Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

IE explorer and Chrome and all internet programs will not connect, and sound gone


  • This topic is locked This topic is locked
27 replies to this topic

#1 yanmatt

yanmatt

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:03:41 PM

Posted 16 May 2010 - 09:03 AM

I had not been able to connect to the internet by any program, IE explorer, chrome, Itunes ect. and I have no sound and can not play any music or video files. I downloaded malwarebytes, super antispyware, and Rkill from another computer, and was able to install on infected computer and after running Rkill was able to get both programs to run. After running both, I was able to connect back to internet, but I still do not have sound, and can not run any music or video files. I am using the infected computer now to write this.

Thanks for your help,
Matt


DDS (Ver_10-03-17.01) - NTFSx86
Run by DELL at 6:22:57.15 on Sun 05/16/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.3082.18.1015.428 [GMT -6:00]

AV: BitDefender Antivirus *On-access scanning enabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
FW: BitDefender Firewall *enabled* {4055920F-2E99-48A8-A270-4243D2B8F242}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Archivos de programa\Archivos comunes\BitDefender\BitDefender Update Service\livesrv.exe
C:\Archivos de programa\BitDefender\BitDefender 2010\vsserv.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Archivos de programa\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Archivos de programa\Bonjour\mDNSResponder.exe
svchost.exe
C:\Archivos de programa\Intel\Wireless\Bin\EvtEng.exe
C:\Archivos de programa\Java\jre6\bin\jqs.exe
C:\Archivos de programa\Archivos comunes\LogiShrd\LVCOMSER\LVComSer.exe
C:\Archivos de programa\Archivos comunes\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Archivos de programa\Common Files\Motive\McciCMService.exe
c:\Archivos de programa\Archivos comunes\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Archivos de programa\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Archivos de programa\Intel\Wireless\Bin\WLKeeper.exe
C:\Archivos de programa\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Archivos de programa\Intel\Wireless\bin\ZCfgSvc.exe
C:\Archivos de programa\Intel\Wireless\Bin\ifrmewrk.exe
C:\Archivos de programa\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\rundll32.exe
C:\Archivos de programa\Microsoft Office\Office12\GrooveMonitor.exe
C:\Archivos de programa\BitDefender\BitDefender 2010\bdagent.exe
C:\Archivos de programa\Archivos comunes\LogiShrd\LComMgr\Communications_Helper.exe
C:\Archivos de programa\Logitech\QuickCam\Quickcam.exe
C:\Archivos de programa\HughesNetTools\1\McciTrayApp_SSR.exe
C:\Archivos de programa\Archivos comunes\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Archivos de programa\Archivos comunes\Java\Java Update\jusched.exe
C:\Archivos de programa\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Archivos de programa\Skype\Phone\Skype.exe
C:\WINDOWS\system32\rundll32.exe
C:\Archivos de programa\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Documents and Settings\DELL\Configuración local\Datos de programa\Google\Update\1.2.183.23\GoogleCrashHandler.exe
C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Archivos de programa\Archivos comunes\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Archivos de programa\Microsoft Office\Office12\ONENOTEM.EXE
C:\Archivos de programa\Archivos comunes\Logishrd\LQCVFX\COCIManager.exe
C:\Archivos de programa\BitDefender\BitDefender 2010\seccenter.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Archivos de programa\Archivos comunes\LogiShrd\LVCOMSER\LVComSer.exe
C:\Archivos de programa\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Archivos de programa\iPod\bin\iPodService.exe
C:\ARCHIV~1\Yahoo!\Messenger\ymsgr_tray.exe
C:\Documents and Settings\DELL\Configuración local\Datos de programa\Google\Chrome\Application\chrome.exe
c:\archivos de programa\logitech\quickcam\lu\lulnchr.exe
c:\archivos de programa\logitech\quickcam\lu\LogitechUpdate.exe
C:\Documents and Settings\DELL\Configuración local\Datos de programa\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\DELL\Escritorio\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://www.avg.es/es.special-toolbar-first-run-tlbrc-v2
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\archivos de programa\yahoo!\companion\installs\cpn0\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\archivos de programa\yahoo!\companion\installs\cpn0\yt.dll
BHO: Aplicación auxiliar de vínculos de Adobe PDF Reader: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\archivos de programa\archivos comunes\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\archivos de programa\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: Yahooo Search Protection: {25bc7718-0bfa-40ea-b381-4b2d9732d686} - c:\archivos de programa\yahoo!\search protection\ysp.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\archivos de programa\avg\avg9\avgssie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\archiv~1\micros~2\office12\GRA8E1~1.DLL
BHO: HDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - c:\archivos de programa\hughesnet download manager\iefdm2.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\archivos de programa\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\archivos de programa\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\archivos de programa\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: BitDefender Toolbar: {381ffde8-2394-4f90-b10d-fc6124a40f8c} - c:\archivos de programa\bitdefender\bitdefender 2010\IEToolbar.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\archivos de programa\yahoo!\companion\installs\cpn0\yt.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [Messenger (Yahoo!)] "c:\archiv~1\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [Search Protection] c:\archivos de programa\yahoo!\search protection\SearchProtection.exe
uRun: [Skype] "c:\archivos de programa\skype\phone\Skype.exe" /nosplash /minimized
uRun: [HughesNet Download Manager] c:\archivos de programa\hughesnet download manager\HDM.exe -autorun
uRun: [Google Update] "c:\documents and settings\dell\configuración local\datos de programa\google\update\GoogleUpdate.exe" /c
uRun: [Mduzuwibiqor] rundll32.exe "c:\windows\mspncs.dll",Startup
uRun: [SUPERAntiSpyware] c:\archivos de programa\superantispyware\SUPERAntiSpyware.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [IntelZeroConfig] "c:\archivos de programa\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\archivos de programa\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [RemoteControl] "c:\archivos de programa\cyberlink\powerdvd\PDVDServ.exe"
mRun: [LanguageShortcut] "c:\archivos de programa\cyberlink\powerdvd\language\Language.exe"
mRun: [Adobe Reader Speed Launcher] "c:\archivos de programa\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [GrooveMonitor] "c:\archivos de programa\microsoft office\office12\GrooveMonitor.exe"
mRun: [BDAgent] "c:\archivos de programa\bitdefender\bitdefender 2010\bdagent.exe"
mRun: [BitDefender Antiphishing Helper] "c:\archivos de programa\bitdefender\bitdefender 2010\IEShow.exe"
mRun: [LogitechCommunicationsManager] "c:\archivos de programa\archivos comunes\logishrd\lcommgr\Communications_Helper.exe"
mRun: [LogitechQuickCamRibbon] "c:\archivos de programa\logitech\quickcam\Quickcam.exe" /hide
mRun: [HughesNetTools_McciTrayApp] c:\archivos de programa\hughesnettools\1\McciTrayApp_SSR.exe
mRun: [Intuit SyncManager] c:\archivos de programa\archivos comunes\intuit\sync\IntuitSyncManager.exe startup
mRun: [BlackBerryAutoUpdate] c:\archivos de programa\archivos comunes\research in motion\auto update\RIMAutoUpdate.exe /background
mRun: [SunJavaUpdateSched] "c:\archivos de programa\archivos comunes\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\archivos de programa\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\archivos de programa\itunes\iTunesHelper.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\dell\menini~1\progra~1\inicio\recort~1.lnk - c:\archivos de programa\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\menini~1\progra~1\inicio\logite~1.lnk - c:\archivos de programa\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe
StartupFolder: c:\docume~1\alluse~1\menini~1\progra~1\inicio\quickb~1.lnk - c:\archivos de programa\archivos comunes\intuit\quickbooks\qbupdate\qbupdate.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download all with HughesNet Download Manager - file://c:\archivos de programa\hughesnet download manager\dlall.htm
IE: Download selected with HughesNet Download Manager - file://c:\archivos de programa\hughesnet download manager\dlselected.htm
IE: Download video with HughesNet Download Manager - file://c:\archivos de programa\hughesnet download manager\dlfvideo.htm
IE: Download with HughesNet Download Manager - file://c:\archivos de programa\hughesnet download manager\dllink.htm
IE: E&xportar a Microsoft Excel - c:\archiv~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\archivos de programa\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\archiv~1\micros~2\office12\ONBttnIE.dll
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\archivos de programa\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\archivos de programa\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\archiv~1\micros~2\office12\REFIEBAR.DLL
DPF: PackageCab - hxxp://ak.imgag.com/imgag/cp/install/AxCtp2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\archivos de programa\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\archiv~1\micros~2\office12\GR99D3~1.DLL
Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - c:\program files\intuit\quickbooks 2010\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\archiv~1\archiv~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\archivos de programa\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\archiv~1\micros~2\office12\GRA8E1~1.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\archivos de programa\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============

R1 SASDIFSV;SASDIFSV;c:\archivos de programa\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\archivos de programa\superantispyware\SASKUTIL.SYS [2010-5-6 68168]
R2 BDVEDISK;BDVEDISK;c:\archivos de programa\bitdefender\bitdefender 2010\bdvedisk.sys [2009-9-22 85128]
R3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [2009-11-10 153448]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\drivers\bdfndisf.sys [2009-10-19 111312]
S2 gupdate;Google Update Service (gupdate);c:\archivos de programa\google\update\GoogleUpdate.exe [2010-2-28 135664]
S3 Arrakis3;BitDefender Arrakis Server;c:\archivos de programa\archivos comunes\bitdefender\bitdefender arrakis server\bin\arrakis3.exe [2009-10-19 183880]

=============== Created Last 30 ================

2010-05-16 12:18:23 0 ----a-w- c:\documents and settings\dell\defogger_reenable
2010-05-12 02:33:41 0 d-----w- c:\docume~1\alluse~1\datosd~1\SUPERAntiSpyware.com
2010-05-12 02:32:59 0 d-----w- c:\docume~1\dell\datosd~1\SUPERAntiSpyware.com
2010-05-12 02:32:59 0 d-----w- c:\archivos de programa\SUPERAntiSpyware
2010-05-12 02:31:46 0 d-----w- c:\archivos de programa\archivos comunes\Wise Installation Wizard
2010-05-12 00:25:55 0 d-----w- c:\docume~1\dell\datosd~1\Malwarebytes
2010-05-12 00:25:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-12 00:25:37 0 d-----w- c:\docume~1\alluse~1\datosd~1\Malwarebytes
2010-05-12 00:25:36 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-12 00:25:36 0 d-----w- c:\archivos de programa\Malwarebytes' Anti-Malware
2010-05-11 06:00:37 0 d-----w- C:\618c0bf6ab9e7243c582
2010-05-11 05:45:07 0 d-----w- C:\ff7fa3a6ea517c1dd8ee4f27df37b593
2010-05-11 05:15:20 0 d-----w- c:\windows\SxsCaPendDel
2010-05-11 01:20:48 859648 ----a-w- c:\windows\system32\drivers\zwpvhl.sys
2010-05-10 19:25:20 20 ----a-w- c:\docume~1\dell\datosd~1\qvjsge.dat
2010-05-08 23:50:56 0 d-----w- c:\archivos de programa\Paint.NET
2010-05-05 11:30:59 0 d-sh--w- c:\documents and settings\dell\IECompatCache
2010-04-27 04:10:27 0 d-sh--w- c:\documents and settings\dell\PrivacIE
2010-04-27 04:07:09 0 d-sh--w- c:\documents and settings\dell\IETldCache
2010-04-27 04:01:44 0 d-----w- c:\windows\ie8updates
2010-04-27 03:56:01 0 dc-h--w- c:\windows\ie8
2010-04-27 03:51:48 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-04-27 03:51:44 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-04-27 03:49:51 64000 -c----w- c:\windows\system32\dllcache\iecompat.dll

==================== Find3M ====================

2010-05-15 13:45:27 46044 ---ha-w- c:\windows\system32\mlfcache.dat
2010-05-08 15:06:01 58984 ----a-w- c:\windows\fonts\TT0108M_.TTF
2010-05-08 15:06:00 47948 ----a-w- c:\windows\fonts\CACCHAMP.TTF
2010-05-04 10:09:06 111312 ----a-w- c:\windows\system32\drivers\bdfndisf.sys
2010-05-02 19:32:22 86306 ----a-w- c:\windows\system32\perfc00A.dat
2010-05-02 19:32:22 497684 ----a-w- c:\windows\system32\perfh00A.dat
2010-05-02 13:47:09 56220 ----a-w- c:\windows\fonts\CACOS___.TTF
2010-04-01 13:55:10 291352 ----a-w- c:\windows\system32\drivers\bdfsfltr.sys
2010-03-10 06:16:45 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-28 16:47:14 121332 ----a-w- c:\windows\HPHins15.dat
2010-02-25 06:16:45 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-19 23:47:50 3604480 ----a-w- c:\windows\system32\GPhotos.scr
2010-02-17 20:07:06 2192384 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 19:07:04 2069248 ----a-w- c:\windows\system32\ntkrnlpa.exe

============= FINISH: 6:24:17.09 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,770 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:41 PM

Posted 19 May 2010 - 02:33 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. In the custom scan box paste the following:
    CODE
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    mv61xx.sys
    nvraid.sys
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
  6. Push the button.
  7. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 yanmatt

yanmatt
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:03:41 PM

Posted 19 May 2010 - 07:17 PM

Hello Myrti,

Thanks for helping me! My problem is still as explained in my original post. I am able to connect to internet, but I am having bitdfender blocking viruses all the time. When running OTL BD blocked "GEN:rootkit.Nixoa.1" Currently I can not run malwarebytes anti malware, I get the following message when trying to run "MBAM_ERROR_LOAD_DATABASE(0,5). I also lost sound and can not play music or video files.

