This topic is lockedIt seems the ESET online scan will take some more time. It's been an hour and a half and it's only 45% through the process. I'll go get some sleep and check how it did in an hour or so. Hope you're still around then.
Scans show trojan that can't be removed
Started by
thedeadlystoat
, Feb 26 2011 08:12 PM
#91
Posted 07 March 2011 - 03:58 AM
thedeadlystoat
- Topic Starter
-
- Member
-
- 73 posts
Member
It seems the ESET online scan will take some more time. It's been an hour and a half and it's only 45% through the process. I'll go get some sleep and check how it did in an hour or so. Hope you're still around then.
#92
Posted 07 March 2011 - 04:02 AM
Salagubang
-
- Malware Removal
-
- 3,891 posts
Trusted Helper
Still got 6 more hours. Plenty of time.
#93
Posted 07 March 2011 - 04:30 AM
thedeadlystoat
- Topic Starter
-
- Member
-
- 73 posts
Member
Hey it actually finishes faster that it seemed. This is what came from the scan:
C:\Users\Marisa\Downloads\IMBoosterSetup.4qvcxeiah10jxlurapcskp45.exe probably a variant of Win32/TrojanDownloader.Agent.KSGCBH trojan deleted - quarantined
I will run now OTL.
C:\Users\Marisa\Downloads\IMBoosterSetup.4qvcxeiah10jxlurapcskp45.exe probably a variant of Win32/TrojanDownloader.Agent.KSGCBH trojan deleted - quarantined
I will run now OTL.
#94
Posted 07 March 2011 - 04:37 AM
thedeadlystoat
- Topic Starter
-
- Member
-
- 73 posts
Member
Do I need to turn off antivirus and antimalware to run OTL?
#95
Posted 07 March 2011 - 04:40 AM
Salagubang
-
- Malware Removal
-
- 3,891 posts
Trusted Helper
Do I need to turn off antivirus and antimalware to run OTL?
No. You can leave it on.
#97
Posted 07 March 2011 - 04:47 AM
thedeadlystoat
- Topic Starter
-
- Member
-
- 73 posts
Member
I forgot to ask, do you want me to press the blue "Run scan" button or the pink "Quick scan" one?
#99
Posted 07 March 2011 - 04:50 AM
thedeadlystoat
- Topic Starter
-
- Member
-
- 73 posts
Member
Ok. I'm glad I asked.
#100
Posted 07 March 2011 - 04:57 AM
thedeadlystoat
- Topic Starter
-
- Member
-
- 73 posts
Member
Here it is:
OTL logfile created on: 07/03/2011 04:50:58 a.m. - Run 4
OTL by OldTimer - Version 3.2.22.0 Folder = C:\Users\Manuel\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 0000080A | Country: México | Language: ESM | Date Format: dd/MM/yyyy
1,014.00 Mb Total Physical Memory | 422.00 Mb Available Physical Memory | 42.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 61.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 140.16 Gb Total Space | 96.36 Gb Free Space | 68.74% Space Free | Partition Type: NTFS
Drive D: | 8.89 Gb Total Space | 4.38 Gb Free Space | 49.31% Space Free | Partition Type: NTFS
Computer Name: MILAPTOP | User Name: Manuel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2011/02/26 00:42:02 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Manuel\Desktop\OTL.exe
PRC - [2011/01/12 16:41:42 | 000,810,144 | ---- | M] (ESET) -- C:\Archivos de programa\ESET\ESET Smart Security\ekrn.exe
PRC - [2011/01/12 16:41:24 | 002,219,184 | ---- | M] (ESET) -- C:\Archivos de programa\ESET\ESET Smart Security\egui.exe
PRC - [2010/05/14 10:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) -- C:\Archivos de programa\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/08/18 10:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Archivos de programa\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2009/08/18 10:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Archivos de programa\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2008/10/29 00:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/10/25 11:44:34 | 000,031,072 | ---- | M] (Microsoft Corporation) -- C:\Archivos de programa\Microsoft Office\Office12\GrooveMonitor.exe
PRC - [2008/01/09 13:20:30 | 001,232,896 | ---- | M] (Microsoft Corporation) -- C:\Archivos de programa\Windows Sidebar\sidebar.exe
PRC - [2007/01/17 00:34:18 | 000,634,880 | ---- | M] (Motorola Inc.) -- C:\Archivos de programa\Motorola\SMSERIAL\sm56hlpr.exe
PRC - [2006/11/02 06:36:04 | 000,895,488 | ---- | M] (Microsoft Corporation) -- C:\Archivos de programa\Windows Media Player\wmpnetwk.exe
PRC - [2006/11/02 06:36:04 | 000,201,728 | ---- | M] (Microsoft Corporation) -- C:\Archivos de programa\Windows Media Player\wmpnscfg.exe
PRC - [2006/11/02 03:44:59 | 000,068,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2006/09/29 11:39:20 | 000,151,552 | ---- | M] (Intel Corporation) -- C:\Archivos de programa\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2006/09/29 11:38:50 | 000,081,920 | ---- | M] (Intel Corporation) -- C:\Archivos de programa\Intel\Intel Matrix Storage Manager\IAANTmon.exe
========== Modules (SafeList) ==========
MOD - [2011/02/26 00:42:02 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Manuel\Desktop\OTL.exe
MOD - [2006/11/02 03:38:57 | 001,648,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll
========== Win32 Services (SafeList) ==========
SRV - [2011/01/12 16:44:02 | 000,033,584 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv)
SRV - [2011/01/12 16:41:42 | 000,810,144 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn)
SRV - [2007/08/02 10:41:19 | 000,265,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Archivos de programa\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2006/09/29 11:38:50 | 000,081,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Archivos de programa\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - [2010/12/21 15:04:06 | 000,137,144 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\System32\drivers\eamonm.sys -- (eamonm)
DRV - [2010/12/21 15:04:06 | 000,115,008 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2010/12/21 13:47:38 | 000,134,000 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\epfw.sys -- (epfw)
DRV - [2010/12/21 13:47:38 | 000,033,120 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\epfwndis.sys -- (Epfwndis)
DRV - [2010/08/03 12:28:36 | 000,055,256 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\epfwtdi.sys -- (epfwtdi)
DRV - [2009/12/30 11:21:16 | 000,027,192 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\revoflt.sys -- (Revoflt)
