Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

still have system check on programs menu


  • This topic is locked This topic is locked
22 replies to this topic

#1 linseed

linseed

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Mexico
  • Local time:10:57 PM

Posted 31 January 2012 - 12:50 AM

I got infected with system check. I did as instructed. One thing I noticed is that I couldn't disable system restore. After doing all as instructed I rebooted and Malaware Bytes asked if it should scan again. On the second time it still found some infections. The third time it found nothing. But I still have system check on desktop and on start. Also when I click on start I can see all my programs but when I point to any of them (i.e. iTunes) they are "empty". I know my files are there, because I see them in My Documents. I am afraid to do anything else without asking first. I am running XP SP2 (I thought I had SP3) on a Dell computer. Thanks a lot!
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15
Run by Verónica Barrera J at 16:19:00 on 2012-01-30
Microsoft Windows XP Home Edition 5.1.2600.2.1252.34.3082.18.2046.1423 [GMT -6:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\System32\DSentry.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\ARCHIVOS DE PROGRAMA\DELL\DELL LASER MFP 1600N\PSU\ScanToPc.exe
C:\Archivos de programa\Java\jre6\bin\jusched.exe
C:\Archivos de programa\Archivos comunes\Adobe\ARM\1.0\AdobeARM.exe
C:\program files\real\realplayer\update\realsched.exe
C:\Archivos de programa\iTunes\iTunesHelper.exe
C:\Archivos de programa\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Archivos de programa\Messenger\msmsgs.exe
C:\Archivos de programa\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
svchost.exe
C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Archivos de programa\Bonjour\mDNSResponder.exe
C:\Archivos de programa\Java\jre6\bin\jqs.exe
C:\Archivos de programa\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wuauclt.exe
C:\Archivos de programa\iPod\bin\iPodService.exe
C:\Archivos de programa\Internet Explorer\iexplore.exe
C:\Archivos de programa\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Archivos de programa\Internet Explorer\iexplore.exe
C:\Documents and Settings\Verónica Barrera J\Escritorio\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bleepingcomputer.com/virus-removal/remove-system-check
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://www.dell.com/
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\archivos de programa\archivos comunes\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\datos de programa\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\archivos de programa\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\archivos de programa\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\archivos de programa\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\archivos de programa\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\archivos de programa\google\google toolbar\GoogleToolbar_32.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [MSMSGS] "c:\archivos de programa\messenger\msmsgs.exe" /background
uRun: [swg] "c:\archivos de programa\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ares] "c:\archivos de programa\ares\Ares.exe" -h
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\verónica barrera j\configuración local\datos de programa\google\update\GoogleUpdate.exe" /c
uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockwave 11\SwHelper_1150596.exe -Update -1150596 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.2; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) )" -"http://www.cartoonnetwork.com/games/ben10/battleready/index.html"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb03.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [DVDSentry] c:\windows\system32\DSentry.exe
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [B3D06185] c:\windows\system32\hhjorosgxoq.exe
mRun: [StorageGuard] "c:\archivos de programa\archivos comunes\sonic\update manager\sgtray.exe" /r
mRun: [PRISMSVR.EXE] "c:\windows\system32\PRISMSVR.EXE" /APPLY
mRun: [P3000x_S2P] c:\archivos de programa\dell\dell laser mfp 1600n\psu\ScanToPc.exe
mRun: [NVIDIA Video drivers] video_32sD.exe
mRun: [SunJavaUpdateSched] "c:\archivos de programa\java\jre6\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\archivos de programa\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\archivos de programa\archivos comunes\adobe\arm\1.0\AdobeARM.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [APSDaemon] "c:\archivos de programa\archivos comunes\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\archivos de programa\quicktime\qttask.exe" -atboottime
mRun: [AppleSyncNotifier] c:\archivos de programa\archivos comunes\apple\mobile device support\AppleSyncNotifier.exe
mRun: [iTunesHelper] "c:\archivos de programa\itunes\iTunesHelper.exe"
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\archivos de programa\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [Malwarebytes' Anti-Malware] "c:\archivos de programa\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRunServices: [D86017EB] c:\windows\system32\hhjorosgxoq.exe
mRunServices: [NVIDIA Video drivers] video_32sD.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [Microsoft Update Machine] winup.exe
dRun: [NVIDIA Video drivers] video_32sD.exe
dRun: [NAV Scan Service] NAVscan32.exe
IE: E&xportar a Microsoft Excel - c:\archiv~1\micros~3\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\archivos de programa\messenger\msmsgs.exe
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{753F4254-3782-4DBC-BC8D-F7D1DE336F08} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{8FB17606-38B3-4076-9793-28097967C43D} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{910EE9BB-8C4A-44A0-B267-DF3BC7E06BE9} : DhcpNameServer = 192.168.1.254
Filter: text/html - {621bccc1-a69d-49e8-85ee-e0c20a2100fa} -
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\archivos de programa\archivos comunes\microsoft shared\web folders\PKMCDO.DLL
Notify: !SASWinLogon - c:\archivos de programa\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\archivos de programa\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\verónica barrera j\datos de programa\mozilla\firefox\profiles\62rw5oor.default\
.
============= SERVICES / DRIVERS ===============
.
R1 SASDIFSV;SASDIFSV;c:\archivos de programa\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\archivos de programa\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 MBAMService;MBAMService;c:\archivos de programa\malwarebytes' anti-malware\mbamservice.exe [2012-1-26 652872]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-1-26 20464]
S1 SABKUTIL;SABKUTIL;\??\c:\archivos de programa\superantispyware\sabkutil.sys --> c:\archivos de programa\superantispyware\SABKUTIL.sys [?]
S2 gupdate;Servicio de actualización de Google (gupdate);c:\archivos de programa\google\update\GoogleUpdate.exe [2009-12-22 135664]
S2 NNServ;NNServ;"c:\archivos de programa\newdotnet\nnrun.exe" "c:\archivos de programa\newdotnet\nncore.dll" servicestart --> c:\archivos de programa\newdotnet\nnrun.exe [?]
S3 FANTOM;LEGO MINDSTORMS NXT Driver;c:\windows\system32\drivers\fantom.sys [2008-7-29 39424]
S3 gupdatem;Google Update Servicio (gupdatem);c:\archivos de programa\google\update\GoogleUpdate.exe [2009-12-22 135664]
S3 L2XPSR;L2XPSR;\??\c:\archiv~1\telmex\prodig~1\app\l2xpsr.sys --> c:\archiv~1\telmex\prodig~1\app\L2XPSR.SYS [?]
S3 rtl8180;Realtek RTL8180 Wireless LAN (Mini-)PCI NIC NT Driver;c:\windows\system32\drivers\RTL8180.sys [2004-10-11 185216]
S3 vrskbdft;vrskbdft;c:\windows\system32\drivers\vrskbdft.sys [2005-11-14 5504]
.
=============== Created Last 30 ================
.
2012-01-30 16:24:04 -------- d-----r- c:\documents and settings\all users\MEN?IN~1
2012-01-29 00:28:31 -------- d-----r- c:\documents and settings\verónica barrera j\Recent
2012-01-27 03:15:10 -------- d-----w- c:\documents and settings\verónica barrera j\datos de programa\Malwarebytes
2012-01-27 01:53:18 -------- d-----w- c:\documents and settings\all users\datos de programa\Malwarebytes
2012-01-27 01:53:14 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-27 01:53:14 -------- d-----w- c:\archivos de programa\Malwarebytes' Anti-Malware
2012-01-26 01:34:06 -------- d-----w- c:\archivos de programa\iPod
.
==================== Find3M ====================
.
.
============= FINISH: 16:20:21.29 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:57 AM

Posted 01 February 2012 - 08:54 PM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 linseed

linseed
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Mexico
  • Local time:10:57 PM

Posted 02 February 2012 - 11:44 AM

Hi Gringo. Ran ComboFix. I can still see System Check in my programs (I don't know if this means I am still infected). Internet Explorer keeps telling me it has an error and is going to close. On the third attempt Internet explorer tried to open itself again it got stuck. I can't close it nor type anything on the address bar, so now I am using Firefox. Here is the ComboFix log: Thanks a lot!!!


