View Full Version : Strange behavior in pc
Greets to all helpers!, since yesterday something its wrong with my PC: when I try to introduce my username in a webpage or try to write something in the browser the computer block itself and ask for admin password, found a work around by finishing procces E_S40RP7.EXE and jqs.exe it looks like a virus or malware, bitdefender cant erase a trojan (generic trojan "numbersomething"), so Im posting my HTJ log to see if this its a known issue; thanks in advance!
Kliber.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:23:06 p.m., on 01/07/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Archivos de programa\Archivos comunes\BitDefender\BitDefender Update Service\livesrv.exe
C:\Archivos de programa\BitDefender\BitDefender 2009\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Archivos de programa\Bonjour\mDNSResponder.exe
C:\Archivos de programa\Archivos comunes\InterVideo\DeviceService\DevSvc.exe
C:\Documents and Settings\All Users\Datos de programa\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\Archivos de programa\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Archivos de programa\Java\jre6\bin\jqs.exe
C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Archivos de programa\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\devldr32.exe
C:\Archivos de programa\Microsoft Office\Office12\GrooveMonitor.exe
C:\Archivos de programa\CyberLink\PowerDVD\PDVDServ.exe
C:\ARCHIV~1\CYBERL~1\INSTAN~1\Win2K\IBurn.exe
C:\Archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe
C:\Archivos de programa\Java\jre6\bin\jusched.exe
C:\Archivos de programa\BitDefender\BitDefender 2009\bdagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Archivos de programa\Windows Live\Messenger\msnmsgr.exe
C:\Archivos de programa\BitDefender\BitDefender 2009\seccenter.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Archivos de programa\BitDefender\BitDefender 2009\uiscan.exe
C:\Archivos de programa\Internet Explorer\iexplore.exe
C:\Archivos de programa\Internet Explorer\iexplore.exe
C:\Archivos de programa\Internet Explorer\iexplore.exe
C:\Archivos de programa\Windows Live\Toolbar\wltuser.exe
C:\Archivos de programa\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://latam.msn.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.latam.msn.com/0SEESXL/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://latam.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.latam.msn.com/0SEESXL/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - E:\Archivos de programa\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Archivos de programa\Archivos comunes\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARCHIV~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Archivos de programa\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Archivos de programa\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Archivos de programa\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Aplicación auxiliar de inicio de sesión - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Archivos de programa\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Archivos de programa\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Archivos de programa\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Archivos de programa\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - E:\Archivos de programa\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Archivos de programa\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Archivos de programa\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Archivos de programa\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Archivos de programa\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [InstantBurn] C:\ARCHIV~1\CYBERL~1\INSTAN~1\Win2K\IBurn.exe
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\ARCHIV~1\ARCHIV~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Archivos de programa\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Archivos de programa\BitDefender\BitDefender 2009\bdagent.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus CX5600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAL.EXE /FU "C:\WINDOWS\TEMP\E_SAE.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [swg] C:\Archivos de programa\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Archivos de programa\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Servicio de red')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Agregar entrada - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Archivos de programa\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Agregar entrada en Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Archivos de programa\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARCHIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARCHIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARCHIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARCHIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/ES-ES/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.es/scan_es/scan8/oscan8.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {A9ED6AA2-D9D4-4D71-9586-E293E2E3580B} (GameDesire Marbles&Diamonds&Runes) - http://67.15.101.33/g_bin/eng/marbles_2_0_0_32.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game02.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Archivos de programa\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Archivos de programa\Archivos comunes\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Archivos de programa\Archivos comunes\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Archivos de programa\Bonjour\mDNSResponder.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Archivos de programa\Archivos comunes\InterVideo\DeviceService\DevSvc.exe
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Datos de programa\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Archivos de programa\Archivos comunes\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c8d33df875e1c0) (gupdate1c8d33df875e1c0) - Google Inc. - C:\Archivos de programa\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Archivos de programa\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Archivos de programa\Java\jre6\bin\jqs.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Archivos de programa\Archivos comunes\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia. - C:\Archivos de programa\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Archivos de programa\BitDefender\BitDefender 2009\vsserv.exe
O24 - Desktop Component 0: Mi página de inicio actual - About:Home
O24 - Desktop Component 1: Privacy Protection - (no file)
--
End of file - 13060 bytes
Hi Kliber,
Both files can be associated to legit things so not necessarily malware related. Anyway, let's take a closer look.
Download DDS and save it to your desktop from here (http://www.techsupportforum.com/sectools/sUBs/dds) or here (http://download.bleepingcomputer.com/sUBs/dds.scr) or here (http://www.forospyware.com/sUBs/dds).
Disable any script blocker, and then double click dds.scr to run the tool.
When done, DDS will open two (2) logs:
DDS.txt
Attach.txt
Save both reports to your desktop. Post them back to your topic.
Hi Blade!, Thanks for your repply, very aprecciated; its weird, if I dont finish these procces I couldn't repply here, if you need more info about the computer behavior just ask.
Well, needed to fix file Association for this to be able to run the script; here are the logs:
DDS.txt:
DDS (Ver_09-06-26.01) - NTFSx86
Run by Kliber at 9:16:19.81 on 06/07/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13
============== Pseudo HJT Report ===============
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uWinlogon: Shell=Explorer.exe, c:\archivos de programa\microsoft office\office11\services.exe
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - e:\archivos de programa\adobe\/Adobe Contribute CS3/contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\archivos de programa\archivos comunes\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\archiv~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\archivos de programa\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\archivos de programa\microsoft office\office12\GrooveShellExtensions.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\archivos de programa\java\jre6\bin\ssv.dll
BHO: Windows Live Aplicación auxiliar de inicio de sesión: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\archivos de programa\archivos comunes\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\archivos de programa\google\googletoolbarnotifier\5.0.926.3450\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\archivos de programa\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\archivos de programa\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\archivos de programa\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - e:\archivos de programa\adobe\/Adobe Contribute CS3/contributeieplugin.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\archivos de programa\windows live\toolbar\wltcore.dll
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - No File
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [EPSON Stylus CX5600 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatical.exe /fu "c:\windows\temp\E_SAE.tmp" /EF "HKCU"
uRun: [swg] c:\archivos de programa\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [msnmsgr] "c:\archivos de programa\windows live\messenger\msnmsgr.exe" /background
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [GrooveMonitor] "c:\archivos de programa\microsoft office\office12\GrooveMonitor.exe"
mRun: [RemoteControl] "c:\archivos de programa\cyberlink\powerdvd\PDVDServ.exe"
mRun: [LanguageShortcut] "c:\archivos de programa\cyberlink\powerdvd\language\Language.exe"
mRun: [InstantBurn] c:\archiv~1\cyberl~1\instan~1\win2k\IBurn.exe
mRun: [Adobe_ID0EYTHM] c:\archiv~1\archiv~1\adobe\adobev~1\server\bin\VERSIO~2.EXE
mRun: [TkBellExe] "c:\archivos de programa\archivos comunes\real\update_ob\realsched.exe" -osboot
mRun: [SunJavaUpdateSched] "c:\archivos de programa\java\jre6\bin\jusched.exe"
mRun: [BDAgent] "c:\archivos de programa\bitdefender\bitdefender 2009\bdagent.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
uPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: EnableLUA = 0 (0x0)
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xportar a Microsoft Excel - c:\archiv~1\micros~2\office12\EXCEL.EXE/3000
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\archivos de programa\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBC} - c:\archivos de programa\java\jre6\bin\jp2iexp.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\archivos de programa\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\archiv~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\archiv~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\archiv~1\spybot~1\SDHelper.dll
Trusted Zone: banesconline.com\www
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader5.cab
DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/ES-ES/a-UNO1/GAME_UNO1.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.es/scan_es/scan8/oscan8.cab
DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} - hxxp://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {A9ED6AA2-D9D4-4D71-9586-E293E2E3580B} - hxxp://67.15.101.33/g_bin/eng/marbles_2_0_0_32.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game02.zylom.com/activex/zylomgamesplayer.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\archivos de programa\microsoft office\office12\GrooveSystemServices.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\archivos de programa\microsoft office\office12\GrooveShellExtensions.dll
================= FIREFOX ===================
FF - ProfilePath -
FF - HiddenExtension: Java Console: No Registry Reference - c:\archivos de programa\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\archivos de programa\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
============= SERVICES / DRIVERS ===============
============== File Associations ===============
regfile=regedit.exe "%1" %*
=============== Created Last 30 ================
2009-06-30 19:29 567 a------- c:\windows\system32\BDUpdateV1.xml
2009-06-30 18:59 81,984 a------- c:\windows\system32\bdod.bin
2009-06-29 19:41 850 a------- c:\windows\system32\ProductTweaks.xml
2009-06-29 19:41 385 a------- c:\windows\system32\user_gensett.xml
2009-06-29 19:38 <DIR> --d----- c:\docume~1\kliber\datosd~1\BitDefender
2009-06-29 19:38 <DIR> --d----- c:\docume~1\alluse~1\datosd~1\BitDefender
2009-06-29 19:38 <DIR> --d----- c:\archivos de programa\BitDefender
2009-06-29 19:19 <DIR> --d----- c:\archivos de programa\archivos comunes\BitDefender
2009-06-17 15:36 <DIR> --dsh--- c:\documents and settings\kliber\IECompatCache
2009-06-17 15:35 <DIR> --dsh--- c:\documents and settings\kliber\PrivacIE
2009-06-17 15:34 <DIR> --dsh--- c:\documents and settings\kliber\IETldCache
2009-06-17 15:29 <DIR> --d----- c:\windows\ie8updates
2009-06-17 15:26 <DIR> -cd-h--- c:\windows\ie8
2009-06-17 14:48 <DIR> --d-h--- c:\windows\msdownld.tmp
2009-06-17 14:46 12,800 -c------ c:\windows\system32\dllcache\xpshims.dll
2009-06-17 14:46 246,272 -c------ c:\windows\system32\dllcache\ieproxy.dll
2009-06-17 14:44 102,912 -c------ c:\windows\system32\dllcache\iecompat.dll
2009-06-10 11:02 18,816 a------- c:\windows\system32\drivers\pccsmcfd.sys
2009-06-10 11:01 <DIR> --d----- c:\archivos de programa\PC Connectivity Solution
2009-06-10 11:00 7,808 a------- c:\windows\system32\drivers\usbser_lowerfltj.sys
2009-06-10 11:00 7,808 a------- c:\windows\system32\drivers\usbser_lowerflt.sys
2009-06-10 11:00 22,016 a------- c:\windows\system32\drivers\ccdcmbo.sys
2009-06-10 11:00 1,112,288 a------- c:\windows\system32\wdfcoinstaller01007.dll
2009-06-10 11:00 659,968 a------- c:\windows\system32\nmwcdcocls.dll
2009-06-10 11:00 17,664 a------- c:\windows\system32\drivers\ccdcmb.sys
==================== Find3M ====================
2009-06-30 18:58 145,544 a------- c:\windows\system32\drivers\bdfm.sys
2009-06-17 11:27 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-17 11:27 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-05-13 01:04 915,456 a------- c:\windows\system32\wininet.dll
2009-05-07 11:33 347,648 a------- c:\windows\system32\localspl.dll
2009-04-19 15:50 1,847,296 a------- c:\windows\system32\win32k.sys
2009-04-18 22:22 499,018 a------- c:\windows\system32\perfh00A.dat
2009-04-18 22:22 86,836 a------- c:\windows\system32\perfc00A.dat
2009-04-15 10:54 585,216 a------- c:\windows\system32\rpcrt4.dll
2009-02-14 12:19 2,828 a--sh--- c:\docume~1\alluse~1\datosd~1\KGyGaAvL.sys
2009-02-14 12:19 88 ---shr-- c:\docume~1\alluse~1\datosd~1\06EB96A50D.sys
2007-12-30 19:56 25,600 a------- c:\documents and settings\kliber\usbsermptxp.sys
2007-12-30 19:56 22,768 a------- c:\documents and settings\kliber\usbsermpt.sys
2007-11-29 18:38 22,328 a------- c:\docume~1\kliber\datosd~1\PnkBstrK.sys
2001-02-02 23:00 40,040 a------- c:\docume~1\kliber\datosd~1\wxnlz.dll
2008-08-20 13:36 32,768 a--sh--- c:\windows\system32\config\systemprofile\configuración local\historial\history.ie5\mshist012008082020080821\index.dat
============= FINISH: 9:17:34.78 ===============
Attach.txt:
==== Installed Programs ======================
2007 Microsoft Office Suite Service Pack 1 (SP1)
ABBYY FineReader 6.0 Sprint
Actualización crítica para el Reproductor de Windows Media 11 (KB959772)
Actualización de seguridad para el Reproductor de Windows Media (KB911564)
Actualización de seguridad para el Reproductor de Windows Media (KB952069)
Actualización de seguridad para el Reproductor de Windows Media 11 (KB936782)
Actualización de seguridad para el Reproductor de Windows Media 11 (KB954154)
Actualización de seguridad para el Reproductor de Windows Media 6.4 (KB925398)
Actualización de seguridad para Windows Internet Explorer 7 (KB929969)
Actualización de seguridad para Windows Internet Explorer 7 (KB931768)
Actualización de seguridad para Windows Internet Explorer 7 (KB933566)
