Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Xp Securitycenter Infection


  • This topic is locked This topic is locked
10 replies to this topic

#1 Daimeion

Daimeion

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:02:06 AM

Posted 20 June 2008 - 01:47 PM

My friend's PC (Spanish language version of XP) has been infected with XP SecurityCenter. It disabled his anti-virus, and most malware removal programs I tried to run would not run. Finally, Malwarebyte's Anti-Malware was able to remove most of it, but there are some remnants. Here is the HTJ log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:59:19 PM, on 6/19/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\Archivos de programa\iTunes\iTunesHelper.exe
C:\Archivos de programa\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Archivos de programa\Messenger\msmsgs.exe
C:\Archivos de programa\Digital Line Detect\DLG.exe
C:\Archivos de programa\iPod\bin\iPodService.exe
C:\ARCHIV~1\AVG\AVG8\avgwdsvc.exe
C:\ARCHIV~1\AVG\AVG8\avgrsx.exe
C:\ARCHIV~1\AVG\AVG8\avgemc.exe
C:\Archivos de programa\AVG\AVG8\avgtray.exe
C:\Documents and Settings\Personal\Escritorio\dss.exe
C:\ARCHIV~1\TRENDM~1\HIJACK~1\Personal.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Archivos de programa\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Archivos de programa\AVG\AVG8\avgssie.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Archivos de programa\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Archivos de programa\K-Lite Codec Pack\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Archivos de programa\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Archivos de programa\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Archivos de programa\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdlqj.exe] C:\WINDOWS\system32\kdlqj.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Archivos de programa\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARCHIV~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Archivos de programa\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Archivos de programa\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Servicio de red')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Recorte de pantalla e Inicio rápido de OneNote 2007.lnk = C:\Archivos de programa\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Digital Line Detect.lnk = C:\Archivos de programa\Digital Line Detect\DLG.exe
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARCHIV~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARCHIV~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Archivos de programa\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Archivos de programa\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{5D5B1E1E-2523-49D6-9CB8-E603DEA9607A}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{790D4AB9-0AD5-4133-952F-4BE0DFF6AA4F}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{F81C05E6-7E35-4EC0-99D2-308CAA975C81}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\..\{5D5B1E1E-2523-49D6-9CB8-E603DEA9607A}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.113.74 85.255.112.36
O17 - HKLM\System\CS2\Services\Tcpip\..\{5D5B1E1E-2523-49D6-9CB8-E603DEA9607A}: NameServer = 85.255.113.74,85.255.112.36
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARCHIV~1\MICROS~1\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Archivos de programa\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: cru629.dat????5.1,avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\ARCHIV~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARCHIV~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Servicio del iPod (iPod Service) - Apple Inc. - C:\Archivos de programa\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 6952 bytes


Thanks,

Daimeion

BC AdBot (Login to Remove)

 


#2 Simon V.

Simon V.

  • Members
  • 439 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:06 PM

Posted 22 June 2008 - 11:24 AM

Hello, and welcome to the forum.

My name is Simon V., and I'll be glad to help you with your computer problems.

Step 1

Please download and install CCleaner.

Open CCleaner. On the Windows tab, leave the default options alone.
  • On the Applications tab, check (tick) all the boxes except Saved Form Information. This will remove all your saved passwords if you leave this box checked.
  • Click on the Run Cleaner button at the bottom right hand corner.
  • When the cleaner has completed, click Tools in the Left Pane.
  • Verify that Uninstall is highlighted in color, or click on it.
  • In the lower right, click Save to Text File.
  • Pull down the arrow at the top of the Save dialog and choose Desktop as the location.
  • You can leave the filename as install.txt.
  • Click Save, then exit Ccleaner.
Step 2

Please download Deckard's System Scanner (DSS) and save it to your desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, Deckard's System Scanner will open two Notepad files: main.txt and extra.txt - please save them to a convenient location.
Step 3

Close all programs before continuing, and try not to run anything during the scan.

Please go to Kaspersky website and perform an online antivirus scan.
  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
Step 4

In your next reply, please post:
  • the CCleaner Uninstall List (install.txt)
  • the Deckard's System Scanner logs (main.txt and extra.txt)
  • the Kaspersky Online Scan report

Simon V.

Posted Image
Posted Image

So How Did I Get Infected In The First Place?
Stand Up and Be Counted!

My help at this forum is free, but if you wish to make a donation to help me continue the fight against malware - click here.

#3 Daimeion

Daimeion
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:02:06 AM

Posted 23 June 2008 - 02:45 PM

OK, CCleaner went no problem, but DSS went through the system restore and scan, but did not produce anything. Kaspersky went fine, but I forgot to save as a text file, and saved as an html file. But, I was able to copy it and paste it into this reply. Here is what I was able to produce:

From CCleaner:

Adobe Flash Player ActiveX
Adobe Reader 8.1.2 - Español
Ahead Nero Burning ROM
Apple Mobile Device Support
Apple Software Update
AVG Free 8.0
Barra Yahoo! con bloqueador de ventanas emergentes
Broadcom 440x 10/100 Integrated Controller
CCleaner (remove only)
Compresor WinRAR
Conexant HDA D330 MDC V.92 Modem
Dell Support Center
Dell Touchpad
Digital Line Detect
High Definition Audio Driver Package - KB835221
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
iTunes
J2SE Development Kit 5.0 Update 6
J2SE Runtime Environment 5.0 Update 6
K-Lite Mega Codec Pack 1.49
LiveReg (Symantec Corporation)
LiveUpdate 1.80 (Symantec Corporation)
Malwarebytes' Anti-Malware
Microsoft Office Enterprise 2007
Microsoft Visual C++ 2005 Redistributable
NVIDIA Drivers
PowerDVD
QuickTime
Shockwave Player
SigmaTel Audio
Skype™ 3.6
Spybot - Search & Destroy
Tarjeta de red inalámbrica WLAN de Dell
Winamp AudioPlayer
Windows Installer 3.1 (KB893803)
Windows Live Messenger
WinZip
Yahoo! Extras
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger

From Kaspersky:

Monday, June 23, 2008
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Monday, June 23, 2008 12:48:15
Records in database: 880580


Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes

Scan area My Computer
C:\
D:\

Scan statistics
Files scanned 33715
Threat name 1
Infected objects 2
Suspicious objects 0
Duration of the scan 00:40:31

File name Threat name Threats count
C:\Documents and Settings\Personal\Escritorio\PC Tools\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f 1

C:\Documents and Settings\Personal\Escritorio\SmitfraudFix.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f 1

The selected area was scanned.

Daimeion

#4 Simon V.

Simon V.

  • Members
  • 439 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:06 PM

Posted 23 June 2008 - 05:06 PM

Hi :thumbsup:

Click on Start, then Control Panel. Double click on Add or Remove Programs.

Please remove the following program(s):

J2SE Development Kit 5.0 Update 6
J2SE Runtime Environment 5.0 Update 6


Then download and install Java Runtime Environment (JRE) 6 Update 6.
__________________________

Please download OTScanIt.exe and save it to your desktop.
  • Double click on OTScanIt.exe to run it.
  • Click on Extract. Once done, you will be prompted. Click OK and click Close.
  • Double click on the OTScanIt folder. Double click on OTScanIt.exe to run it.
  • Under Drivers section, select Non-Microsoft.
  • Click on the Run Scan button at the top left hand corner.
  • OTScanIt will start running. Once done, Notepad will open. Please Please post the contents of this Notepad file in your next reply.