DRV - [2007/01/17 00:38:52 | 000,983,936 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2007/01/02 02:44:30 | 000,649,216 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2006/12/18 19:12:22 | 001,786,880 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Controlador del adaptador Intel®
DRV - [2006/11/02 01:30:56 | 002,589,184 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw2v32.sys -- (NETw2v32) Controlador de conexión de red Intel®
DRV - [2006/07/06 00:44:00 | 000,168,448 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tifm21.sys -- (tifm21)
DRV - [2005/02/24 13:16:30 | 000,015,781 | R--- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\mdc8021x.sys -- (MDC8021X) AEGIS Protocol (IEEE 802.1x)
DRV - [2003/10/28 15:56:56 | 000,029,744 | ---- | M] (Service & Quality Technology.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SQCaptur.sys -- (DCamUSBSQTECH) Dual-Mode DSC(2770)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.live.com/ [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.live.com/ [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://prodigy.msn.com/
IE - HKLM\..\URLSearchHook: {9a6be539-96ea-454d-898b-61891e0844d5} - C:\Archivos de programa\Online_Radio_America\tbOnli.dll (Conduit Ltd.)
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.bing.com/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
FF - HKLM\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2011/03/06 16:25:17 | 000,000,000 | ---D | M]
[2011/02/22 19:24:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Manuel\AppData\Roaming\mozilla\Extensions
[2009/06/05 19:52:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Manuel\AppData\Roaming\mozilla\Extensions\[email protected]
[2011/02/25 05:51:10 | 000,000,000 | ---D | M] (No name found) -- C:\Archivos de programa\Mozilla Firefox\extensions
O1 HOSTS File: ([2011/03/06 15:41:46 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Aplicación auxiliar de vínculos de Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Archivos de programa\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Archivos de programa\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Archivos de programa\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Aplicación auxiliar de inicio de sesión de Windows Live ID) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Archivos de programa\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Online Radio America Toolbar) - {9a6be539-96ea-454d-898b-61891e0844d5} - C:\Program Files\Online_Radio_America\tbOnli.dll (Conduit Ltd.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\google\BAE.dll (Gateway Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Archivos de programa\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Archivos de programa\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Online Radio America Toolbar) - {9a6be539-96ea-454d-898b-61891e0844d5} - C:\Archivos de programa\Online_Radio_America\tbOnli.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Archivos de programa\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Online Radio America Toolbar) - {9A6BE539-96EA-454D-898B-61891E0844D5} - C:\Archivos de programa\Online_Radio_America\tbOnli.dll (Conduit Ltd.)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SMSERIAL] C:\Archivos de programa\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKCU..\Run: [WMPNSCFG] C:\Archivos de programa\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: E&xportar a Microsoft Excel - C:\Archivos de programa\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Agregar entrada - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Archivos de programa\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Agregar entrada en Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Archivos de programa\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Archivos de programa\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Archivos de programa\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Archivos de programa\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Archivos de programa\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} http://www.pandasecu...s/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} http://messenger.zon...wn.cab56986.cab (Solitaire Showdown Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} http://www.nullsoft....ayx_vp3_mp3.cab (NsvPlayX Control)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx2.hotmail....NPUpldes-mx.cab (Windows Live Hotmail Photo Upload Tool)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zon...er.cab56986.cab (Minesweeper Flags Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Archivos de programa\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Archivos de programa\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Archivos de programa\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Archivos de programa\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Archivos de programa\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Archivos de programa\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Manuel\AppData\Roaming\Microsoft\Windows Photo Gallery\Papel tapiz de Galería fotográfica de Windows.jpg
O24 - Desktop BackupWallPaper: C:\Users\Manuel\AppData\Roaming\Microsoft\Windows Photo Gallery\Papel tapiz de Galería fotográfica de Windows.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Archivos de programa\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 15:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/03/07 01:29:59 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/03/07 01:29:59 | 000,000,000 | ---D | C] -- C:\Users\Manuel\AppData\Local\temp
[2011/03/07 01:28:58 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/03/07 00:54:57 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/03/06 21:01:40 | 000,000,000 | ---D | C] -- C:\5ee6d7096802433b333940f9703214
[2011/03/06 16:25:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
[2011/03/03 02:48:50 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/03/02 22:28:13 | 000,000,000 | ---D | C] -- C:\Users\Manuel\AppData\Local\Temp(119)
[2011/03/02 22:12:37 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011/03/02 22:12:37 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/03/02 22:12:37 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/03/02 22:12:37 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/03/02 22:11:47 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/02/28 23:11:43 | 000,000,000 | ---D | C] -- C:\Users\Manuel\AppData\Roaming\ESET
