BleepingComputer.com: Cannot access some web pages (i.e. my bank's page)

Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Page 1 of 1
  • You cannot start a new topic
  • This topic is locked

Cannot access some web pages (i.e. my bank's page) Cannot access a web page from my laptop but I can access it from other

#1 User is offline   rafafallo 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 6
  • Joined: 13-January 09

Posted 13 January 2009 - 09:09 PM

Hello,

I am having problems accessing a web page (my bank's page: www.bancomer.com.mx) from my laptop. Curiously,
the problem does not exist when accessing the same page from other laptop on the same wireless network, or from
our desktop computer. I have tried our laptops on other networks with the same behaviour.

I have a laptop running Vista™ Ultimate 6.0.6001.1.1252.1.3082.18.3581.2118 with IE 8.0
Beta (but the same problem existed with IE 7 and so I upgraded hoping it would be solved).

I have McAfee running, and have tried Ad-Aware, Ccleaner, Windows Defender and recently SuperAntispamware, but
the problem persisted, so I downloaded Combofix and runned it. The report is included below (I could not find how
to attach it).

Regards,

Rafael


ComboFix 09-01-13.03 - rmorales 2009-01-13 18:39:40.1 - NTFSx86
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.1.3082.18.3581.2118 [GMT -6:00]
Se ejecuta desde: c:\users\rmorales\Documents\Downloads\ComboFix.exe
* Creado un nuevo punto de restauración
* Resident AV is active

.

(((((((((((((((((((((((((((((((((((( Otras eliminaciones )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Downloaded Program Files\setup.inf

.
(((((((((((((((((( Archivos creados desde 2008-12-14 - 2009-01-14 )))))))))))))))))))))))))))))))))
.

2009-01-08 23:34 . 2009-01-08 23:34 <DIR> d-------- c:\windows\Replay Music
2009-01-08 23:34 . 2009-01-08 23:34 <DIR> d-------- c:\program files\Replay Music 3
2009-01-06 12:16 . 2009-01-06 12:16 <DIR> d-------- c:\users\All Users\SUPERAntiSpyware.com
2009-01-06 12:16 . 2009-01-06 12:16 <DIR> d-------- c:\programdata\SUPERAntiSpyware.com
2009-01-06 12:15 . 2009-01-06 12:15 <DIR> d-------- c:\users\rmorales\AppData\Roaming\SUPERAntiSpyware.com
2009-01-06 12:15 . 2009-01-06 12:16 <DIR> d-------- c:\program files\SUPERAntiSpyware
2009-01-06 09:45 . 2008-12-13 00:23 1,659,392 --a------ c:\windows\System32\mshtml.tlb
2009-01-05 20:57 . 2009-01-05 20:57 <DIR> d-------- c:\program files\CCleaner
2009-01-04 13:46 . 2009-01-04 13:46 0 --ah----- c:\windows\System32\drivers\Msft_User_PCCSWpdDriver_01_05_00.Wdf
2009-01-04 13:31 . 2009-01-04 13:31 <DIR> d-------- c:\program files\Common Files\PCSuite
2009-01-04 13:31 . 2009-01-04 13:31 <DIR> d-------- c:\program files\Common Files\Nokia
2009-01-04 13:30 . 2007-09-17 15:53 21,632 --a------ c:\windows\System32\drivers\pccsmcfd.sys
2009-01-04 13:29 . 2009-01-04 13:29 <DIR> d-------- c:\program files\PC Connectivity Solution
2009-01-04 13:28 . 2009-01-04 13:30 <DIR> d-------- c:\program files\Nokia
2008-12-30 20:56 . 2008-12-30 20:56 <DIR> d-------- c:\users\rmorales\.tmnav
2008-12-30 17:18 . 2008-12-30 17:19 <DIR> d-------- c:\users\All Users\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-30 17:18 . 2008-12-30 17:19 <DIR> d-------- c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-30 17:18 . 2008-12-30 17:19 <DIR> d-------- c:\program files\iTunes
2008-12-30 17:18 . 2008-12-30 17:18 <DIR> d-------- c:\program files\iPod
2008-12-30 00:53 . 2008-12-30 01:02 <DIR> d-------- C:\WebSite
2008-12-29 14:51 . 2008-12-30 01:16 <DIR> d-------- c:\program files\Apache Software Foundation
2008-12-27 18:39 . 2008-12-27 18:39 <DIR> d-------- c:\program files\JLR Concepts
2008-12-26 22:56 . 2008-12-26 22:57 <DIR> d-------- c:\program files\WZebra
2008-12-21 22:19 . 2008-12-21 22:19 410,984 --a------ c:\windows\System32\deploytk.dll
2008-12-18 11:30 . 2008-12-18 11:30 <DIR> d-------- c:\program files\Network Stumbler

