Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Requesting Assistance: Removal Browser Manager/Babylon Toolbar [Solved


  • This topic is locked This topic is locked

#1
Glennie

Glennie

    Member

  • Member
  • PipPip
  • 11 posts
I am on Windows XP.

I use Chrome and IE. Both are infected with Bablylon, which has taken them over.
I can see that Browsermanager.exe is running on my PC.

I would welcome any help with removal, which appears to be difficult.

Here is the log. I hope it is displayed appropriately. Please tell me if it is not and I will try again.

I notice that the annotations at the end are in Spanish (I live in Madrid).
I can provide translations if required.

Many thanks

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- C:\Documents and Settings\glennhubb\Configuración local\Datos de programa\Google\Chrome\Application\chrome.exe (Google Inc.)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Archivos de programa\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Archivos de programa\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Directory [Search With DocFetcher] -- "C:\Archivos de programa\DocFetcher\DocFetcher.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 1
"FirstRunDisabled" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntivirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts]
"Enabled" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts\List]
"135:TCP:*:enabled:SCCM Remote Tools" = 135:TCP:*:enabled:SCCM Remote Tools
"22222:TCP:*:enabled:Officescan" = 22222:TCP:*:enabled:Officescan
"2701:TCP:*:enabled:SCCM Remote Tools" = 2701:TCP:*:enabled:SCCM Remote Tools
"2702:TCP:*:enabled:SCCM Remote Tools" = 2702:TCP:*:enabled:SCCM Remote Tools

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\IcmpSettings]
"AllowOutboundDestinationUnreachable" = 0
"AllowOutboundSourceQuench" = 0
"AllowRedirect" = 0
"AllowInboundEchoRequest" = 1
"AllowInboundRouterRequest" = 1
"AllowOutboundTimeExceeded" = 0
"AllowOutboundParameterProblem" = 0
"AllowInboundTimestampRequest" = 1
"AllowInboundMaskRequest" = 1
"AllowOutboundPacketTooBig" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\RemoteAdminSettings]
"Enabled" = 1
"RemoteAddresses" = 130.206.70.181,130.206.68.216,130.206.68.169,130.206.68.166,130.206.68.222

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\FileAndPrint]
"Enabled" = 1
"RemoteAddresses" = 130.206.70.181,

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\RemoteDesktop]
"Enabled" = 1
"RemoteAddresses" = *

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"22222:TCP" = 22222:TCP:*:Enabled:Trend Micro OfficeScan Listener
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Servicio de uso compartido de red del Reproductor de Windows Media
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Servicio de uso compartido de red del Reproductor de Windows Media
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Servicio de uso compartido de red del Reproductor de Windows Media
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Servicio de uso compartido de red del Reproductor de Windows Media
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Servicio de uso compartido de red del Reproductor de Windows Media
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Servicio de uso compartido de red del Reproductor de Windows Media

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"22222:TCP" = 22222:TCP:*:Enabled:Trend Micro OfficeScan Listener
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Servicio de uso compartido de red del Reproductor de Windows Media
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Servicio de uso compartido de red del Reproductor de Windows Media
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Servicio de uso compartido de red del Reproductor de Windows Media
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Servicio de uso compartido de red del Reproductor de Windows Media
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Servicio de uso compartido de red del Reproductor de Windows Media
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Servicio de uso compartido de red del Reproductor de Windows Media

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Archivos de programa\IncrediMail\bin\IMApp.exe" = C:\Archivos de programa\IncrediMail\bin\IMApp.exe:*:Enabled:IncrediMail -- (IncrediMail, Ltd.)
"C:\Archivos de programa\IncrediMail\bin\IncMail.exe" = C:\Archivos de programa\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail -- (IncrediMail, Ltd.)
"C:\Archivos de programa\IncrediMail\bin\ImpCnt.exe" = C:\Archivos de programa\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail -- (IncrediMail, Ltd.)
"C:\Program Files\Maxthon2\Maxthon.exe" = C:\Program Files\Maxthon2\Maxthon.exe:*:Enabled:Maxthon Browser
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)
"C:\Archivos de programa\Internet Explorer\iexplore.exe" = C:\Archivos de programa\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Maxthon2\Modules\MxDownloader\MxDownloadServer.exe" = C:\Program Files\Maxthon2\Modules\MxDownloader\MxDownloadServer.exe:*:Disabled:MxDownloadServer
"C:\Program Files\Max 2\Modules\MxDownloader\MxDownloadServer.exe" = C:\Program Files\Max 2\Modules\MxDownloader\MxDownloadServer.exe:*:Disabled:MxDownloadServer -- (Maxthon International ltd.)
"C:\Archivos de programa\Opera 10.60 Beta\opera.exe" = C:\Archivos de programa\Opera 10.60 Beta\opera.exe:*:Enabled:Opera Internet Browser