Actualización de seguridad para Windows Internet Explorer 7 (KB938127)
Actualización de seguridad para Windows Internet Explorer 7 (KB939653)
Actualización de seguridad para Windows Internet Explorer 7 (KB942615)
Actualización de seguridad para Windows Internet Explorer 7 (KB944533)
Actualización de seguridad para Windows Internet Explorer 7 (KB950759)
Actualización de seguridad para Windows Internet Explorer 7 (KB953838)
Actualización de seguridad para Windows Internet Explorer 7 (KB956390)
Actualización de seguridad para Windows Internet Explorer 7 (KB958215)
Actualización de seguridad para Windows Internet Explorer 7 (KB960714)
Actualización de seguridad para Windows Internet Explorer 7 (KB961260)
Actualización de seguridad para Windows Internet Explorer 7 (KB963027)
Actualización de seguridad para Windows Internet Explorer 7 (KB969897)
Actualización de seguridad para Windows Internet Explorer 8 (KB969897)
Actualización de seguridad para Windows XP (KB923561)
Actualización de seguridad para Windows XP (KB923789)
Actualización de seguridad para Windows XP (KB938464)
Actualización de seguridad para Windows XP (KB941569)
Actualización de seguridad para Windows XP (KB946648)
Actualización de seguridad para Windows XP (KB950760)
Actualización de seguridad para Windows XP (KB950762)
Actualización de seguridad para Windows XP (KB950974)
Actualización de seguridad para Windows XP (KB951066)
Actualización de seguridad para Windows XP (KB951376-v2)
Actualización de seguridad para Windows XP (KB951376)
Actualización de seguridad para Windows XP (KB951698)
Actualización de seguridad para Windows XP (KB951748)
Actualización de seguridad para Windows XP (KB952004)
Actualización de seguridad para Windows XP (KB952954)
Actualización de seguridad para Windows XP (KB953839)
Actualización de seguridad para Windows XP (KB954211)
Actualización de seguridad para Windows XP (KB954459)
Actualización de seguridad para Windows XP (KB954600)
Actualización de seguridad para Windows XP (KB955069)
Actualización de seguridad para Windows XP (KB956391)
Actualización de seguridad para Windows XP (KB956572)
Actualización de seguridad para Windows XP (KB956802)
Actualización de seguridad para Windows XP (KB956803)
Actualización de seguridad para Windows XP (KB956841)
Actualización de seguridad para Windows XP (KB957095)
Actualización de seguridad para Windows XP (KB957097)
Actualización de seguridad para Windows XP (KB958644)
Actualización de seguridad para Windows XP (KB958687)
Actualización de seguridad para Windows XP (KB958690)
Actualización de seguridad para Windows XP (KB959426)
Actualización de seguridad para Windows XP (KB960225)
Actualización de seguridad para Windows XP (KB960715)
Actualización de seguridad para Windows XP (KB960803)
Actualización de seguridad para Windows XP (KB961373)
Actualización de seguridad para Windows XP (KB961501)
Actualización de seguridad para Windows XP (KB968537)
Actualización de seguridad para Windows XP (KB969898)
Actualización de seguridad para Windows XP (KB970238)
Actualización del driver del escáner EPSON Stylus CX5600 Series
Actualización para Windows Internet Explorer 8 (KB971180)
Actualización para Windows XP (KB951072-v2)
Actualización para Windows XP (KB951978)
Actualización para Windows XP (KB955839)
Actualización para Windows XP (KB961503)
Actualización para Windows XP (KB967715)
Add or Remove Adobe Creative Suite 3 Master Collection
Adobe After Effects CS3
Adobe After Effects CS3 Presets
Adobe After Effects CS3 Template Projects & Footage
Adobe After Effects CS3 Third Party Content
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe BridgeTalk Plugin CS3
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Contribute CS3
Adobe Creative Suite 3 Master Collection
Adobe Default Language CS3
Adobe Device Central CS3
Adobe Dreamweaver CS3
Adobe Encore CS3
Adobe Encore CS3 Library
Adobe Encore DVD 1.5
Adobe ExtendScript Toolkit 2
Adobe Extension Manager CS3
Adobe Fireworks CS3
Adobe Flash CS3
Adobe Flash Player 10 ActiveX
Adobe Flash Player 9 Plugin
Adobe Flash Video Encoder
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Illustrator CS3
Adobe InDesign CS3
Adobe InDesign CS3 Icon Handler
Adobe Linguistics CS3
Adobe MotionPicture Color Files
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Premiere Pro CS3
Adobe Premiere Pro CS3 Functional Content
Adobe Premiere Pro CS3 Third Party Content
Adobe Reader 9 - Español
Adobe Setup
Adobe SING CS3
Adobe Soundbooth CS3
Adobe Soundbooth CS3 Codecs
Adobe Soundbooth CS3 Scores
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe Version Cue CS3 Server {ko_KR}
Adobe Video Profiles
Adobe WAS CS3
Adobe WinSoft Linguistics Plugin
Adobe XMP DVA Panels CS3
Adobe XMP Panels CS3
AHV content for Acrobat and Flash
Aircotec Apps 0.9.0
Alien Skin Blow Up
Alien Skin Eye Candy 5 Textures
Alien Skin Image Doctor
Alien Skin Xenofex 2
AssaultCube v1.0
AutoCAD 2008 - English
Autodesk DWF Viewer 7
Barra de herramientas de Outlook de Windows Live (Windows Live Toolbar)
BitDefender Free Edition 2009
Bloqueador de ventanas emergentes (Windows Live Toolbar)
CDBurnerXP Pro 3
Choice Guard
CompeGPS AIR 6.2
CompeGPS COMPETITION 6.1.b
Compresor WinRAR
CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension
Cronograma de Obra
CutePDF Writer 2.7
CyberLink InstantBurn
CyberLink PhotoNow
CyberLink PowerDirector
Detector de suministros de Windows Live Toolbar (Windows Live Toolbar)
Downloader 1.1.0
DVD Suite
eMule
EPSON Scan
Extensión de Windows Live Toolbar (Windows Live Toolbar)
FileZilla Client 3.0.9.3
Free YouTube Download 2.2
Galería fotográfica de Windows Live
Google Earth
Google Earth Plugin
Google Update Helper
Google Updater
Herramienta de carga de Windows Live
HijackThis 2.0.2
Home Designer Suite 8
HouseCall 6.6
ImTOO 3GP Video Converter
Inicio
InterVideo DeviceService
Java DB 10.3.1.4
Java(TM) 6 Update 13
Java(TM) SE Development Kit 6 Update 7
Junk Mail filter update
K-Lite Codec Pack 3.3.0 Full
LabelPrint 2.0
LG USB Modem Driver
Logo Design Studio Pro
Malwarebytes' Anti-Malware
Manual del usuario CX5600
MediaShow 3.0
Menús inteligentes (Windows Live Toolbar)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0 Service Pack 1
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (Spanish) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (Spanish) 2007
Microsoft Office Groove MUI (Spanish) 2007
Microsoft Office InfoPath MUI (Spanish) 2007 (Beta)
Microsoft Office Live Add-in 1.3
Microsoft Office OneNote MUI (Spanish) 2007
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (Spanish) 2007
Microsoft Office PowerPoint MUI (Spanish) 2007
Microsoft Office Proof (Basque) 2007
Microsoft Office Proof (Catalan) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Galician) 2007
Microsoft Office Proof (Portuguese (Brazil)) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (Spanish) 2007
Microsoft Office Publisher MUI (Spanish) 2007
Microsoft Office Shared MUI (Spanish) 2007
Microsoft Office Word MUI (Spanish) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft Software Update for Web Folders (Spanish) 12
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.5
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Motorola Phone Tools
Mozilla Firefox (2.0.0.11)
MSVC80_x86
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6.0 Parser (KB933579)
Myst V End Of Ages
Nero Suite
Network Stumbler 0.4.0 (remove only)
Nokia Connectivity Cable Driver
Nokia Map Loader
Nokia Maps Updater 1.0 beta 10
Nokia PC Suite
nokian78
NVIDIA Drivers
OneCare Advisor (Windows Live Toolbar)
OpenAL
Paquete de controladores de Windows - Nokia Modem (02/15/2007 3.1)
Paquete de controladores de Windows - Nokia Modem (02/23/2009 7.01.0.2)
Paquete de controladores de Windows - Nokia Modem (02/24/2009 4.0)
Paquete de controladores de Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0)
PC Connectivity Solution
PDF Settings
PowerDVD
PowerDVD Copy 1.0
PowerProducer
QuickTime Alternative 1.81
Ralink Wireless LAN Card
RealPlayer
Recuva (remove only)
Reproductor de Windows Media 11
Revisión para el Reproductor de Windows Media 11 (KB939683)
Revisión para Windows Internet Explorer 7 (KB947864)
Revisión para Windows XP (KB952287)
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB969679)
Security Update for Microsoft Office Excel 2007 (KB969682)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office Word 2007 (KB969604)
Security Update for Visio 2007 (KB947590)
SeeYou Version 3.92
Segoe UI
SmartSound Quicktracks Plugin
Software de impresora EPSON
Spybot - Search & Destroy
System Requirements Lab
Track-Album 1.2
Uninstall 1.0.0.1
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office Outlook 2007 (KB969907)
Update for Outlook 2007 Junk Email Filter (kb970012)
VBA (2627.01)
VSO Image Resizer 2.0.1.9
Vuze
WebFldrs XP
WinAVIVideoConverter
Windows Genuine Advantage Notifications (KB905474)
Windows Imaging Component
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Asistente para el inicio de sesión
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Favorites para Windows Live Toolbar
Windows Live Mail
Windows Live Messenger
Windows Live Protección Infantil
Windows Live Sync
Windows Live Toolbar
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Player 11
Windows Presentation Foundation
Windows XP Service Pack 3
XML Paper Specification Shared Components Pack 1.0
==== End Of File ===========================
Thanks!
Kliber.
Hi again,
IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.
eMule
Vuze
I'd like you to read this thread (http://forums.spybot.info/showthread.php?t=282).
Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).
Uninstall also outdated Mozilla Firefox. You may get 3.5 version later.
After that:
Please visit this webpage for download links, and instructions for running ComboFix tool:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Please ensure you read this guide carefully and install the Recovery Console first.
The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.
Once installed, you should see a blue screen prompt that says:
The Recovery Console was successfully installed.
Please continue as follows:
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link (http://www.bleepingcomputer.com/forums/topic114351.html)
Remember to re-enable them afterwards.
Click Yes to allow ComboFix to continue scanning for malware.
When the tool is finished, it will produce a report for you.
Please include the following reports for further review, and so we may continue cleansing the system:
C:\ComboFix.txt
New dds.txt log.
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.
Hi Blade, thanks for your help, after the combo fix scan the computer didnt initialized quite well, needed to reboot 2 or 3 times and finally I choose the "last configuration known to work" at the f8 menu, now its working well and dandy; dont know if this was the correct procedure, the important thing its that the computer its working ok and didnt blocked yet, its also a bit faster; here are the logs:
Combofix.txt:
ComboFix 09-07-05.04 - Kliber 06/07/2009 13:28.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.34.3082.18.511.187 [GMT -4:00]
Running from: c:\documents and settings\Kliber\Escritorio\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Kliber\Escritorio\escaperosecliffislanddownload.exe
c:\windows\Installer\188fd78.msp
c:\windows\Installer\1d4d38.msp
c:\windows\Installer\21df93d.msp
c:\windows\Installer\21df943.msp
c:\windows\Installer\21df949.msp
c:\windows\Installer\21df94f.msp
c:\windows\Installer\21df955.msp
c:\windows\Installer\2c03e7f.msp
c:\windows\Installer\33af75e.msp
c:\windows\Installer\36b947.msp
c:\windows\Installer\3742ca.msp
c:\windows\Installer\42fa7.msp
c:\windows\Installer\42fad.msp
c:\windows\Installer\42fb3.msp
c:\windows\Installer\42fb9.msp
c:\windows\Installer\4bdfafd.msp
c:\windows\Installer\4d742.msp
c:\windows\Installer\53a61.msp
c:\windows\Installer\88f99c.msp
c:\windows\Installer\d3493fa.msp
c:\windows\system32\tmp.reg
D:\install.exe
.
((((((((((((((((((((((((( Files Created from 2009-06-06 to 2009-07-06 )))))))))))))))))))))))))))))))
.
2009-06-30 22:59 . 2009-07-06 17:08 81984 ----a-w- c:\windows\system32\bdod.bin
2009-06-30 22:37 . 2009-06-30 22:37 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-06-30 01:44 . 2009-06-30 01:45 -------- d-----w- c:\archivos de programa\Recuva
2009-06-29 23:38 . 2009-06-29 23:38 -------- d-----w- c:\documents and settings\Kliber\Datos de programa\BitDefender
2009-06-29 23:38 . 2009-06-29 23:41 -------- d-----w- c:\documents and settings\All Users\Datos de programa\BitDefender
2009-06-29 23:38 . 2009-06-29 23:38 -------- d-----w- c:\archivos de programa\BitDefender
2009-06-29 23:19 . 2009-06-29 23:38 -------- d-----w- c:\archivos de programa\Archivos comunes\BitDefender
2009-06-24 02:19 . 2009-06-24 02:19 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-06-17 19:36 . 2009-06-17 19:36 -------- d-sh--w- c:\documents and settings\Kliber\IECompatCache
2009-06-17 19:35 . 2009-06-17 19:35 -------- d-sh--w- c:\documents and settings\Kliber\PrivacIE
2009-06-17 19:34 . 2009-06-17 19:34 -------- d-sh--w- c:\documents and settings\Kliber\IETldCache
2009-06-17 19:29 . 2009-06-17 19:29 -------- d-----w- c:\windows\ie8updates
2009-06-17 19:26 . 2009-06-17 19:27 -------- dc-h--w- c:\windows\ie8
2009-06-17 18:48 . 2009-06-17 19:30 -------- d--h--w- c:\windows\msdownld.tmp
2009-06-17 18:46 . 2009-04-30 21:14 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-06-17 18:46 . 2009-04-30 21:14 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-06-17 18:44 . 2009-05-12 05:11 102912 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-06-10 15:02 . 2008-08-26 14:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2009-06-10 15:01 . 2009-06-10 15:01 -------- d-----w- c:\archivos de programa\PC Connectivity Solution
2009-06-10 15:00 . 2009-02-09 11:37 7808 ----a-w- c:\windows\system32\drivers\usbser_lowerfltj.sys
2009-06-10 15:00 . 2009-02-09 11:37 7808 ----a-w- c:\windows\system32\drivers\usbser_lowerflt.sys
2009-06-10 15:00 . 2009-02-09 11:37 22016 ----a-w- c:\windows\system32\drivers\ccdcmbo.sys
2009-06-10 15:00 . 2009-02-09 11:37 659968 ----a-w- c:\windows\system32\nmwcdcocls.dll
2009-06-10 15:00 . 2009-02-09 11:37 17664 ----a-w- c:\windows\system32\drivers\ccdcmb.sys
2009-06-10 15:00 . 2009-02-09 11:32 1112288 ----a-w- c:\windows\system32\wdfcoinstaller01007.dll
2009-06-10 14:59 . 2009-06-10 14:47 34348464 ----a-w- c:\documents and settings\All Users\Datos de programa\Installations\{AC4E9457-107B-448F-AD89-605E122E8C59}\Nokia_PC_Suite_7_1_26_1_eng_web.exe
2009-06-10 14:58 . 2009-06-10 14:58 8192 ----a-w- c:\documents and settings\All Users\Datos de programa\Installations\{AC4E9457-107B-448F-AD89-605E122E8C59}\Installer\CommonCustomActions\UninstCCD.exe
2009-06-10 14:58 . 2009-06-10 14:58 61440 ----a-w- c:\documents and settings\All Users\Datos de programa\Installations\{AC4E9457-107B-448F-AD89-605E122E8C59}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2009-06-10 14:58 . 2009-06-10 14:58 10240 ----a-w- c:\documents and settings\All Users\Datos de programa\Installations\{AC4E9457-107B-448F-AD89-605E122E8C59}\Installer\CommonCustomActions\UninstPCS.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-06 16:57 . 2007-06-13 01:13 -------- d-----w- c:\archivos de programa\eMule
2009-07-05 22:46 . 2008-06-18 17:49 -------- d-----w- c:\documents and settings\All Users\Datos de programa\Google Updater
2009-07-01 18:00 . 2008-07-23 00:46 -------- d-----w- c:\archivos de programa\Eset
2009-06-30 22:58 . 2009-04-15 19:13 145544 ----a-w- c:\windows\system32\drivers\bdfm.sys
2009-06-30 01:58 . 2009-05-11 19:43 -------- d-----w- c:\documents and settings\Kliber\Datos de programa\Azureus
2009-06-29 22:02 . 2008-09-07 00:14 -------- d-----w- c:\archivos de programa\Malwarebytes' Anti-Malware
2009-06-29 00:59 . 2008-08-07 15:28 -------- d-----w- c:\documents and settings\Kliber\Datos de programa\Vso
2009-06-17 15:27 . 2008-09-07 00:14 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-17 15:27 . 2008-09-07 00:14 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-15 01:43 . 2008-04-01 02:04 -------- d-----w- c:\documents and settings\All Users\Datos de programa\Microsoft Help