Here are the OTL logs,

Thanks
Yanmatt

OTL logfile created on: 5/19/2010 5:49:53 PM - Run 1
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Documents and Settings\DELL\Escritorio
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: Estados Unidos | Language: ENU | Date Format: M/d/yyyy

1,015.00 Mb Total Physical Memory | 515.00 Mb Available Physical Memory | 51.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Archivos de programa
Drive C: | 149.04 Gb Total Space | 121.28 Gb Free Space | 81.38% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DELL-CDAEC6814E
Current User Name: DELL
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/05/19 17:46:27 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\DELL\Escritorio\OTL.exe
PRC - [2010/05/06 17:04:56 | 002,017,280 | ---- | M] (SUPERAntiSpyware.com) -- C:\Archivos de programa\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2010/05/04 04:09:12 | 001,615,688 | ---- | M] (BitDefender S.R.L.) -- C:\Archivos de programa\BitDefender\BitDefender 2010\vsserv.exe
PRC - [2010/04/01 07:55:38 | 001,123,360 | ---- | M] (BitDefender S.R.L.) -- C:\Archivos de programa\BitDefender\BitDefender 2010\bdagent.exe
PRC - [2010/04/01 07:55:02 | 001,091,984 | ---- | M] (BitDefender S.R.L.) -- C:\Archivos de programa\BitDefender\BitDefender 2010\seccenter.exe
PRC - [2010/03/18 19:59:47 | 000,136,176 | ---- | M] (Google Inc.) -- C:\Documents and Settings\DELL\Configuración local\Datos de programa\Google\Update\1.2.183.23\GoogleCrashHandler.exe
PRC - [2010/01/28 07:48:50 | 000,308,552 | ---- | M] (BitDefender S.R.L.) -- C:\Archivos de programa\Archivos comunes\BitDefender\BitDefender Update Service\livesrv.exe
PRC - [2010/01/11 15:21:52 | 000,246,504 | ---- | M] (Sun Microsystems, Inc.) -- C:\Archivos de programa\Archivos comunes\Java\Java Update\jusched.exe
PRC - [2009/12/19 17:20:18 | 000,066,864 | ---- | M] (Logitech Inc.) -- C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
PRC - [2009/09/03 02:48:44 | 001,153,824 | ---- | M] (Intuit Inc.) -- C:\Archivos de programa\Archivos comunes\Intuit\QuickBooks\QBUpdate\qbupdate.exe
PRC - [2009/09/03 01:09:42 | 000,024,576 | ---- | M] (Intuit) -- c:\Archivos de programa\Archivos comunes\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2009/08/28 19:42:54 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/05/12 11:36:18 | 000,623,888 | ---- | M] (Research In Motion Limited) -- C:\Archivos de programa\Archivos comunes\Research In Motion\Auto Update\RIMAutoUpdate.exe
PRC - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Archivos de programa\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/08/14 17:15:46 | 002,407,184 | ---- | M] () -- C:\Archivos de programa\Logitech\QuickCam\Quickcam.exe
PRC - [2008/08/14 17:11:48 | 000,565,008 | ---- | M] () -- C:\Archivos de programa\Archivos comunes\LogiShrd\LComMgr\Communications_Helper.exe
PRC - [2008/08/14 17:11:14 | 000,447,248 | ---- | M] (Logitech Inc.) -- C:\Archivos de programa\Archivos comunes\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2008/07/26 08:25:36 | 000,150,040 | ---- | M] (Logitech Inc.) -- C:\Archivos de programa\Archivos comunes\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2008/07/26 08:23:42 | 000,186,904 | ---- | M] (Logitech Inc.) -- C:\Archivos de programa\Archivos comunes\LogiShrd\LVCOMSER\LVComSer.exe
PRC - [2008/04/13 20:18:57 | 001,036,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/25 14:32:56 | 000,689,416 | ---- | M] (Logitech, Inc.) -- c:\Archivos de programa\Logitech\QuickCam\LU\LogitechUpdate.exe
PRC - [2008/01/25 14:32:48 | 000,191,240 | ---- | M] (Logitech, Inc.) -- c:\Archivos de programa\Logitech\QuickCam\LU\LULnchr.exe
PRC - [2007/11/20 15:36:25 | 001,454,592 | ---- | M] (Motive Communications, Inc.) -- C:\Archivos de programa\HughesNetTools\1\McciTrayApp_SSR.exe
PRC - [2007/07/25 16:41:42 | 000,647,168 | ---- | M] (Intel Corporation) -- C:\Archivos de programa\Intel\Wireless\Bin\EvtEng.exe
PRC - [2007/07/25 16:32:50 | 000,823,296 | ---- | M] (Intel Corporation) -- C:\Archivos de programa\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2007/07/25 16:32:34 | 000,294,912 | ---- | M] (Intel® Corporation) -- C:\Archivos de programa\Intel\Wireless\Bin\WLKEEPER.exe
PRC - [2007/07/25 16:30:36 | 000,974,848 | ---- | M] (Intel Corporation) -- C:\Archivos de programa\Intel\Wireless\Bin\iFrmewrk.exe
PRC - [2007/07/25 16:29:38 | 000,987,136 | ---- | M] (Intel Corporation ) -- C:\Archivos de programa\Intel\Wireless\Bin\S24EvMon.exe
PRC - [2007/07/25 16:26:14 | 000,491,520 | ---- | M] (Intel Corporation) -- C:\Archivos de programa\Intel\Wireless\Bin\Dot1XCfg.exe
PRC - [2007/07/25 16:22:44 | 000,327,680 | ---- | M] (Intel Corporation) -- C:\Archivos de programa\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2006/10/26 20:24:54 | 000,098,632 | ---- | M] (Microsoft Corporation) -- C:\Archivos de programa\Microsoft Office\Office12\ONENOTEM.EXE


========== Modules (SafeList) ==========

MOD - [2010/05/19 17:46:27 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\DELL\Escritorio\OTL.exe
MOD - [2010/05/05 05:34:06 | 000,098,304 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\Archivos de programa\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\plugin_net.m32
MOD - [2010/05/05 05:34:05 | 000,176,128 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\Archivos de programa\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\plugin_extra.m32
MOD - [2010/05/05 05:34:02 | 000,266,240 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\Archivos de programa\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\plugin_nt.m32
MOD - [2010/05/05 05:34:01 | 000,151,552 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\Archivos de programa\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\plugin_base.m32
MOD - [2010/05/05 05:33:59 | 000,319,488 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\Archivos de programa\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\plugin_fragments.m32
MOD - [2010/05/05 05:33:58 | 000,126,976 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\Archivos de programa\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\plugin_registry.m32
MOD - [2010/05/05 05:33:57 | 000,217,088 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\Archivos de programa\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll
MOD - [2008/07/26 08:25:24 | 000,109,080 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\Temp\logishrd\LVPrcInj03.dll
MOD - [2008/04/13 20:17:10 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/05/04 04:09:12 | 001,615,688 | ---- | M] (BitDefender S.R.L.) [Auto | Running] -- C:\Archivos de programa\BitDefender\BitDefender 2010\vsserv.exe -- (VSSERV)
SRV - [2010/04/01 07:55:03 | 000,315,392 | ---- | M] (S.C. BitDefender S.R.L) [On_Demand | Stopped] -- C:\Archivos de programa\Archivos comunes\BitDefender\BitDefender Threat Scanner\scan.dll -- (scan)
SRV - [2010/01/28 07:48:50 | 000,308,552 | ---- | M] (BitDefender S.R.L.) [Auto | Running] -- C:\Archivos de programa\Archivos comunes\BitDefender\BitDefender Update Service\livesrv.exe -- (LIVESRV)
SRV - [2009/10/19 16:06:10 | 000,183,880 | ---- | M] (BitDefender S.R.L. http://www.bitdefender.com) [On_Demand | Stopped] -- C:\Archivos de programa\Archivos comunes\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe -- (Arrakis3)
SRV - [2009/09/03 01:09:42 | 000,024,576 | ---- | M] (Intuit) [Auto | Running] -- c:\Archivos de programa\Archivos comunes\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2009/08/28 19:42:54 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/07/23 21:10:38 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- c:\Archivos de programa\Archivos comunes\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Archivos de programa\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/07/26 08:25:36 | 000,150,040 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Archivos de programa\Archivos comunes\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2008/07/26 08:23:42 | 000,186,904 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Archivos de programa\Archivos comunes\LogiShrd\LVCOMSER\LVComSer.exe -- (LVCOMSer)
SRV - [2007/07/25 16:41:42 | 000,647,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Archivos de programa\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel®
SRV - [2007/07/25 16:32:34 | 000,294,912 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Archivos de programa\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER) Intel®
SRV - [2007/07/25 16:29:38 | 000,987,136 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\Archivos de programa\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor) Intel®
SRV - [2007/07/25 16:22:44 | 000,327,680 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Archivos de programa\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel®
SRV - [2007/02/10 05:29:56 | 000,089,968 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- c:\Archivos de programa\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2006/10/26 19:49:34 | 000,441,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Archivos de programa\Archivos comunes\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006/10/26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Archivos de programa\Archivos comunes\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


========== Driver Services (SafeList) ==========

DRV - [2010/05/19 16:35:55 | 000,859,648 | ---- | M] () [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\drivers\zwpvhl.sys -- (zwpvhl)
DRV - [2010/05/06 17:10:20 | 000,068,168 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Archivos de programa\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/05/04 04:09:29 | 000,058,368 | ---- | M] (BitDefender) [Kernel | On_Demand | Running] -- C:\Archivos de programa\BitDefender\BitDefender 2010\bdselfpr.sys -- (BDSelfPr)
DRV - [2010/05/04 04:09:26 | 000,119,504 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Archivos de programa\Archivos comunes\BitDefender\BitDefender Firewall\bdftdif.sys -- (bdftdif)
DRV - [2010/05/04 04:09:18 | 000,085,128 | ---- | M] (BitDefender) [Kernel | Auto | Running] -- C:\Archivos de programa\BitDefender\BitDefender 2010\bdvedisk.sys -- (BDVEDISK)
DRV - [2010/05/04 04:09:06 | 000,111,312 | ---- | M] (BitDefender LLC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bdfndisf.sys -- (Bdfndisf)
DRV - [2010/04/01 07:55:10 | 000,291,352 | ---- | M] (BitDefender) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\bdfsfltr.sys -- (bdfsfltr)
DRV - [2010/02/17 11:25:50 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Archivos de programa\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/02/09 06:40:13 | 000,153,448 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bdfm.sys -- (bdfm)
DRV - [2009/08/27 16:28:44 | 000,014,720 | ---- | M] (BitDefender S.R.L.) [Kernel | On_Demand | Stopped] -- C:\Archivos de programa\Archivos comunes\BitDefender\BitDefender Threat Scanner\profos.sys -- (Profos)
DRV - [2009/05/09 01:14:20 | 000,014,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nuidfltr.sys -- (NuidFltr)
DRV - [2009/05/07 03:22:06 | 000,039,808 | ---- | M] (BitDefender S.R.L.) [Kernel | On_Demand | Stopped] -- C:\Archivos de programa\Archivos comunes\BitDefender\BitDefender Threat Scanner\trufos.sys -- (Trufos)
DRV - [2008/07/26 09:26:22 | 000,041,752 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvusbsta.sys.bak -- (LVUSBSta)
DRV - [2008/07/26 09:25:48 | 000,627,864 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvrs.sys.bak -- (LVRS)
DRV - [2008/07/26 08:25:02 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2008/04/13 12:46:24 | 000,019,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wstcodec.sys.bak -- (WSTCODEC)
DRV - [2008/04/13 12:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) Controlador de audio USB (WDM)
DRV - [2008/04/13 12:40:58 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\changer.sys -- (Changer)
DRV - [2008/04/13 12:40:26 | 000,034,688 | ---- | M] (Toshiba Corp.) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\lbrtfdc.sys -- (lbrtfdc)
DRV - [2008/04/13 10:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/07/25 17:44:28 | 002,210,048 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Controlador de la Conexión de red Intel®
DRV - [2007/05/29 15:29:30 | 000,012,416 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2007/05/10 10:24:34 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/11/15 00:16:24 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2006/11/14 19:42:46 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/14 17:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2005/12/01 01:40:56 | 000,936,960 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2005/12/01 01:40:12 | 000,192,512 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2005/12/01 01:40:08 | 000,669,696 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2005/08/05 11:32:16 | 000,045,312 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-839522115-630328440-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-839522115-630328440-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-839522115-630328440-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKU\S-1-5-21-839522115-630328440-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTe...-8&fr=b1ie7
IE - HKU\S-1-5-21-839522115-630328440-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-839522115-630328440-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://es.msn.com/
IE - HKU\S-1-5-21-839522115-630328440-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = es
IE - HKU\S-1-5-21-839522115-630328440-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F2 5E 8D F7 89 F1 CA 01 [binary data]
IE - HKU\S-1-5-21-839522115-630328440-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-839522115-630328440-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-839522115-630328440-725345543-1004\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Archivos de programa\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-839522115-630328440-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-839522115-630328440-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\Extensions\\FFToolbar@bitdefender.com: C:\Archivos de programa\BitDefender\BitDefender 2010\bdaphffext\ [2010/04/03 13:20:34 | 000,000,000 | ---D | M]

[2010/02/02 17:15:27 | 000,000,000 | ---D | M] -- C:\Archivos de programa\Mozilla Firefox\extensions
[2009/10/19 18:59:44 | 000,047,104 | ---- | M] (BitDefender S.R.L.) -- C:\Archivos de programa\Mozilla Firefox\components\FFComm.dll
[2010/02/02 13:43:19 | 000,001,490 | ---- | M] () -- C:\Archivos de programa\Mozilla Firefox\searchplugins\AIM Search.xml