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Archivos de programa\IncrediMail\bin\IncMail.exe" = C:\Archivos de programa\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail -- (IncrediMail, Ltd.)
"C:\Archivos de programa\IncrediMail\bin\IMApp.exe" = C:\Archivos de programa\IncrediMail\bin\IMApp.exe:*:Enabled:IncrediMail -- (IncrediMail, Ltd.)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00B2E284-0B9A-33B4-7E91-BAFD1E35CAFE}" = TweetDeck
"{02885557-ACA5-4B6F-85D2-3F1A9B8580F5}" = SMART Response Software
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0BF5FBE7-3907-4A1F-9E48-8B66E52850D6}" = TrayApp
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0F40754C-F1FD-43df-B73E-9DA38399CDD6}" = hpf_ProductContext
"{14A67CE0-4F30-4607-885B-43EE27BAC746}" = Readme
"{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}" = Browser Manager
"{18DB3375-0649-4EA3-959A-44F1ACD278BA}" = IncrediMail
"{1E1F1E70-14D8-4380-8652-BD1A895A7D65}" = Status
"{24BEBF2E-73F3-4599-840B-EDC612CCDD0D}" = Destinations
"{2609EDF1-34C4-4B03-B634-55F3B3BC4931}" = Configuration Manager Client
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java™ 6 Update 37
"{2CA41BA1-9842-4819-8ABB-76FDC14AB9EA}" = ATI Catalyst Control Center
"{3248F0A8-6813-11D6-A77B-00B0D0150040}" = J2SE Runtime Environment 5.0 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{34F3FCF1-817B-4D61-B6AF-19D9486AFEA0}" = Unload
"{350C9C0A-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}" = Google Earth
"{4041C245-7099-4C96-9738-5EBC23827B3C}" = BufferChm
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A1F2472-6164-43FA-9D2F-B35E71A8DF32}" = SMART Ink
"{4BE53DB2-C1F2-44D1-A9AB-1630BA7F2AF1}" = SolutionCenter
"{529125EF-E3AC-4B74-97E6-F688A7C0F1BF}" = Paint.NET v3.5.10
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{635B88F9-9305-4AC3-9ED4-53AE682CF9E9}" = Directorio Telefónico
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{721ABC3B-5F12-4332-9C0C-C11424EF666C}" = WIMGAPI
"{75AE8014-1184-4BC0-B279-C879540719EE}" = PhotoMail Maker
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7AB01508-C2B2-43C8-8B44-514801E7CCC9}" = Jing
"{7ADE9F27-A175-447F-A4B4-B05FA82735E1}" = HP Deskjet 6900 series (esn)
"{83169D43-4660-4347-BC95-E9D6E6BE65CE}" = Microsoft .NET Framework 1.1 Spanish Language Pack
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C4A333-DD44-3431-B1BF-6A66B971D07B}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"{85AC0FFA-643D-3103-9310-7086ECB0C36C}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - ESN
"{87F59A07-55EE-415E-A966-31F3D8B6B7AD}" = LP6940_Help
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics Driver
"{8DC6CA16-9B4E-4C10-95EE-2BD91EB0290C}" = LP6940Trb
"{8E22BDA7-7E38-4404-B685-30C693C43F40}" = Eudora
"{90110C0A-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90170C0A-6000-11D3-8CFE-0150048383C9}" = Microsoft Office FrontPage 2003
"{92E4A65F-7007-3357-A69A-167F71A337BD}" = Microsoft .NET Framework 3.5 Language Pack SP1 - esn
"{95B012AD-3A4A-31D7-9167-5D07D2A71F47}" = Microsoft .NET Framework 4 Client Profile ESN Language Pack
"{9C209B30-F71F-4c53-8D26-453208EC8E91}" = dj6940
"{9D81615E-B150-488B-90CA-1159E2113BE3}" = SMART Sync Teacher
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A62F9CD0-B2E0-4F2A-88F2-79254A3C8539}" = WinPatrol
"{A790BEB1-BCCF-4EC6-807B-5708B36E8A79}" = Intel® PROSet
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-1034-4700-BA7E-000000000001}" = Adobe Acrobat 6.0 Standard - Español, Italiano, Português
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
"{AD53E305-0F31-426E-85D1-35C63D913639}" = SMART English (United Kingdom) Language Pack
"{AFE024C7-7CA7-4C8E-90EE-D877C7CD96A3}" = SMART Notebook
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4B6D789-EF42-39D5-B36B-A1282951E0D5}" = Microsoft .NET Framework 4 Extended ESN Language Pack
"{BDEDB104-4067-3D5E-81F0-DBEBFE856B45}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - ESN
"{BE6890C7-31EF-478C-812E-1E2899ABFCA9}" = Broadcom Gigabit Integrated Controller
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C91212B9-0702-8D70-581A-20EBB32B3353}" = Triptico Desktop Resources
"{C9E4932C-8417-4E4C-A0E3-EE534810AB4D}" = ClearType Tuning Control Panel Applet
"{CB1F3886-AE9F-46fb-8325-6B0718989285}" = dj_taplugin
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D7CAE58E-26DE-49B7-A75D-EAEDF76726BE}" = HP Photosmart Essential
"{DD38EEF7-801F-4050-B6B0-8F0573141C7B}" = Mail Attachment Downloader v2.2
"{DDD5104F-1C44-49EB-9E6B-29EC5D27658B}" = HP Update
"{DEBB2986-15B0-4D28-95FA-5C966A396589}" = HPProductAssistant
"{E3189F44-F7BD-4F96-B756-A0AEFAF61D3A}" = SMART Product Drivers
"{E55E7026-EF2A-4A17-AAA7-DB98EA3FD1B1}" = Babylon Chrome Toolbar
"{E63E34A7-E552-412B-9E40-FD6FC5227ABA}_is1" = Uniblue RegistryBooster 2010
"{EACCC042-848D-4166-9D97-B13D1D108722}" = Google Drive
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EC2715CE-C182-483C-84CC-81D7D914CF14}" = WebReg
"{ED2455F7-6AA6-4D3C-85E9-A72297DD7051}" = SMART Common Files
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F8131A35-47FD-27AD-116D-0E79AF5DE5EE}" = Acrobat.com
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = Extensión de HighMAT para el Asistente para grabación de CD de Microsoft Windows XP
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"7-Zip" = 7-Zip 4.57
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adolix Split and Merge PDF_is1" = Adolix Split and Merge PDF v2.1
"AFPL Ghostscript 7.22" = AFPL Ghostscript 7.22
"AFPL Ghostscript Fonts" = AFPL Ghostscript Fonts
"All ATI Software" = ATI - Utilidad de desinstalación de software
"AnvSoft Flash to Video Converter Professional_is1" = AnvSoft Flash to Video Converter Professional 1.2.5
"Any Video Converter_is1" = Any Video Converter 2.6.7
"ATI Display Driver" = ATI Display Driver
"Audacity_is1" = Audacity 1.2.6
"BabylonToolbar" = Babylon toolbar on IE
"CCleaner" = CCleaner
"C-Media Audio" = C-Media 3D Audio
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DivX Codec" = Remove DivX Codec
"DocFetcher" = DocFetcher
"filehippo.com" = FileHippo.com Update Checker
"Foxit Reader" = Foxit Reader
"HP Imaging Device Functions" = HP Imaging Device Functions 6.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center and Imaging Support Tools 6.0
"ie8" = Windows Internet Explorer 8
"IncrediMail" = IncrediMail 2.0
"InstallShield_{BE6890C7-31EF-478C-812E-1E2899ABFCA9}" = Broadcom Gigabit Integrated Controller
"LAME for Audacity_is1" = LAME v3.98.3 for Audacity
"M8 Multi Clipboard" = M8 Multi Clipboard
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - esn" = Paquete de idioma de Microsoft .NET Framework 3.5 SP1 - esn
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile ESN Language Pack" = Paquete de idioma de Microsoft .NET Framework 4 Client Profile ESN
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended ESN Language Pack" = Paquete de idioma de Microsoft .NET Framework 4 Extended ESN
"Microsoft Visual Studio 2010 Tools for Office Runtime (x86)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"Mozilla Firefox 14.0.1 (x86 en-US)" = Mozilla Firefox 14.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MWSnap 3" = MWSnap 3
"Notepad++" = Notepad++
"OfficeScanNT" = Trend Micro OfficeScan Client
"PhotoMail" = PhotoMail Maker
"Pixillion" = Pixillion Image Converter
"PROSet" = Intel® PRO Network Adapters and Drivers
"RDC" = RDC
"RealPlayer 12.0" = RealPlayer
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"Shockwave" = Shockwave
"TaskSwitchXP" = TaskSwitchXP
"Tavultesoft Keyman 6.0" = Tavultesoft Keyman 6.0
"Tweak UI 2.10" = Tweak UI
"TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1" = TweetDeck
"uk.co.triptico.TDR" = Triptico Desktop Resources
"Visual Task Tips" = Visual Task Tips 2.1
"VLC media player" = VLC media player 0.9.8a
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Reproductor de Windows Media 11
"WMCSetup" = Windows Media Connect
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
"Xvid_is1" = Xvid 1.1.3 final uninstall
"Yahoo! Companion" = Barra Yahoo! con bloqueador de ventanas emergentes
"Yahoo! Toolbar" = Yahoo! Toolbar

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 08/02/2005 18:05:38 | Computer Name = ICAI-IDIOMAS | Source = Userenv | ID = 1097
Description = Windows no puede encontrar la cuenta del equipo, Los relojes de la
máquina del cliente y del servidor no están sincronizados. .

Error - 08/02/2005 18:05:38 | Computer Name = ICAI-IDIOMAS | Source = Userenv | ID = 1030
Description = Windows no puede hacer una consulta de la lista de objetos directiva
de grupo. Un mensaje describiendo la razón de este problema fue registrado con
anterioridad por este motor de directiva.

Error - 16/10/2012 4:10:19 | Computer Name = ICAI-IDIOMAS | Source = AutoEnrollment | ID = 15
Description = La inscripción de certificados automática para Sistema local no puede
ponerse en contacto con el directorio activo (0x8007054b) El dominio especificado
no existe o no se pudo establecer conexión con él. . La inscripción no se efectuará.

Error - 18/10/2012 2:34:35 | Computer Name = ICAI-IDIOMAS | Source = AutoEnrollment | ID = 15
Description = La inscripción de certificados automática para Sistema local no puede
ponerse en contacto con el directorio activo (0x8007054b) El dominio especificado
no existe o no se pudo establecer conexión con él. . La inscripción no se efectuará.

Error - 18/10/2012 2:34:35 | Computer Name = ICAI-IDIOMAS | Source = Userenv | ID = 1053
Description = Windows no puede determinar el nombre de usuario o de equipo. ( El
dominio especificado no existe o no se pudo establecer conexión con él. ). Se ha
anulado el proceso de directiva de grupo.

Error - 19/10/2012 2:15:54 | Computer Name = ICAI-IDIOMAS | Source = AutoEnrollment | ID = 15
Description = La inscripción de certificados automática para Sistema local no puede
ponerse en contacto con el directorio activo (0x8007054b) El dominio especificado
no existe o no se pudo establecer conexión con él. . La inscripción no se efectuará.

Error - 19/10/2012 2:15:56 | Computer Name = ICAI-IDIOMAS | Source = Userenv | ID = 1053
Description = Windows no puede determinar el nombre de usuario o de equipo. ( El
dominio especificado no existe o no se pudo establecer conexión con él. ). Se ha
anulado el proceso de directiva de grupo.

Error - 24/10/2012 2:02:17 | Computer Name = ICAI-IDIOMAS | Source = AutoEnrollment | ID = 15
Description = La inscripción de certificados automática para Sistema local no puede
ponerse en contacto con el directorio activo (0x8007054b) El dominio especificado
no existe o no se pudo establecer conexión con él. . La inscripción no se efectuará.

Error - 26/10/2012 2:46:13 | Computer Name = ICAI-IDIOMAS | Source = AutoEnrollment | ID = 15
Description = La inscripción de certificados automática para Sistema local no puede
ponerse en contacto con el directorio activo (0x8007054b) El dominio especificado
no existe o no se pudo establecer conexión con él. . La inscripción no se efectuará.

Error - 31/10/2012 5:45:49 | Computer Name = ICAI-IDIOMAS | Source = Application Hang | ID = 1002
Description = Aplicación que no responde: WinPatrolEx.exe, versión 25.6.2012.1,
módulo que no responde hungapp, versión 0.0.0.0, dirección que no responde 0x00000000.

[ System Events ]
Error - 26/10/2012 2:45:59 | Computer Name = ICAI-IDIOMAS | Source = Dhcp | ID = 1000
Description = Su equipo ha perdido la concesión de su dirección IP 130.206.66.81
en la tarjeta de red con dirección de red 00123F434EFB.

Error - 26/10/2012 2:46:10 | Computer Name = ICAI-IDIOMAS | Source = W32Time | ID = 39452701
Description = El proveedor de tiempo NtpClient se ha configurado para adquirir la
hora desde uno o más recursos de hora, sin embargo, ninguno de los recursos está
accesible No se hará un intento de ponerse en contacto con un recurso durante 15
minutos. NtpClient no tiene recurso de hora exacta.