Simon V.

Posted Image
Posted Image

So How Did I Get Infected In The First Place?
Stand Up and Be Counted!

My help at this forum is free, but if you wish to make a donation to help me continue the fight against malware - click here.

#5 Daimeion

Daimeion
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:02:06 AM

Posted 23 June 2008 - 05:34 PM

Thanks for helping Simon!

I updated to Java 6.6 after uninstalling the outdated versions.
Here is the log for OTScan:

OTScanIt logfile created on: 6/23/2008 4:27:30 PM
OTScanIt by OldTimer - Version 1.0.15.16	 Folder = C:\Documents and Settings\Personal\Escritorio\OTScanIt
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: Estados Unidos | Language: ENU | Date Format: M/d/yyyy
 
1022.11 Mb Total Physical Memory | 650.44 Mb Available Physical Memory | 63.64% Memory free
2.40 Gb Paging File | 2.10 Gb Available in Paging File | 87.49% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Archivos de programa
Drive C: | 149.04 Gb Total Space | 139.65 Gb Free Space | 93.70% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PERSONAL-59E993
Current User Name: Personal
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user

[Processes - Non-Microsoft Only]
wltrysvc.exe -> %SystemRoot%\system32\WLTRYSVC.EXE ->  [Ver =  | Size = 24064 bytes | Modified Date = 10/9/2007 7:17:44 PM | Attr =	]
bcmwltry.exe -> %SystemRoot%\system32\BCMWLTRY.EXE -> Dell Inc. [Ver = 4.170.25.12 | Size = 1921024 bytes | Modified Date = 10/9/2007 7:17:40 PM | Attr =	]
applemobiledeviceservice.exe -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 10/31/2007 2:09:16 PM | Attr =	]
nvsvc32.exe -> %SystemRoot%\system32\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.11.0128 | Size = 163908 bytes | Modified Date = 5/11/2007 10:57:00 PM | Attr =	]
wltray.exe -> %SystemRoot%\system32\WLTRAY.EXE -> Dell Inc. [Ver = 4.170.25.12 | Size = 2183168 bytes | Modified Date = 10/9/2007 7:17:44 PM | Attr =	]
stsystra.exe -> %SystemRoot%\stsystra.exe -> SigmaTel, Inc. [Ver = 1.0.5511.0  nd595 cp1 | Size = 405504 bytes | Modified Date = 5/6/2007 5:10:52 PM | Attr =	]
ituneshelper.exe -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Inc. [Ver = 7.5.0.20 | Size = 267048 bytes | Modified Date = 11/15/2007 1:11:04 PM | Attr =	]
pdvdserv.exe -> %ProgramFiles%\CyberLink\PowerDVD\PDVDServ.exe -> Cyberlink Corp. [Ver = 7.00.2114 | Size = 29696 bytes | Modified Date = 9/18/2006 11:08:56 AM | Attr =	]
dlg.exe -> %ProgramFiles%\Digital Line Detect\DLG.exe -> Avanquest Software  [Ver = 1, 0, 0, 2 | Size = 50688 bytes | Modified Date = 11/3/2006 6:02:14 PM | Attr =	]
ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.5.0.20 | Size = 504104 bytes | Modified Date = 11/15/2007 1:10:54 PM | Attr =	]
avgwdsvc.exe -> %ProgramFiles%\AVG\AVG8\avgwdsvc.exe -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.100 | Size = 282904 bytes | Modified Date = 6/19/2008 2:59:02 PM | Attr =	]
avgrsx.exe -> %ProgramFiles%\AVG\AVG8\avgrsx.exe -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.84 | Size = 311576 bytes | Modified Date = 6/19/2008 2:59:04 PM | Attr =	]
avgemc.exe -> %ProgramFiles%\AVG\AVG8\avgemc.exe -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.80 | Size = 902424 bytes | Modified Date = 6/19/2008 2:59:04 PM | Attr =	]
avgtray.exe -> %ProgramFiles%\AVG\AVG8\avgtray.exe -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.94 | Size = 1177368 bytes | Modified Date = 6/19/2008 2:59:04 PM | Attr =	]
otscanit.exe -> %UserProfile%\Escritorio\OTScanIt\OTScanIt.exe -> OldTimer Tools [Ver = 1.0.15.16 | Size = 397312 bytes | Modified Date = 6/20/2008 1:47:40 PM | Attr =	]

[Win32 Services - Non-Microsoft Only]
(Apple Mobile Device) Apple Mobile Device [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 10/31/2007 2:09:16 PM | Attr =	]
(dmadmin) Servicio del administrador de discos lógicos [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\dmadmin.exe -> Microsoft Corp., VERITAS Software [Ver = 2600.2180.503.0 | Size = 225792 bytes | Modified Date = 8/19/2004 2:42:44 PM | Attr =	]
(iPod Service) Servicio del iPod [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.5.0.20 | Size = 504104 bytes | Modified Date = 11/15/2007 1:10:54 PM | Attr =	]
(NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Running] -> %SystemRoot%\system32\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.11.0128 | Size = 163908 bytes | Modified Date = 5/11/2007 10:57:00 PM | Attr =	]
(wltrysvc) Dell Wireless WLAN Tray Service [Win32_Own | Auto | Running] -> %SystemRoot%\System32\WLTRYSVC.EXE %SystemRoot%\System32\bcmwltry.exe -> File not found
(avg8wd) AVG8 WatchDog [Win32_Own | Auto | Running] -> %ProgramFiles%\AVG\AVG8\avgwdsvc.exe -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.100 | Size = 282904 bytes | Modified Date = 6/19/2008 2:59:02 PM | Attr =	]
(avg8emc) AVG8 E-mail Scanner [Win32_Own | Auto | Running] -> %ProgramFiles%\AVG\AVG8\avgemc.exe -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.80 | Size = 902424 bytes | Modified Date = 6/19/2008 2:59:04 PM | Attr =	]