2009-06-10 16:10 . 2007-09-30 06:31 -------- d-----w- c:\documents and settings\Kliber\Datos de programa\Nokia
2009-06-10 15:36 . 2007-09-30 06:30 -------- d-----w- c:\documents and settings\Kliber\Datos de programa\PC Suite
2009-06-10 15:25 . 2007-09-30 06:30 -------- d-----w- c:\archivos de programa\Nokia
2009-06-10 15:24 . 2008-12-02 17:19 -------- d-----w- c:\documents and settings\All Users\Datos de programa\Nokia
2009-06-10 15:02 . 2007-09-30 06:30 -------- d-----w- c:\archivos de programa\Archivos comunes\PCSuite
2009-06-10 15:02 . 2007-09-30 06:30 -------- d-----w- c:\archivos de programa\Archivos comunes\Nokia
2009-06-10 14:58 . 2008-12-02 17:15 -------- d-----w- c:\documents and settings\All Users\Datos de programa\Installations
2009-05-28 22:01 . 2009-05-28 22:01 -------- d-----w- c:\documents and settings\Kliber\Datos de programa\ESET
2009-05-28 21:59 . 2009-05-28 21:59 -------- d-----w- c:\documents and settings\All Users\Datos de programa\ESET
2009-05-13 05:04 . 2006-03-20 17:48 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-11 22:50 . 2008-03-13 21:43 -------- d-----w- c:\documents and settings\Kliber\Datos de programa\Corel
2009-05-11 22:50 . 2008-03-13 21:39 -------- d-----w- c:\documents and settings\All Users\Datos de programa\Corel
2009-05-11 22:43 . 2009-04-21 14:24 -------- d-----w- c:\archivos de programa\Zylom Games
2009-05-11 22:42 . 2008-09-06 23:40 -------- d-----w- c:\archivos de programa\Java
2009-05-11 22:41 . 2009-04-21 20:44 -------- d-----w- c:\archivos de programa\Motorola Tools
2009-05-11 19:43 . 2009-05-11 19:43 -------- d-----w- c:\documents and settings\All Users\Datos de programa\Azureus
2009-05-07 15:33 . 2004-08-19 13:42 347648 ----a-w- c:\windows\system32\localspl.dll
2009-04-19 19:50 . 2006-03-20 17:47 1847296 ----a-w- c:\windows\system32\win32k.sys
2009-04-19 02:22 . 2002-09-24 12:00 86836 ----a-w- c:\windows\system32\perfc00A.dat
2009-04-19 02:22 . 2002-09-24 12:00 499018 ----a-w- c:\windows\system32\perfh00A.dat
2009-04-15 14:54 . 2004-08-19 13:42 585216 ----a-w- c:\windows\system32\rpcrt4.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"swg"="c:\archivos de programa\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-06 68856]
"msnmsgr"="c:\archivos de programa\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
"GrooveMonitor"="c:\archivos de programa\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"RemoteControl"="c:\archivos de programa\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]
"LanguageShortcut"="c:\archivos de programa\CyberLink\PowerDVD\Language\Language.exe" [2006-12-06 54832]
"InstantBurn"="c:\archiv~1\CYBERL~1\INSTAN~1\Win2K\IBurn.exe" [2006-12-21 589824]
"TkBellExe"="c:\archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe" [2007-10-26 185632]
"SunJavaUpdateSched"="c:\archivos de programa\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"BDAgent"="c:\archivos de programa\BitDefender\BitDefender 2009\bdagent.exe" [2009-06-30 782336]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-10-22 1622016]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\winlogon]
"Shell"="Explorer.exe, c:\archivos de programa\Microsoft Office\OFFICE11\services.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Acha.exe]
"Debugger"=cmd.exe /c del
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AmyMastura.exe]
"Debugger"=cmd.exe /c del
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\BabyRina.exe]
"Debugger"=cmd.exe /c del
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cscript.exe]
"Debugger"=rundll32.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\csrsz.exe]
"Debugger"=cmd.exe /c del
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\lsasc.exe]
"Debugger"=cmd.exe /c del
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\registry.exe]
"Debugger"=cmd.exe /c del
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SMSSS.exe]
"Debugger"=cmd.exe /c del
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\wscript.exe]
"Debugger"=rundll32.exe
SafeBoot registry key needs repairs. This machine cannot enter Safe Mode.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]
@="Driver Group"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menú Inicio^Programas^Inicio^Ralink Wireless Utility.lnk]
path=c:\documents and settings\All Users\Menú Inicio\Programas\Inicio\Ralink Wireless Utility.lnk
backup=c:\windows\pss\Ralink Wireless Utility.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Kliber^Menú Inicio^Programas^Inicio^Recorte de pantalla e Inicio rápido de OneNote 2007.lnk]
path=c:\documents and settings\Kliber\Menú Inicio\Programas\Inicio\Recorte de pantalla e Inicio rápido de OneNote 2007.lnk
backup=c:\windows\pss\Recorte de pantalla e Inicio rápido de OneNote 2007.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Kliber^Menú Inicio^Programas^Inicio^Registration Myst V]
path=c:\documents and settings\Kliber\Menú Inicio\Programas\Inicio\Registration Myst V
backup=c:\windows\pss\Registration Myst VStartup
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"UacDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Archivos de programa\\Bonjour\\mDNSResponder.exe"=
"c:\\Archivos de programa\\Archivos comunes\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"d:\\Archivos de programa\\Wolfenstein - Enemy Territory\\ET.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"d:\\Archivos de programa\\SmartFTP\\SmartFTP.exe"=
"c:\\Archivos de programa\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Archivos de programa\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Archivos de programa\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Archivos de programa\\CyberLink\\PowerDirector\\PDR.exe"=
"c:\\Documents and Settings\\Kliber\\Mis documentos\\Descargas\\eMule-0.49b-ScarAngel-v3.1-bin\\eMule0.49b-ScarAngel_v3.1-bin\\emule.exe"=
"c:\\Archivos de programa\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Archivos de programa\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Archivos de programa\\Archivos comunes\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Archivos de programa\\Naviter\\SeeYou\\SeeYou.exe"=
"c:\\Archivos de programa\\Track-Album\\TrackAlbum.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server
R2 gupdate1c8d33df875e1c0;Google Update Service (gupdate1c8d33df875e1c0);c:\archivos de programa\Google\Update\GoogleUpdate.exe [2008-08-31 133104]
R3 fsssvc;Windows Live Protección Infantil;c:\archivos de programa\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2008-07-30 13352]
R3 KS-959;Kingsun KS-959 USB Infrared Adapter;c:\windows\system32\DRIVERS\KS-959.sys [2005-09-05 19034]
R3 usb2vcom;USB Data Cable;c:\windows\system32\DRIVERS\usb2vcom.sys [2006-02-19 29152]
S0 CLBStor;InstantBurn Storage Helper Driver; [x]
S2 CLBUDF;CyberLink InstantBurn UDF Filesystem; [x]
S2 fssfltr;fssfltr;c:\windows\system32\DRIVERS\fssfltr_tdi.sys [2009-02-06 55152]
S3 bdfm;bdfm;c:\windows\system32\drivers\bdfm.sys [2009-06-30 145544]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
.
Contents of the 'Scheduled Tasks' folder
2009-07-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\archivos de programa\Google\Update\GoogleUpdate.exe [2008-07-16 19:09]
2009-07-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\archivos de programa\Google\Update\GoogleUpdate.exe [2008-07-16 19:09]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xportar a Microsoft Excel - c:\archiv~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: banesconline.com\www
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.es/scan_es/scan8/oscan8.cab
DPF: {A9ED6AA2-D9D4-4D71-9586-E293E2E3580B} - hxxp://67.15.101.33/g_bin/eng/marbles_2_0_0_32.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game02.zylom.com/activex/zylomgamesplayer.cab
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-06 13:44
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:f0,2e,34,57,c9,5f,bb,19,f2,d2,bd,6d,06,b2,54,7d,66,4f,2a,44,88,
e6,b5,6e,aa,4b,fd,e6,fb,52,11,41,38,6b,db,af,5e,70,13,f5,cd,bf,78,d6,00,a4,\
[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:f0,2e,34,57,c9,5f,bb,19,f2,d2,bd,6d,06,b2,54,7d,66,4f,2a,44,88,
e6,b5,6e,aa,4b,fd,e6,fb,52,11,41,38,6b,db,af,5e,70,13,f5,cd,bf,78,d6,00,a4,\
.
Completion time: 2009-07-06 13:56
ComboFix-quarantined-files.txt 2009-07-06 17:56
ComboFix2.txt 2008-09-06 23:55
Pre-Run: 6,285,029,376 bytes libres
Post-Run: 6,819,741,696 bytes libres
260 --- E O F --- 2009-06-15 01:44
DDS.txt:
DDS (Ver_09-06-26.01) - NTFSx86
Run by Kliber at 14:51:09.79 on 06/07/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13
============== Pseudo HJT Report ===============
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uWinlogon: Shell=Explorer.exe, c:\archivos de programa\microsoft office\office11\services.exe
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - e:\archivos de programa\adobe\/Adobe Contribute CS3/contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\archivos de programa\archivos comunes\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\archiv~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\archivos de programa\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\archivos de programa\microsoft office\office12\GrooveShellExtensions.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\archivos de programa\java\jre6\bin\ssv.dll
BHO: Windows Live Aplicación auxiliar de inicio de sesión: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\archivos de programa\archivos comunes\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\archivos de programa\google\googletoolbarnotifier\5.0.926.3450\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\archivos de programa\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\archivos de programa\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\archivos de programa\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - e:\archivos de programa\adobe\/Adobe Contribute CS3/contributeieplugin.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\archivos de programa\windows live\toolbar\wltcore.dll
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - No File
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [swg] c:\archivos de programa\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [msnmsgr] "c:\archivos de programa\windows live\messenger\msnmsgr.exe" /background
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [GrooveMonitor] "c:\archivos de programa\microsoft office\office12\GrooveMonitor.exe"
mRun: [RemoteControl] "c:\archivos de programa\cyberlink\powerdvd\PDVDServ.exe"
mRun: [LanguageShortcut] "c:\archivos de programa\cyberlink\powerdvd\language\Language.exe"
mRun: [InstantBurn] c:\archiv~1\cyberl~1\instan~1\win2k\IBurn.exe
mRun: [Adobe_ID0EYTHM] c:\archiv~1\archiv~1\adobe\adobev~1\server\bin\VERSIO~2.EXE
mRun: [TkBellExe] "c:\archivos de programa\archivos comunes\real\update_ob\realsched.exe" -osboot
mRun: [SunJavaUpdateSched] "c:\archivos de programa\java\jre6\bin\jusched.exe"
mRun: [BDAgent] "c:\archivos de programa\bitdefender\bitdefender 2009\bdagent.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
mPolicies-system: EnableLUA = 0 (0x0)
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xportar a Microsoft Excel - c:\archiv~1\micros~2\office12\EXCEL.EXE/3000
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\archivos de programa\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBC} - c:\archivos de programa\java\jre6\bin\jp2iexp.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\archivos de programa\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\archiv~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\archiv~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\archiv~1\spybot~1\SDHelper.dll
Trusted Zone: banesconline.com\www
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader5.cab
DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/ES-ES/a-UNO1/GAME_UNO1.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.es/scan_es/scan8/oscan8.cab
DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} - hxxp://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {A9ED6AA2-D9D4-4D71-9586-E293E2E3580B} - hxxp://67.15.101.33/g_bin/eng/marbles_2_0_0_32.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game02.zylom.com/activex/zylomgamesplayer.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\archivos de programa\microsoft office\office12\GrooveSystemServices.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\archivos de programa\microsoft office\office12\GrooveShellExtensions.dll
============= SERVICES / DRIVERS ===============
=============== Created Last 30 ================
2009-07-06 13:48 <DIR> -cd----- c:\windows\system32\dllcache\cache
2009-07-06 13:26 161,792 a------- c:\windows\SWREG.exe
2009-07-06 13:26 155,136 a------- c:\windows\PEV.exe
2009-07-06 13:26 98,816 a------- c:\windows\sed.exe
2009-06-30 19:29 567 a------- c:\windows\system32\BDUpdateV1.xml
2009-06-30 18:59 81,984 a------- c:\windows\system32\bdod.bin
2009-06-29 19:41 850 a------- c:\windows\system32\ProductTweaks.xml
2009-06-29 19:41 385 a------- c:\windows\system32\user_gensett.xml
2009-06-29 19:38 <DIR> --d----- c:\docume~1\kliber\datosd~1\BitDefender
2009-06-29 19:38 <DIR> --d----- c:\docume~1\alluse~1\datosd~1\BitDefender
2009-06-29 19:38 <DIR> --d----- c:\archivos de programa\BitDefender
2009-06-29 19:19 <DIR> --d----- c:\archivos de programa\archivos comunes\BitDefender
2009-06-17 15:36 <DIR> --dsh--- c:\documents and settings\kliber\IECompatCache
2009-06-17 15:35 <DIR> --dsh--- c:\documents and settings\kliber\PrivacIE
2009-06-17 15:34 <DIR> --dsh--- c:\documents and settings\kliber\IETldCache
2009-06-17 15:29 <DIR> --d----- c:\windows\ie8updates
2009-06-17 15:26 <DIR> -cd-h--- c:\windows\ie8
2009-06-17 14:48 <DIR> --d-h--- c:\windows\msdownld.tmp
2009-06-17 14:46 12,800 -c------ c:\windows\system32\dllcache\xpshims.dll
2009-06-17 14:46 246,272 -c------ c:\windows\system32\dllcache\ieproxy.dll
2009-06-17 14:44 102,912 -c------ c:\windows\system32\dllcache\iecompat.dll
2009-06-10 11:02 18,816 a------- c:\windows\system32\drivers\pccsmcfd.sys
2009-06-10 11:01 <DIR> --d----- c:\archivos de programa\PC Connectivity Solution
2009-06-10 11:00 7,808 a------- c:\windows\system32\drivers\usbser_lowerfltj.sys
2009-06-10 11:00 7,808 a------- c:\windows\system32\drivers\usbser_lowerflt.sys
2009-06-10 11:00 22,016 a------- c:\windows\system32\drivers\ccdcmbo.sys
2009-06-10 11:00 1,112,288 a------- c:\windows\system32\wdfcoinstaller01007.dll
2009-06-10 11:00 659,968 a------- c:\windows\system32\nmwcdcocls.dll
2009-06-10 11:00 17,664 a------- c:\windows\system32\drivers\ccdcmb.sys
==================== Find3M ====================
2009-06-30 18:58 145,544 a------- c:\windows\system32\drivers\bdfm.sys
2009-06-17 11:27 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-17 11:27 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-05-13 01:04 915,456 a------- c:\windows\system32\wininet.dll
2009-05-07 11:33 347,648 a------- c:\windows\system32\localspl.dll
2009-04-19 15:50 1,847,296 a------- c:\windows\system32\win32k.sys
2009-04-18 22:22 499,018 a------- c:\windows\system32\perfh00A.dat
2009-04-18 22:22 86,836 a------- c:\windows\system32\perfc00A.dat
2009-04-15 10:54 585,216 a------- c:\windows\system32\rpcrt4.dll
2009-02-14 12:19 2,828 a--sh--- c:\docume~1\alluse~1\datosd~1\KGyGaAvL.sys
2009-02-14 12:19 88 ---shr-- c:\docume~1\alluse~1\datosd~1\06EB96A50D.sys
2007-12-30 19:56 25,600 a------- c:\documents and settings\kliber\usbsermptxp.sys
2007-12-30 19:56 22,768 a------- c:\documents and settings\kliber\usbsermpt.sys
2007-11-29 18:38 22,328 a------- c:\docume~1\kliber\datosd~1\PnkBstrK.sys
2001-02-02 23:00 40,040 a------- c:\docume~1\kliber\datosd~1\wxnlz.dll
2008-08-20 13:36 32,768 a--sh--- c:\windows\system32\config\systemprofile\configuración local\historial\history.ie5\mshist012008082020080821\index.dat
============= FINISH: 14:52:21.53 ===============
Thanks!