Error - 26/10/2012 2:57:26 | Computer Name = ICAI-IDIOMAS | Source = Service Control Manager | ID = 7031
Description = El servicio Exploración en tiempo real de OfficeScan NT terminó inesperadamente.
Lo ha hecho 1 veces. Se realizará la siguiente acción correctora en 60000 milisegundos:
Reiniciar el servicio.

Error - 26/10/2012 2:58:26 | Computer Name = ICAI-IDIOMAS | Source = Service Control Manager | ID = 7032
Description = El Administrador de control de servicios intentó realizar una acción
correctora (Reiniciar el servicio) después de la terminación inesperada del servicio
Exploración en tiempo real de OfficeScan NT, pero ocurrió el siguiente error: %%1056

Error - 26/10/2012 3:02:06 | Computer Name = ICAI-IDIOMAS | Source = DCOM | ID = 10016
Description = La configuración de permisos que depende de la aplicación no concede
permiso de ejecución local para la aplicación de servidor COM con CLSID {24FF4FDC-1D9F-4195-8C79-0DA39248FF48}

al SID (S-1-5-18) de NT AUTHORITY\SYSTEM del usuario. Este permiso de seguridad
se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error - 26/10/2012 3:11:04 | Computer Name = ICAI-IDIOMAS | Source = DCOM | ID = 10016
Description = La configuración de permisos que depende de la aplicación no concede
permiso de ejecución local para la aplicación de servidor COM con CLSID {24FF4FDC-1D9F-4195-8C79-0DA39248FF48}

al SID (S-1-5-18) de NT AUTHORITY\SYSTEM del usuario. Este permiso de seguridad
se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error - 26/10/2012 3:18:05 | Computer Name = ICAI-IDIOMAS | Source = DCOM | ID = 10016
Description = La configuración de permisos que depende de la aplicación no concede
permiso de ejecución local para la aplicación de servidor COM con CLSID {7E89FF0B-F649-4F9A-A9C3-F05DFAAA3DA1}

al SID (S-1-5-18) de NT AUTHORITY\SYSTEM del usuario. Este permiso de seguridad
se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error - 26/10/2012 3:22:41 | Computer Name = ICAI-IDIOMAS | Source = DCOM | ID = 10016
Description = La configuración de permisos que depende de la aplicación no concede
permiso de ejecución local para la aplicación de servidor COM con CLSID {24FF4FDC-1D9F-4195-8C79-0DA39248FF48}

al SID (S-1-5-18) de NT AUTHORITY\SYSTEM del usuario. Este permiso de seguridad
se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error - 26/10/2012 3:29:38 | Computer Name = ICAI-IDIOMAS | Source = DCOM | ID = 10016
Description = La configuración de permisos que depende de la aplicación no concede
permiso de ejecución local para la aplicación de servidor COM con CLSID {24FF4FDC-1D9F-4195-8C79-0DA39248FF48}

al SID (S-1-5-18) de NT AUTHORITY\SYSTEM del usuario. Este permiso de seguridad
se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error - 29/10/2012 3:31:00 | Computer Name = ICAI-IDIOMAS | Source = DCOM | ID = 10016
Description = La configuración de permisos que depende de la aplicación no concede
permiso de ejecución local para la aplicación de servidor COM con CLSID {7E89FF0B-F649-4F9A-A9C3-F05DFAAA3DA1}

al SID (S-1-5-18) de NT AUTHORITY\SYSTEM del usuario. Este permiso de seguridad
se puede modificar mediante la herramienta administrativa Servicios de componentes.


< End of report >

Edited by Glennie, 31 October 2012 - 06:41 AM.

  • 0

Advertisements


#2
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hello Glennie and welcome to my office here at G2G! :)

My nick is maliprog and I'll be your technical support on this issue. Before we start please read my notes carefully:

NOTES:
  • Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
  • Absence of symptoms does not always mean the computer is clean
  • Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
  • Please DO NOT run any scans or fix on your own without my direction.
  • Please read all of my response through at least once before attempting to follow the procedures described.
  • If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste it to include the log in your reply.
  • You must reply within 3 days or your topic will be closed

Step 1

Download the adwCleaner

  • Run the Tool
    (Windows Vista and Windows 7 users: right click in the adwCleaner.exe and select the Run as Administrator option)
  • Select the Delete button.
  • When the scan completes, it will open a notepad windows.
  • Please, copy the content of this file in your next reply.

Step 2

Download OTL to your Desktop

  • Double click on the icon to run it (If running Vista or Windows 7, right click on it and select "Run as an Administrator"). Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan/Fixes box paste this in

    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    services.exe
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them here for me.

Step 3

Please don't forget to include these items in your reply:

  • OTL log
  • OTL Extras log
  • adwCleaner log
It would be helpful if you could post each log in separate post using "Add Reply" button
  • 0

#3
Glennie

Glennie

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Many thanks maliprog.

The problem i have is on my PC in the office.

As tomorrow is a holiday, I won't be able to start work till Friday, following your instructions to the letter, rest assured.

Thanks again

Glennie
  • 0

#4
Glennie

Glennie

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Hi

I have a problem with the following instruction:

Run the Tool
...
Select the Delete button.


My interpretation of this is that I should hit the 'delete' button before starting the search.
In any case, I can't hit it afterwards as it does not appear: the prog opens the log file immediately after the search and no 'delete' button appears.

But where is the delete button? Or rather, what is it's equivalent in Spanish? (see attachment)

Could you clarify?


Apologies for stumbling at the first hurdle. :upset:

Attached Thumbnails

  • Adw.jpg

  • 0

#5
Glennie

Glennie

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
I worked out what you meant.
Here is the Adw log:

# AdwCleaner v2.006 - Fichero creado el 02/11/2012 a 08:45:54
# Actualizado el 30/10/2012 por Xplode
# Sistema operativo : Microsoft Windows XP Service Pack 3 (32 bits)
# Usuario : glennhubb - ICAI-IDIOMAS
# Modo de inicio : Normal
# Ejecutado desde : C:\Documents and Settings\glennhubb\Mis documentos\Downloads\adwcleaner.exe
# Opción [Supresión]


***** [Servicios] *****


***** [Ficheros / Carpetas] *****

Carpeta Suprimido : C:\Documents and Settings\All Users\Datos de programa\Babylon
Carpeta Suprimido : C:\Documents and Settings\All Users\Datos de programa\InstallMate
Carpeta Suprimido : C:\Documents and Settings\glennhubb\Datos de programa\Babylon
Fichero Suprimido : C:\Archivos de programa\Mozilla Firefox\searchplugins\babylon.xml

***** [Registro] *****

Clave Supprimida : HKCU\Software\Babylon
Clave Supprimida : HKCU\Software\BabylonToolbar
Clave Supprimida : HKCU\Software\Conduit
Clave Supprimida : HKCU\Software\DataMngr
Clave Supprimida : HKCU\Software\DataMngr_Toolbar
Clave Supprimida : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Clave Supprimida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Clave Supprimida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2D360201-FFF5-11D1-8D03-00A0C959BC0A}
Clave Supprimida : HKCU\Software\Softonic
Clave Supprimida : HKLM\Software\Babylon
Clave Supprimida : HKLM\Software\BabylonToolbar
Clave Supprimida : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Clave Supprimida : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Clave Supprimida : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Clave Supprimida : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Clave Supprimida : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Clave Supprimida : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Clave Supprimida : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Clave Supprimida : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Clave Supprimida : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Clave Supprimida : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Clave Supprimida : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Clave Supprimida : HKLM\SOFTWARE\Classes\b
Clave Supprimida : HKLM\SOFTWARE\Classes\Babylon.dskBnd
Clave Supprimida : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1
Clave Supprimida : HKLM\SOFTWARE\Classes\bbylnApp.appCore
Clave Supprimida : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1
Clave Supprimida : HKLM\SOFTWARE\Classes\CLSID\{291BCCC1-6890-484A-89D3-318C928DAC1B}
Clave Supprimida : HKLM\SOFTWARE\Classes\CLSID\{2D360201-FFF5-11D1-8D03-00A0C959BC0A}
Clave Supprimida : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Clave Supprimida : HKLM\SOFTWARE\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Clave Supprimida : HKLM\SOFTWARE\Classes\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}
Clave Supprimida : HKLM\SOFTWARE\Classes\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575}
Clave Supprimida : HKLM\SOFTWARE\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}
Clave Supprimida : HKLM\SOFTWARE\Classes\escort.escortIEPane
Clave Supprimida : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Clave Supprimida : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc
Clave Supprimida : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1
Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Clave Supprimida : HKLM\SOFTWARE\Classes\Prod.cap
Clave Supprimida : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Clave Supprimida : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Clave Supprimida : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}
Clave Supprimida : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Clave Supprimida : HKLM\Software\DataMngr
Clave Supprimida : HKLM\SOFTWARE\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Clave Supprimida : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}
Clave Supprimida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{E55E7026-EF2A-4A17-AAA7-DB98EA3FD1B1}

***** [Navegadores] *****

-\\ Internet Explorer v8.0.6001.18702

Sustituido : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://isearch.babylon.com/?affID=116222&tt=4412_5&babsrc=NT_ss&mntrId=a43f0e9c00000000000000123f434efb --> hxxp://www.google.com

*************************

AdwCleaner[R1].txt - [5885 octets] - [02/11/2012 08:41:51]
AdwCleaner[R2].txt - [5941 octets] - [02/11/2012 08:44:52]
AdwCleaner[S3].txt - [5878 octets] - [02/11/2012 08:45:54]

########## EOF - C:\AdwCleaner[S3].txt - [5938 octets] ##########
  • 0

#6
Glennie

Glennie

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
I had a problem when I got to running the OTL.
I forgot (I always do!) to close the Chrome browser window after downloading the prog. So I started running it with the window open.
I tried to stop the OTL but there was no way so I had to force the PC to close using the on/off button.
I then rebooted the PC and ran OTL with all windows closed.
If this means that the whole process is now invalid, just let me know and I'll start again.