.
(((((((((((((((((((((((((((((((((((((( Reporte Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-14 00:48 --------- d-----w c:\users\rmorales\AppData\Roaming\WTablet
2009-01-13 21:38 --------- d-----w c:\users\rmorales\AppData\Roaming\EndNote
2009-01-13 21:35 --------- d-----w c:\programdata\Google Updater
2009-01-13 01:10 --------- d-----w c:\users\rmorales\AppData\Roaming\FileZilla
2009-01-10 15:47 --------- d-----w c:\users\rmorales\AppData\Roaming\Nokia
2009-01-10 06:34 --------- d-----w c:\users\rmorales\AppData\Roaming\Free Download Manager
2009-01-10 04:01 --------- d-----w c:\users\rmorales\AppData\Roaming\Skype
2009-01-10 03:53 --------- d-----w c:\users\rmorales\AppData\Roaming\LimeWire
2009-01-09 22:28 --------- d-----w c:\users\rmorales\AppData\Roaming\skypePM
2009-01-09 04:48 172,436 ----a-w c:\users\All Users\nvModes.dat
2009-01-09 04:48 172,436 ----a-w c:\programdata\nvModes.dat
2009-01-09 03:55 --------- d-----w c:\users\rmorales\AppData\Roaming\uTorrent
2009-01-08 02:06 --------- d-----w c:\program files\Unlocker
2009-01-06 18:15 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-01-04 19:46 --------- d-----w c:\users\rmorales\AppData\Roaming\PC Suite
2009-01-04 19:46 --------- d-----w c:\programdata\PC Suite
2009-01-04 19:32 --------- d-----w c:\program files\Firefox
2009-01-04 19:31 --------- d-----w c:\programdata\Installations
2009-01-01 01:04 --------- d-----w c:\program files\Mozilla Thunderbird
2008-12-31 16:56 --------- d-----w c:\program files\McAfee
2008-12-30 23:18 --------- d-----w c:\programdata\Apple Computer
2008-12-30 23:18 --------- d-----w c:\program files\Common Files\Apple
2008-12-30 23:17 --------- d-----w c:\program files\QuickTime
2008-12-22 04:19 --------- d-----w c:\program files\Java
2008-12-16 07:22 --------- d-----w c:\program files\Atomic Alarm Clock
2008-12-16 06:20 --------- d-----w c:\programdata\FLEXnet
2008-12-13 08:07 --------- d-----w c:\program files\MuseScore 0.9
2008-12-09 22:18 --------- d-----w c:\program files\Windows Mail
2008-12-09 22:15 --------- d-----w c:\programdata\Microsoft Help
2008-12-09 03:57 --------- d-----w c:\program files\LimeWire
2008-12-07 04:50 --------- d-----w c:\program files\Common Files\Adobe
2008-12-07 04:44 --------- d-----w c:\programdata\ALM
2008-12-07 03:54 --------- d-----w c:\program files\Common Files\Macrovision Shared
2008-12-07 00:57 0 ---ha-w c:\windows\system32\drivers\Msft_User_WpdRapi_01_00_00.Wdf
2008-12-07 00:37 --------- d-----w c:\program files\Common Files\Motorola Shared
2008-12-06 21:08 --------- d-----w c:\program files\DivX
2008-12-06 21:03 --------- d-----w c:\users\rmorales\AppData\Roaming\DVD Flick
2008-11-30 01:33 --------- d-----w c:\users\rmorales\AppData\Roaming\CmapTools
2008-11-30 01:32 --------- d-----w c:\program files\IHMC CmapTools
2008-11-15 18:21 --------- d-----w c:\programdata\NVIDIA
2008-11-01 03:44 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll
2008-11-01 03:44 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
2008-11-01 03:44 460,288 ----a-w c:\windows\AppPatch\AcSpecfc.dll
2008-11-01 03:44 2,154,496 ----a-w c:\windows\AppPatch\AcGenral.dll
2008-11-01 03:44 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll
2008-10-29 06:29 2,927,104 ----a-w c:\windows\explorer.exe
2008-07-25 20:11 88,252 ----a-w c:\users\rmorales\AppData\Roaming\nvModes.dat
2008-05-23 16:48 56 ---ha-w c:\users\All Users\ezsidmv.dat
2008-05-23 16:48 56 ---ha-w c:\programdata\ezsidmv.dat
2008-05-15 00:42 174 --sha-w c:\program files\desktop.ini
2008-03-21 05:58 0 ----a-w c:\users\rmorales\AppData\Roaming\wklnhst.dat
2008-03-13 23:08 74 --sh--r c:\windows\CT4CET.bin
2008-01-19 07:33 397,312 --sha-w c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.0.6001.18000_none_f1582d884fb532fb\WinMail.exe
.