Kliber.
Hi Kliber,
Please re-run ComboFix and post back its report.
Hi Blade, this time combofix finished well and my computer didnt freeze, but I have now a small "like-window" in the upper corner of my desktop, but I never use active desktop, something like a explorer window with a wallpaper file and some .bak file wich I can drag to open wide (the window), here its the combofix log:
ComboFix 09-07-05.04 - Kliber 06/07/2009 16:09.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.34.3082.18.511.200 [GMT -4:00]
Running from: c:\documents and settings\Kliber\Escritorio\ComboFix.exe
.
((((((((((((((((((((((((( Files Created from 2009-06-06 to 2009-07-06 )))))))))))))))))))))))))))))))
.
2009-06-30 22:59 . 2009-07-06 19:57 81984 ----a-w- c:\windows\system32\bdod.bin
2009-06-30 22:37 . 2009-06-30 22:37 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-06-30 01:44 . 2009-06-30 01:45 -------- d-----w- c:\archivos de programa\Recuva
2009-06-29 23:38 . 2009-06-29 23:41 -------- d-----w- c:\documents and settings\All Users\Datos de programa\BitDefender
2009-06-29 23:19 . 2009-06-29 23:38 -------- d-----w- c:\archivos de programa\Archivos comunes\BitDefender
2009-06-24 02:19 . 2009-06-24 02:19 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-06-17 19:36 . 2009-06-17 19:36 -------- d-sh--w- c:\documents and settings\Kliber\IECompatCache
2009-06-17 19:35 . 2009-06-17 19:35 -------- d-sh--w- c:\documents and settings\Kliber\PrivacIE
2009-06-17 19:34 . 2009-06-17 19:34 -------- d-sh--w- c:\documents and settings\Kliber\IETldCache
2009-06-17 19:29 . 2009-06-17 19:29 -------- d-----w- c:\windows\ie8updates
2009-06-17 19:26 . 2009-06-17 19:27 -------- dc-h--w- c:\windows\ie8
2009-06-17 18:48 . 2009-06-17 19:30 -------- d--h--w- c:\windows\msdownld.tmp
2009-06-17 18:46 . 2009-04-30 21:14 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-06-17 18:46 . 2009-04-30 21:14 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-06-17 18:44 . 2009-05-12 05:11 102912 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-06-10 15:02 . 2008-08-26 14:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2009-06-10 15:01 . 2009-06-10 15:01 -------- d-----w- c:\archivos de programa\PC Connectivity Solution
2009-06-10 15:00 . 2009-02-09 11:37 7808 ----a-w- c:\windows\system32\drivers\usbser_lowerfltj.sys
2009-06-10 15:00 . 2009-02-09 11:37 7808 ----a-w- c:\windows\system32\drivers\usbser_lowerflt.sys
2009-06-10 15:00 . 2009-02-09 11:37 22016 ----a-w- c:\windows\system32\drivers\ccdcmbo.sys
2009-06-10 15:00 . 2009-02-09 11:37 659968 ----a-w- c:\windows\system32\nmwcdcocls.dll
2009-06-10 15:00 . 2009-02-09 11:37 17664 ----a-w- c:\windows\system32\drivers\ccdcmb.sys
2009-06-10 15:00 . 2009-02-09 11:32 1112288 ----a-w- c:\windows\system32\wdfcoinstaller01007.dll
2009-06-10 14:59 . 2009-06-10 14:47 34348464 ----a-w- c:\documents and settings\All Users\Datos de programa\Installations\{AC4E9457-107B-448F-AD89-605E122E8C59}\Nokia_PC_Suite_7_1_26_1_eng_web.exe
2009-06-10 14:58 . 2009-06-10 14:58 8192 ----a-w- c:\documents and settings\All Users\Datos de programa\Installations\{AC4E9457-107B-448F-AD89-605E122E8C59}\Installer\CommonCustomActions\UninstCCD.exe
2009-06-10 14:58 . 2009-06-10 14:58 61440 ----a-w- c:\documents and settings\All Users\Datos de programa\Installations\{AC4E9457-107B-448F-AD89-605E122E8C59}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2009-06-10 14:58 . 2009-06-10 14:58 10240 ----a-w- c:\documents and settings\All Users\Datos de programa\Installations\{AC4E9457-107B-448F-AD89-605E122E8C59}\Installer\CommonCustomActions\UninstPCS.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-06 16:57 . 2007-06-13 01:13 -------- d-----w- c:\archivos de programa\eMule
2009-07-05 22:46 . 2008-06-18 17:49 -------- d-----w- c:\documents and settings\All Users\Datos de programa\Google Updater
2009-07-01 18:00 . 2008-07-23 00:46 -------- d-----w- c:\archivos de programa\Eset
2009-06-30 01:58 . 2009-05-11 19:43 -------- d-----w- c:\documents and settings\Kliber\Datos de programa\Azureus
2009-06-29 22:02 . 2008-09-07 00:14 -------- d-----w- c:\archivos de programa\Malwarebytes' Anti-Malware
2009-06-29 00:59 . 2008-08-07 15:28 -------- d-----w- c:\documents and settings\Kliber\Datos de programa\Vso
2009-06-17 15:27 . 2008-09-07 00:14 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-17 15:27 . 2008-09-07 00:14 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-15 01:43 . 2008-04-01 02:04 -------- d-----w- c:\documents and settings\All Users\Datos de programa\Microsoft Help
2009-06-10 16:10 . 2007-09-30 06:31 -------- d-----w- c:\documents and settings\Kliber\Datos de programa\Nokia
2009-06-10 15:36 . 2007-09-30 06:30 -------- d-----w- c:\documents and settings\Kliber\Datos de programa\PC Suite
2009-06-10 15:25 . 2007-09-30 06:30 -------- d-----w- c:\archivos de programa\Nokia
2009-06-10 15:24 . 2008-12-02 17:19 -------- d-----w- c:\documents and settings\All Users\Datos de programa\Nokia
2009-06-10 15:02 . 2007-09-30 06:30 -------- d-----w- c:\archivos de programa\Archivos comunes\PCSuite
2009-06-10 15:02 . 2007-09-30 06:30 -------- d-----w- c:\archivos de programa\Archivos comunes\Nokia
2009-06-10 14:58 . 2008-12-02 17:15 -------- d-----w- c:\documents and settings\All Users\Datos de programa\Installations
2009-05-28 22:01 . 2009-05-28 22:01 -------- d-----w- c:\documents and settings\Kliber\Datos de programa\ESET
2009-05-28 21:59 . 2009-05-28 21:59 -------- d-----w- c:\documents and settings\All Users\Datos de programa\ESET
2009-05-13 05:04 . 2006-03-20 17:48 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-11 22:50 . 2008-03-13 21:43 -------- d-----w- c:\documents and settings\Kliber\Datos de programa\Corel
2009-05-11 22:50 . 2008-03-13 21:39 -------- d-----w- c:\documents and settings\All Users\Datos de programa\Corel
2009-05-11 22:43 . 2009-04-21 14:24 -------- d-----w- c:\archivos de programa\Zylom Games
2009-05-11 22:42 . 2008-09-06 23:40 -------- d-----w- c:\archivos de programa\Java
2009-05-11 22:41 . 2009-04-21 20:44 -------- d-----w- c:\archivos de programa\Motorola Tools
2009-05-11 19:43 . 2009-05-11 19:43 -------- d-----w- c:\documents and settings\All Users\Datos de programa\Azureus
2009-05-07 15:33 . 2004-08-19 13:42 347648 ----a-w- c:\windows\system32\localspl.dll
2009-04-19 19:50 . 2006-03-20 17:47 1847296 ----a-w- c:\windows\system32\win32k.sys
2009-04-19 02:22 . 2002-09-24 12:00 86836 ----a-w- c:\windows\system32\perfc00A.dat
2009-04-19 02:22 . 2002-09-24 12:00 499018 ----a-w- c:\windows\system32\perfh00A.dat
2009-04-15 14:54 . 2004-08-19 13:42 585216 ----a-w- c:\windows\system32\rpcrt4.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-07-06_17.45.09 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-06 20:04 . 2009-07-06 20:04 16384 c:\windows\temp\Perflib_Perfdata_6d8.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"swg"="c:\archivos de programa\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-06 68856]
"msnmsgr"="c:\archivos de programa\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
"GrooveMonitor"="c:\archivos de programa\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"RemoteControl"="c:\archivos de programa\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]
"LanguageShortcut"="c:\archivos de programa\CyberLink\PowerDVD\Language\Language.exe" [2006-12-06 54832]
"InstantBurn"="c:\archiv~1\CYBERL~1\INSTAN~1\Win2K\IBurn.exe" [2006-12-21 589824]
"TkBellExe"="c:\archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe" [2007-10-26 185632]
"SunJavaUpdateSched"="c:\archivos de programa\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-10-22 1622016]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\winlogon]
"Shell"="Explorer.exe, c:\archivos de programa\Microsoft Office\OFFICE11\services.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Acha.exe]
"Debugger"=cmd.exe /c del
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AmyMastura.exe]
"Debugger"=cmd.exe /c del
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\BabyRina.exe]
"Debugger"=cmd.exe /c del
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cscript.exe]
"Debugger"=rundll32.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\csrsz.exe]
"Debugger"=cmd.exe /c del
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\lsasc.exe]
"Debugger"=cmd.exe /c del
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\registry.exe]
"Debugger"=cmd.exe /c del
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SMSSS.exe]
"Debugger"=cmd.exe /c del
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\wscript.exe]
"Debugger"=rundll32.exe
SafeBoot registry key needs repairs. This machine cannot enter Safe Mode.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]
@="Driver Group"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menú Inicio^Programas^Inicio^Ralink Wireless Utility.lnk]
path=c:\documents and settings\All Users\Menú Inicio\Programas\Inicio\Ralink Wireless Utility.lnk
backup=c:\windows\pss\Ralink Wireless Utility.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Kliber^Menú Inicio^Programas^Inicio^Recorte de pantalla e Inicio rápido de OneNote 2007.lnk]
path=c:\documents and settings\Kliber\Menú Inicio\Programas\Inicio\Recorte de pantalla e Inicio rápido de OneNote 2007.lnk
backup=c:\windows\pss\Recorte de pantalla e Inicio rápido de OneNote 2007.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Kliber^Menú Inicio^Programas^Inicio^Registration Myst V]
path=c:\documents and settings\Kliber\Menú Inicio\Programas\Inicio\Registration Myst V
backup=c:\windows\pss\Registration Myst VStartup
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"UacDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Archivos de programa\\Bonjour\\mDNSResponder.exe"=
"c:\\Archivos de programa\\Archivos comunes\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"d:\\Archivos de programa\\Wolfenstein - Enemy Territory\\ET.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"d:\\Archivos de programa\\SmartFTP\\SmartFTP.exe"=
"c:\\Archivos de programa\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Archivos de programa\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Archivos de programa\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Archivos de programa\\CyberLink\\PowerDirector\\PDR.exe"=
"c:\\Documents and Settings\\Kliber\\Mis documentos\\Descargas\\eMule-0.49b-ScarAngel-v3.1-bin\\eMule0.49b-ScarAngel_v3.1-bin\\emule.exe"=
"c:\\Archivos de programa\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Archivos de programa\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Archivos de programa\\Archivos comunes\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Archivos de programa\\Naviter\\SeeYou\\SeeYou.exe"=
"c:\\Archivos de programa\\Track-Album\\TrackAlbum.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server
R2 gupdate1c8d33df875e1c0;Google Update Service (gupdate1c8d33df875e1c0);c:\archivos de programa\Google\Update\GoogleUpdate.exe [2008-08-31 133104]
R3 fsssvc;Windows Live Protección Infantil;c:\archivos de programa\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2008-07-30 13352]
R3 KS-959;Kingsun KS-959 USB Infrared Adapter;c:\windows\system32\DRIVERS\KS-959.sys [2005-09-05 19034]
R3 usb2vcom;USB Data Cable;c:\windows\system32\DRIVERS\usb2vcom.sys [2006-02-19 29152]
S0 CLBStor;InstantBurn Storage Helper Driver; [x]
S2 CLBUDF;CyberLink InstantBurn UDF Filesystem; [x]
S2 fssfltr;fssfltr;c:\windows\system32\DRIVERS\fssfltr_tdi.sys [2009-02-06 55152]
.
Contents of the 'Scheduled Tasks' folder
2009-07-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\archivos de programa\Google\Update\GoogleUpdate.exe [2008-07-16 19:09]
2009-07-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\archivos de programa\Google\Update\GoogleUpdate.exe [2008-07-16 19:09]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xportar a Microsoft Excel - c:\archiv~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: banesconline.com\www
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.es/scan_es/scan8/oscan8.cab
DPF: {A9ED6AA2-D9D4-4D71-9586-E293E2E3580B} - hxxp://67.15.101.33/g_bin/eng/marbles_2_0_0_32.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game02.zylom.com/activex/zylomgamesplayer.cab
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-06 16:20
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:f0,2e,34,57,c9,5f,bb,19,f2,d2,bd,6d,06,b2,54,7d,66,4f,2a,44,88,
e6,b5,6e,aa,4b,fd,e6,fb,52,11,41,38,6b,db,af,5e,70,13,f5,cd,bf,78,d6,00,a4,\
[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:f0,2e,34,57,c9,5f,bb,19,f2,d2,bd,6d,06,b2,54,7d,66,4f,2a,44,88,
e6,b5,6e,aa,4b,fd,e6,fb,52,11,41,38,6b,db,af,5e,70,13,f5,cd,bf,78,d6,00,a4,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(3648)
c:\windows\system32\WININET.dll
c:\windows\system32\nview.dll
c:\windows\system32\NVWRSESM.DLL
c:\windows\system32\nvwddi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\archivos de programa\Archivos comunes\Adobe\Acrobat\ActiveX\PDFShell.ESP
.
Completion time: 2009-07-06 16:28
ComboFix-quarantined-files.txt 2009-07-06 20:28
ComboFix2.txt 2009-07-06 17:56
ComboFix3.txt 2008-09-06 23:55
Pre-Run: 7,023,239,168 bytes libres
Post-Run: 7,040,741,376 bytes libres
Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
246 --- E O F --- 2009-06-15 01:44
Thanks Blade
Kliber.
Hi again,
Open notepad and copy/paste the text in the quotebox below into it:
DDS::
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - No File
Folder::
c:\archivos de programa\eMule
c:\documents and settings\Kliber\Datos de programa\Azureus
c:\documents and settings\All Users\Datos de programa\Azureus
Registry::
[HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\winlogon]
"Shell"="Explorer.exe"
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Acha.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AmyMastura.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\BabyRina.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cscript.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\csrsz.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\lsasc.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\registry.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SMSSS.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\wscript.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=-
"AntiVirusOverride"=-
"FirewallOverride"=-
"UacDisableNotify"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusDisableNotify"=-
"AntiVirusOverride"=-
"FirewallDisableNotify"=-
"FirewallOverride"=-
"UpdatesDisableNotify"=-
"UacDisableNotify"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Documents and Settings\\Kliber\\Mis documentos\\Descargas\\eMule-0.49b-ScarAngel-v3.1-bin\\eMule0.49b-ScarAngel_v3.1-bin\\emule.exe"=-
Save this as
CFScript
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.
http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
Close all browser windows (make sure protection programs are disabled again) and refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.
Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.
Uninstall this vulnerable Java:
Java(TM) SE Development Kit 6 Update 7
Also, update your Adobe Reader to version 9.1.2.