O1 HOSTS File: ([2004/08/20 06:00:00 | 000,000,792 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Archivos de programa\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Aplicación auxiliar de vínculos de Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Archivos comunes\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Archivos de programa\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (Yahooo Search Protection) - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - C:\Archivos de programa\Yahoo!\Search Protection\ysp.dll (Yahoo! Inc.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Archivos de programa\AVG\AVG9\avgssie.dll File not found
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Archivos de programa\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (HDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Archivos de programa\HughesNet Download Manager\iefdm2.dll ()
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Archivos de programa\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (BitDefender Toolbar) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Archivos de programa\BitDefender\BitDefender 2010\ietoolbar.dll (BitDefender S.R.L.)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Archivos de programa\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-839522115-630328440-725345543-1004\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\S-1-5-21-839522115-630328440-725345543-1004\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Archivos de programa\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Archivos de programa\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [BDAgent] C:\Archivos de programa\BitDefender\BitDefender 2010\bdagent.exe (BitDefender S.R.L.)
O4 - HKLM..\Run: [BitDefender Antiphishing Helper] C:\Archivos de programa\BitDefender\BitDefender 2010\IEShow.exe (BitDefender S.R.L.)
O4 - HKLM..\Run: [BlackBerryAutoUpdate] C:\Archivos de programa\Archivos comunes\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [HughesNetTools_McciTrayApp] C:\Archivos de programa\HughesNetTools\1\McciTrayApp_SSR.exe (Motive Communications, Inc.)
O4 - HKLM..\Run: [IntelWireless] C:\Archivos de programa\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Archivos de programa\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [Intuit SyncManager] c:\Archivos de programa\Archivos comunes\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [LanguageShortcut] C:\Archivos de programa\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Archivos de programa\Archivos comunes\LogiShrd\LComMgr\Communications_Helper.exe ()
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Archivos de programa\Logitech\QuickCam\Quickcam.exe ()
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Archivos de programa\SigmaTel\C-Major Audio\WDM\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Archivos de programa\Archivos comunes\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKU\S-1-5-21-839522115-630328440-725345543-1004..\Run: [HughesNet Download Manager] C:\Archivos de programa\HughesNet Download Manager\HDM.exe (HughesNet.com)
O4 - HKU\S-1-5-21-839522115-630328440-725345543-1004..\Run: [Messenger (Yahoo!)] C:\Archivos de programa\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\S-1-5-21-839522115-630328440-725345543-1004..\Run: [Search Protection] C:\Archivos de programa\Yahoo!\Search Protection\SearchProtection.exe File not found
O4 - HKU\S-1-5-21-839522115-630328440-725345543-1004..\Run: [SUPERAntiSpyware] C:\Archivos de programa\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Menú Inicio\Programas\Inicio\Logitech Desktop Messenger.lnk = C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Menú Inicio\Programas\Inicio\QuickBooks Update Agent.lnk = C:\Archivos de programa\Archivos comunes\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
O4 - Startup: C:\Documents and Settings\DELL\Menú Inicio\Programas\Inicio\Recorte de pantalla e Inicio rápido de OneNote 2007.lnk = C:\Archivos de programa\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-839522115-630328440-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Download all with HughesNet Download Manager - C:\Archivos de programa\HughesNet Download Manager\dlall.htm ()
O8 - Extra context menu item: Download selected with HughesNet Download Manager - C:\Archivos de programa\HughesNet Download Manager\dlselected.htm ()
O8 - Extra context menu item: Download video with HughesNet Download Manager - C:\Archivos de programa\HughesNet Download Manager\dlfvideo.htm ()
O8 - Extra context menu item: Download with HughesNet Download Manager - C:\Archivos de programa\HughesNet Download Manager\dllink.htm ()
O8 - Extra context menu item: E&xportar a Microsoft Excel - C:\Archivos de programa\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Archivos de programa\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Archivos de programa\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Archivos de programa\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Archivos de programa\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Archivos de programa\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Archivos de programa\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: PackageCab http://ak.imgag.com/imgag/cp/install/AxCtp2.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 66.82.4.8
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Archivos de programa\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\intu-help-qb3 {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - c:\Program Files\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Archivos de programa\Archivos comunes\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Archivos de programa\SUPERAntiSpyware\SASWINLO.dll - C:\Archivos de programa\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (Mi página de inicio actual) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Felicidad.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Felicidad.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Archivos de programa\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Archivos de programa\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/12/15 15:32:10 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: dvdudwxp - (C:\WINDOWS\system32\logoing6.dll) - C:\WINDOWS\System32\logoing6.dll File not found
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Menú Inicio^Programas^Inicio^Desktop Manager.lnk - C:\Archivos de programa\Research In Motion\BlackBerry\DesktopMgr.exe - (Research In Motion Limited)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Generación de gráficos vectoriales (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Reproductor de Windows Media de Microsoft 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Enlace dinámico de datos HTML para Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Autoría avanzada
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - Clases Java DirectAnimation
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Actualización de seguridad para Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {85AC0FFA-643D-3103-9310-7086ECB0C36C} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Programador de tareas
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.I420 - C:\WINDOWS\System32\lvcodec2.dll (Logitech Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2009/12/15 15:31:42 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/05/19 17:46:26 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\DELL\Escritorio\OTL.exe
[2010/05/18 21:01:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DELL\Escritorio\lechugero 2010
[2010/05/16 08:22:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2010/05/16 06:29:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DELL\Escritorio\gmer
[2010/05/15 07:33:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DELL\Mis documentos\help
[2010/05/11 20:33:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Datos de programa\SUPERAntiSpyware.com
[2010/05/11 20:32:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DELL\Datos de programa\SUPERAntiSpyware.com
[2010/05/11 20:32:59 | 000,000,000 | ---D | C] -- C:\Archivos de programa\SUPERAntiSpyware
[2010/05/11 20:31:46 | 000,000,000 | ---D | C] -- C:\Archivos de programa\Archivos comunes\Wise Installation Wizard
[2010/05/11 18:25:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DELL\Datos de programa\Malwarebytes
[2010/05/11 18:25:38 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/05/11 18:25:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Datos de programa\Malwarebytes
[2010/05/11 18:25:36 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/05/11 18:25:36 | 000,000,000 | ---D | C] -- C:\Archivos de programa\Malwarebytes' Anti-Malware
[2010/05/11 00:00:37 | 000,000,000 | ---D | C] -- C:\618c0bf6ab9e7243c582
[2010/05/10 23:45:07 | 000,000,000 | ---D | C] -- C:\ff7fa3a6ea517c1dd8ee4f27df37b593
[2010/05/10 23:15:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2010/05/10 13:27:44 | 000,010,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndisip.sys
[2010/05/10 13:27:42 | 000,034,688 | ---- | C] (Toshiba Corp.) -- C:\WINDOWS\System32\drivers\lbrtfdc.sys
[2010/05/10 13:27:42 | 000,034,688 | ---- | C] (Toshiba Corp.) -- C:\WINDOWS\System32\dllcache\lbrtfdc.sys
[2010/05/10 13:27:41 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\changer.sys
[2010/05/10 13:27:41 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\changer.sys
[2010/05/10 13:27:26 | 000,018,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cdaudio.sys
[2010/05/10 13:27:24 | 000,008,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\i2omgmt.sys
[2010/05/10 13:27:23 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\flpydisk.sys
[2010/05/10 13:27:22 | 000,027,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fdc.sys
[2010/05/10 13:27:22 | 000,002,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\drmkaud.sys
[2010/05/10 13:27:21 | 000,052,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dmusic.sys
[2010/05/10 13:27:21 | 000,017,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ccdecode.sys
[2010/05/10 13:27:20 | 000,101,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthpan.sys
[2010/05/10 13:27:20 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthusb.sys
[2010/05/10 13:27:18 | 000,017,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthenum.sys
[2010/05/10 13:27:17 | 000,142,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aec.sys
[2010/05/08 22:03:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DELL\Escritorio\greenhouse mkt
[2010/05/08 21:00:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DELL\Escritorio\pics funny
[2010/05/08 19:17:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DELL\Escritorio\yaneth
[2010/05/08 18:56:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DELL\Escritorio\Campisa feb 2010
[2010/05/08 17:50:56 | 000,000,000 | ---D | C] -- C:\Archivos de programa\Paint.NET
[2010/05/08 17:50:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DELL\Configuración local\Datos de programa\Paint.NET
[2010/05/05 05:30:59 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\DELL\IECompatCache
[2010/04/26 22:10:27 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\DELL\PrivacIE
[2010/04/26 22:07:09 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\DELL\IETldCache
[2010/04/26 22:01:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2010/04/26 21:56:01 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010/04/26 21:50:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DELL\Mis documentos\Mis archivos recibidos
[2010/04/21 19:53:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DELL\Escritorio\FB
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/05/19 17:50:50 | 004,980,736 | -H-- | M] () -- C:\Documents and Settings\DELL\NTUSER.DAT
[2010/05/19 17:46:27 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\DELL\Escritorio\OTL.exe
[2010/05/19 17:38:20 | 000,000,376 | ---- | M] () -- C:\Documents and Settings\DELL\Datos de programaprivacy.xml
[2010/05/19 17:36:34 | 000,001,080 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/05/19 17:35:19 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/19 17:35:15 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/19 16:12:03 | 000,001,084 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/05/19 16:04:05 | 000,000,986 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-839522115-630328440-725345543-1004UA.job
[2010/05/19 15:52:52 | 000,016,158 | ---- | M] () -- C:\Documents and Settings\DELL\Mis documentos\INVENTARIOS LECHUGA A 15 MAYO 10.xlsx
[2010/05/19 09:16:32 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/05/19 08:57:11 | 000,094,720 | ---- | M] () -- C:\Documents and Settings\DELL\Escritorio\cotizacion reparacion lechuguero mayo 10.doc
[2010/05/18 21:02:48 | 000,000,052 | ---- | M] () -- C:\WINDOWS\System32\ashttpstats.csv
[2010/05/18 21:02:37 | 000,000,192 | -HS- | M] () -- C:\Documents and Settings\DELL\ntuser.ini
[2010/05/18 20:04:00 | 000,000,934 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-839522115-630328440-725345543-1004Core.job
[2010/05/18 18:35:50 | 000,013,835 | ---- | M] () -- C:\Documents and Settings\DELL\Escritorio\vencido labels horti.xlsx
[2010/05/18 06:21:12 | 000,001,964 | ---- | M] () -- C:\Documents and Settings\All Users\Escritorio\Google Earth.lnk
[2010/05/17 19:30:40 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/05/16 14:16:35 | 000,021,289 | ---- | M] () -- C:\Documents and Settings\DELL\Mis documentos\COMIDAS DE HONDURAS.docx
[2010/05/16 06:19:59 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\DELL\Escritorio\dds.scr
[2010/05/16 06:18:23 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\DELL\defogger_reenable
[2010/05/16 06:17:01 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\DELL\Escritorio\Defogger.exe
[2010/05/15 07:45:27 | 000,046,044 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/05/15 07:43:11 | 000,002,165 | ---- | M] () -- C:\Documents and Settings\All Users\Escritorio\ .lnk
[2010/05/13 18:10:04 | 000,012,421 | ---- | M] () -- C:\Documents and Settings\DELL\Mis documentos\plan reinversion.xlsx
[2010/05/13 14:21:02 | 000,000,298 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/05/11 20:33:11 | 000,000,829 | ---- | M] () -- C:\Documents and Settings\All Users\Escritorio\SUPERAntiSpyware Free Edition.lnk
[2010/05/11 18:25:42 | 000,000,731 | ---- | M] () -- C:\Documents and Settings\All Users\Escritorio\Malwarebytes' Anti-Malware.lnk
[2010/05/10 13:25:24 | 000,000,020 | ---- | M] () -- C:\Documents and Settings\DELL\Datos de programa\qvjsge.dat
[2010/05/08 20:41:12 | 000,287,704 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/05/08 17:50:19 | 000,075,976 | ---- | M] () -- C:\Documents and Settings\DELL\Configuración local\Datos de programa\GDIPFONTCACHEV1.DAT
[2010/05/08 16:39:10 | 001,111,125 | ---- | M] () -- C:\Documents and Settings\DELL\Escritorio\calendario mayo.mht
[2010/05/08 16:31:10 | 000,285,788 | ---- | M] () -- C:\Documents and Settings\DELL\Mis documentos\tarjeta diamadre.ctp
[2010/05/08 09:05:47 | 000,000,198 | ---- | M] () -- C:\Documents and Settings\All Users\Escritorio\Create & Print Home.url
[2010/05/06 08:56:09 | 000,008,794 | ---- | M] () -- C:\Documents and Settings\DELL\Mis documentos\planillas semanal 2010.xlsx
[2010/05/04 13:40:21 | 000,011,650 | ---- | M] () -- C:\Documents and Settings\DELL\Mis documentos\impulsaciondetalle de comision x venta mensual.xlsx
[2010/05/04 04:09:06 | 000,111,312 | ---- | M] (BitDefender LLC) -- C:\WINDOWS\System32\drivers\bdfndisf.sys
[2010/05/02 13:32:23 | 000,435,828 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/05/02 13:32:23 | 000,068,558 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/05/02 13:32:22 | 000,512,960 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/05/02 13:32:22 | 000,497,684 | ---- | M] () -- C:\WINDOWS\System32\perfh00A.dat
[2010/05/02 13:32:22 | 000,086,306 | ---- | M] () -- C:\WINDOWS\System32\perfc00A.dat
[2010/05/02 07:44:23 | 000,000,702 | ---- | M] () -- C:\Documents and Settings\DELL\Escritorio\ .lnk
[2010/04/30 12:30:17 | 000,286,114 | ---- | M] () -- C:\Documents and Settings\DELL\Mis documentos\autorizacion de reclamo de cheque chofer.docx
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/28 21:06:15 | 000,012,457 | ---- | M] () -- C:\Documents and Settings\DELL\Mis documentos\TRATAMIENTO NATURAL PARA GASTRITIS.docx
[2010/04/28 16:10:24 | 000,002,331 | ---- | M] () -- C:\Documents and Settings\DELL\Escritorio\  .lnk
[2010/04/28 02:01:32 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/04/25 20:57:30 | 000,029,184 | ---- | M] () -- C:\Documents and Settings\DELL\Mis documentos\cotizacion camisas bordadas greenhouse.xls
[2010/04/24 22:13:54 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\DELL\Configuración local\Datos de programa\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/24 07:22:23 | 000,104,960 | ---- | M] () -- C:\Documents and Settings\DELL\Mis documentos\tio.pub
[2010/04/21 06:27:50 | 001,015,296 | ---- | M] () -- C:\Documents and Settings\DELL\Escritorio\factura_numeradas_22-6-08.xls
[2010/04/20 21:49:27 | 000,046,601 | ---- | M] () -- C:\Documents and Settings\DELL\Mis documentos\carta a clientes por aumento de precio a las lechugas feb-2010.docx
[2010/04/20 07:13:59 | 000,043,465 | ---- | M] () -- C:\Documents and Settings\DELL\Mis documentos\carta paro de cobro cheque robado 19-04-10.docx
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/05/19 08:57:10 | 000,094,720 | ---- | C] () -- C:\Documents and Settings\DELL\Escritorio\cotizacion reparacion lechuguero mayo 10.doc
[2010/05/18 06:21:12 | 000,001,964 | ---- | C] () -- C:\Documents and Settings\All Users\Escritorio\Google Earth.lnk
[2010/05/17 10:34:52 | 000,016,158 | ---- | C] () -- C:\Documents and Settings\DELL\Mis documentos\INVENTARIOS LECHUGA A 15 MAYO 10.xlsx
[2010/05/16 14:16:34 | 000,021,289 | ---- | C] () -- C:\Documents and Settings\DELL\Mis documentos\COMIDAS DE HONDURAS.docx
[2010/05/16 06:19:57 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\DELL\Escritorio\dds.scr
[2010/05/16 06:18:23 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\DELL\defogger_reenable
[2010/05/16 06:17:01 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\DELL\Escritorio\Defogger.exe
[2010/05/13 18:10:04 | 000,012,421 | ---- | C] () -- C:\Documents and Settings\DELL\Mis documentos\plan reinversion.xlsx
[2010/05/11 20:33:11 | 000,000,829 | ---- | C] () -- C:\Documents and Settings\All Users\Escritorio\SUPERAntiSpyware Free Edition.lnk
[2010/05/11 18:25:42 | 000,000,731 | ---- | C] () -- C:\Documents and Settings\All Users\Escritorio\Malwarebytes' Anti-Malware.lnk
[2010/05/10 13:25:20 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\DELL\Datos de programa\qvjsge.dat
[2010/05/08 16:39:04 | 001,111,125 | ---- | C] () -- C:\Documents and Settings\DELL\Escritorio\calendario mayo.mht
[2010/05/08 16:31:09 | 000,285,788 | ---- | C] () -- C:\Documents and Settings\DELL\Mis documentos\tarjeta diamadre.ctp
[2010/05/06 08:56:08 | 000,008,794 | ---- | C] () -- C:\Documents and Settings\DELL\Mis documentos\planillas semanal 2010.xlsx
[2010/05/04 13:31:23 | 000,011,650 | ---- | C] () -- C:\Documents and Settings\DELL\Mis documentos\impulsaciondetalle de comision x venta mensual.xlsx
[2010/05/02 07:44:23 | 000,000,702 | ---- | C] () -- C:\Documents and Settings\DELL\Escritorio\ .lnk
[2010/04/30 12:30:16 | 000,286,114 | ---- | C] () -- C:\Documents and Settings\DELL\Mis documentos\autorizacion de reclamo de cheque chofer.docx
[2010/04/27 18:59:30 | 000,012,457 | ---- | C] () -- C:\Documents and Settings\DELL\Mis documentos\TRATAMIENTO NATURAL PARA GASTRITIS.docx
[2010/04/25 20:57:29 | 000,029,184 | ---- | C] () -- C:\Documents and Settings\DELL\Mis documentos\cotizacion camisas bordadas greenhouse.xls
[2010/04/24 07:22:23 | 000,104,960 | ---- | C] () -- C:\Documents and Settings\DELL\Mis documentos\tio.pub
[2010/04/20 07:13:58 | 000,043,465 | ---- | C] () -- C:\Documents and Settings\DELL\Mis documentos\carta paro de cobro cheque robado 19-04-10.docx
[2010/01/17 10:45:10 | 000,000,091 | ---- | C] () -- C:\WINDOWS\QBChanUtil_Trigger.ini
[2009/12/19 23:05:15 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/12/19 17:17:10 | 000,066,482 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2009/12/16 08:46:07 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2009/12/15 16:29:15 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2009/12/15 16:29:14 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2009/01/15 12:45:34 | 000,181,248 | ---- | C] () -- C:\WINDOWS\System32\txmlutil.dll
[2008/07/26 08:25:02 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2007/01/31 13:50:32 | 000,913,408 | ---- | C] () -- C:\WINDOWS\System32\xreglib.dll

