Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can't Access Google/yahoo


  • This topic is locked This topic is locked
2 replies to this topic

#1 Erisie

Erisie

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:07:06 AM

Posted 11 May 2008 - 09:01 PM

OK. My problem is that I cannot enter many sites from my computer: Google, Yahoo, 4chan, bleepingcomputer and many others. Explorer and Firefox get stuck in an endless "loading", and nothing.

The 404s in both Explorer and Firefox are redirected to "Search Settings".

Some of the old NOD32 logs show a Virtumonde infection. I tried to use ComboFix and the warnings stopped, but the problem remanins there. Repeated deletions with ComboFix only repair the problem for about 10 minutes, befor returning.

Kaspersky Online Scanner is unreachable and I have tried to look for a solution with Spybot S&D, BoClean, CCleaner with no success.

Can you please help me with this?

(I'm sending this from Ares' browser (a P2P app), the only one not affected by the virus/trojan/adware/whatever)

As per your rules, the Deckard's System Scanner/HijackThis!, together with ComboFix are attached:



Deckard's System Scanner/HijackThis! log:

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: Spanish

CPU 0: Intel® Pentium® 4 CPU 2.53GHz
Percentage of Memory in Use: 71%
Physical Memory (total/avail): 479.49 MiB / 137.79 MiB
Pagefile Memory (total/avail): 1121.64 MiB / 790.55 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1922.52 MiB

C: is Fixed (NTFS) - 74.52 GiB total, 44.25 GiB free.
D: is CDROM (No Media)
E: is Removable (FAT32)
F: is Removable (No Media)
G: is Removable (No Media)
H: is Removable (No Media)
I: is Removable (No Media)

\\.\PHYSICALDRIVE0 - WDC WD800BB-00JHA0 - 74.53 GiB - 1 partition
\PARTITION0 (bootable) - Sistema de archivos instalables - 74.52 GiB - C:

\\.\PHYSICALDRIVE1 - IC USB Storage-CFC USB Device

\\.\PHYSICALDRIVE3 - IC USB Storage-MMC USB Device

\\.\PHYSICALDRIVE4 - IC USB Storage-MSC USB Device

\\.\PHYSICALDRIVE2 - IC USB Storage-SMC USB Device

\\.\PHYSICALDRIVE5 - Kingston DataTraveler 2.0 USB Device - 980.53 MiB - 1 partition
\PARTITION0 - Unknown - 983.98 MiB - E:



-- Security Center -------------------------------------------------------------

AUOptions is set to notify before download.
Windows Internal Firewall is enabled.

Unable to create WMI object.

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\xLinKin485\Datos de programa
CLASSPATH=.;C:\Archivos de programa\Java\jre1.6.0\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Archivos de programa\Archivos comunes
COMPUTERNAME=DESKTOP
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\xLinKin485
LOGONSERVER=\\DESKTOP
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Archivos de programa\K-Lite Codec Pack\QuickTime\QTSystem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 7, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0207
ProgramFiles=C:\Archivos de programa
PROMPT=$P$G
QTJAVA=C:\Archivos de programa\Java\jre1.6.0\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\Windows\Temp\
TMP=C:\Windows\Temp\
USERDOMAIN=DESKTOP
USERNAME=xLinKin485
USERPROFILE=C:\Documents and Settings\xLinKin485
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