Download ATF (Atribune Temp File) Cleaner© by Atribune (http://www.atribune.org/ccount/click.php?id=1) to your desktop.
Double-click ATF Cleaner.exe to open it
Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.
If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
Click Exit on the Main menu to close the program.
Please run an online scan with Kaspersky Online Scanner (http://www.kaspersky.com/virusscanner) as instructed in the screenshot here (http://i275.photobucket.com/albums/jj285/Bleeping/KAS/KAS9.gif).
Post back its report, a fresh dds.txt log and above mentioned ComboFix resultant log.
Hi Blade, this homework its hard, heheh; ComboFix stalled at log report, the procces you named above didnt show, I tryed by finishing these: pnkbstra.exe (wanna get rid of him since I dont play online anymore) Realshed.exe (also dont use realplayer) Iburn.exe, groovemonitor.exe, pdvdserv,exe, devldr32.exe, WINWORD.EXE (cant recall this one in the tasks before) mdm.exe, jqs.exe, E_s40rp7.exe, with no results, the computer just stalled and needed to reboot once; Karpesky online stood scaning all night and stalled at 45% this morning after 6.17 hours of work (maybe more) It didnt produce the log, but it discovers 16 threat names, 26 objects infected and 3 suspicius. here its my DDS log:
DDS (Ver_09-06-26.01) - NTFSx86
Run by Kliber at 13:35:10.65 on 08/07/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13
============== Pseudo HJT Report ===============
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uWinlogon: Shell=Explorer.exe, c:\archivos de programa\microsoft office\office11\services.exe
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - e:\archivos de programa\adobe\/Adobe Contribute CS3/contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\archivos de programa\archivos comunes\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\archiv~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\archivos de programa\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\archivos de programa\microsoft office\office12\GrooveShellExtensions.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\archivos de programa\java\jre6\bin\ssv.dll
BHO: Windows Live Aplicación auxiliar de inicio de sesión: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\archivos de programa\archivos comunes\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\archivos de programa\google\googletoolbarnotifier\5.0.926.3450\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\archivos de programa\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\archivos de programa\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\archivos de programa\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - e:\archivos de programa\adobe\/Adobe Contribute CS3/contributeieplugin.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\archivos de programa\windows live\toolbar\wltcore.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [swg] c:\archivos de programa\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [msnmsgr] "c:\archivos de programa\windows live\messenger\msnmsgr.exe" /background
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [GrooveMonitor] "c:\archivos de programa\microsoft office\office12\GrooveMonitor.exe"
mRun: [RemoteControl] "c:\archivos de programa\cyberlink\powerdvd\PDVDServ.exe"
mRun: [LanguageShortcut] "c:\archivos de programa\cyberlink\powerdvd\language\Language.exe"
mRun: [InstantBurn] c:\archiv~1\cyberl~1\instan~1\win2k\IBurn.exe
mRun: [Adobe_ID0EYTHM] c:\archiv~1\archiv~1\adobe\adobev~1\server\bin\VERSIO~2.EXE
mRun: [TkBellExe] "c:\archivos de programa\archivos comunes\real\update_ob\realsched.exe" -osboot
mRun: [SunJavaUpdateSched] "c:\archivos de programa\java\jre6\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\archivos de programa\adobe\reader 9.0\reader\Reader_sl.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
mPolicies-system: EnableLUA = 0 (0x0)
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xportar a Microsoft Excel - c:\archiv~1\micros~2\office12\EXCEL.EXE/3000
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\archivos de programa\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBC} - c:\archivos de programa\java\jre6\bin\jp2iexp.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\archivos de programa\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\archiv~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\archiv~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\archiv~1\spybot~1\SDHelper.dll
Trusted Zone: banesconline.com\www
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader5.cab
DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/ES-ES/a-UNO1/GAME_UNO1.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.es/scan_es/scan8/oscan8.cab
DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} - hxxp://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {A9ED6AA2-D9D4-4D71-9586-E293E2E3580B} - hxxp://67.15.101.33/g_bin/eng/marbles_2_0_0_32.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game02.zylom.com/activex/zylomgamesplayer.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\archivos de programa\microsoft office\office12\GrooveSystemServices.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\archivos de programa\microsoft office\office12\GrooveShellExtensions.dll
============= SERVICES / DRIVERS ===============
=============== Created Last 30 ================
2009-07-06 13:48 <DIR> -cd----- c:\windows\system32\dllcache\cache
2009-07-06 13:26 161,792 a------- c:\windows\SWREG.exe
2009-07-06 13:26 155,136 a------- c:\windows\PEV.exe
2009-07-06 13:26 98,816 a------- c:\windows\sed.exe
2009-06-30 19:29 567 a------- c:\windows\system32\BDUpdateV1.xml
2009-06-30 18:59 81,984 a------- c:\windows\system32\bdod.bin
2009-06-29 19:38 <DIR> --d----- c:\docume~1\alluse~1\datosd~1\BitDefender
2009-06-29 19:19 <DIR> --d----- c:\archivos de programa\archivos comunes\BitDefender
2009-06-17 15:36 <DIR> --dsh--- c:\documents and settings\kliber\IECompatCache
2009-06-17 15:35 <DIR> --dsh--- c:\documents and settings\kliber\PrivacIE
2009-06-17 15:34 <DIR> --dsh--- c:\documents and settings\kliber\IETldCache
2009-06-17 15:29 <DIR> --d----- c:\windows\ie8updates
2009-06-17 15:26 <DIR> -cd-h--- c:\windows\ie8
2009-06-17 14:48 <DIR> --d-h--- c:\windows\msdownld.tmp
2009-06-17 14:46 12,800 -c------ c:\windows\system32\dllcache\xpshims.dll
2009-06-17 14:46 246,272 -c------ c:\windows\system32\dllcache\ieproxy.dll
2009-06-17 14:44 102,912 -c------ c:\windows\system32\dllcache\iecompat.dll
2009-06-10 11:02 18,816 a------- c:\windows\system32\drivers\pccsmcfd.sys
2009-06-10 11:01 <DIR> --d----- c:\archivos de programa\PC Connectivity Solution
2009-06-10 11:00 7,808 a------- c:\windows\system32\drivers\usbser_lowerfltj.sys
2009-06-10 11:00 7,808 a------- c:\windows\system32\drivers\usbser_lowerflt.sys
2009-06-10 11:00 22,016 a------- c:\windows\system32\drivers\ccdcmbo.sys
2009-06-10 11:00 1,112,288 a------- c:\windows\system32\wdfcoinstaller01007.dll
2009-06-10 11:00 659,968 a------- c:\windows\system32\nmwcdcocls.dll
2009-06-10 11:00 17,664 a------- c:\windows\system32\drivers\ccdcmb.sys
==================== Find3M ====================
2009-06-17 11:27 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-17 11:27 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-05-13 01:04 915,456 a------- c:\windows\system32\wininet.dll
2009-05-07 11:33 347,648 a------- c:\windows\system32\localspl.dll
2009-04-19 15:50 1,847,296 a------- c:\windows\system32\win32k.sys
2009-04-18 22:22 499,018 a------- c:\windows\system32\perfh00A.dat
2009-04-18 22:22 86,836 a------- c:\windows\system32\perfc00A.dat
2009-04-15 10:54 585,216 a------- c:\windows\system32\rpcrt4.dll
2009-02-14 12:19 2,828 a--sh--- c:\docume~1\alluse~1\datosd~1\KGyGaAvL.sys
2009-02-14 12:19 88 ---shr-- c:\docume~1\alluse~1\datosd~1\06EB96A50D.sys
2007-12-30 19:56 25,600 a------- c:\documents and settings\kliber\usbsermptxp.sys
2007-12-30 19:56 22,768 a------- c:\documents and settings\kliber\usbsermpt.sys
2007-11-29 18:38 22,328 a------- c:\docume~1\kliber\datosd~1\PnkBstrK.sys
2001-02-02 23:00 40,040 a------- c:\docume~1\kliber\datosd~1\wxnlz.dll
2008-08-20 13:36 32,768 a--sh--- c:\windows\system32\config\systemprofile\configuración local\historial\history.ie5\mshist012008082020080821\index.dat
============= FINISH: 13:35:42.40 ===============
Combofix Log (I feel naked in front of a doctor with this one, lol)
ComboFix 09-07-05.04 - Kliber 07/07/2009 12:52.5 - NTFSx86
Running from: c:\documents and settings\Kliber\Escritorio\ComboFix.exe
Command switches used :: c:\documents and settings\Kliber\Escritorio\CFScript.txt
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\archivos de programa\eMule
c:\archivos de programa\eMule\_eMule-MODs__Infos_Ratings_Downloads.url
c:\archivos de programa\eMule\_Fake_Free__Server-List_and_MET.url
c:\archivos de programa\eMule\Incoming\(2008) MetallicA - Death Magnetic [By Ðaltøn].rar
c:\archivos de programa\eMule\Incoming\(240x320) The Munsters Pinball.jar
c:\archivos de programa\eMule\Incoming\(Ebook) Complete Idiots Guide To Learning German On Your Own.pdf
c:\archivos de programa\eMule\Incoming\(Juegos Movil) ACB 2008 El Videojuego Oficial 240x320.jar
c:\archivos de programa\eMule\Incoming\(Juegos Movil) Cubis 2 240x320.jar
c:\archivos de programa\eMule\Incoming\(Juegos Movil) Puzzle Quest - Warlords 240x320.jar
c:\archivos de programa\eMule\Incoming\(Juegos Movil) Turbo Pizza 240x320.jar
c:\archivos de programa\eMule\Incoming\(Juegos Movil) XForce 240x320.jar
c:\archivos de programa\eMule\Incoming\(www.siemensjava.pl)_Devil_May_Cry_-_War_of_Heroes_(240x320).jar
c:\archivos de programa\eMule\Incoming\[Ebook].[Drugs].[Marijuana].[HighTimes Magazine - #327 (Nov02)].pdf
c:\archivos de programa\eMule\Incoming\[GPM.Kartonowka.2000-4].Complete.pdf
c:\archivos de programa\eMule\Incoming\[MOBILE GAME] Splinter Cell Double Agent (Gameloft) 240X320 [S60v3].jar
c:\archivos de programa\eMule\Incoming\[S60 v3 240x320] Millionaire 3rd Edition.jar
c:\archivos de programa\eMule\Incoming\[SmartSound.????].TLF-SOFT-SmartSound.Producer.Series.Vol.02.Riveting.Energetic.Rock-DYNAMiCS.nfo
c:\archivos de programa\eMule\Incoming\[SmartSound.????].TLF-SOFT-SmartSound.Producer.Series.Vol.11.Mystical.Percussive.Soundscapes-DYNAMiCS.bin
c:\archivos de programa\eMule\Incoming\[SmartSound.????].TLF-SOFT-SmartSound.Producer.Series.Vol.11.Mystical.Percussive.Soundscapes-DYNAMiCS.cue
c:\archivos de programa\eMule\Incoming\[SmartSound.????].TLF-SOFT-SmartSound.Producer.Series.Vol.11.Mystical.Percussive.Soundscapes-DYNAMiCS.nfo
c:\archivos de programa\eMule\Incoming\[Smartsound.Movie.Music.Blockbuster.????].TLF-SOFT-Smartsound.Movie.Music.Blockbuster.vol.1.Wav.SCDS-SPiRiT.nfo
c:\archivos de programa\eMule\Incoming\[SmartSound??????].TLF-SOFT-SmartSound.Film.Score.Series.Richard.Band.Vol.01.Action-DYNAMiCS(1).cue
c:\archivos de programa\eMule\Incoming\[SmartSound??????].TLF-SOFT-SmartSound.Film.Score.Series.Richard.Band.Vol.01.Action-DYNAMiCS.nfo
c:\archivos de programa\eMule\Incoming\[SmartSound??????].TLF-SOFT-SmartSound.Film.Score.Series.Richard.Band.Vol.02.Horror-DYNAMiCS.cue
c:\archivos de programa\eMule\Incoming\[SmartSound??????].TLF-SOFT-SmartSound.Film.Score.Series.Richard.Band.Vol.02.Horror-DYNAMiCS.nfo
c:\archivos de programa\eMule\Incoming\01 - Psygone - Camaro Kanitou.mp3
c:\archivos de programa\eMule\Incoming\04- Motorhead - The Ace Of Spades.mp3
c:\archivos de programa\eMule\Incoming\094[Papermodels@emule] [GPM 094] - Tiger I (Ferdinand).pdf
c:\archivos de programa\eMule\Incoming\10 - Anthrax - Among The Living.mp3
c:\archivos de programa\eMule\Incoming\1198258250_xtreme_dirt_bike_240x320.jar
c:\archivos de programa\eMule\Incoming\1201502396_nowhere_240x320_s60v3.jar
c:\archivos de programa\eMule\Incoming\1209791510_indiana_jones_240x320_n95.jar
c:\archivos de programa\eMule\Incoming\1943skywark 240x320 (garcia1808).jar
c:\archivos de programa\eMule\Incoming\240x320_Digital_Audio_Player By DjAndyNinety Villapiana Lido 114.jar