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2004/08/20 06:00:00 | 018,785,875 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2010/01/03 14:59:30 | 023,895,938 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2010/01/03 14:59:30 | 023,895,938 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 12:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 12:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/20 06:00:00 | 018,785,875 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2010/01/03 14:59:30 | 023,895,938 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2010/01/03 14:59:30 | 023,895,938 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 12:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 12:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/20 06:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 20:18:21 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2744C713F0217BD8FFD13E2EF731371C -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 20:18:21 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2744C713F0217BD8FFD13E2EF731371C -- C:\WINDOWS\system32\eventlog.dll
[2004/08/20 06:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=5696DF4EF09C375CE42FB2DDE1E68AB7 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[2009/06/25 15:04:32 | 000,001,536 | ---- | M] () MD5=8D4CD834292293F4055BAC313268E2DE -- C:\Archivos de programa\Archivos comunes\BitDefender\BitDefender Arrakis Server\lib\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2004/08/20 06:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=7FD182B1B80117C353983565D60B1CAF -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2008/04/13 20:18:28 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=CD2BBB52DFAAB666B812A51B1E96F2A0 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 20:18:28 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=CD2BBB52DFAAB666B812A51B1E96F2A0 -- C:\WINDOWS\system32\netlogon.dll
[2009/02/06 12:46:46 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=E24DE816D7A868A11A320C0A09164BFF -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009/02/06 12:46:46 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=E24DE816D7A868A11A320C0A09164BFF -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll

< MD5 for: SCECLI.DLL >
[2008/04/13 20:18:35 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=B6BE3C96CD33336A551DB3F2299A8E69 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 20:18:35 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=B6BE3C96CD33336A551DB3F2299A8E69 -- C:\WINDOWS\system32\scecli.dll
[2004/08/20 06:00:00 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=C6347748F2E9F310EA1E1915482ABFEF -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2010/02/09 06:40:13 | 000,153,448 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\bdfm.sys
[2010/05/04 04:09:06 | 000,111,312 | ---- | M] (BitDefender LLC) Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\bdfndisf.sys
[2010/04/01 07:55:10 | 000,291,352 | ---- | M] (BitDefender) Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\bdfsfltr.sys

< %systemroot%\System32\config\*.sav >
[2009/12/15 09:16:19 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009/12/15 09:16:19 | 000,643,072 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009/12/15 09:16:18 | 000,466,944 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\drivers\*.sys /90 >
[2010/05/04 04:09:06 | 000,111,312 | ---- | M] (BitDefender LLC) -- C:\WINDOWS\system32\drivers\bdfndisf.sys
[2010/04/01 07:55:10 | 000,291,352 | ---- | M] (BitDefender) -- C:\WINDOWS\system32\drivers\bdfsfltr.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
[2010/02/24 07:11:07 | 000,455,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mrxsmb.sys
< End of report >


OTL Extras logfile created on: 5/19/2010 5:49:53 PM - Run 1
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Documents and Settings\DELL\Escritorio
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: Estados Unidos | Language: ENU | Date Format: M/d/yyyy

1,015.00 Mb Total Physical Memory | 515.00 Mb Available Physical Memory | 51.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Archivos de programa
Drive C: | 149.04 Gb Total Space | 121.28 Gb Free Space | 81.38% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DELL-CDAEC6814E
Current User Name: DELL
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-21-839522115-630328440-725345543-1004\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Archivos de programa\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\ARCHIV~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Archivos de programa\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Archivos de programa\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Archivos de programa\Microsoft Office\Office12\GROOVE.EXE" = C:\Archivos de programa\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Archivos de programa\Microsoft Office\Office12\ONENOTE.EXE" = C:\Archivos de programa\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Archivos de programa\Yahoo!\Messenger\YahooMessenger.exe" = C:\Archivos de programa\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech Inc.)
"C:\Program Files\Intuit\QuickBooks 2010\QBDBMgrN.exe" = C:\Program Files\Intuit\QuickBooks 2010\QBDBMgrN.exe:*:Enabled:QuickBooks 2010 Data Manager -- (Intuit, Inc.)
"C:\Archivos de programa\AIM\aim.exe" = C:\Archivos de programa\AIM\aim.exe:*:Enabled:AIM -- (AOL LLC)
"C:\Archivos de programa\iTunes\iTunes.exe" = C:\Archivos de programa\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06A9E630-DBA6-4D92-9DE7-A235AA6496C7}" = QuickBooks
"{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}" = mSSO
"{0700E22B-A419-40A5-BD20-04BF618CA0F9}" = QuickBooks Simple Start 2010 Free Edition
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java™ 6 Update 18
"{30120000-0044-0C0A-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Spanish) 2007 (Beta)
"{350C9C0A-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{3AF8FCCD-F51A-4014-9002-F195E1CBC876}" = Logitech QuickCam
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{4664D722-33D1-4B4A-A317-1E64178B7A97}" = BitDefender Internet Security 2010
"{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}" = mHlpDell
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C8228F6-56B7-4E4D-968A-4BFC8A9B4655}" = Create and Print Plugin 4.0.8045
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{60DBEED5-6A01-44D4-86E4-1F4048DA5834}_is1" = HughesNet Download Manager 1.2
"{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75C22B40-6D12-4439-80DC-CAB3313EADA5}" = dj_sf_software_req
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{81063354-9060-42B2-A000-1EBE96778AA9}" = iTunes
"{829CD169-E692-48E8-9BDE-A3E8D8B65538}" = mSCfg
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{85AC0FFA-643D-3103-9310-7086ECB0C36C}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - ESN
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver for Mobile
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90120000-0010-0C0A-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (Spanish) 12
"{90120000-0015-0C0A-0000-0000000FF1CE}" = Microsoft Office Access MUI (Spanish) 2007
"{90120000-0016-0C0A-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Spanish) 2007
"{90120000-0018-0C0A-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Spanish) 2007
"{90120000-0019-0C0A-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Spanish) 2007
"{90120000-001A-0C0A-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Spanish) 2007
"{90120000-001B-0C0A-0000-0000000FF1CE}" = Microsoft Office Word MUI (Spanish) 2007
"{90120000-001F-0403-0000-0000000FF1CE}" = Microsoft Office Proof (Catalan) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0416-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Brazil)) 2007
"{90120000-001F-042D-0000-0000000FF1CE}" = Microsoft Office Proof (Basque) 2007
"{90120000-001F-0456-0000-0000000FF1CE}" = Microsoft Office Proof (Galician) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0C0A-0000-0000000FF1CE}" = Microsoft Office Proofing (Spanish) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-006E-0C0A-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Spanish) 2007
"{90120000-00A1-0C0A-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Spanish) 2007
"{90120000-00BA-0C0A-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Spanish) 2007
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{92E4A65F-7007-3357-A69A-167F71A337BD}" = Microsoft .NET Framework 3.5 Language Pack SP1 - esn
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9D0F85-5658-4A5E-95A9-65F7DB2916EE}" = Broadcom 440x 10/100 Integrated Controller
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1034-7B44-A81000000003}" = Adobe Reader 8.1.0 - Español
"{B7B3E9B3-FB14-4927-894B-E9124509AF5A}" = Adobe Flash Player 10 ActiveX
"{BDEDB104-4067-3D5E-81F0-DBEBFE856B45}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - ESN
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{E0C18BB0-32CA-4679-B422-9B9FA825378F}" = HP Deskjet Printer Driver Software 9.0
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{E9F44C98-B8B6-480F-AF7B-E42A0A46F4E3}" = Microsoft SQL Server VSS Writer
"{EF85141C-7980-4CB4-B19D-7680731135EC}" = BlackBerry Desktop Software 5.0
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{F9B3DD02-B0B3-42E9-8650-030DFF0D133D}" = Microsoft SQL Server Native Client
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"4569969E1360D2854474C661EF9B4D54F143EB16" = Paquete de controladores de Windows - Ricoh Company (rimsptsk) hdc (11/14/2006 6.00.01.04)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AIM_7" = AIM 7
"BlackBerry_{EF85141C-7980-4CB4-B19D-7680731135EC}" = BlackBerry Desktop Software 5.0
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem
"ENTERPRISE" = Microsoft Office Enterprise 2007
"HughesNetTools" = HughesNetTools
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"lvdrivers_11.80" = Paquete de controladores de Logitech QuickCam
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - esn" = Paquete de idioma de Microsoft .NET Framework 3.5 SP1 - esn
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Microsoft Visual Studio 2005 Tools for Office Runtime
"MSNINST" = MSN
"Nero7_is1" = Nero 7.10.1.0
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Picasa 3" = Picasa 3
"ProInst" = Software Intel® PROSet/Wireless
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = Compresor WinRAR
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Search Defender" = Yahoo! Search Protection
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-839522115-630328440-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/19/2010 8:04:09 AM | Computer Name = DELL-CDAEC6814E | Source = Google Update | ID = 20
Description =

Error - 5/19/2010 8:12:19 AM | Computer Name = DELL-CDAEC6814E | Source = Google Update | ID = 20
Description =

Error - 5/19/2010 9:04:06 AM | Computer Name = DELL-CDAEC6814E | Source = Google Update | ID = 20
Description =

Error - 5/19/2010 9:12:06 AM | Computer Name = DELL-CDAEC6814E | Source = Google Update | ID = 20
Description =

Error - 5/19/2010 10:04:06 AM | Computer Name = DELL-CDAEC6814E | Source = Google Update | ID = 20
Description =

Error - 5/19/2010 10:12:05 AM | Computer Name = DELL-CDAEC6814E | Source = Google Update | ID = 20
Description =

Error - 5/19/2010 4:04:06 PM | Computer Name = DELL-CDAEC6814E | Source = Google Update | ID = 20
Description =

Error - 5/19/2010 4:12:05 PM | Computer Name = DELL-CDAEC6814E | Source = Google Update | ID = 20
Description =

Error - 5/19/2010 5:04:05 PM | Computer Name = DELL-CDAEC6814E | Source = Google Update | ID = 20
Description =

Error - 5/19/2010 5:12:05 PM | Computer Name = DELL-CDAEC6814E | Source = Google Update | ID = 20
Description =

[ OSession Events ]
Error - 3/25/2010 10:58:13 PM | Computer Name = DELL-CDAEC6814E | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session
lasted 14528 seconds with 660 seconds of active time. This session ended with a
crash.