[2011/02/28 23:11:43 | 000,000,000 | ---D | C] -- C:\Users\Manuel\AppData\Local\ESET
[2011/02/28 23:00:11 | 000,000,000 | ---D | C] -- C:\ProgramData\ESET
[2011/02/28 23:00:11 | 000,000,000 | ---D | C] -- C:\Archivos de programa\ESET
[2011/02/28 22:49:54 | 000,000,000 | ---D | C] -- C:\Users\Manuel\AppData\Roaming\VS Revo Group
[2011/02/26 02:31:33 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2011/02/26 02:31:33 | 000,000,000 | ---D | C] -- C:\Archivos de programa\AVAST Software
[2011/02/26 00:49:41 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Manuel\Desktop\OTL.exe
[2011/02/26 00:21:53 | 000,000,000 | ---D | C] -- C:\avrescue
[2011/02/25 22:34:32 | 000,000,000 | ---D | C] -- C:\Users\Manuel\AppData\Roaming\Avira
[2011/02/25 21:59:37 | 000,000,000 | ---D | C] -- C:\Users\Manuel\Desktop\GooredFix Backups
[2011/02/25 21:29:05 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/02/25 21:21:57 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/02/25 21:14:32 | 000,519,680 | ---- | C] (OldTimer Tools) -- C:\Users\Manuel\Desktop\OTM.exe
[2011/02/25 21:14:32 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Users\Manuel\Desktop\GooredFix.exe
[2011/02/24 14:13:02 | 000,000,000 | ---D | C] -- C:\$AVG
[2011/02/24 14:06:16 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2011/02/24 14:01:09 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG10
[2011/02/24 13:59:23 | 000,000,000 | ---D | C] -- C:\Archivos de programa\AVG
[2011/02/23 20:57:41 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2011/02/23 19:58:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2011/02/23 19:58:12 | 000,000,000 | ---D | C] -- C:\Archivos de programa\Avira
[2011/02/23 14:50:42 | 000,000,000 | ---D | C] -- C:\Users\Manuel\AppData\Local\VS Revo Group
[2011/02/23 14:50:20 | 000,027,192 | ---- | C] (VS Revo Group) -- C:\Windows\System32\drivers\revoflt.sys
[2011/02/23 14:50:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
[2011/02/23 14:50:18 | 000,000,000 | ---D | C] -- C:\Archivos de programa\VS Revo Group
[2011/02/23 01:38:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011/02/23 01:35:26 | 000,000,000 | ---D | C] -- C:\Archivos de programa\CCleaner
[2011/02/22 22:41:55 | 000,000,000 | ---D | C] -- C:\Users\Manuel\AppData\Roaming\Malwarebytes
[2011/02/22 22:41:42 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/02/22 22:41:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/02/22 22:41:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/02/22 22:41:37 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/02/22 22:41:37 | 000,000,000 | ---D | C] -- C:\Archivos de programa\Malwarebytes' Anti-Malware
[2011/02/22 22:17:52 | 001,372,248 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Manuel\Desktop\tdsskiller.exe
[2011/02/22 00:16:57 | 000,000,000 | ---D | C] -- C:\Users\Manuel\dwhelper
[2011/02/08 22:33:12 | 000,000,000 | ---D | C] -- C:\PerfLogs
[2011/02/08 21:21:18 | 000,000,000 | ---D | C] -- C:\38e107bdc5e10e2e5e
========== Files - Modified Within 30 Days ==========
[2011/03/07 04:54:08 | 000,000,394 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{18D5EA73-F2B9-4043-9B23-A38431E2E374}.job
[2011/03/07 04:50:59 | 000,000,476 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{79B37A82-D378-47A7-95FE-AE69C4ADACDE}.job
[2011/03/07 04:26:02 | 000,001,024 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/03/07 04:21:19 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/03/07 04:21:19 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/03/07 00:54:09 | 004,281,677 | R--- | M] () -- C:\Users\Manuel\Desktop\ComboFix.exe
[2011/03/07 00:25:45 | 000,001,020 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/03/07 00:23:53 | 000,000,998 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2011/03/07 00:21:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/03/07 00:19:39 | 1063,444,480 | -HS- | M] () -- C:\hiberfil.sys
[2011/03/06 15:41:46 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/03/03 00:48:58 | 000,002,007 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/03/02 19:57:05 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2011/02/28 21:42:18 | 048,193,536 | ---- | M] () -- C:\Users\Manuel\Desktop\ess_nt32_esn.msi
[2011/02/26 00:42:02 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Manuel\Desktop\OTL.exe
[2011/02/25 20:51:58 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Users\Manuel\Desktop\GooredFix.exe
[2011/02/25 20:51:27 | 000,519,680 | ---- | M] (OldTimer Tools) -- C:\Users\Manuel\Desktop\OTM.exe
[2011/02/23 20:44:36 | 000,052,736 | ---- | M] () -- C:\Users\Manuel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/02/23 14:50:22 | 000,001,101 | ---- | M] () -- C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
[2011/02/23 14:22:10 | 000,008,627 | ---- | M] () -- C:\Windows\System32\PAV_FOG.OPC
[2011/02/23 01:35:28 | 000,000,840 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/02/22 22:41:42 | 000,000,942 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/02/22 22:17:56 | 001,372,248 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Manuel\Desktop\tdsskiller.exe
[2011/02/13 09:25:43 | 000,687,582 | ---- | M] () -- C:\Windows\System32\perfh00A.dat
[2011/02/13 09:25:43 | 000,610,142 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/02/13 09:25:43 | 000,122,196 | ---- | M] () -- C:\Windows\System32\perfc00A.dat
[2011/02/13 09:25:42 | 000,103,924 | ---- | M] () -- C:\Windows\System32\perfc009.dat
========== Files Created - No Company Name ==========
[2011/03/03 00:45:46 | 1063,444,480 | -HS- | C] () -- C:\hiberfil.sys
[2011/03/02 22:12:37 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/03/02 22:12:37 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/03/02 22:12:37 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/03/02 22:12:37 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/03/02 22:12:37 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/03/02 22:07:23 | 004,281,677 | R--- | C] () -- C:\Users\Manuel\Desktop\ComboFix.exe
