21:32 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-08-03 21:28 . 2009-08-03 21:27 -------- d-----w- c:\archivos de programa\DIFX
2009-08-03 21:28 . 2009-08-03 21:28 -------- d-----w- c:\archivos de programa\Archivos comunes\PCSuite
2009-08-03 21:28 . 2009-08-03 21:27 -------- d-----w- c:\archivos de programa\Archivos comunes\Nokia
2009-08-03 21:28 . 2009-08-03 21:24 -------- d-----w- c:\archivos de programa\Nokia
2009-08-03 21:27 . 2009-08-03 21:27 -------- d-----w- c:\archivos de programa\PC Connectivity Solution
2009-08-03 00:04 . 2009-07-05 22:55 -------- d-----w- c:\archivos de programa\Archivos comunes\Real
2009-07-19 00:01 . 2009-07-05 18:18 -------- d-----w- c:\archivos de programa\iTunes
2009-07-19 00:01 . 2009-07-05 18:16 -------- d-----w- c:\archivos de programa\Bonjour
2009-07-19 00:01 . 2009-07-05 18:15 -------- d-----w- c:\archivos de programa\QuickTime
2009-07-19 00:00 . 2009-07-05 18:15 -------- d-----w- c:\documents and settings\All Users\Datos de programa\Apple Computer
2009-07-19 00:00 . 2009-07-05 18:14 -------- d-----w- c:\archivos de programa\Apple Software Update
2009-07-19 00:00 . 2009-07-04 14:01 -------- d-----w- c:\archivos de programa\ICQ6.5
2009-07-18 23:52 . 2005-09-14 17:54 -------- d-----w- c:\archivos de programa\Archivos comunes\Symantec Shared
2009-07-18 23:44 . 2009-07-05 18:18 -------- d-----w- c:\archivos de programa\iPod
2009-07-17 18:56 . 2009-06-23 06:56 -------- d-----w- c:\archivos de programa\ESET
2009-07-10 02:14 . 2009-07-10 02:14 -------- d-----w- c:\documents and settings\Bossuet\Datos de programa\Apple Computer
2009-07-06 00:13 . 2009-06-25 03:25 -------- d-----w- c:\archivos de programa\Google
2009-07-05 22:55 . 2009-07-05 22:55 -------- d-----w- c:\archivos de programa\Real
2009-07-05 18:18 . 2009-07-05 18:18 -------- d-----w- c:\documents and settings\All Users\Datos de programa\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-07-05 18:18 . 2009-07-05 18:13 -------- d-----w- c:\archivos de programa\Archivos comunes\Apple
2009-07-04 23:55 . 2009-07-04 23:35 110629 ----a-w- c:\windows\hpoins08.dat
2009-07-04 23:54 . 2009-07-04 23:54 -------- d-----w- c:\documents and settings\All Users\Datos de programa\HP
2009-07-04 23:53 . 2009-07-04 23:53 -------- d-----w- c:\archivos de programa\Archivos comunes\HP
2009-07-04 23:53 . 2009-07-04 23:38 -------- d-----w- c:\archivos de programa\HP
2009-07-04 23:50 . 2009-07-04 23:50 -------- d-----w- c:\archivos de programa\Hewlett-Packard
2009-07-04 23:48 . 2009-07-04 23:48 -------- d-----w- c:\archivos de programa\Archivos comunes\Hewlett-Packard
2009-07-04 14:04 . 2005-09-14 17:52 -------- d--h--w- c:\archivos de programa\InstallShield Installation Information
2009-07-03 03:12 . 2009-07-03 03:12 -------- d-----w- c:\documents and settings\Bossuet\Datos de programa\Leadertech
2009-06-27 16:39 . 2009-06-27 16:39 -------- d-----w- c:\documents and settings\Frank\Datos de programa\TuneUp Software
2009-06-27 16:08 . 2009-06-27 16:08 -------- d-----w- c:\documents and settings\Frank\Datos de programa\Media Player Classic
2009-06-27 08:27 . 2009-06-23 17:38 -------- d-----w- c:\archivos de programa\Archivos comunes\Adobe
2009-06-26 07:12 . 2009-06-26 07:09 -------- d-----w- c:\archivos de programa\Paltalk Messenger
2009-06-25 15:23 . 2009-06-25 14:42 -------- d-----w- c:\archivos de programa\TuneUp Utilities 2009
2009-06-25 15:23 . 2009-06-25 15:23 604416 ----a-w- c:\windows\system32\TUProgSt.exe
2009-06-25 15:23 . 2009-06-25 15:23 361216 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2009-06-25 14:44 . 2009-06-25 14:44 -------- d-----w- c:\documents and settings\Bossuet\Datos de programa\TuneUp Software
2009-06-25 14:43 . 2009-06-25 14:43 -------- d-----w- c:\documents and settings\All Users\Datos de programa\TuneUp Software
2009-06-25 14:43 . 2009-06-25 14:43 -------- d-sh--w- c:\documents and settings\All Users\Datos de programa\{55A29068-F2CE-456C-9148-C869879E2357}
2009-06-25 14:31 . 2004-09-09 22:41 69944 ----a-w- c:\windows\system32\perfc00A.dat
2009-06-25 14:31 . 2004-09-09 22:41 441762 ----a-w- c:\windows\system32\perfh00A.dat
2009-06-25 11:45 . 2009-06-25 11:45 -------- d-----w- c:\documents and settings\Bossuet\Datos de programa\OpenFM
2009-06-25 07:31 . 2009-06-25 07:29 -------- d-----w- c:\documents and settings\All Users\Datos de programa\OpenFM
2009-06-25 07:18 . 2009-06-25 07:18 -------- d-----w- c:\archivos de programa\Nowe Gadu-Gadu
2009-06-25 06:21 . 2009-06-25 05:25 -------- d-----w- c:\archivos de programa\Tlen.pl
2009-06-25 05:27 . 2009-06-25 05:27 -------- d-----w- c:\documents and settings\All Users\Datos de programa\Tlen.pl
2009-06-25 04:51 . 2009-06-25 04:51 -------- d-----w- c:\archivos de programa\Windows Media Connect 2
2009-06-25 03:27 . 2009-06-25 03:27 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-06-25 03:25 . 2009-06-25 03:25 -------- d-----r- c:\archivos de programa\Skype
2009-06-25 03:25 . 2009-06-25 03:24 -------- d-----w- c:\documents and settings\All Users\Datos de programa\Skype
2009-06-25 03:25 . 2009-06-25 03:25 -------- d-----w- c:\archivos de programa\Archivos comunes\Skype
2009-06-24 19:21 . 2009-06-24 19:21 -------- d-----w- c:\archivos de programa\Microsoft.NET
2009-06-24 08:10 . 2009-06-24 08:10 -------- d-----w- c:\archivos de programa\Microsoft CAPICOM 2.1.0.2
2009-06-23 20:47 . 2009-06-23 20:47 -------- d-----w- c:\documents and settings\Frank\Datos de programa\MSNInstaller
2009-06-23 07:13 . 2009-06-23 05:32 -------- d-----w- c:\documents and settings\Bossuet\Datos de programa\Symantec
2009-06-23 06:56 . 2009-06-23 06:57 298104 ----a-w- c:\windows\system32\imon.dll
2009-06-23 06:56 . 2009-06-23 06:57 512096 ----a-w- c:\windows\system32\drivers\amon.sys
2009-06-23 06:56 . 2009-06-23 06:57 15424 ----a-w- c:\windows\system32\drivers\nod32drv.sys
2009-06-23 06:56 . 2009-06-23 06:56 -------- d-----w- c:\archivos de programa\Eset_nod_32_2.70.31
2009-06-23 06:24 . 2009-06-23 06:24 -------- d-----w- c:\archivos de programa\Microsoft
2009-06-23 06:24 . 2009-06-23 06:24 -------- d-----w- c:\archivos de programa\Windows Live
2009-06-23 06:24 . 2009-06-23 06:24 -------- d-----w- c:\archivos de programa\Windows Live SkyDrive
2009-06-23 06:03 . 2009-06-23 06:03 -------- d-----w- c:\archivos de programa\Archivos comunes\Windows Live
2009-06-23 05:45 . 2009-06-23 05:45 0 ----a-w- c:\windows\nsreg.dat
2009-06-05 18:57 . 2009-06-05 18:57 75048 ----a-w- c:\documents and settings\All Users\Datos de programa\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PC Suite Tray"="c:\archivos de programa\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-06-25 1414144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IS CfgWiz"="c:\archivos de programa\Norton Internet Security\cfgwiz.exe" [2005-02-02 132248]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-20 15360]