((((((((((((((((((((((((((((((((( Cargando Puntos Reg ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vacías & entradas legítimas predeterminadas no son mostradas
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseSVN]
@="{30351346-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{30351346-7B7D-4FCC-81B4-1E394CA267EB}]
2008-02-16 11:35 536576 --a------ c:\program files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseSVN]
@="{30351347-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{30351347-7B7D-4FCC-81B4-1E394CA267EB}]
2008-02-16 11:35 536576 --a------ c:\program files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseSVN]
@="{30351348-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{30351348-7B7D-4FCC-81B4-1E394CA267EB}]
2008-02-16 11:35 536576 --a------ c:\program files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseSVN]
@="{3035134B-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{3035134B-7B7D-4FCC-81B4-1E394CA267EB}]
2008-02-16 11:35 536576 --a------ c:\program files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseSVN]
@="{3035134C-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{3035134C-7B7D-4FCC-81B4-1E394CA267EB}]
2008-02-16 11:35 536576 --a------ c:\program files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseSVN]
@="{3035134D-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{3035134D-7B7D-4FCC-81B4-1E394CA267EB}]
2008-02-16 11:35 536576 --a------ c:\program files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseSVN]
@="{3035134E-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{3035134E-7B7D-4FCC-81B4-1E394CA267EB}]
2008-02-16 11:35 536576 --a------ c:\program files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\P4EXPCheckoutOverlay]
@="{80E008A4-EAE7-4867-AEB0-1A245F070F25}"
[HKEY_CLASSES_ROOT\CLSID\{80E008A4-EAE7-4867-AEB0-1A245F070F25}]
2008-09-12 12:32 602112 --a------ c:\program files\Perforce\p4exp.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\P4EXPSyncdOverlay]
@="{ADF262C1-E8FE-49BE-AD63-F77CD4A6CCD9}"
[HKEY_CLASSES_ROOT\CLSID\{ADF262C1-E8FE-49BE-AD63-F77CD4A6CCD9}]
2008-09-12 12:32 602112 --a------ c:\program files\Perforce\p4exp.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\P4EXPUpdateOverlay]
@="{C550CDA2-37D7-4838-A9D7-65ECB1EB5AB2}"
[HKEY_CLASSES_ROOT\CLSID\{C550CDA2-37D7-4838-A9D7-65ECB1EB5AB2}]
2008-09-12 12:32 602112 --a------ c:\program files\Perforce\p4exp.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2008-07-04 01:14 4232968 --a------ c:\program files\Protector Suite QL\farchns.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2008-07-04 01:14 4232968 --a------ c:\program files\Protector Suite QL\farchns.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-11-20 3293184]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-03-13 68856]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-02-28 2321600]
"Google Update"="c:\users\rmorales\AppData\Local\Google\Update\GoogleUpdate.exe" [2008-08-28 133104]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-10-02 1124352]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-05-25 17920]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-05-10 857648]
"OEM04Mon.exe"="c:\windows\OEM04Mon.exe" [2007-12-03 36864]
"VolPanel"="c:\program files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" [2006-11-27 180224]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]
"Logitech Hardware Abstraction Layer"="c:\program files\Common Files\Logitech\khalshared\KHALMNPR.EXE" [2007-01-11 101136]
"PSQLLauncher"="c:\program files\Protector Suite QL\launcher.exe" [2008-07-04 49928]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-12-16 29744]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-10-09 16384]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-11-01 189736]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-03-29 185896]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-11-01 582992]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-21 136600]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-09-13 405504]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-03 13552160]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-03 92704]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2008-09-03 96800]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-11 623992]
"Adobe_ID0EYTHM"="c:\progra~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [2007-03-20 1884160]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-11 c:\windows\KHALMNPR.Exe]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-03 703280]
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2007-07-20 1180952]
SetPoint.lnk - c:\program files\SetPoint\SetPoint.exe [2008-03-13 679936]
WordWeb.lnk - c:\program files\WordWeb\wweb32.exe [2008-04-22 42168]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"= 1 (0x1)
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2008-07-04 01:02 96008 c:\windows\System32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter"= ac3filter.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli psqlpwd