LiNkIn485 (admin)
JvC (admin)
Isabel (admin)
CoTe (admin)
xLinKin485 (admin)
Administrador (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Actualización de seguridad para el Reproductor de Windows Media 11 (KB936782) --> "C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB918118) --> "C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB924667) --> "C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB925902) --> "C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB926436) --> "C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB927779) --> "C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB927802) --> "C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB928255) --> "C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB928843) --> "C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB929123) --> "C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB930178) --> "C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB931261) --> "C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB931784) --> "C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB932168) --> "C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB933729) --> "C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB935839) --> "C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB935840) --> "C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB936021) --> "C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB937894) --> "C:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB938829) --> "C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB941202) --> "C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB941568) --> "C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB941569) --> "C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB941644) --> "C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB941693) --> "C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB943055) --> "C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB943460) --> "C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB943485) --> "C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB944653) --> "C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB945553) --> "C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB946026) --> "C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB948590) --> "C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB948881) --> "C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe"
Actualización para Windows XP (KB927891) --> "C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Actualización para Windows XP (KB930916) --> "C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Actualización para Windows XP (KB936357) --> "C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe"
Actualización para Windows XP (KB938828) --> "C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Actualización para Windows XP (KB942763) --> "C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Ad-Aware SE Professional --> C:\ARCHIV~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\ARCHIV~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Anchor Service CS3 --> MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3 --> MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3 --> MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting --> MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0 --> MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps --> MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color Common Settings --> MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
Adobe Color EU Extra Settings --> MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings --> MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings --> MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Device Central CS3 --> MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2 --> MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}
Adobe Flash CS3 --> MsiExec.exe /I{6B52140A-F189-4945-BFFC-DB3F00B8C589}
Adobe Flash CS3 Professional --> C:\Archivos de programa\Archivos comunes\Adobe\Installers\c3c7fe8b09d497ab2b3fd91c9353390\Setup.exe
Adobe Flash Player 9 ActiveX --> MsiExec.exe /X{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Video Encoder --> MsiExec.exe /I{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}
Adobe Help Viewer CS3 --> MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS3 --> MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files --> MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Reader 7.0.8 - Español --> MsiExec.exe /I{AC76BA86-7AD7-1034-7B44-A70800000002}
Adobe Setup --> MsiExec.exe /I{FFC1ADE3-944B-4231-894E-3903C37271D2}
Adobe Shockwave Player --> MsiExec.exe /X{43BFB9E2-169C-46A9-BB81-141A37FD9750}
Adobe Type Support --> MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3 --> MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client --> MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin --> MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Album List for Winamp v2.06 (remove only) --> C:\Archivos de programa\Winamp\Plugins\uninstall-AL.exe
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
Ares 2.0.9 --> "C:\Archivos de programa\Ares\uninstall.exe"
Barra de herramientas de Outlook de Windows Live (Windows Live Toolbar) --> MsiExec.exe /X{F93FCD41-9C70-416C-BAF9-656BE8E4FDF5}
Bloqueador de ventanas emergentes (Windows Live Toolbar) --> MsiExec.exe /X{2D50194D-D325-4E5C-A276-645A6F960148}
BOClean --> C:\WINDOWS\UNBOC.EXE
C-Media 3D Audio --> C:\WINDOWS\CMIUnInstall.exe
CCleaner (remove only) --> "C:\Archivos de programa\CCleaner\uninst.exe"
Compresor WinRAR --> C:\Archivos de programa\WinRAR\uninstall.exe