Here is one of the OTL blogs.

OTL logfile created on: 02/11/2012 9:05:05 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\glennhubb\Mis documentos\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C0A | Country: España | Language: ESN | Date Format: dd/MM/yyyy

3,25 Gb Total Physical Memory | 2,38 Gb Available Physical Memory | 73,30% Memory free
4,59 Gb Paging File | 3,48 Gb Available in Paging File | 75,81% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Archivos de programa
Drive C: | 74,50 Gb Total Space | 30,69 Gb Free Space | 41,19% Space Free | Partition Type: NTFS

Computer Name: ICAI-IDIOMAS | User Name: glennhubb | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/11/02 09:04:51 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\glennhubb\Mis documentos\Downloads\OTL (1).exe
PRC - [2012/10/23 22:05:29 | 001,242,136 | ---- | M] (Google Inc.) -- C:\Documents and Settings\glennhubb\Configuración local\Datos de programa\Google\Chrome\Application\chrome.exe
PRC - [2012/09/20 05:02:24 | 000,363,752 | ---- | M] (BillP Studios) -- C:\Archivos de programa\BillP Studios\WinPatrol\WinPatrol.exe
PRC - [2012/09/18 11:25:24 | 000,212,432 | ---- | M] (Google Inc.) -- C:\Archivos de programa\Google\Update\1.3.21.123\GoogleCrashHandler.exe
PRC - [2012/09/17 11:41:54 | 000,254,896 | ---- | M] (Sun Microsystems, Inc.) -- C:\Archivos de programa\Archivos comunes\Java\Java Update\jusched.exe
PRC - [2012/03/21 14:25:34 | 000,820,592 | ---- | M] (SMART Technologies) -- C:\Archivos de programa\SMART Technologies\Education Software\UCService.exe
PRC - [2012/03/21 14:25:28 | 002,186,096 | ---- | M] (SMART Technologies) -- C:\Archivos de programa\SMART Technologies\Education Software\SMARTBoardService.exe
PRC - [2012/03/02 16:24:14 | 000,019,312 | ---- | M] (SMART Technologies ULC) -- C:\Archivos de programa\SMART Technologies\Education Software\ResponseHardwareService.exe
PRC - [2010/08/27 06:06:46 | 000,870,712 | ---- | M] (Trend Micro Inc.) -- C:\Archivos de programa\Trend Micro\OfficeScan Client\PccNTMon.exe
PRC - [2010/08/24 15:22:34 | 001,580,640 | ---- | M] (Trend Micro Inc.) -- C:\Archivos de programa\Trend Micro\OfficeScan Client\TmListen.exe
PRC - [2010/08/24 15:18:20 | 000,248,592 | ---- | M] (Trend Micro Inc.) -- C:\Archivos de programa\Trend Micro\OfficeScan Client\Temp\pccntupd.exe
PRC - [2010/08/24 15:15:38 | 001,459,872 | ---- | M] (Trend Micro Inc.) -- C:\Archivos de programa\Trend Micro\OfficeScan Client\NTRtScan.exe
PRC - [2010/07/05 19:07:12 | 000,438,112 | ---- | M] (Trend Micro Inc.) -- C:\Archivos de programa\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
PRC - [2010/06/29 09:20:40 | 000,497,080 | ---- | M] (Trend Micro Inc.) -- C:\Archivos de programa\Trend Micro\OfficeScan Client\TmPfw.exe
PRC - [2010/06/14 21:34:30 | 000,345,424 | ---- | M] (Trend Micro Inc.) -- C:\Archivos de programa\Trend Micro\BM\TMBMSRV.exe
PRC - [2009/09/18 03:00:00 | 000,764,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\CCM\CcmExec.exe
PRC - [2008/04/14 06:48:58 | 001,036,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/08/09 08:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2006/01/11 11:07:38 | 000,859,648 | ---- | M] (M8 Software) -- C:\Glenn\Freeclip\ClipM8\ClipM8.exe
PRC - [2006/01/02 16:41:22 | 000,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Archivos de programa\ATI Technologies\ATI.ACE\CLI.exe
PRC - [2003/06/20 08:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7Debug\mdm.exe


========== Modules (No Company Name) ==========

MOD - [2012/10/23 22:05:26 | 000,460,312 | ---- | M] () -- C:\Documents and Settings\glennhubb\Configuración local\Datos de programa\Google\Chrome\Application\23.0.1271.52\ppgooglenaclpluginchrome.dll
MOD - [2012/10/23 22:05:23 | 004,007,448 | ---- | M] () -- C:\Documents and Settings\glennhubb\Configuración local\Datos de programa\Google\Chrome\Application\23.0.1271.52\pdf.dll
MOD - [2012/10/23 22:03:54 | 000,156,712 | ---- | M] () -- C:\Documents and Settings\glennhubb\Configuración local\Datos de programa\Google\Chrome\Application\23.0.1271.52\avutil-51.dll
MOD - [2012/10/23 22:03:53 | 000,274,984 | ---- | M] () -- C:\Documents and Settings\glennhubb\Configuración local\Datos de programa\Google\Chrome\Application\23.0.1271.52\avformat-54.dll
MOD - [2012/10/23 22:03:52 | 002,168,360 | ---- | M] () -- C:\Documents and Settings\glennhubb\Configuración local\Datos de programa\Google\Chrome\Application\23.0.1271.52\avcodec-54.dll
MOD - [2012/10/18 15:31:36 | 000,843,776 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_d6149ab3\system.drawing.dll
MOD - [2012/10/18 15:31:28 | 003,035,136 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_8b38f52a\system.windows.forms.dll
MOD - [2012/10/18 15:31:09 | 000,471,040 | ---- | M] () -- c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll
MOD - [2012/10/03 08:44:00 | 002,364,840 | ---- | M] () -- C:\WINDOWS\WinSxS\x86_smarttech.xqilla.vc100.1.1_9ca15c999435ee05_1.0.1.0_x-ww_115db9e6\xqilla-vc100-1_0.dll
MOD - [2012/10/03 08:39:31 | 000,066,976 | ---- | M] () -- C:\WINDOWS\WinSxS\x86_smarttech.zlib.vc100.1.2_9ca15c999435ee05_1.0.1.0_x-ww_bdce9461\zlib1-vc100-mt-1.2.dll
MOD - [2012/10/03 08:39:30 | 002,310,056 | ---- | M] () -- C:\WINDOWS\WinSxS\x86_smarttech.redland.vc100.1.0_9ca15c999435ee05_1.0.1.0_x-ww_77050792\redland-vc100-1_0_9.dll
MOD - [2012/10/03 08:39:29 | 008,266,656 | ---- | M] () -- C:\WINDOWS\WinSxS\x86_smarttech.qt.vc100.4.7_9ca15c999435ee05_1.0.1.0_x-ww_b2691301\QtGui4.dll
MOD - [2012/10/03 08:39:29 | 000,948,128 | ---- | M] () -- C:\WINDOWS\WinSxS\x86_smarttech.qt.vc100.4.7_9ca15c999435ee05_1.0.1.0_x-ww_b2691301\QtNetwork4.dll
MOD - [2012/10/03 08:39:28 | 002,296,736 | ---- | M] () -- C:\WINDOWS\WinSxS\x86_smarttech.qt.vc100.4.7_9ca15c999435ee05_1.0.1.0_x-ww_b2691301\QtCore4.dll
MOD - [2012/10/03 08:39:22 | 000,054,184 | ---- | M] () -- C:\WINDOWS\WinSxS\x86_smarttech.boostthread.vc100.1.44_9ca15c999435ee05_1.0.1.0_x-ww_223d02ca\boost_thread-vc100-mt-1_44.dll
MOD - [2012/10/03 08:39:22 | 000,022,440 | ---- | M] () -- C:\WINDOWS\WinSxS\x86_smarttech.boostsystem.vc100.1.44_9ca15c999435ee05_1.0.1.0_x-ww_63c41565\boost_system-vc100-mt-1_44.dll
MOD - [2012/10/03 08:39:21 | 000,145,328 | ---- | M] () -- C:\WINDOWS\WinSxS\x86_smarttech.boostfilesystem.vc100.1.44_9ca15c999435ee05_1.0.1.0_x-ww_63375869\boost_filesystem-vc100-mt-1_44.dll
MOD - [2012/10/03 08:39:21 | 000,053,680 | ---- | M] () -- C:\WINDOWS\WinSxS\x86_smarttech.boostsignals.vc100.1.44_9ca15c999435ee05_1.0.1.0_x-ww_36e3f87f\boost_signals-vc100-mt-1_44.dll
MOD - [2012/10/03 08:39:20 | 000,051,120 | ---- | M] () -- C:\WINDOWS\WinSxS\x86_smarttech.boostdatetime.vc100.1.44_9ca15c999435ee05_1.0.1.0_x-ww_c41aee2c\boost_date_time-vc100-mt-1_44.dll
MOD - [2012/06/20 22:23:00 | 000,599,419 | ---- | M] () -- C:\Archivos de programa\BillP Studios\WinPatrol\sqlite3.dll
MOD - [2012/05/24 13:23:42 | 003,391,488 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_a0d93f5e\mscorlib.dll
MOD - [2012/05/24 13:23:27 | 002,088,960 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_0d61aa3d\system.xml.dll
MOD - [2012/05/24 13:23:06 | 001,966,080 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_3de174a4\system.dll
MOD - [2012/05/24 13:22:53 | 001,232,896 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll
MOD - [2012/05/24 13:22:52 | 001,269,760 | ---- | M] () -- c:\windows\assembly\gac\system.web\1.0.5000.0__b03f5f7f11d50a3a\system.web.dll
MOD - [2012/05/24 13:22:51 | 002,064,384 | ---- | M] () -- c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll
MOD - [2005/09/14 16:41:08 | 000,372,736 | ---- | M] () -- c:\windows\assembly\gac\system.management\1.0.5000.0__b03f5f7f11d50a3a\system.management.dll
MOD - [2005/09/14 16:41:07 | 001,339,392 | ---- | M] () -- c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll
MOD - [2005/09/14 16:41:07 | 000,323,584 | ---- | M] () -- c:\windows\assembly\gac\system.runtime.remoting\1.0.5000.0__b77a5c561934e089\system.runtime.remoting.dll
MOD - [2005/09/14 15:59:49 | 000,229,376 | ---- | M] () -- c:\windows\assembly\gac\mscorlib.resources\1.0.5000.0_es_b77a5c561934e089\mscorlib.resources.dll
MOD - [2005/09/14 15:59:49 | 000,180,224 | ---- | M] () -- c:\windows\assembly\gac\system.windows.forms.resources\1.0.5000.0_es_b77a5c561934e089\system.windows.forms.resources.dll
MOD - [2003/07/09 23:27:10 | 000,753,664 | ---- | M] () -- C:\Archivos de programa\Adobe\Acrobat 6.0\Distillr\AdistRes.ESP
MOD - [2001/10/28 17:42:30 | 000,116,224 | ---- | M] () -- C:\WINDOWS\system32\redmonnt.dll
MOD - [2001/07/31 10:17:12 | 000,094,274 | ---- | M] () -- C:\WINDOWS\system32\HPBHEALR.DLL