[2011/02/28 22:54:57 | 048,193,536 | ---- | C] () -- C:\Users\Manuel\Desktop\ess_nt32_esn.msi
[2011/02/23 14:50:22 | 000,001,101 | ---- | C] () -- C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
[2011/02/23 01:38:37 | 000,002,007 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/02/23 01:35:28 | 000,000,840 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/02/22 22:41:42 | 000,000,942 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/14 02:00:24 | 000,000,680 | ---- | C] () -- C:\Users\Manuel\AppData\Local\d3d9caps.dat
[2007/12/26 20:51:22 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2007/12/21 13:20:50 | 000,015,781 | R--- | C] () -- C:\Windows\System32\drivers\mdc8021x.sys
[2007/12/13 21:13:57 | 000,000,021 | ---- | C] () -- C:\Windows\progman.ini
[2007/12/13 21:13:44 | 000,000,064 | ---- | C] () -- C:\Windows\swcmpc.ini
[2007/07/19 17:36:46 | 000,052,736 | ---- | C] () -- C:\Users\Manuel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/04/19 19:05:52 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1147.dll
[2007/04/19 19:05:52 | 000,053,248 | ---- | C] () -- C:\Windows\System32\oemdspif.dll
[2007/04/19 19:05:49 | 000,077,824 | ---- | C] () -- C:\Windows\System32\hccutils.dll
[2007/04/19 19:05:48 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2006/11/22 00:00:37 | 000,352,256 | ---- | C] () -- C:\Windows\System32\HotlineClient.exe
[2006/11/02 09:46:21 | 000,687,582 | ---- | C] () -- C:\Windows\System32\perfh00A.dat
[2006/11/02 09:46:21 | 000,336,930 | ---- | C] () -- C:\Windows\System32\perfi00A.dat
[2006/11/02 09:46:21 | 000,122,196 | ---- | C] () -- C:\Windows\System32\perfc00A.dat
[2006/11/02 09:46:21 | 000,040,258 | ---- | C] () -- C:\Windows\System32\perfd00A.dat
[2006/11/02 06:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 06:47:37 | 000,380,168 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 06:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 04:33:01 | 000,610,142 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 04:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 04:33:01 | 000,103,924 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 04:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 04:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006/11/02 04:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 02:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 02:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 01:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 01:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/11/02 01:22:43 | 000,099,999 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2006/11/02 01:22:43 | 000,018,271 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
========== LOP Check ==========
[2010/11/11 17:25:01 | 000,000,000 | ---D | M] -- C:\Users\Manuel\AppData\Roaming\Auslogics
[2011/02/28 23:11:43 | 000,000,000 | ---D | M] -- C:\Users\Manuel\AppData\Roaming\ESET
[2011/02/23 22:36:52 | 000,000,000 | ---D | M] -- C:\Users\Manuel\AppData\Roaming\LimeWire
[2007/07/19 17:20:40 | 000,000,000 | ---D | M] -- C:\Users\Manuel\AppData\Roaming\SampleView
[2011/02/28 22:49:54 | 000,000,000 | ---D | M] -- C:\Users\Manuel\AppData\Roaming\VS Revo Group
[2011/03/06 19:16:09 | 000,032,554 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/03/07 04:54:08 | 000,000,394 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{18D5EA73-F2B9-4043-9B23-A38431E2E374}.job
[2011/03/07 04:50:59 | 000,000,476 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{79B37A82-D378-47A7-95FE-AE69C4ADACDE}.job
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:07BF512B
< End of report >
OTL logfile created on: 07/03/2011 04:50:58 a.m. - Run 4
OTL by OldTimer - Version 3.2.22.0 Folder = C:\Users\Manuel\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 0000080A | Country: México | Language: ESM | Date Format: dd/MM/yyyy
1,014.00 Mb Total Physical Memory | 422.00 Mb Available Physical Memory | 42.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 61.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 140.16 Gb Total Space | 96.36 Gb Free Space | 68.74% Space Free | Partition Type: NTFS
Drive D: | 8.89 Gb Total Space | 4.38 Gb Free Space | 49.31% Space Free | Partition Type: NTFS
Computer Name: MILAPTOP | User Name: Manuel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2011/02/26 00:42:02 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Manuel\Desktop\OTL.exe
PRC - [2011/01/12 16:41:42 | 000,810,144 | ---- | M] (ESET) -- C:\Archivos de programa\ESET\ESET Smart Security\ekrn.exe
PRC - [2011/01/12 16:41:24 | 002,219,184 | ---- | M] (ESET) -- C:\Archivos de programa\ESET\ESET Smart Security\egui.exe
PRC - [2010/05/14 10:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) -- C:\Archivos de programa\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/08/18 10:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Archivos de programa\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2009/08/18 10:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Archivos de programa\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2008/10/29 00:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/10/25 11:44:34 | 000,031,072 | ---- | M] (Microsoft Corporation) -- C:\Archivos de programa\Microsoft Office\Office12\GrooveMonitor.exe
PRC - [2008/01/09 13:20:30 | 001,232,896 | ---- | M] (Microsoft Corporation) -- C:\Archivos de programa\Windows Sidebar\sidebar.exe
PRC - [2007/01/17 00:34:18 | 000,634,880 | ---- | M] (Motorola Inc.) -- C:\Archivos de programa\Motorola\SMSERIAL\sm56hlpr.exe
PRC - [2006/11/02 06:36:04 | 000,895,488 | ---- | M] (Microsoft Corporation) -- C:\Archivos de programa\Windows Media Player\wmpnetwk.exe
PRC - [2006/11/02 06:36:04 | 000,201,728 | ---- | M] (Microsoft Corporation) -- C:\Archivos de programa\Windows Media Player\wmpnscfg.exe
PRC - [2006/11/02 03:44:59 | 000,068,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2006/09/29 11:39:20 | 000,151,552 | ---- | M] (Intel Corporation) -- C:\Archivos de programa\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2006/09/29 11:38:50 | 000,081,920 | ---- | M] (Intel Corporation) -- C:\Archivos de programa\Intel\Intel Matrix Storage Manager\IAANTmon.exe
========== Modules (SafeList) ==========