DAMN NFO Viewer Setup --> MsiExec.exe /I{D5DE2E28-2BA1-4CF8-A4C5-D3D2AE0A9E38}
Detector de suministros de Windows Live Toolbar (Windows Live Toolbar) --> MsiExec.exe /X{3A0CCCB6-E9A8-48A8-AD1F-17EBEBFC9647}
Eset Fix v3 hasta el 2029 x Dasumo --> C:\Archivos de programa\ESET\uninstall.exe
ESET NOD32 Antivirus --> MsiExec.exe /I{0CD8B5F6-07F5-4966-AD48-290A948A5BC5}
EVEREST Ultimate Edition v3.50 --> "C:\Archivos de programa\Lavalys\EVEREST Ultimate Edition\unins000.exe"
Extensión de Windows Live Toolbar (Windows Live Toolbar) --> MsiExec.exe /X{01802DCC-4DE0-440B-A63B-FCB0C521DBC3}
Galería fotográfica de Windows Live --> MsiExec.exe /X{937DC62D-E794-431B-84E5-ADC2D23B12ED}
Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
HijackThis 1.99.1 --> C:\Windows\Temp\Rar$EX00.750\HijackThis.exe /uninstall
Image Resizer Powertoy for Windows XP --> MsiExec.exe /I{1CB92574-96F2-467B-B793-5CEB35C40C29}
Java™ SE Runtime Environment 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}
K-Lite Mega Codec Pack 1.60 --> "C:\Archivos de programa\K-Lite Codec Pack\unins000.exe"
Lexmark X1100 Series --> C:\WINDOWS\system32\spool\drivers\w32x86\3\LXBKUN5C.EXE -dLexmark X1100 Series
Macromedia Dreamweaver 8 --> MsiExec.exe /I{117E076F-5EB0-408D-B7A9-D94511FE834D}
Macromedia Extension Manager --> MsiExec.exe /I{F443F171-B49B-4645-915C-580E7ED79992}
Macromedia Flash 8 --> MsiExec.exe /I{2BD5C305-1B27-4D41-B690-7A61172D2FEB}
Macromedia Flash 8 Video Encoder --> MsiExec.exe /X{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}
Macromedia Flash Player 8 --> MsiExec.exe /X{885A63EA-382B-4DD4-A755-14809B8557D6}
Macromedia Flash Player 8 Plugin --> MsiExec.exe /X{91057632-CA70-413C-B628-2D3CDBBB906B}
Menús inteligentes (Windows Live Toolbar) --> MsiExec.exe /X{1479D5E1-7F8D-49CB-AD0A-6DD8ED37662E}
MicroBest Cracklock 3.8.1 --> "C:\Archivos de programa\Cracklock\unins000.exe"
MicroBest Cracklock 3.8.1 --> "C:\Archivos de programa\Cracklock\unins001.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110C0A-6000-11D3-8CFE-0150048383C9}
Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU] --> MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Mozilla Firefox (2.0.0.14) --> I:\Mozilla Firefox\App\firefox\uninstall\helper.exe
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{79ACDEE9-29B6-4E2A-8C65-4352774D5BEA}
Nero 7.5.9.0 --> "C:\Archivos de programa\Nero\unins000.exe"
Nero BurnRights --> C:\WINDOWS\UNNeroBurnRights.exe /UNINSTALL
NOD32 FiX v2.1 --> "C:\Archivos de programa\Eset\unins000.exe"
NOD32 v3.x FiX 1.1 by TemDono (Free Updates - Expire in 2050) --> "C:\Archivos de programa\ESET\ESET NOD32 Antivirus\unins000.exe"
OneCare Advisor (Windows Live Toolbar) --> MsiExec.exe /X{AAF4762D-E4A9-446B-9F24-B2A5EABDA6A5}
OpenMG Secure Module 4.7.00 --> C:\ARCHIV~1\ARCHIV~1\INSTAL~1\Driver\1150\INTEL3~1\IDriver.exe /M{CCD663AE-610D-4BDF-AAB0-E914B044527D} UNINSTALL
PDF Settings --> MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
PowerDVD --> RunDll32 C:\ARCHIV~1\ARCHIV~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Archivos de programa\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
QuickTime --> MsiExec.exe /I{BFD96B89-B769-4CD6-B11E-E79FFD46F067}
Revisión para el Reproductor de Windows Media 11 (KB939683) --> "C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Search Settings 1.1 --> MsiExec.exe /X{32AD1A7A-25F1-44B9-A396-EA8A4A6605B0}
SoulSeek Client 156c --> "C:\Archivos de programa\Soulseek\uninstall.exe"
Spybot - Search & Destroy --> "C:\Archivos de programa\Spybot - Search & Destroy\unins001.exe"
Spybot - Search & Destroy 1.5.2.20 --> "C:\WINDOWS\unins000.exe"
SRS Audio Sandbox --> MsiExec.exe /X{8CC471A6-26FD-450E-A636-D985AE467A9D}
Total Video Converter 3.12 080330 --> "C:\Archivos de programa\Total Video Converter\unins000.exe"
TuneUp Utilities 2007 --> MsiExec.exe /I{C8BB4912-12D9-42AE-B571-E580D8CD1B5B}
Unlocker 1.8.5 --> C:\Archivos de programa\Unlocker\uninst.exe
VideoLAN VLC media player 0.8.5 --> C:\Archivos de programa\VideoLAN\VLC\uninstall.exe
Visor de resaltado (Windows Live Toolbar) --> MsiExec.exe /X{E8B5B4D8-C7EA-4A81-B1DD-A7F4B779B324}
Winamp --> "C:\Archivos de programa\Winamp\UninstWA.exe"
Winamp Remote --> "C:\Archivos de programa\Winamp Remote\uninstall.exe"
Winamp Toolbar for Firefox --> "C:\Documents and Settings\LiNkIn485\Datos de programa\Mozilla\Firefox\Profiles\4lupkphh.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\uninstall.exe"
Winamp Toolbar for Internet Explorer --> "C:\Archivos de programa\Winamp Toolbar\uninstall.exe"
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Installer Clean Up --> MsiExec.exe /X{121634B0-2F4B-11D3-ADA3-00C04F52DD52}
Windows Live Asistente para el inicio de sesión --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Live Favorites para Windows Live Toolbar --> MsiExec.exe /X{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}
Windows Live installer --> MsiExec.exe /X{9E1DDBE7-BF44-4AC8-87CA-3D25FC63C6E1}
Windows Live Messenger --> MsiExec.exe /X{FC411B47-30BF-428C-9C1E-F6C54A94EA7E}
Windows Live Toolbar --> "C:\Archivos de programa\Windows Live Toolbar\UnInstall.exe" {6998733B-9A6B-4DDE-954A-06992583AB12}
Windows Live Toolbar --> MsiExec.exe /X{6998733B-9A6B-4DDE-954A-06992583AB12}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinSnap --> C:\Archivos de programa\WinSnap\uninst.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type1959 / Warning
Event Submitted/Written: 05/11/2008 08:48:55 PM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Error al detectar la característica 'SearchSettingBHO' del producto '{32AD1A7A-25F1-44B9-A396-EA8A4A6605B0}' durante la solicitud del componente '{F6222920-2075-4D76-9553-A77F08515E43}'