c:\archivos de programa\eMule\Incoming\3D Juiced 2 Hot Import Night [240x320] [SOKOL].jar
c:\archivos de programa\eMule\Incoming\3D Metal Gear Solid - The Mission_240x320.jar
c:\archivos de programa\eMule\Incoming\3D Real Mahjong 240x320.jar
c:\archivos de programa\eMule\Incoming\3D Roller Coaster Rush (240x320).jar
c:\archivos de programa\eMule\Incoming\3D Tower Bloxx Deluxe 240x320.jar
c:\archivos de programa\eMule\Incoming\3d_colin_mcrae_dirt_240x320.jar
c:\archivos de programa\eMule\Incoming\3Style_Snowboarding_240x320.jar
c:\archivos de programa\eMule\Incoming\4x4 Extreme Rally 3D 240x320.jar
c:\archivos de programa\eMule\Incoming\abracadaball_240x320.jar
c:\archivos de programa\eMule\Incoming\Absolute_Clearout_Deluxe-j2me-samsung-(240x320).jar
c:\archivos de programa\eMule\Incoming\aces of the luftwaffe 240x320.jar
c:\archivos de programa\eMule\Incoming\age of heroes 2 nokia 240x320.jar
c:\archivos de programa\eMule\Incoming\Age_of_Empires_II_240x320.jar
c:\archivos de programa\eMule\Incoming\AlbumArt_{1E6B2AAE-9FF5-40FF-9BCE-03DA9916026C}_Large.jpg
c:\archivos de programa\eMule\Incoming\AlbumArt_{1E6B2AAE-9FF5-40FF-9BCE-03DA9916026C}_Small.jpg
c:\archivos de programa\eMule\Incoming\AlbumArtSmall.jpg
c:\archivos de programa\eMule\Incoming\Ali_The_Penguin_240x320.jar
c:\archivos de programa\eMule\Incoming\Alla tu v2 ESP 240x320.jar
c:\archivos de programa\eMule\Incoming\Americas Army (MIDP-2.0) v106 240x320.jar
c:\archivos de programa\eMule\Incoming\animated-240x320.rar
c:\archivos de programa\eMule\Incoming\Anthrax - Antisocial.mp3
c:\archivos de programa\eMule\Incoming\Anthrax - Be All, End All.mp3
c:\archivos de programa\eMule\Incoming\Anthrax - Penikufesin - 03 - Friggin In The Riggin.mp3
c:\archivos de programa\eMule\Incoming\Anthrax - Penikufesin - 06 - Pipeline.mp3
c:\archivos de programa\eMule\Incoming\Anthrax - State Of Euphoria - 07 - Schism.mp3
c:\archivos de programa\eMule\Incoming\Anthrax - State of Euphoria - 10 - Finale.mp3
c:\archivos de programa\eMule\Incoming\Anthrax - Who Cares Wins.mp3
c:\archivos de programa\eMule\Incoming\Artificial.Life.V.Girl.3.0.240x320.v1.1.12.S60v3.J2ME.Retail-BiNPDA.jar
c:\archivos de programa\eMule\Incoming\assasins_creed_(240x320)-82552.jar
c:\archivos de programa\eMule\Incoming\Assassin's Creed 240x320.jar
c:\archivos de programa\eMule\Incoming\Asterix_2008_240x320_v0_1_6_S60v3.jar
c:\archivos de programa\eMule\Incoming\Aventuras Deportivas - Iniciacion Parapente.pdf
c:\archivos de programa\eMule\Incoming\Ball_Rush_2_Winter_Version_[240x320].jar
c:\archivos de programa\eMule\Incoming\battlefield_napoleonic_wars_240x320.jar
c:\archivos de programa\eMule\Incoming\BBC.Horizon.2009.Cannabis.The.Evil.Weed.HDTV.XviD.MP3.MVGroup.en.srt
c:\archivos de programa\eMule\Incoming\BBC.Horizon.2009.Cannabis.The.Evil.Weed.HDTV.XviD.MP3.MVGroup.es.srt
c:\archivos de programa\eMule\Incoming\BBC.Yellowstone.English.Subs.AC3.DVDRip.XviD-MVGroup.rar
c:\archivos de programa\eMule\Incoming\Beijing_2008_(240x320)-117077.jar
c:\archivos de programa\eMule\Incoming\Bejeweled-j2me-samsung-(240x320).jar
c:\archivos de programa\eMule\Incoming\Ben 10 - Power Of The Omnitrix (240x320)(S60v3)-196513.jar
c:\archivos de programa\eMule\Incoming\Better.Homes.And.Gardens.Home.Designer.Suite.8-EcHoS.nfo
c:\archivos de programa\eMule\Incoming\Bit-Side.PanoMan.240x320.v1.24.S60v3.SymbianOS9.1.Cracked-BiNPDA.sis
c:\archivos de programa\eMule\Incoming\Black Citadel II RPG 240x320 J2me.jar
c:\archivos de programa\eMule\Incoming\Black Shark 3D - 240x320_N73_RUS_RETAIL-SEGames-Team.jar
c:\archivos de programa\eMule\Incoming\Blades & Magic 240x320.jar
c:\archivos de programa\eMule\Incoming\Blaze Golf Pro Contest Part2 240x320 J2me 3D.jar
c:\archivos de programa\eMule\Incoming\Bolt (240x320)-195155.jar
c:\archivos de programa\eMule\Incoming\Brain Challenge II 240x320.jar
c:\archivos de programa\eMule\Incoming\BrainJuice.J2ME(240x320-N73).v1.2.12.DDJ.jar
c:\archivos de programa\eMule\Incoming\Breakpoint Inchville 240x320.jar
c:\archivos de programa\eMule\Incoming\Bricks Of Egypt 240x320.jar
c:\archivos de programa\eMule\Incoming\Brothers In Arms - Art Of War - 240x320.jar
c:\archivos de programa\eMule\Incoming\Brothersinarms3D Nokia n92 n93 n73 e61 n71 e50 240x320 Symbian s60 v3 Os9.zip
c:\archivos de programa\eMule\Incoming\Bruce_Lee-Iron_Fist-j2me-samsung-(240x320).jar
c:\archivos de programa\eMule\Incoming\bruce_lee_iron_fist_3d_240x320.jar
c:\archivos de programa\eMule\Incoming\californiagamesx_240x320.jar
c:\archivos de programa\eMule\Incoming\Call Of Duty 3 Nokia 240x320.jar
c:\archivos de programa\eMule\Incoming\Call_Of_Duty_V_World_At_War_Nokia_N81_240x320.jar
c:\archivos de programa\eMule\Incoming\Camera Cafe n95 240x320.jar
c:\archivos de programa\eMule\Incoming\Cannabis cultivation (High Times Marijuana Growing).mpg
c:\archivos de programa\eMule\Incoming\Cannabis Growing and Cultivation (by Krom Producties, Dutch production in English, full, SOIL, NOT HYDRO).mpg
c:\archivos de programa\eMule\Incoming\Capcom Pang 240x320 v1.0.0 s60 Symbian9.1 Modified By Faq.jar
c:\archivos de programa\eMule\Incoming\CAPCOM.Resident.Evil.The.Missions.240x320.v1.0.0.S60v3.J2ME.Retail-BiNPDA.jar
c:\archivos de programa\eMule\Incoming\captain commando NOKIA N73 240X320.jar
c:\archivos de programa\eMule\Incoming\Casinowheel 240x320 Nokia n92 n93 n73 e61 n71 e50.jar
c:\archivos de programa\eMule\Incoming\Castlevania Aria of Sorrow 240x320.jar
c:\archivos de programa\eMule\Incoming\catz_240x320.jar
c:\archivos de programa\eMule\Incoming\Century Of Pirates K800 240x320.jar
c:\archivos de programa\eMule\Incoming\Cervantes, Jorge - Marihuana en Exterior Cultivo de Guerrilla.pdf
c:\archivos de programa\eMule\Incoming\Circulate (240x320)-130869.jar
c:\archivos de programa\eMule\Incoming\City Tycoon (240x320).jar
c:\archivos de programa\eMule\Incoming\Critter Crunch 240x320.jar
c:\archivos de programa\eMule\Incoming\Cross Country Magazine » Thermal flying part 1 - Thermals.mht
c:\archivos de programa\eMule\Incoming\Cross Country Magazine » Thermal flying part 2 - thermal generators and triggers.mht
c:\archivos de programa\eMule\Incoming\Cross Country Magazine » Thermal Flying Part 3 Cloud Streets over Flatlands.mht
c:\archivos de programa\eMule\Incoming\Crypt_Oh_Mummy-j2me-samsung-(240x320).jar
c:\archivos de programa\eMule\Incoming\CSI-Las-Vegas(español)(240x320).jar
c:\archivos de programa\eMule\Incoming\CSI_MIAMI_S60V3_N95_240x320.jar
c:\archivos de programa\eMule\Incoming\Dakar_2008_240x320.jar
c:\archivos de programa\eMule\Incoming\Danzhu Nokia n92 n93 n73 e61 n71 e50 240x320.sis
c:\archivos de programa\eMule\Incoming\Desafia al Ingles español 240x320.jar
c:\archivos de programa\eMule\Incoming\desktop.ini
c:\archivos de programa\eMule\Incoming\Diamond.Detective.240x320.v1.0.7.Italian.S60v3.J2ME.Retail.jar
c:\archivos de programa\eMule\Incoming\Digital Chocolate - 20Q Mind Reader 240x320.jar
c:\archivos de programa\eMule\Incoming\Digital Chocolate Brain Juice Energy 240x320.jar
c:\archivos de programa\eMule\Incoming\Digital.Chocolate.Bocce.World.Tour.240x320.v1.4.1.S60v3.J2ME.Retail-BiNPDA.jar
c:\archivos de programa\eMule\Incoming\Digital.Chocolate.Crazy.Penguin.Catapult.240x320.v1.0.6.S60v3.J2ME.Retail-BiNPDA.zip
c:\archivos de programa\eMule\Incoming\Digital.Chocolate.Mafia.Wars.Yakuza.240x320.v1.5.0.S60v3.J2ME.Retail-BiNPDA.jar
c:\archivos de programa\eMule\Incoming\Digital.Chocolate.Pamplona.240x320.v1.1.4.Italian.S60v3.J2ME.Retail-BiNPDA.jar
c:\archivos de programa\eMule\Incoming\Disney.Mobile.Spectrobes.240x320.v1.1.0.S60v3.J2ME.Retail-BiNPDA.jar
c:\archivos de programa\eMule\Incoming\Donald_Ducks_Quest_Deluxe-j2me-samsung-(240x320).jar
c:\archivos de programa\eMule\Incoming\Doors (240x320)-61432.jar
c:\archivos de programa\eMule\Incoming\Double Dragon II [Multi-Spa](240x320) Nokia N73 N95. ByJJ 2008.jar
c:\archivos de programa\eMule\Incoming\Dragon_Island-j2me-samsung-(240x320).jar
c:\archivos de programa\eMule\Incoming\Dreamway.S60.3rd.Edition.N73(240x320).zip
c:\archivos de programa\eMule\Incoming\EA Mobile - SCRABBLE 240x320.jar
c:\archivos de programa\eMule\Incoming\EA.Mobile.Cooking.Mama.240x320.v1.0.22.S60v3.J2ME.Retail-BiNPDA.jar
c:\archivos de programa\eMule\Incoming\EA.Mobile.Cooking.Mama.240x320.v1.0.22.S60v3.J2ME.Retail-BiNPDA.zip
c:\archivos de programa\eMule\Incoming\EA.Mobile.Dakar.2007.240x320.v1.0.5.S60v3.J2ME.Retail-BiNPDA.zip
c:\archivos de programa\eMule\Incoming\EA.Mobile.Kung.Fu.Panda.240x320.v4.5.78.S40v3.J2ME.Retail-BiNPDA.jar
c:\archivos de programa\eMule\Incoming\EA.Mobile.Medal.Of.Honor.Airborne.240x320.v4.5.17.S40v3.J2ME.Retail-BiNPDA.jar
c:\archivos de programa\eMule\Incoming\EA.Mobile.Monopoly.Here.And.Now.240x320.v4.13.53.S60v3.J2ME.Retail-BiNPDA.jar
c:\archivos de programa\eMule\Incoming\EA.Mobile.Monopoly.Here.And.Now.240x320.v4.13.53.S60v3.J2ME.Retail-BiNPDA.zip
c:\archivos de programa\eMule\Incoming\EA.Mobile.Orcs.And.Elves.240x320.v1.1.15.S60v3.J2ME.Retail-BiNPDA.jar
c:\archivos de programa\eMule\Incoming\EA.Mobile.Pictionary.240x320.v1.4.92.S60v3.J2ME.Retail-BiNPDA.jar
c:\archivos de programa\eMule\Incoming\EA.Mobile.Risk.240x320.v1.11.1.S60v3.J2ME.Retail-BiNPDA.jar
c:\archivos de programa\eMule\Incoming\EA.Mobile.SPORE.Origins.240x320.v4.9.21.jar
c:\archivos de programa\eMule\Incoming\EA.Mobile.The.Sims.Bowling.240x320.v1.8.37.S60v3.jar
c:\archivos de programa\eMule\Incoming\EA.Mobile.The.Sims.DJ.240x320.v4.2.29.S60v3.J2ME.Retail-BiNPDA.jar
c:\archivos de programa\eMule\Incoming\Einsteins brain 240x320 NokiaN81.jar
c:\archivos de programa\eMule\Incoming\Electronic Gaming Monthly 223 - Holiday 2007 - Games Overload.pdf
c:\archivos de programa\eMule\Incoming\Elements.Interactive.Quartz2.Deluxe.240x320.v1.0.S60v3.SymbianOS9.1.Cracked-illusion.sis
c:\archivos de programa\eMule\Incoming\ESET.Smart.Security.4.0.314-ESET.rar
c:\archivos de programa\eMule\Incoming\ESET.Smart.Security.4.0.314-ESET\eset.nfo
c:\archivos de programa\eMule\Incoming\ESET.Smart.Security.4.0.314-ESET\ess_nt32_enu.msi
c:\archivos de programa\eMule\Incoming\ESET.Smart.Security.4.0.314-ESET\file_id.diz
c:\archivos de programa\eMule\Incoming\ESET.Smart.Security.4.0.314-ESET\serial.txt
c:\archivos de programa\eMule\Incoming\ESPN_X_Games-Snowboarder_X-j2me-samsung-(240x320).jar
c:\archivos de programa\eMule\Incoming\Everchanging_176x220.swf
c:\archivos de programa\eMule\Incoming\Everyday_English_Trainer_SE_240x320.jar
c:\archivos de programa\eMule\Incoming\Extreme Rally World Tour 240x320.jar
c:\archivos de programa\eMule\Incoming\Farcry_2_240x320_Esp_By_aarTuuRooo.jar
c:\archivos de programa\eMule\Incoming\Farcry2_SonyEricssonK800i_K770i_K790a_K790i_K810i_S500i_T650i_W580i_W850i_W880i_ES_240x320.jar
c:\archivos de programa\eMule\Incoming\FatMan_Adventures_2D.240x320.Symbian9.1.Modified.By.FAQ.zip
c:\archivos de programa\eMule\Incoming\Filao Fried Chicken 240x320..jar
c:\archivos de programa\eMule\Incoming\Fish.Tycoon.240x320.v0.6.6.S60v3.J2ME.Retail-BiNPDA.jar
c:\archivos de programa\eMule\Incoming\Flash.Intro.and.Banner.Maker.v2.0.85.WinAll.Cracked-SQUNK.rar
c:\archivos de programa\eMule\Incoming\flash_clock_983-club-se.ru_240x320.swf
c:\archivos de programa\eMule\Incoming\Flower Tower 3D Nokia n73 240x320.jar
c:\archivos de programa\eMule\Incoming\FMX.III.Hardcore.240x320.v0.6.9.S60v3.J2ME.Retail-BiNPDA.jar
c:\archivos de programa\eMule\Incoming\Folder.jpg
c:\archivos de programa\eMule\Incoming\Font_Sony_Sketch_EF.zip
c:\archivos de programa\eMule\Incoming\Frantic Factory [240x320].jar
c:\archivos de programa\eMule\Incoming\Funmobile Aircraft Gear 240x320.jar
c:\archivos de programa\eMule\Incoming\Funmobile Ninja Mission 240x320 Nokia n92 n93 n73 e61 n71 e50.jar
c:\archivos de programa\eMule\Incoming\Futrzak 2 240x320.jar
c:\archivos de programa\eMule\Incoming\G@Meloft Minigolf Revolution Pirate Park s60 v3.240x320 By Alex44.jar
c:\archivos de programa\eMule\Incoming\Game Nokia Strip Maze 2007 j2Me Jar [240x320] Screen.zip
c:\archivos de programa\eMule\Incoming\Gameloft Guitar Legend Get On Stage 240x320 s60v3 j2Me.jar
c:\archivos de programa\eMule\Incoming\Gameloft Off Road Dirt Motocross 240x320 v1.0.2 s40v3.jar
c:\archivos de programa\eMule\Incoming\GAMELOFT Rise of Lost Empires 240x320.jar
c:\archivos de programa\eMule\Incoming\Gameloft Sexy Poker Manga S60v3 240x320.jar
c:\archivos de programa\eMule\Incoming\Gameloft Surfs Up v1.2.1.240x320 s60v3 j2Me Retail.jar
c:\archivos de programa\eMule\Incoming\Gameloft Tom Clancy's Rainbow Six Vegas v1.0.2 j2Me n73.240x320 s60v3 Retail Mfreak.jar
c:\archivos de programa\eMule\Incoming\Gameloft.-.Mystery.Mansion.Pinball.1.2.1.-.240x320.-.n95.by.Gio.jar
c:\archivos de programa\eMule\Incoming\Gameloft.Desperate.Housewives.240x320.J2ME.jar
c:\archivos de programa\eMule\Incoming\Gameloft.Die.Hard.4.0.v1.0.6.240x320.K800.J2Me.Retail-NOKiApDA.jar
c:\archivos de programa\eMule\Incoming\Gameloft.DominoFever.240x320.Symbian9.1.Modified.By.FAQ.jar
c:\archivos de programa\eMule\Incoming\Gameloft.Gangstar.Crime.City.v1.0.3.J2ME.N73.240x320.s60v3.Retail.mfreak.jar
c:\archivos de programa\eMule\Incoming\GAMELOFT.GHOST.RECON.2.ADVANCED.WARFiGHTER.v1.2.1.240x320.K800i.J2ME.RETAiL-MSGPDA.jar
c:\archivos de programa\eMule\Incoming\Gameloft.Massive.Snowboarding.3D.240x320.jar
c:\archivos de programa\eMule\Incoming\Gameloft.Midnight.Hold.Em.Poker.3D.240x320.UIQ3.jar
c:\archivos de programa\eMule\Incoming\Gameloft.Naval_Battle_Mission_Commander.240x320.Symbian9.1.jar
c:\archivos de programa\eMule\Incoming\gameloft.oktoberfest.unlimited.fun.240x320.jar
c:\archivos de programa\eMule\Incoming\Gameloft.Paris.Nights.v1.5.0.(All.Ver.).Sony.Ericsson.J2ME.Retail-MSGPDA.rar
c:\archivos de programa\eMule\Incoming\Gameloft.Texas.HoldEm.Poker.v1.0.0.(All.Vers.)Sony.Ericsson.J2ME.Retail-MSGPDA.rar
c:\archivos de programa\eMule\Incoming\Gameloft.The.Settlers.240x320.v1.1.0.Italian.S60v3.J2ME.Retail.jar
c:\archivos de programa\eMule\Incoming\Gameloft.Totally_Spies.240x320.Symbian9.1.Modified.By.DZed.jar
c:\archivos de programa\eMule\Incoming\Gameloft_Prince.of.Persia_Warrior.Within.240x320 Nokia N92 N93 N73 E61 N71 E50.jar
c:\archivos de programa\eMule\Incoming\Gameloft_The_Promise.240x320.Nokia N92 N93 N73 E61 N71 E50.jar
c:\archivos de programa\eMule\Incoming\Garmin Mobile Xt Nokia n95 Gps Interno Con Pack De Idiomas Y Mapa Iberia By Fichaje.rar
c:\archivos de programa\eMule\Incoming\Ghost_Rider_240x320.jar
c:\archivos de programa\eMule\Incoming\GlobalFun Great Legends Robin Hood 240x320 J2me.jar
c:\archivos de programa\eMule\Incoming\Glu Mobile Monopoly Here And Now 240x320.jar
c:\archivos de programa\eMule\Incoming\Glu Mobile My Hangman 240x320 v1.0.1 s60v3 j2Me Retail-Binpda.jar
c:\archivos de programa\eMule\Incoming\Glu.Mobile.Age.Of.Empires.III.Mobile.240x320.v1.0.3.S40v3.J2ME.Retail-BiNPDA.jar
c:\archivos de programa\eMule\Incoming\Glu.Mobile.AstroPop.240x320.v1.0.1.S60v3.J2ME.Retail-BiNPDA.jar
c:\archivos de programa\eMule\Incoming\Glu.Mobile.Brain.Genius.v0.2.0.Spanish.(240x320)(1).jar
c:\archivos de programa\eMule\Incoming\Glu.Mobile.Brain.Genius.v0.2.0.Spanish.(240x320).jar
c:\archivos de programa\eMule\Incoming\Glu.Mobile.Sexy.Babes.Aquapark.240x320.v1.0.2.S60v3.J2ME.Retail-BiNPDA.jar
c:\archivos de programa\eMule\Incoming\goa gil - spiritual trance - kashmir - psygone.mp3
c:\archivos de programa\eMule\Incoming\God Of War Nokia n73 240x320.jar
c:\archivos de programa\eMule\Incoming\Guitar Hero III (240x320).jar
c:\archivos de programa\eMule\Incoming\HandyGames_Brain_Trainer_240x320.jar
c:\archivos de programa\eMule\Incoming\Heroes The Official Mobile Game [240x320] [SOKOL].jar
c:\archivos de programa\eMule\Incoming\HeroOfSparta_600k_Nokia_N95_EN_IGPL_EU_118__N81_N85_N78_.jar
c:\archivos de programa\eMule\Incoming\High Times Magazine - Sex On Marijuana.pdf
c:\archivos de programa\eMule\Incoming\High.Times.How.To.Grow.Tastier.Buds.393.oct.2008-Nr51-(420Project.Org).pdf
c:\archivos de programa\eMule\Incoming\High_Times_March_(2002).Weedshop.Sharereactor.pdf
c:\archivos de programa\eMule\Incoming\Hightimes Magazine -#318 (Feb02); 6.0-2.5 Shareconnector.pdf
c:\archivos de programa\eMule\Incoming\Hightimes Magazine -#319 (Mar02); 6.0-2.5 Shareconnector.pdf
c:\archivos de programa\eMule\Incoming\Hightimes Magazine -#320 (Apr02); 6.0-2.5 Shareconnector.pdf
c:\archivos de programa\eMule\Incoming\HighTimes.Magazine.-#322.(Jun02);.6.0-2.5.ShareConnector.pdf
c:\archivos de programa\eMule\Incoming\hollywood_hospital_240x320.jar
c:\archivos de programa\eMule\Incoming\HTC by Invaser DI.zip
c:\archivos de programa\eMule\Incoming\HTC by Invaser.zip
c:\archivos de programa\eMule\Incoming\I Grow chronic Pot.avi
c:\archivos de programa\eMule\Incoming\Indiana_Jones_240x320_JAVA.jar
c:\archivos de programa\eMule\Incoming\Infinite.Dreams_Sky.Force.Reloaded_v1.00_S60v3_240x320.sis
c:\archivos de programa\eMule\Incoming\Jorge Cervantes - Marihuana en Exterior, Cultivo de Guerrilla (PDF-ESP).zip
c:\archivos de programa\eMule\Incoming\Jorge Cervantes - Marijuana Horticulture - The Indoor & Outdoor Medical Grower's Bible.pdf
c:\archivos de programa\eMule\Incoming\Jorge Cervantes - Ultimate Grow 2 [DVDRip].avi
c:\archivos de programa\eMule\Incoming\Jorge Cervantes - Ultimate Grow 3 [DVDRip].avi
c:\archivos de programa\eMule\Incoming\Jorge Cervantes - Ultimate Grow Dvd (Cannabis, Hemp, Marihuana, Marijuana, Pot).avi
c:\archivos de programa\eMule\Incoming\jorge cervantes cannabis manual-spanish.pdf
c:\archivos de programa\eMule\Incoming\Jorge_Cervantes_-_ULTIMATE_GROW_DVD-Parte4-PtBr.avi
c:\archivos de programa\eMule\Incoming\Kane.And.Lynch.Dead.Men.240x320.v1.0.21.S60v3.J2ME.Retail-BiNPDA.jar
c:\archivos de programa\eMule\Incoming\Konami.Silent.Hill.v0.1.0.S60v3.N95.J2ME.Retail-BiNPDA.jar
c:\archivos de programa\eMule\Incoming\KONAMI_SilentHill_2_(240x320).jar
c:\archivos de programa\eMule\Incoming\Lavasoft AdAware Anniversary Edition Pro 2009.rar
c:\archivos de programa\eMule\Incoming\Lego Racers J2ME v1.2.8 (240x320).jar
c:\archivos de programa\eMule\Incoming\Leisure Suit Larry Bikini Beach Volley 240x320 J2me.jar
c:\archivos de programa\eMule\Incoming\Lemmings-j2me-samsung-(240x320).jar
c:\archivos de programa\eMule\Incoming\LemonQuest.Indovina.Chi.240x320.v1.0.S60v3.J2ME.Retail.zip
c:\archivos de programa\eMule\Incoming\Les Conards French Jackass 240x320 J2me.jar
c:\archivos de programa\eMule\Incoming\Lightning.Warrior.Raidy-FAS (Razor73).zip
c:\archivos de programa\eMule\Incoming\LULOWIN 2006.rar
c:\archivos de programa\eMule\Incoming\Madagascar_-_Going_Wild_240x320.jar
c:\archivos de programa\eMule\Incoming\manual_netcat_castellano_by_kliber.zip
c:\archivos de programa\eMule\Incoming\Marc Collins - Sexy Virgins (240x320)-91275.jar
c:\archivos de programa\eMule\Incoming\Metal Gear Acid Mobile (240x320)-67074.jar
c:\archivos de programa\eMule\Incoming\Metal Gear Solid Mobile 3D 240x320 Java.jar
c:\archivos de programa\eMule\Incoming\Metal_Slug_Mobile_Impact_240x320.jar
c:\archivos de programa\eMule\Incoming\Micro Gold Rush-j2Me-Samsung-(240x320).jar
c:\archivos de programa\eMule\Incoming\Microforum.Super.Taxi.Driver.240x320.S60v3.J2ME.jar
c:\archivos de programa\eMule\Incoming\Microsoft.Office.Project.Professional.2007.v12.0.4518.1014-DVT.zip
c:\archivos de programa\eMule\Incoming\Might And Magic 2(240x320).jar
c:\archivos de programa\eMule\Incoming\Million_Dollar_Poker_240x320_ITA.jar
c:\archivos de programa\eMule\Incoming\Mini Golf Castles 3D (240x320)-61037.jar
c:\archivos de programa\eMule\Incoming\Mobile Office 240x320.jar
c:\archivos de programa\eMule\Incoming\Monopoly Tycoon 2007 240x320 j2Me.jar
c:\archivos de programa\eMule\Incoming\Mortal_Kombat_3D_Mobile_MOD_240x320.jar
c:\archivos de programa\eMule\Incoming\Mr Mahjong 2 s60v3 240x320 (Nokia 6120 Classic Ita).jar
c:\archivos de programa\eMule\Incoming\music_revolution_240x320.jar
c:\archivos de programa\eMule\Incoming\muvrox_nude_240x320_nokia.jar
c:\archivos de programa\eMule\Incoming\My_Sims_240x320_español.jar
c:\archivos de programa\eMule\Incoming\Namco Ridge Racer v1.0.3 240x320 Nokia n92 n93 n73 e61 n71 e50.jar
c:\archivos de programa\eMule\Incoming\Nashville Pussy - 12 - Fried Chicken And Coffee.mp3
c:\archivos de programa\eMule\Incoming\Nashville Pussy - Fried Chicken And Coffee.mp3
c:\archivos de programa\eMule\Incoming\New_York_Nights-Success_In_The_City-j2me-samsung-(240x320).jar
c:\archivos de programa\eMule\Incoming\Nodlogin v9.9B-Ulisessoft.rar
c:\archivos de programa\eMule\Incoming\Nokia E65 CAPCOM.Lost.Planet.Trag.Zero.240x320.v1.00.S60v3.J2ME.Retail-BiNPDA.jar
c:\archivos de programa\eMule\Incoming\Nokia E65 GameHouse.InSpheration.240x320.v1.0.9.S60v3.J2ME.Retail-BiNPDA.jar
c:\archivos de programa\eMule\Incoming\Nokia E65 Gameloft Sexy Blocks Cancun Vibes 240x320 Se j2Me.jar
c:\archivos de programa\eMule\Incoming\Nokia E65 Indiagames Sexy Pool 240x320 J2me 3D.jar
c:\archivos de programa\eMule\Incoming\Nokia e65 The Simpsons 240x320.jar
c:\archivos de programa\eMule\Incoming\Nokia E65 THQ_Worms_New_Edition_240x320_J2me.jar
c:\archivos de programa\eMule\Incoming\Nokia E65 Vivendi Games Office Wars 240x320 v0.3.7 s60v3 j2Me Retail-Binpda.jar
c:\archivos de programa\eMule\Incoming\Nokia_E65_Dots_Blue_240x320.sisx
c:\archivos de programa\eMule\Incoming\Nokia_E65_Dots_Grey_v2_240x320.sisx
c:\archivos de programa\eMule\Incoming\Nuclear Assault - 02 - Brainwashed.mp3
c:\archivos de programa\eMule\Incoming\Nuclear Assault - Brain Death.mp3
c:\archivos de programa\eMule\Incoming\Nuclear Assault - Handle With Care - 02 - Critical Mass.mp3
c:\archivos de programa\eMule\Incoming\Orcs & Elves II 240x320.jar
c:\archivos de programa\eMule\Incoming\Outland 3D 240x320.jar
c:\archivos de programa\eMule\Incoming\Pang3 240x320.jar
c:\archivos de programa\eMule\Incoming\Parapente_ Manual de Vuelo Libre _ver1_0.pdf
c:\archivos de programa\eMule\Incoming\PC Gamer - Holiday 2008 (no. 182).pdf
c:\archivos de programa\eMule\Incoming\Pearl Harbor Sky Conquerors 240x320.jar
c:\archivos de programa\eMule\Incoming\Peggle Nights Mobile 240x320.jar
c:\archivos de programa\eMule\Incoming\Platinum Solitaire 240x320.jar
c:\archivos de programa\eMule\Incoming\Platinum.Mahjong.240x320.v1.1.0.Italian.S60v3.J2ME.Retail.jar
c:\archivos de programa\eMule\Incoming\Playman Summer Games 3 (240x320).jar
c:\archivos de programa\eMule\Incoming\Pro Golf 2007 feat. Vijay Singh J2ME 240X320 Nokia N92 N93 N73 E61 N71 E50.jar
c:\archivos de programa\eMule\Incoming\Project Gotham Racing (240x320).jar
c:\archivos de programa\eMule\Incoming\Pyramid Bloxx 240x320.jar
c:\archivos de programa\eMule\Incoming\quickoffice.adobe.reader.le.v2.5.s60v3.symbianos9.1.unsigned.cracked-binpda.signed.sis
c:\archivos de programa\eMule\Incoming\Quien Es Quien 240x320 (Multi-4).jar
c:\archivos de programa\eMule\Incoming\Race_Driver_Grid_240x320.zip
c:\archivos de programa\eMule\Incoming\Ready_Set_Grow_2 (High Times Hydroponic Marijuana Growing).avi
c:\archivos de programa\eMule\Incoming\RonyaSoft.ProPoster.v2.02.06.WinAll.Incl.Keygen-CRD.rar
c:\archivos de programa\eMule\Incoming\Sacred Reich - 01 - Surf Nicaragua.mp3
c:\archivos de programa\eMule\Incoming\Saints Row (240x320)-15252.jar
c:\archivos de programa\eMule\Incoming\saintstone_knights_legend_240x320.jar
c:\archivos de programa\eMule\Incoming\sakura_240x320.swf
c:\archivos de programa\eMule\Incoming\Sega Wonderboy v1.0 (240x320) Nokia N92 N93 N73 E61 N71 E50.jar
c:\archivos de programa\eMule\Incoming\Sega.Mobile.The.Golden.Compass.v1.0.0.240x320.S40v3.J2Me.Retail-NOKiApDA.jar
c:\archivos de programa\eMule\Incoming\Sentido Comun_240x320_S60v3.jar
c:\archivos de programa\eMule\Incoming\Sex Snow Maiden ENG nokia n95 240x320.jar
c:\archivos de programa\eMule\Incoming\SEXIX 240x320 by UNIVERSO SYMBIAN.jar
c:\archivos de programa\eMule\Incoming\Sexy Snake 2 Stefanie 240x320.jar
c:\archivos de programa\eMule\Incoming\Shadowalker_240x320_multilanguage.jar
c:\archivos de programa\eMule\Incoming\SimCity_Metropolis_SE_240x320_by_kriker.jar
c:\archivos de programa\eMule\Incoming\Slayer - 03 - Spirit In Black.mp3
c:\archivos de programa\eMule\Incoming\Slayer - Angel Of Death.mp3