[Driver Services - Non-Microsoft Only]
(BCM43XX) Controlador de la tarjeta de red inalámbrica WLAN de Dell [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\BCMWL5.SYS -> Broadcom Corp. [Ver = 4.170.25.12 | Size = 1123328 bytes | Modified Date = 10/9/2007 7:17:42 PM | Attr =	]
(bcm4sbxp) Broadcom 440x 10/100 Integrated Controller XP Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\bcm4sbxp.sys -> Broadcom Corporation [Ver = 4.60.0.0 built by: WinDDK | Size = 45568 bytes | Modified Date = 11/21/2006 4:25:44 AM | Attr = R  ]
(dmboot) dmboot [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 800256 bytes | Modified Date = 8/19/2004 2:28:34 PM | Attr =	]
(dmio) Controlador del administrador de discos lógicos [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 154240 bytes | Modified Date = 8/19/2004 2:28:40 PM | Attr =	]
(dmload) dmload [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 9/28/2001 5:00:00 AM | Attr =	]
(GEARAspiWDM) GEARAspiWDM [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\GEARAspiWDM.sys -> GEAR Software Inc. [Ver = 2.0.6.1 | Size = 15664 bytes | Modified Date = 9/19/2006 2:44:04 PM | Attr =	]
(HDAudBus) Microsoft UAA Bus Driver for High Definition Audio [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\Hdaudbus.sys -> Windows (R) Server 2003 DDK provider [Ver = 5.10.01.5013 built by: WinDDK | Size = 138752 bytes | Modified Date = 1/7/2005 5:07:18 PM | Attr =	]
(HSFHWAZL) HSFHWAZL [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\HSFHWAZL.sys -> Conexant Systems, Inc. [Ver = 7.59.00 built by: WinDDK | Size = 209152 bytes | Modified Date = 11/2/2006 6:47:00 PM | Attr =	]
(HSF_DPV) HSF_DPV [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\HSF_DPV.sys -> Conexant Systems, Inc. [Ver = 7.59.00 built by: WinDDK | Size = 989696 bytes | Modified Date = 11/2/2006 6:47:36 PM | Attr =	]
(mdmxsdk) mdmxsdk [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\mdmxsdk.sys -> Conexant [Ver = 1.0.2.012 | Size = 12672 bytes | Modified Date = 6/19/2006 1:26:58 PM | Attr =	]
(nv) nv [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\nv4_mini.sys -> NVIDIA Corporation [Ver = 6.14.11.0128 | Size = 6345472 bytes | Modified Date = 5/11/2007 10:57:00 PM | Attr =	]
(Ptilink) Controlador de vínculo paralelo directo [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 9/28/2001 5:00:00 AM | Attr =	]
(Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\secdrv.sys ->  [Ver =  | Size = 27440 bytes | Modified Date = 7/17/2004 10:36:38 AM | Attr =	]
(STHDA) SigmaTel High Definition Audio CODEC [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\sthda.sys -> SigmaTel, Inc. [Ver = 5.10.5511.0  nd595 cp1 | Size = 1222840 bytes | Modified Date = 5/6/2007 5:12:00 PM | Attr =	]
(SynTP) Synaptics TouchPad Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\SynTP.sys -> Synaptics, Inc. [Ver = 9.1.18.6 27Apr07 | Size = 202912 bytes | Modified Date = 4/27/2007 3:37:24 PM | Attr =	]
(UIUSys) Conexant Setup API [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\DRIVERS\UIUSYS.SYS -> File not found
(winachsf) winachsf [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\HSF_CNXT.sys -> Conexant Systems, Inc. [Ver = 7.59.00 built by: WinDDK | Size = 730112 bytes | Modified Date = 11/2/2006 6:46:56 PM | Attr =	]
(AvgMfx86) AVG On-access Scanner Minifilter Driver x86 [File_System | System | Running] -> %SystemRoot%\system32\drivers\avgmfx86.sys -> GRISOFT, s.r.o. [Ver = 8.0.0.46 | Size = 26184 bytes | Modified Date = 6/19/2008 2:59:10 PM | Attr =	]
(AvgLdx86) AVG AVI Loader Driver x86 [Kernel | System | Running] -> %SystemRoot%\system32\drivers\avgldx86.sys -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.58 | Size = 96520 bytes | Modified Date = 6/19/2008 2:59:13 PM | Attr =	]
(AvgTdiX) AVG8 Network Redirector [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\avgtdix.sys -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.87 | Size = 75272 bytes | Modified Date = 6/19/2008 2:59:18 PM | Attr =	]

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
Adobe Reader Speed Launcher -> %ProgramFiles%\Adobe\Reader 8.0\Reader\reader_sl.exe ["C:\Archivos de programa\Adobe\Reader 8.0\Reader\Reader_sl.exe"] -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 39792 bytes | Modified Date = 1/11/2008 10:16:38 PM | Attr =	]
AVG8_TRAY -> %ProgramFiles%\AVG\AVG8\avgtray.exe [C:\ARCHIV~1\AVG\AVG8\avgtray.exe] -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.94 | Size = 1177368 bytes | Modified Date = 6/19/2008 2:59:04 PM | Attr =	]
Broadcom Wireless Manager UI -> %SystemRoot%\system32\WLTRAY.EXE [C:\WINDOWS\system32\WLTRAY.exe] -> Dell Inc. [Ver = 4.170.25.12 | Size = 2183168 bytes | Modified Date = 10/9/2007 7:17:44 PM | Attr =	]
C:\WINDOWS\system32\kdlqj.exe -> %SystemRoot%\system32\kdlqj.exe [C:\WINDOWS\system32\kdlqj.exe] -> File not found
iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe ["C:\Archivos de programa\iTunes\iTunesHelper.exe"] -> Apple Inc. [Ver = 7.5.0.20 | Size = 267048 bytes | Modified Date = 11/15/2007 1:11:04 PM | Attr =	]
LanguageShortcut -> %ProgramFiles%\CyberLink\PowerDVD\Language\Language.exe ["C:\Archivos de programa\CyberLink\PowerDVD\Language\Language.exe"] ->  [Ver = 1, 0, 2129, 0 | Size = 49152 bytes | Modified Date = 9/29/2006 9:58:20 PM | Attr =	]
NeroCheck -> %SystemRoot%\system32\NeroCheck.exe [C:\WINDOWS\system32\NeroCheck.exe] -> Ahead Software Gmbh [Ver = 1, 0, 0, 2 | Size = 155648 bytes | Modified Date = 7/9/2001 11:50:42 AM | Attr =	]
NvCplDaemon -> %SystemRoot%\system32\nvcpl.dll [RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup] -> NVIDIA Corporation [Ver = 6.14.11.0128 | Size = 8429568 bytes | Modified Date = 5/11/2007 10:57:00 PM | Attr =	]
NVHotkey -> %SystemRoot%\system32\nvhotkey.dll [rundll32.exe nvHotkey.dll,Start] -> NVIDIA Corporation [Ver = 6.14.11.0128 | Size = 67584 bytes | Modified Date = 5/11/2007 10:57:00 PM | Attr =	]
nwiz -> %SystemRoot%\system32\nwiz.exe [nwiz.exe /installquiet] ->  [Ver =  | Size = 1626112 bytes | Modified Date = 5/11/2007 10:57:00 PM | Attr =	]
QuickTime Task -> %ProgramFiles%\K-Lite Codec Pack\QuickTime\QTTask.exe ["C:\Archivos de programa\K-Lite Codec Pack\QuickTime\QTTask.exe" -atboottime] -> Apple Inc. [Ver = 7.3 | Size = 286720 bytes | Modified Date = 11/14/2007 11:43:10 PM | Attr =	]
RemoteControl -> %ProgramFiles%\CyberLink\PowerDVD\PDVDServ.exe ["C:\Archivos de programa\CyberLink\PowerDVD\PDVDServ.exe"] -> Cyberlink Corp. [Ver = 7.00.2114 | Size = 29696 bytes | Modified Date = 9/18/2006 11:08:56 AM | Attr =	]
SigmatelSysTrayApp -> %SystemRoot%\stsystra.exe [stsystra.exe] -> SigmaTel, Inc. [Ver = 1.0.5511.0  nd595 cp1 | Size = 405504 bytes | Modified Date = 5/6/2007 5:10:52 PM | Attr =	]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_06\bin\jusched.exe ["C:\Archivos de programa\Java\jre1.6.0_06\bin\jusched.exe"] -> Sun Microsystems, Inc. [Ver = 6.0.60.2 | Size = 144784 bytes | Modified Date = 3/25/2008 4:28:02 AM | Attr =	]
< OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> 
IMAIL-> Installed = 1 -> 
MAPI-> Installed = 1 -> 
MSFS-> Installed = 1 -> 
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
Yahoo! Pager -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe ["C:\Archivos de programa\Yahoo!\Messenger\YahooMessenger.exe" -quiet] -> Yahoo! Inc. [Ver = 8,1,0,421 | Size = 4670704 bytes | Modified Date = 8/30/2007 5:43:18 PM | Attr =	]
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Menú Inicio\Programas\Inicio -> 
%AllUsersProfile%\Menú Inicio\Programas\Inicio\Digital Line Detect.lnk -> %ProgramFiles%\Digital Line Detect\DLG.exe -> Avanquest Software  [Ver = 1, 0, 0, 2 | Size = 50688 bytes | Modified Date = 11/3/2006 6:02:14 PM | Attr =	]
< Personal Startup Folder > -> C:\Documents and Settings\Personal\Menú Inicio\Programas\Inicio -> 
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs -> 
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls -> 
cru629.dat攀敲ǹȈ5.1 ->  -> File not found
avgrsstx.dll -> %SystemRoot%\system32\avgrsstx.dll -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.80 | Size = 10520 bytes | Modified Date = 6/19/2008 2:59:18 PM | Attr =	]
*MultiFile Done* -> -> 
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> 
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 0 -> 
< CDROM Autorun Settings > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\ -> ->
*DependOnGroup* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DependOnGroup -> 
SCSI miniport ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Group -> SCSI CDROM Class -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Start -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Tag -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Type -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DisplayName -> Controlador de CD-ROM -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ImagePath -> %SystemRoot%\system32\drivers\cdrom.sys [system32\DRIVERS\cdrom.sys] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 49536 bytes | Modified Date = 8/3/2004 9:59:54 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun -> 1 -> 
*AutoRunAlwaysDisable* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRunAlwaysDisable -> 
NEC	 MBR-7	->  -> File not found
NEC	 MBR-7.4  ->  -> File not found
PIONEER CHANGR DRM-1804X ->  -> File not found
PIONEER CD-ROM DRM-6324X ->  -> File not found
PIONEER CD-ROM DRM-624X  ->  -> File not found
TORiSAN CD-ROM CDR_C36 ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\0 -> IDE\CdRomPIONEER_DVD+-RW_DR-K17Y_________________0.96____\47_04447304c333238325736204c202020202020 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\Count -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\NextInstance -> 1 -> 
< Drives - Autoruns > ->  -> 
AUTOEXEC.BAT [] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] ->  [Ver =  | Size = 0 bytes | Modified Date = 11/21/2007 6:54:12 PM | Attr =	]
< HOSTS File > (792 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> 
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://www.google.com/ie -> 
HKEY_LOCAL_MACHINE\: Main\\Local Page -> C:\windows\system32\blank.htm -> 
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://www.google.com -> 
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.google.com -> 
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> 
HKEY_LOCAL_MACHINE\: Search\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://www.google.com -> 
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
HKEY_CURRENT_USER\: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_CURRENT_USER\: Main\\Local Page -> C:\windows\system32\blank.htm -> 
HKEY_CURRENT_USER\: Main\\Search Bar -> http://www.google.com/ie -> 
HKEY_CURRENT_USER\: Main\\Search Page -> http://www.google.com -> 
HKEY_CURRENT_USER\: Main\\Start Page -> http://www.google.com -> 
HKEY_CURRENT_USER\: Search\\SearchAssistant -> http://www.google.com -> 
HKEY_CURRENT_USER\: SearchURL\\ -> http://home.microsoft.com/access/autosearch.asp?p=%s[] -> 
HKEY_CURRENT_USER\: URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2006, 10, 26, 1 | Size = 440384 bytes | Modified Date = 10/26/2006 10:28:40 AM | Attr =	]
HKEY_CURRENT_USER\: ProxyEnable -> 0 -> 
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 
1 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AVG\AVG8\avgssie.dll [AVG Safe Search] -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.90 | Size = 419096 bytes | Modified Date = 6/19/2008 2:59:05 PM | Attr =	]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_06\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.60.2 | Size = 509328 bytes | Modified Date = 3/25/2008 4:28:01 AM | Attr =	]
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2006, 10, 26, 1 | Size = 440384 bytes | Modified Date = 10/26/2006 10:28:40 AM | Attr =	]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> 
WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2006, 10, 26, 1 | Size = 440384 bytes | Modified Date = 10/26/2006 10:28:40 AM | Attr =	]
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_06\bin\npjpi160_06.dll [Consola de Sun Java] -> Sun Microsystems, Inc. [Ver = 6.0.60.2 | Size = 132496 bytes | Modified Date = 3/25/2008 4:28:01 AM | Attr =	]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_06\bin\ssv.dll [Consola de Sun Java] -> Sun Microsystems, Inc. [Ver = 6.0.60.2 | Size = 509328 bytes | Modified Date = 3/25/2008 4:28:01 AM | Attr =	]
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search && Destroy Configuration] -> Safer Networking Limited [Ver = 1, 5, 0, 11 | Size = 1554256 bytes | Modified Date = 1/28/2008 11:43:28 AM | Attr =	]
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_06\bin\npjpi160_06.dll [Consola de Sun Java] -> Sun Microsystems, Inc. [Ver = 6.0.60.2 | Size = 132496 bytes | Modified Date = 3/25/2008 4:28:01 AM | Attr =	]
CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search && Destroy Configuration] -> Safer Networking Limited [Ver = 1, 5, 0, 11 | Size = 1554256 bytes | Modified Date = 1/28/2008 11:43:28 AM | Attr =	]
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 
< User Agent Post Platform [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform -> 
SV1 ->  -> 
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{5D5B1E1E-2523-49D6-9CB8-E603DEA9607A} -> 208.67.220.220,208.67.222.222	(Tarjeta Mini-PCI de red inalámbrica WLAN 1390 de Dell) -> 
{790D4AB9-0AD5-4133-952F-4BE0DFF6AA4F} -> 208.67.220.220,208.67.222.222	(Broadcom 440x 10/100 Integrated Controller) -> 
{F81C05E6-7E35-4EC0-99D2-308CAA975C81} -> 208.67.220.220,208.67.222.222	(Adaptador de red 1394) -> 
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> 
ipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
linkscanner:{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AVG\AVG8\avgpp.dll[XPLPPFilter Class] -> AVG Technologies CZ, s.r.o. [Ver =  | Size = 79128 bytes | Modified Date = 6/19/2008 2:59:08 PM | Attr =	]
msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab[Java Plug-in 1.6.0_06] -> 
{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab[Java Plug-in 1.6.0_06] -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab[Java Plug-in 1.6.0_06] -> 
{D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab[Shockwave Flash Object] -> 
< Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/FP_AX_CAB_INSTALLER.exe\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/FP_AX_CAB_INSTALLER.exe\\.Owner -> {D27CDB6E-AE6D-11CF-96B8-444553540000} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/FP_AX_CAB_INSTALLER.exe\\{D27CDB6E-AE6D-11CF-96B8-444553540000} ->  -> 



[Files/Folders - Created Within 30 days]
$AVG8.VAULT$ -> %SystemDrive%\$AVG8.VAULT$ ->  [Folder | Created Date = 6/19/2008 3:28:57 PM | Attr =  H ]
ComboFix -> %SystemDrive%\ComboFix ->  [Folder | Created Date = 6/19/2008 3:32:35 PM | Attr =	]
Deckard -> %SystemDrive%\Deckard ->  [Folder | Created Date = 6/18/2008 6:16:31 PM | Attr =	]
VundoFix Backups -> %SystemDrive%\VundoFix Backups ->  [Folder | Created Date = 6/19/2008 2:00:58 PM | Attr =	]
Avg -> %SystemRoot%\System32\drivers\Avg ->  [Folder | Created Date = 6/19/2008 2:59:08 PM | Attr =	]
avi7.avg -> %SystemRoot%\System32\drivers\Avg\avi7.avg ->  [Ver =  | Size = 6061540 bytes | Created Date = 6/19/2008 2:59:08 PM | Attr =	]
incavi.avm -> %SystemRoot%\System32\drivers\Avg\incavi.avm ->  [Ver =  | Size = 24834468 bytes | Created Date = 6/19/2008 2:59:08 PM | Attr =	]
microavi.avg -> %SystemRoot%\System32\drivers\Avg\microavi.avg ->  [Ver =  | Size = 17624 bytes | Created Date = 6/19/2008 2:59:08 PM | Attr =	]
miniavi.avg -> %SystemRoot%\System32\drivers\Avg\miniavi.avg ->  [Ver =  | Size = 116658 bytes | Created Date = 6/19/2008 2:59:08 PM | Attr =	]
avgldx86.sys -> %SystemRoot%\System32\drivers\avgldx86.sys -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.58 | Size = 96520 bytes | Created Date = 6/19/2008 2:59:13 PM | Attr =	]
avgmfx86.sys -> %SystemRoot%\System32\drivers\avgmfx86.sys -> GRISOFT, s.r.o. [Ver = 8.0.0.46 | Size = 26184 bytes | Created Date = 6/19/2008 2:59:10 PM | Attr =	]
avgtdix.sys -> %SystemRoot%\System32\drivers\avgtdix.sys -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.87 | Size = 75272 bytes | Created Date = 6/19/2008 2:59:18 PM | Attr =	]
mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys ->  [Ver =  | Size = 15864 bytes | Created Date = 6/19/2008 1:28:21 PM | Attr =	]
mbamcatchme.sys -> %SystemRoot%\System32\drivers\mbamcatchme.sys ->  [Ver =  | Size = 34296 bytes | Created Date = 6/19/2008 1:28:21 PM | Attr =	]
appmgmt -> %SystemRoot%\System32\appmgmt ->  [Folder | Created Date = 6/13/2008 12:16:33 PM | Attr =	]
1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
avgrsstx.dll -> %SystemRoot%\System32\avgrsstx.dll -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.80 | Size = 10520 bytes | Created Date = 6/19/2008 2:59:18 PM | Attr =	]
dumphive.exe -> %SystemRoot%\System32\dumphive.exe ->  [Ver =  | Size = 51200 bytes | Created Date = 6/16/2008 6:15:19 PM | Attr =	]
IEDFix.exe -> %SystemRoot%\System32\IEDFix.exe -> S!Ri.URZ [Ver =  | Size = 82432 bytes | Created Date = 6/16/2008 6:15:19 PM | Attr =	]
java.exe -> %SystemRoot%\System32\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.60.2 | Size = 135168 bytes | Created Date = 6/23/2008 4:23:13 PM | Attr =	]
javacpl.cpl -> %SystemRoot%\System32\javacpl.cpl -> Sun Microsystems, Inc. [Ver = 6.0.60.2 | Size = 69632 bytes | Created Date = 6/23/2008 4:23:13 PM | Attr =	]
javaw.exe -> %SystemRoot%\System32\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.60.2 | Size = 135168 bytes | Created Date = 6/23/2008 4:23:13 PM | Attr =	]
javaws.exe -> %SystemRoot%\System32\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.60.2 | Size = 139264 bytes | Created Date = 6/23/2008 4:23:13 PM | Attr =	]
Process.exe -> %SystemRoot%\System32\Process.exe -> http://www.beyondlogic.org [Ver = 2, 0, 0, 0 | Size = 53248 bytes | Created Date = 6/16/2008 6:15:19 PM | Attr =	]
SrchSTS.exe -> %SystemRoot%\System32\SrchSTS.exe -> S!Ri [Ver =  | Size = 288417 bytes | Created Date = 6/16/2008 6:15:19 PM | Attr =	]
swreg.exe -> %SystemRoot%\System32\swreg.exe -> SteelWerX [Ver = 2.0.1.0 | Size = 135168 bytes | Created Date = 6/16/2008 6:15:19 PM | Attr =	]
swsc.exe -> %SystemRoot%\System32\swsc.exe ->  [Ver =  | Size = 40960 bytes | Created Date = 6/16/2008 6:15:19 PM | Attr =	]
swxcacls.exe -> %SystemRoot%\System32\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 79360 bytes | Created Date = 6/16/2008 6:15:19 PM | Attr =	]
tmp.reg -> %SystemRoot%\System32\tmp.reg ->  [Ver =  | Size = 2868 bytes | Created Date = 6/16/2008 6:06:34 PM | Attr =	]
VACFix.exe -> %SystemRoot%\System32\VACFix.exe -> S!Ri.URZ [Ver =  | Size = 86528 bytes | Created Date = 6/16/2008 6:15:20 PM | Attr =	]
VCCLSID.exe -> %SystemRoot%\System32\VCCLSID.exe -> S!Ri [Ver =  | Size = 289144 bytes | Created Date = 6/16/2008 6:15:19 PM | Attr =	]
WS2Fix.exe -> %SystemRoot%\System32\WS2Fix.exe ->  [Ver =  | Size = 25600 bytes | Created Date = 6/16/2008 6:15:19 PM | Attr =	]
ERDNT -> %SystemRoot%\ERDNT ->  [Folder | Created Date = 6/18/2008 6:16:45 PM | Attr =	]
3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 

[Files/Folders - Modified Within 30 days]
$AVG8.VAULT$ -> %SystemDrive%\$AVG8.VAULT$ ->  [Folder | Modified Date = 6/23/2008 11:54:40 AM | Attr =  H ]
Archivos de programa -> %ProgramFiles% ->  [Folder | Modified Date = 6/19/2008 1:28:21 PM | Attr = R  ]
ComboFix -> %SystemDrive%\ComboFix ->  [Folder | Modified Date = 6/19/2008 3:32:37 PM | Attr =	]
Deckard -> %SystemDrive%\Deckard ->  [Folder | Modified Date = 6/18/2008 6:16:31 PM | Attr =	]
VundoFix Backups -> %SystemDrive%\VundoFix Backups ->  [Folder | Modified Date = 6/19/2008 2:00:58 PM | Attr =	]
WINDOWS -> %SystemRoot% ->  [Folder | Modified Date = 6/23/2008 11:20:10 AM | Attr =	]
Avg -> %SystemRoot%\System32\drivers\Avg ->  [Folder | Modified Date = 6/23/2008 9:18:00 AM | Attr =	]
avi7.avg -> %SystemRoot%\System32\drivers\Avg\avi7.avg ->  [Ver =  | Size = 6061540 bytes | Modified Date = 6/19/2008 3:01:42 PM | Attr =	]
incavi.avm -> %SystemRoot%\System32\drivers\Avg\incavi.avm ->  [Ver =  | Size = 24834468 bytes | Modified Date = 6/23/2008 9:17:59 AM | Attr =	]
microavi.avg -> %SystemRoot%\System32\drivers\Avg\microavi.avg ->  [Ver =  | Size = 17624 bytes | Modified Date = 6/19/2008 3:01:42 PM | Attr =	]
miniavi.avg -> %SystemRoot%\System32\drivers\Avg\miniavi.avg ->  [Ver =  | Size = 116658 bytes | Modified Date = 6/19/2008 3:01:42 PM | Attr =	]
avgldx86.sys -> %SystemRoot%\System32\drivers\avgldx86.sys -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.58 | Size = 96520 bytes | Modified Date = 6/19/2008 2:59:13 PM | Attr =	]
avgmfx86.sys -> %SystemRoot%\System32\drivers\avgmfx86.sys -> GRISOFT, s.r.o. [Ver = 8.0.0.46 | Size = 26184 bytes | Modified Date = 6/19/2008 2:59:10 PM | Attr =	]
avgtdix.sys -> %SystemRoot%\System32\drivers\avgtdix.sys -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.87 | Size = 75272 bytes | Modified Date = 6/19/2008 2:59:18 PM | Attr =	]
mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys ->  [Ver =  | Size = 15864 bytes | Modified Date = 6/10/2008 7:02:40 PM | Attr =	]
mbamcatchme.sys -> %SystemRoot%\System32\drivers\mbamcatchme.sys ->  [Ver =  | Size = 34296 bytes | Modified Date = 6/10/2008 7:02:44 PM | Attr =	]
appmgmt -> %SystemRoot%\System32\appmgmt ->  [Folder | Modified Date = 6/13/2008 12:16:33 PM | Attr =	]
1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
avgrsstx.dll -> %SystemRoot%\System32\avgrsstx.dll -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.80 | Size = 10520 bytes | Modified Date = 6/19/2008 2:59:18 PM | Attr =	]
CatRoot2 -> %SystemRoot%\System32\CatRoot2 ->  [Folder | Modified Date = 6/19/2008 1:51:34 PM | Attr =	]
DllCache -> %SystemRoot%\System32\DllCache ->  [Folder | Modified Date = 6/19/2008 3:28:57 PM | Attr =	]
drivers -> %SystemRoot%\System32\drivers ->  [Folder | Modified Date = 6/19/2008 2:59:18 PM | Attr =	]
nvModes.001 -> %SystemRoot%\System32\nvModes.001 ->  [Ver =  | Size = 66204 bytes | Modified Date = 6/23/2008 3:14:51 PM | Attr =	]
nvModes.dat -> %SystemRoot%\System32\nvModes.dat ->  [Ver =  | Size = 66204 bytes | Modified Date = 6/11/2008 11:14:31 PM | Attr =	]
perfc009.dat -> %SystemRoot%\System32\perfc009.dat ->  [Ver =  | Size = 41170 bytes | Modified Date = 6/19/2008 1:47:51 PM | Attr =	]
perfc00A.dat -> %SystemRoot%\System32\perfc00A.dat ->  [Ver =  | Size = 52638 bytes | Modified Date = 6/19/2008 1:47:51 PM | Attr =	]
perfh009.dat -> %SystemRoot%\System32\perfh009.dat ->  [Ver =  | Size = 314842 bytes | Modified Date = 6/19/2008 1:47:51 PM | Attr =	]
perfh00A.dat -> %SystemRoot%\System32\perfh00A.dat ->  [Ver =  | Size = 366370 bytes | Modified Date = 6/19/2008 1:47:51 PM | Attr =	]
PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI ->  [Ver =  | Size = 781080 bytes | Modified Date = 6/19/2008 1:47:51 PM | Attr =	]
tmp.reg -> %SystemRoot%\System32\tmp.reg ->  [Ver =  | Size = 2868 bytes | Modified Date = 6/16/2008 6:15:44 PM | Attr =	]
wpa.dbl -> %SystemRoot%\System32\wpa.dbl ->  [Ver =  | Size = 2206 bytes | Modified Date = 6/18/2008 12:55:35 PM | Attr =	]
bootstat.dat -> %SystemRoot%\bootstat.dat ->  [Ver =  | Size = 2048 bytes | Modified Date = 6/19/2008 1:35:03 PM | Attr =   S]
Debug -> %SystemRoot%\Debug ->  [Folder | Modified Date = 6/16/2008 5:44:40 PM | Attr =	]
3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files ->  [Folder | Modified Date = 6/18/2008 6:17:12 PM | Attr =   S]
ERDNT -> %SystemRoot%\ERDNT ->  [Folder | Modified Date = 6/18/2008 6:16:45 PM | Attr =	]
Help -> %SystemRoot%\Help ->  [Folder | Modified Date = 6/9/2008 10:23:30 PM | Attr =	]
Installer -> %SystemRoot%\Installer ->  [Folder | Modified Date = 6/23/2008 4:23:15 PM | Attr =  HS]
Prefetch -> %SystemRoot%\Prefetch ->  [Folder | Modified Date = 6/23/2008 4:25:23 PM | Attr =	]
QTFont.qfn -> %SystemRoot%\QTFont.qfn ->  [Ver =  | Size = 54156 bytes | Modified Date = 6/19/2008 1:46:50 PM | Attr =  H ]
security -> %SystemRoot%\security ->  [Folder | Modified Date = 6/16/2008 5:46:45 PM | Attr =	]
system32 -> %SystemRoot%\system32 ->  [Folder | Modified Date = 6/23/2008 4:23:13 PM | Attr =	]
Temp -> %SystemRoot%\Temp ->  [Folder | Modified Date = 6/23/2008 4:27:58 PM | Attr =	]
AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job ->  [Ver =  | Size = 298 bytes | Modified Date = 6/9/2008 3:30:01 PM | Attr =	]
SA.DAT -> %SystemRoot%\tasks\SA.DAT ->  [Ver =  | Size = 6 bytes | Modified Date = 6/19/2008 1:35:05 PM | Attr =  H ]
Symantec NetDetect.job -> %SystemRoot%\tasks\Symantec NetDetect.job ->  [Ver =  | Size = 446 bytes | Modified Date = 6/23/2008 4:16:16 PM | Attr =	]
C:\Documents and Settings\All Users\Datos de programa\Microsoft\OFFICE\DATA\ -> C:\Documents and Settings\All Users\Datos de programa\Microsoft\OFFICE\DATA ->  [Folder | Modified Date = 12/20/2007 1:45:40 PM | Attr =	]
opa12.dat -> C:\Documents and Settings\All Users\Datos de programa\Microsoft\OFFICE\DATA\opa12.dat ->  [Ver =  | Size = 8206 bytes | Modified Date = 11/21/2007 1:44:21 PM | Attr =	]
C:\Documents and Settings\Personal\Configuración local\Temp\~exbwxly.tmp\ -> C:\Documents and Settings\Personal\Configuración local\Temp\~exbwxly.tmp\ ->  [Folder | Modified Date = 6/23/2008 11:23:16 AM | Attr =  H ]
md5deep.exe -> C:\Documents and Settings\Personal\Configuración local\Temp\~exbwxly.tmp\md5deep.exe ->  [Ver =  | Size = 21504 bytes | Modified Date = 7/29/2007 8:23:07 PM | Attr =	]
sed.exe -> C:\Documents and Settings\Personal\Configuración local\Temp\~exbwxly.tmp\sed.exe ->  [Ver =  | Size = 37376 bytes | Modified Date = 7/29/2007 8:23:07 PM | Attr =	]
swreg.exe -> C:\Documents and Settings\Personal\Configuración local\Temp\~exbwxly.tmp\swreg.exe -> SteelWerX [Ver = 2.0.2.0 | Size = 119296 bytes | Modified Date = 7/29/2007 8:23:07 PM | Attr =	]
C:\Documents and Settings\Personal\Configuración local\Temp\jkos-Personal\binaries\ -> C:\Documents and Settings\Personal\Configuración local\Temp\jkos-Personal\binaries ->  [Folder | Modified Date = 6/23/2008 11:39:24 AM | Attr =	]
ScanningProcess.exe -> C:\Documents and Settings\Personal\Configuración local\Temp\jkos-Personal\binaries\ScanningProcess.exe -> Kaspersky Lab. [Ver = 5, 0, 1, 86 | Size = 139264 bytes | Modified Date = 6/23/2008 11:39:23 AM | Attr =	]
C:\Documents and Settings\Personal\Configuración local\Temp\~exbwxly.tmp\ -> C:\Documents and Settings\Personal\Configuración local\Temp\~exbwxly.tmp\ ->  [Folder | Modified Date = 6/23/2008 11:23:16 AM | Attr =  H ]
dss.dll -> C:\Documents and Settings\Personal\Configuración local\Temp\~exbwxly.tmp\dss.dll ->  [Ver =  | Size = 37888 bytes | Modified Date = 10/14/2007 12:42:28 AM | Attr =	]
C:\Documents and Settings\Personal\Configuración local\Temp\jkos-Personal\binaries\ -> C:\Documents and Settings\Personal\Configuración local\Temp\jkos-Personal\binaries ->  [Folder | Modified Date = 6/23/2008 11:39:24 AM | Attr =	]
FSSync.dll -> C:\Documents and Settings\Personal\Configuración local\Temp\jkos-Personal\binaries\FSSync.dll -> Kaspersky Lab [Ver = 6.0.5.678 | Size = 38400 bytes | Modified Date = 6/23/2008 11:39:23 AM | Attr =	]
ikave.dll -> C:\Documents and Settings\Personal\Configuración local\Temp\jkos-Personal\binaries\ikave.dll ->  [Ver = 5, 0, 1, 83 | Size = 65536 bytes | Modified Date = 6/23/2008 11:39:23 AM | Attr =	]
kave.dll -> C:\Documents and Settings\Personal\Configuración local\Temp\jkos-Personal\binaries\kave.dll -> Kaspersky Lab. [Ver = 5, 0, 1, 86 | Size = 282624 bytes | Modified Date = 6/23/2008 11:39:23 AM | Attr =	]
kosglue-7.0.25.0.dll -> C:\Documents and Settings\Personal\Configuración local\Temp\jkos-Personal\binaries\kosglue-7.0.25.0.dll -> Kaspersky Lab [Ver = 7.0.25.0 | Size = 729152 bytes | Modified Date = 6/23/2008 11:39:22 AM | Attr =	]
msvcm80.dll -> C:\Documents and Settings\Personal\Configuración local\Temp\jkos-Personal\binaries\msvcm80.dll -> Microsoft Corporation [Ver = 8.00.50727.42 | Size = 479232 bytes | Modified Date = 6/23/2008 11:39:22 AM | Attr =	]
msvcp80.dll -> C:\Documents and Settings\Personal\Configuración local\Temp\jkos-Personal\binaries\msvcp80.dll -> Microsoft Corporation [Ver = 8.00.50727.42 | Size = 548864 bytes | Modified Date = 6/23/2008 11:39:23 AM | Attr =	]
msvcr80.dll -> C:\Documents and Settings\Personal\Configuración local\Temp\jkos-Personal\binaries\msvcr80.dll -> Microsoft Corporation [Ver = 8.00.50727.42 | Size = 626688 bytes | Modified Date = 6/23/2008 11:39:23 AM | Attr =	]
prLoader.dll -> C:\Documents and Settings\Personal\Configuración local\Temp\jkos-Personal\binaries\prLoader.dll -> Kaspersky Lab [Ver = 6.0.2.678 | Size = 184320 bytes | Modified Date = 6/23/2008 11:39:23 AM | Attr =	]
prremote.dll -> C:\Documents and Settings\Personal\Configuración local\Temp\jkos-Personal\binaries\prremote.dll -> Kaspersky Lab [Ver = 6.0.2.678 | Size = 90112 bytes | Modified Date = 6/23/2008 11:39:23 AM | Attr =	]
C:\Documents and Settings\Personal\Configuración local\Temp\ -> C:\Documents and Settings\Personal\Configuración local\Temp ->  [Folder | Modified Date = 6/23/2008 4:23:56 PM | Attr =	]
Perflib_Perfdata_e4c.dat -> C:\Documents and Settings\Personal\Configuración local\Temp\Perflib_Perfdata_e4c.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 6/23/2008 4:18:11 PM | Attr =	]
1 C:\Documents and Settings\Personal\Configuración local\Temp\*.tmp files -> C:\Documents and Settings\Personal\Configuración local\Temp\*.tmp -> 
C:\Documents and Settings\Personal\Configuración local\Temp\jkos-Personal\engine\bases\ -> C:\Documents and Settings\Personal\Configuración local\Temp\jkos-Personal\engine\bases ->  [Folder | Modified Date = 6/23/2008 11:44:36 AM | Attr =	]
sfdb.dat -> C:\Documents and Settings\Personal\Configuración local\Temp\jkos-Personal\engine\bases\sfdb.dat ->  [Ver =  | Size = 84 bytes | Modified Date = 6/23/2008 11:44:37 AM | Attr =	]
C:\Documents and Settings\Personal\Configuración local\Temp\jkos-Personal\binaries\ -> C:\Documents and Settings\Personal\Configuración local\Temp\jkos-Personal\binaries ->  [Folder | Modified Date = 6/23/2008 11:39:24 AM | Attr =	]
_kave.ini -> C:\Documents and Settings\Personal\Configuración local\Temp\jkos-Personal\binaries\_kave.ini ->  [Ver =  | Size = 102 bytes | Modified Date = 6/23/2008 11:39:23 AM | Attr =	]
C:\Documents and Settings\Personal\Configuración local\Temp\jkos-Personal\engine\bases\ -> C:\Documents and Settings\Personal\Configuración local\Temp\jkos-Personal\engine\bases ->  [Folder | Modified Date = 6/23/2008 11:44:36 AM | Attr =	]
verdicts.ini -> C:\Documents and Settings\Personal\Configuración local\Temp\jkos-Personal\engine\bases\verdicts.ini ->  [Ver =  | Size = 4181 bytes | Modified Date = 6/23/2008 11:44:24 AM | Attr =	]

< End of report >

Thanks again,

Daimeion

#6 Simon V.

Simon V.

  • Members
  • 439 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:06 PM

Posted 23 June 2008 - 05:57 PM

Hi :thumbsup:

Start OTScanIt. Copy/Paste the information in the quotebox below into the pane where it says Paste Fix Here and then click the Run Fix button.

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> C:\WINDOWS\system32\kdlqj.exe -> %SystemRoot%\system32\kdlqj.exe [C:\WINDOWS\system32\kdlqj.exe]
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls
YN -> cru629.dat攀敲ǹȈ5.1 -> 
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
YN -> WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
[Reboot]

The fix should only take a very short time and then you will be asked if you want to reboot. Choose Yes.

In your next reply, please post a new HijackThis log and let me know how everything is running.
Simon V.

Posted Image
Posted Image

So How Did I Get Infected In The First Place?
Stand Up and Be Counted!

My help at this forum is free, but if you wish to make a donation to help me continue the fight against malware - click here.

#7 Daimeion

Daimeion
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:02:06 AM

Posted 23 June 2008 - 06:30 PM

That fix went fine, and PC is running much better! AVG isn't sounding an alarm every 15 minutes. Here's the HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:07:22 PM, on 6/23/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\ARCHIV~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\ARCHIV~1\AVG\AVG8\avgrsx.exe
C:\ARCHIV~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\Archivos de programa\iTunes\iTunesHelper.exe
C:\Archivos de programa\CyberLink\PowerDVD\PDVDServ.exe
C:\Archivos de programa\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\ARCHIV~1\AVG\AVG8\avgtray.exe
C:\Archivos de programa\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Archivos de programa\Messenger\msmsgs.exe
C:\Archivos de programa\Digital Line Detect\DLG.exe
C:\Archivos de programa\Yahoo!\Messenger\ymsgr_tray.exe
C:\Archivos de programa\iPod\bin\iPodService.exe
C:\Archivos de programa\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Archivos de programa\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Archivos de programa\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Archivos de programa\Java\jre1.6.0_06\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Archivos de programa\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Archivos de programa\K-Lite Codec Pack\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Archivos de programa\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Archivos de programa\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Archivos de programa\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Archivos de programa\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARCHIV~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Archivos de programa\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Archivos de programa\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Archivos de programa\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Servicio de red')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Recorte de pantalla e Inicio rápido de OneNote 2007.lnk = C:\Archivos de programa\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Digital Line Detect.lnk = C:\Archivos de programa\Digital Line Detect\DLG.exe
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARCHIV~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARCHIV~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Archivos de programa\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Archivos de programa\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{5D5B1E1E-2523-49D6-9CB8-E603DEA9607A}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{790D4AB9-0AD5-4133-952F-4BE0DFF6AA4F}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{F81C05E6-7E35-4EC0-99D2-308CAA975C81}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\..\{5D5B1E1E-2523-49D6-9CB8-E603DEA9607A}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\..\{5D5B1E1E-2523-49D6-9CB8-E603DEA9607A}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARCHIV~1\MICROS~1\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Archivos de programa\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\ARCHIV~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARCHIV~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Servicio del iPod (iPod Service) - Apple Inc. - C:\Archivos de programa\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 7209 bytes

Thanks,

Daimeion

#8 Simon V.

Simon V.

  • Members
  • 439 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:06 PM

Posted 24 June 2008 - 04:40 AM

Hi :thumbsup:

Congratulations, your log looks clean. Please advise of any problems you are still experiencing, or follow these simple steps to keep your computer clean in the future:

You can now delete the following program(s):
  • Deckard's System Scanner
  • OTScanIt
Disable and Enable System Restore - If you are using Windows ME or XP then you should disable and re-enable system restore to make sure there are no infected files found in a restore point.

Step 1: Turn off System Restore:
  • On the desktop, right-click My Computer
  • Click Properties
  • Click the System Restore tab
  • Check Turn off System Restore
  • Click Apply, and then click OK
Step 2: Reboot your computer.

Step 3: Turn on System Restore:
  • On the desktop, right-click My Computer
  • Click Properties
  • Click the System Restore tab
  • Uncheck Turn off System Restore
  • Click Apply, and then click OK
Note: Only do this once, NOT on a regular basis!

Make your Internet Explorer More Secure
  • From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab.
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
  • Change the Download signed ActiveX controls to Prompt.
  • Change the Download unsigned ActiveX controls to Disable.
  • Change the Initialise and script ActiveX controls not marked as safe to Disable.
  • Change the Installation of desktop items to Prompt.
  • Change the Launching programs and files in an IFRAME to Prompt.
  • Change the Navigate sub-frames across different domains to Prompt.
  • When all these settings have been made, click on the OK button.
  • If it prompts you as to whether or not you want to save the settings, press the Yes button.
  • Next press the Apply button and then the OK to exit the Internet Properties page.
Use a Firewall - Without a firewall your computer is susceptible to being hacked and taken over. The Windows firewall isn't sufficient as it only monitors incoming connections.

Here are a few (free) firewalls, please download and install one of them:
Visit Microsoft's Update Site Frequently - It is important that you visit http://update.microsoft.com/ regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

Install WinPatrol - An excellent startup manager, notifies you if programs are added to startup, allows delayed startup, ... A must have! An installation guide can be found here: http://www.winpatrol.com/download.html

Install Malwarebytes' Anti-Malware - You should scan your computer with the program on a regular basis just as you would with your anti-virus software. You can download the program here: http://www.malwarebytes.org/mbam.php

Install SpywareBlaster - SpywareBlaster will add a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs. A tutorial can be found here: http://www.bleepingcomputer.com/tutorials/use-spywareblaster-to-protect-your-computer/

Update All Your Security Programs Regularly - Make sure you update all your security programs (Anti-Virus, Firewall, Anti-Spyware) regularly (once a weak, at least). Without regular updates you WILL NOT be protected when new malicious programs are released.

You can also read this excellent article by TonyKlein: So how did I get infected in the first place?

Follow this list and your potential for being infected again will reduce dramatically.
Simon V.

Posted Image
Posted Image

So How Did I Get Infected In The First Place?
Stand Up and Be Counted!

My help at this forum is free, but if you wish to make a donation to help me continue the fight against malware - click here.

#9 Daimeion

Daimeion
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:02:06 AM

Posted 26 June 2008 - 04:17 PM

Thanks Simon V! System is running great now. Do you take donations?

#10 Simon V.

Simon V.

  • Members
  • 439 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:06 PM

Posted 27 June 2008 - 10:43 AM

Hi :thumbsup:

Thanks Simon V! System is running great now. Do you take donations?

Yes, please click here if you wish to make a donation.
Simon V.

Posted Image
Posted Image

So How Did I Get Infected In The First Place?
Stand Up and Be Counted!

My help at this forum is free, but if you wish to make a donation to help me continue the fight against malware - click here.

#11 Simon V.

Simon V.

  • Members
  • 439 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:06 PM

Posted 02 July 2008 - 02:50 PM

Since this issue appears to be resolved ... this topic has been closed. Glad we could be of assistance.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a new topic.
Simon V.

Posted Image
Posted Image

So How Did I Get Infected In The First Place?
Stand Up and Be Counted!

My help at this forum is free, but if you wish to make a donation to help me continue the fight against malware - click here.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users