MOD - [2011/02/26 00:42:02 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Manuel\Desktop\OTL.exe
MOD - [2006/11/02 03:38:57 | 001,648,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll
========== Win32 Services (SafeList) ==========
SRV - [2011/01/12 16:44:02 | 000,033,584 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv)
SRV - [2011/01/12 16:41:42 | 000,810,144 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn)
SRV - [2007/08/02 10:41:19 | 000,265,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Archivos de programa\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2006/09/29 11:38:50 | 000,081,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Archivos de programa\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - [2010/12/21 15:04:06 | 000,137,144 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\System32\drivers\eamonm.sys -- (eamonm)
DRV - [2010/12/21 15:04:06 | 000,115,008 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2010/12/21 13:47:38 | 000,134,000 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\epfw.sys -- (epfw)
DRV - [2010/12/21 13:47:38 | 000,033,120 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\epfwndis.sys -- (Epfwndis)
DRV - [2010/08/03 12:28:36 | 000,055,256 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\epfwtdi.sys -- (epfwtdi)
DRV - [2009/12/30 11:21:16 | 000,027,192 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\revoflt.sys -- (Revoflt)
DRV - [2007/01/17 00:38:52 | 000,983,936 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2007/01/02 02:44:30 | 000,649,216 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2006/12/18 19:12:22 | 001,786,880 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Controlador del adaptador Intel®
DRV - [2006/11/02 01:30:56 | 002,589,184 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw2v32.sys -- (NETw2v32) Controlador de conexión de red Intel®
DRV - [2006/07/06 00:44:00 | 000,168,448 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tifm21.sys -- (tifm21)
DRV - [2005/02/24 13:16:30 | 000,015,781 | R--- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\mdc8021x.sys -- (MDC8021X) AEGIS Protocol (IEEE 802.1x)
DRV - [2003/10/28 15:56:56 | 000,029,744 | ---- | M] (Service & Quality Technology.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SQCaptur.sys -- (DCamUSBSQTECH) Dual-Mode DSC(2770)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.live.com/ [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.live.com/ [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://prodigy.msn.com/
IE - HKLM\..\URLSearchHook: {9a6be539-96ea-454d-898b-61891e0844d5} - C:\Archivos de programa\Online_Radio_America\tbOnli.dll (Conduit Ltd.)
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.bing.com/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
FF - HKLM\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2011/03/06 16:25:17 | 000,000,000 | ---D | M]
[2011/02/22 19:24:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Manuel\AppData\Roaming\mozilla\Extensions
[2009/06/05 19:52:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Manuel\AppData\Roaming\mozilla\Extensions\[email protected]
[2011/02/25 05:51:10 | 000,000,000 | ---D | M] (No name found) -- C:\Archivos de programa\Mozilla Firefox\extensions
O1 HOSTS File: ([2011/03/06 15:41:46 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Aplicación auxiliar de vínculos de Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Archivos de programa\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Archivos de programa\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Archivos de programa\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Aplicación auxiliar de inicio de sesión de Windows Live ID) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Archivos de programa\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Online Radio America Toolbar) - {9a6be539-96ea-454d-898b-61891e0844d5} - C:\Program Files\Online_Radio_America\tbOnli.dll (Conduit Ltd.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\google\BAE.dll (Gateway Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Archivos de programa\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Archivos de programa\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Online Radio America Toolbar) - {9a6be539-96ea-454d-898b-61891e0844d5} - C:\Archivos de programa\Online_Radio_America\tbOnli.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Archivos de programa\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Online Radio America Toolbar) - {9A6BE539-96EA-454D-898B-61891E0844D5} - C:\Archivos de programa\Online_Radio_America\tbOnli.dll (Conduit Ltd.)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SMSERIAL] C:\Archivos de programa\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKCU..\Run: [WMPNSCFG] C:\Archivos de programa\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: E&xportar a Microsoft Excel - C:\Archivos de programa\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Agregar entrada - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Archivos de programa\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Agregar entrada en Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Archivos de programa\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Archivos de programa\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Archivos de programa\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Archivos de programa\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Archivos de programa\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} http://www.pandasecu...s/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} http://messenger.zon...wn.cab56986.cab (Solitaire Showdown Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} http://www.nullsoft....ayx_vp3_mp3.cab (NsvPlayX Control)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx2.hotmail....NPUpldes-mx.cab (Windows Live Hotmail Photo Upload Tool)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zon...er.cab56986.cab (Minesweeper Flags Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Archivos de programa\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Archivos de programa\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Archivos de programa\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Archivos de programa\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Archivos de programa\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Archivos de programa\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Manuel\AppData\Roaming\Microsoft\Windows Photo Gallery\Papel tapiz de Galería fotográfica de Windows.jpg