c:\documents and settings\All Users\Men£ Inicio\Programas\Inicio\
HP Digital Imaging Monitor.lnk - c:\archivos de programa\HP\Digital Imaging\bin\hpqtra08.exe [2005-12-15 282624]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menú Inicio^Programas^Inicio^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Menú Inicio\Programas\Inicio\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menú Inicio^Programas^Inicio^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Menú Inicio\Programas\Inicio\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menú Inicio^Programas^Inicio^PalTalk.lnk]
path=c:\documents and settings\All Users\Menú Inicio\Programas\Inicio\PalTalk.lnk
backup=c:\windows\pss\PalTalk.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Archivos de programa\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Archivos de programa\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Archivos de programa\\Tlen.pl\\tlen.exe"=
"c:\\Archivos de programa\\Nowe Gadu-Gadu\\gg.exe"=
"c:\\Archivos de programa\\Paltalk Messenger\\paltalk.exe"=
"c:\\Archivos de programa\\ICQ6.5\\ICQ.exe"=
"c:\\Archivos de programa\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Archivos de programa\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Archivos de programa\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Archivos de programa\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Archivos de programa\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Archivos de programa\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Archivos de programa\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Archivos de programa\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Archivos de programa\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Archivos de programa\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Archivos de programa\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Archivos de programa\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Archivos de programa\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Archivos de programa\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Archivos de programa\\Bonjour\\mDNSResponder.exe"=
"c:\\Archivos de programa\\iTunes\\iTunes.exe"=
"c:\\Archivos de programa\\Skype\\Phone\\Skype.exe"=