========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\Archivos de programa\TightVNC\WinVNC.exe -- (winvnc)
SRV - [2012/10/03 08:39:53 | 001,044,816 | ---- | M] (Flexera Software, Inc.) [Disabled | Stopped] -- C:\Archivos de programa\Archivos comunes\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012/03/21 14:25:34 | 000,820,592 | ---- | M] (SMART Technologies) [Auto | Running] -- C:\Archivos de programa\SMART Technologies\Education Software\UCService.exe -- (SMART Display Controller)
SRV - [2012/03/21 14:25:28 | 002,186,096 | ---- | M] (SMART Technologies) [Auto | Running] -- C:\Archivos de programa\SMART Technologies\Education Software\SMARTBoardService.exe -- (SMART Board Service)
SRV - [2012/03/02 16:24:14 | 000,019,312 | ---- | M] (SMART Technologies ULC) [Auto | Running] -- C:\Archivos de programa\SMART Technologies\Education Software\ResponseHardwareService.exe -- (Response Hardware)
SRV - [2011/06/22 07:42:46 | 000,141,680 | ---- | M] (SMART Technologies Inc.) [Auto | Stopped] -- C:\Archivos de programa\Archivos comunes\SMART Technologies\Mirror Driver\MonitorService.exe -- (SMART Mirror Driver Monitor Service)
SRV - [2010/08/24 15:22:34 | 001,580,640 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Archivos de programa\Trend Micro\OfficeScan Client\TmListen.exe -- (tmlisten)
SRV - [2010/08/24 15:15:38 | 001,459,872 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Archivos de programa\Trend Micro\OfficeScan Client\NTRtScan.exe -- (ntrtscan)
SRV - [2010/06/29 09:20:40 | 000,497,080 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Archivos de programa\Trend Micro\OfficeScan Client\TmPfw.exe -- (TmPfw)
SRV - [2010/06/14 21:34:30 | 000,345,424 | ---- | M] () [On_Demand | Running] -- C:\Archivos de programa\Trend Micro\OfficeScan Client\..\BM\TMBMSRV.exe -- (TMBMServer)
SRV - [2010/04/24 22:36:36 | 000,689,416 | ---- | M] (Trend Micro Inc.) [On_Demand | Stopped] -- C:\Archivos de programa\Trend Micro\OfficeScan Client\TmProxy.exe -- (TmProxy)
SRV - [2009/09/18 03:00:00 | 000,764,768 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\CCM\CcmExec.exe -- (CcmExec)
SRV - [2009/09/18 03:00:00 | 000,246,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\CCM\TSManager.exe -- (smstsmgr)
SRV - [2007/08/09 08:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2004/12/09 21:51:18 | 000,205,824 | ---- | M] (DameWare Development LLC) [Disabled | Stopped] -- C:\WINDOWS\system32\DWRCS.EXE -- (DWMRCS)
SRV - [2003/07/28 19:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Archivos de programa\Archivos comunes\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2003/06/20 08:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7Debug\mdm.exe -- (MDM)
SRV - [2003/03/03 12:33:40 | 000,143,360 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- c:\Archivos de programa\Intel\NCS\Sync\NetSvc.exe -- (NetSvc)


========== Driver Services (SafeList) ==========

DRV - File not found [Adapter | On_Demand | Unknown] -- -- (Winsock - Google Desktop Search Backup Before Last Install)
DRV - File not found [Adapter | On_Demand | Unknown] -- -- (Winsock - Google Desktop Search Backup Before First Install)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\appliand.sys -- (appliandMP)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Archivos de programa\AIDA32 -- (AIDA32Driver)
DRV - [2012/07/17 12:40:38 | 000,264,504 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Archivos de programa\Trend Micro\OfficeScan Client\tmxpflt.sys -- (TmFilter)
DRV - [2012/07/17 12:40:18 | 000,036,664 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Archivos de programa\Trend Micro\OfficeScan Client\tmpreflt.sys -- (TmPreFilter)
DRV - [2012/07/17 12:09:50 | 001,515,232 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Archivos de programa\Trend Micro\OfficeScan Client\VsapiNT.sys -- (VSApiNt)
DRV - [2010/06/15 11:25:42 | 000,177,232 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2010/06/14 21:26:56 | 000,067,664 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmactmon.sys -- (tmactmon)
DRV - [2010/06/14 21:26:20 | 000,057,424 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmevtmgr.sys -- (tmevtmgr)
DRV - [2010/04/24 22:37:00 | 000,341,520 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TM_CFW.sys -- (tmcfw)
DRV - [2010/04/24 22:36:50 | 000,090,256 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tmtdi.sys -- (tmtdi)
DRV - [2009/09/18 03:00:00 | 000,020,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\CCM\PrepDrv.sys -- (prepdrvr)
DRV - [2008/04/08 17:27:04 | 000,012,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smsmdm.sys -- (smsmdd)
DRV - [2006/06/07 16:08:58 | 001,580,544 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004/09/17 08:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2004/08/23 13:49:30 | 000,121,472 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2004/04/22 09:38:08 | 000,002,432 | ---- | M] (SMART Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smrtdrv.sys -- (smrtdrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.upcomill...=13&IdIdioma=ES
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{3B4F1386-20EB-4E3E-A2D4-762A18F650AD}: "URL" = http://www.bing.com/...ge}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{548430F0-CB7C-4219-AC47-6DD9B9306ED1}: "URL" = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Archivos de programa\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Archivos de programa\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.448: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.448: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Archivos de programa\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Archivos de programa\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\glennhubb\Configuración local\Datos de programa\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\glennhubb\Configuración local\Datos de programa\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\Documents and Settings\All Users\Datos de programa\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2009/05/20 15:18:41 | 000,000,000 | ---D | M]

[2012/10/31 15:39:13 | 000,000,000 | ---D | M] (No name found) -- C:\Archivos de programa\Mozilla Firefox\extensions
[2012/06/19 12:57:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Archivos de programa\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012/10/01 13:33:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Archivos de programa\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012/10/19 08:11:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Archivos de programa\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}