O24 - Desktop BackupWallPaper: C:\Users\Manuel\AppData\Roaming\Microsoft\Windows Photo Gallery\Papel tapiz de Galería fotográfica de Windows.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Archivos de programa\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 15:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/03/07 01:29:59 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/03/07 01:29:59 | 000,000,000 | ---D | C] -- C:\Users\Manuel\AppData\Local\temp
[2011/03/07 01:28:58 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/03/07 00:54:57 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/03/06 21:01:40 | 000,000,000 | ---D | C] -- C:\5ee6d7096802433b333940f9703214
[2011/03/06 16:25:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
[2011/03/03 02:48:50 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/03/02 22:28:13 | 000,000,000 | ---D | C] -- C:\Users\Manuel\AppData\Local\Temp(119)
[2011/03/02 22:12:37 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011/03/02 22:12:37 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/03/02 22:12:37 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/03/02 22:12:37 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/03/02 22:11:47 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/02/28 23:11:43 | 000,000,000 | ---D | C] -- C:\Users\Manuel\AppData\Roaming\ESET
[2011/02/28 23:11:43 | 000,000,000 | ---D | C] -- C:\Users\Manuel\AppData\Local\ESET
[2011/02/28 23:00:11 | 000,000,000 | ---D | C] -- C:\ProgramData\ESET
[2011/02/28 23:00:11 | 000,000,000 | ---D | C] -- C:\Archivos de programa\ESET
[2011/02/28 22:49:54 | 000,000,000 | ---D | C] -- C:\Users\Manuel\AppData\Roaming\VS Revo Group
[2011/02/26 02:31:33 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2011/02/26 02:31:33 | 000,000,000 | ---D | C] -- C:\Archivos de programa\AVAST Software
[2011/02/26 00:49:41 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Manuel\Desktop\OTL.exe
[2011/02/26 00:21:53 | 000,000,000 | ---D | C] -- C:\avrescue
[2011/02/25 22:34:32 | 000,000,000 | ---D | C] -- C:\Users\Manuel\AppData\Roaming\Avira
[2011/02/25 21:59:37 | 000,000,000 | ---D | C] -- C:\Users\Manuel\Desktop\GooredFix Backups
[2011/02/25 21:29:05 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/02/25 21:21:57 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/02/25 21:14:32 | 000,519,680 | ---- | C] (OldTimer Tools) -- C:\Users\Manuel\Desktop\OTM.exe
[2011/02/25 21:14:32 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Users\Manuel\Desktop\GooredFix.exe
[2011/02/24 14:13:02 | 000,000,000 | ---D | C] -- C:\$AVG
[2011/02/24 14:06:16 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2011/02/24 14:01:09 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG10
[2011/02/24 13:59:23 | 000,000,000 | ---D | C] -- C:\Archivos de programa\AVG
[2011/02/23 20:57:41 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2011/02/23 19:58:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2011/02/23 19:58:12 | 000,000,000 | ---D | C] -- C:\Archivos de programa\Avira
[2011/02/23 14:50:42 | 000,000,000 | ---D | C] -- C:\Users\Manuel\AppData\Local\VS Revo Group
[2011/02/23 14:50:20 | 000,027,192 | ---- | C] (VS Revo Group) -- C:\Windows\System32\drivers\revoflt.sys
[2011/02/23 14:50:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
[2011/02/23 14:50:18 | 000,000,000 | ---D | C] -- C:\Archivos de programa\VS Revo Group
[2011/02/23 01:38:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011/02/23 01:35:26 | 000,000,000 | ---D | C] -- C:\Archivos de programa\CCleaner
[2011/02/22 22:41:55 | 000,000,000 | ---D | C] -- C:\Users\Manuel\AppData\Roaming\Malwarebytes
[2011/02/22 22:41:42 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/02/22 22:41:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/02/22 22:41:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/02/22 22:41:37 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/02/22 22:41:37 | 000,000,000 | ---D | C] -- C:\Archivos de programa\Malwarebytes' Anti-Malware
[2011/02/22 22:17:52 | 001,372,248 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Manuel\Desktop\tdsskiller.exe
[2011/02/22 00:16:57 | 000,000,000 | ---D | C] -- C:\Users\Manuel\dwhelper
[2011/02/08 22:33:12 | 000,000,000 | ---D | C] -- C:\PerfLogs
[2011/02/08 21:21:18 | 000,000,000 | ---D | C] -- C:\38e107bdc5e10e2e5e
========== Files - Modified Within 30 Days ==========
[2011/03/07 04:54:08 | 000,000,394 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{18D5EA73-F2B9-4043-9B23-A38431E2E374}.job
[2011/03/07 04:50:59 | 000,000,476 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{79B37A82-D378-47A7-95FE-AE69C4ADACDE}.job
[2011/03/07 04:26:02 | 000,001,024 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/03/07 04:21:19 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/03/07 04:21:19 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/03/07 00:54:09 | 004,281,677 | R--- | M] () -- C:\Users\Manuel\Desktop\ComboFix.exe
[2011/03/07 00:25:45 | 000,001,020 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/03/07 00:23:53 | 000,000,998 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2011/03/07 00:21:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/03/07 00:19:39 | 1063,444,480 | -HS- | M] () -- C:\hiberfil.sys
[2011/03/06 15:41:46 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/03/03 00:48:58 | 000,002,007 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/03/02 19:57:05 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2011/02/28 21:42:18 | 048,193,536 | ---- | M] () -- C:\Users\Manuel\Desktop\ess_nt32_esn.msi
[2011/02/26 00:42:02 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Manuel\Desktop\OTL.exe
[2011/02/25 20:51:58 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Users\Manuel\Desktop\GooredFix.exe
[2011/02/25 20:51:27 | 000,519,680 | ---- | M] (OldTimer Tools) -- C:\Users\Manuel\Desktop\OTM.exe