[ System Events ]
Error - 5/18/2010 8:26:38 PM | Computer Name = DELL-CDAEC6814E | Source = Service Control Manager | ID = 7022
Description = El servicio SQL Server VSS Writer permanece en inicio.

Error - 5/18/2010 8:26:38 PM | Computer Name = DELL-CDAEC6814E | Source = Service Control Manager | ID = 7034
Description = El servicio SQL Server VSS Writer se terminó de manera inesperada.
Esto ha sucedido 1 veces.

Error - 5/18/2010 8:30:07 PM | Computer Name = DELL-CDAEC6814E | Source = Service Control Manager | ID = 7022
Description = El servicio SQL Server VSS Writer permanece en inicio.

Error - 5/18/2010 8:30:07 PM | Computer Name = DELL-CDAEC6814E | Source = Service Control Manager | ID = 7034
Description = El servicio SQL Server VSS Writer se terminó de manera inesperada.
Esto ha sucedido 1 veces.

Error - 5/18/2010 10:05:36 PM | Computer Name = DELL-CDAEC6814E | Source = Service Control Manager | ID = 7022
Description = El servicio SQL Server VSS Writer permanece en inicio.

Error - 5/18/2010 10:05:41 PM | Computer Name = DELL-CDAEC6814E | Source = Service Control Manager | ID = 7034
Description = El servicio SQL Server VSS Writer se terminó de manera inesperada.
Esto ha sucedido 1 veces.

Error - 5/19/2010 7:29:23 AM | Computer Name = DELL-CDAEC6814E | Source = Service Control Manager | ID = 7022
Description = El servicio SQL Server VSS Writer permanece en inicio.

Error - 5/19/2010 7:29:25 AM | Computer Name = DELL-CDAEC6814E | Source = Service Control Manager | ID = 7034
Description = El servicio SQL Server VSS Writer se terminó de manera inesperada.
Esto ha sucedido 1 veces.

Error - 5/19/2010 7:37:51 PM | Computer Name = DELL-CDAEC6814E | Source = Service Control Manager | ID = 7022
Description = El servicio SQL Server VSS Writer permanece en inicio.

Error - 5/19/2010 7:37:51 PM | Computer Name = DELL-CDAEC6814E | Source = Service Control Manager | ID = 7034
Description = El servicio SQL Server VSS Writer se terminó de manera inesperada.
Esto ha sucedido 1 veces.


< End of report >


#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,770 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:41 PM

Posted 19 May 2010 - 07:34 PM

Hi,

you have been infected by a nasty rootkit. It is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.


If you decide to clean, then please run TDSSKiller and post the log in your next reply:
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.
  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v

  • If it says "Hidden service detected" DO NOT type anything in. Just press Enter on your keyboard to not do anything to the file.
  • When it is done, a log file should be created on your C: drive called "TDSSKiller.txt" please copy and paste the contents of that file here.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 yanmatt

yanmatt
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:03:41 PM

Posted 19 May 2010 - 10:46 PM

Hello Myrti,

I will continue at this point.

Thanks for the help, here is the log

21:42:57:937 5808 TDSS rootkit removing tool 2.3.0.0 May 12 2010 18:11:17
21:42:57:937 5808 ================================================================================
21:42:57:937 5808 SystemInfo:

21:42:57:937 5808 OS Version: 5.1.2600 ServicePack: 3.0
21:42:57:937 5808 Product type: Workstation
21:42:57:937 5808 ComputerName: DELL-CDAEC6814E
21:42:57:937 5808 UserName: DELL
21:42:57:937 5808 Windows directory: C:\WINDOWS
21:42:57:937 5808 Processor architecture: Intel x86
21:42:57:937 5808 Number of processors: 1
21:42:57:937 5808 Page size: 0x1000
21:42:57:937 5808 Boot type: Normal boot
21:42:57:937 5808 ================================================================================
21:42:57:937 5808 ForceUnloadDriverW: Old driver(klmd23) unloaded successfully
21:42:58:515 5808 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\system
21:42:58:515 5808 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
21:42:58:515 5808 wfopen_ex: Trying to KLMD file open
21:42:58:515 5808 wfopen_ex: File opened ok (Flags 2)
21:42:58:515 5808 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\software
21:42:58:515 5808 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
21:42:58:515 5808 wfopen_ex: Trying to KLMD file open
21:42:58:515 5808 wfopen_ex: File opened ok (Flags 2)
21:42:58:515 5808 KLAVA engine initialized
21:42:58:640 5808 Initialize success
21:42:58:640 5808
21:42:58:640 5808 Scanning Services ...
21:42:59:250 5808 Raw services enum returned 378 services
21:42:59:265 5808
21:42:59:265 5808 Scanning Drivers ...
21:42:59:609 5808 ACPI (cf2a07e1751a2d612d7e13aa431ab057) C:\WINDOWS\system32\DRIVERS\ACPI.sys
21:42:59:671 5808 ACPIEC (1c905333c0b9f3d7c68ddf25e54b00f9) C:\WINDOWS\system32\drivers\ACPIEC.sys
21:42:59:750 5808 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
21:42:59:812 5808 AegisP (a1ad1a4a9f18d900ca9c93fa3efdcb56) C:\WINDOWS\system32\DRIVERS\AegisP.sys
21:42:59:875 5808 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
21:42:59:968 5808 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
21:43:00:031 5808 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
21:43:00:046 5808 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
21:43:00:109 5808 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
21:43:00:140 5808 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
21:43:00:203 5808 bcm4sbxp (c768c8a463d32c219ce291645a0621a4) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
21:43:00:234 5808 bdfm (67c2a47db7190673350a3f9f5a1507cb) C:\WINDOWS\system32\drivers\bdfm.sys
21:43:00:265 5808 Bdfndisf (d981965d8d6578d663cf53d70a03f95a) C:\WINDOWS\system32\DRIVERS\bdfndisf.sys
21:43:00:281 5808 bdfsfltr (a21a4a0e6bdf0c2be0fabfa16d8c8f76) C:\WINDOWS\system32\drivers\bdfsfltr.sys
21:43:00:453 5808 bdftdif (0bdbf842a39d6c5640ba4b8acf29aa06) C:\Archivos de programa\Archivos comunes\BitDefender\BitDefender Firewall\bdftdif.sys
21:43:00:562 5808 BDSelfPr (0d756ced21d977ae32539da1f41bf879) C:\Archivos de programa\BitDefender\BitDefender 2010\bdselfpr.sys
21:43:00:578 5808 BDVEDISK (375cd0b9f433465ec6f50d4df44e9448) C:\Archivos de programa\BitDefender\BitDefender 2010\bdvedisk.sys
21:43:00:640 5808 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
21:43:00:703 5808 BthEnum (b279426e3c0c344893ed78a613a73bde) C:\WINDOWS\system32\DRIVERS\BthEnum.sys
21:43:00:734 5808 BthPan (80602b8746d3738f5886ce3d67ef06b6) C:\WINDOWS\system32\DRIVERS\bthpan.sys
21:43:00:781 5808 BTHPORT (53d951bb865ab36b200b1c9429db644c) C:\WINDOWS\system32\Drivers\BTHport.sys
21:43:00:828 5808 BTHUSB (61364cd71ef63b0f038b7e9df00f1efa) C:\WINDOWS\system32\Drivers\BTHUSB.sys
21:43:00:859 5808 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
21:43:00:890 5808 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
21:43:00:937 5808 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
21:43:01:000 5808 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
21:43:01:015 5808 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
21:43:01:046 5808 Changer (2a5815ca6fff24b688c01f828b96819c) C:\WINDOWS\system32\drivers\Changer.sys
21:43:01:093 5808 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
21:43:01:109 5808 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
21:43:01:156 5808 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
21:43:01:203 5808 dmboot (c252a99c0a78b39faa2e2d1d048b1050) C:\WINDOWS\system32\drivers\dmboot.sys
21:43:01:234 5808 dmio (33b4d4039cd2cb25351a7bf13b2988d9) C:\WINDOWS\system32\drivers\dmio.sys
21:43:01:265 5808 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
21:43:01:312 5808 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
21:43:01:343 5808 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
21:43:01:375 5808 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
21:43:01:406 5808 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
21:43:01:421 5808 Fips (e5e61f2c07344e91dbfb7eafde549ab4) C:\WINDOWS\system32\drivers\Fips.sys
21:43:01:453 5808 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
21:43:01:500 5808 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
21:43:01:515 5808 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
21:43:01:531 5808 Ftdisk (cc5f3af5711a1c7c8fa1d43bb16b401a) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
21:43:01:593 5808 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
21:43:01:609 5808 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
21:43:01:640 5808 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
21:43:01:703 5808 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
21:43:01:796 5808 HSF_DPV (e8ec1767ea315a39a0dd8989952ca0e9) C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys
21:43:01:812 5808 HSXHWAZL (61478fa42ee04562e7f11f4dca87e9c8) C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys
21:43:01:875 5808 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
21:43:01:937 5808 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
21:43:02:015 5808 i8042prt (4a2490a66e8271901e89dd5fb79748ae) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
21:43:02:109 5808 ialm (643162fbc619e35d3f1a90a095a5bb42) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
21:43:02:140 5808 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
21:43:02:187 5808 IntelIde (cdc98c84965ac816b3f76ec388e24078) C:\WINDOWS\system32\DRIVERS\intelide.sys
21:43:02:218 5808 intelppm (49a060498c09db18c3ea9939789005ab) C:\WINDOWS\system32\DRIVERS\intelppm.sys
21:43:02:234 5808 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
21:43:02:281 5808 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:43:02:312 5808 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
21:43:02:359 5808 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
21:43:02:390 5808 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
21:43:02:421 5808 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
21:43:02:437 5808 isapnp (0f3d281b0410fe5d482aada37d20524b) C:\WINDOWS\system32\DRIVERS\isapnp.sys
21:43:02:453 5808 Kbdclass (188ddd286bc0daea6984858c6a4d7bbf) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
21:43:02:484 5808 klmd23 (f736ee0d4da5b9bcc2c8539c8add06e2) C:\WINDOWS\system32\drivers\klmd.sys
21:43:02:515 5808 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
21:43:02:546 5808 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
21:43:02:609 5808 lbrtfdc (406598827a1b5f77954de11dde115ced) C:\WINDOWS\system32\drivers\lbrtfdc.sys
21:43:02:687 5808 LVPr2Mon (a6919138f29ae45e90e99fa94737e04c) C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys
21:43:02:781 5808 mdmxsdk (e246a32c445056996074a397da56e815) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
21:43:02:812 5808 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
21:43:02:843 5808 Modem (9024556e739b8469d2b8f5f0e4c9bc9f) C:\WINDOWS\system32\drivers\Modem.sys
21:43:02:859 5808 Mouclass (6fd36b4994a2363659a65c9f970cfdb7) C:\WINDOWS\system32\DRIVERS\mouclass.sys
21:43:02:921 5808 mouhid (8ee532e516b2d23d686cfc1cc0a15c25) C:\WINDOWS\system32\DRIVERS\mouhid.sys
21:43:02:937 5808 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
21:43:03:078 5808 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
21:43:03:140 5808 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
21:43:03:156 5808 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
21:43:03:234 5808 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
21:43:03:265 5808 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:43:03:281 5808 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
21:43:03:328 5808 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
21:43:03:375 5808 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
21:43:03:390 5808 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
21:43:03:468 5808 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
21:43:03:500 5808 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
21:43:03:546 5808 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
21:43:03:593 5808 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:43:03:656 5808 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:43:03:687 5808 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:43:03:718 5808 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
21:43:03:750 5808 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
21:43:03:781 5808 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
21:43:03:828 5808 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
21:43:03:859 5808 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
21:43:03:890 5808 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
21:43:03:968 5808 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
21:43:04:015 5808 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
21:43:04:078 5808 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
21:43:04:109 5808 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
21:43:04:140 5808 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
21:43:04:218 5808 Parport (e7855cbd8bd1fda085a3f92cff7906e2) C:\WINDOWS\system32\drivers\Parport.sys
21:43:04:234 5808 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
21:43:04:296 5808 ParVdm (fad44d704ecd7d39ad01415b8bb34204) C:\WINDOWS\system32\drivers\ParVdm.sys
21:43:04:328 5808 PCI (f11bc84ae6c7b003b5e0c8eeb4a1f444) C:\WINDOWS\system32\DRIVERS\pci.sys
21:43:04:390 5808 PCIIde (33d63f0a9021acb4d75d83b646b93a30) C:\WINDOWS\system32\DRIVERS\pciide.sys
21:43:04:437 5808 Pcmcia (f50c27cca56dc97b3a45e7f0059bd2ba) C:\WINDOWS\system32\drivers\Pcmcia.sys
21:43:04:593 5808 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
21:43:04:765 5808 Profos (d90a33660d328a9f587580f0b38c85de) C:\Archivos de programa\Archivos comunes\BitDefender\BitDefender Threat Scanner\profos.sys
21:43:04:796 5808 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
21:43:04:828 5808 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
21:43:04:906 5808 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
21:43:04:921 5808 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
21:43:04:953 5808 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:43:04:984 5808 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
21:43:05:015 5808 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
21:43:05:046 5808 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
21:43:05:109 5808 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
21:43:05:156 5808 redbook (20950948970a0ea329b4254052bcf093) C:\WINDOWS\system32\DRIVERS\redbook.sys
21:43:05:218 5808 RFCOMM (851c30df2807fcfa21e4c681a7d6440e) C:\WINDOWS\system32\DRIVERS\rfcomm.sys
21:43:05:265 5808 rimmptsk (d85e3fa9f5b1f29bb4ed185c450d1470) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
21:43:05:296 5808 rimsptsk (db8eb01c58c9fada00c70b1775278ae0) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
21:43:05:359 5808 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
21:43:05:390 5808 rismxdp (6c1f93c0760c9f79a1869d07233df39d) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
21:43:05:437 5808 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
21:43:05:500 5808 s24trans (eadfb87f911a7a75d1b80617f92901e8) C:\WINDOWS\system32\DRIVERS\s24trans.sys
21:43:05:640 5808 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Archivos de programa\SUPERAntiSpyware\SASDIFSV.SYS
21:43:05:687 5808 SASKUTIL (4fd72291a89793049104ca0a7e353cd4) C:\Archivos de programa\SUPERAntiSpyware\SASKUTIL.SYS
21:43:05:750 5808 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
21:43:05:796 5808 Serial (f41b42b92ae9c1191858c3f80cc24a9c) C:\WINDOWS\system32\drivers\Serial.sys
21:43:05:843 5808 sffdisk (0fa803c64df0914b41f807ea276bf2a6) C:\WINDOWS\system32\DRIVERS\sffdisk.sys
21:43:05:875 5808 sffp_sd (c17c331e435ed8737525c86a7557b3ac) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
21:43:05:953 5808 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
21:43:06:000 5808 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
21:43:06:046 5808 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
21:43:06:109 5808 sr (ccb3065c3ee63a4515fe84af9e78d1dd) C:\WINDOWS\system32\DRIVERS\sr.sys
21:43:06:187 5808 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
21:43:06:281 5808 STHDA (951801dfb54d86f611f0af47825476f9) C:\WINDOWS\system32\drivers\sthda.sys
21:43:06:421 5808 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
21:43:06:484 5808 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
21:43:06:531 5808 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
21:43:06:609 5808 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
21:43:06:687 5808 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
21:43:06:765 5808 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
21:43:06:812 5808 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
21:43:06:859 5808 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
21:43:07:046 5808 Trufos (b16d66a71de03285e14e9f165b59eda4) C:\Archivos de programa\Archivos comunes\BitDefender\BitDefender Threat Scanner\trufos.sys
21:43:07:093 5808 tunmp (8f861eda21c05857eb8197300a92501c) C:\WINDOWS\system32\DRIVERS\tunmp.sys
21:43:07:156 5808 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
21:43:07:234 5808 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
21:43:07:296 5808 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
21:43:07:343 5808 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
21:43:07:390 5808 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
21:43:07:421 5808 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
21:43:07:468 5808 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
21:43:07:515 5808 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
21:43:07:562 5808 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
21:43:07:593 5808 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
21:43:07:625 5808 VolSnap (c41ffdc191e6c832e2e53c967eae0a16) C:\WINDOWS\system32\drivers\VolSnap.sys
21:43:07:781 5808 w29n51 (a22abd73e0d6ba666cba4e86eeb001b3) C:\WINDOWS\system32\DRIVERS\w29n51.sys
21:43:07:890 5808 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
21:43:07:968 5808 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
21:43:08:031 5808 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
21:43:08:125 5808 winachsf (ba6b6fb242a6ba4068c8b763063beb63) C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys
21:43:08:218 5808
21:43:08:218 5808 Completed
21:43:08:218 5808
21:43:08:218 5808 Results:
21:43:08:218 5808 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
21:43:08:218 5808 File objects infected / cured / cured on reboot: 0 / 0 / 0
21:43:08:218 5808
21:43:08:218 5808 fclose_ex: Trying to close file C:\WINDOWS\system32\config\system
21:43:08:218 5808 fclose_ex: Trying to close file C:\WINDOWS\system32\config\software
21:43:08:234 5808 KLMD(ARK) unloaded successfully