S1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [23/06/2009 01:57 a.m. 15424]
S2 gupdate1c9fdce7c6f5572;Servicio de actualización de Google (gupdate1c9fdce7c6f5572);"c:\archivos de programa\Google\Update\GoogleUpdate.exe" /svc --> c:\archivos de programa\Google\Update\GoogleUpdate.exe [?]
S2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [25/06/2009 10:23 a.m. 604416]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2009-07-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\archivos de programa\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2009-08-07 c:\windows\Tasks\Mantenimiento con 1 clic.job
- c:\archivos de programa\TuneUp Utilities 2009\OneClickStarter.exe [2009-04-27 13:46]

2009-07-12 c:\windows\Tasks\Norton AntiVirus - Analizar el equipo - Maskab.job
- c:\archiv~1\NORTON~1\NORTON~1\Navw32.exe [2005-02-02 14:52]

2009-08-07 c:\windows\Tasks\Symantec NetDetect.job
- c:\archivos de programa\Symantec\LiveUpdate\NDETECT.EXE [2005-09-14 16:40]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-TkBellExe - c:\archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.dell.com/
mStart Page = hxxp://www.dell.com/
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xportar a Microsoft Excel - c:\archiv~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
LSP: c:\windows\system32\imon.dll
FF - ProfilePath - c:\documents and settings\Bossuet\Datos de programa\Mozilla\Firefox\Profiles\1due9uty.default\
FF - component: c:\archivos de programa\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
FF - plugin: c:\archivos de programa\Java\j2re1.4.2_03\bin\NPJava11.dll
FF - plugin: c:\archivos de programa\Java\j2re1.4.2_03\bin\NPJava12.dll
FF - plugin: c:\archivos de programa\Java\j2re1.4.2_03\bin\NPJava13.dll
FF - plugin: c:\archivos de programa\Java\j2re1.4.2_03\bin\NPJava14.dll
FF - plugin: c:\archivos de programa\Java\j2re1.4.2_03\bin\NPJava32.dll
FF - plugin: c:\archivos de programa\Java\j2re1.4.2_03\bin\NPJPI142_03.dll
FF - plugin: c:\archivos de programa\Java\j2re1.4.2_03\bin\NPOJI610.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-09 21:45
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\ð•€|ÿÿÿÿ.•€|þ»Ñw*]
"A0C0110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
Completion time: 2009-08-10 21:46
ComboFix-quarantined-files.txt 2009-08-10 02:46

Pre-Run: 18,196,082,688 bytes libres
Post-Run: 18,693,197,824 bytes libres

232 --- E O F --- 2009-07-05 06:03













That's it.

Thanks

#9 emeraldnzl

  • Group: GeekU Moderator
  • Posts: 14,387
  • Joined: 19-November 07

Posted 09 August 2009 - 09:05 PM

Hello Lann,

You have used Malwarebytes before. If you still have it on your machine please update and run. Post the scan report back here.

If you no-longer have Malwarebytes please download from Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Next

Please click here to download AVP Tool by Kaspersky.
  • Save it to your desktop.
  • Reboot your computer into SafeMode.
    You can do this by restarting your computer and continually tapping the F8 key until a menu appears.
    Use your up arrow key to highlight SafeMode then hit enter    .

  • Double click the setup file to run it.
  • Click Next to continue.
  • It will by default install it to your desktop folder.Click Next.
  • Hit ok at the prompt for scanning in Safe Mode.
  • It will then open a box There will be a tab that says Automatic scan.
  • Under Automatic scan make sure these are checked.


  • System Memory
  • Startup Objects
  • Disk Boot Sectors.
  • My Computer.
  • Also any other drives (Removable that you may have)


After that click on Security level then choose Customize then click on the tab that says Heuristic Analyzer then choose Enable Deep rootkit search then choose ok.
Then choose OK again then you are back to the main screen.