[2011/02/23 20:44:36 | 000,052,736 | ---- | M] () -- C:\Users\Manuel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/02/23 14:50:22 | 000,001,101 | ---- | M] () -- C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
[2011/02/23 14:22:10 | 000,008,627 | ---- | M] () -- C:\Windows\System32\PAV_FOG.OPC
[2011/02/23 01:35:28 | 000,000,840 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/02/22 22:41:42 | 000,000,942 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/02/22 22:17:56 | 001,372,248 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Manuel\Desktop\tdsskiller.exe
[2011/02/13 09:25:43 | 000,687,582 | ---- | M] () -- C:\Windows\System32\perfh00A.dat
[2011/02/13 09:25:43 | 000,610,142 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/02/13 09:25:43 | 000,122,196 | ---- | M] () -- C:\Windows\System32\perfc00A.dat
[2011/02/13 09:25:42 | 000,103,924 | ---- | M] () -- C:\Windows\System32\perfc009.dat
========== Files Created - No Company Name ==========
[2011/03/03 00:45:46 | 1063,444,480 | -HS- | C] () -- C:\hiberfil.sys
[2011/03/02 22:12:37 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/03/02 22:12:37 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/03/02 22:12:37 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/03/02 22:12:37 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/03/02 22:12:37 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/03/02 22:07:23 | 004,281,677 | R--- | C] () -- C:\Users\Manuel\Desktop\ComboFix.exe
[2011/02/28 22:54:57 | 048,193,536 | ---- | C] () -- C:\Users\Manuel\Desktop\ess_nt32_esn.msi
[2011/02/23 14:50:22 | 000,001,101 | ---- | C] () -- C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
[2011/02/23 01:38:37 | 000,002,007 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/02/23 01:35:28 | 000,000,840 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/02/22 22:41:42 | 000,000,942 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/14 02:00:24 | 000,000,680 | ---- | C] () -- C:\Users\Manuel\AppData\Local\d3d9caps.dat
[2007/12/26 20:51:22 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2007/12/21 13:20:50 | 000,015,781 | R--- | C] () -- C:\Windows\System32\drivers\mdc8021x.sys
[2007/12/13 21:13:57 | 000,000,021 | ---- | C] () -- C:\Windows\progman.ini
[2007/12/13 21:13:44 | 000,000,064 | ---- | C] () -- C:\Windows\swcmpc.ini
[2007/07/19 17:36:46 | 000,052,736 | ---- | C] () -- C:\Users\Manuel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/04/19 19:05:52 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1147.dll
[2007/04/19 19:05:52 | 000,053,248 | ---- | C] () -- C:\Windows\System32\oemdspif.dll
[2007/04/19 19:05:49 | 000,077,824 | ---- | C] () -- C:\Windows\System32\hccutils.dll
[2007/04/19 19:05:48 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2006/11/22 00:00:37 | 000,352,256 | ---- | C] () -- C:\Windows\System32\HotlineClient.exe
[2006/11/02 09:46:21 | 000,687,582 | ---- | C] () -- C:\Windows\System32\perfh00A.dat
[2006/11/02 09:46:21 | 000,336,930 | ---- | C] () -- C:\Windows\System32\perfi00A.dat
[2006/11/02 09:46:21 | 000,122,196 | ---- | C] () -- C:\Windows\System32\perfc00A.dat
[2006/11/02 09:46:21 | 000,040,258 | ---- | C] () -- C:\Windows\System32\perfd00A.dat
[2006/11/02 06:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 06:47:37 | 000,380,168 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 06:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 04:33:01 | 000,610,142 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 04:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 04:33:01 | 000,103,924 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 04:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 04:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006/11/02 04:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 02:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 02:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 01:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 01:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/11/02 01:22:43 | 000,099,999 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2006/11/02 01:22:43 | 000,018,271 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
========== LOP Check ==========
[2010/11/11 17:25:01 | 000,000,000 | ---D | M] -- C:\Users\Manuel\AppData\Roaming\Auslogics
[2011/02/28 23:11:43 | 000,000,000 | ---D | M] -- C:\Users\Manuel\AppData\Roaming\ESET
[2011/02/23 22:36:52 | 000,000,000 | ---D | M] -- C:\Users\Manuel\AppData\Roaming\LimeWire
[2007/07/19 17:20:40 | 000,000,000 | ---D | M] -- C:\Users\Manuel\AppData\Roaming\SampleView
[2011/02/28 22:49:54 | 000,000,000 | ---D | M] -- C:\Users\Manuel\AppData\Roaming\VS Revo Group
[2011/03/06 19:16:09 | 000,032,554 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/03/07 04:54:08 | 000,000,394 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{18D5EA73-F2B9-4043-9B23-A38431E2E374}.job
[2011/03/07 04:50:59 | 000,000,476 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{79B37A82-D378-47A7-95FE-AE69C4ADACDE}.job
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:07BF512B
< End of report >
#101
Posted 07 March 2011 - 05:07 AM
Salagubang
-
- Malware Removal
-
- 3,891 posts
Trusted Helper
How is the computer running now?
#102
Posted 07 March 2011 - 05:11 AM
thedeadlystoat
- Topic Starter
-
- Member
-
- 73 posts
Member
Apparently well, no redirecting at all, the gadget in Windows Sidebar says RAM is 74% occupied which is normal according to reads before the problem began. What do you think?
#103
Posted 07 March 2011 - 05:13 AM
Salagubang
-
- Malware Removal
-
- 3,891 posts
Trusted Helper
Hi thedeadlystoat,
Nice Job. The machine appears clean and needs some tender loving.
Lets wrap up.
First, since we used a "healthy" computer to transfer tools back and forth, I would suggest running a full system scan with an antivirus tool on the alternate computer. I would also suggest running MBAM on that computer as well.
Cleaning up.
We need to remove all the tools that you have used.
This is so that should you ever be re-infected, you will download updated versions. It will also remove the quarantined Malware from your computer.
Remove ComboFix
Remove Other Tools
Lets Re-hide system files and folders.