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2008-04-01 12:49 36352 c:\program files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{51ECFB98-08BB-40DB-A079-98FE9DC6AAB9}"= UDP:c:\program files\Common Files\McAfee\MNA\McNASvc.exe:McAfee Network Agent
"{34475C21-EBB3-428C-9BEF-337016E8847D}"= c:\program files\Dell\MediaDirect\MediaDirect.exe:Dell MediaDirect
"{14543C00-FE99-4DE7-A3C2-474428CCF451}"= c:\program files\Dell\MediaDirect\PCMService.exe:CyberLink PowerCinema Resident Program
"{03B0F880-C673-40FD-9488-D2FAAE1BCAE2}"= c:\program files\Dell\MediaDirect\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine
"{828C7BAF-7FF6-45DF-91B7-67E446B721A5}"= c:\program files\Dell\MediaDirect\Kernel\DMS\CLMSService.exe:CyberLink Media Server
"{436D1376-23E6-4412-9B48-19BED71B9545}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{8DE425E8-E262-4198-BD9A-E853A794383A}"= UDP:c:\program files\Google\Google Talk\googletalk.exe:Google Talk
"{B66F44F4-DD06-4942-8BDB-A25F6EA9C1DD}"= TCP:c:\program files\Google\Google Talk\googletalk.exe:Google Talk
"{857A6776-9E1B-427F-83E3-D3CFE35AE3BF}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{E5188627-277D-4772-80A7-CBBBC56F3432}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{46D3E979-A673-4B62-B817-CB2C53C00DCF}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{6DF5856C-D794-4B79-B6F8-0354EEA40337}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{FAB3FAA1-6F54-48AB-94F9-C4D7902E2931}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{02B498DC-74BD-40FA-BBB3-2B15D82FC74A}"= UDP:c:\program files\Common Files\McAfee\MNA\McNASvc.exe:McAfee Network Agent
"{A7E0BA60-152E-48B7-9491-8568B5A39482}"= TCP:c:\program files\Common Files\McAfee\MNA\McNASvc.exe:McAfee Network Agent
"{3B6B00FA-A0A5-4EA9-9E78-CF48AABA85C5}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{58EF0E5D-6913-4984-9773-D8182BC056FD}"= UDP:c:\program files\Mozilla Thunderbird\thunderbird.exe:Mozilla Thunderbird
"{276B51C6-EBE8-4A79-AE6E-EFFA63770DA0}"= TCP:c:\program files\Mozilla Thunderbird\thunderbird.exe:Mozilla Thunderbird
"TCP Query User{885562E9-68A4-4DB6-A4BF-02306E37BF56}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{CCB95DD0-C442-4061-AC3B-A5F9C14B18FF}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:uTorrent
"TCP Query User{5BC9223D-879A-4000-849A-BA3063685DEB}c:\\java\\jdk1.6.0_06\\bin\\java.exe"= UDP:c:\java\jdk1.6.0_06\bin\java.exe:Java™ Platform SE binary
"UDP Query User{6D8DD6C8-B0DE-40B9-843E-106699D71651}c:\\java\\jdk1.6.0_06\\bin\\java.exe"= TCP:c:\java\jdk1.6.0_06\bin\java.exe:Java™ Platform SE binary
"TCP Query User{EAC10ACC-2001-4E99-9E4E-72389BE5D967}c:\\program files\\ihmc cmaptools\\jre\\bin\\javaw.exe"= UDP:c:\program files\ihmc cmaptools\jre\bin\javaw.exe:Java™ 2 Platform Standard Edition binary
"UDP Query User{50A4E73D-6C4E-47E0-90D7-C3655A9B3FC0}c:\\program files\\ihmc cmaptools\\jre\\bin\\javaw.exe"= TCP:c:\program files\ihmc cmaptools\jre\bin\javaw.exe:Java™ 2 Platform Standard Edition binary
"TCP Query User{30EFD39C-B964-435D-9EA9-DC9CD87CCE23}c:\\program files\\cisco systems\\cisco ip communicator\\audiotuningwizard.exe"= UDP:c:\program files\cisco systems\cisco ip communicator\audiotuningwizard.exe:AudioTuningWizard
"UDP Query User{E8F71E97-A619-4047-BC86-8B3F3AEB8106}c:\\program files\\cisco systems\\cisco ip communicator\\audiotuningwizard.exe"= TCP:c:\program files\cisco systems\cisco ip communicator\audiotuningwizard.exe:AudioTuningWizard
"TCP Query User{5C46B5CE-5EF0-4024-AD8D-85B27389F58A}c:\\program files\\cisco systems\\cisco ip communicator\\communicatork9.exe"= UDP:c:\program files\cisco systems\cisco ip communicator\communicatork9.exe:Cisco IP Communicator
"UDP Query User{E2B5C4AE-2D73-40CD-9EC7-E7613630F8F5}c:\\program files\\cisco systems\\cisco ip communicator\\communicatork9.exe"= TCP:c:\program files\cisco systems\cisco ip communicator\communicatork9.exe:Cisco IP Communicator
"TCP Query User{8B191F9D-169B-4B9F-BAF1-9159ECF01976}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{339D1CE0-ED82-4BC2-9427-C708655F93C5}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:uTorrent