  • Then click on Scan at the to right hand Corner.
  • It will automatically Neutralize any objects found.
  • If some objects are left un-neutralized then click the button that says Neutralize all
  • If it says it cannot be Neutralized then chooose The delete option when prompted.
  • After that is done click on the reports button at the bottom and save it to file, name it Kas.
  • Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.

    Note: This tool will self uninstall when you close it so please save the log before closing it.

So when you return please post
  • MBAM report
  • Kaspersky AVP report
  • and tell me how your machine is performing now

#10 Lann

  • Group: Member
  • Posts: 18
  • Joined: 13-January 09

Posted 09 August 2009 - 09:34 PM

I didn't update Malwarebytes Antimalware, 'cause I couldn't; I got the error code 732 (0,0); but I downloaded an hour ago, so I don't think there´s some kind of problem.


This is the log file I've got after running Malwarebytes Antimalware (it looks there's no problems), I'm not posting the second file, 'cause the AVP Tool is still downloading, and maybe the download will continue half hour, so, meanwhile...






Malwarebytes' Anti-Malware 1.40
Versión de la Base de Datos: 2588
Windows 5.1.2600 Service Pack 2 (Safe Mode)

09/08/2009 10:28:55 p.m.
mbam-log-2009-08-09 (22-28-55).txt

Tipo de examen : Examen Rápido
Objetos examinados: 103976
Tiempo transcurrido: 3 minute(s), 35 second(s)

Procesos en Memoria Infectados: 0
Módulos en Memoria Infectados: 0
Claves del Registro Infectadas: 0
Valores del Registro Infectados: 0
Elementos de Datos del Registro Infectados: 0
Carpetas Infectadas: 0
Ficheros Infectados: 0

Procesos en Memoria Infectados:
(No se han detectado elementos maliciosos)

Módulos en Memoria Infectados:
(No se han detectado elementos maliciosos)

Claves del Registro Infectadas:
(No se han detectado elementos maliciosos)

Valores del Registro Infectados:
(No se han detectado elementos maliciosos)

Elementos de Datos del Registro Infectados:
(No se han detectado elementos maliciosos)

Carpetas Infectadas:
(No se han detectado elementos maliciosos)

Ficheros Infectados:
(No se han detectado elementos maliciosos)







I'll post the AVP Report as soon as I can. Thanks a lot...

#11 emeraldnzl

  • Group: GeekU Moderator
  • Posts: 14,387
  • Joined: 19-November 07

Posted 09 August 2009 - 10:08 PM

Quote

I got the error code 732


Hmm... when I look that up on the Malwarebytes forum it's stated that that error code applies to 64bit machines. Yours is not as far as I can see so I don't know what's going on. Might be worth uninstalling your one and downloading a new one if you want to keep the program. Shouldn't have made any difference to the scan though.

Look forward to seeing the AVP results when you have them. :)

#12 Lann

  • Group: Member
  • Posts: 18
  • Joined: 13-January 09

Posted 09 August 2009 - 10:29 PM

It's ok, a couple of minutes after I posted that, I got the message "Update succesfull..."


But there's a problem: I downloaded AVP Tool to my Desktop, then I installed it. But it just doesn't run. I click on the Start icon, and in the other icons (MS-DOS stuff), but nothing happens... It's... I don't know... For an instant appears the "wait" icon on the cursor (I don't know if that's correct, I mean, I refer to the narrow... OK, stop laughing...)


Thanks a lot...

#13 emeraldnzl

  • Group: GeekU Moderator
  • Posts: 14,387
  • Joined: 19-November 07

Posted 09 August 2009 - 10:37 PM

If that one isn't working for you try this:

Panda only works if you are using Internet Explorer.

Please go HERE to run Panda's ActiveScan
" Once you are on the Panda site click the Scan your PC button
" A new window will open...click the Check Now button
" Enter your Country
" Enter your State/Province
" Enter your e-mail address and click send
" Select either Home User or Company
" Click the big Scan Now button
" If it wants to install an ActiveX component allow it
" It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
" When download is complete, click on My Computer to start the scan
" When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report

#14 Lann

  • Group: Member
  • Posts: 18
  • Joined: 13-January 09

Posted 09 August 2009 - 10:48 PM

I didn't the "registering" procedure. And I'm gonna do this with Firefox (a plug-in allows me to do so). I'm posting this "just in case". I want to do everything just as it must be done...

#15 emeraldnzl

  • Group: GeekU Moderator
  • Posts: 14,387
  • Joined: 19-November 07

Posted 09 August 2009 - 10:51 PM

No problem. Hopefully it works. :)

Share this topic:


  • 2 Pages +
  • 1
  • 2