========== Chrome ==========

CHR - homepage: http://www.google.es/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.google.es/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\glennhubb\Configuraci\u00F3n local\Datos de programa\Google\Chrome\Application\23.0.1271.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\glennhubb\Configuraci\u00F3n local\Datos de programa\Google\Chrome\Application\23.0.1271.52\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\glennhubb\Configuraci\u00F3n local\Datos de programa\Google\Chrome\Application\23.0.1271.52\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\glennhubb\Configuraci\u00F3n local\Datos de programa\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Archivos de programa\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Archivos de programa\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Archivos de programa\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Archivos de programa\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Archivos de programa\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Archivos de programa\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Archivos de programa\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Archivos de programa\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Archivos de programa\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Archivos de programa\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Archivos de programa\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Archivos de programa\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Archivos de programa\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Archivos de programa\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\glennhubb\Configuraci\u00F3n local\Datos de programa\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Archivos de programa\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - Extension: Docs in Google Drive = C:\Documents and Settings\glennhubb\Configuración local\Datos de programa\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.1_0\
CHR - Extension: Google Drive = C:\Documents and Settings\glennhubb\Configuración local\Datos de programa\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
CHR - Extension: Google Reader Notifier (by Google) = C:\Documents and Settings\glennhubb\Configuración local\Datos de programa\Google\Chrome\User Data\Default\Extensions\apflmjolhbonpkbkooiamcnenbmbjcbf\1.4_0\
CHR - Extension: YouTube = C:\Documents and Settings\glennhubb\Configuración local\Datos de programa\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: History 2 = C:\Documents and Settings\glennhubb\Configuración local\Datos de programa\Google\Chrome\User Data\Default\Extensions\cahejgbbfgmlmjgdjlibphdjeldhagkp\0.6.0_0\
CHR - Extension: Google Search = C:\Documents and Settings\glennhubb\Configuración local\Datos de programa\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: Notification Count for Google Plus\u2122 = C:\Documents and Settings\glennhubb\Configuración local\Datos de programa\Google\Chrome\User Data\Default\Extensions\ehcjeejpbinpibjicmpcdeenfmehlpjk\0.2_0\
CHR - Extension: Gmail Offline = C:\Documents and Settings\glennhubb\Configuración local\Datos de programa\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk\1.19_0\
CHR - Extension: Google Calendar = C:\Documents and Settings\glennhubb\Configuración local\Datos de programa\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.3_0\
CHR - Extension: New Doc = C:\Documents and Settings\glennhubb\Configuración local\Datos de programa\Google\Chrome\User Data\Default\Extensions\fgegfncbeikiknoffapmeaenbefalfen\1.8_0\
CHR - Extension: G+ Count Favicon = C:\Documents and Settings\glennhubb\Configuración local\Datos de programa\Google\Chrome\User Data\Default\Extensions\illlmhgddcibickdjmdieldgfmpcnmgm\1.2_0\
CHR - Extension: Date Today = C:\Documents and Settings\glennhubb\Configuración local\Datos de programa\Google\Chrome\User Data\Default\Extensions\mhgknbehalhkedjgfhiaindklahhkccc\1.0.6_0\
CHR - Extension: Google Mail Checker = C:\Documents and Settings\glennhubb\Configuración local\Datos de programa\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff\4.4.0_0\
CHR - Extension: AutoPager Chrome = C:\Documents and Settings\glennhubb\Configuración local\Datos de programa\Google\Chrome\User Data\Default\Extensions\mmgagnmbebdebebbcleklifnobamjonh\0.7.1.4_0\
CHR - Extension: +Photo Zoom = C:\Documents and Settings\glennhubb\Configuración local\Datos de programa\Google\Chrome\User Data\Default\Extensions\njoglkofocgopmdfjnbifnicbickbola\0.1.0.29_0\
CHR - Extension: RSS Subscription Extension (by Google) = C:\Documents and Settings\glennhubb\Configuración local\Datos de programa\Google\Chrome\User Data\Default\Extensions\nlbjncdgjeocebhnmkbbbdekmmmcbfjd\2.2.0_0\
CHR - Extension: Docs PDF/PowerPoint Viewer (by Google) = C:\Documents and Settings\glennhubb\Configuración local\Datos de programa\Google\Chrome\User Data\Default\Extensions\nnbmlagghjjcbdhgmkedmbmedengocbn\3.10_0\
CHR - Extension: Google Quick Scroll = C:\Documents and Settings\glennhubb\Configuración local\Datos de programa\Google\Chrome\User Data\Default\Extensions\okanipcmceoeemlbjnmnbdibhgpbllgc\1.83_0\
CHR - Extension: Surplus = C:\Documents and Settings\glennhubb\Configuración local\Datos de programa\Google\Chrome\User Data\Default\Extensions\pfphgaimeghgekhncbkfblhdhfaiaipf\4.0.6_0\
CHR - Extension: Send from Gmail (by Google) = C:\Documents and Settings\glennhubb\Configuración local\Datos de programa\Google\Chrome\User Data\Default\Extensions\pgphcomnlaojlmmcjmiddhdapjpbgeoc\1.13_0\
CHR - Extension: Gmail = C:\Documents and Settings\glennhubb\Configuración local\Datos de programa\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2002/09/10 13:00:00 | 000,000,792 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Archivos de programa\Archivos comunes\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\Program Files\Real\realplayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Archivos de programa\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Archivos de programa\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKLM\..\Toolbar: (PDF de Adobe) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Archivos de programa\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Archivos de programa\Archivos comunes\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ATICCC] C:\Archivos de programa\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)
O4 - HKLM..\Run: [OfficeScanNT Monitor] C:\Archivos de programa\Trend Micro\OfficeScan Client\pccntmon.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Archivos de programa\Archivos comunes\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [WinPatrol] C:\Archivos de programa\BillP Studios\WinPatrol\WinPatrol.exe (BillP Studios)
O4 - HKCU..\Run: [GoogleChromeAutoLaunch_727A3476117C120EA07B4B5F3D199021] C:\Documents and Settings\glennhubb\Configuración local\Datos de programa\Google\Chrome\Application\chrome.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\glennhubb\Menú Inicio\Programas\Inicio\Acceso directo (2) a ClipM8.exe.lnk = C:\Glenn\Freeclip\ClipM8\ClipM8.exe (M8 Software)
O4 - Startup: C:\Documents and Settings\glennhubb\Menú Inicio\Programas\Inicio\Google Chrome.lnk = C:\Documents and Settings\glennhubb\Configuración local\Datos de programa\Google\Chrome\Application\chrome.exe (Google Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Fit-width Print - {3C34EBD2-038D-4d4f-B081-16D99D8BE2B4} - C:\WINDOWS\Downloaded Program Files\IEPrint.dll ()
O15 - HKCU\..Trusted Domains: google.com ([mail] https in Trusted sites)
O15 - HKCU\..Trusted Domains: upcomillas.es ([www] https in Trusted sites)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {41861299-EAB2-4DCC-986C-802AE12AC499} https://jaguar.upcom...OpType=PrintCab (RSClientPrint 2005 Class)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail....es/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1278324951857 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1278325059737 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: IEPrint http://www.visiontec...oad/IEPrint.CAB (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 130.206.68.169 130.206.68.166
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = upcont.es
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{08AE6007-B2C0-48CB-B346-1D6910DCCE25}: DhcpNameServer = 130.206.68.169 130.206.68.166 130.206.68.151
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5719B117-AC97-4A35-84B1-3A5F9DDAC271}: DhcpNameServer = 130.206.68.169 130.206.68.166 130.206.68.151
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{800DA603-CA11-45C6-BBCA-8087472B6596}: DhcpNameServer = 130.206.68.169 130.206.68.166
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: TaskMan - (C:\RECYCLER\S-1-5-21-7932157299-4395933859-136473104-6303\wingn.exe) - File not found
O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop Components:0 (Mi página de inicio actual) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\glennhubb\Configuración local\Datos de programa\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\glennhubb\Configuración local\Datos de programa\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {EDB0E980-90BD-11D4-8599-0008C7D3B6F8} - C:\Archivos de programa\Qualcomm\Eudora\EuShlExt.dll File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003/11/27 10:29:49 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{714b7250-1ac7-11de-9eb0-00065bc55956}\Shell\AutoRun\command - "" = CONFIG\S-1-6-21-2434476501-1644491937-600003330-1213\DriveIcon.exe