ComboFix 12-02-02.01 - Verónica Barrera J 02/02/2012 10:11:15.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.34.3082.18.2046.1479 [GMT -6:00]
Running from: c:\documents and settings\Ver¾nica Barrera J\Escritorio\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\archivos de programa\Shared
c:\documents and settings\All Users\Datos de programa\~DQrVvyY3oiy7G1
c:\documents and settings\All Users\Datos de programa\~DQrVvyY3oiy7G1r
c:\documents and settings\All Users\Datos de programa\DQrVvyY3oiy7G1
c:\windows\BackUp
c:\windows\BackUp\T\50215000.DAT
c:\windows\patch.exe
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\windows.txt
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NNSERV
-------\Service_NNServ
.
.
((((((((((((((((((((((((( Files Created from 2012-01-02 to 2012-02-02 )))))))))))))))))))))))))))))))
.
.
2012-02-02 16:22 . 2012-02-02 16:22 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-01-30 16:24 . 2012-01-30 16:24 -------- d-----r-N~1 c:\docume~1\ALLUSE~1\MENIN~~1
2012-01-27 03:15 . 2012-01-27 03:15 -------- d-----w- c:\documents and settings\Verónica Barrera J\Datos de programa\Malwarebytes
2012-01-27 01:53 . 2012-01-27 01:53 -------- d-----w- c:\documents and settings\Administrador\Datos de programa\Malwarebytes
2012-01-27 01:53 . 2012-01-27 01:53 -------- d-----w- c:\documents and settings\All Users\Datos de programa\Malwarebytes
2012-01-27 01:53 . 2012-01-29 00:45 -------- d-----w- c:\archivos de programa\Malwarebytes' Anti-Malware
2012-01-27 01:53 . 2011-12-10 21:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-27 01:11 . 2012-01-27 01:11 -------- d-----w- c:\documents and settings\Administrador\Datos de programa\SUPERAntiSpyware.com
2012-01-27 01:03 . 2012-01-27 01:03 -------- d-sh--w- c:\documents and settings\Administrador\PrivacIE
2012-01-27 00:52 . 2012-01-27 00:52 -------- d-sh--w- c:\documents and settings\Administrador\IETldCache
2012-01-26 01:34 . 2012-01-26 01:34 -------- d-----w- c:\archivos de programa\iPod
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\archivos de programa\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-29 68856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-10-19 155648]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb03.exe" [2001-08-03 196608]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-10-19 126976]
"DVDSentry"="c:\windows\System32\DSentry.exe" [2003-08-13 28672]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2003-08-06 114741]
"StorageGuard"="c:\archivos de programa\Archivos comunes\Sonic\Update Manager\sgtray.exe" [2003-02-13 155648]
"P3000x_S2P"="c:\archivos de programa\DELL\DELL LASER MFP 1600N\PSU\ScanToPc.exe" [2004-10-27 57344]
"SunJavaUpdateSched"="c:\archivos de programa\Java\jre6\bin\jusched.exe" [2009-08-12 149280]
"Adobe Reader Speed Launcher"="c:\archivos de programa\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\archivos de programa\Archivos comunes\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-07-05 273544]
"APSDaemon"="c:\archivos de programa\Archivos comunes\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"QuickTime Task"="c:\archivos de programa\QuickTime\qttask.exe" [2011-10-24 421888]
"AppleSyncNotifier"="c:\archivos de programa\Archivos comunes\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-06 59240]
"iTunesHelper"="c:\archivos de programa\iTunes\iTunesHelper.exe" [2012-01-16 421736]
"Malwarebytes' Anti-Malware (reboot)"="c:\archivos de programa\Malwarebytes' Anti-Malware\mbam.exe" [2011-12-24 981680]
"Malwarebytes' Anti-Malware"="c:\archivos de programa\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-19 15360]
.
c:\documents and settings\All Users\Menú Inicio\Programas\Inicio\
Digital Line Detect.lnk - c:\archivos de programa\Digital Line Detect\DLG.exe [2004-2-5 24576]
Microsoft Office.lnk - c:\archivos de programa\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
Prodigy.lnk - [N/A]
WinZip Quick Pick.lnk - c:\archivos de programa\WinZip\WZQKPICK.EXE [2005-1-28 118784]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\archivos de programa\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\archivos de programa\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SBService"=2 (0x2)
"navapsvc"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Archivos de programa\\Messenger\\msmsgs.exe"=
"c:\\Archivos de programa\\Ares Vista\\Ares.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Archivos de programa\\FrostWire\\FrostWire.exe"=
"c:\\Archivos de programa\\Bonjour\\mDNSResponder.exe"=
"c:\\Archivos de programa\\Archivos comunes\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Archivos de programa\\iTunes\\iTunes.exe"=
.
R1 SASDIFSV;SASDIFSV;c:\archivos de programa\SUPERAntiSpyware\sasdifsv.sys [17/02/2010 12:25 p.m. 12872]
R1 SASKUTIL;SASKUTIL;c:\archivos de programa\SUPERAntiSpyware\SASKUTIL.SYS [10/05/2010 12:41 p.m. 67656]
R2 MBAMService;MBAMService;c:\archivos de programa\Malwarebytes' Anti-Malware\mbamservice.exe [26/01/2012 07:53 p.m. 652872]
R3 MBAMProtector;MBAMProtector;c:\windows\SYSTEM32\DRIVERS\mbam.sys [26/01/2012 07:53 p.m. 20464]
S1 SABKUTIL;SABKUTIL;\??\c:\archivos de programa\SUPERAntiSpyware\SABKUTIL.sys --> c:\archivos de programa\SUPERAntiSpyware\SABKUTIL.sys [?]
S2 gupdate;Servicio de actualización de Google (gupdate);c:\archivos de programa\Google\Update\GoogleUpdate.exe [22/12/2009 08:35 a.m. 135664]
S3 FANTOM;LEGO MINDSTORMS NXT Driver;c:\windows\SYSTEM32\DRIVERS\fantom.sys [29/07/2008 02:09 p.m. 39424]
S3 gupdatem;Google Update Servicio (gupdatem);c:\archivos de programa\Google\Update\GoogleUpdate.exe [22/12/2009 08:35 a.m. 135664]
S3 L2XPSR;L2XPSR;\??\c:\archiv~1\TELMEX\PRODIG~1\app\L2XPSR.SYS --> c:\archiv~1\TELMEX\PRODIG~1\app\L2XPSR.SYS [?]
S3 rtl8180;Realtek RTL8180 Wireless LAN (Mini-)PCI NIC NT Driver;c:\windows\SYSTEM32\DRIVERS\RTL8180.sys [11/10/2004 01:33 p.m. 185216]
S3 vrskbdft;vrskbdft;c:\windows\SYSTEM32\DRIVERS\vrskbdft.sys [14/11/2005 11:11 a.m. 5504]
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\archivos de programa\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]
.
2012-01-30 c:\windows\Tasks\Google Software Updater.job
- c:\archivos de programa\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-06-09 21:06]
.
2012-02-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\archivos de programa\Google\Update\GoogleUpdate.exe [2009-12-22 14:35]
.
2012-02-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\archivos de programa\Google\Update\GoogleUpdate.exe [2009-12-22 14:35]
.
2012-02-02 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-409304385-768972678-2457951874-1006.job
- c:\archivos de programa\Real\RealUpgrade\realupgrade.exe [2011-03-29 15:47]
.
2012-02-02 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-409304385-768972678-2457951874-1006.job
- c:\archivos de programa\Real\RealUpgrade\realupgrade.exe [2011-03-29 15:47]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bleepingcomputer.com/virus-removal/remove-system-check
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://www.dell.com/
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xportar a Microsoft Excel - c:\archiv~1\MICROS~3\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\documents and settings\Verónica Barrera J\Datos de programa\Mozilla\Firefox\Profiles\62rw5oor.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\archivos de programa\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-ares - c:\archivos de programa\Ares\Ares.exe
HKLM-Run-B3D06185 - c:\windows\System32\hhjorosgxoq.exe
HKLM-Run-PRISMSVR.EXE - c:\windows\system32\PRISMSVR.EXE
HKLM-Run-NVIDIA Video drivers - video_32sD.exe
HKU-Default-Run-Microsoft Update Machine - winup.exe
HKU-Default-Run-NVIDIA Video drivers - video_32sD.exe
HKU-Default-Run-NAV Scan Service - NAVscan32.exe
MSConfigStartUp-APVXDWIN - c:\archivos de programa\Panda Software\Panda Titanium Antivirus 2004\APVXDWIN.EXE
MSConfigStartUp-NAV Agent - c:\archiv~1\NORTON~2\navapw32.exe
MSConfigStartUp-System Update - c:\windows\System32\wawegrz.exe
AddRemove-hp deskjet 656c series - c:\archivos de programa\hp deskjet 656c series\hpfiui.exe
AddRemove-{f4a143bf-f9d8-40f8-8567-a84d638162cd} - c:\windows\system32\rlvknlg.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-02 10:22
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(616)
c:\archivos de programa\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(3668)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\archivos de programa\Archivos comunes\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\archivos de programa\Bonjour\mDNSResponder.exe
c:\archivos de programa\Java\jre6\bin\jqs.exe
c:\archivos de programa\iPod\bin\iPodService.exe
c:\windows\System32\ssmypics.scr
.
**************************************************************************
.
Completion time: 2012-02-02 10:31:50 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-02 16:31
.
Pre-Run: 10,255,077,376 bytes libres
Post-Run: 11,856,236,544 bytes libres
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
.
- - End Of File - - FED4F39CC3B9EFA3D6617ABE253F6039

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:57 AM

Posted 02 February 2012 - 12:01 PM

Hello

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 linseed

linseed
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Mexico
  • Local time:10:57 PM

Posted 03 February 2012 - 09:38 AM

Tdss found nothing. It ran pretty fast, it took like 15 seconds to finish. Here is the report:

08:30:24.0640 0648 TDSS rootkit removing tool 2.7.9.0 Feb 1 2012 09:28:49
08:30:25.0250 0648 ============================================================
08:30:25.0250 0648 Current date / time: 2012/02/03 08:30:25.0250
08:30:25.0250 0648 SystemInfo:
08:30:25.0250 0648
08:30:25.0250 0648 OS Version: 5.1.2600 ServicePack: 2.0
08:30:25.0250 0648 Product type: Workstation
08:30:25.0250 0648 ComputerName: VERONICA
08:30:25.0250 0648 UserName: Verónica Barrera J
08:30:25.0250 0648 Windows directory: C:\WINDOWS
08:30:25.0250 0648 System windows directory: C:\WINDOWS
08:30:25.0250 0648 Processor architecture: Intel x86
08:30:25.0250 0648 Number of processors: 1
08:30:25.0250 0648 Page size: 0x1000
08:30:25.0250 0648 Boot type: Normal boot
08:30:25.0250 0648 ============================================================
08:30:27.0390 0648 Drive \Device\Harddisk0\DR0 - Size: 0x9502F9000 (37.25 Gb), SectorSize: 0x200, Cylinders: 0x12FF, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
08:30:27.0390 0648 \Device\Harddisk0\DR0:
08:30:27.0390 0648 MBR used
08:30:27.0390 0648 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0xFB04, BlocksNum 0x4A6DA7A
08:30:27.0703 0648 Initialize success
08:30:27.0703 0648 ============================================================
08:32:19.0171 2596 ============================================================
08:32:19.0171 2596 Scan started
08:32:19.0171 2596 Mode: Manual;
08:32:19.0171 2596 ============================================================
08:32:19.0718 2596 2WIREPCP (6551c1cf190df3e12c435a085987fba0) C:\WINDOWS\system32\DRIVERS\2WirePCP.sys
08:32:19.0718 2596 2WIREPCP - ok
08:32:19.0859 2596 Abiosdsk - ok
08:32:20.0046 2596 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS
08:32:20.0046 2596 abp480n5 - ok
08:32:20.0218 2596 ACPI (33d1373ee875ce8b063777f7e77815b7) C:\WINDOWS\system32\DRIVERS\ACPI.sys
08:32:20.0218 2596 ACPI - ok
08:32:20.0406 2596 ACPIEC (1c905333c0b9f3d7c68ddf25e54b00f9) C:\WINDOWS\system32\drivers\ACPIEC.sys
08:32:20.0406 2596 ACPIEC - ok
08:32:20.0578 2596 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\System32\DRIVERS\adpu160m.sys
08:32:20.0593 2596 adpu160m - ok
08:32:20.0781 2596 aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys
08:32:20.0781 2596 aeaudio - ok
08:32:20.0953 2596 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
08:32:20.0953 2596 aec - ok
08:32:21.0140 2596 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
08:32:21.0140 2596 AFD - ok
08:32:21.0296 2596 agp440 (2c428fa0c3e3a01ed93c9b2a27d8d4bb) C:\WINDOWS\System32\DRIVERS\agp440.sys
08:32:21.0296 2596 agp440 - ok
08:32:21.0484 2596 agpCPQ (67288b07d6aba6c1267b626e67bc56fd) C:\WINDOWS\System32\DRIVERS\agpCPQ.sys
08:32:21.0484 2596 agpCPQ - ok
08:32:21.0687 2596 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\System32\DRIVERS\aha154x.sys
08:32:21.0687 2596 Aha154x - ok
08:32:21.0921 2596 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\System32\DRIVERS\aic78u2.sys
08:32:21.0921 2596 aic78u2 - ok
08:32:22.0156 2596 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\System32\DRIVERS\aic78xx.sys
08:32:22.0156 2596 aic78xx - ok
08:32:22.0359 2596 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\System32\DRIVERS\aliide.sys
08:32:22.0359 2596 AliIde - ok
08:32:22.0531 2596 alim1541 (f312b7cef21eff52fa23056b9d815fad) C:\WINDOWS\System32\DRIVERS\alim1541.sys
08:32:22.0531 2596 alim1541 - ok
08:32:22.0703 2596 amdagp (675c16a3c1f8482f85ee4a97fc0dde3d) C:\WINDOWS\System32\DRIVERS\amdagp.sys
08:32:22.0703 2596 amdagp - ok
08:32:22.0921 2596 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\System32\DRIVERS\amsint.sys
08:32:22.0921 2596 amsint - ok
08:32:23.0140 2596 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\System32\DRIVERS\asc.sys
08:32:23.0140 2596 asc - ok
08:32:23.0328 2596 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\System32\DRIVERS\asc3350p.sys
08:32:23.0328 2596 asc3350p - ok
08:32:23.0531 2596 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\System32\DRIVERS\asc3550.sys
08:32:23.0531 2596 asc3550 - ok
08:32:23.0687 2596 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
08:32:23.0687 2596 AsyncMac - ok
08:32:23.0890 2596 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
08:32:23.0890 2596 atapi - ok
08:32:24.0031 2596 Atdisk - ok
08:32:24.0203 2596 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
08:32:24.0203 2596 Atmarpc - ok
08:32:24.0406 2596 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
08:32:24.0406 2596 audstub - ok
08:32:24.0562 2596 bcm4sbxp (068523d2cd260069b19ad68adea0d739) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
08:32:24.0562 2596 bcm4sbxp - ok
08:32:24.0718 2596 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
08:32:24.0718 2596 Beep - ok
08:32:24.0906 2596 Bridge (e4e6a0922e3d983728c9ad4e8d466954) C:\WINDOWS\system32\DRIVERS\bridge.sys
08:32:24.0921 2596 Bridge - ok
08:32:24.0937 2596 BridgeMP (e4e6a0922e3d983728c9ad4e8d466954) C:\WINDOWS\system32\DRIVERS\bridge.sys
08:32:24.0937 2596 BridgeMP - ok
08:32:25.0062 2596 bvrp_pci - ok
08:32:25.0078 2596 catchme - ok
08:32:25.0265 2596 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\System32\DRIVERS\cbidf2k.sys
08:32:25.0265 2596 cbidf - ok
08:32:25.0453 2596 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
08:32:25.0453 2596 cbidf2k - ok
08:32:25.0656 2596 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\System32\DRIVERS\cd20xrnt.sys
08:32:25.0656 2596 cd20xrnt - ok
08:32:25.0875 2596 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
08:32:25.0875 2596 Cdaudio - ok
08:32:26.0046 2596 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
08:32:26.0046 2596 Cdfs - ok
08:32:26.0234 2596 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
08:32:26.0234 2596 Cdrom - ok
08:32:26.0375 2596 Changer - ok
08:32:26.0515 2596 CmdIde (2f86ab1a85e4ecd37c3a88f45d706548) C:\WINDOWS\System32\DRIVERS\cmdide.sys
08:32:26.0515 2596 CmdIde - ok
08:32:26.0578 2596 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\System32\DRIVERS\cpqarray.sys
08:32:26.0578 2596 Cpqarray - ok
08:32:26.0796 2596 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\System32\DRIVERS\dac2w2k.sys
08:32:26.0796 2596 dac2w2k - ok
08:32:27.0000 2596 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\System32\DRIVERS\dac960nt.sys
08:32:27.0000 2596 dac960nt - ok
08:32:27.0203 2596 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
08:32:27.0203 2596 Disk - ok
08:32:27.0390 2596 dmboot (9fb634a0ed429aa64de57c53dd10ccf9) C:\WINDOWS\system32\drivers\dmboot.sys
08:32:27.0406 2596 dmboot - ok
08:32:27.0562 2596 dmio (67decfaf3b6cdb34b3fa77d965281bb5) C:\WINDOWS\system32\drivers\dmio.sys
08:32:27.0562 2596 dmio - ok
08:32:27.0734 2596 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
08:32:27.0734 2596 dmload - ok
08:32:27.0921 2596 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
08:32:27.0937 2596 DMusic - ok
08:32:28.0125 2596 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\System32\DRIVERS\dpti2o.sys
08:32:28.0125 2596 dpti2o - ok
08:32:28.0296 2596 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
08:32:28.0296 2596 drmkaud - ok
08:32:28.0500 2596 drvmcdb (7f056a52bcba3102d2d37a4a2646c807) C:\WINDOWS\system32\drivers\drvmcdb.sys
08:32:28.0500 2596 drvmcdb - ok
08:32:28.0687 2596 drvnddm (d3c1e501ed42e77574b3095309dd4075) C:\WINDOWS\system32\drivers\drvnddm.sys
08:32:28.0703 2596 drvnddm - ok
08:32:28.0921 2596 EL90XBC (6e883bf518296a40959131c2304af714) C:\WINDOWS\system32\DRIVERS\el90xbc5.sys
08:32:28.0921 2596 EL90XBC - ok
08:32:29.0078 2596 ENETHUSB (6938eb04cd890202c3d6fa8c68cd31a1) C:\WINDOWS\system32\DRIVERS\enethusb.sys
08:32:29.0078 2596 ENETHUSB - ok
08:32:29.0281 2596 FANTOM (e3b0cd18146f9d51a34969e9bc2458d2) C:\WINDOWS\system32\DRIVERS\fantom.sys
08:32:29.0281 2596 FANTOM - ok
08:32:29.0437 2596 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
08:32:29.0437 2596 Fastfat - ok
08:32:29.0640 2596 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
08:32:29.0640 2596 Fdc - ok
08:32:29.0875 2596 Fips (6e9d149cfae2af4783f85dbd6cedf7a1) C:\WINDOWS\system32\drivers\Fips.sys
08:32:29.0875 2596 Fips - ok
08:32:30.0031 2596 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
08:32:30.0031 2596 Flpydisk - ok
08:32:30.0203 2596 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\drivers\fltmgr.sys
08:32:30.0203 2596 FltMgr - ok
08:32:30.0390 2596 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
08:32:30.0390 2596 Fs_Rec - ok
08:32:30.0609 2596 Ftdisk (cc5f3af5711a1c7c8fa1d43bb16b401a) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
08:32:30.0609 2596 Ftdisk - ok
08:32:30.0796 2596 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
08:32:30.0812 2596 GEARAspiWDM - ok
08:32:30.0984 2596 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
08:32:30.0984 2596 Gpc - ok
08:32:31.0187 2596 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
08:32:31.0187 2596 HidUsb - ok
08:32:31.0390 2596 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\System32\DRIVERS\hpn.sys
08:32:31.0390 2596 hpn - ok
08:32:31.0593 2596 HSFHWBS2 (5380253d2751f2b5d95941c09e7e42ac) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
08:32:31.0593 2596 HSFHWBS2 - ok
08:32:31.0828 2596 HSF_DP (e9a4c20ab168be8bd78486afebba5836) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
08:32:31.0859 2596 HSF_DP - ok
08:32:32.0093 2596 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys
08:32:32.0109 2596 HTTP - ok
08:32:32.0281 2596 i2omgmt (8f09f91b5c91363b77bcd15599570f2c) C:\WINDOWS\system32\drivers\i2omgmt.sys
08:32:32.0281 2596 i2omgmt - ok
08:32:32.0453 2596 i2omp (ed6bf9e441fdea13292a6d30a64a24c3) C:\WINDOWS\System32\DRIVERS\i2omp.sys
08:32:32.0453 2596 i2omp - ok
08:32:32.0625 2596 i8042prt (0cab3ee361cfeab260b3906c8b6fb2be) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
08:32:32.0625 2596 i8042prt - ok
08:32:32.0859 2596 ialm (44b7d5a4f2bd9fe21aea0bb0bace38c4) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
08:32:32.0875 2596 ialm - ok
08:32:33.0062 2596 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
08:32:33.0062 2596 Imapi - ok
08:32:33.0250 2596 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\System32\DRIVERS\ini910u.sys
08:32:33.0250 2596 ini910u - ok
08:32:33.0437 2596 IntelIde (161b54c8200663ada2c145d87e8d4340) C:\WINDOWS\System32\DRIVERS\intelide.sys
08:32:33.0437 2596 IntelIde - ok
08:32:33.0593 2596 intelppm (98bbc0e8efa90fff1ec9456ee7b0b1f1) C:\WINDOWS\system32\DRIVERS\intelppm.sys
08:32:33.0593 2596 intelppm - ok
08:32:33.0781 2596 ip6fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\drivers\ip6fw.sys
08:32:33.0781 2596 ip6fw - ok
08:32:33.0968 2596 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
08:32:33.0984 2596 IpFilterDriver - ok
08:32:34.0171 2596 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
08:32:34.0171 2596 IpInIp - ok
08:32:34.0328 2596 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
08:32:34.0343 2596 IpNat - ok
08:32:34.0515 2596 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
08:32:34.0515 2596 IPSec - ok
08:32:34.0703 2596 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
08:32:34.0703 2596 IRENUM - ok
08:32:34.0906 2596 isapnp (90bc6118193b4e8a76f0fc0d4a3572de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
08:32:34.0937 2596 isapnp - ok
08:32:35.0093 2596 Kbdclass (71bfdda7b3006b45b18d8bac92bc9993) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
08:32:35.0093 2596 Kbdclass - ok
08:32:35.0296 2596 kbdhid (24334eb02603262309f648ef9e06496e) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
08:32:35.0296 2596 kbdhid - ok
08:32:35.0484 2596 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys
08:32:35.0484 2596 kmixer - ok
08:32:35.0656 2596 KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys
08:32:35.0656 2596 KSecDD - ok
08:32:35.0718 2596 L2XPSR - ok
08:32:36.0000 2596 lbrtfdc - ok
08:32:36.0125 2596 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys
08:32:36.0140 2596 MBAMProtector - ok
08:32:36.0265 2596 MDC8021X (d7010580bf4e45d5e793a1fe75758c69) C:\WINDOWS\system32\DRIVERS\mdc8021x.sys
08:32:36.0265 2596 MDC8021X - ok
08:32:36.0453 2596 mdmxsdk (eeaea6514ba7c9d273b5e87c4e1aab30) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
08:32:36.0453 2596 mdmxsdk - ok
08:32:36.0656 2596 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
08:32:36.0656 2596 mnmdd - ok
08:32:36.0828 2596 Modem (b65f57d37e8d43089b701ed16e22d0e9) C:\WINDOWS\system32\drivers\Modem.sys
08:32:36.0828 2596 Modem - ok
08:32:37.0062 2596 Mouclass (05e9c75c6797145a4983e9d0a4778bc3) C:\WINDOWS\system32\DRIVERS\mouclass.sys
08:32:37.0062 2596 Mouclass - ok
08:32:37.0234 2596 mouhid (8ee532e516b2d23d686cfc1cc0a15c25) C:\WINDOWS\system32\DRIVERS\mouhid.sys
08:32:37.0234 2596 mouhid - ok
08:32:37.0390 2596 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
08:32:37.0390 2596 MountMgr - ok
08:32:37.0578 2596 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\System32\DRIVERS\mraid35x.sys
08:32:37.0578 2596 mraid35x - ok
08:32:37.0796 2596 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
08:32:37.0812 2596 MRxDAV - ok
08:32:38.0015 2596 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
08:32:38.0031 2596 MRxSmb - ok
08:32:38.0203 2596 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
08:32:38.0203 2596 Msfs - ok
08:32:38.0406 2596 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
08:32:38.0406 2596 MSKSSRV - ok
08:32:38.0562 2596 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
08:32:38.0562 2596 MSPCLOCK - ok
08:32:38.0734 2596 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
08:32:38.0734 2596 MSPQM - ok
08:32:38.0906 2596 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
08:32:38.0906 2596 mssmbios - ok
08:32:39.0093 2596 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
08:32:39.0093 2596 Mup - ok
08:32:39.0281 2596 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
08:32:39.0281 2596 NDIS - ok
08:32:39.0437 2596 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
08:32:39.0437 2596 NdisTapi - ok
08:32:39.0609 2596 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
08:32:39.0609 2596 Ndisuio - ok
08:32:39.0828 2596 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
08:32:39.0828 2596 NdisWan - ok
08:32:40.0015 2596 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
08:32:40.0015 2596 NDProxy - ok
08:32:40.0203 2596 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
08:32:40.0203 2596 NetBIOS - ok
08:32:40.0359 2596 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
08:32:40.0359 2596 NetBT - ok
08:32:40.0562 2596 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
08:32:40.0562 2596 Npfs - ok
08:32:40.0734 2596 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys
08:32:40.0765 2596 Ntfs - ok
08:32:40.0953 2596 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
08:32:40.0953 2596 Null - ok
08:32:41.0203 2596 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
08:32:41.0250 2596 nv - ok
08:32:41.0375 2596 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
08:32:41.0390 2596 NwlnkFlt - ok
08:32:41.0562 2596 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
08:32:41.0562 2596 NwlnkFwd - ok
08:32:41.0734 2596 omci (53d5f1278d9edb21689bbbcecc09108d) C:\WINDOWS\system32\DRIVERS\omci.sys
08:32:41.0734 2596 omci - ok
08:32:41.0906 2596 P3 (ccd81db55e228638702c6a96b7e5992b) C:\WINDOWS\system32\DRIVERS\p3.sys
08:32:41.0906 2596 P3 - ok
08:32:42.0125 2596 Parport (0df0b83c90473ccfdc3dc882cbb6e4a9) C:\WINDOWS\system32\DRIVERS\parport.sys
08:32:42.0125 2596 Parport - ok
08:32:42.0265 2596 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
08:32:42.0265 2596 PartMgr - ok
08:32:42.0453 2596 ParVdm (fad44d704ecd7d39ad01415b8bb34204) C:\WINDOWS\system32\drivers\ParVdm.sys
08:32:42.0453 2596 ParVdm - ok
08:32:42.0640 2596 PCI (a566b8da5e70b3237274d418853a87e0) C:\WINDOWS\system32\DRIVERS\pci.sys
08:32:42.0640 2596 PCI - ok
08:32:42.0781 2596 PCIDump - ok
08:32:42.0968 2596 PCIIde (33d63f0a9021acb4d75d83b646b93a30) C:\WINDOWS\system32\DRIVERS\pciide.sys
08:32:42.0968 2596 PCIIde - ok
08:32:43.0171 2596 Pcmcia (6374a34b03aea7971c976982a391ad07) C:\WINDOWS\system32\drivers\Pcmcia.sys
08:32:43.0171 2596 Pcmcia - ok
08:32:43.0296 2596 PDCOMP - ok
08:32:43.0453 2596 PDFRAME - ok
08:32:43.0593 2596 PDRELI - ok
08:32:43.0734 2596 PDRFRAME - ok
08:32:43.0921 2596 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\System32\DRIVERS\perc2.sys
08:32:43.0921 2596 perc2 - ok
08:32:44.0109 2596 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\System32\DRIVERS\perc2hib.sys
08:32:44.0109 2596 perc2hib - ok
08:32:44.0312 2596 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
08:32:44.0312 2596 PptpMiniport - ok
08:32:44.0484 2596 Processor (8526ecbc5e6abc0404c3d3d0733f2c00) C:\WINDOWS\system32\DRIVERS\processr.sys
08:32:44.0484 2596 Processor - ok
08:32:44.0671 2596 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
08:32:44.0671 2596 PSched - ok
08:32:44.0828 2596 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
08:32:44.0828 2596 Ptilink - ok
08:32:45.0031 2596 PxHelp20 (7e1eacdecba39e0b2a35306426f0decc) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
08:32:45.0031 2596 PxHelp20 - ok
08:32:45.0218 2596 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\System32\DRIVERS\ql1080.sys
08:32:45.0218 2596 ql1080 - ok
08:32:45.0390 2596 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\System32\DRIVERS\ql10wnt.sys
08:32:45.0390 2596 Ql10wnt - ok
08:32:45.0546 2596 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\System32\DRIVERS\ql12160.sys
08:32:45.0562 2596 ql12160 - ok
08:32:45.0718 2596 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\System32\DRIVERS\ql1240.sys
08:32:45.0718 2596 ql1240 - ok
08:32:45.0937 2596 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\System32\DRIVERS\ql1280.sys
08:32:45.0937 2596 ql1280 - ok
08:32:46.0109 2596 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
08:32:46.0109 2596 RasAcd - ok
08:32:46.0281 2596 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
08:32:46.0296 2596 Rasl2tp - ok
08:32:46.0468 2596 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
08:32:46.0468 2596 RasPppoe - ok
08:32:46.0640 2596 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
08:32:46.0640 2596 Raspti - ok
08:32:46.0843 2596 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys
08:32:46.0859 2596 Rdbss - ok
08:32:47.0062 2596 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
08:32:47.0062 2596 RDPCDD - ok
08:32:47.0250 2596 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
08:32:47.0265 2596 rdpdr - ok
08:32:47.0453 2596 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
08:32:47.0453 2596 RDPWD - ok
08:32:47.0625 2596 redbook (28531a950381da67fc6412dfebcc8c5c) C:\WINDOWS\system32\DRIVERS\redbook.sys
08:32:47.0625 2596 redbook - ok
08:32:47.0843 2596 rtl8180 (82a5d2f4a1e0a6766adfcb8de59d96b0) C:\WINDOWS\system32\DRIVERS\RTL8180.SYS
08:32:47.0843 2596 rtl8180 - ok
08:32:47.0937 2596 SABKUTIL - ok
08:32:47.0984 2596 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Archivos de programa\SUPERAntiSpyware\SASDIFSV.SYS
08:32:47.0984 2596 SASDIFSV - ok
08:32:48.0015 2596 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Archivos de programa\SUPERAntiSpyware\SASKUTIL.SYS
08:32:48.0015 2596 SASKUTIL - ok
08:32:48.0218 2596 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
08:32:48.0218 2596 Secdrv - ok
08:32:48.0390 2596 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
08:32:48.0390 2596 serenum - ok
08:32:48.0562 2596 Serial (fa9c4c4ac544301fa13c5c00a270399f) C:\WINDOWS\system32\DRIVERS\serial.sys
08:32:48.0562 2596 Serial - ok
08:32:48.0734 2596 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
08:32:48.0734 2596 Sfloppy - ok
08:32:48.0890 2596 Simbad - ok
08:32:49.0078 2596 sisagp (732d859b286da692119f286b21a2a114) C:\WINDOWS\System32\DRIVERS\sisagp.sys
08:32:49.0078 2596 sisagp - ok
08:32:49.0265 2596 smwdm (31fd0707c7dbe715234f2823b27214fe) C:\WINDOWS\system32\drivers\smwdm.sys
08:32:49.0296 2596 smwdm - ok
08:32:49.0453 2596 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\System32\DRIVERS\sparrow.sys
08:32:49.0468 2596 Sparrow - ok
08:32:49.0625 2596 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys
08:32:49.0625 2596 splitter - ok
08:32:49.0843 2596 sr (3c151d50cf3ae1683c6e3ec201b2ad3d) C:\WINDOWS\system32\DRIVERS\sr.sys
08:32:49.0843 2596 sr - ok
08:32:50.0031 2596 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
08:32:50.0046 2596 Srv - ok
08:32:50.0218 2596 sscdbhk5 (328e8bb94ec58480f60458fb4b8437a7) C:\WINDOWS\system32\drivers\sscdbhk5.sys
08:32:50.0218 2596 sscdbhk5 - ok
08:32:50.0421 2596 ssrtln (7ec8b427cee5c0cdac066320b93f1355) C:\WINDOWS\system32\drivers\ssrtln.sys
08:32:50.0421 2596 ssrtln - ok
08:32:50.0609 2596 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
08:32:50.0609 2596 swenum - ok
08:32:50.0781 2596 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
08:32:50.0781 2596 swmidi - ok
08:32:50.0968 2596 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\System32\DRIVERS\symc810.sys
08:32:50.0968 2596 symc810 - ok
08:32:51.0140 2596 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\System32\DRIVERS\symc8xx.sys
08:32:51.0140 2596 symc8xx - ok
08:32:51.0328 2596 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\System32\DRIVERS\sym_hi.sys
08:32:51.0328 2596 sym_hi - ok
08:32:51.0468 2596 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\System32\DRIVERS\sym_u3.sys
08:32:51.0484 2596 sym_u3 - ok
08:32:51.0625 2596 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
08:32:51.0625 2596 sysaudio - ok
08:32:51.0859 2596 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
08:32:51.0875 2596 Tcpip - ok
08:32:52.0078 2596 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
08:32:52.0078 2596 TDPIPE - ok
08:32:52.0234 2596 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
08:32:52.0234 2596 TDTCP - ok
08:32:52.0390 2596 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
08:32:52.0390 2596 TermDD - ok
08:32:52.0578 2596 tfsnboio (c229bf90443be8d3bd2b65d7f3ac0f35) C:\WINDOWS\system32\dla\tfsnboio.sys
08:32:52.0578 2596 tfsnboio - ok
08:32:52.0750 2596 tfsncofs (79ee9fcd7728e54ab8fbc30962f0416f) C:\WINDOWS\system32\dla\tfsncofs.sys
08:32:52.0750 2596 tfsncofs - ok
08:32:52.0937 2596 tfsndrct (9efb37e7de17d783a059b653f7e8afad) C:\WINDOWS\system32\dla\tfsndrct.sys
08:32:52.0937 2596 tfsndrct - ok
08:32:53.0125 2596 tfsndres (8a6309c23a617e091302ff9db313da3e) C:\WINDOWS\system32\dla\tfsndres.sys
08:32:53.0125 2596 tfsndres - ok
08:32:53.0312 2596 tfsnifs (9b40e1e4aeed849812a2e43a388a7e77) C:\WINDOWS\system32\dla\tfsnifs.sys
08:32:53.0312 2596 tfsnifs - ok
08:32:53.0484 2596 tfsnopio (818047ad850b312705aa17ca96b9427d) C:\WINDOWS\system32\dla\tfsnopio.sys
08:32:53.0484 2596 tfsnopio - ok
08:32:53.0671 2596 tfsnpool (4603e813bcc6dd465cd8d2afd37fa90d) C:\WINDOWS\system32\dla\tfsnpool.sys
08:32:53.0671 2596 tfsnpool - ok
08:32:53.0859 2596 tfsnudf (6fc2cd904a9a55acfdfc780a611a75ed) C:\WINDOWS\system32\dla\tfsnudf.sys
08:32:53.0875 2596 tfsnudf - ok
08:32:54.0046 2596 tfsnudfa (d4afa4d00f8db3fd1c15b3fe49c3a96c) C:\WINDOWS\system32\dla\tfsnudfa.sys
08:32:54.0046 2596 tfsnudfa - ok
08:32:54.0250 2596 TosIde (95744b77c159ed63774097ddb2e78cb2) C:\WINDOWS\System32\DRIVERS\toside.sys
08:32:54.0250 2596 TosIde - ok
08:32:54.0390 2596 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
08:32:54.0390 2596 Udfs - ok
08:32:54.0562 2596 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\System32\DRIVERS\ultra.sys
08:32:54.0562 2596 ultra - ok
08:32:54.0734 2596 Update (ced744117e91bdc0beb810f7d8608183) C:\WINDOWS\system32\DRIVERS\update.sys
08:32:54.0750 2596 Update - ok
08:32:54.0937 2596 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
08:32:54.0937 2596 USBAAPL - ok
08:32:55.0109 2596 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
08:32:55.0109 2596 usbccgp - ok
08:32:55.0281 2596 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
08:32:55.0281 2596 usbehci - ok
08:32:55.0453 2596 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
08:32:55.0453 2596 usbhub - ok
08:32:55.0625 2596 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
08:32:55.0625 2596 usbprint - ok
08:32:55.0843 2596 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
08:32:55.0843 2596 usbscan - ok
08:32:56.0015 2596 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
08:32:56.0015 2596 USBSTOR - ok
08:32:56.0187 2596 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
08:32:56.0187 2596 usbuhci - ok
08:32:56.0343 2596 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
08:32:56.0343 2596 VgaSave - ok
08:32:56.0531 2596 viaagp (d92e7c8a30cfd14d8e15b5f7f032151b) C:\WINDOWS\System32\DRIVERS\viaagp.sys
08:32:56.0531 2596 viaagp - ok
08:32:56.0703 2596 ViaIde (59cb1338ad3654417bea49636457f65d) C:\WINDOWS\System32\DRIVERS\viaide.sys
08:32:56.0703 2596 ViaIde - ok
08:32:57.0031 2596 VolSnap (d6ec4aff061665a10f0b1a9517d338e3) C:\WINDOWS\system32\drivers\VolSnap.sys
08:32:57.0031 2596 VolSnap - ok
08:32:57.0218 2596 vrskbdft (14cb3a226f3551884051203103763638) C:\WINDOWS\system32\drivers\vrskbdft.sys
08:32:57.0218 2596 vrskbdft - ok
08:32:57.0437 2596 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
08:32:57.0437 2596 Wanarp - ok
08:32:57.0609 2596 wceusbsh (4a954a20a4c73d6db13c0fe25f3f1b0c) C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
08:32:57.0609 2596 wceusbsh - ok
08:32:57.0750 2596 WDICA - ok
08:32:57.0968 2596 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys
08:32:57.0968 2596 wdmaud - ok
08:32:58.0187 2596 winachsf (2e5bc3ddf1c44c84c3093e1148a0354e) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
08:32:58.0203 2596 winachsf - ok
08:32:58.0406 2596 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
08:32:58.0406 2596 WS2IFSL - ok
08:32:58.0609 2596 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
08:32:58.0609 2596 WudfPf - ok
08:32:58.0781 2596 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
08:32:58.0781 2596 WudfRd - ok
08:32:59.0000 2596 {6080A529-897E-4629-A488-ABA0C29B635E} (fd1f4e9cf06c71c8d73a24acf18d8296) C:\WINDOWS\system32\drivers\ialmsbw.sys
08:32:59.0015 2596 {6080A529-897E-4629-A488-ABA0C29B635E} - ok
08:32:59.0218 2596 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} (d4d7331d33d1fa73e588e5ce0d90a4c1) C:\WINDOWS\system32\drivers\ialmkchw.sys
08:32:59.0218 2596 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} - ok
08:32:59.0250 2596 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
08:32:59.0453 2596 \Device\Harddisk0\DR0 - ok
08:32:59.0468 2596 Boot (0x1200) (85ff78481c161aa97f6569f7b1c0fa60) \Device\Harddisk0\DR0\Partition0
08:32:59.0468 2596 \Device\Harddisk0\DR0\Partition0 - ok
08:32:59.0484 2596 ============================================================
08:32:59.0484 2596 Scan finished
08:32:59.0484 2596 ============================================================
08:32:59.0500 2324 Detected object count: 0
08:32:59.0500 2324 Actual detected object count: 0

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:57 AM

Posted 03 February 2012 - 02:46 PM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 linseed

linseed
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Mexico
  • Local time:10:57 PM

Posted 03 February 2012 - 04:57 PM

OTL was downloaded in spanish, so I am not sure I got all the settings correctly. I have an image (print screen) of how I set the settings, I can attach it, but mainly I couldn't figuere out the UseSafeList part. Here is the OTL.txt. BTW, Windows seems to be working OK, except for the internet explorer and the fact that I can still see System Check on startup and on desktop.


OTL logfile created on: 03/02/2012 03:34:26 p.m. - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Verónica Barrera J\Mis documentos\Descargas
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000080A | Country: México | Language: ESM | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.57 Gb Available Physical Memory | 78.72% Memory free
2.23 Gb Paging File | 1.97 Gb Available in Paging File | 88.47% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Archivos de programa
Drive C: | 37.21 Gb Total Space | 10.94 Gb Free Space | 29.40% Space Free | Partition Type: NTFS

Computer Name: VERONICA | User Name: Verónica Barrera J | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Verónica Barrera J\Mis documentos\Descargas\OTL.exe (OldTimer Tools)
PRC - C:\Archivos de programa\Archivos comunes\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
PRC - C:\Archivos de programa\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Archivos de programa\WinZip\WZQKPICK.EXE (WinZip Computing, Inc.)
PRC - C:\Archivos de programa\Dell\Dell Laser MFP 1600n\PSU\ScanToPc.exe ()
PRC - C:\WINDOWS\SYSTEM32\DSentry.exe (Dell - Advanced Desktop Engineering)


========== Modules (No Company Name) ==========

MOD - C:\Archivos de programa\Archivos comunes\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Archivos de programa\Archivos comunes\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Archivos de programa\Archivos comunes\Adobe\Acrobat\ActiveX\pdfshell.ESP ()
MOD - C:\Archivos de programa\Dell\Dell Laser MFP 1600n\PSU\ScanToPc.exe ()
MOD - C:\Archivos de programa\Dell\Dell Laser MFP 1600n\PSU\IMFilter.dll ()


========== Win32 Services (SafeList) ==========

SRV - (AppMgmt) -- File not found
SRV - (MBAMService) -- C:\Archivos de programa\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (Apple Mobile Device) -- C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)


========== Driver Services (SafeList) ==========

DRV - (MBAMProtector) -- C:\WINDOWS\SYSTEM32\DRIVERS\mbam.sys (Malwarebytes Corporation)
DRV - (SASKUTIL) -- C:\Archivos de programa\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- C:\Archivos de programa\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (FANTOM) -- C:\WINDOWS\SYSTEM32\DRIVERS\fantom.sys (National Instruments Corporation)
DRV - (2WIREPCP) -- C:\WINDOWS\SYSTEM32\DRIVERS\2WirePCP.sys (2Wire, Inc.)
DRV - (MDC8021X) AEGIS Protocol (IEEE 802.1x) -- C:\WINDOWS\SYSTEM32\DRIVERS\mdc8021x.sys (Meetinghouse Data Communications)
DRV - (vrskbdft) -- C:\WINDOWS\System32\drivers\vrskbdft.sys (HAURI)
DRV - (rtl8180) Realtek RTL8180 Wireless LAN (Mini-) -- C:\WINDOWS\SYSTEM32\DRIVERS\RTL8180.sys (Realtek Semiconductor Corporation )
DRV - (HSFHWBS2) -- C:\WINDOWS\SYSTEM32\DRIVERS\HSFHWBS2.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSF_DP) -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (bcm4sbxp) -- C:\WINDOWS\SYSTEM32\DRIVERS\bcm4sbxp.sys (Broadcom Corporation)
DRV - (omci) -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys (Dell Computer Corporation)
DRV - (ENETHUSB) -- C:\WINDOWS\SYSTEM32\DRIVERS\enethusb.sys (Efficient Networks, Inc.)
DRV - (EL90XBC) -- C:\WINDOWS\SYSTEM32\DRIVERS\EL90XBC5.SYS (3Com Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com/
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.com/
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com/
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.com/
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-409304385-768972678-2457951874-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-409304385-768972678-2457951874-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-409304385-768972678-2457951874-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bleepingcomputer.com/virus-removal/remove-system-check
IE - HKU\S-1-5-21-409304385-768972678-2457951874-1006\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-409304385-768972678-2457951874-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-409304385-768972678-2457951874-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Yahoo"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Archivos de programa\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Archivos de programa\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Archivos de programa\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Archivos de programa\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.652: C:\Documents and Settings\All Users\Datos de programa\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.652: C:\Documents and Settings\All Users\Datos de programa\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Archivos de programa\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Archivos de programa\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@unity3d.com/UnityPlayer: C:\Archivos de programa\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Verónica Barrera J\Configuración local\Datos de programa\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Verónica Barrera J\Configuración local\Datos de programa\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Datos de programa\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/07/04 22:56:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Archivos de programa\Mozilla Firefox\components [2011/11/23 19:59:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Archivos de programa\Mozilla Firefox\plugins [2011/11/23 20:00:43 | 000,000,000 | ---D | M]

[2010/07/28 11:27:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Verónica Barrera J\Datos de programa\Mozilla\Extensions
[2011/07/04 09:33:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Verónica Barrera J\Datos de programa\Mozilla\Firefox\Profiles\62rw5oor.default\extensions
[2008/05/17 12:22:04 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Verónica Barrera J\Datos de programa\Mozilla\Firefox\Profiles\62rw5oor.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011/06/08 21:35:58 | 000,002,396 | ---- | M] () -- C:\Documents and Settings\Verónica Barrera J\Datos de programa\Mozilla\Firefox\Profiles\62rw5oor.default\searchplugins\askcom.xml
[2011/11/26 16:59:29 | 000,000,000 | ---D | M] (No name found) -- C:\Archivos de programa\Mozilla Firefox\extensions
[2008/05/09 16:19:59 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Archivos de programa\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2008/05/09 16:19:52 | 000,000,000 | ---D | M] (Mozilla Firefox distributed by RealNetworks) -- C:\Archivos de programa\Mozilla Firefox\extensions\realplayer@partners.mozilla.com
[2011/03/17 09:18:45 | 000,002,456 | ---- | M] () -- C:\Archivos de programa\mozilla firefox\searchplugins\mercadolibre-mx.xml
[2011/03/17 09:18:45 | 000,001,178 | ---- | M] () -- C:\Archivos de programa\mozilla firefox\searchplugins\wikipedia-es.xml
[2011/03/17 09:18:45 | 000,001,102 | ---- | M] () -- C:\Archivos de programa\mozilla firefox\searchplugins\yahoo-mx.xml

========== Chrome ==========

CHR - default_search_provider: Google ()
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}

O1 HOSTS File: ([2012/02/02 10:22:12 | 000,000,027 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Archivos de programa\Archivos comunes\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Datos de programa\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\SYSTEM32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Archivos de programa\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O3 - HKU\S-1-5-21-409304385-768972678-2457951874-1006\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O4 - HKLM..\Run: [Adobe ARM] C:\Archivos de programa\Archivos comunes\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Archivos de programa\Archivos comunes\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DVDSentry] C:\WINDOWS\SYSTEM32\DSentry.exe (Dell - Advanced Desktop Engineering)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\hpztsb03.exe (HP)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Archivos de programa\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Archivos de programa\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [P3000x_S2P] C:\Archivos de programa\Dell\Dell Laser MFP 1600n\PSU\ScanToPc.exe ()
O4 - HKLM..\Run: [StorageGuard] C:\Archivos de programa\Archivos comunes\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Menú Inicio\Programas\Inicio\Prodigy.lnk = File not found
O4 - Startup: C:\Documents and Settings\All Users\Menú Inicio\Programas\Inicio\WinZip Quick Pick.lnk = C:\Archivos de programa\WinZip\WZQKPICK.EXE (WinZip Computing, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-409304385-768972678-2457951874-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-409304385-768972678-2457951874-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-409304385-768972678-2457951874-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-409304385-768972678-2457951874-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Archivos de programa\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-409304385-768972678-2457951874-1006\..Trusted Domains: ([]msn in My Computer)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{753F4254-3782-4DBC-BC8D-F7D1DE336F08}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8FB17606-38B3-4076-9793-28097967C43D}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{910EE9BB-8C4A-44A0-B267-DF3BC7E06BE9}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\SYSTEM32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Archivos de programa\SUPERAntiSpyware\SASWINLO.DLL) - C:\Archivos de programa\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop Components:0 (Mi página de inicio actual) - About:Home
O24 - Desktop Components:1 () - http://www.google.com.mx/imgres?q=futbol&hl=es&gbv=2&biw=1024&bih=584&tbm=isch&tbnid=PamizW5wTjS-IM:&imgrefurl=http://www.reportajes.org/2010/05/12/mundial-de-futbol-historia/&docid=YdBfzS_i6Wn5lM&imgurl=http://www.reportajes.org/wp-content/uploads/2010/05/mundial-sudafrica-2010.jpg&w=400&h=360&ei=an--ToLMJeGpsQLxr7izBA&zoom=1&iact=rc&dur=2875&sig=103333094959994790255&page=6&tbnh=109&tbnw=101&start=79&ndsp=20&ved=1t:429,r:9,s:79&tx=44&ty=6
O24 - Desktop WallPaper: C:\Documents and Settings\Verónica Barrera J\Configuración local\Datos de programa\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Verónica Barrera J\Configuración local\Datos de programa\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Archivos de programa\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/11/01 12:03:02 | 000,000,094 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/02/02 09:50:43 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/02/02 09:43:16 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/02/02 09:43:16 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/02/02 09:43:16 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/02/02 09:43:16 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/02/02 09:42:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/02/02 09:42:09 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/02/02 09:40:33 | 004,395,504 | R--- | C] (Swearware) -- C:\Documents and Settings\Verónica Barrera J\Escritorio\ComboFix.exe
[2012/01/30 16:19:01 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Verónica Barrera J\Mis documentos\Mis vídeos
[2012/01/30 16:18:53 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Verónica Barrera J\Escritorio\dds.scr
[2012/01/30 10:24:04 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\MEN┌IN~1
[2012/01/28 18:28:31 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Verónica Barrera J\Recent
[2012/01/26 21:15:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Verónica Barrera J\Datos de programa\Malwarebytes
[2012/01/26 19:53:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menú Inicio\Programas\Malwarebytes' Anti-Malware
[2012/01/26 19:53:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Datos de programa\Malwarebytes
[2012/01/26 19:53:14 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/01/26 19:53:14 | 000,000,000 | ---D | C] -- C:\Archivos de programa\Malwarebytes' Anti-Malware
[2012/01/25 19:57:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Verónica Barrera J\Menú Inicio\Programas\System Check
[2012/01/25 19:35:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menú Inicio\Programas\iTunes
[2012/01/25 19:34:06 | 000,000,000 | ---D | C] -- C:\Archivos de programa\iPod

========== Files - Modified Within 30 Days ==========

[2012/02/03 15:40:00 | 000,001,038 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/03 15:27:13 | 000,000,318 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-409304385-768972678-2457951874-1006.job
[2012/02/03 15:27:05 | 000,000,326 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-409304385-768972678-2457951874-1006.job
[2012/02/03 15:27:01 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2012/02/03 15:26:29 | 000,001,034 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/03 15:26:21 | 000,002,048 | ---- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2012/02/03 15:26:19 | 2145,456,128 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/02 10:22:12 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts
[2012/02/02 09:51:08 | 000,000,327 | RHS- | M] () -- C:\BOOT.INI
[2012/02/02 09:40:33 | 004,395,504 | R--- | M] (Swearware) -- C:\Documents and Settings\Verónica Barrera J\Escritorio\ComboFix.exe
[2012/01/30 16:23:30 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Verónica Barrera J\Escritorio\bhvb7hn6.exe
[2012/01/30 16:18:56 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Verónica Barrera J\Escritorio\dds.scr
[2012/01/30 16:16:21 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Verónica Barrera J\defogger_reenable
[2012/01/30 16:15:18 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Verónica Barrera J\Escritorio\Defogger.exe
[2012/01/30 10:58:01 | 000,000,972 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2012/01/30 10:09:30 | 000,684,297 | ---- | M] () -- C:\Documents and Settings\Verónica Barrera J\Escritorio\unhide.exe
[2012/01/26 21:24:40 | 000,000,869 | ---- | M] () -- C:\Documents and Settings\All Users\Escritorio\Malwarebytes Anti-Malware.lnk
[2012/01/26 19:53:21 | 000,000,833 | ---- | M] () -- C:\Documents and Settings\All Users\Escritorio\Malwarebytes' Anti-Malware.lnk
[2012/01/25 19:58:02 | 000,000,876 | ---- | M] () -- C:\Documents and Settings\Verónica Barrera J\Escritorio\System Check.lnk
[2012/01/25 19:35:29 | 000,001,613 | ---- | M] () -- C:\Documents and Settings\All Users\Escritorio\iTunes.lnk
[2012/01/25 19:20:01 | 000,000,298 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/01/20 19:46:30 | 000,002,551 | ---- | M] () -- C:\Documents and Settings\Verónica Barrera J\Escritorio\Microsoft Word.lnk
[2012/01/20 13:40:02 | 000,000,599 | ---- | M] () -- C:\Documents and Settings\Verónica Barrera J\Escritorio\Acceso directo a CARTA CARLOS 2011.lnk
[2012/01/09 19:44:38 | 000,002,529 | ---- | M] () -- C:\Documents and Settings\Verónica Barrera J\Escritorio\Microsoft Excel.lnk

========== Files Created - No Company Name ==========

[2012/02/02 10:15:38 | 000,001,769 | ---- | C] () -- C:\Documents and Settings\All Users\Menú Inicio\Programas\Inicio\Microsoft Office.lnk
[2012/02/02 10:15:38 | 000,001,589 | ---- | C] () -- C:\Documents and Settings\All Users\Menú Inicio\Programas\Inicio\WinZip Quick Pick.lnk
[2012/02/02 10:15:38 | 000,000,546 | ---- | C] () -- C:\Documents and Settings\All Users\Menú Inicio\Programas\Inicio\Prodigy.lnk
[2012/02/02 10:15:37 | 000,000,529 | ---- | C] () -- C:\Documents and Settings\All Users\Menú Inicio\Programas\Inicio\Digital Line Detect.lnk
[2012/02/02 10:15:30 | 000,000,888 | ---- | C] () -- C:\Documents and Settings\All Users\Menú Inicio\Programas\Windows Messenger.lnk
[2012/02/02 10:15:29 | 000,002,557 | ---- | C] () -- C:\Documents and Settings\All Users\Menú Inicio\Programas\Microsoft Word.lnk
[2012/02/02 10:15:29 | 000,002,537 | ---- | C] () -- C:\Documents and Settings\All Users\Menú Inicio\Programas\Microsoft PowerPoint.lnk
[2012/02/02 10:15:29 | 000,002,537 | ---- | C] () -- C:\Documents and Settings\All Users\Menú Inicio\Programas\Microsoft PowerPoint (2).lnk
[2012/02/02 10:15:29 | 000,002,387 | ---- | C] () -- C:\Documents and Settings\All Users\Menú Inicio\Programas\Microsoft Visual FoxPro 7.0.lnk
[2012/02/02 10:15:29 | 000,002,235 | ---- | C] () -- C:\Documents and Settings\All Users\Menú Inicio\Programas\Safari.lnk
[2012/02/02 10:15:29 | 000,001,961 | ---- | C] () -- C:\Documents and Settings\All Users\Menú Inicio\Programas\MSN Explorer.lnk
[2012/02/02 10:15:29 | 000,001,765 | ---- | C] () -- C:\Documents and Settings\All Users\Menú Inicio\Programas\Solution Center.lnk
[2012/02/02 10:15:29 | 000,001,671 | ---- | C] () -- C:\Documents and Settings\All Users\Menú Inicio\Programas\Selector de tareas de Microsoft Works.lnk
[2012/02/02 10:15:28 | 000,002,631 | ---- | C] () -- C:\Documents and Settings\All Users\Menú Inicio\Programas\Microsoft Outlook.lnk
[2012/02/02 10:15:28 | 000,002,535 | ---- | C] () -- C:\Documents and Settings\All Users\Menú Inicio\Programas\Microsoft FrontPage.lnk
[2012/02/02 10:15:28 | 000,002,535 | ---- | C] () -- C:\Documents and Settings\All Users\Menú Inicio\Programas\Microsoft Excel.lnk
[2012/02/02 10:15:28 | 000,002,509 | ---- | C] () -- C:\Documents and Settings\All Users\Menú Inicio\Programas\Microsoft Access.lnk
[2012/02/02 10:15:28 | 000,002,347 | ---- | C] () -- C:\Documents and Settings\All Users\Menú Inicio\Programas\Adobe Reader 9.lnk
[2012/02/02 10:15:28 | 000,002,293 | ---- | C] () -- C:\Documents and Settings\All Users\Menú Inicio\Programas\Apple Software Update.lnk
[2012/02/02 10:15:28 | 000,001,534 | ---- | C] () -- C:\Documents and Settings\All Users\Menú Inicio\Programas\Calculadora.lnk
[2012/02/02 10:15:28 | 000,000,811 | ---- | C] () -- C:\Documents and Settings\All Users\Menú Inicio\Programas\Acrobat.com.lnk
[2012/02/02 09:51:08 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012/02/02 09:51:02 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/02/02 09:43:16 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/02/02 09:43:16 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/02/02 09:43:16 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/02/02 09:43:16 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/02/02 09:43:16 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/01/30 16:23:27 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Verónica Barrera J\Escritorio\bhvb7hn6.exe
[2012/01/30 16:16:21 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Verónica Barrera J\defogger_reenable
[2012/01/30 16:15:18 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Verónica Barrera J\Escritorio\Defogger.exe
[2012/01/30 10:24:09 | 000,002,229 | ---- | C] () -- C:\Documents and Settings\All Users\Escritorio\Safari.lnk
[2012/01/30 10:24:09 | 000,002,000 | ---- | C] () -- C:\Documents and Settings\All Users\Escritorio\Google Earth.lnk
[2012/01/30 10:24:09 | 000,001,955 | ---- | C] () -- C:\Documents and Settings\All Users\Escritorio\MSN Explorer.lnk
[2012/01/30 10:24:09 | 000,001,800 | ---- | C] () -- C:\Documents and Settings\All Users\Escritorio\Adobe Reader 9.lnk
[2012/01/30 10:24:09 | 000,001,777 | ---- | C] () -- C:\Documents and Settings\All Users\Escritorio\SUPERAntiSpyware Free Edition.lnk
[2012/01/30 10:24:09 | 000,001,759 | ---- | C] () -- C:\Documents and Settings\All Users\Escritorio\Solution Center.lnk
[2012/01/30 10:24:09 | 000,001,701 | ---- | C] () -- C:\Documents and Settings\All Users\Escritorio\Mozilla Firefox.lnk
[2012/01/30 10:24:09 | 000,001,687 | ---- | C] () -- C:\Documents and Settings\All Users\Escritorio\Asistente Prodigy.lnk
[2012/01/30 10:24:09 | 000,001,675 | ---- | C] () -- C:\Documents and Settings\All Users\Escritorio\QuickTime Player.lnk
[2012/01/30 10:24:09 | 000,001,645 | ---- | C] () -- C:\Documents and Settings\All Users\Escritorio\Learn XP.LNK
[2012/01/30 10:24:09 | 000,001,613 | ---- | C] () -- C:\Documents and Settings\All Users\Escritorio\iTunes.lnk
[2012/01/30 10:24:09 | 000,001,250 | ---- | C] () -- C:\Documents and Settings\All Users\Escritorio\Asistente de la impresora 656c.lnk
[2012/01/30 10:24:09 | 000,000,897 | ---- | C] () -- C:\Documents and Settings\All Users\Escritorio\LEGO MINDSTORMS NXT 2.0.lnk
[2012/01/30 10:24:09 | 000,000,850 | ---- | C] () -- C:\Documents and Settings\All Users\Escritorio\InterActual Player.lnk
[2012/01/30 10:24:09 | 000,000,833 | ---- | C] () -- C:\Documents and Settings\All Users\Escritorio\Malwarebytes' Anti-Malware.lnk
[2012/01/30 10:24:09 | 000,000,805 | ---- | C] () -- C:\Documents and Settings\All Users\Escritorio\Acrobat.com.lnk
[2012/01/30 10:24:09 | 000,000,761 | ---- | C] () -- C:\Documents and Settings\All Users\Escritorio\RealPlayer.lnk
[2012/01/30 10:12:00 | 000,684,297 | ---- | C] () -- C:\Documents and Settings\Verónica Barrera J\Escritorio\unhide.exe
[2012/01/28 21:38:47 | 2145,456,128 | -HS- | C] () -- C:\hiberfil.sys
[2012/01/28 18:45:08 | 000,000,869 | ---- | C] () -- C:\Documents and Settings\All Users\Escritorio\Malwarebytes Anti-Malware.lnk
[2012/01/25 19:58:02 | 000,000,876 | ---- | C] () -- C:\Documents and Settings\Verónica Barrera J\Escritorio\System Check.lnk
[2012/01/20 13:40:02 | 000,000,599 | ---- | C] () -- C:\Documents and Settings\Verónica Barrera J\Escritorio\Acceso directo a CARTA CARLOS 2011.lnk
[2011/04/26 11:22:25 | 000,028,400 | ---- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2008/07/26 19:47:24 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/07/05 08:35:56 | 000,001,412 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/05/09 16:21:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/05/09 16:19:47 | 000,003,515 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2008/01/11 23:14:47 | 000,001,751 | ---- | C] () -- C:\Documents and Settings\All Users\Datos de programa\QTSBandwidthCache
[2007/08/28 12:57:01 | 000,000,052 | ---- | C] () -- C:\WINDOWS\tb40.ini
[2007/06/15 19:51:44 | 000,000,376 | ---- | C] () -- C:\WINDOWS\mozregistry.dat
[2007/05/30 16:14:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iplayer.INI
[2007/05/15 15:57:21 | 000,000,385 | ---- | C] () -- C:\WINDOWS\disneysy.ini
[2007/05/14 18:23:59 | 000,000,344 | ---- | C] () -- C:\WINDOWS\Disney.ini
[2007/05/14 18:23:12 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\qttask.exe
[2007/02/20 21:47:48 | 000,000,083 | -HS- | C] () -- C:\Documents and Settings\Verónica Barrera J\Datos de programa\.zreglib
[2007/02/02 09:23:09 | 000,247,296 | ---- | C] () -- C:\WINDOWS\UN160410.EXE
[2006/12/21 10:11:14 | 000,002,508 | ---- | C] () -- C:\Documents and Settings\Verónica Barrera J\Datos de programa\$_hpcst$.hpc
[2006/05/25 14:58:51 | 000,010,240 | ---- | C] () -- C:\Documents and Settings\Verónica Barrera J\Configuración local\Datos de programa\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/12/23 14:22:30 | 000,024,576 | ---- | C] () -- C:\WINDOWS\SvcCon.exe
[2005/12/23 14:19:04 | 000,081,920 | R--- | C] () -- C:\WINDOWS\System32\WIAEH.dll
[2005/12/23 14:19:04 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\WIAIPH.dll
[2005/12/23 14:19:04 | 000,053,315 | R--- | C] () -- C:\WINDOWS\System32\Sswiadrv.dll
[2005/12/23 14:19:04 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\WIASTIIO.dll
[2005/11/14 11:10:54 | 000,278,528 | ---- | C] () -- C:\WINDOWS\System32\lsuninst.exe
[2005/11/14 11:10:52 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\hUrlDn.dll
[2005/09/08 10:41:03 | 000,000,069 | ---- | C] () -- C:\WINDOWS\LIVING~2.ini
[2005/06/14 21:27:46 | 000,225,280 | ---- | C] () -- C:\WINDOWS\System32\HKDown.exe
[2005/06/01 09:06:04 | 000,000,012 | ---- | C] () -- C:\WINDOWS\3D Volcano.ini
[2005/06/01 08:29:59 | 000,974,848 | ---- | C] () -- C:\WINDOWS\vorbis.dll
[2005/06/01 08:29:59 | 000,049,152 | ---- | C] () -- C:\WINDOWS\ogg.dll
[2005/06/01 08:29:59 | 000,028,672 | ---- | C] () -- C:\WINDOWS\vorbisfile.dll
[2005/03/06 10:26:42 | 000,000,096 | ---- | C] () -- C:\WINDOWS\msje8tp.dat
[2005/03/06 10:26:38 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\Pcrypvc.dll
[2005/03/06 10:26:38 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\Pmathvc.dll
[2005/03/06 10:26:38 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\Pyarrow.dll
[2005/03/06 10:26:38 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\Pavmsg.dll
[2005/03/06 10:26:38 | 000,072,192 | ---- | C] () -- C:\WINDOWS\System32\Pavperf.dll
[2005/03/06 10:26:38 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\Startjob.exe
[2005/03/06 10:26:37 | 000,786,432 | ---- | C] () -- C:\WINDOWS\System32\Analizar.dll
[2005/03/06 10:26:37 | 000,783,872 | ---- | C] () -- C:\WINDOWS\System32\Anasent.dll
[2005/03/06 10:26:37 | 000,278,016 | ---- | C] () -- C:\WINDOWS\System32\Pavcprox.dll
[2005/03/06 10:26:37 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\Pavjob.dll
[2005/03/06 10:26:37 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\Pavcomdl.dll
[2005/03/06 10:26:37 | 000,002,796 | ---- | C] () -- C:\WINDOWS\System32\Counters.ini
[2005/03/06 10:26:37 | 000,000,782 | ---- | C] () -- C:\WINDOWS\System32\Counter2.ini
[2005/02/15 13:00:09 | 000,071,749 | ---- | C] () -- C:\WINDOWS\hcextoutput.dll
[2005/02/15 13:00:09 | 000,000,853 | ---- | C] () -- C:\WINDOWS\tsc.ini
[2005/02/15 12:54:40 | 000,000,170 | ---- | C] () -- C:\WINDOWS\GetServer.ini
[2004/10/28 10:54:14 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/10/25 11:22:20 | 000,303,176 | ---- | C] () -- C:\WINDOWS\System32\TTFI6ES.dll
[2004/08/07 10:04:20 | 000,000,379 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/07/20 13:23:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\ftpupd.exe
[2004/02/05 21:26:53 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/02/05 21:23:07 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004/02/05 21:19:56 | 000,000,851 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/02/05 21:06:34 | 000,002,048 | ---- | C] () -- C:\WINDOWS\BOOTSTAT.DAT
[2004/02/05 21:05:01 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/02/05 21:04:58 | 000,363,688 | ---- | C] () -- C:\WINDOWS\System32\perfh00A.dat
[2004/02/05 21:04:58 | 000,312,946 | ---- | C] () -- C:\WINDOWS\System32\PERFH009.DAT
[2004/02/05 21:04:58 | 000,051,900 | ---- | C] () -- C:\WINDOWS\System32\perfc00A.dat
[2004/02/05 21:04:58 | 000,040,664 | ---- | C] () -- C:\WINDOWS\System32\PERFC009.DAT
[2004/02/05 21:04:45 | 000,003,656 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/02/05 20:54:30 | 000,000,648 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2003/08/13 22:56:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2002/10/02 03:25:10 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.BIN
[2002/10/02 03:25:10 | 000,004,594 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2002/09/23 09:21:24 | 000,166,712 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2002/09/23 09:16:04 | 000,004,207 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2002/09/23 09:13:26 | 000,021,900 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2002/09/10 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\MLANG.DAT
[2002/09/10 07:00:00 | 000,317,534 | ---- | C] () -- C:\WINDOWS\System32\perfi00A.dat
[2002/09/10 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\PERFI009.DAT
[2002/09/10 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\DSSEC.DAT
[2002/09/10 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\MIB.BIN
[2002/09/10 07:00:00 | 000,036,284 | ---- | C] () -- C:\WINDOWS\System32\perfd00A.dat
[2002/09/10 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\PERFD009.DAT
[2002/09/10 07:00:00 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2002/09/10 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\NOISE.DAT
[2001/08/29 02:32:32 | 000,008,368 | ---- | C] () -- C:\WINDOWS\System32\PrnCltUi.dll
[1999/07/23 13:46:48 | 000,000,116 | ---- | C] () -- C:\WINDOWS\AuHCcup1.ini
[1999/07/23 10:53:20 | 000,129,536 | ---- | C] () -- C:\WINDOWS\AuHCcup1.dll

< End of report >

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:57 AM

Posted 03 February 2012 - 05:29 PM

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :OTL
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
    O3 - HKU\S-1-5-21-409304385-768972678-2457951874-1006\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    O4 - Startup: C:\Documents and Settings\All Users\Menú Inicio\Programas\Inicio\Prodigy.lnk = File not found
    [2011/06/08 21:35:58 | 000,002,396 | ---- | M] () -- C:\Documents and Settings\Verónica Barrera J\Datos de programa\Mozilla\Firefox\Profiles\62rw5oor.default\searchplugins\askcom.xml
    [2012/01/25 19:57:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Verónica Barrera J\Menú Inicio\Programas\System Check
    [2012/01/25 19:58:02 | 000,000,876 | ---- | M] () -- C:\Documents and Settings\Verónica Barrera J\Escritorio\System Check.lnk
    [2012/01/25 19:58:02 | 000,000,876 | ---- | C] () -- C:\Documents and Settings\Verónica Barrera J\Escritorio\System Check.lnk
    :Files
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [EMPTYTEMP]
    [emptyjava]
    [EMPTYFLASH]
    [RESETHOSTS]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 linseed

linseed
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Mexico
  • Local time:10:57 PM

Posted 03 February 2012 - 07:48 PM

YEY!!!! :thumbup2: System Check is gone both from START and from desktop. Internet Explorer still not working though. Here is the log: Internet Explorer is important because I make bank transactions and in Mexico most banks only work propperly with explorer (go figure :huh: ).

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-409304385-768972678-2457951874-1006\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
C:\Documents and Settings\All Users\Menú Inicio\Programas\Inicio\Prodigy.lnk moved successfully.
C:\Documents and Settings\Verónica Barrera J\Datos de programa\Mozilla\Firefox\Profiles\62rw5oor.default\searchplugins\askcom.xml moved successfully.
C:\Documents and Settings\Verónica Barrera J\Menú Inicio\Programas\System Check folder moved successfully.
C:\Documents and Settings\Verónica Barrera J\Escritorio\System Check.lnk moved successfully.
File C:\Documents and Settings\Verónica Barrera J\Escritorio\System Check.lnk not found.
========== FILES ==========
< ipconfig /flushdns /c >
Configuración IP de Windows
Se vació con éxito la caché de resolución de DNS.
C:\Documents and Settings\Verónica Barrera J\Mis documentos\Descargas\cmd.bat deleted successfully.
C:\Documents and Settings\Verónica Barrera J\Mis documentos\Descargas\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrador
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 456 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 49286 bytes
->FireFox cache emptied: 0 bytes

User: museo

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Ver¢nica Barrera J

User: Verónica Barrera J
->Temp folder emptied: 178917 bytes
->Temporary Internet Files folder emptied: 13382668 bytes
->Java cache emptied: 23048974 bytes
->FireFox cache emptied: 51152802 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 36864 bytes
->Flash cache emptied: 3876847 bytes

User: Ver￳nica Barrera J

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2008764 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 89.00 mb


[EMPTYJAVA]

User: Administrador

User: All Users

User: Default User

User: LocalService

User: museo

User: NetworkService

User: Ver¢nica Barrera J

User: Verónica Barrera J
->Java cache emptied: 0 bytes

User: Ver￳nica Barrera J

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: Administrador
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService

User: museo

User: NetworkService

User: Ver¢nica Barrera J

User: Verónica Barrera J
->Flash cache emptied: 0 bytes

User: Ver￳nica Barrera J

Total Flash Files Cleaned = 0.00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.31.0 log created on 02032012_183111

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:57 AM

Posted 03 February 2012 - 08:55 PM

Greetings

What happens when you open IE?

Good That cleaned up some bad guys but I see some other stuff that we need to go after, so I want you to run this custom script for me.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::


Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 linseed

linseed
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Mexico
  • Local time:10:57 PM

Posted 03 February 2012 - 09:57 PM

:thumbsup: I think Internet Explorer is OK now. It would report it had encountered a problem, it would close itself and ask if I wanted to send a report to Microsoft, then it would reopen and do the same thing over again. But I tried a couple of sites (including the bank) and it worked fine. I think we have a complete success here, yes? Here is the combo Fix log:

ComboFix 12-02-02.01 - Verónica Barrera J 03/02/2012 20:35:37.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.34.3082.18.2046.1672 [GMT -6:00]
Running from: c:\documents and settings\Ver¾nica Barrera J\Escritorio\ComboFix.exe
Command switches used :: c:\documents and settings\Ver¾nica Barrera J\Escritorio\CFScript.txt
.
.
((((((((((((((((((((((((( Files Created from 2012-01-04 to 2012-02-04 )))))))))))))))))))))))))))))))
.
.
2012-02-04 00:31 . 2012-02-04 00:31 -------- d-----w- C:\_OTL
2012-01-30 16:24 . 2012-01-30 16:24 -------- d-----r-N~1 c:\docume~1\ALLUSE~1\MENIN~~1
2012-01-27 03:15 . 2012-01-27 03:15 -------- d-----w- c:\documents and settings\Verónica Barrera J\Datos de programa\Malwarebytes
2012-01-27 01:53 . 2012-01-27 01:53 -------- d-----w- c:\documents and settings\Administrador\Datos de programa\Malwarebytes
2012-01-27 01:53 . 2012-01-27 01:53 -------- d-----w- c:\documents and settings\All Users\Datos de programa\Malwarebytes
2012-01-27 01:53 . 2012-01-29 00:45 -------- d-----w- c:\archivos de programa\Malwarebytes' Anti-Malware
2012-01-27 01:53 . 2011-12-10 21:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-27 01:11 . 2012-01-27 01:11 -------- d-----w- c:\documents and settings\Administrador\Datos de programa\SUPERAntiSpyware.com
2012-01-27 01:03 . 2012-01-27 01:03 -------- d-sh--w- c:\documents and settings\Administrador\PrivacIE
2012-01-27 00:52 . 2012-01-27 00:52 -------- d-sh--w- c:\documents and settings\Administrador\IETldCache
2012-01-26 01:34 . 2012-01-26 01:34 -------- d-----w- c:\archivos de programa\iPod
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((( SnapShot@2012-02-02_16.22.38 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-12 01:41 . 2009-07-12 01:41 97280 c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd\ATL80.dll
+ 2012-02-04 02:26 . 2012-02-04 02:26 16384 c:\windows\Temp\Perflib_Perfdata_530.dat
+ 2011-03-31 03:20 . 2012-02-03 14:09 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
- 2011-03-31 03:20 . 2011-05-21 00:24 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
+ 2012-02-03 14:06 . 2012-02-03 14:06 248832 c:\windows\Installer\27fd8.msi
+ 2012-02-03 14:07 . 2012-02-03 14:07 20333568 c:\windows\Installer\27fe2.msp
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\archivos de programa\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-29 68856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-10-19 155648]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb03.exe" [2001-08-03 196608]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-10-19 126976]
"DVDSentry"="c:\windows\System32\DSentry.exe" [2003-08-13 28672]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2003-08-06 114741]
"StorageGuard"="c:\archivos de programa\Archivos comunes\Sonic\Update Manager\sgtray.exe" [2003-02-13 155648]
"P3000x_S2P"="c:\archivos de programa\DELL\DELL LASER MFP 1600N\PSU\ScanToPc.exe" [2004-10-27 57344]
"SunJavaUpdateSched"="c:\archivos de programa\Java\jre6\bin\jusched.exe" [2009-08-12 149280]
"Adobe Reader Speed Launcher"="c:\archivos de programa\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\archivos de programa\Archivos comunes\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-07-05 273544]
"APSDaemon"="c:\archivos de programa\Archivos comunes\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"QuickTime Task"="c:\archivos de programa\QuickTime\qttask.exe" [2011-10-24 421888]
"AppleSyncNotifier"="c:\archivos de programa\Archivos comunes\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-06 59240]
"iTunesHelper"="c:\archivos de programa\iTunes\iTunesHelper.exe" [2012-01-16 421736]
"Malwarebytes' Anti-Malware (reboot)"="c:\archivos de programa\Malwarebytes' Anti-Malware\mbam.exe" [2011-12-24 981680]
"Malwarebytes' Anti-Malware"="c:\archivos de programa\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-19 15360]
.
c:\documents and settings\All Users\Menú Inicio\Programas\Inicio\
Digital Line Detect.lnk - c:\archivos de programa\Digital Line Detect\DLG.exe [2004-2-5 24576]
Microsoft Office.lnk - c:\archivos de programa\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
WinZip Quick Pick.lnk - c:\archivos de programa\WinZip\WZQKPICK.EXE [2005-1-28 118784]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\archivos de programa\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\archivos de programa\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SBService"=2 (0x2)
"navapsvc"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Archivos de programa\\Messenger\\msmsgs.exe"=
"c:\\Archivos de programa\\Ares Vista\\Ares.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Archivos de programa\\FrostWire\\FrostWire.exe"=
"c:\\Archivos de programa\\Bonjour\\mDNSResponder.exe"=
"c:\\Archivos de programa\\Archivos comunes\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Archivos de programa\\iTunes\\iTunes.exe"=
.
R1 SASDIFSV;SASDIFSV;c:\archivos de programa\SUPERAntiSpyware\sasdifsv.sys [17/02/2010 12:25 p.m. 12872]
R1 SASKUTIL;SASKUTIL;c:\archivos de programa\SUPERAntiSpyware\SASKUTIL.SYS [10/05/2010 12:41 p.m. 67656]
R2 MBAMService;MBAMService;c:\archivos de programa\Malwarebytes' Anti-Malware\mbamservice.exe [26/01/2012 07:53 p.m. 652872]
R3 MBAMProtector;MBAMProtector;c:\windows\SYSTEM32\DRIVERS\mbam.sys [26/01/2012 07:53 p.m. 20464]
S1 SABKUTIL;SABKUTIL;\??\c:\archivos de programa\SUPERAntiSpyware\SABKUTIL.sys --> c:\archivos de programa\SUPERAntiSpyware\SABKUTIL.sys [?]
S2 gupdate;Servicio de actualización de Google (gupdate);c:\archivos de programa\Google\Update\GoogleUpdate.exe [22/12/2009 08:35 a.m. 135664]
S3 FANTOM;LEGO MINDSTORMS NXT Driver;c:\windows\SYSTEM32\DRIVERS\fantom.sys [29/07/2008 02:09 p.m. 39424]
S3 gupdatem;Google Update Servicio (gupdatem);c:\archivos de programa\Google\Update\GoogleUpdate.exe [22/12/2009 08:35 a.m. 135664]
S3 L2XPSR;L2XPSR;\??\c:\archiv~1\TELMEX\PRODIG~1\app\L2XPSR.SYS --> c:\archiv~1\TELMEX\PRODIG~1\app\L2XPSR.SYS [?]
S3 rtl8180;Realtek RTL8180 Wireless LAN (Mini-)PCI NIC NT Driver;c:\windows\SYSTEM32\DRIVERS\RTL8180.sys [11/10/2004 01:33 p.m. 185216]
S3 vrskbdft;vrskbdft;c:\windows\SYSTEM32\DRIVERS\vrskbdft.sys [14/11/2005 11:11 a.m. 5504]
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\archivos de programa\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]
.
2012-01-30 c:\windows\Tasks\Google Software Updater.job
- c:\archivos de programa\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-06-09 21:06]
.
2012-02-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\archivos de programa\Google\Update\GoogleUpdate.exe [2009-12-22 14:35]
.
2012-02-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\archivos de programa\Google\Update\GoogleUpdate.exe [2009-12-22 14:35]
.
2012-02-04 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-409304385-768972678-2457951874-1006.job
- c:\archivos de programa\Real\RealUpgrade\realupgrade.exe [2011-03-29 15:47]
.
2012-02-04 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-409304385-768972678-2457951874-1006.job
- c:\archivos de programa\Real\RealUpgrade\realupgrade.exe [2011-03-29 15:47]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bleepingcomputer.com/virus-removal/remove-system-check
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://www.dell.com/
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xportar a Microsoft Excel - c:\archiv~1\MICROS~3\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\documents and settings\Verónica Barrera J\Datos de programa\Mozilla\Firefox\Profiles\62rw5oor.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\archivos de programa\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-03 20:46
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(612)
c:\archivos de programa\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(3940)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2012-02-03 20:49:01
ComboFix-quarantined-files.txt 2012-02-04 02:48
ComboFix2.txt 2012-02-02 16:31
.
Pre-Run: 11,795,808,256 bytes libres
Post-Run: 11,774,779,392 bytes libres
.
- - End Of File - - DBC2DF00ED8EFCF28A48C1798C7448FB

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:57 AM

Posted 03 February 2012 - 10:03 PM

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (it does allot better of a job

Programs to remove

FrostWire 4.21.5
Java 2 Runtime Environment, SE v1.4.2
Java™ 6 Update 15
RelevantKnowledge
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.


Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close


TFC(Temp File Cleaner):

  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • If prompted, click "Yes" to reboot.
Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

: Malwarebytes' Anti-Malware :

  • Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:57 AM

Posted 05 February 2012 - 11:18 PM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 linseed

linseed
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Mexico
  • Local time:10:57 PM

Posted 06 February 2012 - 11:38 AM

Sorry... it is very cold in Mexico and we decided to flee (worm Cuernavaca) I think I might have messed up a bit. I started removing the programs you asked to remove, but did so from add/remove programs because I hadn't read all the instructions :blush: so when I downloaded Revo those programs were gone. Here are the logs:
Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.01.13.04

Windows XP Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.18702
Verónica Barrera J :: VERONICA [administrator]

Protection: Disabled

06/02/2012 10:19:26 a.m.
mbam-log-2012-02-06 (10-19-26).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 216488
Time elapsed: 10 minute(s), 4 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:33:55 a.m., on 06/02/2012
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Archivos de programa\Bonjour\mDNSResponder.exe
C:\Archivos de programa\Java\jre6\bin\jqs.exe
C:\Archivos de programa\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\System32\DSentry.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\ARCHIVOS DE PROGRAMA\DELL\DELL LASER MFP 1600N\PSU\ScanToPc.exe
C:\Archivos de programa\Archivos comunes\Adobe\ARM\1.0\AdobeARM.exe
C:\program files\real\realplayer\update\realsched.exe
C:\Archivos de programa\iTunes\iTunesHelper.exe
C:\Archivos de programa\Archivos comunes\Java\Java Update\jusched.exe
C:\Archivos de programa\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Archivos de programa\Digital Line Detect\DLG.exe
C:\Archivos de programa\WinZip\WZQKPICK.EXE
C:\Archivos de programa\iPod\bin\iPodService.exe
C:\Archivos de programa\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\Archivos de programa\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O1 - Hosts: ÿþ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Archivos de programa\Archivos comunes\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Datos de programa\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Archivos de programa\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Archivos de programa\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Archivos de programa\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Archivos de programa\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Archivos de programa\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Archivos de programa\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb03.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Archivos de programa\Archivos comunes\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [P3000x_S2P] C:\ARCHIVOS DE PROGRAMA\DELL\DELL LASER MFP 1600N\PSU\ScanToPc.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Archivos de programa\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Archivos de programa\Archivos comunes\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\program files\real\realplayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [APSDaemon] "C:\Archivos de programa\Archivos comunes\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Archivos de programa\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Archivos de programa\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Archivos de programa\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Archivos de programa\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Archivos de programa\Archivos comunes\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [swg] "C:\Archivos de programa\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Archivos de programa\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Archivos de programa\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O20 - Winlogon Notify: !SASWinLogon - C:\Archivos de programa\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Precargador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Demonio de caché de las categorías de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Servicio Bonjour (Bonjour Service) - Apple Inc. - C:\Archivos de programa\Bonjour\mDNSResponder.exe
O23 - Service: Servicio del administrador de discos lógicos (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Registro de sucesos (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Fax - Unknown owner - C:\WINDOWS\system32\fxssvc.exe
O23 - Service: Servicio de actualización de Google (gupdate) (gupdate) - Unknown owner - C:\Archivos de programa\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Servicio (gupdatem) (gupdatem) - Unknown owner - C:\Archivos de programa\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Archivos de programa\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Servicio COM de grabación de CD de IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: Servicio del iPod (iPod Service) - Apple Inc. - C:\Archivos de programa\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Archivos de programa\Java\jre6\bin\jqs.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Archivos de programa\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Escritorio remoto compartido de NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Administrador de sesión de Ayuda de escritorio remoto (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Tarjeta inteligente (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Registros y alertas de rendimiento (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Instantáneas de volumen (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Adaptador de rendimiento de WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe
O23 - Service: Servicio de uso compartido de red del Reproductor de Windows Media (WMPNetworkSvc) - Unknown owner - C:\Archivos de programa\Windows Media Player\WMPNetwk.exe
O24 - Desktop Component 1: (no name) - http://www.google.com.mx/imgres?q=futbol&hl=es&gbv=2&biw=1024&bih=584&tbm=isch&tbnid=PamizW5wTjS-IM:&imgrefurl=http://www.reportajes.org/2010/05/12/mundial-de-futbol-historia/&docid=YdBfzS_i6Wn5lM&imgurl=http://www.reportajes.org/wp-content/uploads/2010/05/mundial-sudafrica-2010.jpg&w=400&h=360&ei=an--ToLMJeGpsQLxr7izBA&zoom=1&iact=rc&dur=2875&sig=103333094959994790255&page=6&tbnh=109&tbnw=101&start=79&ndsp=20&ved=1t:429,r:9,s:79&tx=44&ty=6

--
End of file - 9932 bytes

Internet Explorer still closing itself!!!

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:57 AM

Posted 06 February 2012 - 10:46 PM

Hello linseed

No problem about revo - I like to use it and just sharing it with the people I help - using add/remove was just fine

I want you to run IE without add/ons and see if it still closes itself - http://www.askdrtech.com/solutions/post/How-to-run-IE8-without-add-ons.aspx
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users