#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,770 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:41 PM

Posted 20 May 2010 - 04:25 AM

Hi,

sorry. That was the wrong tool, please run ComboFix next:
Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Temporarily disable isable your AntiVirus and AntiSpyware applications. They may otherwise interfere with our tools
    Usually this can be done via a right click on the System Tray icon, check this tutorial for disabling the most common security programs: Link

  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 yanmatt

yanmatt
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:03:41 PM

Posted 20 May 2010 - 06:36 AM


Myrti,

Here is the log.

Thanks for the help,
Matt



ComboFix 10-05-19.02 - DELL 05/20/2010 5:16.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.3082.18.1015.500 [GMT -6:00]
Running from: c:\documents and settings\DELL\Escritorio\ComboFix.exe
AV: BitDefender Antivirus *On-access scanning disabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
FW: BitDefender Firewall *enabled* {4055920F-2E99-48A8-A270-4243D2B8F242}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\AutoRun.inf
c:\windows\system32\st325602.dll
c:\windows\TEMP\logishrd\LVPrcInj03.dll

.
((((((((((((((((((((((((( Files Created from 2010-04-20 to 2010-05-20 )))))))))))))))))))))))))))))))
.

2010-05-12 02:33 . 2010-05-12 02:33 -------- d-----w- c:\documents and settings\All Users\Datos de programa\SUPERAntiSpyware.com
2010-05-12 02:32 . 2010-05-12 02:43 -------- d-----w- c:\archivos de programa\SUPERAntiSpyware
2010-05-12 02:32 . 2010-05-12 02:32 -------- d-----w- c:\documents and settings\DELL\Datos de programa\SUPERAntiSpyware.com
2010-05-12 02:31 . 2010-05-12 02:31 -------- d-----w- c:\archivos de programa\Archivos comunes\Wise Installation Wizard
2010-05-12 00:25 . 2010-05-12 00:25 -------- d-----w- c:\documents and settings\DELL\Datos de programa\Malwarebytes
2010-05-12 00:25 . 2010-04-29 21:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-12 00:25 . 2010-05-12 00:25 -------- d-----w- c:\documents and settings\All Users\Datos de programa\Malwarebytes
2010-05-12 00:25 . 2010-05-12 00:25 -------- d-----w- c:\archivos de programa\Malwarebytes' Anti-Malware
2010-05-12 00:25 . 2010-04-29 21:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-11 06:00 . 2010-05-11 06:01 -------- d-----w- C:\618c0bf6ab9e7243c582
2010-05-11 05:45 . 2010-05-11 05:45 -------- d-----w- C:\ff7fa3a6ea517c1dd8ee4f27df37b593
2010-05-11 05:15 . 2010-05-11 05:18 -------- d-----w- c:\windows\SxsCaPendDel
2010-05-11 03:17 . 2010-05-11 03:17 -------- d-sh--w- c:\documents and settings\Invitado\IECompatCache
2010-05-11 03:15 . 2010-05-11 03:15 -------- d-sh--w- c:\documents and settings\Invitado\PrivacIE
2010-05-08 23:50 . 2010-05-11 05:14 -------- d-----w- c:\archivos de programa\Paint.NET
2010-05-05 11:30 . 2010-05-05 11:30 -------- d-sh--w- c:\documents and settings\DELL\IECompatCache
2010-05-04 10:10 . 2010-05-04 10:10 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-04-27 19:57 . 2010-04-27 19:57 -------- d-sh--w- c:\documents and settings\Invitado\IETldCache
2010-04-27 04:10 . 2010-04-27 04:10 -------- d-sh--w- c:\documents and settings\DELL\PrivacIE
2010-04-27 04:07 . 2010-04-27 04:07 -------- d-sh--w- c:\documents and settings\DELL\IETldCache
2010-04-27 04:01 . 2010-04-28 08:01 -------- d-----w- c:\windows\ie8updates
2010-04-27 03:56 . 2010-04-27 04:00 -------- dc-h--w- c:\windows\ie8
2010-04-27 03:51 . 2010-02-25 06:16 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-04-27 03:51 . 2010-02-25 06:16 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-04-27 03:49 . 2010-02-16 04:50 64000 -c----w- c:\windows\system32\dllcache\iecompat.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-20 11:27 . 2009-12-19 22:55 -------- d-----w- c:\documents and settings\DELL\Datos de programa\Skype
2010-05-20 11:27 . 2010-01-15 20:33 -------- d-----w- c:\documents and settings\DELL\Datos de programa\HughesNet Download Manager
2010-05-19 00:56 . 2010-05-12 02:33 63488 ----a-w- c:\documents and settings\DELL\Datos de programa\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-05-19 00:56 . 2010-05-12 02:33 117760 ----a-w- c:\documents and settings\DELL\Datos de programa\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-05-18 12:20 . 2010-01-18 19:10 -------- d-----w- c:\archivos de programa\Google
2010-05-17 15:19 . 2010-01-17 23:36 2554 ----a-w- c:\documents and settings\All Users\Datos de programa\Intuit\QuickBooks 2010\qbbackup.sys
2010-05-15 13:45 . 2010-04-01 17:47 46044 ---ha-w- c:\windows\system32\mlfcache.dat
2010-05-12 02:33 . 2010-05-12 02:33 52224 ----a-w- c:\documents and settings\DELL\Datos de programa\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-05-11 03:09 . 2010-02-14 21:31 -------- d--h--r- c:\documents and settings\Invitado\Datos de programa\yahoo!
2010-05-11 01:19 . 2010-05-11 01:19 20 ----a-w- c:\windows\system32\config\systemprofile\Datos de programa\qvjsge.dat
2010-05-10 19:25 . 2010-05-10 19:25 20 ----a-w- c:\documents and settings\DELL\Datos de programa\qvjsge.dat
2010-05-09 22:30 . 2010-01-26 15:09 -------- d-----w- c:\documents and settings\DELL\Datos de programa\U3
2010-05-09 02:35 . 2010-01-21 16:28 975136 ----a-w- c:\documents and settings\All Users\Datos de programa\Intuit\QuickBooks 2010\Components\DownloadQB20\Patch\qbpatch2.exe
2010-05-09 02:35 . 2010-01-21 16:28 44832 ----a-w- c:\documents and settings\All Users\Datos de programa\Intuit\QuickBooks 2010\Components\DownloadQB20\Patch\qbpatch.exe
2010-05-08 18:33 . 2010-01-15 18:45 -------- d-----w- c:\documents and settings\All Users\Datos de programa\Motive
2010-05-04 10:09 . 2009-10-19 22:04 111312 ----a-w- c:\windows\system32\drivers\bdfndisf.sys
2010-05-02 19:32 . 2004-08-20 12:00 86306 ----a-w- c:\windows\system32\perfc00A.dat
2010-05-02 19:32 . 2004-08-20 12:00 497684 ----a-w- c:\windows\system32\perfh00A.dat
2010-04-21 12:17 . 2009-12-15 22:41 -------- d-----w- c:\documents and settings\All Users\Datos de programa\Microsoft Help
2010-04-15 20:21 . 2010-04-15 20:21 -------- d-----w- c:\documents and settings\NetworkService\Datos de programa\Yahoo!
2010-04-15 02:22 . 2009-12-19 04:53 -------- d-----w- c:\documents and settings\DELL\Datos de programa\Yahoo!
2010-04-15 01:36 . 2009-12-19 04:53 -------- d-----w- c:\documents and settings\All Users\Datos de programa\Yahoo!
2010-04-15 01:36 . 2009-12-19 04:53 -------- d-----w- c:\documents and settings\All Users\Datos de programa\Yahoo! Companion
2010-04-11 21:46 . 2010-04-11 21:34 -------- d-----w- c:\documents and settings\Invitado\Datos de programa\U3
2010-04-06 01:28 . 2010-01-18 20:15 211720 ----a-w- c:\documents and settings\All Users\Datos de programa\Intuit\QuickBooks 2010\Components\SyncMgr\OCD\IntuitSyncManagerPatch.exe
2010-04-06 01:28 . 2010-01-18 20:15 1352968 ----a-w- c:\documents and settings\All Users\Datos de programa\Intuit\QuickBooks 2010\Components\SyncMgr\OCD\IntuitSyncManager.exe
2010-04-01 13:55 . 2009-07-24 17:26 291352 ----a-w- c:\windows\system32\drivers\bdfsfltr.sys
2010-03-10 06:16 . 2004-08-20 12:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-05 01:00 . 2010-03-05 01:00 503808 ----a-w- c:\documents and settings\Invitado\Datos de programa\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-7fa41b51-n\msvcp71.dll
2010-03-05 01:00 . 2010-03-05 01:00 499712 ----a-w- c:\documents and settings\Invitado\Datos de programa\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-7fa41b51-n\jmc.dll
2010-03-05 01:00 . 2010-03-05 01:00 348160 ----a-w- c:\documents and settings\Invitado\Datos de programa\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-7fa41b51-n\msvcr71.dll
2010-03-05 00:58 . 2010-03-05 00:58 61440 ----a-w- c:\documents and settings\Invitado\Datos de programa\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-69a5f7eb-n\decora-sse.dll
2010-03-05 00:58 . 2010-03-05 00:58 12800 ----a-w- c:\documents and settings\Invitado\Datos de programa\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-69a5f7eb-n\decora-d3d.dll
2010-02-28 16:47 . 2010-02-28 16:43 121332 ----a-w- c:\windows\HPHins15.dat
2010-02-25 06:16 . 2004-08-20 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2004-08-20 12:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-19 23:47 . 2010-02-19 23:47 3604480 ----a-w- c:\windows\system32\GPhotos.scr
2009-10-20 00:59 . 2010-01-15 15:31 47104 ----a-w- c:\archivos de programa\mozilla firefox\components\FFComm.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25BC7718-0BFA-40EA-B381-4B2D9732D686}]
2010-04-01 03:34 578872 ------w- c:\archivos de programa\Yahoo!\Search Protection\ysp.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\archiv~1\Yahoo!\Messenger\YahooMessenger.exe" [2009-11-10 5244216]
"Skype"="c:\archivos de programa\Skype\Phone\Skype.exe" [2009-10-09 25623336]
"HughesNet Download Manager"="c:\archivos de programa\HughesNet Download Manager\HDM.exe" [2009-10-27 3563566]
"Google Update"="c:\documents and settings\DELL\Configuración local\Datos de programa\Google\Update\GoogleUpdate.exe" [2010-01-29 135664]
"SUPERAntiSpyware"="c:\archivos de programa\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-05-06 2017280]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-09-15 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-09-15 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-09-15 118784]
"SigmatelSysTrayApp"="c:\archivos de programa\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-03-17 1392640]
"IntelZeroConfig"="c:\archivos de programa\Intel\Wireless\bin\ZCfgSvc.exe" [2007-07-25 823296]
"IntelWireless"="c:\archivos de programa\Intel\Wireless\Bin\ifrmewrk.exe" [2007-07-25 974848]
"RemoteControl"="c:\archivos de programa\CyberLink\PowerDVD\PDVDServ.exe" [2006-09-18 29696]
"LanguageShortcut"="c:\archivos de programa\CyberLink\PowerDVD\Language\Language.exe" [2006-09-30 49152]
"Adobe Reader Speed Launcher"="c:\archivos de programa\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"GrooveMonitor"="c:\archivos de programa\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"BDAgent"="c:\archivos de programa\BitDefender\BitDefender 2010\bdagent.exe" [2010-04-01 1123360]
"BitDefender Antiphishing Helper"="c:\archivos de programa\BitDefender\BitDefender 2010\IEShow.exe" [2009-10-19 71152]
"LogitechCommunicationsManager"="c:\archivos de programa\Archivos comunes\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008]
"LogitechQuickCamRibbon"="c:\archivos de programa\Logitech\QuickCam\Quickcam.exe" [2008-08-14 2407184]
"HughesNetTools_McciTrayApp"="c:\archivos de programa\HughesNetTools\1\McciTrayApp_SSR.exe" [2007-11-20 1454592]
"Intuit SyncManager"="c:\archivos de programa\Archivos comunes\Intuit\Sync\IntuitSyncManager.exe" [2009-08-31 996616]
"BlackBerryAutoUpdate"="c:\archivos de programa\Archivos comunes\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2009-05-12 623888]
"SunJavaUpdateSched"="c:\archivos de programa\Archivos comunes\Java\Java Update\jusched.exe" [2010-01-11 246504]
"QuickTime Task"="c:\archivos de programa\QuickTime\qttask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\archivos de programa\iTunes\iTunesHelper.exe" [2010-02-16 141608]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\DELL\Men£ Inicio\Programas\Inicio\
Recorte de pantalla e Inicio r pido de OneNote 2007.lnk - c:\archivos de programa\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