Event Record #/Type1958 / Warning
Event Submitted/Written: 05/11/2008 08:48:55 PM
Event ID/Source: 1004 / MsiInstaller
Event Description:
Error al detectar el componente '{F6222920-2075-4D76-9553-A77F08515E43}' de la característica 'SearchSettingBHO' del producto '{32AD1A7A-25F1-44B9-A396-EA8A4A6605B0}. No existe el recurso 'C:\Archivos de programa\Search Settings\kb126\SearchSettings.dll'.

Event Record #/Type1956 / Warning
Event Submitted/Written: 05/11/2008 08:48:26 PM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Error al detectar la característica 'SearchSettingBHO' del producto '{32AD1A7A-25F1-44B9-A396-EA8A4A6605B0}' durante la solicitud del componente '{F6222920-2075-4D76-9553-A77F08515E43}'

Event Record #/Type1955 / Warning
Event Submitted/Written: 05/11/2008 08:48:26 PM
Event ID/Source: 1004 / MsiInstaller
Event Description:
Error al detectar el componente '{F6222920-2075-4D76-9553-A77F08515E43}' de la característica 'SearchSettingBHO' del producto '{32AD1A7A-25F1-44B9-A396-EA8A4A6605B0}. No existe el recurso 'C:\Archivos de programa\Search Settings\kb126\SearchSettings.dll'.

Event Record #/Type1954 / Error
Event Submitted/Written: 05/11/2008 08:48:26 PM
Event ID/Source: 11324 / MsiInstaller
Event Description:
Product: Search Settings 1.1 -- Error 1324.The path Mozilla Firefox contains an invalid character.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type6465 / Error
Event Submitted/Written: 05/11/2008 09:12:45 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
El servicio ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## no pudo iniciarse debido al siguiente error:
%%3

Event Record #/Type6457 / Error
Event Submitted/Written: 05/11/2008 08:55:22 PM
Event ID/Source: 7034 / Service Control Manager
Event Description:
El servicio Windows Installer se terminó de manera inesperada. Esto ha sucedido 4 veces.

Event Record #/Type6451 / Error
Event Submitted/Written: 05/11/2008 08:47:09 PM
Event ID/Source: 7034 / Service Control Manager
Event Description:
El servicio LexBce Server se terminó de manera inesperada. Esto ha sucedido 1 veces.

Event Record #/Type6450 / Error
Event Submitted/Written: 05/11/2008 08:46:21 PM
Event ID/Source: 7034 / Service Control Manager
Event Description:
El servicio Windows Installer se terminó de manera inesperada. Esto ha sucedido 3 veces.

Event Record #/Type6447 / Error
Event Submitted/Written: 05/11/2008 08:45:10 PM
Event ID/Source: 7034 / Service Control Manager
Event Description:
El servicio Windows Installer se terminó de manera inesperada. Esto ha sucedido 2 veces.



-- End of Deckard's System Scanner: finished at 2008-05-11 21:46:39 ------------



ComboFix log:

ComboFix 08-05-09.1 - xLinKin485 2008-05-11 21:06:38.6 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.3082.18.206 [GMT -4:00]
Se ejecuta desde: C:\Documents and Settings\xLinKin485\Escritorio\ComboFix.exe
* Resident AV is active


ADVERTENCIA - ESTE EQUIPO NO TIENE INSTALADA LA CONSOLA DE RECUPERACION!
.

(((((((((((((((((((((((((((((((((((( Otras eliminaciones )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\mnnoqqru.ini
C:\WINDOWS\system32\mnnoqqru.ini2
C:\WINDOWS\system32\ptppgxlq.ini
C:\WINDOWS\system32\qlxgpptp.dll
C:\WINDOWS\system32\wooxckiq.dll

.
(((((((((((((((((( Archivos creados desde 2008-04-12 - 2008-05-12 )))))))))))))))))))))))))))))))))
.

