Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

AVG Free 8.0 constant resident shield alerts / Sudden loss of HD space


  • This topic is locked This topic is locked
10 replies to this topic

#1 Master_Krono

Master_Krono

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:22 PM

Posted 16 December 2008 - 10:36 PM

(English is not my native language... I hope that you understand what I write).

It's been a while since I've had this much problem with my computer. For no reason at all, one day and without warning, my HD space began to mysteriosly diminish several MB at a time everyday. Not that I was downloading anything... but no matter how much space I freed up every weekend, I'd have that space unavaible within a few days without ever actually doing anything.
I was planning to backup everything to format my PC and do a fresh Windows XP reinstallation, but one day, after I turned my laptop on and Windows finally loaded, AVG's resident shield reported a nameless threat that I immediately went off to try and "Heal". It warned me about unstability and possible crash if I did that, but since I had deleted several virus before that warned me the same way and had nothing happen, I confidently continued... only to be met several seconds later with the Blue Screen of Death (hadn't seen one like that since Win 98).

After restarting, I wanted to start Windows in safe mode, but I got distracted... so Windows started back in normal mode. Inmediately after it loaded, I got another threat detection alert from AVG, which I went off and ignored. But I found that each time I right-clicked or ran a program (or the screensaver started), that threat alert would appear. I found a link that supposedly would give me further info of said infection inside that alert window, but as soon as I clicked it, my PC began to slow to a halt. Last thing I remember seeing was Firefox opening and freezing.

Then Windows wouldn't load anymore. Told me that "windows/system32" was nowhere to be found, and that I wouldn't be able to continue until I repaired it. I inmediately grabbed my XP install disc to try and repair, but it asked me for a Floppy disk (which even if I did have, I wouldn't have been able to use it because my laptop has no Floppy drive).
I quit on my PC for about 3 weeks.. and here I am again. For some reason, Window's started succesfully again. It works just as good as before, but I still get the same threat alerts, and my HD space is still decreasing.

I would rather not resort to format my laptop, since it would be too expensive to backup everything I have to CDs...

Anyways, here's my HijackThis log. I was told I also needed a Malwarebytes' Log, but I found that it had no important information (if only personal), so I did not include it here. If you need it, please do inform me. Thank you in advance.

-------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:34:43 p.m., on 16/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\ARCHIV~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdcserv.exe
C:\WINDOWS\system32\lxdccoms.exe
C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Archivos de programa\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\ARCHIV~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Archivos de programa\Java\jre1.5.0_08\bin\jusched.exe
C:\Archivos de programa\Synaptics\SynTP\SynTPEnh.exe
C:\Archivos de programa\Dell\QuickSet\Quickset.exe
C:\Archivos de programa\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\wuauclt.exe
C:\ARCHIV~1\AVG\AVG8\avgtray.exe
C:\Archivos de programa\Winamp\winampa.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Archivos de programa\VG Emulation\SNES\zsnesw151\zsnesw.exe
E:\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Archivos de programa\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARCHIV~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Archivos de programa\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\ARCHIV~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\archivos de programa\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Archivos de programa\Google\GoogleToolbarNotifier\4.1.805.1852\swg.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Archivos de programa\Free Download Manager\iefdm2.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\archivos de programa\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\ARCHIV~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Archivos de programa\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Archivos de programa\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Archivos de programa\Dell\QuickSet\Quickset.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Archivos de programa\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARCHIV~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Archivos de programa\Winamp\winampa.exe"
O4 - HKLM\..\RunServices: [Windows Xp Taskmanager] taskngr.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Archivos de programa\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKLM\..\Policies\Explorer\Run: [none] C:\Archivos de programa\Video ActiveX Object\pmsngr.exe
O4 - HKLM\..\Policies\Explorer\Run: [Windows Xp Taskmanager] taskngr.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Servicio de red')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Archivos de programa\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Archivos de programa\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Archivos de programa\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Archivos de programa\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\ARCHIV~1\FlashGet\flashget.exe (file missing)
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\ARCHIV~1\FlashGet\flashget.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe (file missing)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/ES-MX/a-UNO1/GAME_UNO1.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab55762.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab55579.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Archivos de programa\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARCHIV~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: lxdcCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdcserv.exe
O23 - Service: lxdc_device - - C:\WINDOWS\system32\lxdccoms.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Archivos de programa\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 9220 bytes



(EDIT: Turns out my last Window's color configuration prevented me to see the name of the actual infected file. Now that I've switched and managed to restart Windows somehow, I found out that user32.dll (located at "C:/WINDOWS/system32/" was infected. AVG identified it as Trojan horse PSW.Banker4.APSA ... I still cant delete it without that system crash warning though. Should I replace that file with a fresh copy from another PC? Or is there another problem besides that one that I haven't found about yet from that HT log?)

(I know it's against the rules to try and push threads like I'm doing right now, but I had to further inform you. If there's anything else you would like to know, please feel free to call me).

Edited by Master_Krono, 17 December 2008 - 10:10 PM.


BC AdBot (Login to Remove)

 


#2 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:22 PM

Posted 25 December 2008 - 06:33 PM

Hi

My name is Extremeboy (or EB for short), and I will be helping you with your log.

I apologize for the delay in response. We get overwhelmed with logs at times, but we are trying our best to keep up. If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following so I can have a look at the current condition of your machine.

If you do not make a reply in 5 days, we will need to close your topic.

You may want to keep the link to this topic in your favourites. Alternatively, you can click the Posted Image button at the top bar of this topic and Track this Topic. The topics you are tracking can be found here.

Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
  • Please reply using the Posted Image button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just post back here so that we know you're still here.
Download and Run OTViewit
  • Please download OTViewIt by OldTimer.
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
  • OTViewIt.txt <-- Will be opened
  • Extra.txt <-- Will be minimized
Run Kaspersky Online Scanner
Please do a scan with Kaspersky Online Scanner.

This scan is for Internet Explorer only.

If you are using Windows Vista, open your browser by right-clicking on its icon and select Run as administrator to perform this scan.
  • Open the Kaspersky Scanner page.
  • Click on Accept and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
You can refer to this animation by sundavis.

Download and Run Scan with GMER

We will use GMER to scan for rootkits.
  • Download gmer.zip and save to your desktop.
    Alternate Download Site 1
    Alternate Download Site 2
  • Unzip/extract the file to its own folder. (Click here for information on how to do this if not sure. Win 2000 users click here.
  • When you have done this, disconnect from the Internet and close all running programs.
    There is a small chance this application may crash your computer so save any work you have open.
  • Double-click on Gmer.exe to start the program.
  • Allow the gmer.sys driver to load if asked.
  • If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
  • Click the >>>
  • Click on Settings, then check the first five settings:
    • System Protection and Tracing
    • Processes
    • Save created processes to the log
    • Drivers
    • Save loaded drivers to the log
  • You will be prompted to restart your computer. Please do so.
After the reboot, run Gmer again and click on the Rootkit tab.
  • Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
  • Make sure all other boxes on the right of the screen are checked, EXCEPT for Show All.
  • Click on the Scan and wait for the scan to finish.
    Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan. You will know that the scan is done when the Stop buttons turns back to Scan.
  • When completed, click on the Copy button and right-click on your Desktop, choose New>Text document. Once the file is created, open it and right-click again and choose Paste. Save the file as gmer.txt and copy the information in your next reply.
Important!:Please do not select the Show all checkbox during the scan..

In your next reply please include the following:
  • OTViewIt.txt
  • Extra.txt
  • Kaspersky's Log
  • GMER Scan log

Important Note: For other users who are reading this topic,the instructions provided in this topic are for the original topic starter ONLY. Even if you have similar problems or even log entries to those given here, please do not follow the directions, especially those involving specific tools and scripts. Doing so can result in serious damage to your computer. Instead, please start your own topic and feel free to link to any relevant topics as needed.Please Do NOT follow the instructions provided for this topic.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#3 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:22 PM

Posted 02 January 2009 - 10:37 AM

Hi.

Are you still there?

If you are please follow the instructions in my previous post.

If you still need help, follow the instructions I have given in my response. If you have since had your problem solved, we would appreciate you letting us know so we can close the topic.

Please reply back telling us so. If you don't reply within 5-7 days the topic will need to be closed.

Thanks for understanding. :thumbsup:

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#4 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:22 PM

Posted 03 January 2009 - 01:48 PM

Hello.

Due to Lack of feedback, this topic is now Closed.

If you need this topic reopened, please Send Me a Message. In your message please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic in the Hijackthis-Malware Removal forum.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#5 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:22 PM

Posted 03 January 2009 - 09:16 PM

Hello.

Topic re-opened open user's request. Please post back with the OTViewIT logs.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#6 Master_Krono

Master_Krono
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:22 PM

Posted 03 January 2009 - 11:41 PM

Well, everything but a Kapersky log is here. If you absolutely, positively need it, I'll try to find a work around to connect that PC to the internet. Also, if you need any other detail, please do tell. Thank you in advance.

-M_K


------------------------

OTViewIt.txt

------------------------


OTViewIt logfile created on: 03/01/2009 07:26:13 p.m. - Run 2
OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Documents and Settings\kross\Escritorio
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 0000080A | Country: México | Language: ESM | Date Format: dd/MM/yyyy

247.37 Mb Total Physical Memory | 25.98 Mb Available Physical Memory | 10.50% Memory free
604.35 Mb Paging File | 302.38 Mb Available in Paging File | 50.03% Paging File free
Paging file location(s): C:\pagefile.sys 372 744;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Archivos de programa
Drive C: | 34.20 Gb Total Space | 1.28 Gb Free Space | 3.74% Space Free | Partition Type: NTFS
Drive D: | 3.11 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
E: Drive not present or media not loaded
Drive F: | 998.01 Mb Total Space | 225.14 Mb Free Space | 22.56% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DBGP2HB1
Current User Name: kross
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 90 Days

========== Processes ==========

[2008/07/09 08:05:18 | 00,075,304 | ---- | M] (Zone Labs, LLC) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe
[2005/12/19 12:08:42 | 00,018,944 | ---- | M] () -- C:\WINDOWS\system32\WLTRYSVC.EXE
[2005/12/19 12:08:40 | 01,200,128 | ---- | M] (Dell Inc.) -- C:\WINDOWS\system32\BCMWLTRY.EXE
[2008/09/15 19:16:47 | 00,231,704 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Archivos de programa\AVG\AVG8\avgwdsvc.exe
[2007/05/25 01:38:38 | 00,099,248 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdcserv.exe
[2007/05/25 01:38:20 | 00,537,520 | ---- | M] ( ) -- C:\WINDOWS\system32\lxdccoms.exe
[2003/06/19 20:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7DEBUG\MDM.EXE
[2006/04/06 11:57:54 | 00,380,928 | ---- | M] (Dell Inc.) -- C:\Archivos de programa\Dell\QuickSet\NicConfigSvc.exe
[2008/09/15 19:16:56 | 00,287,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Archivos de programa\AVG\AVG8\avgrsx.exe
[2004/08/20 09:00:00 | 00,218,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
[2004/08/20 09:00:00 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
[2006/07/26 01:03:14 | 00,049,263 | ---- | M] (Sun Microsystems, Inc.) -- C:\Archivos de programa\Java\jre1.5.0_08\bin\jusched.exe
[2006/03/08 15:48:02 | 00,761,947 | ---- | M] (Synaptics, Inc.) -- C:\Archivos de programa\Synaptics\SynTP\SynTPEnh.exe
[2006/04/06 11:58:52 | 01,032,192 | ---- | M] (Dell Inc) -- C:\Archivos de programa\Dell\QuickSet\quickset.exe
[2008/07/09 08:05:20 | 00,919,016 | ---- | M] (Zone Labs, LLC) -- C:\Archivos de programa\Zone Labs\ZoneAlarm\zlclient.exe
[2008/09/29 21:55:29 | 01,234,712 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Archivos de programa\AVG\AVG8\avgtray.exe
[2008/04/01 10:49:42 | 00,036,352 | ---- | M] () -- C:\Archivos de programa\Winamp\winampa.exe
[2008/07/18 21:10:42 | 00,053,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wuauclt.exe
[2008/07/18 21:10:42 | 00,053,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wuauclt.exe
[2009/01/03 17:28:00 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\kross\Escritorio\OTViewIt.exe

========== (O23) Win32 Services ==========

[2007/07/09 15:46:50 | 00,106,496 | ---- | M] (Apple, Inc.) -- C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Disabled | Stopped])
[2005/09/23 07:28:32 | 00,029,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2008/09/15 19:16:47 | 00,231,704 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Archivos de programa\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running])
[2005/09/23 07:28:56 | 00,066,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2008/09/25 21:21:01 | 00,137,200 | ---- | M] (Google) -- C:\Archivos de programa\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [Disabled | Stopped])
[2007/07/10 06:18:14 | 00,501,048 | ---- | M] (Apple Inc.) -- C:\Archivos de programa\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Stopped])
[2007/05/25 01:38:38 | 00,099,248 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdcserv.exe -- (lxdcCATSCustConnectService [Auto | Running])
[2007/05/25 01:38:20 | 00,537,520 | ---- | M] ( ) -- C:\WINDOWS\system32\lxdccoms.exe -- (lxdc_device [Auto | Running])
[2003/06/19 20:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Running])
[2006/04/06 11:57:54 | 00,380,928 | ---- | M] (Dell Inc.) -- C:\Archivos de programa\Dell\QuickSet\NicConfigSvc.exe -- (NICCONFIGSVC [Auto | Running])
[2007/01/19 10:54:14 | 00,097,136 | ---- | M] (Microsoft Corporation) -- C:\Archivos de programa\MSN Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped])
[2008/07/09 08:05:18 | 00,075,304 | ---- | M] (Zone Labs, LLC) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- (vsmon [Auto | Running])
[2005/12/19 12:08:42 | 00,018,944 | ---- | M] () -- C:\WINDOWS\system32\WLTRYSVC.EXE -- (wltrysvc [Auto | Running])

========== Driver Services ==========

[2001/08/17 18:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\drivers\aliide.sys -- (AliIde [Disabled | Stopped])
[2004/08/03 20:07:44 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\drivers\AMDAGP.SYS -- (amdagp [Disabled | Stopped])
[2005/08/12 14:50:46 | 00,016,128 | ---- | M] (Dell Inc) -- C:\WINDOWS\system32\drivers\APPDRV.SYS -- (APPDRV [System | Running])
[2001/08/17 18:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\drivers\asc.sys -- (asc [Disabled | Stopped])
[2001/08/17 18:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\drivers\asc3550.sys -- (asc3550 [Disabled | Stopped])
[2008/09/15 19:17:48 | 00,097,928 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86 [System | Running])
[2008/09/15 19:17:47 | 00,026,824 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86 [System | Running])
[2005/11/02 16:24:34 | 00,424,320 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX [On_Demand | Stopped])
[2005/08/05 00:32:16 | 00,045,312 | R--- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp [On_Demand | Running])
[2001/08/22 18:33:56 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\drivers\cmdide.sys -- (CmdIde [Disabled | Stopped])
[2006/11/27 12:13:20 | 00,028,672 | ---- | M] () -- C:\WINDOWS\system32\drivers\CO_Mon.sys -- (CO_Mon [On_Demand | Stopped])
[2001/08/17 18:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\system32\drivers\dac2w2k.sys -- (dac2w2k [Disabled | Stopped])
[2004/12/01 00:22:00 | 00,087,488 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb [Boot | Running])
[2004/11/22 23:56:00 | 00,040,480 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\drvnddm.sys -- (drvnddm [Auto | Running])
[2001/08/17 17:11:06 | 00,066,591 | ---- | M] (3Com Corporation) -- C:\WINDOWS\system32\drivers\el90xbc5.sys -- (EL90XBC [On_Demand | Stopped])
[2006/09/19 11:44:04 | 00,015,664 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
[1996/04/03 11:33:26 | 00,005,248 | ---- | M] () -- C:\WINDOWS\system32\giveio.sys -- (giveio [Boot | Running])
[2008/08/28 18:08:25 | 00,025,280 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi [On_Demand | Running])
[2004/08/12 14:45:54 | 00,137,728 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus [On_Demand | Running])
[2005/07/22 00:01:08 | 00,201,600 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL [On_Demand | Running])
[2005/07/22 00:02:12 | 01,035,008 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV [On_Demand | Running])
[2005/10/14 18:15:18 | 01,302,812 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\ialmnt5.sys -- (ialm [On_Demand | Running])
[2004/08/19 15:28:06 | 00,014,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid [System | Stopped])
[2007/07/19 14:10:28 | 00,127,768 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF [System | Running])
[2004/03/17 00:04:14 | 00,013,059 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
[2001/08/17 18:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\drivers\mraid35x.sys -- (mraid35x [Disabled | Stopped])
[2004/08/20 09:00:00 | 00,040,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm [On_Demand | Stopped])
[2000/07/16 09:52:42 | 00,136,352 | ---- | M] (Nogatech Ltd.) -- C:\WINDOWS\system32\drivers\Nuvision.sys -- (NUVision [On_Demand | Stopped])
[2004/08/03 19:29:56 | 01,897,408 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv [On_Demand | Stopped])
[2004/08/20 09:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2007/08/15 14:33:10 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20 [Boot | Running])
[2001/08/17 18:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql1080.sys -- (ql1080 [Disabled | Stopped])
[2001/08/17 18:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql12160.sys -- (ql12160 [Disabled | Stopped])
[2001/08/17 18:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql1280.sys -- (ql1280 [Disabled | Stopped])
[2007/11/13 02:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2004/08/03 20:07:44 | 00,041,088 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\drivers\SISAGP.SYS -- (sisagp [Disabled | Stopped])
[2001/08/17 19:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\drivers\sparrow.sys -- (Sparrow [Disabled | Stopped])
[2006/09/24 05:28:47 | 00,005,248 | ---- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS\system32\speedfan.sys -- (speedfan [Boot | Running])
[2008/02/27 02:10:44 | 00,051,176 | ---- | M] (Zone Labs, LLC) -- C:\WINDOWS\system32\ZoneLabs\srescan.sys -- (srescan [Boot | Running])
[2004/07/14 08:29:04 | 00,005,627 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\sscdbhk5.sys -- (sscdbhk5 [System | Running])
[2004/07/14 08:28:50 | 00,023,545 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\ssrtln.sys -- (ssrtln [System | Running])
[2006/03/24 20:34:30 | 01,156,648 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA [On_Demand | Running])
[2001/08/17 19:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\drivers\symc810.sys -- (symc810 [Disabled | Stopped])
[2001/08/17 19:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\symc8xx.sys -- (symc8xx [Disabled | Stopped])
[2001/08/17 19:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\sym_hi.sys -- (sym_hi [Disabled | Stopped])
[2001/08/17 19:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\sym_u3.sys -- (sym_u3 [Disabled | Stopped])
[2006/03/08 15:35:10 | 00,191,872 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP [On_Demand | Running])
[2004/12/05 22:05:00 | 00,025,883 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnboio.sys -- (tfsnboio [Auto | Running])
[2004/12/05 22:05:00 | 00,034,843 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsncofs.sys -- (tfsncofs [Auto | Running])
[2004/12/05 22:05:00 | 00,004,123 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsndrct.sys -- (tfsndrct [Auto | Running])
[2004/12/05 22:05:00 | 00,002,239 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsndres.sys -- (tfsndres [Auto | Running])
[2004/12/05 22:05:00 | 00,086,586 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnifs.sys -- (tfsnifs [Auto | Running])
[2004/12/05 22:05:00 | 00,015,227 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnopio.sys -- (tfsnopio [Auto | Running])
[2004/12/05 22:05:00 | 00,006,363 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnpool.sys -- (tfsnpool [Auto | Running])
[2004/12/05 22:05:00 | 00,098,714 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnudf.sys -- (tfsnudf [Auto | Running])
[2004/12/05 22:05:00 | 00,100,603 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnudfa.sys -- (tfsnudfa [Auto | Running])
[2001/08/17 18:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\drivers\ultra.sys -- (ultra [Disabled | Stopped])
[2004/08/03 22:07:56 | 00,059,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio [On_Demand | Stopped])
[2008/07/09 08:05:22 | 00,394,952 | ---- | M] (Zone Labs, LLC) -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant [System | Running])
[2005/07/22 00:01:00 | 00,717,952 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf [On_Demand | Running])
[2004/08/20 09:00:00 | 00,012,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ws2ifsl.sys -- (WS2IFSL [Disabled | Stopped])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.google.com.mx/

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-21-255399634-220773177-3266104490-1011\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.google.com.mx/

[HKEY_USERS\S-1-5-21-255399634-220773177-3266104490-1011\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-255399634-220773177-3266104490-1011\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

========== (O1) Hosts File ==========

HOSTS File = (4160 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost
127.0.0.1 bin.errorprotector.com ## added by CiD
127.0.0.1 br.errorsafe.com ## added by CiD
127.0.0.1 br.winantivirus.com ## added by CiD
127.0.0.1 br.winfixer.com ## added by CiD
127.0.0.1 cdn.drivecleaner.com ## added by CiD
127.0.0.1 cdn.errorsafe.com ## added by CiD
127.0.0.1 cdn.winsoftware.com ## added by CiD
127.0.0.1 de.errorsafe.com ## added by CiD
127.0.0.1 de.winantivirus.com ## added by CiD
127.0.0.1 download.cdn.drivecleaner.com ## added by CiD
127.0.0.1 download.cdn.errorsafe.com ## added by CiD
127.0.0.1 download.cdn.winsoftware.com ## added by CiD
127.0.0.1 download.errorsafe.com ## added by CiD
127.0.0.1 download.systemdoctor.com ## added by CiD
127.0.0.1 download.winantispyware.com ## added by CiD
127.0.0.1 download.windrivecleaner.com ## added by CiD
127.0.0.1 download.winfixer.com ## added by CiD
127.0.0.1 drivecleaner.com ## added by CiD
127.0.0.1 dynamique.drivecleaner.com ## added by CiD
127.0.0.1 errorprotector.com ## added by CiD
127.0.0.1 errorsafe.com ## added by CiD
127.0.0.1 es.winantivirus.com ## added by CiD
127.0.0.1 fr.winantivirus.com ## added by CiD
127.0.0.1 fr.winfixer.com ## added by CiD
46 more lines...

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Archivos de programa\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} (HKLM) -- C:\Archivos de programa\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
{53707962-6F74-2D53-2644-206D7942484F} (HKLM) -- C:\Archivos de programa\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
{5CA3D70E-1895-11CF-8E15-001234567890} (HKLM) -- C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Archivos de programa\Java\jre1.5.0_08\bin\ssv.dll (Sun Microsystems, Inc.)
{7E853D72-626A-48EC-A868-BA8D5E23E045} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
{9030D464-4C02-4ABF-8ECC-5164760863C6} (HKLM) -- C:\Archivos de programa\Archivos comunes\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
{A057A204-BACC-4D26-9990-79A187E2698E} (HKLM) -- C:\Archivos de programa\AVG\AVG8\avgtoolbar.dll (AVG, Technologies CZ, s.r.o )
{AA58ED58-01DD-4d91-8333-CF10577473F7} (HKLM) -- c:\Archivos de programa\Google\GoogleToolbar2.dll (Google Inc.)
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (HKLM) -- C:\Archivos de programa\Google\GoogleToolbarNotifier\4.1.805.1852\swg.dll (Google Inc.)
{CC59E0F9-7E43-44FA-9FAA-8377850BF205} (HKLM) -- C:\Archivos de programa\Free Download Manager\iefdm2.dll ()

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" (HKLM) -- c:\Archivos de programa\Google\GoogleToolbar2.dll (Google Inc.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{A057A204-BACC-4D26-9990-79A187E2698E}" (HKLM) -- C:\Archivos de programa\AVG\AVG8\avgtoolbar.dll (AVG, Technologies CZ, s.r.o )

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{BA52B914-B692-46c4-B683-905236F6F655}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{E0E899AB-F487-11D5-8D29-0050BA6940E3}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Archivos de programa\Google\GoogleToolbar2.dll (Google Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}" (HKLM) -- C:\Archivos de programa\AVG\AVG8\avgtoolbar.dll (AVG, Technologies CZ, s.r.o )

[HKEY_USERS\S-1-5-21-255399634-220773177-3266104490-1011\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Archivos de programa\Google\GoogleToolbar2.dll (Google Inc.)

[HKEY_USERS\S-1-5-21-255399634-220773177-3266104490-1011\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}" (HKLM) -- C:\Archivos de programa\AVG\AVG8\avgtoolbar.dll (AVG, Technologies CZ, s.r.o )

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"=C:\ARCHIV~1\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
"Dell QuickSet"=C:\Archivos de programa\Dell\QuickSet\Quickset.exe (Dell Inc)
"NeroCheck"=C:\WINDOWS\system32\\NeroCheck.exe (Ahead Software Gmbh)
"SunJavaUpdateSched"="C:\Archivos de programa\Java\jre1.5.0_08\bin\jusched.exe" (Sun Microsystems, Inc.)
"SynTPEnh"=C:\Archivos de programa\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
"WinampAgent"="C:\Archivos de programa\Winamp\winampa.exe" ()
"ZoneAlarm Client"="C:\Archivos de programa\Zone Labs\ZoneAlarm\zlclient.exe" (Zone Labs, LLC)

========== (O4) RunServices Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"Windows Xp Taskmanager"=taskngr.exe File not found

========== (O4) Startup Folders ==========


========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoCDBurning"=0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run]
"none"=C:\Archivos de programa\Video ActiveX Object\pmsngr.exe -- File not found
"Windows Xp Taskmanager"=taskngr.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun]
"1"=MSNCleaner.exe
"2"=avp.exe
"3"=kav.esp
"4"=kav.eng
"5"=msconfig.exe

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-255399634-220773177-3266104490-1011\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-255399634-220773177-3266104490-1011\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun]
"1"=MSNCleaner.exe
"2"=avp.exe
"3"=kav.esp
"4"=kav.eng
"5"=msconfig.exe

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
Download all with Free Download Manager: File not found
Download selected with Free Download Manager: File not found
Download video with Free Download Manager: File not found
Download with Free Download Manager: File not found
E&xportar a Microsoft Excel: C:\Archivos de programa\Microsoft Office\Office10\EXCEL.EXE [2001/02/16 06:05:38 | 09,164,192 | R--- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-255399634-220773177-3266104490-1011\Software\Microsoft\Internet Explorer\MenuExt\]
Download all with Free Download Manager: File not found
Download selected with Free Download Manager: File not found
Download video with Free Download Manager: File not found
Download with Free Download Manager: File not found
E&xportar a Microsoft Excel: C:\Archivos de programa\Microsoft Office\Office10\EXCEL.EXE [2001/02/16 06:05:38 | 09,164,192 | R--- | M] (Microsoft Corporation)

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}: Menu: Consola de Sun Java -- Reg Error: Key does not exist or could not be opened. File not found
{9455301C-CF6B-11D3-A266-00C04F689C50}: Button: Researcher -- %CommonProgramFiles%\Microsoft Shared\Encarta Researcher\EROPROJ.DLL [2001/08/09 02:39:36 | 00,344,064 | ---- | M] (Microsoft Corporation)
{D6E814A0-E0C5-11d4-8D29-0050BA6940E3}: Button: FlashGet -- %SystemDrive%\ARCHIV~1\FlashGet\flashget.exe File not found
{D6E814A0-E0C5-11d4-8D29-0050BA6940E3}: Menu: &FlashGet -- %SystemDrive%\ARCHIV~1\FlashGet\flashget.exe File not found
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe File not found
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Consola de Sun Java] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> File not found

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Consola de Sun Java] -> File not found
CmdMapping\\{39FD89BF-D3F1-45b6-BB56-3582CCF489E1} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> File not found

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Consola de Sun Java] -> File not found
CmdMapping\\{39FD89BF-D3F1-45b6-BB56-3582CCF489E1} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> File not found

[HKEY_USERS\S-1-5-21-255399634-220773177-3266104490-1011\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Consola de Sun Java] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> File not found

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
1 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
97 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
97 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
97 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
97 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
97 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-21-255399634-220773177-3266104490-1011\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
97 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{00B71CFB-6864-4346-A978-C0A14556272C}: http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab -- Checkers Class
{2917297F-F02B-4B9D-81DF-494B6333150B}: http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab -- Minesweeper Flags Class
{2BC66F54-93A8-11D3-BEB6-00105AA9B6AE}: http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab -- Symantec AntiVirus scanner
{31435657-9980-0010-8000-00AA00389B71}: http://download.microsoft.com/download/e/2...78f/wvc1dmo.cab -- Reg Error: Key does not exist or could not be opened.
{5D6F45B3-9043-443D-A792-115447494D24}: http://messenger.zone.msn.com/ES-MX/a-UNO1/GAME_UNO1.cab -- UnoCtrl Class
{644E432F-49D3-41A1-8DD5-E099162EEEC5}: http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab -- Symantec RuFSI Utility Class
{67A5F8DC-1A4B-4D66-9F24-A704AD929EEE}: http://www.systemrequirementslab.com/sysreqlab2.cab -- System Requirements Lab Class
{8E0D4DE5-3180-4024-A327-4DFAD1796A8D}: http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab -- MessengerStatsClient Class
{97E71027-0BA2-44F2-97DB-F84D808ED0B6}: http://messenger.zone.msn.com/binary/Messe...nt.cab55762.cab -- MessengerStatsClient Class
{B8BE5E93-A60C-4D26-A2DC-220313175592}: http://messenger.zone.msn.com/binary/ZIntro.cab55579.cab -- MSN Games - Installer
{C3F79A2B-B9B4-4A66-B012-3EE46475B072}: http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab -- MessengerStatsClient Class
{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}: http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab -- Java Plug-in 1.5.0_08
{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab -- Shockwave Flash Object

========== (O17) DNS Name Servers ==========

{26687D4F-540C-4250-A269-562109C870EA} (Servers: | Description: )
{60F272F6-AE96-4F9B-9816-CF72D4FC3C77} (Servers: | Description: )
{928AD9C7-C22F-4D9E-A128-4A64FB9BD488} (Servers: | Description: Tarieta Mini-PCI de red inalámbrica 1370 de Dell)
{F504192F-B62D-440E-8883-6FDAD5AE59E7} (Servers: | Description: Broadcom 440x 10/100 Integrated Controller)

========== (O20) AppInit_DLLs ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_Dlls"=avgrsstx.dll
>[2008/09/15 19:17:52 | 00,010,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\avgrsstx.dll

========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
igfxcui: "DllName" = igfxdev.dll -- C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
WgaLogon: "DllName" = Reg Error: Value DLLName does not exist or could not be read. -- File not found

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2004/09/09 14:57:56 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]


========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{365d9d0b-c099-11dc-8bd1-0015c5668826}\Shell\AutoRun\command]
""=E:\d.com -- File not found


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{365d9d0b-c099-11dc-8bd1-0015c5668826}\Shell\explore\Command]
""=E:\d.com -- File not found


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{365d9d0b-c099-11dc-8bd1-0015c5668826}\Shell\open\Command]
""=E:\d.com -- File not found


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3f8e520c-ac32-11dc-8bab-0015c5668826}\Shell\AutoRun\command]
""=RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3f8e520c-ac32-11dc-8bab-0015c5668826}\Shell\open\command]
""=RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7e7632ba-8ffc-11dd-a124-0015c5668826}\Shell\AutoRun\command]
""=E:\fooool.exe -- File not found


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7e7632ba-8ffc-11dd-a124-0015c5668826}\Shell\explore\Command]
""=E:\fooool.exe -- File not found


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7e7632ba-8ffc-11dd-a124-0015c5668826}\Shell\open\Command]
""=E:\fooool.exe -- File not found


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{92f32200-be79-11dc-8bcc-0015c5668826}\Shell\AutoRun\command]
""=RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{92f32200-be79-11dc-8bcc-0015c5668826}\Shell\open\command]
""=RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c7702e64-8685-11dc-8b55-0015c5668826}\Shell\AutoRun\command]
""=E:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe -- File not found


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c7702e64-8685-11dc-8b55-0015c5668826}\Shell\open\command]
""=E:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe -- File not found

========== Files/Folders - Created Within 90 Days ==========

[2009/01/03 19:22:16 | 00,811,008 | ---- | C] () -- C:\Documents and Settings\kross\Escritorio\gmer.exe
[2009/01/03 19:22:04 | 00,422,912 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\kross\Escritorio\OTViewIt.exe
[2008/12/29 00:14:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\kross\Mis documentos\Mis eBooks
[2008/12/25 01:35:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\kross\Mis documentos\Cyberlink
[2008/12/21 17:45:31 | 00,041,993 | ---- | C] () -- C:\Documents and Settings\kross\Escritorio\Fuurai No Shiren_00008.png
[2008/12/21 17:44:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\kross\Escritorio\savestates4
[2008/12/21 16:45:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\kross\Escritorio\savestates3
[2008/12/21 15:55:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\kross\Escritorio\savestates1
[2008/12/20 17:21:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\kross\Escritorio\savestates
[2008/12/17 19:54:01 | 00,713,782 | ---- | C] () -- C:\Documents and Settings\kross\Escritorio\chrono_crusade_03.bmp
[2008/12/17 16:04:53 | 00,000,000 | ---D | C] -- C:\Archivos de programa\Ahead
[2008/12/17 15:39:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\kross\Escritorio\Nueva carpeta
[2008/12/16 16:56:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\kross\Escritorio\logs
[2008/12/16 16:38:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\kross\Datos de programa\Malwarebytes
[2008/12/16 16:38:22 | 00,000,731 | ---- | C] () -- C:\Documents and Settings\All Users\Escritorio\Malwarebytes' Anti-Malware.lnk
[2008/12/16 16:38:20 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2008/12/16 16:38:18 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2008/12/16 16:38:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Datos de programa\Malwarebytes
[2008/12/16 16:38:15 | 00,000,000 | ---D | C] -- C:\Archivos de programa\Malwarebytes' Anti-Malware
[2008/12/16 15:29:45 | 00,007,937 | ---- | C] () -- C:\Documents and Settings\kross\Escritorio\Temporary.theme
[2008/11/09 15:29:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2008/11/09 05:59:29 | 00,000,000 | ---D | C] -- C:\Archivos de programa\Misc. Support Library (Spybot - Search & Destroy)
[2008/11/09 05:59:28 | 00,000,000 | ---D | C] -- C:\Archivos de programa\File Scanner Library (Spybot - Search & Destroy)
[2008/11/04 02:11:59 | 34,849,443 | -H-- | C] () -- C:\Documents and Settings\kross\Escritorio\fsoam2_mpg4v3_320.zip
[2008/10/31 23:05:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\kross\Datos de programa\Free Download Manager
[2008/10/31 23:05:31 | 00,000,699 | ---- | C] () -- C:\Documents and Settings\kross\Escritorio\Free Download Manager.lnk
[2008/10/31 23:05:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Datos de programa\FreeDownloadManager.ORG
[2008/10/31 23:05:12 | 00,000,000 | ---D | C] -- C:\Archivos de programa\Free Download Manager
[2008/10/26 16:38:06 | 00,000,933 | ---- | C] () -- C:\Documents and Settings\kross\Escritorio\Yugioh Virtual Desktop.lnk
[2008/10/26 01:12:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\kross\Escritorio\molonel
[2008/10/24 18:19:32 | 00,001,525 | ---- | C] () -- C:\Documents and Settings\kross\Escritorio\Ampliador.lnk
[2008/10/08 22:39:15 | 00,000,729 | ---- | C] () -- C:\Documents and Settings\kross\Escritorio\Battery Meter.lnk

========== Files - Modified Within 90 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[2009/01/03 19:14:37 | 00,358,382 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2009/01/03 19:13:44 | 08,857,632 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2009/01/03 19:13:39 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/01/03 19:13:19 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/01/03 19:13:14 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/01/03 19:13:08 | 25,945,7024 | -HS- | M] () -- C:\hiberfil.sys
[2009/01/03 17:28:00 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\kross\Escritorio\OTViewIt.exe
[2008/12/30 20:17:06 | 00,104,852 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2008/12/30 19:00:00 | 00,000,258 | -H-- | M] () -- C:\WINDOWS\tasks\AFB228CE9189DA66.job
[2008/12/29 00:33:36 | 04,290,014 | -H-- | M] () -- C:\Documents and Settings\kross\Configuración local\Datos de programa\IconCache.db
[2008/12/25 22:57:02 | 00,000,298 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2008/12/21 17:44:20 | 00,041,993 | ---- | M] () -- C:\Documents and Settings\kross\Escritorio\Fuurai No Shiren_00008.png
[2008/12/17 19:58:30 | 00,128,000 | ---- | M] () -- C:\Documents and Settings\kross\Configuración local\Datos de programa\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/12/17 19:56:56 | 00,000,712 | ---- | M] () -- C:\WINDOWS\win.ini
[2008/12/17 19:54:01 | 00,713,782 | ---- | M] () -- C:\Documents and Settings\kross\Escritorio\chrono_crusade_03.bmp
[2008/12/17 16:04:49 | 00,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2008/12/16 16:38:22 | 00,000,731 | ---- | M] () -- C:\Documents and Settings\All Users\Escritorio\Malwarebytes' Anti-Malware.lnk
[2008/12/16 15:29:46 | 00,007,937 | ---- | M] () -- C:\Documents and Settings\kross\Escritorio\Temporary.theme
[2008/12/03 19:52:38 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2008/12/03 19:52:34 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2008/11/09 05:42:06 | 29,898,458 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2008/11/08 16:47:41 | 00,000,604 | ---- | M] () -- C:\Documents and Settings\kross\Mis documentos\My Sharing Folders.lnk
[2008/11/05 23:21:48 | 00,334,743 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2008/11/05 22:29:34 | 34,849,443 | -H-- | M] () -- C:\Documents and Settings\kross\Escritorio\fsoam2_mpg4v3_320.zip
[2008/11/02 19:39:22 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2008/11/02 19:39:22 | 00,000,211 | RHS- | M] () -- C:\boot.ini
[2008/11/02 19:13:10 | 00,000,701 | ---- | M] () -- C:\WINDOWS\n02.ini
[2008/10/31 23:05:31 | 00,000,699 | ---- | M] () -- C:\Documents and Settings\kross\Escritorio\Free Download Manager.lnk
[2008/10/30 12:49:30 | 00,093,321 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2008/10/27 14:06:06 | 00,464,800 | ---- | M] () -- C:\WINDOWS\System32\perfh00A.dat
[2008/10/27 14:06:06 | 00,402,740 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2008/10/27 14:06:06 | 00,082,604 | ---- | M] () -- C:\WINDOWS\System32\perfc00A.dat
[2008/10/27 14:06:05 | 01,024,280 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2008/10/27 14:06:05 | 00,063,350 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2008/10/24 18:14:12 | 00,001,525 | ---- | M] () -- C:\Documents and Settings\kross\Escritorio\Ampliador.lnk
[2008/10/10 21:10:39 | 00,002,700 | ---- | M] () -- C:\WINDOWS\kaillera.ini
[2008/10/08 22:39:15 | 00,000,729 | ---- | M] () -- C:\Documents and Settings\kross\Escritorio\Battery Meter.lnk
[2008/10/06 08:32:06 | 00,000,268 | -H-- | M] () -- C:\sqmdata14.sqm
[2008/10/06 08:32:06 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
[2008/10/05 19:57:05 | 00,000,933 | ---- | M] () -- C:\Documents and Settings\kross\Escritorio\Yugioh Virtual Desktop.lnk
< End of report >



------------------------

Extra.txt

------------------------



OTViewIt Extras logfile created on: 03/01/2009 07:26:13 p.m. - Run 2
OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Documents and Settings\kross\Escritorio
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 0000080A | Country: México | Language: ESM | Date Format: dd/MM/yyyy

247.37 Mb Total Physical Memory | 25.98 Mb Available Physical Memory | 10.50% Memory free
604.35 Mb Paging File | 302.38 Mb Available in Paging File | 50.03% Paging File free
Paging file location(s): C:\pagefile.sys 372 744;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Archivos de programa
Drive C: | 34.20 Gb Total Space | 1.28 Gb Free Space | 3.74% Space Free | Partition Type: NTFS
Drive D: | 3.11 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
E: Drive not present or media not loaded
Drive F: | 998.01 Mb Total Space | 225.14 Mb Free Space | 22.56% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DBGP2HB1
Current User Name: kross
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 90 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=1
"AntiVirusDisableNotify"=0
"FirewallDisableNotify"=0
"UpdatesDisableNotify"=0
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall"=0
"DisableNotifications"=0
"DoNotAllowExceptions"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2004/08/20 09:00:00 | 00,142,848 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
File not found -- C:\Archivos de programa\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)
[2007/01/19 10:54:56 | 05,674,352 | ---- | M] (Microsoft Corporation) -- C:\Archivos de programa\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
[2007/01/04 14:10:02 | 00,297,752 | ---- | M] (Microsoft Corporation) -- C:\Archivos de programa\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
[2007/06/20 03:00:27 | 00,029,360 | ---- | M] () -- C:\Archivos de programa\Lexmark 1300 Series\App4R.exe:*:Enabled:Lexmark Imaging Studio

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2004/08/20 09:00:00 | 00,142,848 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
File not found -- C:\Archivos de programa\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)
[2007/01/19 10:54:56 | 05,674,352 | ---- | M] (Microsoft Corporation) -- C:\Archivos de programa\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
[2007/01/04 14:10:02 | 00,297,752 | ---- | M] (Microsoft Corporation) -- C:\Archivos de programa\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
File not found -- C:\Archivos de programa\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
File not found -- C:\Archivos de programa\LimeWire\LimeWire.exe:*:Disabled:LimeWire
File not found -- C:\Documents and Settings\kross\Escritorio\snes9x-1.51-win32\snes9x.exe:*:Enabled:Snes9XW
File not found -- C:\Archivos de programa\VG Emulation\SNES\Emulator\Kaillera Version\snes9x.exe:*:Enabled:Snes9XW
File not found -- C:\Documents and Settings\kross\Escritorio\zsnesw142n\zsnesw.exe:*:Enabled:zsnesw
[2006/07/25 23:25:56 | 00,049,248 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\system32\java.exe:*:Enabled:Java™ 2 Platform Standard Edition binary
[2008/08/28 18:08:19 | 00,624,416 | ---- | M] (LogMeIn Inc.) -- C:\Archivos de programa\Hamachi\hamachi.exe:*:Enabled:Hamachi Client
[2005/03/28 18:09:14 | 01,052,672 | ---- | M] () -- C:\Archivos de programa\VG Emulation\SNES\Emulator\Kaillera Version\Snes9K.exe:*:Enabled:Snes9K
[2002/04/14 12:16:26 | 01,105,920 | ---- | M] (by Alexandre da Veiga) -- C:\Archivos de programa\VG Emulation\NES\RockNESX.exe:*:Enabled:RockNES X NES Emulator
File not found -- C:\Documents and Settings\kross\Escritorio\kaillerasrv.exe:*:Enabled:kaillerasrv
[2007/07/10 06:18:14 | 15,333,688 | ---- | M] (Apple Inc.) -- C:\Archivos de programa\iTunes\iTunes.exe:*:Enabled:iTunes
[2004/08/20 09:00:00 | 00,768,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe:*:Enabled:Asistencia remota - Windows Messenger and Voice
[2007/10/01 19:33:18 | 06,960,416 | ---- | M] (SmartSoft Ltd.) -- C:\Archivos de programa\SmartFTP Client\SmartFTP.exe:*:Enabled:SmartFTP Client 2.5
[2007/05/25 01:38:20 | 00,537,520 | ---- | M] ( ) -- C:\WINDOWS\system32\lxdccoms.exe:*:Enabled:Lexmark Communications System
[2007/04/30 00:19:53 | 00,020,480 | ---- | M] () -- C:\Archivos de programa\Lexmark 1300 Series\lxdcamon.exe:*:Enabled:Lexmark Device Monitor
[2007/06/20 03:00:27 | 00,029,360 | ---- | M] () -- C:\Archivos de programa\Lexmark 1300 Series\App4R.exe:*:Enabled:Lexmark Imaging Studio
[2004/08/20 09:00:00 | 00,030,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper
File not found -- D:\AUTORUN.EXE:*:Enabled:AUTORUN.EXE
[2007/05/25 01:38:48 | 00,082,864 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdctime.exe:*:Disabled:
[2007/05/25 01:38:32 | 00,291,760 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdcpswx.exe:*:Disabled:
[2007/05/25 01:38:35 | 00,398,256 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdcjswx.exe:*:Disabled:
[2004/08/20 09:00:00 | 00,018,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dpnsvr.exe:*:Enabled:Servidor de DirectPlay8 de Microsoft
[1999/07/22 11:37:16 | 01,302,528 | ---- | M] (DSI) -- C:\Archivos de programa\Delphine Software\Darkstone\Darkstone.exe:*:Enabled:DarkStone
[2008/09/24 21:47:35 | 07,671,408 | ---- | M] (Mozilla Corporation) -- C:\Archivos de programa\Mozilla Firefox\firefox.exe:*:Enabled:Firefox
File not found -- C:\Archivos de programa\VG Emulation\CGA_v0.352\CGA_v0.352\cga.exe:*:Enabled:cga
[2005/01/19 17:35:44 | 00,513,024 | ---- | M] () -- C:\Archivos de programa\VG Emulation\SNES\ZSNES 1.42\zsnesw.exe:*:Enabled:zsnesw
[2002/07/15 18:51:58 | 00,443,392 | ---- | M] () -- C:\Archivos de programa\VG Emulation\SNES\ZSNES 1.36\ZSNESW.EXE:*:Enabled:ZSNESW
File not found -- C:\Archivos de programa\zbattle.net\zbattle.net.exe:*:Enabled:zbattle.net
[2003/07/31 21:34:16 | 00,561,152 | ---- | M] () -- C:\Archivos de programa\VG Emulation\N64\Emulator\Project64k.exe:*:Enabled:Project64k
[2008/08/12 11:41:34 | 00,154,112 | ---- | M] () -- C:\Archivos de programa\VG Emulation\Console Gaming Arena\CGA_v0.410\CGA_v0.410\cga.exe:*:Enabled:cga
[2005/10/01 11:08:48 | 01,974,352 | ---- | M] (None) -- C:\Archivos de programa\VG Emulation\GBA\Emulator\VisualBoyAdvance.exe:*:Enabled:VisualBoyAdvance emulator
[2006/01/05 23:14:50 | 02,490,368 | ---- | M] () -- C:\Archivos de programa\VG Emulation\Sega\Fusion351\Fusion.exe:*:Enabled:Fusion
[1999/10/27 21:36:22 | 02,560,045 | ---- | M] (Microsoft Corporation) -- C:\Archivos de programa\Microsoft Games\Age of Empires II\empires2.exe:*:Enabled:Age of Empires II
[2007/10/14 18:25:40 | 00,761,856 | ---- | M] () -- C:\Archivos de programa\VG Emulation\NES\VirtuaNES\VirtuaNES.exe:*:Enabled:VirtuaNES NES emulator for Win32
[2001/08/10 13:20:26 | 02,699,309 | ---- | M] (Microsoft Corporation) -- C:\Archivos de programa\Microsoft Games\Age of Empires II\age2_x1\AGE2_X1.ICD:*:Enabled:Age of Empires II Expansion
File not found -- C:\Archivos de programa\metin2_spain\metin2.bin:*:Disabled:metin2
[2008/09/15 19:16:50 | 00,641,304 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Archivos de programa\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2001/01/22 00:25:24 | 00,872,448 | ---- | M] (Microsoft Corporation) C:\Archivos de programa\Archivos comunes\Microsoft Shared\Web Folders\PKMCDO.DLL (cdo:{CD00020A-8B95-11D1-82DB-00C04FB1625D} (HKLM) [Microsoft PKM KnowledgePluggable Class])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2003/07/10 23:25:22 | 00,842,816 | ---- | M] (Microsoft Corporation) C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/09/15 19:17:14 | 00,079,128 | ---- | M] (AVG Technologies CZ, s.r.o.) C:\Archivos de programa\AVG\AVG8\avgpp.dll (linkscanner:{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} (HKLM) [XPLPPFilter Class])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/01/19 10:53:24 | 00,063,344 | ---- | M] (Microsoft Corporation) C:\Archivos de programa\MSN Messenger\msgrapp.8.1.0178.00.dll (livecall:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
msdaipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2003/07/10 23:25:22 | 00,842,816 | ---- | M] (Microsoft Corporation) C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2003/07/10 23:25:22 | 00,842,816 | ---- | M] (Microsoft Corporation) C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2001/08/09 02:39:25 | 00,167,936 | ---- | M] (Microsoft Corporation) C:\Archivos de programa\Archivos comunes\Microsoft Shared\Encarta Researcher\MSERO.DLL (msero:{B0D92A71-886B-453B-A649-1B91F93801E7} (HKLM) [Protocol Class])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2001/06/20 01:26:46 | 00,221,184 | ---- | M] (Microsoft Corporation) C:\Archivos de programa\Archivos comunes\Microsoft Shared\Information Retrieval\msitss.dll (ms-itss:{0A9007C0-4076-11D3-8789-0000F8105754} (HKLM) [Microsoft Infotech Storage Protocol for IE 4.0])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/01/19 10:53:24 | 00,063,344 | ---- | M] (Microsoft Corporation) C:\Archivos de programa\MSN Messenger\msgrapp.8.1.0178.00.dll (msnim:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2001/02/23 23:36:24 | 07,436,272 | ---- | M] (Microsoft Corporation) C:\Archivos de programa\Archivos comunes\Microsoft Shared\Web Components\10\OWC10.DLL (mso-offdap:{3D9F03FA-7A94-11D3-BE81-0050048385D1} (HKLM) [Data Page Pluggable Protocol mso-offdap Handler])

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}"=MSXML4 Parser
"{034100C0-3975-4267-9F39-1DC4745090B7}"=Microsoft Encarta Reference Library 2003
"{075473F5-846A-448B-BCB3-104AA1760205}"=Sonic RecordNow Data
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}"=Sonic DLA
"{18D10072035C4515918F7E37EAFAACFC}"=AutoUpdate
"{22B3CC30-77B8-419C-AA4B-F571FDF5D66D}"=Windows Live Sign-in Assistant
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}"=Google Toolbar for Internet Explorer
"{26E1BFB0-E87E-4696-9F89-B467F01F81E5}"=Broadcom Management Programs
"{2F173C40-563E-11D4-89C5-0010ADDAAC33}"=EA.com Matchup
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}"=Sonic Update Manager
"{30C2FCD0-FF7B-4FFA-8DDE-43A22E01A1E7}"=Rhapsody Player Engine
"{3248F0A8-6813-11D6-A77B-00B0D0150080}"=J2SE Runtime Environment 5.0 Update 8
"{350C9C0A-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{37C70655-506A-4F4E-B3DE-7402A67580A4}"=Microsoft Works 7.0
"{3F695596-85E6-4224-BC70-538F9036797A}"=MovieShop
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}"=NetWaiting
"{571700F0-DB9D-4B3A-B03D-35A14BB5939F}"=Windows Live Messenger
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}"=Dell Driver Reset Tool
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}"=PowerDVD 5.5
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}"=Microsoft .NET Framework 2.0
"{7148F0A8-6813-11D6-A77B-00B0D0142030}"=Java 2 Runtime Environment, SE v1.4.2_03
"{7299052b-02a4-4627-81f2-1818da5d550d}"=Microsoft Visual C++ 2005 Redistributable
"{74EC78BC-B379-4E29-9006-8F161DCAABA6}"=Apple Software Update
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}"=Dell System Restore
"{7784A172-61F1-445E-8368-601607E0DD22}"=AMV Convert Tool 3.70
"{7B63B2922B174135AFC0E1377DD81EC2}"=DivX Codec
"{7F142D56-3326-11D5-B229-002078017FBF}"=Modem Helper
"{83169D43-4660-4347-BC95-E9D6E6BE65CE}"=Microsoft .NET Framework 1.1 Spanish Language Pack
"{8A708DD8-A5E6-11D4-A706-000629E95E20}"=Intel® Graphics Media Accelerator Driver for Mobile
"{8ADFC4160D694100B5B8A22DE9DCABD9}"=DivX Player
"{90280C0A-6000-11D3-8CFE-0050048383C9}"=Microsoft Office XP Professional con FrontPage
"{9357AE3A-B2ED-4138-BB9B-0564352C3F0A}"=iTunes
"{9559F7CA-5E34-4237-A2D9-D856464AD727}"=Project64 1.6
"{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}"=QuickTime
"{9AB97F52-512B-43EF-AAEC-4825C17B32ED}"=EA.com Update
"{A43B2A2F-1DB5-47F9-A608-F11A4835D7CB}"=Apple Mobile Device Support
"{A4D7B764-4140-11D4-88EB-0050DA3579C0}"=Nero - Burning Rom
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}"=Sonic RecordNow Audio
"{AC76BA86-0000-0000-0000-6028747ADE01}"=Adobe Acrobat - Reader 6.0.2 Update
"{AC76BA86-7AD7-1034-7B44-A00000000001}"=Adobe Reader 6.0.1 - Español
"{B12665F4-4E93-4AB4-B7FC-37053B524629}"=Sonic RecordNow Copy
"{B13A7C41581B411290FBC0395694E2A9}"=DivX Converter
"{B2E3A2C8-283C-4871-A499-B2711F48D64B}"=Yugioh Virtual Dueling
"{C169D3BB-9A27-43F5-9979-09A0D65FE95C}"=SmartFTP Client
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}"=LG USB Modem Driver
"{C5074CC4-0E26-4716-A307-960272A90040}"=QuickSet
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
"{CB8251EE-C86B-410D-83B2-1E28E9DE2C2B}"=LG GSM PC Components
"{D2988E9B-C73F-422C-AD4B-A66EBE257120}"=MCU
"{E646DCF0-5A68-11D5-B229-002078017FBF}"=Digital Line Detect
"Adobe Flash Player Plugin"=Adobe Flash Player Plugin
"Adobe Shockwave Player"=Adobe Shockwave Player
"Age of Empires 2.0"=Microsoft Age of Empires II
"Age of Empires II: The Conquerors Expansion 1.0"=Microsoft Age of Empires II: The Conquerors Expansion
"Audacity_is1"=Audacity 1.2.6
"AVG8Uninstall"=AVG Free 8.0
"AWicons Lite"=AWicons Lite
"Broadcom 802.11b Network Adapter"=Dell Wireless WLAN Card
"Canon ScanGear Toolbox CS"=Canon ScanGear Toolbox CS 2.2
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3"=Conexant HDA D110 MDC V.92 Modem
"CreataCard Plus 3"=CreataCard Plus 3
"DarkstoneDeinstKey"=Darkstone
"DiskCleaner"=Disk Cleaner (remove only)
"Final Fantasy VII"=Final Fantasy VII
"FlexiMusic Wave Editor_is1"=FlexiMusic Wave Editor
"Free Download Manager_is1"=Free Download Manager 2.5
"Google Updater"=Google Updater
"greenstreet Picture Browser"=greenstreet Picture Browser
"Hamachi"=Hamachi 1.0.2.5
"HijackThis"=HijackThis 2.0.2
"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs
"ie7"=Windows Internet Explorer 7
"la Guía del EXHCOBA UABC 2006-2_is1"=Guía del EXHCOBA UABC 2006-2
"Lexmark 1300 Series"=Lexmark 1300 Series
"Malwarebytes' Anti-Malware_is1"=Malwarebytes' Anti-Malware
"Messenger Plus! Live"=Messenger Plus! Live & Sponsor (CiD)
"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0"=Microsoft .NET Framework 2.0
"mIRC"=mIRC
"Mozilla Firefox (2.0.0.17)"=Mozilla Firefox (2.0.0.17)
"MSTTS"=Microsoft Text-to-Speech Engine 4.0 (English)
"NetBattle_is1"=NetBattle
"Network Play System (Patching)"=Network Play System (Patching)
"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs
"Å’¥"=Å’¥
"Ootake_is1"=Ootake ver1.56
"RPG Maker 2003_is1"=RPG Maker 2003 v1.06
"Shockwave"=Shockwave
"ShockwaveFlash"=Adobe Flash Player 9 ActiveX
"SpeedFan"=SpeedFan (remove only)
"Spybot - Search & Destroy_is1"=Spybot - Search & Destroy 1.4
"ST5UNST #1"=Anvil Studio
"SynTPDeinstKey"=Synaptics Pointing Device Driver
"SystemRequirementsLab"=System Requirements Lab
"TilEd 2002_is1"=TilEd 2002 0.64.2600
"WebPost"=Microsoft Web Publishing Wizard 1.52
"Winamp"=Winamp
"WinGimp-2.0_is1"=GIMP 2.4.7
"WinRAR archiver"=WinRAR archiver
"WMV to AVI MPEG WMV VCD SVCD DVD Converter_is1"=WMV to AVI MPEG WMV VCD SVCD DVD Converter 5.2
"Yugioh Virtual Desktop"=Yugioh Virtual Desktop
"ZoneAlarm"=ZoneAlarm

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 28/10/2008 03:37:16 a.m. | Computer Name = DBGP2HB1 | Source = crypt32 | ID = 131080
Description = Error en la recuperación de actualización automática del número de
secuencia de la lista raíz de terceros de: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
con el error: El volumen está muy fragmentado para completar esta operación.

Error - 31/10/2008 02:13:22 a.m. | Computer Name = DBGP2HB1 | Source = crypt32 | ID = 131080
Description = Error en la recuperación de actualización automática del número de
secuencia de la lista raíz de terceros de: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
con el error: El volumen está muy fragmentado para completar esta operación.

Error - 01/11/2008 10:59:19 p.m. | Computer Name = DBGP2HB1 | Source = Application Error | ID = 1000
Description = Aplicación con errores: tgb-dual.exe, versión: 0.7.0.0, módulo con
error: tgb-dual.exe, versión 0.7.0.0, dirección de error 0x00022e6e.

Error - 01/11/2008 11:01:16 p.m. | Computer Name = DBGP2HB1 | Source = Application Error | ID = 1000
Description = Aplicación con errores: tgb-dual.exe, versión: 0.7.0.0, módulo con
error: tgb-dual.exe, versión 0.7.0.0, dirección de error 0x00022e6e.

Error - 01/11/2008 11:43:32 p.m. | Computer Name = DBGP2HB1 | Source = Application Hang | ID = 1002
Description = Aplicación que no responde: TGB-Dual.exe, versión 0.7.0.0, módulo
que no responde hungapp, versión 0.0.0.0, dirección que no responde 0x00000000.

Error - 02/11/2008 04:04:54 p.m. | Computer Name = DBGP2HB1 | Source = crypt32 | ID = 131080
Description = Error en la recuperación de actualización automática del número de
secuencia de la lista raíz de terceros de: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
con el error: El volumen está muy fragmentado para completar esta operación.

Error - 04/11/2008 12:57:09 a.m. | Computer Name = DBGP2HB1 | Source = Application Hang | ID = 1002
Description = Aplicación que no responde: OUTLOOK.EXE, versión 10.0.2627.1, módulo
que no responde hungapp, versión 0.0.0.0, dirección que no responde 0x00000000.

Error - 04/11/2008 12:57:28 a.m. | Computer Name = DBGP2HB1 | Source = Microsoft Office 10 | ID = 2001
Description = Rejected Safe Mode action : Microsoft Outlook.

Error - 17/12/2008 07:50:30 p.m. | Computer Name = DBGP2HB1 | Source = Microsoft Office 10 | ID = 2001
Description = Rejected Safe Mode action : Microsoft Word.

Error - 18/12/2008 11:54:31 p.m. | Computer Name = DBGP2HB1 | Source = Application Error | ID = 1000
Description = Aplicación con errores: yame038.exe, versión: 0.0.0.0, módulo con
error: yame038.exe, versión 0.0.0.0, dirección de error 0x000ace0f.

[ System Events ]
Error - 31/12/2008 12:15:38 a.m. | Computer Name = DBGP2HB1 | Source = Dhcp | ID = 1001
Description = A su equipo no le fue asignada una dirección de la red (por el servidor
DHCP)
para la tarjeta de red con la dirección de red 7A7905B6CFDD. Ocurrió el error:
%%1223. Su equipo continuará intentando obtener una dirección desde el servidor de
direcciones de red (DHCP).

Error - 31/12/2008 12:15:56 a.m. | Computer Name = DBGP2HB1 | Source = W32Time | ID = 39452689
Description = El proveedor de tiempo NtpClient: ocurrió un error durante la búsqueda
DNS del homólogo configurado manualmente "time.nist.gov,0x1". NtpClient volverá
a intentar la búsqueda DNS en 15 minutos. El error era: Se ha intentado una operación
de socket en un host no accesible. (0x80072751)

Error - 31/12/2008 12:15:56 a.m. | Computer Name = DBGP2HB1 | Source = W32Time | ID = 39452701
Description = El proveedor de tiempo NtpClient se ha configurado para adquirir la
hora desde uno o más recursos de hora, sin embargo, ninguno de los recursos está
accesible No se hará un intento de ponerse en contacto con un recurso durante 14
minutos. NtpClient no tiene recurso de hora exacta.