c:\documents and settings\All Users\Men£ Inicio\Programas\Inicio\
Logitech Desktop Messenger.lnk - c:\archivos de programa\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2009-12-19 66864]
QuickBooks Update Agent.lnk - c:\archivos de programa\Archivos comunes\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2009-9-3 1153824]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\archivos de programa\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 21:21 548352 ----a-w- c:\archivos de programa\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menú Inicio^Programas^Inicio^Desktop Manager.lnk]
path=c:\documents and settings\All Users\Menú Inicio\Programas\Inicio\Desktop Manager.lnk
backup=c:\windows\pss\Desktop Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\appcertdlls]
dvdudwxp REG_SZ c:\windows\system32\logoing6.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Archivos de programa\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Archivos de programa\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Archivos de programa\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Archivos de programa\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Archivos de programa\\Skype\\Phone\\Skype.exe"=
"c:\\Archivos de programa\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Archivos de programa\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2010\\QBDBMgrN.exe"=
"c:\\Archivos de programa\\AIM\\aim.exe"=
"c:\\Archivos de programa\\Bonjour\\mDNSResponder.exe"=
"c:\\Archivos de programa\\iTunes\\iTunes.exe"=
"c:\\Archivos de programa\\Messenger\\msmsgs.exe"=

R1 SASDIFSV;SASDIFSV;c:\archivos de programa\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\archivos de programa\SUPERAntiSpyware\SASKUTIL.SYS [5/6/2010 5:10 PM 68168]
R2 BDVEDISK;BDVEDISK;c:\archivos de programa\BitDefender\BitDefender 2010\bdvedisk.sys [9/22/2009 8:22 AM 85128]
R3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [11/10/2009 5:04 PM 153448]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\drivers\bdfndisf.sys [10/19/2009 4:04 PM 111312]
S0 zwpvhl;zwpvhl; [x]
S2 gupdate;Google Update Service (gupdate);c:\archivos de programa\Google\Update\GoogleUpdate.exe [2/28/2010 1:02 PM 135664]
S3 Arrakis3;BitDefender Arrakis Server;c:\archivos de programa\Archivos comunes\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe [10/19/2009 4:06 PM 183880]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
.
Contents of the 'Scheduled Tasks' folder

2010-05-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\archivos de programa\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]

2010-05-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\archivos de programa\Google\Update\GoogleUpdate.exe [2010-02-28 19:01]

2010-05-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\archivos de programa\Google\Update\GoogleUpdate.exe [2010-02-28 19:01]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://www.avg.es/es.special-toolbar-first-run-tlbrc-v2
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download all with HughesNet Download Manager - file://c:\archivos de programa\HughesNet Download Manager\dlall.htm
IE: Download selected with HughesNet Download Manager - file://c:\archivos de programa\HughesNet Download Manager\dlselected.htm
IE: Download video with HughesNet Download Manager - file://c:\archivos de programa\HughesNet Download Manager\dlfvideo.htm
IE: Download with HughesNet Download Manager - file://c:\archivos de programa\HughesNet Download Manager\dllink.htm
IE: E&xportar a Microsoft Excel - c:\archiv~1\MICROS~2\Office12\EXCEL.EXE/3000
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\archivos de programa\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - c:\program files\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll
DPF: PackageCab - hxxp://ak.imgag.com/imgag/cp/install/AxCtp2.cab
.
- - - - ORPHANS REMOVED - - - -

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKCU-Run-Search Protection - c:\archivos de programa\Yahoo!\Search Protection\SearchProtection.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-20 05:28
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(888)
c:\archivos de programa\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(7972)
c:\windows\system32\WININET.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\archivos de programa\Intel\Wireless\Bin\S24EvMon.exe
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\archivos de programa\Bonjour\mDNSResponder.exe
c:\archivos de programa\Intel\Wireless\Bin\EvtEng.exe
c:\archivos de programa\Java\jre6\bin\jqs.exe
c:\archivos de programa\Archivos comunes\LogiShrd\LVCOMSER\LVComSer.exe
c:\archivos de programa\Archivos comunes\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\archivos de programa\Common Files\Motive\McciCMService.exe
c:\archivos de programa\Archivos comunes\Intuit\QuickBooks\QBCFMonitorService.exe
c:\archivos de programa\Intel\Wireless\Bin\RegSrvc.exe
c:\archivos de programa\Intel\Wireless\Bin\WLKeeper.exe
c:\archivos de programa\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\system32\rundll32.exe
c:\documents and settings\DELL\Configuración local\Datos de programa\Google\Update\1.2.183.23\GoogleCrashHandler.exe
c:\archivos de programa\Archivos comunes\Logishrd\LQCVFX\COCIManager.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\archivos de programa\Intel\Wireless\Bin\Dot1XCfg.exe
c:\archivos de programa\Archivos comunes\LogiShrd\LVCOMSER\LVComSer.exe
c:\archivos de programa\iPod\bin\iPodService.exe
c:\windows\system32\wscntfy.exe
c:\archiv~1\Yahoo!\Messenger\ymsgr_tray.exe
.
**************************************************************************
.
Completion time: 2010-05-20 05:32:18 - machine was rebooted
ComboFix-quarantined-files.txt 2010-05-20 11:32

Pre-Run: 130,132,410,368 bytes libres
Post-Run: 132,887,945,216 bytes libres

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 1722BCF9184D9A476F03B59A53BB1D3C


#8 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,770 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:41 PM

Posted 20 May 2010 - 07:25 AM

Hi,

There are a couple more leftovers, please open notepad and copy/paste the text in the quotebox below into it:

CODE
http://www.bleepingcomputer.com/forums/t/317155/ie-explorer-and-chrome-and-all-internet-programs-will-not-connect-and-sound-gone/
Collect::
C:\WINDOWS\system32\drivers\zwpvhl.sys
c:\windows\system32\logoing6.dll
c:\windows\system32\config\systemprofile\Datos de programa\qvjsge.dat
c:\documents and settings\DELL\Datos de programa\qvjsge.dat
driver::
zwpvhl
Registry::
[-HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\appcertdlls]


Save this as CFScript.txt





Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you. Post that log in your next reply.

**Note**

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.
  • Ensure you are connected to the internet and click OK on the message box.

Let me know how your sound is doing and your PC in general.
regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#9 yanmatt

yanmatt
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:03:41 PM

Posted 20 May 2010 - 08:32 PM

Myrti,

My computer seems to be running ok. I still do not have sound, there is no icon on the task bar, and I can not play music files. Itunes will not open, and windows media player freezes up when I open it.


Here is the log.

Thanks,
Matt


ComboFix 10-05-20.07 - DELL 05/20/2010 18:57:17.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.3082.18.1015.497 [GMT -6:00]
Running from: c:\documents and settings\DELL\Escritorio\ComboFix.exe
Command switches used :: c:\documents and settings\DELL\Escritorio\CFScript.txt
AV: BitDefender Antivirus *On-access scanning disabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
FW: BitDefender Firewall *enabled* {4055920F-2E99-48A8-A270-4243D2B8F242}

file zipped: c:\documents and settings\DELL\Datos de programa\qvjsge.dat
file zipped: c:\windows\system32\config\systemprofile\Datos de programa\qvjsge.dat
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\DELL\Datos de programa\qvjsge.dat
c:\windows\system32\config\systemprofile\Datos de programa\qvjsge.dat
c:\windows\TEMP\logishrd\LVPrcInj01.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ZWPVHL
-------\Service_zwpvhl


((((((((((((((((((((((((( Files Created from 2010-04-21 to 2010-05-21 )))))))))))))))))))))))))))))))
.