"TCP Query User{39F84FEB-8689-4CF7-ACC4-AAB2D9F11226}c:\\program files\\cisco systems\\cisco ip communicator\\communicatork9.exe"= UDP:c:\program files\cisco systems\cisco ip communicator\communicatork9.exe:Cisco IP Communicator
"UDP Query User{59BCECDD-77CB-4ADA-B757-8DA6C2058430}c:\\program files\\cisco systems\\cisco ip communicator\\communicatork9.exe"= TCP:c:\program files\cisco systems\cisco ip communicator\communicatork9.exe:Cisco IP Communicator
"{2F7985E7-A81B-4657-9BF5-22B6EEF35F91}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{D2977E6D-3994-4F44-B51E-69D44438620F}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{D8F8FF5B-2B31-44C1-B22F-2074C7C38B1F}"= UDP:c:\program files\Autodesk\3ds Max 9\3dsmax.exe:Autodesk 3ds Max 9 32-bit
"{D0F13354-4BCC-4218-A5C7-16CD52A1692E}"= TCP:c:\program files\Autodesk\3ds Max 9\3dsmax.exe:Autodesk 3ds Max 9 32-bit
"{A0F0AC44-0C3F-46BD-8003-ECD607B8309C}"= UDP:c:\program files\Autodesk\Backburner\monitor.exe:backburner 2.3 monitor
"{140AB731-0910-41CB-B049-13CE3F18235F}"= TCP:c:\program files\Autodesk\Backburner\monitor.exe:backburner 2.3 monitor
"{416CE2CE-E76A-4580-832C-51FB12879C36}"= UDP:c:\program files\Autodesk\Backburner\manager.exe:backburner 2.3 manager
"{0E12B12F-25C8-4041-AD6C-0D4FFFEB3A71}"= TCP:c:\program files\Autodesk\Backburner\manager.exe:backburner 2.3 manager
"{773EA08C-5B07-4C18-A2AD-43474B3A6DA6}"= UDP:c:\program files\Autodesk\Backburner\server.exe:backburner 2.3 server
"{C2E1963B-0515-40DC-AE2C-53F203B3138D}"= TCP:c:\program files\Autodesk\Backburner\server.exe:backburner 2.3 server
"TCP Query User{92BF6773-C2AE-473B-AD76-5FA3D267959C}c:\\java\\jre1.6.0_06\\bin\\javaw.exe"= UDP:c:\java\jre1.6.0_06\bin\javaw.exe:Java™ Platform SE binary
"UDP Query User{2F564271-6A48-4161-A0C1-4E9EA90449C4}c:\\java\\jre1.6.0_06\\bin\\javaw.exe"= TCP:c:\java\jre1.6.0_06\bin\javaw.exe:Java™ Platform SE binary
"TCP Query User{AD9FFF8F-E126-49B1-879F-8386047C9825}c:\\program files\\java\\jre1.6.0_07\\bin\\javaw.exe"= UDP:c:\program files\java\jre1.6.0_07\bin\javaw.exe:Java™ Platform SE binary
"UDP Query User{C41FCFC3-FC94-485A-AE2D-58D886DE34A2}c:\\program files\\java\\jre1.6.0_07\\bin\\javaw.exe"= TCP:c:\program files\java\jre1.6.0_07\bin\javaw.exe:Java™ Platform SE binary
"{EE1D9698-7639-4A79-831B-9056AB608F63}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{E842DD2D-AAB9-4012-AFA5-85F6584F7486}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"TCP Query User{27CC2DEA-CF12-4706-9E75-158123DDC50C}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{BE82702E-3729-40B1-B9D2-E235E1B64F15}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire
"{980D0753-7EE2-4248-84C9-D140AF548D8C}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{7DC4A3D1-959D-4679-80BF-7BD084C97473}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{09185AC1-C004-4278-AEE3-77050E22D2F7}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{B57B5B31-6CA5-4259-85D6-4F22BCA8196B}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire
"{F3CAA496-9BF8-4520-B035-1975A39060BF}"= UDP:3703:Adobe Version Cue CS3 Server
"{68596A6A-A465-46A8-B42B-F6B0A7175BE1}"= UDP:3704:Adobe Version Cue CS3 Server
"{99B749CF-08E3-4CBB-BAD6-21170D81DAFC}"= UDP:50900:Adobe Version Cue CS3 Server
"{ED5672F3-17E6-4B0F-B68F-CC7EC5ED8C87}"= UDP:50901:Adobe Version Cue CS3 Server
"{0FBB34E5-E5BE-4A8D-8152-3F6326230C79}"= UDP:c:\program files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:Adobe Version Cue CS3 Server
"{F3D3F5CF-BE16-40A3-8FF1-4A086EF5258E}"= TCP:c:\program files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:Adobe Version Cue CS3 Server
"{559AAAB8-309A-4DC9-894F-6E851A154E03}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{FB202D58-3601-47F8-84A3-81B92C5AD3DC}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{AB9F985D-6213-492E-8761-76E6095D82BB}c:\\users\\rmorales\\appdata\\local\\google\\chrome\\application\\chrome.exe"= UDP:c:\users\rmorales\appdata\local\google\chrome\application\chrome.exe:chrome.exe
"UDP Query User{C6B2851A-405E-47E6-A568-54DC47CAF70D}c:\\users\\rmorales\\appdata\\local\\google\\chrome\\application\\chrome.exe"= TCP:c:\users\rmorales\appdata\local\google\chrome\application\chrome.exe:chrome.exe