Error - 31/12/2008 12:16:14 a.m. | Computer Name = DBGP2HB1 | Source = W32Time | ID = 39452689
Description = El proveedor de tiempo NtpClient: ocurrió un error durante la búsqueda
DNS del homólogo configurado manualmente "time.nist.gov,0x1". NtpClient volverá
a intentar la búsqueda DNS en 15 minutos. El error era: Se ha intentado una operación
de socket en un host no accesible. (0x80072751)

Error - 31/12/2008 12:16:14 a.m. | Computer Name = DBGP2HB1 | Source = W32Time | ID = 39452701
Description = El proveedor de tiempo NtpClient se ha configurado para adquirir la
hora desde uno o más recursos de hora, sin embargo, ninguno de los recursos está
accesible No se hará un intento de ponerse en contacto con un recurso durante 14
minutos. NtpClient no tiene recurso de hora exacta.

Error - 03/01/2009 11:14:07 p.m. | Computer Name = DBGP2HB1 | Source = W32Time | ID = 39452689
Description = El proveedor de tiempo NtpClient: ocurrió un error durante la búsqueda
DNS del homólogo configurado manualmente "time.nist.gov,0x1". NtpClient volverá
a intentar la búsqueda DNS en 15 minutos. El error era: Se ha intentado una operación
de socket en un host no accesible. (0x80072751)

Error - 03/01/2009 11:14:07 p.m. | Computer Name = DBGP2HB1 | Source = W32Time | ID = 39452701
Description = El proveedor de tiempo NtpClient se ha configurado para adquirir la
hora desde uno o más recursos de hora, sin embargo, ninguno de los recursos está
accesible No se hará un intento de ponerse en contacto con un recurso durante 14
minutos. NtpClient no tiene recurso de hora exacta.

Error - 03/01/2009 11:14:09 p.m. | Computer Name = DBGP2HB1 | Source = W32Time | ID = 39452689
Description = El proveedor de tiempo NtpClient: ocurrió un error durante la búsqueda
DNS del homólogo configurado manualmente "time.nist.gov,0x1". NtpClient volverá
a intentar la búsqueda DNS en 15 minutos. El error era: Se ha intentado una operación
de socket en un host no accesible. (0x80072751)

Error - 03/01/2009 11:14:09 p.m. | Computer Name = DBGP2HB1 | Source = W32Time | ID = 39452701
Description = El proveedor de tiempo NtpClient se ha configurado para adquirir la
hora desde uno o más recursos de hora, sin embargo, ninguno de los recursos está
accesible No se hará un intento de ponerse en contacto con un recurso durante 14
minutos. NtpClient no tiene recurso de hora exacta.

Error - 03/01/2009 11:21:52 p.m. | Computer Name = DBGP2HB1 | Source = Windows Update Agent | ID = 16
Description = No se pudo conectar: Windows no se pudo conectar al servicio de Actualizaciones
automáticas y, por lo tanto, no pudo descargar e instalar las actualizaciones según
la programación configurada. Windows seguirá intentando establecer una conexión.


< End of report >



------------------------

gmer log

------------------------



GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2009-01-03 20:28:27
Windows 5.1.2600 Service Pack 2


---- Devices - GMER 1.0.14 ----

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

Device \FileSystem\Fastfat \Fat F8BB9C8A

---- EOF - GMER 1.0.14 ----






EDIT: As you may have already seen, there are several chunks of text in spanish. My bad for using XP in spanish, heh heh. If you don't understand something, please ask and I'll translate or explain.

Edited by Master_Krono, 03 January 2009 - 11:52 PM.


#7 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:22 PM

Posted 04 January 2009 - 05:13 PM

Hello.

Yup, you are infected. You are infected with Lop. Also there is an entry that is related to a baking Trojan.

There was and now it still appears to be there, a file on your system that was related to Troj/Bancos-AWX Internet banking Trojan. More information on this can be found here That tells you it can steal passwords and other information related to your computer. I recommend you change the passwords immediately using another clean machine.

Posted ImageBackdoor Threat
Unfortunatly One or more of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. I'll assume you want to continue please follow instructions below.

We will need to see a scan before we continue.

Download and run LopS&D

DownloadLop S&D by Eric_71 and save it to your desktop.
Lop S&D will only run on Windows XP and Windows Vista

Disable your antivirus and antimalware programs so they do not interfere with the running of Lop S&D.
To see how to disable security programs visit this tutorial:
How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
  • Double-click LopSD.exe
    If you are using Windows Vista, right-click on LopSD.exe icon and select 'Run as administrator' to perform this scan.
  • Choose the language by typing of the corresponding letter and press Enter
  • Click OK at the informative window
  • Type 1, to choose Option 1 (Search) then press Enter
  • Wait until the end of the scan
  • A report will be generated, post the contents of it in your next reply.
(Copy of the report can be found at this location: %SystemDrive%\lopR.txt, in most cases C:\lopR.txt)

Post back with:
-LopR.txt
-New OTViewIT log


With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#8 Master_Krono

Master_Krono
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:22 PM

Posted 06 January 2009 - 12:07 AM

Hmmm... wouldn't it be better to simply reformat? Not that I do my transactions through my PC or anything... but if it can never be trusted security-wise again, shouldn't it be better to just simply backup my personal files and delete everything?

Also, I'd like to know what kind of files did that trojan infect, so I don't accidentally copy them over when I do a fresh XP reinstall.


-M_K


#9 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:22 PM

Posted 06 January 2009 - 05:08 PM

Hello.

Yes, a backup and a fresh reinstall/format is the best option here.

Regarding what to backup, you can backup any data files such as .doc .xml .txt etc... You can also backup any of your important work from your job, photos and pictures or movies are usually safe to backup. Any executables such as .exe, .scr or .com. Avoid backing up as it may be infected. Other than that I won't say much.

Hope everything goes well :thumbsup:

After the format/reinstall you would probably be clean so take a look and read my prevention page.

Please follow/read the steps below to remove the tools we used, purge a system restore and for some more information. :)

Congratulations! You now appear clean! :)

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Increase the Speed of your System

You may wish to try StartupLite. Simply download this tool to your desktop and run it. It will explain any optional auto-start programs on your system, and offer the option to stop these programs from starting at startup. This will result in fewer programs running when you boot your system, and should improve performance.
If that does not work, you can try the steps mentioned in Slow Computer/browser? Check Here First; It May Not Be Malware.

Install an AntiVirus Software

It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

See this link for a listing of some online & their stand-alone antivirus programs:
Virus, Spyware, and Malware Protection and Removal Resources

Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

Install a Firewall

I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

For a tutorial on Firewalls and a listing of some available ones see the link below:
Understanding and Using Firewalls

Update your Firewall Program - It is imperitive that you update your Firewall at least once a week (Even more if you wish). If you do not update your firewall then it will not be able to catch any of the new variants that may come out.

Preventing Infections in the Future

Please also have a look at the following links, giving some advice and Tips to protect yourself against malware and reduce the potential for re-infection:
  • Avoid gaming sites, underground web pages, pirated software sites, and peer-to-peer (P2P) file sharing programs. They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users. The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications. Read P2P Software User Advisories and Risks of File-Sharing Technology.
I recommend you regularly visit the Windows Update Site!
  • Lots of Hacking/Trojans use the methods found (plugged by the updates) that have not been stopped by people not updating.
  • By updating your machine, you have one less headache! Posted Image
  • Update ALL Critical updates and any other Windows updates for services/programs that you use.
  • If you wish, you can also use automatic updates. This is a good thing to have if you want to be up-to-date all the time, but can also be a bit of an annoyance due to its handling and the sizes of the updates. If you wish to turn on automatic updates then you will find here is a nice little article about turning on automatic updates.
  • Note that it will download them for you, but you still have to actually click install.
  • If you do not want to have automatic updates turned on, or are on dial-up, you can always download updates seperately at: http://windowsupdate.microsoft.com.
It is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.

For a nice list of freeware programmes in all categories, please have a look at this thread with freeware products that are regarded as useful by the users of this forum: Commonly Used Freeware Replacements.

Update all programs regularly - Make sure you update all the programs you have installed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

Follow this list and your potential for being infected again will reduce dramatically.

Finally, and definitely the MOST IMPORTANT step, click on the following tutorial and follow each step listed there:

Simple and easy ways to keep your computer safe and secure on the Internet


Glad I was able to help and thank you for choosing Bleeping Computer as you malware removal source.
Don't forget to tell your friends about us and Good luck :)


If you have no more questions, comments or problems please tell us, so we can close off the topic.

Thanks :)

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#10 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:22 PM

Posted 08 January 2009 - 03:34 PM

Hello.

From your PM, you asked how you can learn how to help others and clean your own machine. There's many schools that teach how to remove malware. BC also has a training program but unfortunately it's fairly full. However, any of the schools that are mentioned by the UNITE website also will work.

*note: Castlcops no longer is available anymore, however.

Hope that helps, and glad everything went well in the reinstall/format. :thumbsup:

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#11 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:22 PM

Posted 13 January 2009 - 06:42 PM

Hello.

Since the problem appears to be resolved, this topic is now Closed
If you need this topic reopened, please Send Me a Message. In your message please include the address of this thread in your request.

This applies only to the original topic starter.

Everyone else please start a new topic in the Hijackthis-Malware Removal Forum.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users