O33 - MountPoints2\{714b7250-1ac7-11de-9eb0-00065bc55956}\Shell\open\command - "" = CONFIG\S-1-6-21-2434476501-1644491937-600003330-1213\DriveIcon.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/10/31 11:59:31 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\glennhubb\Escritorio\OTL (1).exe
[2012/10/31 11:48:51 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\glennhubb\Escritorio\OTL.exe
[2012/10/31 11:00:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\glennhubb\Datos de programa\Malwarebytes
[2012/10/31 10:59:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menú Inicio\Programas\Malwarebytes' Anti-Malware
[2012/10/31 10:59:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Datos de programa\Malwarebytes
[2012/10/31 10:59:04 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/10/31 10:59:04 | 000,000,000 | ---D | C] -- C:\Archivos de programa\Malwarebytes' Anti-Malware
[2012/10/31 10:58:10 | 010,669,952 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\glennhubb\Escritorio\mbam-setup-1.65.1.1000.exe
[2012/10/31 10:39:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menú Inicio\Programas\WinPatrol
[2012/10/30 16:20:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\glennhubb\Datos de programa\GoforFiles
[2012/10/24 14:49:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\glennhubb\Mis documentos\SmartDraw
[2012/10/24 14:49:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\glennhubb\System
[2012/10/24 14:49:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\glennhubb\Datos de programa\SmartDraw
[2012/10/15 07:27:53 | 000,000,000 | ---D | C] -- C:\Archivos de programa\BillP Studios
[2012/10/03 10:03:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\glennhubb\Mis documentos\LabVIEW Data
[2012/10/03 10:01:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\glennhubb\Mis documentos\My Notebook Content
[2012/10/03 10:01:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\glennhubb\Mis documentos\SMART Response
[2012/10/03 10:01:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\glennhubb\Datos de programa\SMART Technologies
[2012/10/03 10:00:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\glennhubb\Configuración local\Datos de programa\SMART Technologies
[2012/10/03 10:00:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\glennhubb\Mis documentos\SMART Notebook
[2012/10/03 09:59:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\glennhubb\Mis documentos\SMART Technologies
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/11/02 09:35:07 | 000,000,496 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{A1B65CFD-6C55-4B1E-BF90-955D88269859}.job
[2012/11/02 09:30:00 | 000,001,108 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/11/02 09:02:42 | 000,000,463 | ---- | M] () -- C:\WINDOWS\smscfg.ini
[2012/11/02 09:01:02 | 000,001,104 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/11/02 09:00:06 | 000,001,208 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-967657614-1619080226-1236795852-11862UA.job
[2012/11/02 09:00:03 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/11/02 09:00:00 | 3487,707,136 | -HS- | M] () -- C:\hiberfil.sys
[2012/11/02 08:54:12 | 000,001,156 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-967657614-1619080226-1236795852-11862Core.job
[2012/11/02 08:21:38 | 000,034,364 | ---- | M] () -- C:\Documents and Settings\glennhubb\Escritorio\Adw.jpg
[2012/11/02 08:10:28 | 000,008,822 | ---- | M] () -- C:\WINDOWS\cfgall.ini
[2012/11/02 08:08:33 | 000,002,228 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/10/31 13:28:52 | 000,000,777 | ---- | M] () -- C:\Documents and Settings\glennhubb\Escritorio\Notepad++.lnk
[2012/10/31 11:59:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\glennhubb\Escritorio\OTL (1).exe
[2012/10/31 11:48:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\glennhubb\Escritorio\OTL.exe
[2012/10/31 10:59:19 | 000,000,833 | ---- | M] () -- C:\Documents and Settings\All Users\Escritorio\Malwarebytes Anti-Malware.lnk
[2012/10/31 10:58:16 | 010,669,952 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\glennhubb\Escritorio\mbam-setup-1.65.1.1000.exe
[2012/10/31 10:38:51 | 001,013,760 | ---- | M] () -- C:\Documents and Settings\glennhubb\Escritorio\wpsetup.msi
[2012/10/30 15:49:15 | 000,002,471 | ---- | M] () -- C:\Documents and Settings\glennhubb\Escritorio\Directorio Telefónico.lnk
[2012/10/30 10:43:05 | 000,000,298 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/10/29 08:37:05 | 000,605,016 | ---- | M] () -- C:\WINDOWS\System32\perfh00A.dat
[2012/10/29 08:37:05 | 000,520,216 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/10/29 08:37:05 | 000,122,162 | ---- | M] () -- C:\WINDOWS\System32\perfc00A.dat
[2012/10/29 08:37:05 | 000,094,280 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/10/29 08:37:03 | 000,439,446 | ---- | M] () -- C:\WINDOWS\System32\perfh0c0.dat
[2012/10/29 08:37:03 | 000,068,158 | ---- | M] () -- C:\WINDOWS\System32\perfc0c0.dat
[2012/10/25 07:58:46 | 000,002,382 | ---- | M] () -- C:\Documents and Settings\glennhubb\Menú Inicio\Programas\Inicio\Google Chrome.lnk
[2012/10/24 14:49:20 | 000,000,730 | ---- | M] () -- C:\Documents and Settings\glennhubb\Escritorio\SmartDraw 2013.lnk
[2012/10/24 14:45:55 | 000,497,280 | ---- | M] () -- C:\Documents and Settings\glennhubb\Escritorio\smartdraw_YZ_TPNPW_setup.exe
[2012/10/24 11:11:32 | 000,157,362 | ---- | M] () -- C:\Documents and Settings\glennhubb\Escritorio\6256921303_0a34bf39f9.jpg
[2012/10/22 10:10:16 | 000,018,354 | ---- | M] () -- C:\Documents and Settings\glennhubb\Escritorio\Fill-in options.jpg
[2012/10/19 07:25:50 | 000,309,192 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/10/18 15:39:45 | 000,001,822 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/10/18 09:32:51 | 000,053,818 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol
[2012/10/11 07:11:09 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/10/05 07:58:58 | 000,002,403 | ---- | M] () -- C:\Documents and Settings\glennhubb\Escritorio\Jing.lnk
[2012/10/03 10:19:59 | 000,001,934 | ---- | M] () -- C:\Documents and Settings\All Users\Escritorio\Visualizador de documentos SMART Ink.lnk
[2012/10/03 10:18:42 | 000,196,046 | ---- | M] () -- C:\Documents and Settings\glennhubb\Escritorio\letras compactas bSOLFÓNICA.pdf
[2012/10/03 10:09:16 | 000,001,932 | ---- | M] () -- C:\Documents and Settings\All Users\Escritorio\SMART Notebook 11.lnk
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/11/02 08:21:37 | 000,034,364 | ---- | C] () -- C:\Documents and Settings\glennhubb\Escritorio\Adw.jpg
[2012/10/31 13:28:52 | 000,000,777 | ---- | C] () -- C:\Documents and Settings\glennhubb\Escritorio\Notepad++.lnk
[2012/10/31 10:59:19 | 000,000,833 | ---- | C] () -- C:\Documents and Settings\All Users\Escritorio\Malwarebytes Anti-Malware.lnk
[2012/10/31 10:38:50 | 001,013,760 | ---- | C] () -- C:\Documents and Settings\glennhubb\Escritorio\wpsetup.msi
[2012/10/24 14:49:20 | 000,000,736 | ---- | C] () -- C:\Documents and Settings\glennhubb\Menú Inicio\Programas\SmartDraw 2013.lnk
[2012/10/24 14:49:20 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\glennhubb\Escritorio\SmartDraw 2013.lnk
[2012/10/24 14:45:54 | 000,497,280 | ---- | C] () -- C:\Documents and Settings\glennhubb\Escritorio\smartdraw_YZ_TPNPW_setup.exe
[2012/10/24 11:11:32 | 000,157,362 | ---- | C] () -- C:\Documents and Settings\glennhubb\Escritorio\6256921303_0a34bf39f9.jpg
[2012/10/22 10:10:16 | 000,018,354 | ---- | C] () -- C:\Documents and Settings\glennhubb\Escritorio\Fill-in options.jpg
[2012/10/05 16:15:21 | 000,391,304 | ---- | C] () -- C:\Documents and Settings\LocalService\Configuración local\Datos de programa\WPFFontCache_v0400-S-1-5-21-967657614-1619080226-1236795852-11862-0.dat
[2012/10/05 16:15:21 | 000,308,318 | ---- | C] () -- C:\Documents and Settings\LocalService\Configuración local\Datos de programa\WPFFontCache_v0400-System.dat
[2012/10/03 10:18:42 | 000,196,046 | ---- | C] () -- C:\Documents and Settings\glennhubb\Escritorio\letras compactas bSOLFÓNICA.pdf
[2012/07/09 16:32:46 | 000,576,048 | ---- | C] () -- C:\Documents and Settings\LocalService\Configuración local\Datos de programa\FontCache3.0.0.0.dat
[2012/07/04 07:34:41 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/05/24 13:18:59 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/05/26 12:48:11 | 000,004,764 | ---- | C] () -- C:\WINDOWS\System32\CcmFramework.ini
[2010/11/29 10:42:10 | 000,000,109 | ---- | C] () -- C:\WINDOWS\LAN660W.INI
[2008/10/07 13:42:37 | 000,001,902 | RHS- | C] () -- C:\Documents and Settings\glennhubb\ntuser.pol
[2008/06/18 07:37:55 | 011,595,404 | ---- | C] () -- C:\Archivos de programa\Maxthon2.zip
[2007/06/12 15:03:29 | 000,696,764 | ---- | C] () -- C:\Archivos de programa\cicle.zip
[2007/03/28 14:06:53 | 002,397,166 | ---- | C] () -- C:\Archivos de programa\mx_2.0.1.8313.exe
[2006/04/18 07:20:17 | 000,000,138 | ---- | C] () -- C:\Documents and Settings\glennhubb\Configuración local\Datos de programa\fusioncache.dat
[2006/02/16 13:50:42 | 000,120,899 | ---- | C] () -- C:\Documents and Settings\glennhubb\WinPatrolLog.html
[2005/12/19 09:41:26 | 000,000,811 | ---- | C] () -- C:\Documents and Settings\glennhubb\Eudora.lnk
[2005/12/14 10:01:10 | 000,025,600 | ---- | C] () -- C:\Documents and Settings\glennhubb\Configuración local\Datos de programa\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/12/14 09:43:45 | 000,053,818 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol

========== ZeroAccess Check ==========

[2005/09/14 15:58:58 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 06:48:38 | 001,499,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 11:52:53 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 03:18:46 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/10/03 09:25:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\Downloaded Installations
[2009/02/24 15:16:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\IM
[2009/02/24 15:14:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\IncrediMail
[2006/01/12 14:50:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\M8 Software
[2010/06/17 13:36:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\PhotoMail
[2012/10/03 08:44:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\SMART Technologies
[2006/01/26 16:18:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\Tavultesoft
[2007/05/28 13:53:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\TuneUp Software
[2009/05/20 15:34:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\WinZip
[2012/10/31 15:22:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\glennhubb\Datos de programa\Any Video Converter
[2011/09/06 08:11:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\glennhubb\Datos de programa\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/02/02 08:57:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\glennhubb\Datos de programa\Elluminate
[2007/10/16 11:53:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\glennhubb\Datos de programa\f2fIntermediate
[2010/12/20 09:35:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\glennhubb\Datos de programa\f2fUpperIntermediate
[2011/06/09 16:54:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\glennhubb\Datos de programa\Global-Intermediate.F58001C6A320BE09FB6D7E092A4A96AA9BF1591A.1
[2012/10/30 16:21:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\glennhubb\Datos de programa\GoforFiles
[2005/12/21 08:43:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\glennhubb\Datos de programa\Leadertech
[2006/01/12 14:50:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\glennhubb\Datos de programa\M8 Software
[2010/02/19 11:12:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\glennhubb\Datos de programa\MxBoost
[2012/10/31 13:29:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\glennhubb\Datos de programa\Notepad++
[2010/06/29 08:32:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\glennhubb\Datos de programa\Opera
[2005/12/19 10:16:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\glennhubb\Datos de programa\Qualcomm
[2012/10/08 07:15:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\glennhubb\Datos de programa\SMART Technologies
[2012/10/03 08:44:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\glennhubb\Datos de programa\SMART Technologies Inc
[2012/10/24 14:49:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\glennhubb\Datos de programa\SmartDraw
[2008/01/28 13:03:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\glennhubb\Datos de programa\Stick Tabs
[2007/05/28 13:54:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\glennhubb\Datos de programa\TuneUp Software
[2009/02/12 10:57:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\glennhubb\Datos de programa\TweetDeckFast.F9107117265DB7542C1A806C8DB837742CE14C21.1
[2009/12/04 15:00:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\glennhubb\Datos de programa\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
[2011/03/31 16:42:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\glennhubb\Datos de programa\uk.co.triptico.TDR
[2009/12/09 15:56:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\glennhubb\Datos de programa\Uniblue
[2010/06/08 08:51:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\glennhubb\Datos de programa\WinPatrol

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >
[2006/03/21 14:41:10 | 000,532,480 | ---- | M] (Trend Micro Incorporated) -- C:\cwshredder.exe

< MD5 for: EXPLORER.EXE >
[2008/04/14 06:48:58 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=7522F548A84ABAD8FA516DE5AB3931EF -- C:\WINDOWS\explorer.exe
[2008/04/14 06:48:58 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=7522F548A84ABAD8FA516DE5AB3931EF -- C:\WINDOWS\system32\dllcache\explorer.exe
[2004/08/19 14:42:48 | 001,034,752 | ---- | M] (Microsoft Corporation) MD5=89C8DD146CEAF482D82822766437D93F -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
[2007/06/13 14:10:53 | 001,035,776 | ---- | M] (Microsoft Corporation) MD5=DBB6B75CC6CB2CF8EC0BAFCA08AED6BE -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe

< MD5 for: SERVICES.EXE >
[2009/02/09 10:53:06 | 000,111,104 | ---- | M] (Microsoft Corporation) MD5=14BDC84F56A5DB7A01FDAA6FA7893759 -- C:\WINDOWS\$hf_mig$\KB956572\SP2QFE\services.exe
[2009/02/09 12:23:54 | 000,111,104 | ---- | M] (Microsoft Corporation) MD5=953DF7327510DF0DE048B8E80E504EF9 -- C:\WINDOWS\$hf_mig$\KB956572\SP3GDR\services.exe
[2009/02/09 12:23:54 | 000,111,104 | ---- | M] (Microsoft Corporation) MD5=953DF7327510DF0DE048B8E80E504EF9 -- C:\WINDOWS\system32\dllcache\services.exe
[2009/02/09 12:23:54 | 000,111,104 | ---- | M] (Microsoft Corporation) MD5=953DF7327510DF0DE048B8E80E504EF9 -- C:\WINDOWS\system32\services.exe
[2009/02/09 12:16:53 | 000,111,104 | ---- | M] (Microsoft Corporation) MD5=AA6E1769469F9D15603A619FC1FB9E18 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
[2008/04/14 06:49:12 | 000,109,056 | ---- | M] (Microsoft Corporation) MD5=D658A8C2FC7B2AD53D1259741A09EE04 -- C:\WINDOWS\$NtUninstallKB956572$\services.exe
[2004/08/19 14:43:10 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=F9852F505E0699BB83D5C6321917040B -- C:\WINDOWS\$NtUninstallKB956572_0$\services.exe

< MD5 for: SVCHOST.EXE >
[2008/04/14 06:49:14 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=4F2340F0BD5B6365C38E74DD391919A8 -- C:\WINDOWS\system32\dllcache\svchost.exe
[2008/04/14 06:49:14 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=4F2340F0BD5B6365C38E74DD391919A8 -- C:\WINDOWS\system32\svchost.exe
[2012/09/29 19:54:26 | 000,218,184 | ---- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:\Archivos de programa\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/04/14 06:49:16 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=F5B8745B9A90EAF17E30C0574E049AA3 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008/04/14 06:49:16 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=F5B8745B9A90EAF17E30C0574E049AA3 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2008/04/14 06:49:16 | 000,510,976 | ---- | M] (Microsoft Corporation) MD5=213C80D912880BBF04453D09FFCCB28C -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008/04/14 06:49:16 | 000,510,976 | ---- | M] (Microsoft Corporation) MD5=213C80D912880BBF04453D09FFCCB28C -- C:\WINDOWS\system32\winlogon.exe
[2012/09/29 19:54:26 | 000,218,184 | ---- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:\Archivos de programa\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

< %systemroot%\*. /mp /s >

< End of report >
  • 0

#7
Glennie

Glennie

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
The Extras log did not appear. :(
I'll run OTL again.
  • 0

#8
Glennie

Glennie

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Same problem again - no Extras log.
I think this might be because I'm only running the Quick Scan.
The other day, before I was in contact with you, i ran a full scan and there was an
Extras log.
So i'll run a full scan - pasting in the specifications you gave me - and send you the Extras log from that.
  • 0

#9
Glennie

Glennie

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
This time i tried a full scan without your specifications.. still only one log.

Is there anywhere on my computer that the Extras log might have been saved?
  • 0

#10
Glennie

Glennie

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
After a lot of searching on the web I've discovered that you only get an Extras file the first time you use OTL. After that, you have to request it before the scan.
That is my problem.
Can you tell me where to click on the OTL interface to make that request?

Thanks
  • 0

#11
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi Glennie,

Leave Extras.txt for now. How is your system after these first two steps? Is Babylon gone?
  • 0

#12
Glennie

Glennie

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Yes, it seems to have gone. :thumbsup:
At least it seems to have disappeared from browsers.

I no longer see browsermanager.exe in the Active Tasks either.

That adwClEANER seems to be quite powerful.

Do you think I need to do anything else?

Many thanks from Madrid to Mostar. :-)

Glennie
  • 0

#13
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi Glennie,

Many thanks from Madrid to Mostar. :-)


Thank you very much. I don't see any security issue in OTL log. We are done here.

Your logs and system are clean now. I'm glad we fix up your computer.

Step 1

Please close all running programs and Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL

    :Commands
    [purity]
    [emptytemp]
    [resethosts]
    [clearallrestorepoints]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
Step 2

We need to clean up your PC from programs we used.

Please start OTL one more time and click CleanUp button. OTL will restart your system at the end.

In case that any of the software we used in this fix still remains on your system please delete it manually (Right click on it and select Delete).

General recommendations

Here are some recommendations you should follow to minimize infection risk in the future:

1. Something to read

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?

2. Make Backups of Important Files

Please read this article Home Computer Data Backup.

3. Regularly update your software

To eliminate design flaws and security vulnerabilities, all software needs to be updated to the latest version or the vendor’s patch installed.

You should download Update Checker from here. The program will automaticly check for newer version of software installed on your system.
  • 0

#14
Glennie

Glennie

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Great Maliprog

I shall follow those instructions.

Enjoy your Sunday. (If you lived a bit closer, I'd buy you a beer! :->)

Thanks again.
  • 0

#15
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP