Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Please Help! Major Hijack!


  • This topic is locked This topic is locked
11 replies to this topic

#1 Nema

Nema

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:41 PM

Posted 14 July 2008 - 01:41 AM

UPDATE: Multiple problems had begun to inflict my computer, but after reading through the forums and seeing others with similar problems, I installed and ran some recommended programs. Since then, all problems appear to have perished, but I am no computer pro so I want to make sure. Thanks for your help, and the continuous help the lot of you give out to people around the world.


One quick question: Is RegistryFix unreliable? Spybot detects it as a problem. What is the difference between Combofix and HijackThis?


Well, that is all. Thanks a lot for all your help!


I wanted to be as thorough as possible, so here are all the latest logs copy and pasted after realizing Attachments aren't favored. For ease of navigation I made a table of contents use Ctrl+F to search faster:

Contents

Deckards System Scan [DSSL]
Malwarebytes^ Anti-Malware [MBAL]
Spybot Search and Destroy [SSDL]
Kaspersky Internet Security [KSPR] (still pending copy paste, the log is too long due to detected vulnerabilities, what can I do?)


NOTE: I am using the latest versions of the above programs.




Deckard logs [DSSL]:


Deckard's System Scanner v20071014.68
Run by Administrador on 2008-07-14 13:16:48
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Administrador.exe) ---------------------------------------

logfile has no content; running clone.
-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-07-14 13:19:06
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Normal

Running processes:
F:\WINDOWS\system32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\WINDOWS\explorer.exe
F:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATIACL.EXE
F:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
F:\Archivos de programa\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
F:\Archivos de programa\HP\HP Software Update\hpwuSchd2.exe
F:\Archivos de programa\iTunes\iTunesHelper.exe
F:\Archivos de programa\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
F:\WINDOWS\system32\ctfmon.exe
F:\Archivos de programa\Spybot - Search & Destroy\TeaTimer.exe
F:\WINDOWS\system32\bgsvcgen.exe
F:\Archivos de programa\Bonjour\mDNSResponder.exe
F:\WINDOWS\system32\pctspk.exe
F:\WINDOWS\system32\HPZipm12.exe
F:\Archivos de programa\iPod\bin\iPodService.exe
F:\WINDOWS\system32\svchost.exe
F:\Archivos de programa\HP\HP Software Update\HPWUCli.exe
F:\Archivos de programa\Malwarebytes' Anti-Malware\mbam.exe
F:\WINDOWS\system32\msiexec.exe
F:\WINDOWS\system32\wuauclt.exe
F:\Documents and Settings\Administrador\Escritorio\dss.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://gmail.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {2EB0AA53-D8ED-4C8A-8EFD-5E966BB8B099} - F:\WINDOWS\system32\urqRJAqR.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - F:\Archivos de programa\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - F:\Archivos de programa\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [EPSON Stylus CX3700 Series] F:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACL.EXE /P26 "EPSON Stylus CX3700 Series" /O6 "USB002" /M "Stylus CX3700"
O4 - HKLM\..\Run: [HP Software Update] F:\Archivos de programa\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [iTunesHelper] "F:\Archivos de programa\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVP] "F:\Archivos de programa\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] F:\Archivos de programa\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [msnmsgr] "F:\Archivos de programa\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Skype] "F:\Archivos de programa\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Picasa Media Detector] F:\Archivos de programa\Picasa2\PicasaMediaDetector.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide1] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide2] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,L,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide1] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide2] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,L,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] F:\Archivos de programa\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [ntuser] F:\WINDOWS\system32\drivers\spools.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [autoload] F:\Documents and Settings\LocalService\cftmon.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] F:\Archivos de programa\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [ntuser] F:\WINDOWS\system32\drivers\spools.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [autoload] F:\Documents and Settings\LocalService\cftmon.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Global Startup: VersionTrackerPro.lnk = ?
O8 - Extra context menu item: Add to Banner Ad Blocker - F:\Archivos de programa\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://F:\ARCHIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Archivos de programa\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Archivos de programa\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - (file missing)
O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\Archivos de programa\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\Archivos de programa\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O18 - Protocol: bw+0 - {bcfd6b6e-530a-4d33-8f0d-910ad8bb50b9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {bcfd6b6e-530a-4d33-8f0d-910ad8bb50b9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {bcfd6b6e-530a-4d33-8f0d-910ad8bb50b9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {bcfd6b6e-530a-4d33-8f0d-910ad8bb50b9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {bcfd6b6e-530a-4d33-8f0d-910ad8bb50b9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {bcfd6b6e-530a-4d33-8f0d-910ad8bb50b9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {bcfd6b6e-530a-4d33-8f0d-910ad8bb50b9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {bcfd6b6e-530a-4d33-8f0d-910ad8bb50b9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {bcfd6b6e-530a-4d33-8f0d-910ad8bb50b9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {bcfd6b6e-530a-4d33-8f0d-910ad8bb50b9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {bcfd6b6e-530a-4d33-8f0d-910ad8bb50b9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {bcfd6b6e-530a-4d33-8f0d-910ad8bb50b9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {bcfd6b6e-530a-4d33-8f0d-910ad8bb50b9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {bcfd6b6e-530a-4d33-8f0d-910ad8bb50b9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {bcfd6b6e-530a-4d33-8f0d-910ad8bb50b9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {bcfd6b6e-530a-4d33-8f0d-910ad8bb50b9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {bcfd6b6e-530a-4d33-8f0d-910ad8bb50b9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {bcfd6b6e-530a-4d33-8f0d-910ad8bb50b9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {bcfd6b6e-530a-4d33-8f0d-910ad8bb50b9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {bcfd6b6e-530a-4d33-8f0d-910ad8bb50b9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {bcfd6b6e-530a-4d33-8f0d-910ad8bb50b9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {bcfd6b6e-530a-4d33-8f0d-910ad8bb50b9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {bcfd6b6e-530a-4d33-8f0d-910ad8bb50b9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {bcfd6b6e-530a-4d33-8f0d-910ad8bb50b9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {bcfd6b6e-530a-4d33-8f0d-910ad8bb50b9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {bcfd6b6e-530a-4d33-8f0d-910ad8bb50b9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {bcfd6b6e-530a-4d33-8f0d-910ad8bb50b9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {bcfd6b6e-530a-4d33-8f0d-910ad8bb50b9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {bcfd6b6e-530a-4d33-8f0d-910ad8bb50b9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {bcfd6b6e-530a-4d33-8f0d-910ad8bb50b9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {bcfd6b6e-530a-4d33-8f0d-910ad8bb50b9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {bcfd6b6e-530a-4d33-8f0d-910ad8bb50b9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {bcfd6b6e-530a-4d33-8f0d-910ad8bb50b9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {bcfd6b6e-530a-4d33-8f0d-910ad8bb50b9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {bcfd6b6e-530a-4d33-8f0d-910ad8bb50b9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {bcfd6b6e-530a-4d33-8f0d-910ad8bb50b9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {bcfd6b6e-530a-4d33-8f0d-910ad8bb50b9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {bcfd6b6e-530a-4d33-8f0d-910ad8bb50b9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {bcfd6b6e-530a-4d33-8f0d-910ad8bb50b9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {bcfd6b6e-530a-4d33-8f0d-910ad8bb50b9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {bcfd6b6e-530a-4d33-8f0d-910ad8bb50b9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {bcfd6b6e-530a-4d33-8f0d-910ad8bb50b9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {bcfd6b6e-530a-4d33-8f0d-910ad8bb50b9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {bcfd6b6e-530a-4d33-8f0d-910ad8bb50b9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {bcfd6b6e-530a-4d33-8f0d-910ad8bb50b9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {bcfd6b6e-530a-4d33-8f0d-910ad8bb50b9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {bcfd6b6e-530a-4d33-8f0d-910ad8bb50b9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {bcfd6b6e-530a-4d33-8f0d-910ad8bb50b9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {bcfd6b6e-530a-4d33-8f0d-910ad8bb50b9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {bcfd6b6e-530a-4d33-8f0d-910ad8bb50b9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {bcfd6b6e-530a-4d33-8f0d-910ad8bb50b9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {bcfd6b6e-530a-4d33-8f0d-910ad8bb50b9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {bcfd6b6e-530a-4d33-8f0d-910ad8bb50b9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {bcfd6b6e-530a-4d33-8f0d-910ad8bb50b9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {bcfd6b6e-530a-4d33-8f0d-910ad8bb50b9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {bcfd6b6e-530a-4d33-8f0d-910ad8bb50b9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {bcfd6b6e-530a-4d33-8f0d-910ad8bb50b9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {bcfd6b6e-530a-4d33-8f0d-910ad8bb50b9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {bcfd6b6e-530a-4d33-8f0d-910ad8bb50b9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {bcfd6b6e-530a-4d33-8f0d-910ad8bb50b9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {bcfd6b6e-530a-4d33-8f0d-910ad8bb50b9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {bcfd6b6e-530a-4d33-8f0d-910ad8bb50b9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {bcfd6b6e-530a-4d33-8f0d-910ad8bb50b9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {bcfd6b6e-530a-4d33-8f0d-910ad8bb50b9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {bcfd6b6e-530a-4d33-8f0d-910ad8bb50b9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {bcfd6b6e-530a-4d33-8f0d-910ad8bb50b9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {bcfd6b6e-530a-4d33-8f0d-910ad8bb50b9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {bcfd6b6e-530a-4d33-8f0d-910ad8bb50b9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {bcfd6b6e-530a-4d33-8f0d-910ad8bb50b9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {bcfd6b6e-530a-4d33-8f0d-910ad8bb50b9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {bcfd6b6e-530a-4d33-8f0d-910ad8bb50b9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {bcfd6b6e-530a-4d33-8f0d-910ad8bb50b9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {bcfd6b6e-530a-4d33-8f0d-910ad8bb50b9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {bcfd6b6e-530a-4d33-8f0d-910ad8bb50b9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {bcfd6b6e-530a-4d33-8f0d-910ad8bb50b9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {bcfd6b6e-530a-4d33-8f0d-910ad8bb50b9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - F:\Archivos de programa\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - F:\Archivos de programa\Archivos comunes\Microsoft Shared\Information Retrieval\MSITSS.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - F:\Archivos de programa\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - F:\Archivos de programa\Archivos comunes\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Protocol: offline-8876480 - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - F:\Archivos de programa\Archivos comunes\Skype\Skype4COM.dll
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - F:\Archivos de programa\Archivos comunes\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O20 - AppInit_DLLs: F:\ARCHIV~1\Kaspersky Lab\Kaspersky Internet Security 2009\mzvkbd.dll,F:\ARCHIV~1\Kaspersky Lab\Kaspersky Internet Security 2009\adialhk.dll,F:\ARCHIV~1\Kaspersky Lab\Kaspersky Internet Security 2009\kloehk.dll,
O20 - Winlogon Notify: mlJYoljK - F:\WINDOWS\system32\
O22 - SharedTaskScheduler: Precargador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - F:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Demonio de caché de las categorías de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - F:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - F:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - F:\Archivos de programa\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - F:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: Servicio Bonjour (Bonjour Service) - Apple Inc. - F:\Archivos de programa\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - F:\Archivos de programa\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - F:\Archivos de programa\Archivos comunes\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - F:\Archivos de programa\iPod\bin\iPodService.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - F:\WINDOWS\system32\pctspk.exe
O23 - Service: Pml Driver HPZ12 - HP - F:\WINDOWS\system32\HPZipm12.exe


--
End of file - 22178 bytes

-- Files created between 2008-06-14 and 2008-07-14 -----------------------------

2008-07-14 13:09:35 0 d-------- F:\WINDOWS\LastGood
2008-07-14 09:34:14 0 d-------- F:\Archivos de programa\Malwarebytes' Anti-Malware
2008-07-13 23:52:29 0 d-------- F:\Archivos de programa\RegistryFix
2008-07-08 17:50:48 0 d-------- F:\Archivos de programa\Trend Micro
2008-07-07 12:33:10 0 d-------- F:\Archivos de programa\TechTracker
2008-07-06 22:34:27 96966 --a------ F:\WINDOWS\system32\drivers\klin.dat
2008-07-06 22:34:26 88774 --a------ F:\WINDOWS\system32\drivers\klick.dat
2008-07-06 22:29:55 376864 --ahs---- F:\WINDOWS\system32\drivers\fidbox2.dat
2008-07-06 22:29:55 1512480 --ahs---- F:\WINDOWS\system32\drivers\fidbox.dat
2008-07-06 22:29:55 0 d-------- F:\Archivos de programa\Kaspersky Lab
2008-07-06 20:55:18 28424 --ahs---- F:\WINDOWS\system32\RqAJRqru.ini2
2008-07-06 20:41:07 33408 --a------ F:\WINDOWS\system32\drivers\CDRBSDRV.SYS <Not Verified; B.H.A Corporation; B's Recorder GOLD>
2008-07-06 20:40:26 0 d-------- F:\Archivos de programa\Pegasys Inc
2008-07-06 15:00:44 164352 --a------ F:\WINDOWS\system32\unrar.dll
2008-07-06 15:00:08 217088 --a------ F:\WINDOWS\system32\yv12vfw.dll <Not Verified; www.helixcommunity.org; Helix YV12 YUV Codec>
2008-07-06 15:00:07 159839 --a------ F:\WINDOWS\system32\xvidvfw.dll
2008-07-06 15:00:07 755027 --a------ F:\WINDOWS\system32\xvidcore.dll
2008-07-06 15:00:06 3596288 --a------ F:\WINDOWS\system32\qt-dx331.dll
2008-07-06 15:00:06 81920 --a------ F:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-07-06 14:59:53 682496 --a------ F:\WINDOWS\system32\divx.dll <Not Verified; DivX, Inc.; DivX®>
2008-07-06 14:59:48 7680 --a------ F:\WINDOWS\system32\ff_vfw.dll
2008-07-06 14:59:42 0 d-------- F:\Archivos de programa\K-Lite Codec Pack
2008-07-06 14:29:23 31232 --a------ F:\WINDOWS\system\vdremote.dll <Not Verified; ; VirtualDub>
2008-07-06 14:29:22 25088 --a------ F:\WINDOWS\system\vdsvrlnk.dll <Not Verified; ; VirtualDub>
2008-07-06 14:05:08 0 d-------- F:\Archivos de programa\VideoLAN
2008-06-21 16:53:07 0 d-------- F:\Archivos de programa\TuneUp Utilities 2008
2008-06-21 16:52:32 0 d-------- F:\Archivos de programa\Archivos comunes\Wise Installation Wizard


-- Find3M Report ---------------------------------------------------------------

2008-07-14 11:57:41 0 d-------- F:\Documents and Settings\Administrador\Datos de programa\Skype
2008-07-14 10:12:10 664 --a------ F:\WINDOWS\system32\d3d9caps.dat
2008-07-14 09:34:47 0 d-------- F:\Documents and Settings\Administrador\Datos de programa\Malwarebytes
2008-07-13 13:28:30 0 d-------- F:\Documents and Settings\Administrador\Datos de programa\Apple Computer
2008-07-09 11:19:09 0 d-------- F:\Documents and Settings\Administrador\Datos de programa\VersionTracker Pro
2008-07-06 20:49:41 0 d-------- F:\Documents and Settings\Administrador\Datos de programa\TmpRecentIcons
2008-07-06 20:44:14 0 d-------- F:\Documents and Settings\Administrador\Datos de programa\Pegasys Inc
2008-07-06 16:41:19 0 d-------- F:\Documents and Settings\Administrador\Datos de programa\Media Player Classic
2008-07-06 14:05:39 0 d-------- F:\Documents and Settings\Administrador\Datos de programa\vlc
2008-06-21 16:52:32 0 d-------- F:\Archivos de programa\Archivos comunes
2008-06-14 13:26:56 0 d-------- F:\Documents and Settings\Administrador\Datos de programa\Uniblue
2008-06-10 10:00:17 0 d-------- F:\Documents and Settings\Administrador\Datos de programa\skypePM
2008-05-26 20:38:55 0 d-------- F:\Archivos de programa\Windows Live Safety Center
2008-05-06 20:07:02 11411763 --a------ F:\Archivos de programa\BizAgiPMSetup.exe <Not Verified; BizAgi; BizAgi Proces>
2008-05-05 09:36:55 2552 --a------ F:\WINDOWS\unins000.dat
2008-05-05 09:35:20 691545 --a------ F:\WINDOWS\unins000.exe
2008-04-28 20:12:54 1740 --a------ F:\WINDOWS\mozver.dat
2008-04-25 11:20:10 96605 --a------ F:\WINDOWS\hpqins16.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2EB0AA53-D8ED-4C8A-8EFD-5E966BB8B099}]
F:\WINDOWS\system32\urqRJAqR.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
25/04/2008 18:22 62728 --a------ F:\Archivos de programa\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [28/03/2006 17:38 F:\WINDOWS\KHALMNPR.Exe]
"EPSON Stylus CX3700 Series"="F:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACL.exe" [07/02/2005 05:00]
"HP Software Update"="F:\Archivos de programa\HP\HP Software Update\HPWuSchd2.exe" [08/05/2007 08:24]
"iTunesHelper"="F:\Archivos de programa\iTunes\iTunesHelper.exe" [04/02/2008 14:18]
"AVP"="F:\Archivos de programa\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [25/04/2008 18:21]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="F:\WINDOWS\system32\ctfmon.exe" [19/08/2004 07:42]
"SpybotSD TeaTimer"="F:\Archivos de programa\Spybot - Search & Destroy\TeaTimer.exe" [07/07/2008 09:42]
"msnmsgr"="F:\Archivos de programa\MSN Messenger\msnmsgr.exe" [19/01/2007 04:55]
"Skype"="F:\Archivos de programa\Skype\Phone\Skype.exe" [01/02/2008 17:22]
"Picasa Media Detector"="F:\Archivos de programa\Picasa2\PicasaMediaDetector.exe" [23/10/2007 15:18]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"nltide3"=cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Picasa Media Detector"=F:\Archivos de programa\Picasa2\PicasaMediaDetector.exe
"ntuser"=F:\WINDOWS\system32\drivers\spools.exe
"autoload"=F:\Documents and Settings\LocalService\cftmon.exe

F:\Documents and Settings\All Users\Men£ Inicio\Programas\Inicio\
VersionTrackerPro.lnk - F:\WINDOWS\Installer\{64A32253-A906-4AEB-B6A7-A90512B68D87}\New_Shortcut_S1699_A8EB5A2133B04A97AEEFDFB17E2E701D.exe [07/07/2008 12:33:46]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableStatusMessages"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=0 (0x0)
"DisableRegistryTools"=0 (0x0)
"NoDispCPL"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoDesktopCleanupWizard"=1 (0x1)
"ForceClassicControlPanel"=1 (0x1)
"LinkResolveIgnoreLinkInfo"=0 (0x0)
"NoResolveSearch"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"=1 (0x1)
"NoStartBanner"=1 (0x1)
"NoSMHelp"=1 (0x1)
"NoSMConfigurePrograms"=1 (0x1)
"NoSMMyPictures"=1 (0x1)
"NoLowDiskSpaceChecks"=1 (0x1)
"NoResolveTrack"=1 (0x1)
"NoResolveSearch"=1 (0x1)
"LinkResolveIgnoreLinkInfo"=0 (0x0)
"NoStartMenuMorePrograms"=0 (0x0)
"NoSetFolders"=0 (0x0)
"StartMenuLogOff"=0 (0x0)
"NoToolbarCustomize"=0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"=1 (0x1)
"NoStartBanner"=1 (0x1)
"NoSMHelp"=1 (0x1)
"NoSMConfigurePrograms"=1 (0x1)
"NoSMMyPictures"=1 (0x1)
"NoLowDiskSpaceChecks"=1 (0x1)
"NoResolveTrack"=1 (0x1)
"LinkResolveIgnoreLinkInfo"=1 (0x1)
"NoResolveSearch"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mlJYoljK]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=F:\ARCHIV~1\Kaspersky Lab\Kaspersky Internet Security 2009\mzvkbd.dll,F:\ARCHIV~1\Kaspersky Lab\Kaspersky Internet Security 2009\adialhk.dll,F:\ARCHIV~1\Kaspersky Lab\Kaspersky Internet Security 2009\kloehk.dll,

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 F:\WINDOWS\system32\urqRJAqR

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OneCareMP"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\autoload]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService Alerter WebClient LmHosts upnphost SSDPSRV


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6e62acda-e485-11dc-86d9-0048548149de}]
AutoRun\command- F:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a76d3013-a920-11dc-868f-0048548149de}]
Auto\command- adp.exe
AutoRun\command- F:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL adp.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ca6764c3-8a0c-11dc-864e-0048548149de}]

*Newly Created Service* - MBAMCATCHME



Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: Spanish

CPU 0: AMD Athlon™ Processor
Percentage of Memory in Use: 49%
Physical Memory (total/avail): 511.48 MiB / 256.48 MiB
Pagefile Memory (total/avail): 1248.72 MiB / 1050.31 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1924.52 MiB

C: is Removable (FAT)
D: is CDROM (No Media)
E: is CDROM (No Media)
F: is Fixed (NTFS) - 186.3 GiB total, 174.21 GiB free.
G: is Removable (FAT32)
H: is Removable (FAT)

\\.\PHYSICALDRIVE0 - SAMSUNG SP2014N - 186.31 GiB - 1 partition
\PARTITION0 (bootable) - Sistema de archivos instalables - 186.3 GiB - F:

\\.\PHYSICALDRIVE1 - Kingston DataTraveler 2.0 USB Device - 980.53 MiB - 1 partition
\PARTITION0 (bootable) - Win95 con Inter. 13 extendida - 983.98 MiB - C:

\\.\PHYSICALDRIVE2 - USB 2.0 Flash Disk USB Device - 486.34 MiB - 1 partition
\PARTITION0 (bootable) - MS-DOS V4 Huge - 491.98 MiB - H:

\\.\PHYSICALDRIVE3 - USB 2.0 USB Flash Drive USB Device - 7.53 GiB - 1 partition
\PARTITION0 (bootable) - Unknown - 7.53 GiB - G:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

Unable to create WMI object.

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=F:\Documents and Settings\All Users
APPDATA=F:\Documents and Settings\Administrador\Datos de programa
CLASSPATH=.;F:\Archivos de programa\Java\jre1.6.0\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=F:\Archivos de programa\Archivos comunes
COMPUTERNAME=DESKTOP
ComSpec=F:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=F:
HOMEPATH=\Documents and Settings\Administrador
LOGONSERVER=\\DESKTOP
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=F:\WINDOWS\system32;F:\WINDOWS;F:\WINDOWS\System32\Wbem;F:\Archivos de programa\QuickTime Alternative\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 4 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0402
ProgramFiles=F:\Archivos de programa
PROMPT=$P$G
QTJAVA=F:\Archivos de programa\Java\jre1.6.0\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=F:
SystemRoot=F:\WINDOWS
TEMP=F:\Windows\Temp\
TMP=F:\Windows\Temp\
USERDOMAIN=DESKTOP
USERNAME=Administrador
USERPROFILE=F:\Documents and Settings\Administrador
windir=F:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Administrador (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 F:\WINDOWS\INF\PCHealth.inf
Actualización de seguridad para el Reproductor de Windows Media 11 (KB936782) --> "F:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB918118) --> "F:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB921503) --> "F:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB924667) --> "F:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB925902) --> "F:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB926436) --> "F:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB927779) --> "F:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB927802) --> "F:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB928255) --> "F:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB928843) --> "F:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB929123) --> "F:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB930178) --> "F:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB931261) --> "F:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB931784) --> "F:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB932168) --> "F:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB933729) --> "F:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB935839) --> "F:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB935840) --> "F:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB936021) --> "F:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB937894) --> "F:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB938829) --> "F:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB939653) --> "F:\WINDOWS\$NtUninstallKB939653$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB941202) --> "F:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB941568) --> "F:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB941569) --> "F:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB941644) --> "F:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB941693) --> "F:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB943055) --> "F:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB943460) --> "F:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB943485) --> "F:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB944653) --> "F:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB945553) --> "F:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB946026) --> "F:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB948590) --> "F:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB948881) --> "F:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB950749) --> "F:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB950760) --> "F:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB950762) --> "F:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB951376-v2) --> "F:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB951376) --> "F:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB951698) --> "F:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Actualización para Windows XP (KB914882) --> "F:\WINDOWS\$NtUninstallKB914882$\spuninst\spuninst.exe"
Actualización para Windows XP (KB923845) --> "F:\WINDOWS\$NtUninstallKB923845$\spuninst\spuninst.exe"
Actualización para Windows XP (KB927891) --> "F:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Actualización para Windows XP (KB930916) --> "F:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Actualización para Windows XP (KB932823-v3) --> "F:\WINDOWS\$NtUninstallKB932823-v3$\spuninst\spuninst.exe"
Actualización para Windows XP (KB933360) --> "F:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe"
Actualización para Windows XP (KB938828) --> "F:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Actualización para Windows XP (KB942763) --> "F:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Adobe Flash Player 9 ActiveX --> F:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Reader 7.0.8 - Español --> MsiExec.exe /I{AC76BA86-7AD7-1034-7B44-A70800000002}
Adobe Shockwave Player --> MsiExec.exe /X{43BFB9E2-169C-46A9-BB81-141A37FD9750}
Advanced WindowsCare Personal --> "F:\Archivos de programa\IObit\Advanced WindowsCare V2\unins000.exe"
Apple Mobile Device Support --> MsiExec.exe /I{D8AB8F0C-CEEB-4A29-8EF5-219B064813F4}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
µTorrent --> "F:\Archivos de programa\uTorrent\uTorrent.exe" /UNINSTALL
Avanquest update --> RunDll32 F:\ARCHIV~1\ARCHIV~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "F:\Archivos de programa\InstallShield Installation Information\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}\setup.exe" -l0x9 -removeonly
BizAgi Process Modeler --> "F:\Archivos de programa\InstallShield Installation Information\{854D03B0-4410-4784-9A6C-9CF8F747586F}\setup.exe" -runfromtemp -l0x040a -removeonly
BizAgi Process Modeler --> MsiExec.exe /I{854D03B0-4410-4784-9A6C-9CF8F747586F}
Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
Business Plan Pro 2004 --> MsiExec.exe /X{C7BA228D-D0E9-44E5-B0B6-7AD4B0D6EBB0}
Business Plan Pro 2007 --> MsiExec.exe /X{20585CDC-114E-4372-986A-0686B1A37A30}
Cliente de Windows Rights Management con Service Pack 2 --> MsiExec.exe /X{169A15A0-6131-4274-8A8B-7E50702A1F52}
Compatibility Pack for the 2007 Office system --> MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Compresor WinRAR --> F:\Archivos de programa\WinRAR\uninstall.exe
DAMN NFO Viewer Setup --> MsiExec.exe /I{D5DE2E28-2BA1-4CF8-A4C5-D3D2AE0A9E38}
Google Earth --> MsiExec.exe /I{97C0EA4A-1A0B-4C53-ACEB-49984DA79C90}
HijackThis 2.0.2 --> "F:\Archivos de programa\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HP Photosmart and Deskjet 7.0 Software (esn) --> F:\Archivos de programa\HP\Digital Imaging\{76BEC1D7-8A9F-472D-84C7-014BB155E4B2}\setup\hpzscr01.exe -datfile hphscr11.dat -showdisconnect -forcereboot
HP Photosmart Essential --> MsiExec.exe /X{EB21A812-671B-4D08-B974-2A347F0D8F70}
HP Update --> MsiExec.exe /X{25F6C900-C138-4888-A56C-91D3D063023A}
Image Resizer Powertoy for Windows XP --> MsiExec.exe /I{1CB92574-96F2-467B-B793-5CEB35C40C29}
IrfanView (remove only) --> F:\Archivos de programa\IrfanView\iv_uninstall.exe
iTunes --> MsiExec.exe /I{02DFB3FD-CF52-4183-8BCA-2A127D4888F4}
Java™ SE Runtime Environment 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}
K-Lite Codec Pack 3.9.5 (Full) --> "F:\Archivos de programa\K-Lite Codec Pack\unins000.exe"
Kaspersky Internet Security 2009 --> MsiExec.exe /I{8CB14A64-CEF4-4C8F-B1C8-1C3B8752CB55}
Kaspersky Internet Security 2009 --> MsiExec.exe /I{8CB14A64-CEF4-4C8F-B1C8-1C3B8752CB55}
KhalSetup --> MsiExec.exe /I{EE7B9A8D-19F0-450D-8E94-3E391E6044CD}
Logitech Desktop Messenger --> RunDll32 F:\ARCHIV~1\ARCHIV~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "F:\Archivos de programa\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\SETUP.exe" -l0xa UNINSTALL -removeonly
Logitech SetPoint --> RunDll32 F:\ARCHIV~1\ARCHIV~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "F:\Archivos de programa\InstallShield Installation Information\{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}\setup.exe" -l0xa -removeonly
Microsoft Compression Client Pack 1.0 for Windows XP --> "F:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110C0A-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "F:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Motorola Phone Tools --> RunDll32 F:\ARCHIV~1\ARCHIV~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "F:\Archivos de programa\InstallShield Installation Information\{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}\setup.exe" -l0x9 -removeonly
Mozilla Firefox (3.0) --> F:\Archivos de programa\Mozilla Firefox\uninstall\helper.exe
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{79ACDEE9-29B6-4E2A-8C65-4352774D5BEA}
MyHeritage Family Tree Builder --> F:\Archivos de programa\MyHeritage\Bin\Uninstall.exe
Nero 7.5.9.0 --> "F:\Archivos de programa\Nero\unins000.exe"
OE-Mail Recovery 1.7 --> "F:\Archivos de programa\OE-Mail Recovery\unins000.exe"
Panda ActiveScan 2.0 --> F:\Archivos de programa\Panda Security\ActiveScan 2.0\as2uninst.exe
Picasa 2 --> "F:\Archivos de programa\Picasa2\Uninstall.exe"
QuickTime --> MsiExec.exe /I{BFD96B89-B769-4CD6-B11E-E79FFD46F067}
QuickTime Alternative 1.76 --> "F:\Archivos de programa\QuickTime Alternative\unins000.exe"
Real Alternative 1.51 Lite --> "F:\Archivos de programa\Real Alternative\unins000.exe"
RegistryFix v3.0 --> "F:\Archivos de programa\RegistryFix\unins000.exe"
Revisión para el Reproductor de Windows Media 11 (KB939683) --> "F:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Skype™ 3.6 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Software de impresora EPSON --> F:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
SP2 con compatibilidad hacia atrás con cliente de Windows Rights Management --> MsiExec.exe /X{EC905264-BCFE-423B-9C42-C3A106266790}
Spybot - Search & Destroy --> "F:\Archivos de programa\Spybot - Search & Destroy\unins001.exe"
Spybot - Search & Destroy 1.5.2.20 --> "F:\WINDOWS\unins000.exe"
Strategy Map Balanced Scorecard --> MsiExec.exe /I{D2F663B9-FE0E-4F14-8E68-6E1025892BB6}
SWiSH Lite v1.52 --> F:\WINDOWS\unvise32.exe F:\Archivos de programa\SWiSH Lite v1.52\uninstal.log
The Logo Creator v3 --> F:\WINDOWS\unvise32.exe F:\Archivos de programa\The Logo Creator v3\uninstal.log
TMPGEnc DVD Author 3 with DivX Authoring Trial Version --> MsiExec.exe /I{CA1B72E0-0FBD-4F5B-B0F2-284F437077F9}
TuneUp Utilities 2008 --> MsiExec.exe /I{5888428E-699C-4E71-BF71-94EE06B497DA}
Unlocker 1.8.5 --> F:\Archivos de programa\Unlocker\uninst.exe
VersionTracker Pro Windows --> MsiExec.exe /X{64A32253-A906-4AEB-B6A7-A90512B68D87}
VideoLAN VLC media player 0.8.6h --> F:\Archivos de programa\VideoLAN\VLC\uninstall.exe
Winamp AudioPlayer --> MsiExec.exe /I{DEFBFC15-066D-4596-8DC0-91B04BAA2CE2}
Windows Live Messenger --> MsiExec.exe /I{1692CC0E-8798-493A-9580-23555E21C14B}
Windows Live OneCare safety scanner --> RunDll32.exe "F:\Archivos de programa\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Live Sign-in Assistant --> MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7}
Windows Media Format 11 runtime --> "F:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"


-- Application Event Log -------------------------------------------------------

Event Record #/Type2796 / Error
Event Submitted/Written: 07/14/2008 09:13:48 AM
Event ID/Source: 8 / crypt32
Event Description:
Error en la recuperación de actualización automática del número de secuencia de la lista raíz de terceros de: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> con el error: El servidor especificado no puede ejecutar la operación solicitada.

Event Record #/Type2795 / Error
Event Submitted/Written: 07/14/2008 09:13:48 AM
Event ID/Source: 8 / crypt32
Event Description:
Error en la recuperación de actualización automática del número de secuencia de la lista raíz de terceros de: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> con el error: Esta operación ha regresado debido a que el tiempo de espera ha caducado.

Event Record #/Type2761 / Error
Event Submitted/Written: 07/07/2008 01:02:49 AM
Event ID/Source: 8 / crypt32
Event Description:
Error en la recuperación de actualización automática del número de secuencia de la lista raíz de terceros de: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> con el error: Esta operación ha regresado debido a que el tiempo de espera ha caducado.

Event Record #/Type2755 / Error
Event Submitted/Written: 07/06/2008 10:49:42 PM
Event ID/Source: 1008 / MsiInstaller
Event Description:
La instalación de F:\Documents and Settings\All Users\Datos de programa\Kaspersky Lab Setup Files\Kaspersky Internet Security 2009\english\kis.en.msi no está permitida debido a un error en el proceso de directiva de restricción del software. No hay confianza en el objeto.

Event Record #/Type2599 / Success
Event Submitted/Written: 07/04/2008 08:25:18 AM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type12789 / Error
Event Submitted/Written: 07/14/2008 08:36:21 AM / 07/14/2008 08:36:51 AM
Event ID/Source: 4 / ACPI
Event Description:
AMLI: la BIOS ACPI está intentando leer desde una dirección de puerto E/S no válida (0x71), que se
encuentra en el intervalo de dirección protegido 0x70 - 0x71. Esto puede llevar a una inestabilidad del sistema. Póngase en contacto con el proveedor del equipo para obtener asistencia técnica.

Event Record #/Type12788 / Error
Event Submitted/Written: 07/14/2008 08:36:21 AM / 07/14/2008 08:36:51 AM
Event ID/Source: 5 / ACPI
Event Description:
AMLI: la BIOS ACPI está intentando escribir en una dirección de puerto E/S no válida (0x70), que se encuentra
en el intervalo de dirección protegido 0x70 - 0x71. Esto puede llevar a una inestabilidad del sistema. Póngase en contacto con el proveedor del equipo para obtener asistencia técnica.

Event Record #/Type12787 / Error
Event Submitted/Written: 07/14/2008 08:36:21 AM / 07/14/2008 08:36:51 AM
Event ID/Source: 4 / ACPI
Event Description:
AMLI: la BIOS ACPI está intentando leer desde una dirección de puerto E/S no válida (0xcfc), que se
encuentra en el intervalo de dirección protegido 0xcf8 - 0xcff. Esto puede llevar a una inestabilidad del sistema. Póngase en contacto con el proveedor del equipo para obtener asistencia técnica.

Event Record #/Type12786 / Error
Event Submitted/Written: 07/14/2008 08:36:21 AM / 07/14/2008 08:36:51 AM
Event ID/Source: 5 / ACPI
Event Description:
AMLI: la BIOS ACPI está intentando escribir en una dirección de puerto E/S no válida (0xcf8), que se encuentra
en el intervalo de dirección protegido 0xcf8 - 0xcff. Esto puede llevar a una inestabilidad del sistema. Póngase en contacto con el proveedor del equipo para obtener asistencia técnica.

Event Record #/Type12782 / Warning
Event Submitted/Written: 07/14/2008 00:33:25 AM
Event ID/Source: 36 / W32Time
Event Description:
El servicio de hora no ha podido sincronizar la hora del sistema en 49152
segundos porque ninguno de los proveedores de hora ha podido proporcionar
un sello de hora que se pueda usar. El reloj del sistema no está sincronizado.



-- End of Deckard's System Scanner: finished at 2008-07-14 09:16:25 ------------



-- End of Deckard's System Scanner: finished at 2008-07-14 13:22:50 ------------



Malwarebytes* log [MBAL]:

Malwarebytes' Anti-Malware 1.20
Database version: 948
Windows 5.1.2600 Service Pack 2

10:07:19 14/07/2008
mbam-log-7-14-2008 (10-07-15).txt

Scan type: Full Scan (C:\|D:\|E:\|F:\|G:\|H:\|)
Objects scanned: 74327
Time elapsed: 29 minute(s), 12 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 25
Registry Values Infected: 1
Registry Data Items Infected: 6
Folders Infected: 1
Files Infected: 10

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
F:\WINDOWS\system32\mlJYoljK.dll (Trojan.Vundo) -> No action taken.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{3ba3028f-fd37-46bf-ad27-733734684f06} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3ba3028f-fd37-46bf-ad27-733734684f06} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\mljyoljk (Trojan.Vundo) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{101900f3-7aeb-4e3b-b4cc-dcb483b3b92f} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{9c7e91a9-0001-4c4e-bcc2-a56bc8329049} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{a59c4135-df7a-4666-8129-478376867b3c} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{8663655c-f6d4-4520-859e-67008902a889} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{f70c9bf7-63da-40cc-a57c-b874b07259e0} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{7f62b052-bbd3-476f-a8d5-aea51d86367a} (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{00576f91-ea22-4a63-8057-22617a3e76d2} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{0df5c312-d7a6-435f-914d-864f468fbb05} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{15e25b67-3213-4730-83d7-95ac43bbbea3} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{2f65c187-0822-4baf-b7bf-4997184064a0} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{37b31234-a8e9-41d3-968b-021b3ed6acec} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{37eef9dd-d2b3-407f-b0a5-dbfc1e1eb318} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{449681ce-23b6-4110-a061-e75f616a86eb} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{70a85a38-8b16-4433-b33b-9f6cb69a5086} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{74534478-518d-4462-bff0-8aa7fccaf15b} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{7b445151-8296-4686-bfff-2f20a4fc2418} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{902a904e-daa7-4af7-9592-3da07a574a80} (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSPlugin (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\nqgpedlr.bxod (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\nqgpedlr.toolbar.1 (Trojan.FakeAlert) -> No action taken.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{3ba3028f-fd37-46bf-ad27-733734684f06} (Trojan.Vundo) -> No action taken.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProductId (Trojan.FakeAlert) -> Bad: (VIRUS ALERT!) Good: (55274-640-4350801-23997) -> No action taken.
HKEY_CURRENT_USER\Control Panel\International\sTimeFormat (Trojan.FakeAlert) -> Bad: (HH:mm: VIRUS ALERT!) Good: (H:mm:ss) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives (Hijack.Drives) -> Bad: (12) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoToolbarCustomize (Hijack.Explorer) -> Bad: (1) Good: (0) -> No action taken.

Folders Infected:
F:\Archivos de programa\PCHealthCenter (Trojan.Fakealert) -> No action taken.

Files Infected:
F:\WINDOWS\system32\mlJYoljK.dll (Trojan.Vundo) -> No action taken.
F:\WINDOWS\kgqfweltmrg.dll (Trojan.FakeAlert) -> No action taken.
F:\WINDOWS\esrp.exe (Trojan.FakeAlert) -> No action taken.
F:\Archivos de programa\PCHealthCenter\0.gif (Trojan.Fakealert) -> No action taken.
F:\Archivos de programa\PCHealthCenter\1.gif (Trojan.Fakealert) -> No action taken.
F:\Archivos de programa\PCHealthCenter\2.gif (Trojan.Fakealert) -> No action taken.
F:\Archivos de programa\PCHealthCenter\3.gif (Trojan.Fakealert) -> No action taken.
F:\Archivos de programa\PCHealthCenter\sc.html (Trojan.Fakealert) -> No action taken.
F:\WINDOWS\mrvtdpqe.exe (Trojan.FakeAlert) -> No action taken.
F:\WINDOWS\axrfgvek.dll (Trojan.FakeAlert) -> No action taken.




Spybot Search and Destroy Log [SSDL] :


--- Report generated: 2008-07-06 23:40 ---

Smitfraud-C.gp: [SBI $901C9C72] Enlace (Archivo, fixed)
F:\Documents and Settings\Administrador\Favoritos\Error Cleaner.url

Smitfraud-C.gp: [SBI $A66DB21C] Enlace (Archivo, fixed)
F:\Documents and Settings\Administrador\Favoritos\Privacy Protector.url

Smitfraud-C.gp: [SBI $472076AC] Enlace (Archivo, fixed)
F:\Documents and Settings\Administrador\Favoritos\Spyware&Malware Protection.url

Microsoft.Windows.Explorer: [SBI $4272AA01] Configuración del usuario (Cambio en el registro, fixed)
HKEY_USERS\S-1-5-21-1715567821-764733703-1060284298-500\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetFolders

Microsoft.Windows.System: [SBI $8E2F7540] Configuración del usuario (Cambio en el registro, fixed)
HKEY_USERS\S-1-5-21-1715567821-764733703-1060284298-500\Software\Microsoft\Windows\CurrentVersion\Policies\System\NoDispCpl

Microsoft.WindowsSecurityCenter.TaskManager: [SBI $FD4267D3] Configuración (Cambio en el registro, fixed)
HKEY_USERS\S-1-5-21-1715567821-764733703-1060284298-500\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr

Microsoft.WindowsSecurityCenter.RegistryTools: [SBI $D60CD1E3] Configuración (Cambio en el registro, fixed)
HKEY_USERS\S-1-5-21-1715567821-764733703-1060284298-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\DisableRegistryTools

Microsoft.Windows.System: [SBI $38594624] Configuración (Cambio en el registro, fixed)
HKEY_USERS\S-1-5-21-1715567821-764733703-1060284298-500\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoStartMenuMorePrograms

Zlob.Downloader.vcd: [SBI $3A7819FB] Configuración de desinstalación (Clave del registro, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WebVideo

Zlob.Downloader.vcd: [SBI $3A7819FB] Configuración de desinstalación (Clave del registro, fixing failed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WebVideo

Virtumonde.dll: [SBI $7442D4BC] Biblioteca (Archivo, fixed)
F:\WINDOWS\system32\urqRJAqR.dll

Virtumonde.dll: [SBI $960C7A04] Objeto ayudante del navegador (Clave del registro, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EB0AA53-D8ED-4C8A-8EFD-5E966BB8B099}

Virtumonde.dll: [SBI $960C7A04] ID de clase (Clave del registro, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2EB0AA53-D8ED-4C8A-8EFD-5E966BB8B099}

Virtumonde.dll: [SBI $960C7A04] Objeto ayudante del navegador (Clave del registro, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EB0AA53-D8ED-4C8A-8EFD-5E966BB8B099}

Virtumonde.dll: [SBI $960C7A04] ID de clase (Clave del registro, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2EB0AA53-D8ED-4C8A-8EFD-5E966BB8B099}

Zlob.Downloader.bs: [SBI $0D9D15D5] Biblioteca (Archivo, fixed)
F:\WINDOWS\okmdepgb.dll

Zlob.Downloader.bs: [SBI $AC0911AB] Biblioteca (Archivo, fixed)
F:\WINDOWS\nqgpedlr.dll

DoubleClick: Cookie de seguimiento (Internet Explorer: Administrador) (Cookie, fixed)


WebTrends live: Cookie de seguimiento (Internet Explorer: Administrador) (Cookie, fixed)



--- Spybot - Search & Destroy version: 1.5.2 (build: 20080128) ---

2008-01-28 blindman.exe (1.0.0.7)
2008-01-28 SDDelFile.exe (1.0.2.4)
2008-01-28 SDMain.exe (1.0.0.5)
2007-10-07 SDShred.exe (1.0.1.2)
2008-01-28 SDUpdate.exe (1.0.8.8)
2008-01-28 SDWinSec.exe (1.0.0.11)
2008-01-28 SpybotSD.exe (1.5.2.20)
2008-01-28 TeaTimer.exe (1.5.2.16)
2007-10-25 unins000.exe (51.41.0.0)
2008-05-20 unins001.exe (51.49.0.0)
2008-01-28 Update.exe (1.4.0.6)
2008-01-28 advcheck.dll (1.5.4.5)
2007-04-02 aports.dll (2.1.0.0)
2005-05-30 borlndmm.dll (7.0.4.453)
2005-05-30 delphimm.dll (7.0.4.453)
2007-11-17 DelZip179.dll (1.79.7.4)
2008-01-28 SDFiles.dll (1.5.1.19)
2008-01-28 SDHelper.dll (1.5.0.11)
2008-01-28 Tools.dll (2.1.3.3)
2005-05-30 UnzDll.dll (1.73.1.1)
2005-05-30 ZipDll.dll (1.73.2.0)
2008-04-16 Includes\Adware.sbi (*)
2008-05-14 Includes\AdwareC.sbi (*)
2008-05-14 Includes\Cookies.sbi (*)
2007-12-26 Includes\Dialer.sbi (*)
2008-05-14 Includes\DialerC.sbi (*)
2008-05-14 Includes\HeavyDuty.sbi (*)
2008-04-30 Includes\Hijackers.sbi (*)
2008-05-14 Includes\HijackersC.sbi (*)
2008-04-30 Includes\Keyloggers.sbi (*)
2008-05-14 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2008-04-22 Includes\Malware.sbi (*)
2008-05-14 Includes\MalwareC.sbi (*)
2008-03-26 Includes\PUPS.sbi (*)
2008-05-14 Includes\PUPSC.sbi (*)
2008-05-14 Includes\Revision.sbi (*)
2008-01-09 Includes\Security.sbi (*)
2008-05-14 Includes\SecurityC.sbi (*)
2008-04-16 Includes\Spybots.sbi (*)
2008-05-14 Includes\SpybotsC.sbi (*)
2008-04-16 Includes\Spyware.sbi (*)
2008-05-14 Includes\SpywareC.sbi (*)
2007-11-06 Includes\Tracks.uti
2008-04-30 Includes\Trojans.sbi (*)
2008-05-14 Includes\TrojansC.sbi (*)
2007-12-24 Plugins\TCPIPAddress.dll

Edited by Nema, 14 July 2008 - 06:30 PM.


BC AdBot (Login to Remove)

 


#2 Nema

Nema
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:41 PM

Posted 21 July 2008 - 11:41 AM

I do think the computer is still infected with something, because Kaspersky recently placed under Low Restricted the following process:

sed.exe
regdump.bat
md5deep.exe
Inkread.vbs

My search for sed.exe and Inkread says that they are related to trojans and other undesirable malware.

I'll run Kaspersky, HJT and Malwarebytes shortly and post new logs.

Here is DSS log, which by the way, isn't creating "extra.txt":

Deckard's System Scanner v20071014.68
Run by Administrador on 2008-07-21 16:05:11
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Administrador.exe) ---------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:06:19, on 21/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\WINDOWS\Explorer.EXE
F:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
F:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACL.EXE
F:\Archivos de programa\HP\HP Software Update\HPWuSchd2.exe
F:\Archivos de programa\iTunes\iTunesHelper.exe
F:\Archivos de programa\Java\jre1.6.0_07\bin\jusched.exe
F:\WINDOWS\system32\ctfmon.exe
F:\Spybot - Search & Destroy\TeaTimer.exe
F:\WINDOWS\system32\bgsvcgen.exe
F:\Archivos de programa\Bonjour\mDNSResponder.exe
F:\WINDOWS\system32\pctspk.exe
F:\WINDOWS\system32\HPZipm12.exe
F:\Archivos de programa\iPod\bin\iPodService.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\WgaTray.exe
F:\Archivos de programa\Mozilla Firefox\firefox.exe
F:\Archivos de programa\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
F:\Archivos de programa\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
F:\Documents and Settings\Administrador\Escritorio\dss.exe
F:\ARCHIV~1\Trend Micro\HijackThis\Administrador.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://gmail.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: (no name) - {2EB0AA53-D8ED-4C8A-8EFD-5E966BB8B099} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - F:\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - F:\Archivos de programa\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Archivos de programa\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [EPSON Stylus CX3700 Series] F:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACL.EXE /P26 "EPSON Stylus CX3700 Series" /O6 "USB002" /M "Stylus CX3700"
O4 - HKLM\..\Run: [HP Software Update] F:\Archivos de programa\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [iTunesHelper] "F:\Archivos de programa\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVP] "F:\Archivos de programa\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Archivos de programa\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] F:\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [msnmsgr] "F:\Archivos de programa\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Skype] "F:\Archivos de programa\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Picasa Media Detector] F:\Archivos de programa\Picasa2\PicasaMediaDetector.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide2] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,L,,4,N (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'Servicio de red')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Servicio de red')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Global Startup: VersionTrackerPro.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://F:\ARCHIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Archivos de programa\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Archivos de programa\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - F:\Archivos de programa\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\ARCHIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/spanish/kavwebscan_unicode.cab
O18 - Protocol: bw+0 - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - F:\ARCHIV~1\ARCHIV~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: F:\ARCHIV~1\Kaspersky Lab\Kaspersky Internet Security 2009\mzvkbd.dll,F:\ARCHIV~1\Kaspersky Lab\Kaspersky Internet Security 2009\adialhk.dll,F:\ARCHIV~1\Kaspersky Lab\Kaspersky Internet Security 2009\kloehk.dll,
O20 - Winlogon Notify: mlJYoljK - F:\WINDOWS\
O23 - Service: Apple Mobile Device - Apple, Inc. - F:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - F:\Archivos de programa\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - F:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: Servicio Bonjour (Bonjour Service) - Apple Inc. - F:\Archivos de programa\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - F:\Archivos de programa\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - F:\Archivos de programa\Archivos comunes\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - F:\Archivos de programa\iPod\bin\iPodService.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - F:\WINDOWS\system32\pctspk.exe
O23 - Service: Pml Driver HPZ12 - HP - F:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - F:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 20401 bytes

-- Files created between 2008-06-21 and 2008-07-21 -----------------------------

2008-07-19 11:01:51 0 d-------- F:\Spybot - Search & Destroy
2008-07-18 16:14:17 0 d-------- F:\Malwarebytes' Anti-Malware
2008-07-14 16:18:55 0 d-------- F:\WINDOWS\system32\Kaspersky Lab
2008-07-14 14:23:12 0 d-------- F:\Archivos de programa\SpywareBlaster
2008-07-14 09:34:14 0 d-------- F:\Archivos de programa\Malwarebytes' Anti-Malware
2008-07-13 23:52:29 0 d-------- F:\Archivos de programa\RegistryFix
2008-07-08 17:50:48 0 d-------- F:\Archivos de programa\Trend Micro
2008-07-07 12:33:10 0 d-------- F:\Archivos de programa\TechTracker
2008-07-06 22:34:27 96966 --a------ F:\WINDOWS\system32\drivers\klin.dat
2008-07-06 22:34:26 88774 --a------ F:\WINDOWS\system32\drivers\klick.dat
2008-07-06 22:29:55 417824 --ahs---- F:\WINDOWS\system32\drivers\fidbox2.dat
2008-07-06 22:29:55 1526816 --ahs---- F:\WINDOWS\system32\drivers\fidbox.dat
2008-07-06 22:29:55 0 d-------- F:\Archivos de programa\Kaspersky Lab
2008-07-06 20:55:18 28424 --ahs---- F:\WINDOWS\system32\RqAJRqru.ini2
2008-07-06 20:41:07 33408 --a------ F:\WINDOWS\system32\drivers\CDRBSDRV.SYS <Not Verified; B.H.A Corporation; B's Recorder GOLD>
2008-07-06 20:40:26 0 d-------- F:\Archivos de programa\Pegasys Inc
2008-07-06 15:00:44 164352 --a------ F:\WINDOWS\system32\unrar.dll
2008-07-06 15:00:08 217088 --a------ F:\WINDOWS\system32\yv12vfw.dll <Not Verified; www.helixcommunity.org; Helix YV12 YUV Codec>
2008-07-06 15:00:07 159839 --a------ F:\WINDOWS\system32\xvidvfw.dll
2008-07-06 15:00:07 755027 --a------ F:\WINDOWS\system32\xvidcore.dll
2008-07-06 15:00:06 3596288 --a------ F:\WINDOWS\system32\qt-dx331.dll
2008-07-06 15:00:06 81920 --a------ F:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-07-06 14:59:53 682496 --a------ F:\WINDOWS\system32\divx.dll <Not Verified; DivX, Inc.; DivX®>
2008-07-06 14:59:48 7680 --a------ F:\WINDOWS\system32\ff_vfw.dll
2008-07-06 14:59:42 0 d-------- F:\Archivos de programa\K-Lite Codec Pack
2008-07-06 14:29:23 31232 --a------ F:\WINDOWS\system\vdremote.dll <Not Verified; ; VirtualDub>
2008-07-06 14:29:22 25088 --a------ F:\WINDOWS\system\vdsvrlnk.dll <Not Verified; ; VirtualDub>
2008-07-06 14:05:08 0 d-------- F:\Archivos de programa\VideoLAN
2008-06-21 16:53:07 0 d-------- F:\Archivos de programa\TuneUp Utilities 2008
2008-06-21 16:52:32 0 d-------- F:\Archivos de programa\Archivos comunes\Wise Installation Wizard


-- Find3M Report ---------------------------------------------------------------

2008-07-21 16:00:18 664 --a------ F:\WINDOWS\system32\d3d9caps.dat
2008-07-21 15:07:35 0 d-------- F:\Documents and Settings\Administrador\Datos de programa\Skype
2008-07-14 16:19:02 0 d-------- F:\Documents and Settings\Administrador\Datos de programa\VersionTracker Pro
2008-07-14 14:21:34 0 d-------- F:\Archivos de programa\Java
2008-07-14 09:34:47 0 d-------- F:\Documents and Settings\Administrador\Datos de programa\Malwarebytes
2008-07-13 13:28:30 0 d-------- F:\Documents and Settings\Administrador\Datos de programa\Apple Computer
2008-07-06 20:49:41 0 d-------- F:\Documents and Settings\Administrador\Datos de programa\TmpRecentIcons
2008-07-06 20:44:14 0 d-------- F:\Documents and Settings\Administrador\Datos de programa\Pegasys Inc
2008-07-06 16:41:19 0 d-------- F:\Documents and Settings\Administrador\Datos de programa\Media Player Classic
2008-07-06 14:05:39 0 d-------- F:\Documents and Settings\Administrador\Datos de programa\vlc
2008-06-21 16:52:32 0 d-------- F:\Archivos de programa\Archivos comunes
2008-06-14 13:26:56 0 d-------- F:\Documents and Settings\Administrador\Datos de programa\Uniblue
2008-06-10 10:00:17 0 d-------- F:\Documents and Settings\Administrador\Datos de programa\skypePM
2008-05-26 20:38:55 0 d-------- F:\Archivos de programa\Windows Live Safety Center
2008-05-06 20:07:02 11411763 --a------ F:\Archivos de programa\BizAgiPMSetup.exe <Not Verified; BizAgi; BizAgi Proces>
2008-05-05 09:36:55 2552 --a------ F:\WINDOWS\unins000.dat
2008-05-05 09:35:20 691545 --a------ F:\WINDOWS\unins000.exe
2008-04-28 20:12:54 1740 --a------ F:\WINDOWS\mozver.dat
2008-04-25 11:20:10 96605 --a------ F:\WINDOWS\hpqins16.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2EB0AA53-D8ED-4C8A-8EFD-5E966BB8B099}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
17/07/2008 14:10 62728 --a------ F:\Archivos de programa\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [28/03/2006 17:38 F:\WINDOWS\KHALMNPR.Exe]
"EPSON Stylus CX3700 Series"="F:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACL.exe" [07/02/2005 05:00]
"HP Software Update"="F:\Archivos de programa\HP\HP Software Update\HPWuSchd2.exe" [08/05/2007 08:24]
"iTunesHelper"="F:\Archivos de programa\iTunes\iTunesHelper.exe" [04/02/2008 14:18]
"AVP"="F:\Archivos de programa\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [25/04/2008 18:21]
"SunJavaUpdateSched"="F:\Archivos de programa\Java\jre1.6.0_07\bin\jusched.exe" [10/06/2008 04:27]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="F:\WINDOWS\system32\ctfmon.exe" [19/08/2004 07:42]
"SpybotSD TeaTimer"="F:\Spybot - Search & Destroy\TeaTimer.exe" [07/07/2008 09:42]
"msnmsgr"="F:\Archivos de programa\MSN Messenger\msnmsgr.exe" [19/01/2007 04:55]
"Skype"="F:\Archivos de programa\Skype\Phone\Skype.exe" [01/02/2008 17:22]
"Picasa Media Detector"="F:\Archivos de programa\Picasa2\PicasaMediaDetector.exe" [23/10/2007 15:18]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"nltide3"=cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Picasa Media Detector"=F:\Archivos de programa\Picasa2\PicasaMediaDetector.exe
"ntuser"=F:\WINDOWS\system32\drivers\spools.exe
"autoload"=F:\Documents and Settings\LocalService\cftmon.exe

F:\Documents and Settings\All Users\Men£ Inicio\Programas\Inicio\
VersionTrackerPro.lnk - F:\WINDOWS\Installer\{64A32253-A906-4AEB-B6A7-A90512B68D87}\New_Shortcut_S1699_A8EB5A2133B04A97AEEFDFB17E2E701D.exe [07/07/2008 12:33:46]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableStatusMessages"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=0 (0x0)
"DisableRegistryTools"=0 (0x0)
"NoDispCPL"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoDesktopCleanupWizard"=1 (0x1)
"ForceClassicControlPanel"=1 (0x1)
"LinkResolveIgnoreLinkInfo"=0 (0x0)
"NoResolveSearch"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"=1 (0x1)
"NoStartBanner"=1 (0x1)
"NoSMHelp"=1 (0x1)
"NoSMConfigurePrograms"=1 (0x1)
"NoSMMyPictures"=1 (0x1)
"NoLowDiskSpaceChecks"=1 (0x1)
"NoResolveTrack"=1 (0x1)
"NoResolveSearch"=1 (0x1)
"LinkResolveIgnoreLinkInfo"=0 (0x0)
"NoStartMenuMorePrograms"=0 (0x0)
"NoSetFolders"=0 (0x0)
"StartMenuLogOff"=0 (0x0)
"NoToolbarCustomize"=0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"=1 (0x1)
"NoStartBanner"=1 (0x1)
"NoSMHelp"=1 (0x1)
"NoSMConfigurePrograms"=1 (0x1)
"NoSMMyPictures"=1 (0x1)
"NoLowDiskSpaceChecks"=1 (0x1)
"NoResolveTrack"=1 (0x1)
"LinkResolveIgnoreLinkInfo"=1 (0x1)
"NoResolveSearch"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mlJYoljK]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=F:\ARCHIV~1\Kaspersky Lab\Kaspersky Internet Security 2009\mzvkbd.dll,F:\ARCHIV~1\Kaspersky Lab\Kaspersky Internet Security 2009\adialhk.dll,F:\ARCHIV~1\Kaspersky Lab\Kaspersky Internet Security 2009\kloehk.dll,

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 F:\WINDOWS\system32\urqRJAqR

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OneCareMP"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\autoload]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService Alerter WebClient LmHosts upnphost SSDPSRV


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6e62acda-e485-11dc-86d9-0048548149de}]
AutoRun\command- F:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a76d3013-a920-11dc-868f-0048548149de}]
Auto\command- adp.exe
AutoRun\command- F:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL adp.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ca6764c3-8a0c-11dc-864e-0048548149de}]




-- End of Deckard's System Scanner: finished at 2008-07-21 16:07:34 ------------


Kaspersky Online Scan:


Number of objects scanned 11640
Virus found 0
Objects infected 0 / 0
Suspectful objects 0
Scan duration: 00:22:19

Name of Infected object (?)
I do not know why the scan persist on doing it on spanish, so the above is a translation.


F:\WINDOWS\Debug\PASSWD.LOG Object is locked saltado
F:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked saltado
F:\WINDOWS\Sti_Trace.log Object is locked saltado
F:\WINDOWS\system32\CatRoot2\edb.log Object is locked saltado
F:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked saltado
F:\WINDOWS\system32\config\AppEvent.Evt Object is locked saltado
F:\WINDOWS\system32\config\default Object is locked saltado
F:\WINDOWS\system32\config\default.LOG Object is locked saltado
F:\WINDOWS\system32\config\Internet.evt Object is locked saltado
F:\WINDOWS\system32\config\SAM Object is locked saltado
F:\WINDOWS\system32\config\SAM.LOG Object is locked saltado
F:\WINDOWS\system32\config\SecEvent.Evt Object is locked saltado
F:\WINDOWS\system32\config\SECURITY Object is locked saltado
F:\WINDOWS\system32\config\SECURITY.LOG Object is locked saltado
F:\WINDOWS\system32\config\software Object is locked saltado
F:\WINDOWS\system32\config\software.LOG Object is locked saltado
F:\WINDOWS\system32\config\SysEvent.Evt Object is locked saltado
F:\WINDOWS\system32\config\system Object is locked saltado
F:\WINDOWS\system32\config\system.LOG Object is locked saltado
F:\WINDOWS\system32\drivers\fidbox.dat Object is locked saltado
F:\WINDOWS\system32\drivers\fidbox.idx Object is locked saltado
F:\WINDOWS\system32\drivers\fidbox2.dat Object is locked saltado
F:\WINDOWS\system32\drivers\fidbox2.idx Object is locked saltado
F:\WINDOWS\system32\drivers\sptd.sys Object is locked saltado
F:\WINDOWS\system32\h323log.txt Object is locked saltado
F:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked saltado
F:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked saltado
F:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked saltado
F:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked saltado
F:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked saltado
F:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked saltado
F:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked saltado
F:\WINDOWS\Temp\etilqs_wgg01vx6JRhcjxLYmiCb Object is locked saltado
F:\WINDOWS\wiadebug.log Object is locked saltado
F:\WINDOWS\wiaservc.log Object is locked saltado
F:\WINDOWS\WindowsUpdate.log Object is locked saltado
F:\Windows\Temp\etilqs_wgg01vx6JRhcjxLYmiCb Object is locked saltado
Análisis completado.


I haven't used MoveIt! nor ComboFix on my computer to get rid of the problems previously detected by Malwarebytes and Spybot, because I don´t want t tamper with the registry and ruin the computer. Any supervision will be appreciated!

Edited by Nema, 21 July 2008 - 06:36 PM.


#3 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:11:41 AM

Posted 27 July 2008 - 11:36 PM

Hello Nema,

We will run ComboFix.

You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert.
It is intended by its creator to be used under the guidance and supervision of an Malware Removal Expert, not for private use.

Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.


You need to disable your Kaspersky Antivirus and Spybot Teatimer before running ComboFix, as they will prevent it from running.


Disable TeaTimer by doing the following:
1) Run Spybot-S&D
2) Go to the Mode menu, and make sure "Advanced Mode" is selected
3) On the left hand side, choose Tools -> Resident
4) Uncheck "Resident TeaTimer" and OK any prompts

You can reenable TeaTimer once your system is clean.

To disable Kaspersky Antivirus:
Please navigate to the system tray on the bottom right hand corner and look for a Posted Image sign.
  • right click it-> select Pause Protection.
  • click on -> By User Request
  • a popup will claim that protection is now disabled and a sign like this: Posted Image will now be shown.
You succesfully disabled the Kaspersky Antivirus Guard.



Please visit this webpage for instructions for downloading and running ComboFix:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

To work properly, you must install ComboFix on the Desktop.

When following the instructions install the Windows XP Recovery Console if you are using XP. <== IMPORTANT
It is a simple procedure that will only take a few moments of your time. It is our safety net.


You DO NOT need to have the Windows CD to install Recovery Console!

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.


We need Recovery Console because malware damages a lot and causes an instable system - and because of that, it may happen that your computer won't be able to boot anymore. With the Recovery Console installed, there are extra options present to repair whatever malware damaged.
Also, even though you're not infected, the presence of the Recovery Console is a useful feature in case a computer won't boot anymore because of several other reasons. Read here what you can do with the Recovery Console.

Extra note: After you have installed the Recovery Console - if you reboot your computer, right after reboot, you'll see the option for the Recovery Console now as well.
Don't select to run the Recovery Console as we don't need it.
By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows.

A caution -
Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.
Do not run Combofix more than once.
Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

Post the ComboFix log.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#4 Nema

Nema
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:41 PM

Posted 28 July 2008 - 08:35 PM

Thank ou very much, Senpai SifuMike! Your humble pupil is ready to commence the lesson, but not before thanking honorable teacher for the enlightening knowledge you shall impart upon me.


Here is the log as you reuqested. Unfortunately, while checking the Taskbar I only checked running applications and terminated everything there, but some applications were left running as you'll see on the log. I did, however, suspend Kaspersky's protection as instructed, but it does still appear on the "log" after ComboFix made my computer to reboot.

Without further ado, the log:




ComboFix 08-07-28.4 - Administrador 2008-07-28 19:01:18.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.3082.18.229 [GMT -6:00]
Se ejecuta desde: F:\Documents and Settings\Administrador\Escritorio\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((( Otras eliminaciones )))))))))))))))))))))))))))))))))))))))))))))))))
.

F:\WINDOWS\system32\RqAJRqru.ini
F:\WINDOWS\system32\RqAJRqru.ini2

.
(((((((((((((((((( Archivos creados desde 2008-06-28 - 2008-07-29 )))))))))))))))))))))))))))))))))
.

2008-07-28 19:06 . 2008-07-28 19:06 <DIR> d-------- F:\WINDOWS\system32\xircom
2008-07-28 19:06 . 2008-07-28 19:06 <DIR> d-------- F:\WINDOWS\system32\oobe
2008-07-28 19:06 . 2008-07-28 19:06 <DIR> d-------- F:\WINDOWS\srchasst
2008-07-28 19:06 . 2008-07-28 19:06 <DIR> d-------- F:\WINDOWS\msagent
2008-07-28 19:06 . 2008-07-28 19:06 <DIR> d-------- F:\Archivos de programa\microsoft frontpage
2008-07-28 14:13 . 2008-07-28 18:53 <DIR> d-------- F:\WINDOWS\system32\CatRoot_bak
2008-07-19 11:01 . 2008-07-19 11:02 <DIR> d-------- F:\Spybot - Search & Destroy
2008-07-18 16:14 . 2008-07-18 16:14 <DIR> d-------- F:\Malwarebytes' Anti-Malware
2008-07-18 13:21 . 2008-07-18 13:21 307,968 --a------ F:\WINDOWS\system32\TuneUpDefragService.exe
2008-07-14 16:18 . 2008-07-14 16:18 <DIR> d-------- F:\WINDOWS\system32\Kaspersky Lab
2008-07-14 14:23 . 2008-07-21 09:59 <DIR> d-a------ F:\Documents and Settings\All Users\Datos de programa\TEMP
2008-07-14 14:23 . 2008-07-21 09:58 <DIR> d-------- F:\Archivos de programa\SpywareBlaster
2008-07-14 09:34 . 2008-07-14 09:34 <DIR> d-------- F:\Documents and Settings\All Users\Datos de programa\Malwarebytes
2008-07-14 09:34 . 2008-07-14 09:34 <DIR> d-------- F:\Documents and Settings\Administrador\Datos de programa\Malwarebytes
2008-07-14 09:34 . 2008-07-14 09:34 <DIR> d-------- F:\Archivos de programa\Malwarebytes' Anti-Malware
2008-07-14 09:34 . 2008-07-07 17:35 34,296 --a------ F:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-07-14 09:34 . 2008-07-07 17:35 17,144 --a------ F:\WINDOWS\system32\drivers\mbam.sys
2008-07-14 09:04 . 2008-07-14 09:04 <DIR> d-------- F:\Deckard
2008-07-13 23:52 . 2008-07-14 00:02 <DIR> d-------- F:\Archivos de programa\RegistryFix
2008-07-09 11:19 . 2008-07-14 16:19 <DIR> d-------- F:\Documents and Settings\Administrador\Datos de programa\VersionTracker Pro
2008-07-08 17:50 . 2008-07-08 17:50 <DIR> d-------- F:\Archivos de programa\Trend Micro
2008-07-07 12:33 . 2008-07-07 12:33 <DIR> d-------- F:\Archivos de programa\TechTracker
2008-07-06 23:39 . 2008-07-06 23:40 193 --a------ F:\WINDOWS\wininit.ini
2008-07-06 22:34 . 2008-07-24 09:04 96,559 --a------ F:\WINDOWS\system32\drivers\klin.dat
2008-07-06 22:34 . 2008-07-24 09:04 87,855 --a------ F:\WINDOWS\system32\drivers\klick.dat
2008-07-06 22:29 . 2008-07-28 18:45 <DIR> d-------- F:\Documents and Settings\All Users\Datos de programa\Kaspersky Lab
2008-07-06 22:29 . 2008-07-06 22:29 <DIR> d-------- F:\Archivos de programa\Kaspersky Lab
2008-07-06 22:29 . 2008-07-28 19:05 1,591,328 --ahs---- F:\WINDOWS\system32\drivers\fidbox.dat
2008-07-06 22:29 . 2008-07-28 19:05 458,784 --ahs---- F:\WINDOWS\system32\drivers\fidbox2.dat
2008-07-06 22:29 . 2008-07-28 19:05 13,512 --ahs---- F:\WINDOWS\system32\drivers\fidbox.idx
2008-07-06 22:29 . 2008-07-28 19:05 2,648 --ahs---- F:\WINDOWS\system32\drivers\fidbox2.idx
2008-07-06 21:56 . 2008-07-06 21:56 <DIR> d-------- F:\Documents and Settings\All Users\Datos de programa\Kaspersky Lab Setup Files
2008-07-06 20:44 . 2008-07-06 20:44 <DIR> d-------- F:\Documents and Settings\Administrador\Datos de programa\Pegasys Inc
2008-07-06 20:41 . 2008-07-06 20:39 145,504 --a------ F:\WINDOWS\system32\bgsvcgen.exe
2008-07-06 20:41 . 2008-07-06 20:39 59,488 --a------ F:\WINDOWS\system32\GenSvcInst.exe
2008-07-06 20:41 . 2008-07-06 20:39 33,408 --a------ F:\WINDOWS\system32\drivers\CDRBSDRV.SYS
2008-07-06 20:40 . 2008-07-06 20:40 <DIR> d-------- F:\Archivos de programa\Pegasys Inc
2008-07-06 16:41 . 2008-07-06 16:41 <DIR> d-------- F:\Documents and Settings\Administrador\Datos de programa\Media Player Classic
2008-07-06 15:00 . 2008-03-21 14:30 3,596,288 --a------ F:\WINDOWS\system32\qt-dx331.dll
2008-07-06 15:00 . 2008-01-10 06:15 755,027 --a------ F:\WINDOWS\system32\xvidcore.dll
2008-07-06 15:00 . 2006-09-24 09:11 389,120 --a------ F:\WINDOWS\system32\lameACM.acm
2008-07-06 15:00 . 2004-01-25 10:18 217,088 --a------ F:\WINDOWS\system32\yv12vfw.dll
2008-07-06 15:00 . 2007-09-04 10:56 164,352 --a------ F:\WINDOWS\system32\unrar.dll
2008-07-06 15:00 . 2008-01-10 06:16 159,839 --a------ F:\WINDOWS\system32\xvidvfw.dll
2008-07-06 15:00 . 2007-09-20 18:52 118,784 --a------ F:\WINDOWS\system32\ac3acm.acm
2008-07-06 15:00 . 2008-03-21 14:28 81,920 --a------ F:\WINDOWS\system32\dpl100.dll
2008-07-06 15:00 . 2007-10-03 09:03 414 --a------ F:\WINDOWS\system32\lame_acm.xml
2008-07-06 14:59 . 2008-07-06 15:00 <DIR> d-------- F:\Archivos de programa\K-Lite Codec Pack
2008-07-06 14:59 . 2008-03-31 15:25 682,496 --a------ F:\WINDOWS\system32\divx.dll
2008-07-06 14:59 . 2008-03-28 11:41 7,680 --a------ F:\WINDOWS\system32\ff_vfw.dll
2008-07-06 14:59 . 2007-07-10 10:10 547 --a------ F:\WINDOWS\system32\ff_vfw.dll.manifest
2008-07-06 14:29 . 2008-06-15 12:24 31,232 --a------ F:\WINDOWS\system\vdremote.dll
2008-07-06 14:29 . 2008-06-15 12:23 25,088 --a------ F:\WINDOWS\system\vdsvrlnk.dll
2008-07-06 14:05 . 2008-07-06 14:05 <DIR> d-------- F:\Documents and Settings\Administrador\Datos de programa\vlc
2008-07-06 14:05 . 2008-07-06 14:05 <DIR> d-------- F:\Archivos de programa\VideoLAN

.
(((((((((((((((((((((((((((((((((((((( Reporte Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-29 00:46 --------- d-----w F:\Documents and Settings\Administrador\Datos de programa\Skype
2008-07-19 17:03 --------- d-----w F:\Documents and Settings\All Users\Datos de programa\Spybot - Search & Destroy
2008-07-14 20:21 --------- d-----w F:\Archivos de programa\Java
2008-07-14 17:48 --------- d-----w F:\Archivos de programa\Spybot - Search & Destroy
2008-07-13 19:28 --------- d-----w F:\Documents and Settings\Administrador\Datos de programa\Apple Computer
2008-06-21 23:12 --------- d-----w F:\Archivos de programa\TuneUp Utilities 2008
2008-06-21 22:53 --------- d-----w F:\Documents and Settings\All Users\Datos de programa\TuneUp Software
2008-06-21 22:52 --------- d-----w F:\Archivos de programa\Archivos comunes\Wise Installation Wizard
2008-06-20 10:45 360,320 ----a-w F:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w F:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w F:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-14 19:26 --------- d-----w F:\Documents and Settings\Administrador\Datos de programa\Uniblue
2008-06-14 19:06 4,257,160 ----a-w F:\Archivos de programa\registrybooster2.exe
2008-06-14 19:00 4,511,192 ----a-w F:\Archivos de programa\speedupmypc3plc.exe
2008-06-14 17:59 272,512 ------w F:\WINDOWS\system32\drivers\bthport.sys
2008-06-10 16:00 --------- d-----w F:\Documents and Settings\Administrador\Datos de programa\skypePM
2008-05-29 17:48 4,190,768 ----a-w F:\Archivos de programa\registrybooster.exe
2008-05-07 02:07 11,411,763 ----a-w F:\Archivos de programa\BizAgiPMSetup.exe
2008-05-05 15:35 691,545 ----a-w F:\WINDOWS\unins000.exe
2008-02-20 18:29 32 ----a-w F:\Documents and Settings\All Users\Datos de programa\ezsid.dat
2007-11-28 23:26 374,692,124 ----a-w F:\Archivos de programa\OFFICE - Business Plan Pro 2004 + Serial.rar
2007-11-28 00:56 44,740,970 ----a-w F:\Archivos de programa\PaloAlto.Business.Plan.Pro.2007.Premier.Edition.v9.06.0006.Incl.Keymaker-ZWT.rar
2007-11-26 22:08 38,987 ----a-w F:\Archivos de programa\Business_Plan_Pro_Premier_Edition_2005_-'mininova.org'-.torrent
2007-11-19 17:28 92,064 ----a-w F:\Documents and Settings\Administrador\mqdmmdm.sys
2007-11-19 17:28 9,232 ----a-w F:\Documents and Settings\Administrador\mqdmmdfl.sys
2007-11-19 17:28 79,328 ----a-w F:\Documents and Settings\Administrador\mqdmserd.sys
2007-11-19 17:28 66,656 ----a-w F:\Documents and Settings\Administrador\mqdmbus.sys
2007-11-19 17:28 6,208 ----a-w F:\Documents and Settings\Administrador\mqdmcmnt.sys
2007-11-19 17:28 5,936 ----a-w F:\Documents and Settings\Administrador\mqdmwhnt.sys
2007-11-19 17:28 4,048 ----a-w F:\Documents and Settings\Administrador\mqdmcr.sys
2007-11-19 17:27 25,600 ----a-w F:\Documents and Settings\Administrador\usbsermptxp.sys
2007-11-19 17:27 22,768 ----a-w F:\Documents and Settings\Administrador\usbsermpt.sys
2002-09-06 22:13 944,797 ----a-w F:\Documents and Settings\Administrador\WinRar 3.00.exe
2002-09-06 22:11 4,608 ----a-w F:\Documents and Settings\Administrador\wrar26-3x crack.exe
.

((((((((((((((((((((((((((((((((( Cargando Puntos Reg ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* entradas vac¡as & entradas leg¡timas predeterminadas no son mostradas

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="F:\WINDOWS\system32\ctfmon.exe" [2004-08-19 07:42 15360]
"msnmsgr"="F:\Archivos de programa\MSN Messenger\msnmsgr.exe" [2007-01-19 04:55 5674352]
"Skype"="F:\Archivos de programa\Skype\Phone\Skype.exe" [2008-02-01 17:22 21898024]
"Picasa Media Detector"="F:\Archivos de programa\Picasa2\PicasaMediaDetector.exe" [2007-10-23 15:18 443968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EPSON Stylus CX3700 Series"="F:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACL.EXE" [2005-02-07 05:00 98304]
"HP Software Update"="F:\Archivos de programa\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 08:24 54840]
"iTunesHelper"="F:\Archivos de programa\iTunes\iTunesHelper.exe" [2008-02-04 14:18 267048]
"SunJavaUpdateSched"="F:\Archivos de programa\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2006-03-28 17:38 94208 F:\WINDOWS\KHALMNPR.Exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="F:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 07:42 15360]
"Picasa Media Detector"="F:\Archivos de programa\Picasa2\PicasaMediaDetector.exe" [2007-10-23 15:18 443968]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableStatusMessages"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoDesktopCleanupWizard"= 1 (0x1)
"ForceClassicControlPanel"= 1 (0x1)
"NoResolveSearch"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoResolveSearch"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoResolveSearch"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OneCareMP]
@=""
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\autoload

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"F:\\Archivos de programa\\MSN Messenger\\msnmsgr.exe"=
"F:\\Archivos de programa\\MSN Messenger\\livecall.exe"=
"F:\\Archivos de programa\\uTorrent\\uTorrent.exe"=
"F:\\Archivos de programa\\Bonjour\\mDNSResponder.exe"=
"F:\\Archivos de programa\\iTunes\\iTunes.exe"=
"F:\\Archivos de programa\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"F:\\Archivos de programa\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
"AllowInboundTimestampRequest"= 1 (0x1)
"AllowInboundMaskRequest"= 1 (0x1)
"AllowInboundRouterRequest"= 1 (0x1)
"AllowOutboundDestinationUnreachable"= 1 (0x1)
"AllowOutboundSourceQuench"= 1 (0x1)
"AllowOutboundParameterProblem"= 1 (0x1)
"AllowOutboundTimeExceeded"= 1 (0x1)
"AllowRedirect"= 1 (0x1)
"AllowOutboundPacketTooBig"= 1 (0x1)

R0 klbg;Kaspersky Lab Boot Guard Driver;F:\WINDOWS\system32\drivers\klbg.sys [2008-01-29 18:29]
R2 Pctspk;PCTEL Speaker Phone;F:\WINDOWS\system32\pctspk.exe [2006-12-17 20:19]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;F:\WINDOWS\system32\DRIVERS\klfltdev.sys [2008-03-13 19:02]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;F:\WINDOWS\system32\DRIVERS\klim5.sys [2008-03-25 20:07]
S3 Ptserlp;PCTEL Serial Device Driver for PCI;F:\WINDOWS\system32\DRIVERS\ptserlp.sys [2006-12-17 20:19]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;F:\WINDOWS\System32\TuneUpDefragService.exe [2008-07-18 13:21]
S3 USBSTOR;Dispositivo de almacenamiento masivo de datos USB;F:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2006-12-17 19:19]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6e62acda-e485-11dc-86d9-0048548149de}]
\Shell\AutoRun\command - F:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a76d3013-a920-11dc-868f-0048548149de}]
\Shell\Auto\command - adp.exe
\Shell\AutoRun\command - F:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL adp.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ca6764c3-8a0c-11dc-864e-0048548149de}]
\Shell\AutoRun\command - F:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL adp.exe
.
Contenido de carpeta 'Tareas Programadas'

2008-06-21 F:\WINDOWS\Tasks\1-Click Maintenance.job
- F:\Archivos de programa\TuneUp Utilities 2008\OneClickStarter.exe [2008-02-29 14:24]
.
- - - - ORPHANS REMOVED - - - -

BHO-{2EB0AA53-D8ED-4C8A-8EFD-5E966BB8B099} - (no file)
Notify-mlJYoljK - (no file)


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://gmail.com/
R1 -: HKCU-Internet Settings,ProxyOverride = *.local
O8 -: E&xportar a Microsoft Excel - F:\ARCHIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O18 -: Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-28 19:06:36
Windows 5.1.2600 Service Pack 2 NTFS

escaneando procesos ocultos ...

escaneando entradas ocultas de autostart ...

escaneando archivos ocultos ...

el escaneo se completo con exito
archivos ocultos: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
F:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
F:\Archivos de programa\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
F:\WINDOWS\system32\bgsvcgen.exe
F:\Archivos de programa\Bonjour\mDNSResponder.exe
F:\WINDOWS\system32\HPZipm12.exe
F:\Archivos de programa\iPod\bin\iPodService.exe
F:\WINDOWS\system32\WgaTray.exe
.
**************************************************************************
.
Tiempo completado: 2008-07-28 19:09:41 - machine was rebooted [Administrador]
ComboFix-quarantined-files.txt 2008-07-29 01:09:32

Pre-Run: 185,150,726,144 bytes libres
Post-Run: 185,139,228,672 bytes libres

228 --- E O F --- 2008-07-29 00:31:48







Is there a way to make ComboFix run in English? If the Sapnish is any trouble for you (I am really not sure what is it you look at when seeing the logs), O woll be more than happy to translate everything.

Edited by Nema, 28 July 2008 - 08:37 PM.


#5 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:11:41 AM

Posted 28 July 2008 - 11:52 PM

Hi Nema,

Is there a way to make ComboFix run in English? If the Sapnish is any trouble for you (I am really not sure what is it you look at when seeing the logs), O woll be more than happy to translate everything.


That is very kind of you but it is no problem, I know how to translate the Spanish words in ComboFix. :thumbsup:

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.


Click Start, then Run and type Notepad and click OK.
Open notepad - don't use any other text editor than notepad or the script will fail.
Copy/paste the text in the code box below into notepad:

Registry:: 
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a76d3013-a920-11dc-868f-0048548149de}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ca6764c3-8a0c-11dc-864e-0048548149de}]


Name the Notepad file CFScript.txt and Save it to your desktop.

IMPORTANT: The above script was written specifically for this infection on this person's computer. It is NOT to be used on another computer, as it may cause damage that could result in a format!

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.



Posted Image

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#6 Nema

Nema
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:41 PM

Posted 29 July 2008 - 03:04 PM

Alright, thanks for delivering me from PC Hell. Here are the requested logs, for ease of navigation Combo Fix will be [CFL] and Hijackthis [HJL]

Combo Fix [CFL]



ComboFix 08-07-28.4 - Administrador 2008-07-29 13:38:23.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.3082.18.217 [GMT -6:00]
Se ejecuta desde: F:\Documents and Settings\Administrador\Escritorio\ComboFix.exe
Command switches used :: F:\Documents and Settings\Administrador\Escritorio\CFScript.txt
* Creado un nuevo punto de restauración
.

(((((((((((((((((( Archivos creados desde 2008-06-28 - 2008-07-29 )))))))))))))))))))))))))))))))))
.

2008-07-28 19:09 . 2008-07-28 19:09 <DIR> d-------- F:\WINDOWS\system32\config\systemprofile\Configuraci¾n local
2008-07-28 19:09 . 2008-07-28 19:09 <DIR> d-------- F:\Documents and Settings\NetworkService\Configuraci¾n local
2008-07-28 19:09 . 2008-07-28 19:09 <DIR> d-------- F:\Documents and Settings\LocalService\Configuraci¾n local
2008-07-28 19:09 . 2008-07-28 19:09 <DIR> d-------- F:\Documents and Settings\Administrador\Configuraci¾n local
2008-07-28 19:06 . 2008-07-28 19:06 <DIR> d-------- F:\WINDOWS\system32\xircom
2008-07-28 19:06 . 2008-07-28 19:06 <DIR> d-------- F:\WINDOWS\system32\oobe
2008-07-28 19:06 . 2008-07-28 19:06 <DIR> d-------- F:\WINDOWS\srchasst
2008-07-28 19:06 . 2008-07-28 19:06 <DIR> d-------- F:\WINDOWS\msagent
2008-07-28 19:06 . 2008-07-28 19:06 <DIR> d-------- F:\Archivos de programa\microsoft frontpage
2008-07-28 14:13 . 2008-07-28 18:53 <DIR> d-------- F:\WINDOWS\system32\CatRoot_bak
2008-07-19 11:01 . 2008-07-19 11:02 <DIR> d-------- F:\Spybot - Search & Destroy
2008-07-18 16:14 . 2008-07-18 16:14 <DIR> d-------- F:\Malwarebytes' Anti-Malware
2008-07-18 13:21 . 2008-07-18 13:21 307,968 --a------ F:\WINDOWS\system32\TuneUpDefragService.exe
2008-07-14 16:18 . 2008-07-14 16:18 <DIR> d-------- F:\WINDOWS\system32\Kaspersky Lab
2008-07-14 14:23 . 2008-07-28 19:45 <DIR> d-a------ F:\Documents and Settings\All Users\Datos de programa\TEMP
2008-07-14 14:23 . 2008-07-21 09:58 <DIR> d-------- F:\Archivos de programa\SpywareBlaster
2008-07-14 09:34 . 2008-07-14 09:34 <DIR> d-------- F:\Documents and Settings\All Users\Datos de programa\Malwarebytes
2008-07-14 09:34 . 2008-07-14 09:34 <DIR> d-------- F:\Documents and Settings\Administrador\Datos de programa\Malwarebytes
2008-07-14 09:34 . 2008-07-14 09:34 <DIR> d-------- F:\Archivos de programa\Malwarebytes' Anti-Malware
2008-07-14 09:34 . 2008-07-07 17:35 34,296 --a------ F:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-07-14 09:34 . 2008-07-07 17:35 17,144 --a------ F:\WINDOWS\system32\drivers\mbam.sys
2008-07-14 09:04 . 2008-07-14 09:04 <DIR> d-------- F:\Deckard
2008-07-13 23:52 . 2008-07-14 00:02 <DIR> d-------- F:\Archivos de programa\RegistryFix
2008-07-09 11:19 . 2008-07-14 16:19 <DIR> d-------- F:\Documents and Settings\Administrador\Datos de programa\VersionTracker Pro
2008-07-08 17:50 . 2008-07-08 17:50 <DIR> d-------- F:\Archivos de programa\Trend Micro
2008-07-07 12:33 . 2008-07-07 12:33 <DIR> d-------- F:\Archivos de programa\TechTracker
2008-07-06 23:39 . 2008-07-06 23:40 193 --a------ F:\WINDOWS\wininit.ini
2008-07-06 22:34 . 2008-07-24 09:04 96,559 --a------ F:\WINDOWS\system32\drivers\klin.dat
2008-07-06 22:34 . 2008-07-24 09:04 87,855 --a------ F:\WINDOWS\system32\drivers\klick.dat
2008-07-06 22:29 . 2008-07-29 08:44 <DIR> d-------- F:\Documents and Settings\All Users\Datos de programa\Kaspersky Lab
2008-07-06 22:29 . 2008-07-06 22:29 <DIR> d-------- F:\Archivos de programa\Kaspersky Lab
2008-07-06 22:29 . 2008-07-28 20:34 1,594,912 --ahs---- F:\WINDOWS\system32\drivers\fidbox.dat
2008-07-06 22:29 . 2008-07-28 20:34 458,784 --ahs---- F:\WINDOWS\system32\drivers\fidbox2.dat
2008-07-06 22:29 . 2008-07-28 20:34 13,540 --ahs---- F:\WINDOWS\system32\drivers\fidbox.idx
2008-07-06 22:29 . 2008-07-28 20:34 2,648 --ahs---- F:\WINDOWS\system32\drivers\fidbox2.idx
2008-07-06 21:56 . 2008-07-06 21:56 <DIR> d-------- F:\Documents and Settings\All Users\Datos de programa\Kaspersky Lab Setup Files
2008-07-06 20:44 . 2008-07-06 20:44 <DIR> d-------- F:\Documents and Settings\Administrador\Datos de programa\Pegasys Inc
2008-07-06 20:41 . 2008-07-06 20:39 145,504 --a------ F:\WINDOWS\system32\bgsvcgen.exe
2008-07-06 20:41 . 2008-07-06 20:39 59,488 --a------ F:\WINDOWS\system32\GenSvcInst.exe
2008-07-06 20:41 . 2008-07-06 20:39 33,408 --a------ F:\WINDOWS\system32\drivers\CDRBSDRV.SYS
2008-07-06 20:40 . 2008-07-06 20:40 <DIR> d-------- F:\Archivos de programa\Pegasys Inc
2008-07-06 16:41 . 2008-07-06 16:41 <DIR> d-------- F:\Documents and Settings\Administrador\Datos de programa\Media Player Classic
2008-07-06 15:00 . 2008-03-21 14:30 3,596,288 --a------ F:\WINDOWS\system32\qt-dx331.dll
2008-07-06 15:00 . 2008-01-10 06:15 755,027 --a------ F:\WINDOWS\system32\xvidcore.dll
2008-07-06 15:00 . 2006-09-24 09:11 389,120 --a------ F:\WINDOWS\system32\lameACM.acm
2008-07-06 15:00 . 2004-01-25 10:18 217,088 --a------ F:\WINDOWS\system32\yv12vfw.dll
2008-07-06 15:00 . 2007-09-04 10:56 164,352 --a------ F:\WINDOWS\system32\unrar.dll
2008-07-06 15:00 . 2008-01-10 06:16 159,839 --a------ F:\WINDOWS\system32\xvidvfw.dll
2008-07-06 15:00 . 2007-09-20 18:52 118,784 --a------ F:\WINDOWS\system32\ac3acm.acm
2008-07-06 15:00 . 2008-03-21 14:28 81,920 --a------ F:\WINDOWS\system32\dpl100.dll
2008-07-06 15:00 . 2007-10-03 09:03 414 --a------ F:\WINDOWS\system32\lame_acm.xml
2008-07-06 14:59 . 2008-07-06 15:00 <DIR> d-------- F:\Archivos de programa\K-Lite Codec Pack
2008-07-06 14:59 . 2008-03-31 15:25 682,496 --a------ F:\WINDOWS\system32\divx.dll
2008-07-06 14:59 . 2008-03-28 11:41 7,680 --a------ F:\WINDOWS\system32\ff_vfw.dll
2008-07-06 14:59 . 2007-07-10 10:10 547 --a------ F:\WINDOWS\system32\ff_vfw.dll.manifest
2008-07-06 14:29 . 2008-06-15 12:24 31,232 --a------ F:\WINDOWS\system\vdremote.dll
2008-07-06 14:29 . 2008-06-15 12:23 25,088 --a------ F:\WINDOWS\system\vdsvrlnk.dll
2008-07-06 14:05 . 2008-07-06 14:05 <DIR> d-------- F:\Documents and Settings\Administrador\Datos de programa\vlc
2008-07-06 14:05 . 2008-07-06 14:05 <DIR> d-------- F:\Archivos de programa\VideoLAN

.
(((((((((((((((((((((((((((((((((((((( Reporte Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-29 01:08 --------- d-----w F:\Documents and Settings\Administrador\Datos de programa\Skype
2008-07-19 17:03 --------- d-----w F:\Documents and Settings\All Users\Datos de programa\Spybot - Search & Destroy
2008-07-14 20:21 --------- d-----w F:\Archivos de programa\Java
2008-07-14 17:48 --------- d-----w F:\Archivos de programa\Spybot - Search & Destroy
2008-07-13 19:28 --------- d-----w F:\Documents and Settings\Administrador\Datos de programa\Apple Computer
2008-06-21 23:12 --------- d-----w F:\Archivos de programa\TuneUp Utilities 2008
2008-06-21 22:53 --------- d-----w F:\Documents and Settings\All Users\Datos de programa\TuneUp Software
2008-06-21 22:52 --------- d-----w F:\Archivos de programa\Archivos comunes\Wise Installation Wizard
2008-06-20 17:41 248,320 ----a-w F:\WINDOWS\system32\mswsock.dll
2008-06-20 17:41 248,320 ------w F:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 17:41 148,992 ----a-w F:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 10:45 360,320 ----a-w F:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:45 360,320 ----a-w F:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 10:44 138,368 ----a-w F:\WINDOWS\system32\drivers\afd.sys
2008-06-20 10:44 138,368 ------w F:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 09:52 225,920 ----a-w F:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-20 09:52 225,920 ------w F:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-14 19:26 --------- d-----w F:\Documents and Settings\Administrador\Datos de programa\Uniblue
2008-06-14 19:06 4,257,160 ----a-w F:\Archivos de programa\registrybooster2.exe
2008-06-14 19:00 4,511,192 ----a-w F:\Archivos de programa\speedupmypc3plc.exe
2008-06-14 17:59 272,512 ------w F:\WINDOWS\system32\drivers\bthport.sys
2008-06-14 17:59 272,512 ------w F:\WINDOWS\system32\dllcache\bthport.sys
2008-06-10 16:00 --------- d-----w F:\Documents and Settings\Administrador\Datos de programa\skypePM
2008-05-29 17:48 4,190,768 ----a-w F:\Archivos de programa\registrybooster.exe
2008-05-08 12:28 202,752 ------w F:\WINDOWS\system32\dllcache\rmcast.sys
2008-05-07 05:15 1,293,824 ----a-w F:\WINDOWS\system32\quartz.dll
2008-05-07 05:15 1,293,824 ----a-w F:\WINDOWS\system32\dllcache\quartz.dll
2008-05-07 02:07 11,411,763 ----a-w F:\Archivos de programa\BizAgiPMSetup.exe
2008-05-05 15:35 691,545 ----a-w F:\WINDOWS\unins000.exe
2008-02-20 18:29 32 ----a-w F:\Documents and Settings\All Users\Datos de programa\ezsid.dat
2007-11-28 23:26 374,692,124 ----a-w F:\Archivos de programa\OFFICE - Business Plan Pro 2004 + Serial.rar
2007-11-28 00:56 44,740,970 ----a-w F:\Archivos de programa\PaloAlto.Business.Plan.Pro.2007.Premier.Edition.v9.06.0006.Incl.Keymaker-ZWT.rar
2007-11-26 22:08 38,987 ----a-w F:\Archivos de programa\Business_Plan_Pro_Premier_Edition_2005_-'mininova.org'-.torrent
2007-11-19 17:28 92,064 ----a-w F:\Documents and Settings\Administrador\mqdmmdm.sys
2007-11-19 17:28 9,232 ----a-w F:\Documents and Settings\Administrador\mqdmmdfl.sys
2007-11-19 17:28 79,328 ----a-w F:\Documents and Settings\Administrador\mqdmserd.sys
2007-11-19 17:28 66,656 ----a-w F:\Documents and Settings\Administrador\mqdmbus.sys
2007-11-19 17:28 6,208 ----a-w F:\Documents and Settings\Administrador\mqdmcmnt.sys
2007-11-19 17:28 5,936 ----a-w F:\Documents and Settings\Administrador\mqdmwhnt.sys
2007-11-19 17:28 4,048 ----a-w F:\Documents and Settings\Administrador\mqdmcr.sys
2007-11-19 17:27 25,600 ----a-w F:\Documents and Settings\Administrador\usbsermptxp.sys
2007-11-19 17:27 22,768 ----a-w F:\Documents and Settings\Administrador\usbsermpt.sys
2002-09-06 22:13 944,797 ----a-w F:\Documents and Settings\Administrador\WinRar 3.00.exe
2002-09-06 22:11 4,608 ----a-w F:\Documents and Settings\Administrador\wrar26-3x crack.exe
.

((((((((((((((((((((((((((((( snapshot@2008-07-28_19.08.58.59 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-07-29 01:06:35 53,248 ----a-w F:\WINDOWS\temp\catchme.dll
+ 2008-07-29 19:41:12 53,248 ----a-w F:\WINDOWS\temp\catchme.dll
.
((((((((((((((((((((((((((((((((( Cargando Puntos Reg ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* entradas vacías & entradas legítimas predeterminadas no son mostradas

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="F:\WINDOWS\system32\ctfmon.exe" [2004-08-19 07:42 15360]
"msnmsgr"="F:\Archivos de programa\MSN Messenger\msnmsgr.exe" [2007-01-19 04:55 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVP"="F:\Archivos de programa\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2008-04-25 18:21 201992]
"HP Software Update"="F:\Archivos de programa\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 08:24 54840]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2006-03-28 17:38 94208 F:\WINDOWS\KHALMNPR.Exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="F:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 07:42 15360]
"Picasa Media Detector"="F:\Archivos de programa\Picasa2\PicasaMediaDetector.exe" [2007-10-23 15:18 443968]

F:\Documents and Settings\All Users\Men£ Inicio\Programas\Inicio\
VersionTrackerPro.lnk - F:\WINDOWS\Installer\{64A32253-A906-4AEB-B6A7-A90512B68D87}\New_Shortcut_S1699_A8EB5A2133B04A97AEEFDFB17E2E701D.exe [2008-07-07 12:33:46 53248]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableStatusMessages"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoDesktopCleanupWizard"= 1 (0x1)
"ForceClassicControlPanel"= 1 (0x1)
"NoResolveSearch"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoResolveSearch"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoResolveSearch"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mlJYoljK]
[BU]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OneCareMP]
@=""
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\autoload

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"F:\\Archivos de programa\\MSN Messenger\\msnmsgr.exe"=
"F:\\Archivos de programa\\MSN Messenger\\livecall.exe"=
"F:\\Archivos de programa\\uTorrent\\uTorrent.exe"=
"F:\\Archivos de programa\\Bonjour\\mDNSResponder.exe"=
"F:\\Archivos de programa\\iTunes\\iTunes.exe"=
"F:\\Archivos de programa\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"F:\\Archivos de programa\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
"AllowInboundTimestampRequest"= 1 (0x1)
"AllowInboundMaskRequest"= 1 (0x1)
"AllowInboundRouterRequest"= 1 (0x1)
"AllowOutboundDestinationUnreachable"= 1 (0x1)
"AllowOutboundSourceQuench"= 1 (0x1)
"AllowOutboundParameterProblem"= 1 (0x1)
"AllowOutboundTimeExceeded"= 1 (0x1)
"AllowRedirect"= 1 (0x1)
"AllowOutboundPacketTooBig"= 1 (0x1)

R0 klbg;Kaspersky Lab Boot Guard Driver;F:\WINDOWS\system32\drivers\klbg.sys [2008-01-29 18:29]
R2 Pctspk;PCTEL Speaker Phone;F:\WINDOWS\system32\pctspk.exe [2006-12-17 20:19]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;F:\WINDOWS\system32\DRIVERS\klfltdev.sys [2008-03-13 19:02]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;F:\WINDOWS\system32\DRIVERS\klim5.sys [2008-03-25 20:07]
S3 Ptserlp;PCTEL Serial Device Driver for PCI;F:\WINDOWS\system32\DRIVERS\ptserlp.sys [2006-12-17 20:19]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;F:\WINDOWS\System32\TuneUpDefragService.exe [2008-07-18 13:21]
S3 USBSTOR;Dispositivo de almacenamiento masivo de datos USB;F:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2006-12-17 19:19]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6e62acda-e485-11dc-86d9-0048548149de}]
\Shell\AutoRun\command - F:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL autorun.exe

*Newly Created Service* - CATCHME
.
Contenido de carpeta 'Tareas Programadas'

2008-06-21 F:\WINDOWS\Tasks\1-Click Maintenance.job
- F:\Archivos de programa\TuneUp Utilities 2008\OneClickStarter.exe [2008-02-29 14:24]
.
- - - - ORPHANS REMOVED - - - -

BHO-{2EB0AA53-D8ED-4C8A-8EFD-5E966BB8B099} - (no file)


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-29 13:41:13
Windows 5.1.2600 Service Pack 2 NTFS

escaneando procesos ocultos ...

escaneando entradas ocultas de autostart ...

escaneando archivos ocultos ...

el escaneo se completo con exito
archivos ocultos: 0

**************************************************************************
.
Tiempo completado: 2008-07-29 13:42:37
ComboFix-quarantined-files.txt 2008-07-29 19:42:29
ComboFix2.txt 2008-07-29 01:18:08
ComboFix3.txt 2008-07-29 01:09:43

Pre-Run: 185,172,807,680 bytes libres
Post-Run: 185,179,316,224 bytes libres

222 --- E O F --- 2008-07-29 00:31:48





HijackThis [HJL]


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:56:08, on 29/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
F:\Archivos de programa\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
F:\Archivos de programa\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
F:\Archivos de programa\HP\HP Software Update\HPWuSchd2.exe
F:\WINDOWS\system32\ctfmon.exe
F:\WINDOWS\system32\bgsvcgen.exe
F:\Archivos de programa\Bonjour\mDNSResponder.exe
F:\WINDOWS\system32\pctspk.exe
F:\WINDOWS\system32\HPZipm12.exe
F:\WINDOWS\system32\WgaTray.exe
F:\WINDOWS\system32\wuauclt.exe
F:\Archivos de programa\MSN Messenger\usnsvc.exe
F:\WINDOWS\explorer.exe
F:\WINDOWS\system32\notepad.exe
F:\Archivos de programa\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://gmail.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - F:\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - F:\Archivos de programa\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Archivos de programa\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [AVP] "F:\Archivos de programa\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [HP Software Update] F:\Archivos de programa\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "F:\Archivos de programa\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide2] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,L,,4,N (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'Servicio de red')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Servicio de red')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Global Startup: VersionTrackerPro.lnk = ?
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://F:\ARCHIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Archivos de programa\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Archivos de programa\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - F:\Archivos de programa\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\ARCHIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/spanish/kavwebscan_unicode.cab
O18 - Protocol: bw+0 - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - F:\ARCHIV~1\ARCHIV~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: mlJYoljK - F:\WINDOWS\
O23 - Service: Apple Mobile Device - Apple, Inc. - F:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - F:\Archivos de programa\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - F:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: Servicio Bonjour (Bonjour Service) - Apple Inc. - F:\Archivos de programa\Bonjour\mDNSResponder.exe
O23 - Service: Indexing Service (CiSvc) - Unknown owner - F:\WINDOWS\system32\cisvc.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - F:\Archivos de programa\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - F:\Archivos de programa\Archivos comunes\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - F:\Archivos de programa\iPod\bin\iPodService.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - F:\WINDOWS\system32\pctspk.exe
O23 - Service: Pml Driver HPZ12 - HP - F:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - F:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 19211 bytes

#7 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:11:41 AM

Posted 29 July 2008 - 03:39 PM

Hi Nema,

The ComboFix log looks good and I see only one item to remove in the Hijackthis log. :thumbsup:


Download CCleaner and install it. (default location is best). Do not run it yet!

Beginners Guide to CCleaner

*******************************************


Please run HijackThis and click "Scan." Place checks next to the following entries, if present:

O20 - Winlogon Notify: mlJYoljK - F:\WINDOWS\

Close all browsers and other windows except for HijackThis, and click "Fix checked"

*******************************************

*NOTE* CCleaner deletes EVERYTHING out of temp/temporary folders and does not make backups.

Let's empty the temp files:

Run CCleaner.

CAUTION: Please do NOT use the Issues or Registry button. This is a built-in registry cleaner. If you don't know how to use it, you may cause irreparable damage to your system.

1. Starting with v1.27.260, CCleaner installs the Yahoo Toolbar as an option which IS checkmarked by default during the installation.
IF you do NOT want it, REMOVE the checkmark when provided with the option OR download the toolbarfree Basic version instead of the Standard Build.


2. Before first use, select Options > Advanced and UNCHECK "Only delete files in Windows Temp folder older than 48 hours"

3. Then select the items you wish to clean up.

In the Windows Tab:
Clean all entries in the "Internet Explorer" section except Autocomplete Forum History.
Clean all the entries in the "Windows Explorer" section.
Clean all entries in the "System" section except for Start Menu Shortcuts and Desktop Shortcuts.
Clean any others that you choose.

In the Applications Tab:
Clean all including cookies in the Firefox/Mozilla section if you use it.
Clean all in the Opera section if you use it.
Clean Sun Java in the Internet Section.
Clean any others that you choose.

4. Click the "Run Cleaner" button.
5. A pop up box will appear advising this process will permanently delete files from your system.
6. Click "OK" and it will scan and clean your system.
7. Click "exit" when done.

If it asks you to reboot at the end, click NO.

CCleaner should be run with the above settings for each User Account!

*******************************************

Reboot your computer


Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish, so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Copy and Paste the entire Malwarebytes' Anti-Malware report in your next reply, a fresh HijackThis log and tell me how your computer is running.

Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediatly.

If you encounter this message:"c:\program files\malwarebytes' Anti-Malware\mbamext.dll Unable to register the dll/ocx: RegSvr32 failed with exit code 0x5" Click on ignore mbamext.dll

Edited by SifuMike, 29 July 2008 - 03:44 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#8 Nema

Nema
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:41 PM

Posted 30 July 2008 - 06:54 PM

Greetings, Sensei. I got all you requested done down to a T. But before I post the logs I wanted to know if it is safe to use Spybots Search&Destroy's "Purge" to rid of all the "threats" that were detected, and is eliminating the "quarantined" files on Malwarebyte's okay?



Here is the snapshot of what was "eliminated" by S&D, wish I knew how to retrieve it from logs to post the registry paths.. but hopefull this will do.


Posted Image


Malwarebyte's list of quarantined objects:


Posted Image


Now, as you requested here are the logs:


HijackThis [HJL]
Malwarebytes see below :thumbsup:


MALWAREBYTES:


Malwarebytes' Anti-Malware 1.23
Database version: 1010
Windows 5.1.2600 Service Pack 2

13:42:33 30/07/2008
mbam-log-7-30-2008 (13-42-33).txt

Scan type: Quick Scan
Objects scanned: 34200
Time elapsed: 5 minute(s), 21 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



HijackThis Log [HJL]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:44:50, on 30/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\WINDOWS\Explorer.EXE
F:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
F:\Archivos de programa\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
F:\Archivos de programa\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
F:\Archivos de programa\HP\HP Software Update\HPWuSchd2.exe
F:\WINDOWS\system32\ctfmon.exe
F:\WINDOWS\system32\bgsvcgen.exe
F:\Archivos de programa\Bonjour\mDNSResponder.exe
F:\WINDOWS\system32\pctspk.exe
F:\WINDOWS\system32\HPZipm12.exe
F:\WINDOWS\system32\WgaTray.exe
F:\Archivos de programa\MSN Messenger\usnsvc.exe
F:\WINDOWS\system32\wuauclt.exe
F:\WINDOWS\system32\NOTEPAD.EXE
F:\Archivos de programa\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://gmail.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - F:\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - F:\Archivos de programa\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Archivos de programa\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [AVP] "F:\Archivos de programa\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [HP Software Update] F:\Archivos de programa\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "F:\Archivos de programa\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide2] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,L,,4,N (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'Servicio de red')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Servicio de red')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Global Startup: VersionTrackerPro.lnk = ?
O8 - Extra context menu item: Add to Banner Ad Blocker - F:\Archivos de programa\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://F:\ARCHIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Archivos de programa\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Archivos de programa\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - F:\Archivos de programa\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\ARCHIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/spanish/kavwebscan_unicode.cab
O18 - Protocol: bw+0 - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {BCFD6B6E-530A-4D33-8F0D-910AD8BB50B9} - F:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - F:\ARCHIV~1\ARCHIV~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - F:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - F:\Archivos de programa\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - F:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: Servicio Bonjour (Bonjour Service) - Apple Inc. - F:\Archivos de programa\Bonjour\mDNSResponder.exe
O23 - Service: Indexing Service (CiSvc) - Unknown owner - F:\WINDOWS\system32\cisvc.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - F:\Archivos de programa\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - F:\Archivos de programa\Archivos comunes\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - F:\Archivos de programa\iPod\bin\iPodService.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - F:\WINDOWS\system32\pctspk.exe
O23 - Service: Pml Driver HPZ12 - HP - F:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - F:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 19312 bytes



Thanks again for the help! By the way, the computer has been running smoothly, as if a sail ship upon a swift, but calm breeze.

#9 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:11:41 AM

Posted 30 July 2008 - 09:13 PM

Hi Nema,

Your log looks clean! :thumbsup: Good job on the cleanup!

But before I post the logs I wanted to know if it is safe to use Spybots Search&Destroy's "Purge" to rid of all the "threats" that were detected, and is eliminating the "quarantined" files on Malwarebyte's okay


I normally leave the Spybot Purged items for two or three weeks, just make sure everytthing runs OK, then I purge them. They will not harm you in the quarentined section of Spybot.
Same with the items MalwareBytes has quarentined. Leave them for several weeks, then if everything is working OK delete them.


Uninstall ComboFix, go to to Start > Run & type in ComboFix /u
Make sure there's a space between Combofix and /
Then hit enter.

This will uninstall Combofix, delete any of its related folders and files (Qoobox
VundoFix Backups, Avenger, Deckard, _OTMoveIt), reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.

Please read and follow How did I get infected?, With steps so it does not happen again!
as well as
How to prevent Malware' by miekiemoes


If you want to improve speed/system performance after malware removal, take a look here.

Edited by SifuMike, 30 July 2008 - 09:14 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#10 Nema

Nema
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:41 PM

Posted 30 July 2008 - 10:08 PM

Okay, I will follow your advice and uninstall ComboFix and purge those nasties until later. Now that this mystery has been solved, thanks to your great guidance, that leaves us with one last mystery... is that Inspector Clouseau in your avatar?


Again, thanks a bunch for your help! The computer at the very beginning was unworkable, but because I bothered to read previous posts detailing similar problems to mine, I was able to get the computer from a stagnant, corrupted position onto a barely workable phase to a smooth PC.



My advice to new people is to read bleepingcomputer tutorials and keep an eye for recommended programs like Malwarebyte's and HijackThis to name a few, because that will avoid the computer from getting completely lost.

#11 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:11:41 AM

Posted 30 July 2008 - 10:44 PM

is that Inspector Clouseau in your avatar?


Yes, that is Inspector Clouseau. LOL

Thank you for the kind words.. It's always nice to hear that someone appreciates the help we are giving. :thumbsup:
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#12 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:11:41 AM

Posted 04 August 2008 - 05:05 PM

Since your problem appears to be resolved, this thread will now be closed. If you need this topic reopened, please contact me or a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request. If you should have a new issue, please start a new topic. This applies only to the original topic starter. Everyone else please begin a New Topic.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users