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2008-12-22 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2008-12-22 55024]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [2008-03-14 179712]
R3 OEM04Vfx;Creative Camera OEM004 Video VFX Driver;c:\windows\System32\drivers\OEM04Vfx.sys [2008-03-14 7424]
R3 OEM04Vid;Creative Camera OEM004 Driver;c:\windows\System32\drivers\OEM04Vid.sys [2008-03-14 234720]
R4 AESTFilters;Andrea ST Filters Service;c:\windows\System32\AEstSrv.exe [2008-03-13 73728]
R4 AtomicAlarmClock;Atomic Alarm Clock Time;c:\program files\Atomic Alarm Clock\timeserv.exe [2008-10-21 415744]
R4 CdpPacket;Cisco Discovery Protocol Packet Driver;c:\windows\System32\drivers\CdpPacket.sys [2008-01-24 35692]
R4 npf;NetGroup Packet Filter Driver;c:\windows\System32\drivers\npf.sys [2008-06-01 34064]
R4 TabletServicePen;TabletServicePen;c:\windows\System32\Pen_Tablet.exe [2008-08-17 3024168]
R4 WMPControllerService;WMPControllerService;c:\dell\Utilities\Dell Premium Remote Control\WMPControllerService.exe [2008-09-02 499712]
S3 Apache2.2;Apache2.2;c:\program files\Apache Software Foundation\Apache2.2\bin\httpd.exe [2008-12-10 24636]
S3 GoogleDesktopManager-061008-081103;Administrador de Google Desktop 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2008-03-13 29744]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-12-22 7408]
S3 Tomcat5;Apache Tomcat;c:\program files\Apache Software Foundation\Tomcat 5.5\bin\tomcat5.exe [2008-08-28 57344]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\System32\drivers\wacmoumonitor.sys [2008-08-17 15144]
S4 gupdate1c8e8cf23850c8f;Google Update Service (gupdate1c8e8cf23850c8f);c:\program files\Google\Update\GoogleUpdate.exe [2008-07-18 133104]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{03a14d94-6753-11dd-9957-001f3adf0794}]
\shell\Auto\command - g:\msocache\doWTP_RESTORE_0.exe -autorun
\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL g:\msocache\doWTP_RESTORE_0.exe -autorun