2008-05-11 20:54 . 2008-05-11 20:57 <DIR> d-------- C:\Documents and Settings\All Users\Datos de programa\BOC426
2008-05-11 20:54 . 2008-05-11 20:54 <DIR> d-------- C:\Archivos de programa\Comodo
2008-05-11 20:54 . 2008-05-11 20:54 <DIR> d-------- C:\Archivos de programa\CCleaner
2008-05-11 20:54 . 2008-03-28 09:17 212,728 --a------ C:\WINDOWS\CMDLIC.DLL
2008-05-11 20:54 . 2008-03-28 09:16 205,560 --a------ C:\WINDOWS\UNBOC.EXE
2008-05-11 20:54 . 2004-08-19 09:42 25,600 --a------ C:\WINDOWS\system32\wsock32.dlb
2008-05-11 20:54 . 2008-05-11 21:11 732 --a------ C:\WINDOWS\BOC426.INI
2008-05-11 20:40 . 2008-05-11 20:40 <DIR> d-------- C:\Archivos de programa\Windows Installer Clean Up
2008-05-11 20:40 . 2008-05-11 20:40 <DIR> d-------- C:\Archivos de programa\MSECACHE
2008-05-11 20:22 . 2008-05-11 20:22 2,112 --a------ C:\WINDOWS\system32\cdyucjlk.exe
2008-05-11 19:49 . 2008-05-11 19:49 2,112 --a------ C:\WINDOWS\system32\dmmevsmf.exe
2008-05-11 17:37 . 2008-05-11 17:38 <DIR> d-------- C:\Documents and Settings\LiNkIn485\Datos de programa\FLV Extract
2008-05-11 15:49 . 2008-05-11 15:49 2,112 --a------ C:\WINDOWS\system32\loervjoi.exe
2008-05-11 15:40 . 2008-05-11 15:40 2,112 --a------ C:\WINDOWS\system32\iddmwhdc.exe
2008-05-10 15:40 . 2008-05-10 15:40 2,112 --a------ C:\WINDOWS\system32\tfjgvaqt.exe
2008-05-09 12:31 . 2008-05-09 12:31 2,112 --a------ C:\WINDOWS\system32\ttsnkgvw.exe
2008-05-08 20:51 . 2008-05-10 18:14 <DIR> d-------- C:\WINDOWS\system32\Adobe
2008-05-08 09:29 . 2008-05-08 09:29 2,112 --a------ C:\WINDOWS\system32\jspgfkjk.exe
2008-05-07 08:11 . 2008-05-07 08:11 2,112 --a------ C:\WINDOWS\system32\dwacrwni.exe
2008-05-04 21:24 . 2008-05-04 21:24 <DIR> d-------- C:\Documents and Settings\xLinKin485\dwhelper
2008-05-03 14:57 . 2007-09-14 00:21 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll
2008-04-30 23:09 . 2008-01-07 14:29 352 --ah----- C:\WINDOWS\nod32fixtemdono.reg
2008-04-30 22:59 . 2008-04-30 22:59 <DIR> d-------- C:\Documents and Settings\xLinKin485\Datos de programa\DivX
2008-04-30 22:58 . 2008-04-30 22:59 <DIR> d-------- C:\Documents and Settings\xLinKin485\Datos de programa\Media Player Classic
2008-04-30 21:50 . 2008-04-30 21:50 <DIR> d-------- C:\Documents and Settings\All Users\Datos de programa\ESET
2008-04-30 20:31 . 2008-04-30 20:31 <DIR> d-------- C:\Documents and Settings\LiNkIn485\dwhelper
2008-04-27 01:31 . 2008-04-27 01:32 <DIR> d-------- C:\Documents and Settings\xLinKin485\Datos de programa\Winamp
2008-04-27 01:28 . 2008-05-11 20:18 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Configuración local
2008-04-27 01:28 . 2008-05-11 20:18 <DIR> d-------- C:\Documents and Settings\xLinKin485\Configuración local
2008-04-27 01:28 . 2008-05-11 20:18 <DIR> d-------- C:\Documents and Settings\NetworkService\Configuración local
2008-04-27 01:28 . 2008-05-11 20:18 <DIR> d-------- C:\Documents and Settings\LocalService\Configuración local
2008-04-27 01:28 . 2008-05-11 20:18 <DIR> d-------- C:\Documents and Settings\LiNkIn485\Configuración local
2008-04-27 01:28 . 2008-05-11 20:18 <DIR> d-------- C:\Documents and Settings\JvC\Configuración local
2008-04-27 01:28 . 2008-05-11 20:18 <DIR> d-------- C:\Documents and Settings\Isabel\Configuración local
2008-04-27 01:28 . 2008-05-11 20:18 <DIR> d-------- C:\Documents and Settings\CoTe\Configuración local
2008-04-27 01:28 . 2008-05-11 20:18 <DIR> d-------- C:\Documents and Settings\Administrador\Configuración local
2008-04-27 00:26 . 2008-04-27 00:26 <DIR> d-------- C:\Archivos de programa\Panda Security
2008-04-27 00:25 . 2008-04-27 00:25 0 --a------ C:\WINDOWS\mozver.dat
2008-04-26 23:50 . 2008-04-26 23:50 <DIR> d-------- C:\Documents and Settings\xLinKin485\Datos de programa\Uniblue
2008-04-26 23:43 . 2008-04-26 23:43 <DIR> d-------- C:\Documents and Settings\xLinKin485\Datos de programa\TuneUp Software
2008-04-26 23:21 . 2008-04-26 23:21 <DIR> d-------- C:\Documents and Settings\xLinKin485\Datos de programa\Talkback
2008-04-26 23:20 . 2007-12-30 13:24 <DIR> d--h----- C:\Documents and Settings\xLinKin485\Plantillas
2008-04-26 23:20 . 2008-04-30 23:30 <DIR> dr------- C:\Documents and Settings\xLinKin485\Mis documentos
2008-04-26 23:20 . 2007-12-30 13:24 <DIR> dr------- C:\Documents and Settings\xLinKin485\Men£ Inicio
2008-04-26 23:20 . 2007-12-30 13:24 <DIR> d--h----- C:\Documents and Settings\xLinKin485\Impresoras
2008-04-26 23:20 . 2008-04-26 23:20 <DIR> dr------- C:\Documents and Settings\xLinKin485\Favoritos
2008-04-26 23:20 . 2008-05-11 20:54 <DIR> d-------- C:\Documents and Settings\xLinKin485\Escritorio
2008-04-26 23:20 . 2007-12-30 13:24 <DIR> d--h----- C:\Documents and Settings\xLinKin485\Entorno de red
2008-04-26 23:20 . 2008-05-11 20:32 <DIR> dr-h----- C:\Documents and Settings\xLinKin485\Datos de programa
2008-04-26 23:20 . 2008-05-11 21:09 <DIR> d--h----- C:\Documents and Settings\xLinKin485\Configuraci¢n local
2008-04-26 23:20 . 2008-05-11 20:56 <DIR> d-------- C:\Documents and Settings\xLinKin485
2008-04-26 23:20 . 2008-05-11 21:12 94,208 --ah----- C:\Documents and Settings\xLinKin485\NTUSER.DAT.LOG
2008-04-24 15:43 . 2008-04-24 15:43 <DIR> d-------- C:\Documents and Settings\CoTe\Datos de programa\DivX
2008-04-22 13:18 . 2008-04-22 13:18 1,540,977 ---hs---- C:\WINDOWS\system32\tsvnjfhs.tmp
2008-04-21 19:13 . 2008-04-21 17:46 294 --ahs---- C:\WINDOWS\system32\odgebypl.ini
2008-04-21 12:41 . 2008-04-21 12:41 1,540,737 ---hs---- C:\WINDOWS\system32\odgebypl.tmp
2008-04-19 19:36 . 2008-04-19 19:36 <DIR> d-------- C:\Archivos de programa\Microsoft Silverlight
2008-04-19 18:27 . 2008-04-19 18:27 1,530,769 ---hs---- C:\WINDOWS\system32\scrijhkn.tmp
2008-04-16 13:48 . 2008-04-17 13:46 954 ---hs---- C:\WINDOWS\system32\mutxyadl.ini
2008-04-15 13:32 . 2008-05-03 22:53 268 --ah----- C:\sqmdata19.sqm
2008-04-15 13:32 . 2008-05-03 22:53 244 --ah----- C:\sqmnoopt19.sqm
2008-04-14 20:55 . 2008-04-14 20:55 101,952 --a------ C:\WINDOWS\system32\hkbjkojf.dll
2008-04-14 14:37 . 2008-05-03 18:21 268 --ah----- C:\sqmdata18.sqm
2008-04-14 14:37 . 2008-05-03 18:21 244 --ah----- C:\sqmnoopt18.sqm