2010-05-21 00:18 . 2010-05-21 00:18 -------- d-----w- c:\archivos de programa\Archivos comunes\Logitech
2010-05-12 02:33 . 2010-05-12 02:33 -------- d-----w- c:\documents and settings\All Users\Datos de programa\SUPERAntiSpyware.com
2010-05-12 02:32 . 2010-05-12 02:43 -------- d-----w- c:\archivos de programa\SUPERAntiSpyware
2010-05-12 02:32 . 2010-05-12 02:32 -------- d-----w- c:\documents and settings\DELL\Datos de programa\SUPERAntiSpyware.com
2010-05-12 02:31 . 2010-05-12 02:31 -------- d-----w- c:\archivos de programa\Archivos comunes\Wise Installation Wizard
2010-05-12 00:25 . 2010-05-12 00:25 -------- d-----w- c:\documents and settings\DELL\Datos de programa\Malwarebytes
2010-05-12 00:25 . 2010-04-29 21:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-12 00:25 . 2010-05-12 00:25 -------- d-----w- c:\documents and settings\All Users\Datos de programa\Malwarebytes
2010-05-12 00:25 . 2010-05-12 00:25 -------- d-----w- c:\archivos de programa\Malwarebytes' Anti-Malware
2010-05-12 00:25 . 2010-04-29 21:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-11 06:00 . 2010-05-11 06:01 -------- d-----w- C:\618c0bf6ab9e7243c582
2010-05-11 05:45 . 2010-05-11 05:45 -------- d-----w- C:\ff7fa3a6ea517c1dd8ee4f27df37b593
2010-05-11 05:15 . 2010-05-11 05:18 -------- d-----w- c:\windows\SxsCaPendDel
2010-05-11 03:17 . 2010-05-11 03:17 -------- d-sh--w- c:\documents and settings\Invitado\IECompatCache
2010-05-11 03:15 . 2010-05-11 03:15 -------- d-sh--w- c:\documents and settings\Invitado\PrivacIE
2010-05-08 23:50 . 2010-05-11 05:14 -------- d-----w- c:\archivos de programa\Paint.NET
2010-05-05 11:30 . 2010-05-05 11:30 -------- d-sh--w- c:\documents and settings\DELL\IECompatCache
2010-05-04 10:10 . 2010-05-04 10:10 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-04-27 19:57 . 2010-04-27 19:57 -------- d-sh--w- c:\documents and settings\Invitado\IETldCache
2010-04-27 04:10 . 2010-04-27 04:10 -------- d-sh--w- c:\documents and settings\DELL\PrivacIE
2010-04-27 04:07 . 2010-04-27 04:07 -------- d-sh--w- c:\documents and settings\DELL\IETldCache
2010-04-27 04:01 . 2010-04-28 08:01 -------- d-----w- c:\windows\ie8updates
2010-04-27 03:56 . 2010-04-27 04:00 -------- dc-h--w- c:\windows\ie8
2010-04-27 03:51 . 2010-02-25 06:16 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-04-27 03:51 . 2010-02-25 06:16 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-04-27 03:49 . 2010-02-16 04:50 64000 -c----w- c:\windows\system32\dllcache\iecompat.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-21 01:11 . 2010-01-15 20:33 -------- d-----w- c:\documents and settings\DELL\Datos de programa\HughesNet Download Manager
2010-05-21 01:08 . 2009-12-19 22:55 -------- d-----w- c:\documents and settings\DELL\Datos de programa\Skype
2010-05-20 20:49 . 2010-01-17 23:36 2554 ----a-w- c:\documents and settings\All Users\Datos de programa\Intuit\QuickBooks 2010\qbbackup.sys
2010-05-19 00:56 . 2010-05-12 02:33 63488 ----a-w- c:\documents and settings\DELL\Datos de programa\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-05-19 00:56 . 2010-05-12 02:33 117760 ----a-w- c:\documents and settings\DELL\Datos de programa\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-05-18 12:20 . 2010-01-18 19:10 -------- d-----w- c:\archivos de programa\Google
2010-05-15 13:45 . 2010-04-01 17:47 46044 ---ha-w- c:\windows\system32\mlfcache.dat
2010-05-12 02:33 . 2010-05-12 02:33 52224 ----a-w- c:\documents and settings\DELL\Datos de programa\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-05-11 03:09 . 2010-02-14 21:31 -------- d--h--r- c:\documents and settings\Invitado\Datos de programa\yahoo!
2010-05-09 22:30 . 2010-01-26 15:09 -------- d-----w- c:\documents and settings\DELL\Datos de programa\U3
2010-05-09 02:35 . 2010-01-21 16:28 975136 ----a-w- c:\documents and settings\All Users\Datos de programa\Intuit\QuickBooks 2010\Components\DownloadQB20\Patch\qbpatch2.exe
2010-05-09 02:35 . 2010-01-21 16:28 44832 ----a-w- c:\documents and settings\All Users\Datos de programa\Intuit\QuickBooks 2010\Components\DownloadQB20\Patch\qbpatch.exe
2010-05-08 18:33 . 2010-01-15 18:45 -------- d-----w- c:\documents and settings\All Users\Datos de programa\Motive
2010-05-04 10:09 . 2009-10-19 22:04 111312 ----a-w- c:\windows\system32\drivers\bdfndisf.sys
2010-05-02 19:32 . 2004-08-20 12:00 86306 ----a-w- c:\windows\system32\perfc00A.dat
2010-05-02 19:32 . 2004-08-20 12:00 497684 ----a-w- c:\windows\system32\perfh00A.dat
2010-04-21 12:17 . 2009-12-15 22:41 -------- d-----w- c:\documents and settings\All Users\Datos de programa\Microsoft Help
2010-04-15 20:21 . 2010-04-15 20:21 -------- d-----w- c:\documents and settings\NetworkService\Datos de programa\Yahoo!
2010-04-15 02:22 . 2009-12-19 04:53 -------- d-----w- c:\documents and settings\DELL\Datos de programa\Yahoo!
2010-04-15 01:36 . 2009-12-19 04:53 -------- d-----w- c:\documents and settings\All Users\Datos de programa\Yahoo!
2010-04-15 01:36 . 2009-12-19 04:53 -------- d-----w- c:\documents and settings\All Users\Datos de programa\Yahoo! Companion
2010-04-11 21:46 . 2010-04-11 21:34 -------- d-----w- c:\documents and settings\Invitado\Datos de programa\U3
2010-04-06 01:28 . 2010-01-18 20:15 211720 ----a-w- c:\documents and settings\All Users\Datos de programa\Intuit\QuickBooks 2010\Components\SyncMgr\OCD\IntuitSyncManagerPatch.exe
2010-04-06 01:28 . 2010-01-18 20:15 1352968 ----a-w- c:\documents and settings\All Users\Datos de programa\Intuit\QuickBooks 2010\Components\SyncMgr\OCD\IntuitSyncManager.exe
2010-04-01 13:55 . 2009-07-24 17:26 291352 ----a-w- c:\windows\system32\drivers\bdfsfltr.sys
2010-03-10 06:16 . 2004-08-20 12:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-05 01:00 . 2010-03-05 01:00 503808 ----a-w- c:\documents and settings\Invitado\Datos de programa\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-7fa41b51-n\msvcp71.dll
2010-03-05 01:00 . 2010-03-05 01:00 499712 ----a-w- c:\documents and settings\Invitado\Datos de programa\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-7fa41b51-n\jmc.dll
2010-03-05 01:00 . 2010-03-05 01:00 348160 ----a-w- c:\documents and settings\Invitado\Datos de programa\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-7fa41b51-n\msvcr71.dll
2010-03-05 00:58 . 2010-03-05 00:58 61440 ----a-w- c:\documents and settings\Invitado\Datos de programa\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-69a5f7eb-n\decora-sse.dll
2010-03-05 00:58 . 2010-03-05 00:58 12800 ----a-w- c:\documents and settings\Invitado\Datos de programa\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-69a5f7eb-n\decora-d3d.dll
2010-02-28 16:47 . 2010-02-28 16:43 121332 ----a-w- c:\windows\HPHins15.dat
2010-02-25 06:16 . 2004-08-20 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2004-08-20 12:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-10-20 00:59 . 2010-01-15 15:31 47104 ----a-w- c:\archivos de programa\mozilla firefox\components\FFComm.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-05-20_11.27.04 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-05-21 01:06 . 2010-05-21 01:06 16384 c:\windows\Temp\Perflib_Perfdata_444.dat
+ 2010-05-21 00:19 . 2010-05-21 00:19 57344 c:\windows\Installer\{53735ECE-E461-4FD0-B742-23A352436D3A}\ARPPRODUCTICON.exe
+ 2010-05-21 00:19 . 2010-05-21 00:19 257024 c:\windows\Installer\4fef3.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25BC7718-0BFA-40EA-B381-4B2D9732D686}]
2010-04-01 03:34 578872 ------w- c:\archivos de programa\Yahoo!\Search Protection\ysp.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\archiv~1\Yahoo!\Messenger\YahooMessenger.exe" [2009-11-10 5244216]
"Skype"="c:\archivos de programa\Skype\Phone\Skype.exe" [2009-10-09 25623336]
"HughesNet Download Manager"="c:\archivos de programa\HughesNet Download Manager\HDM.exe" [2009-10-27 3563566]
"Google Update"="c:\documents and settings\DELL\Configuración local\Datos de programa\Google\Update\GoogleUpdate.exe" [2010-01-29 135664]
"SUPERAntiSpyware"="c:\archivos de programa\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-05-06 2017280]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-09-15 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-09-15 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-09-15 118784]
"SigmatelSysTrayApp"="c:\archivos de programa\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-03-17 1392640]
"IntelZeroConfig"="c:\archivos de programa\Intel\Wireless\bin\ZCfgSvc.exe" [2007-07-25 823296]
"IntelWireless"="c:\archivos de programa\Intel\Wireless\Bin\ifrmewrk.exe" [2007-07-25 974848]
"RemoteControl"="c:\archivos de programa\CyberLink\PowerDVD\PDVDServ.exe" [2006-09-18 29696]
"LanguageShortcut"="c:\archivos de programa\CyberLink\PowerDVD\Language\Language.exe" [2006-09-30 49152]
"Adobe Reader Speed Launcher"="c:\archivos de programa\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"GrooveMonitor"="c:\archivos de programa\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"BDAgent"="c:\archivos de programa\BitDefender\BitDefender 2010\bdagent.exe" [2010-04-01 1123360]
"BitDefender Antiphishing Helper"="c:\archivos de programa\BitDefender\BitDefender 2010\IEShow.exe" [2009-10-19 71152]
"LogitechCommunicationsManager"="c:\archivos de programa\Archivos comunes\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008]
"LogitechQuickCamRibbon"="c:\archivos de programa\Logitech\QuickCam\Quickcam.exe" [2008-08-14 2407184]
"HughesNetTools_McciTrayApp"="c:\archivos de programa\HughesNetTools\1\McciTrayApp_SSR.exe" [2007-11-20 1454592]
"Intuit SyncManager"="c:\archivos de programa\Archivos comunes\Intuit\Sync\IntuitSyncManager.exe" [2009-08-31 996616]
"BlackBerryAutoUpdate"="c:\archivos de programa\Archivos comunes\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2009-05-12 623888]
"SunJavaUpdateSched"="c:\archivos de programa\Archivos comunes\Java\Java Update\jusched.exe" [2010-01-11 246504]
"QuickTime Task"="c:\archivos de programa\QuickTime\qttask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\archivos de programa\iTunes\iTunesHelper.exe" [2010-02-16 141608]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\DELL\Men£ Inicio\Programas\Inicio\
Recorte de pantalla e Inicio r pido de OneNote 2007.lnk - c:\archivos de programa\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

c:\documents and settings\All Users\Men£ Inicio\Programas\Inicio\
Logitech Desktop Messenger.lnk - c:\archivos de programa\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2009-12-19 66864]
QuickBooks Update Agent.lnk - c:\archivos de programa\Archivos comunes\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2009-9-3 1153824]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\archivos de programa\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 21:21 548352 ----a-w- c:\archivos de programa\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menú Inicio^Programas^Inicio^Desktop Manager.lnk]
path=c:\documents and settings\All Users\Menú Inicio\Programas\Inicio\Desktop Manager.lnk
backup=c:\windows\pss\Desktop Manager.lnkCommon Startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Archivos de programa\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Archivos de programa\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Archivos de programa\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Archivos de programa\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Archivos de programa\\Skype\\Phone\\Skype.exe"=
"c:\\Archivos de programa\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Archivos de programa\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2010\\QBDBMgrN.exe"=
"c:\\Archivos de programa\\AIM\\aim.exe"=
"c:\\Archivos de programa\\Bonjour\\mDNSResponder.exe"=
"c:\\Archivos de programa\\iTunes\\iTunes.exe"=
"c:\\Archivos de programa\\Messenger\\msmsgs.exe"=

R1 SASDIFSV;SASDIFSV;c:\archivos de programa\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\archivos de programa\SUPERAntiSpyware\SASKUTIL.SYS [5/6/2010 5:10 PM 68168]
R2 BDVEDISK;BDVEDISK;c:\archivos de programa\BitDefender\BitDefender 2010\bdvedisk.sys [9/22/2009 8:22 AM 85128]
R3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [11/10/2009 5:04 PM 153448]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\drivers\bdfndisf.sys [10/19/2009 4:04 PM 111312]
S2 gupdate;Google Update Service (gupdate);c:\archivos de programa\Google\Update\GoogleUpdate.exe [2/28/2010 1:02 PM 135664]
S3 Arrakis3;BitDefender Arrakis Server;c:\archivos de programa\Archivos comunes\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe [10/19/2009 4:06 PM 183880]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
.
Contents of the 'Scheduled Tasks' folder

2010-05-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\archivos de programa\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]

2010-05-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\archivos de programa\Google\Update\GoogleUpdate.exe [2010-02-28 19:01]

2010-05-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\archivos de programa\Google\Update\GoogleUpdate.exe [2010-02-28 19:01]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://www.avg.es/es.special-toolbar-first-run-tlbrc-v2
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download all with HughesNet Download Manager - file://c:\archivos de programa\HughesNet Download Manager\dlall.htm
IE: Download selected with HughesNet Download Manager - file://c:\archivos de programa\HughesNet Download Manager\dlselected.htm
IE: Download video with HughesNet Download Manager - file://c:\archivos de programa\HughesNet Download Manager\dlfvideo.htm
IE: Download with HughesNet Download Manager - file://c:\archivos de programa\HughesNet Download Manager\dllink.htm
IE: E&xportar a Microsoft Excel - c:\archiv~1\MICROS~2\Office12\EXCEL.EXE/3000
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\archivos de programa\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - c:\program files\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll
DPF: PackageCab - hxxp://ak.imgag.com/imgag/cp/install/AxCtp2.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-20 19:09
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1020)
c:\archivos de programa\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(7696)
c:\windows\system32\WININET.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\archiv~1\MICROS~2\Office12\GR99D3~1.DLL
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\archivos de programa\Intel\Wireless\Bin\S24EvMon.exe
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\archivos de programa\Bonjour\mDNSResponder.exe
c:\archivos de programa\Intel\Wireless\Bin\EvtEng.exe
c:\archivos de programa\Java\jre6\bin\jqs.exe
c:\archivos de programa\Archivos comunes\LogiShrd\LVCOMSER\LVComSer.exe
c:\archivos de programa\Archivos comunes\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\archivos de programa\Common Files\Motive\McciCMService.exe
c:\archivos de programa\Archivos comunes\Intuit\QuickBooks\QBCFMonitorService.exe
c:\archivos de programa\Intel\Wireless\Bin\RegSrvc.exe
c:\archivos de programa\Intel\Wireless\Bin\WLKeeper.exe
c:\archivos de programa\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\system32\rundll32.exe
c:\documents and settings\DELL\Configuración local\Datos de programa\Google\Update\1.2.183.23\GoogleCrashHandler.exe
c:\archivos de programa\Archivos comunes\Logishrd\LQCVFX\COCIManager.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\archivos de programa\Intel\Wireless\Bin\Dot1XCfg.exe
c:\archivos de programa\Archivos comunes\LogiShrd\LVCOMSER\LVComSer.exe
c:\archivos de programa\iPod\bin\iPodService.exe
c:\archiv~1\Yahoo!\Messenger\ymsgr_tray.exe
.
**************************************************************************
.
Completion time: 2010-05-20 19:15:28 - machine was rebooted
ComboFix-quarantined-files.txt 2010-05-21 01:15
ComboFix2.txt 2010-05-20 11:32

Pre-Run: 132,851,056,640 bytes libres
Post-Run: 132,746,805,248 bytes libres

- - End Of File - - BED6FF8BCD5012078E747012C27318AF
Upload was successful


#10 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,770 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:41 PM

Posted 21 May 2010 - 04:36 AM

Hi,

could you please try to reinstall iTunes and let me know if you can then play music.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#11 yanmatt

yanmatt
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:03:41 PM

Posted 21 May 2010 - 06:27 AM

Myrti,

Itunes did finally open, but before it opened I got this message.

"Itunes has detected a problem with your audio configuration, audio video playback may not operate properly"

and after opening music files will not play.

Thanks for your help

#12 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,770 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:41 PM

Posted 21 May 2010 - 08:19 AM

Hi,
have you tried reinstalling Itumes or did you only open it?

Please read through this guide first, but don't create your own topic for it. Instead then do:
  1. Please download Dial-A-Fix
  2. Extract the zip file to your desktop.
  3. Double click Dial-a-Fix.exe to start the program.
  4. Press the green double checkmark box (Looks like this: )
  5. UNcheck "Empty Temp Folders", as well as "Adjust Time/Date" in the prep section. The prep section should then look like this:
  6. When the window looks like this, press the GO button in the bottom of the window.
  7. Exit/Close Dial-A-Fix

Let me know if that helps with your sound.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#13 yanmatt

yanmatt
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:03:41 PM

Posted 21 May 2010 - 11:08 PM

Myrti,

Itunes was not reinstalled.

Ran dial a fix, no change to with my sound.

In control panel, under sound option, it shoes that nothing is installed.

Thanks,
Matt

#14 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,770 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:41 PM

Posted 22 May 2010 - 05:07 PM

Hi,

could you please give me the exact make of your Dell? Did you install a dedicated soundcard or are you using the default one that came with your PC?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#15 yanmatt

yanmatt
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:03:41 PM

Posted 22 May 2010 - 06:41 PM

Myrti

I have a dell XPS M140, I am using the default sound card.

Thanks,
Matt




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users