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{19ceefa1-66fa-11dd-9e84-001f3adf0794}]
\shell\AutoRun\command - I:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{34981e37-54ab-11dd-8b10-001f3adf0794}]
\shell\AutoRun\command - G:\tn0k.exe
\shell\explore\Command - G:\tn0k.exe
\shell\open\Command - G:\tn0k.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b43f031e-5068-11dd-8911-001f3adf0794}]
\shell\AutoRun\command - I:\LaunchU3.exe -a

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
%SystemRoot%\system32\soundschemes.exe /AddRegistration

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24}]
%SystemRoot%\system32\soundschemes2.exe /AddRegistration
.
Contenido de carpeta 'Tareas Programadas'

2009-01-14 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-08-28 15:59]

2008-12-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3755667666-4055903824-3808791732-1000.job
- c:\users\rmorales\AppData\Local\Google\Update\GoogleUpdate.exe [2008-08-28 15:59]

2008-10-15 c:\windows\Tasks\McDefragTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]

2008-04-23 c:\windows\Tasks\McQcTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]

2009-01-13 c:\windows\Tasks\User_Feed_Synchronization-{254DD5DA-7176-4D83-9718-23150BD59149}.job
- c:\windows\system32\msfeedssync.exe [2008-08-22 04:05]
.
.
------- Análisis Suplementario -------
.
uStart Page = hxxp://www.google.com/ig
uInternet Settings,ProxyOverride = *.local
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
Trusted Zone: correo.udgvirtual.udg.m
Trusted Zone: correo.udgvirtual.udg.mx
FF - ProfilePath - c:\users\rmorales\AppData\Roaming\Mozilla\Firefox\Profiles\x7rlughc.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.mx/ig
FF - component: c:\program files\Firefox\components\GoogleDesktopMozilla.dll
FF - component: c:\program files\Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - component: c:\program files\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll
FF - component: c:\users\rmorales\AppData\Roaming\Mozilla\Firefox\Profiles\x7rlughc.default\extensions\bkmrksync@nokia.com\components\BkMrkExt.dll
FF - component: c:\users\rmorales\AppData\Roaming\Mozilla\Firefox\Profiles\x7rlughc.default\extensions\passwordbank@upek.com\components\pbgk1_9.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll
FF - plugin: c:\program files\Google\Lively\nplively.dll
FF - plugin: c:\program files\Google\Update\1.2.133.33\npGoogleOneClick7.dll
FF - plugin: c:\users\rmorales\AppData\Local\Google\Update\1.2.133.33\npGoogleOneClick7.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-13 18:49:11
Windows 6.0.6001 Service Pack 1 NTFS

escaneando procesos ocultos ...

escaneando entradas ocultas de autostart ...

escaneando archivos ocultos ...

el escaneo se completo con exito
archivos ocultos: 0

**************************************************************************
.
--------------------- DLLs cargados bajo los procesos en ejecución ---------------------

- - - - - - - > 'lsass.exe'(756)
c:\windows\system32\psqlpwd.dll
c:\program files\Protector Suite QL\homefus2.dll
c:\program files\Protector Suite QL\infql2.dll
c:\program files\Protector Suite QL\applaun.dll
c:\program files\Protector Suite QL\bio.dll
c:\program files\Protector Suite QL\biokmd.dll
c:\program files\Protector Suite QL\bioset.dll
c:\program files\Protector Suite QL\calibset.dll
c:\program files\Protector Suite QL\capikey.dll
c:\program files\Protector Suite QL\crypto.dll
c:\program files\Protector Suite QL\devinsp.dll
c:\program files\Protector Suite QL\enrset.dll
c:\program files\Protector Suite QL\farchns.dll
c:\program files\Protector Suite QL\fdhome.dll
c:\program files\Protector Suite QL\homepass.dll
c:\program files\Protector Suite QL\infcore.dll
c:\program files\Protector Suite QL\lgnset.dll
c:\program files\Protector Suite QL\ms2fs.dll
c:\program files\Protector Suite QL\navset.dll
c:\program files\Protector Suite QL\ntrucore.dll
c:\program files\Protector Suite QL\otp.dll
c:\program files\Protector Suite QL\otprsa.dll
c:\program files\Protector Suite QL\provider.dll
c:\program files\Protector Suite QL\psqltray.dll
c:\program files\Protector Suite QL\psuiteax.dll
c:\program files\Protector Suite QL\pwdbank.dll
c:\program files\Protector Suite QL\pwdkmd.dll
c:\program files\Protector Suite QL\qlbase.dll
c:\program files\Protector Suite QL\secuset.dll
c:\program files\Protector Suite QL\sndset.dll
c:\program files\Protector Suite QL\sysset.dll
c:\program files\Protector Suite QL\tbxset.dll
c:\program files\Protector Suite QL\tpminit.dll
c:\program files\Protector Suite QL\tpmkey.dll
c:\program files\Protector Suite QL\tsscore.dll
c:\program files\Protector Suite QL\vtapipql.dll

- - - - - - - > 'Explorer.exe'(4592)
c:\program files\SetPoint\lgscroll.dll
c:\program files\TortoiseSVN\bin\tortoisesvn.dll
c:\program files\TortoiseSVN\bin\intl3_svn.dll
c:\program files\Protector Suite QL\farchns.dll
c:\program files\Protector Suite QL\infql2.dll
c:\program files\Protector Suite QL\applaun.dll
c:\program files\Protector Suite QL\bio.dll
c:\program files\Protector Suite QL\biokmd.dll
c:\program files\Protector Suite QL\bioset.dll
c:\program files\Protector Suite QL\calibset.dll
c:\program files\Protector Suite QL\capikey.dll
c:\program files\Protector Suite QL\crypto.dll
c:\program files\Protector Suite QL\devinsp.dll
c:\program files\Protector Suite QL\enrset.dll
c:\program files\Protector Suite QL\fdhome.dll
c:\program files\Protector Suite QL\homefus2.dll
c:\program files\Protector Suite QL\homepass.dll
c:\program files\Protector Suite QL\infcore.dll
c:\program files\Protector Suite QL\lgnset.dll
c:\program files\Protector Suite QL\ms2fs.dll
c:\program files\Protector Suite QL\navset.dll
c:\program files\Protector Suite QL\ntrucore.dll
c:\program files\Protector Suite QL\otp.dll
c:\program files\Protector Suite QL\otprsa.dll
c:\program files\Protector Suite QL\provider.dll
c:\program files\Protector Suite QL\psqltray.dll
c:\program files\Protector Suite QL\psuiteax.dll
c:\program files\Protector Suite QL\pwdbank.dll
c:\program files\Protector Suite QL\pwdkmd.dll
c:\program files\Protector Suite QL\qlbase.dll
c:\program files\Protector Suite QL\secuset.dll
c:\program files\Protector Suite QL\sndset.dll
c:\program files\Protector Suite QL\sysset.dll
c:\program files\Protector Suite QL\tbxset.dll
c:\program files\Protector Suite QL\tpminit.dll
c:\program files\Protector Suite QL\tpmkey.dll
c:\program files\Protector Suite QL\tsscore.dll
c:\program files\Protector Suite QL\vtapipql.dll
c:\windows\system32\btncopy.dll
c:\program files\Nokia\Nokia PC Suite 7\phonebrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_spa-co.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
.
------------------------ Otros procesos en ejecución ------------------------
.
c:\windows\System32\nvvsvc.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\wlanext.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
c:\windows\System32\CTSVCCDA.EXE
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\windows\System32\rundll32.exe
c:\windows\System32\wisptis.exe
c:\program files\Protector Suite QL\upeksvr.exe
c:\program files\Common Files\microsoft shared\ink\TabTip.exe
c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe
c:\program files\Common Files\microsoft shared\VS7DEBUG\mdm.exe
c:\program files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
c:\program files\McAfee\MPF\MpfSrv.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\windows\System32\stacsv.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\dell\Utilities\Dell Premium Remote Control\WMPControllerServer.exe
c:\windows\System32\wisptis.exe
c:\progra~1\McAfee.com\Agent\mcagent.exe
c:\program files\Common Files\microsoft shared\ink\TabTip.exe
c:\windows\System32\WTablet\Pen_TabletUser.exe
c:\program files\Windows Media Player\wmplayer.exe
c:\windows\System32\conime.exe
c:\progra~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\program files\TortoiseSVN\bin\TSVNCache.exe
c:\program files\Common Files\McAfee\MNA\McNASvc.exe
c:\program files\Protector Suite QL\psqltray.exe
c:\windows\System32\rundll32.exe
c:\windows\System32\rundll32.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Common Files\microsoft shared\ink\InputPersonalization.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\WIDCOMM\Bluetooth Software\BTStackServer.exe
c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
.
**************************************************************************
.
Tiempo completado: 2009-01-13 18:58:55 - Reiniciando la máquina
ComboFix-quarantined-files.txt 2009-01-14 00:58:36

Pre-Run: 32,205,250,560 bytes libres
Post-Run: 31,855,644,672 bytes libres

501 --- E O F --- 2009-01-08 17:21:54

#2 User is offline   Animal 

  • Bleepin' Animinion
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Site Admin
  • Posts: 17,988
  • Joined: 18-August 05
  • Gender:Male
  • Location:Location, Location

Posted 13 January 2009 - 09:20 PM

Please note the message text in blue at the top of the Am I infected? What do I do? forum.

ComboFix logs should not to be posted outside the HijackThis forums and then only when requested by a HJT Team member. It is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. ComboFix is intended by its creator to be "used under the guidance and supervision of an expert", NOT for private use. Please read Combofix's Disclaimer. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.

Please create a new topic explaining the nature of your problem in the Am I infected? What do I do? forum. Describe pop-ups and system tray or desktop icons that have appeared. Explain what is "going wrong" with your computer. Note any tools you have used and their respective results.

If needed, we will direct you to our HJT Preparation Guide.

Thank you for using BleepingComputer as your malware removal source.

This topic is now closed.
The BC Staff
The Internet is so big, so powerful and pointless that for some people it is a complete substitute for life.
Andrew Brown
Posted Image
A learning experience is one of those things that say, "You know that thing you just did? Don't do that." — Douglas Adams.
Why is the word abbreviation so long?
Follow BleepingComputer on: Facebook | Twitter | Google+

Share this topic:


Page 1 of 1
  • You cannot start a new topic
  • This topic is locked

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users