.
(((((((((((((((((((((((((((((((((((((( Reporte Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-11 22:40 --------- d-----w C:\Archivos de programa\Unlocker
2008-05-01 01:54 --------- d-----w C:\Archivos de programa\Eset
2008-04-28 02:22 --------- d-----w C:\Archivos de programa\Ares
2008-04-27 05:07 --------- d-----w C:\Documents and Settings\All Users\Datos de programa\Spybot - Search & Destroy
2008-04-21 01:46 --------- d-----w C:\Archivos de programa\Lexmark X1100 Series
2008-04-13 19:05 --------- d-----w C:\Documents and Settings\All Users\Datos de programa\WLInstaller
2008-04-13 04:00 --------- d-----w C:\Archivos de programa\Windows Live
2008-04-13 03:28 --------- d-----w C:\Archivos de programa\Winamp
2008-04-06 21:17 --------- d-----w C:\Archivos de programa\Spybot - Search & Destroy
2008-04-06 21:17 --------- d-----w C:\Archivos de programa\microsoft frontpage
2008-04-06 21:07 691,545 ----a-w C:\WINDOWS\unins000.exe
2008-04-06 19:49 --------- d-----w C:\Documents and Settings\CoTe\Datos de programa\Search Settings
2008-04-06 19:49 --------- d-----w C:\Documents and Settings\CoTe\Datos de programa\Dealio
2008-04-03 20:04 --------- d-----w C:\Documents and Settings\Isabel\Datos de programa\Search Settings
2008-04-03 20:04 --------- d-----w C:\Documents and Settings\Isabel\Datos de programa\Dealio
2008-04-03 17:26 --------- d-----w C:\Archivos de programa\Total Video Converter
2008-04-01 15:01 --------- d-----w C:\Documents and Settings\All Users\Datos de programa\Winamp Toolbar
2008-04-01 15:01 --------- d-----w C:\Documents and Settings\All Users\Datos de programa\OrbNetworks
2008-04-01 15:01 --------- d-----w C:\Archivos de programa\Winamp Toolbar
2008-04-01 15:01 --------- d-----w C:\Archivos de programa\Winamp Remote
2008-04-01 14:55 --------- d-----w C:\Documents and Settings\LiNkIn485\Datos de programa\Winamp
2008-03-31 19:15 --------- d-----w C:\Documents and Settings\LiNkIn485\Datos de programa\Search Settings
2008-03-30 18:17 --------- d-----w C:\Documents and Settings\JvC\Datos de programa\Search Settings
2008-03-30 18:08 --------- d-----w C:\Documents and Settings\JvC\Datos de programa\Dealio
2008-03-30 18:00 --------- d-----w C:\Documents and Settings\JvC\Datos de programa\RateMyScreensaver
2008-03-30 16:44 --------- d-----w C:\Archivos de programa\Google
2008-03-29 19:05 --------- d-----w C:\Documents and Settings\LiNkIn485\Datos de programa\uTorrent
2008-03-29 18:58 --------- d-----w C:\Archivos de programa\uTorrent
2008-03-29 18:36 --------- d---a-w C:\Documents and Settings\All Users\Datos de programa\TEMP
2008-03-29 18:36 --------- d-----w C:\Documents and Settings\LiNkIn485\Datos de programa\Any Video Converter Professional
2008-03-29 18:00 --------- d-----w C:\Archivos de programa\Video Converter for Nokia Smartphones
2008-03-28 19:22 --------- d-----w C:\Archivos de programa\Cracklock
2008-03-15 19:55 --------- d-----w C:\Documents and Settings\JvC\Datos de programa\vlc
2008-03-12 13:54 --------- d-----w C:\Documents and Settings\Isabel\Datos de programa\Talkback
2008-03-06 21:29 98,304 ----a-w C:\WINDOWS\DUMP4054.tmp
2006-05-06 16:42 7,260,160 ----a-w C:\Archivos de programa\mozilla firefox\plugins\libvlc.dll
.