Opening Windows Explorer (to get there right-click your Start button and go to "Explore"), please do the following:
++++++++++++++++++++++++++++++++++++
Below are links to several programs that will help protect your computer.
Anti-Spyware
I recommend downloading and installing any of the following applications.
++++++++++++++++++++++++++++++++++++
Other things to keep in mind.
Windows, Java, and Adobe products should all be kept up-to-date on a regular basis so the latest security fixes are in place on your computer. Please refer to the following links on how to manage these products.
Here are a few other applications you might consider. Keeping your temporary file area clean, your Windows registry backed up, and backing up your important data are all good techniques.
Please remember that just having these programs is not enough. You must use them. Running a full spyware scan weekly, a full virus scan monthly, and checking for updates and cleaning your temporary files periodically is very important in keeping your computer in tip-top shape.
Finally, please take the time to read the following articles. Applying this information will help prevent future infections:
How to prevent malware by miekiemoes
Preventing Malware and Safe Computing by Rorschach112
This article will help you understand how you may have gotten infected:
How did I get infected in the first place?
Remember, you have to be smarter than the bad guys! Be safe out there!
Nice Job. The machine appears clean and needs some tender loving.
Lets wrap up.
First, since we used a "healthy" computer to transfer tools back and forth, I would suggest running a full system scan with an antivirus tool on the alternate computer. I would also suggest running MBAM on that computer as well.
Cleaning up.
- Open OTL
- Under the Custom Scans/Fixes box at the bottom, paste in the following:
:OTL IE - HKLM\..\URLSearchHook: {9a6be539-96ea-454d-898b-61891e0844d5} - C:\Archivos de programa\Online_Radio_America\tbOnli.dll (Conduit Ltd.) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.bing.com/ [binary data] O3 - HKLM\..\Toolbar: (Online Radio America Toolbar) - {9a6be539-96ea-454d-898b-61891e0844d5} - C:\Archivos de programa\Online_Radio_America\tbOnli.dll (Conduit Ltd.) O2 - BHO: (Online Radio America Toolbar) - {9a6be539-96ea-454d-898b-61891e0844d5} - C:\Program Files\Online_Radio_America\tbOnli.dll (Conduit Ltd.) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.) O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found @Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:07BF512B :Services :Reg :Files :Commands [purity] [resethosts] [emptytemp] [EMPTYFLASH] [createrestorepoint] [Reboot] - Then click the Run Fix button at the top
- You may be asked to reboot - if so, choose Yes
We need to remove all the tools that you have used.
This is so that should you ever be re-infected, you will download updated versions. It will also remove the quarantined Malware from your computer.
Remove ComboFix
- Click the Start button
- Click Run...
- Type Combofix /Uninstall in the run dialog box and click OK
Remove Other Tools
- Download OTC to your desktop and run it
- Click CleanUp! to begin the cleanup process and remove our tools, including this application
- You may be asked to reboot the machine to finish the cleanup process - if so, choose Yes
Lets Re-hide system files and folders.
Opening Windows Explorer (to get there right-click your Start button and go to "Explore"), please do the following:
- Go to Tools (drop-down menu at the top of the window)
- Go down and click Folder Options
- Click on the View tab
- Find the Hidden Files and Folders section of the box and check "Do not show hidden files and folders"
- Again under Hidden Files and Folders, find "Hide protected operating system files (Recommended)" and check it (if it's already checked)
- Click Apply, and then Ok at the bottom.
- Close the window
++++++++++++++++++++++++++++++++++++
Below are links to several programs that will help protect your computer.
Anti-Spyware
I recommend downloading and installing any of the following applications.
- SpywareBlaster keeps spyware from installing on your system - read the tutorial here
- SpywareGuard protects your browser and computer in real time - read the tutorial here
- SUPERAntiSpyware Free Edition detects and removes spyware, adware, malware, trojans, rogue software, worms, rootkits, parasites and other potentially harmful software applications - read the tutorial here
++++++++++++++++++++++++++++++++++++
Other things to keep in mind.
Windows, Java, and Adobe products should all be kept up-to-date on a regular basis so the latest security fixes are in place on your computer. Please refer to the following links on how to manage these products.
Here are a few other applications you might consider. Keeping your temporary file area clean, your Windows registry backed up, and backing up your important data are all good techniques.
- Flush Flash - by Bobbi Flekman - cleans Flash Player cookies
- ERUNT (Emergency Recovery Utility NT) - a registry backup utility
- Cobian Backup - a very good backup utility - read the tutorial here
- WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
- Green to go
- Yellow for caution
- Red to stop
Please remember that just having these programs is not enough. You must use them. Running a full spyware scan weekly, a full virus scan monthly, and checking for updates and cleaning your temporary files periodically is very important in keeping your computer in tip-top shape.
Finally, please take the time to read the following articles. Applying this information will help prevent future infections:
How to prevent malware by miekiemoes
Preventing Malware and Safe Computing by Rorschach112
This article will help you understand how you may have gotten infected:
How did I get infected in the first place?
Remember, you have to be smarter than the bad guys! Be safe out there!
#104
Posted 07 March 2011 - 05:53 AM
thedeadlystoat
- Topic Starter
-
- Member
-
- 73 posts
Member
Thanks for the tips,
What about the issues I had with the Windows Service Pack? I thought my computer was agonizing after that.
What about the issues I had with the Windows Service Pack? I thought my computer was agonizing after that.
#105
Posted 07 March 2011 - 05:58 AM
Salagubang
-
- Malware Removal
-
- 3,891 posts
Trusted Helper
What about the issues I had with the Windows Service Pack? I thought my computer was agonizing after that.
Post a topic in the operating system forum - they will be able to give better advice that I can.
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