((((((((((((((((((((((((((((((((( Cargando Puntos Reg ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* entradas vac¡as & entradas leg¡timas predeterminadas no son mostradas

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{13158CA1-9521-4415-8997-8267826F1BDC}]
2008-04-10 15:05 367104 --a------ C:\WINDOWS\system32\urqqonnm.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
2008-03-19 18:36 1267040 --a------ C:\Archivos de programa\Winamp Toolbar\winamptb.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= "C:\Archivos de programa\Winamp Toolbar\winamptb.dll" [2008-03-19 18:36 1267040]

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Archivos de programa\Winamp Toolbar\winamptb.dll [2008-03-19 18:36 1267040]

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 09:42 15360]
"ares"="C:\Archivos de programa\Ares\Ares.exe" [2008-02-20 10:33 963072]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Lexmark X1100 Series"="C:\Archivos de programa\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 06:18 57344]
"Cmaudio"="cmicnfg.cpl" []
"egui"="C:\Archivos de programa\ESET\ESET NOD32 Antivirus\egui.exe" [2008-02-29 14:54 1443072]
"BOC-426"="C:\ARCHIV~1\Comodo\CBOClean\BOC426.exe" [2008-04-10 11:08 351480]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 09:42 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide3"="cmd.exe" [2004-08-19 09:42 402944 C:\WINDOWS\system32\cmd.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableStatusMessages"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoDesktopCleanupWizard"= 1 (0x1)
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoResolveSearch"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoResolveSearch"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tuvtqrqr]
tuvtqrqr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=CLKERN.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i420vfw.dll
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
"vidc.yv12"= yv12vfw.dll
"msacm.l3fhg"= mp3fhg.acm
"msacm.imc"= imc32.acm

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe
"Uniblue RegistryBooster 2"=C:\Archivos de programa\Uniblue\RegistryBooster 2\RegistryBooster.exe /S

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"BM039af7b2"=Rundll32.exe "C:\WINDOWS\system32\wooxckiq.dll",s
"00a9c42e"=rundll32.exe "C:\WINDOWS\system32\qlxgpptp.dll",b
"SearchSettings"=C:\Archivos de programa\Search Settings\SearchSettings.exe
"Boot Ai"=bootai.exe
"cart"=C:\WINDOWS\system32\cart.exe \u
"QuickTime Task"="C:\Archivos de programa\K-Lite Codec Pack\QuickTime\QTTask.exe" -atboottime

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Archivos de programa\\Ares\\Ares.exe"=
"C:\\WINDOWS\\system32\\LEXPPS.EXE"=
"C:\\Archivos de programa\\uTorrent\\uTorrent.exe"=
"C:\\Archivos de programa\\Winamp Remote\\bin\\Orb.exe"=
"C:\\Archivos de programa\\Winamp Remote\\bin\\OrbTray.exe"=
"C:\\Archivos de programa\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"C:\\Archivos de programa\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Archivos de programa\\Windows Live\\Messenger\\livecall.exe"=

R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-02-29 14:56]
R2 UxTuneUp;TuneUp Ampliación del thema;C:\WINDOWS\System32\svchost.exe [2004-08-19 09:43]
R3 usbscan;Controlador de escáner USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2006-12-17 22:19]
R3 usbstor;Dispositivo de almacenamiento masivo de datos USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 17:08]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;C:\Archivos de programa\Lavalys\EVEREST Ultimate Edition\kerneld.wnt [2006-10-18 19:00]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{08B0E5C0-4FCB-11CF-AAX5-81C01C608512}]
C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\isee.exe
.
Contenido de carpeta 'Tareas Programadas'
"2008-05-12 00:54:49 C:\WINDOWS\Tasks\Comprobar actualizaciones de Windows Live Toolbar.job"
- C:\Archivos de programa\Windows Live Toolbar\MSNTBUP.EXE
"2008-04-25 21:17:41 C:\WINDOWS\Tasks\Mantenimiento con 1 clic.job"
- C:\Archivos de programa\TuneUp Utilities 2007\SystemOptimizer.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-11 21:11:21
Windows 5.1.2600 Service Pack 2 NTFS

escaneando procesos ocultos ...

escaneando entradas ocultas de autostart ...

escaneando archivos ocultos ...


folder error: C:\Windows\Temp"\

el escaneo se completo con exito
archivos ocultos: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\C:\Archivos de programa\Lavalys\EVEREST Ultimate Edition\kerneld.wnt"
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\Archivos de programa\Comodo\CBOClean\BOCore.exe
C:\Archivos de programa\Eset\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\rundll32.exe
C:\Archivos de programa\Lexmark X1100 Series\lxbkbmon.exe
.
**************************************************************************
.
Tiempo completado: 2008-05-11 21:16:09 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-12 01:16:00

8 dirs 47,657,230,336 bytes libres
10 dirs 47,619,452,928 bytes libres

254 --- E O F --- 2008-05-01 20:25:53

BC AdBot (Login to Remove)

 


#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:01:06 PM

Posted 31 May 2008 - 11:50 AM

Hi,

First of all... not sure where you have read the instructions to use Combofix, but the first step required before you run it is to install the Recovery Console.
Read here how to do this with Combofix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

The reason why Recovery Console is recommended is because malware damages a lot and causes an instable system - and because of that, it may happen that your computer won't be able to boot anymore. With the Recovery Console installed, there are extra options present to repair whatever malware damaged. Also, even though you're not infected, the presence of the Recovery Console is a useful feature in case a computer won't boot anymore because of several other reasons. Read here what you can do with the Recovery Console.

Extra note: After you have installed the Recovery Console - if you reboot your computer, right after reboot, you'll see the option for the Recovery Console now as well.
Don't select to run the Recovery Console as we don't need it.
By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows.
Also, redownload Combofix because above one is an outdated version. Post the new log in your next reply together with a HijackThislog.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:01:06 PM

Posted 11 June 2008 - 08:02 AM

Due to the lack of feedback, this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users