c:\archivos de programa\eMule\Incoming\Slayer - Raining blood.mp3
c:\archivos de programa\eMule\Incoming\SmartSound - Across Borders Pro.iso
c:\archivos de programa\eMule\Incoming\Smartsound - Classic Rock 44k (1062).iso
c:\archivos de programa\eMule\Incoming\Smartsound - Inspirational Guitar 44K.rar
c:\archivos de programa\eMule\Incoming\Smartsound - Scoring Essentials 22k & 44k (2174).iso
c:\archivos de programa\eMule\Incoming\Smartsound Codes.txt
c:\archivos de programa\eMule\Incoming\Smartsound Collection - (69) Power Surge - 44k.iso
c:\archivos de programa\eMule\Incoming\Smartsound Collection - Maximum_Action.iso
c:\archivos de programa\eMule\Incoming\Smartsound Collection - PS06 Driving.iso
c:\archivos de programa\eMule\Incoming\Smartsound Collection - PS19 Mystery.iso
c:\archivos de programa\eMule\Incoming\Smartsound Edge 02 - Rap Rock 44K (8174).iso
c:\archivos de programa\eMule\Incoming\SmartSound.Sonicfire.Pro.4.5.Network.Edition.KeyGen-HAZE.rar
c:\archivos de programa\eMule\Incoming\Snowed.in.6.Deep.Freeze.240x320.v1.00.S60v3.SymbianOS9.1.Cracked-BiNPDA.sis
c:\archivos de programa\eMule\Incoming\South Park Imaginationland (240x320)-145430.jar
c:\archivos de programa\eMule\Incoming\Spitfire Squadron - Battle Of Britain (240x320)-59275.jar
c:\archivos de programa\eMule\Incoming\Stalker_Mobile_240x320.jar
c:\archivos de programa\eMule\Incoming\Star.Wars.The.Empire.Strikes.Back.240x320 Nokia N73.jar
c:\archivos de programa\eMule\Incoming\Super Monkey Ball Tip 'N Tilt 240x320.jar
c:\archivos de programa\eMule\Incoming\Super Puzzle Bobble 240x320 Nokia N92 N93 N73 E61 N71 E50.jar
c:\archivos de programa\eMule\Incoming\SuperCollapse S60V3_n95_ 240x320.jar
c:\archivos de programa\eMule\Incoming\The Apperentice 240x320 J2me.jar
c:\archivos de programa\eMule\Incoming\The Doors - Paint It Black (Tour of Duty Theme, Full Metal J.mp3
c:\archivos de programa\eMule\Incoming\The Oregon Trail (240x320).jar
c:\archivos de programa\eMule\Incoming\The Sims 2 Castaway - 240x320 N95.jar
c:\archivos de programa\eMule\Incoming\The Sims 2 Castaway 240x320.jar
c:\archivos de programa\eMule\Incoming\The Sims Pool 240x320.zip
c:\archivos de programa\eMule\Incoming\The.Incredible.Machine.240x320.zip
c:\archivos de programa\eMule\Incoming\TheClub_240x320.jar
c:\archivos de programa\eMule\Incoming\Thermal Flying Wing (TFW).pdf
c:\archivos de programa\eMule\Incoming\THQ 3D Interceptor 240x320.jar
c:\archivos de programa\eMule\Incoming\THQ Wireless Star Wars Battle Above Coruscant 240x320.jar
c:\archivos de programa\eMule\Incoming\THQ.Wireless.Rafa.Nadal.Tennis.240x320.v1.0.6.S60v3.J2ME.Retail-BiNPDA.jar
c:\archivos de programa\eMule\Incoming\THQ.Wireless.WWE.Smackdown.VS.RAW.2008.240x320..jar
c:\archivos de programa\eMule\Incoming\Thumbs.db
c:\archivos de programa\eMule\Incoming\Tiger Woods Pga Tour 2007 (240x320)-16557.jar
c:\archivos de programa\eMule\Incoming\Tips Para Pilotos Nuevos De Parapente.pdf
c:\archivos de programa\eMule\Incoming\TLF-SOFT-SmartSound.Producer.Series.v.17.Business.Focus.Vitality.SCD-BNT.bin
c:\archivos de programa\eMule\Incoming\TLF-SOFT-SmartSound.Producer.Series.v.17.Business.Focus.Vitality.SCD-BNT.cue
c:\archivos de programa\eMule\Incoming\TLF-SOFT-SmartSound.Producer.Series.v.17.Business.Focus.Vitality.SCD-BNT.nfo
c:\archivos de programa\eMule\Incoming\Tomb_Raider_Underworld_240x320_k810.jar
c:\archivos de programa\eMule\Incoming\Tony Hawk's Downhill Jam 3D(240x320).jar
c:\archivos de programa\eMule\Incoming\TowerDefence_240x320.jar
c:\archivos de programa\eMule\Incoming\transformers-240x320.jar
c:\archivos de programa\eMule\Incoming\Trivial Pursuit Classic.240x320.Italian.S60v3.J2ME.Retail.zip
c:\archivos de programa\eMule\Incoming\Trivial_Pursuit-Music_Edition-j2me-samsung-(240x320).jar
c:\archivos de programa\eMule\Incoming\V-Rally 3D (240x320)-8983.jar
c:\archivos de programa\eMule\Incoming\Veer.Fancy.Photography.In.the.Garden.DVD-TSG.nfo
c:\archivos de programa\eMule\Incoming\Verysoft Nicelight v1.00 s60v3 Symbianos9.1 Cracked-Binpda Signed.sis
c:\archivos de programa\eMule\Incoming\ViVENDi CAESAR MULTiLANG v4.6.2.240x320.Symbian9.1.Modified.By.dotsis.jar
c:\archivos de programa\eMule\Incoming\Vivendi.Games.Caesar.240x320.v0.4.6.S60v3.J2ME.Retail-BiNPDA.jar
c:\archivos de programa\eMule\Incoming\Warplanes of the Luftwaffe - Combat aircraft of Hitler s Luftwaffe 1939-1945.pdf
c:\archivos de programa\eMule\Incoming\Wild.Mobile.SmartComGPS.v1.02c.S60.SymbianOS.Cracked-BiNPDA.sis
c:\archivos de programa\eMule\Incoming\Wildboyz Theme Song.mp3
c:\archivos de programa\eMule\Incoming\wolfenstein_rpg_240x320_s60v3.jar
c:\archivos de programa\eMule\Incoming\world-snooker-championship-2008-3d-240x320-n95.jar
c:\archivos de programa\eMule\Incoming\XRayScanner_240x320_K800_Retail_Etty.jar
c:\archivos de programa\eMule\ipfilter.dat
c:\archivos de programa\eMule\Temp\001.part
c:\archivos de programa\eMule\Temp\001.part.met
c:\archivos de programa\eMule\Temp\001.part.met.bak
c:\archivos de programa\eMule\Temp\002.part
c:\archivos de programa\eMule\Temp\002.part.met
c:\archivos de programa\eMule\Temp\002.part.met.bak
c:\archivos de programa\eMule\Temp\003.part
c:\archivos de programa\eMule\Temp\003.part.met
c:\archivos de programa\eMule\Temp\003.part.met.bak
c:\archivos de programa\eMule\Temp\005.part
c:\archivos de programa\eMule\Temp\005.part.met
c:\archivos de programa\eMule\Temp\005.part.met.bak
c:\archivos de programa\eMule\Temp\006.part
c:\archivos de programa\eMule\Temp\006.part.met
c:\archivos de programa\eMule\Temp\006.part.met.bak
c:\archivos de programa\eMule\Temp\007.part
c:\archivos de programa\eMule\Temp\007.part.met
c:\archivos de programa\eMule\Temp\007.part.met.bak
c:\archivos de programa\eMule\Temp\008.part
c:\archivos de programa\eMule\Temp\008.part.met
c:\archivos de programa\eMule\Temp\008.part.met.bak
c:\archivos de programa\eMule\Temp\009.part
c:\archivos de programa\eMule\Temp\009.part.met
c:\archivos de programa\eMule\Temp\009.part.met.bak
c:\archivos de programa\eMule\Temp\010.part
c:\archivos de programa\eMule\Temp\010.part.met
c:\archivos de programa\eMule\Temp\010.part.met.bak
c:\archivos de programa\eMule\Thumbs.db
c:\documents and settings\All Users\Datos de programa\Azureus
c:\documents and settings\All Users\Datos de programa\Azureus\azCID.txt
c:\documents and settings\Kliber\Datos de programa\Azureus
c:\documents and settings\Kliber\Datos de programa\Azureus\.certs
c:\documents and settings\Kliber\Datos de programa\Azureus\.keystore
c:\documents and settings\Kliber\Datos de programa\Azureus\.lock
c:\documents and settings\Kliber\Datos de programa\Azureus\active\8F2577A41B2C62B1151A9308A5AC66747D14D9B1.dat
c:\documents and settings\Kliber\Datos de programa\Azureus\active\8F2577A41B2C62B1151A9308A5AC66747D14D9B1.dat.bak
c:\documents and settings\Kliber\Datos de programa\Azureus\active\943CDD7458D9BD4E3A2292D2DE5CCEE71836E1E8.dat
c:\documents and settings\Kliber\Datos de programa\Azureus\active\943CDD7458D9BD4E3A2292D2DE5CCEE71836E1E8.dat.bak
c:\documents and settings\Kliber\Datos de programa\Azureus\active\990F36CCC0616648F5433E0B6E663EA58A5C9F7E.dat
c:\documents and settings\Kliber\Datos de programa\Azureus\active\990F36CCC0616648F5433E0B6E663EA58A5C9F7E.dat.bak
c:\documents and settings\Kliber\Datos de programa\Azureus\active\9BD9A2EAA73466CD44907E956ECAA3D340D1C0E3.dat
c:\documents and settings\Kliber\Datos de programa\Azureus\active\9BD9A2EAA73466CD44907E956ECAA3D340D1C0E3.dat.bak
c:\documents and settings\Kliber\Datos de programa\Azureus\active\AF2B526327D0182DEB142E7F3259F9B03AE2C55D.dat
c:\documents and settings\Kliber\Datos de programa\Azureus\active\AF2B526327D0182DEB142E7F3259F9B03AE2C55D.dat.bak
c:\documents and settings\Kliber\Datos de programa\Azureus\active\cache.dat
c:\documents and settings\Kliber\Datos de programa\Azureus\active\E1642ECDC4C429EAAEFEEE48F58FF6951D257CE1.dat
c:\documents and settings\Kliber\Datos de programa\Azureus\active\E1642ECDC4C429EAAEFEEE48F58FF6951D257CE1.dat.bak
c:\documents and settings\Kliber\Datos de programa\Azureus\active\E6AAB3740D0FC4D0A057AE073F2C7A1CD1005C24.dat
c:\documents and settings\Kliber\Datos de programa\Azureus\active\E6AAB3740D0FC4D0A057AE073F2C7A1CD1005C24.dat.bak
c:\documents and settings\Kliber\Datos de programa\Azureus\azureus.config
c:\documents and settings\Kliber\Datos de programa\Azureus\azureus.config.bak
c:\documents and settings\Kliber\Datos de programa\Azureus\azureus.statistics
c:\documents and settings\Kliber\Datos de programa\Azureus\azureus.statistics.bak
c:\documents and settings\Kliber\Datos de programa\Azureus\banips.config
c:\documents and settings\Kliber\Datos de programa\Azureus\banips.config.bak
c:\documents and settings\Kliber\Datos de programa\Azureus\cnetworks.config
c:\documents and settings\Kliber\Datos de programa\Azureus\devices.config
c:\documents and settings\Kliber\Datos de programa\Azureus\devices.config.bak
c:\documents and settings\Kliber\Datos de programa\Azureus\dht\addresses.dat
c:\documents and settings\Kliber\Datos de programa\Azureus\dht\contacts.dat
c:\documents and settings\Kliber\Datos de programa\Azureus\dht\diverse.dat
c:\documents and settings\Kliber\Datos de programa\Azureus\dht\general.dat
c:\documents and settings\Kliber\Datos de programa\Azureus\dht\version.dat
c:\documents and settings\Kliber\Datos de programa\Azureus\downloads.config
c:\documents and settings\Kliber\Datos de programa\Azureus\downloads.config.bak
c:\documents and settings\Kliber\Datos de programa\Azureus\filters.config
c:\documents and settings\Kliber\Datos de programa\Azureus\friends.config
c:\documents and settings\Kliber\Datos de programa\Azureus\friends.config.bak
c:\documents and settings\Kliber\Datos de programa\Azureus\ipfilter.cache
c:\documents and settings\Kliber\Datos de programa\Azureus\logs\alerts_1.log
c:\documents and settings\Kliber\Datos de programa\Azureus\logs\AutoSpeedSearchHistory_1.log
c:\documents and settings\Kliber\Datos de programa\Azureus\logs\clientid_1.log
c:\documents and settings\Kliber\Datos de programa\Azureus\logs\CNetworks_1.log
c:\documents and settings\Kliber\Datos de programa\Azureus\logs\debug_1.log
c:\documents and settings\Kliber\Datos de programa\Azureus\logs\debug_2.log
c:\documents and settings\Kliber\Datos de programa\Azureus\logs\Devices_1.log
c:\documents and settings\Kliber\Datos de programa\Azureus\logs\Friends_1.log
c:\documents and settings\Kliber\Datos de programa\Azureus\logs\Friends_2.log
c:\documents and settings\Kliber\Datos de programa\Azureus\logs\MetaSearch_1.log
c:\documents and settings\Kliber\Datos de programa\Azureus\logs\MetaSearch_2.log
c:\documents and settings\Kliber\Datos de programa\Azureus\logs\MetaSearch_Engine_2729675646.txt
c:\documents and settings\Kliber\Datos de programa\Azureus\logs\MetaSearch_Engine_3.txt
c:\documents and settings\Kliber\Datos de programa\Azureus\logs\MetaSearch_Engine_4.txt
c:\documents and settings\Kliber\Datos de programa\Azureus\logs\MetaSearch_Engine_5.txt
c:\documents and settings\Kliber\Datos de programa\Azureus\logs\NetStatus_1.log
c:\documents and settings\Kliber\Datos de programa\Azureus\logs\seltrace_1.log
c:\documents and settings\Kliber\Datos de programa\Azureus\logs\Subscriptions_1.log
c:\documents and settings\Kliber\Datos de programa\Azureus\logs\thread_1.log
c:\documents and settings\Kliber\Datos de programa\Azureus\logs\thread_2.log
c:\documents and settings\Kliber\Datos de programa\Azureus\logs\v3.ads_1.log
c:\documents and settings\Kliber\Datos de programa\Azureus\logs\v3.CMsgr_1.log
c:\documents and settings\Kliber\Datos de programa\Azureus\logs\v3.emp_1.log
c:\documents and settings\Kliber\Datos de programa\Azureus\logs\v3.Friends_1.log
c:\documents and settings\Kliber\Datos de programa\Azureus\logs\v3.Friends_2.log
c:\documents and settings\Kliber\Datos de programa\Azureus\logs\v3.PMsgr_1.log
c:\documents and settings\Kliber\Datos de programa\Azureus\logs\v3.Stream_1.log
c:\documents and settings\Kliber\Datos de programa\Azureus\metasearch.config
c:\documents and settings\Kliber\Datos de programa\Azureus\metasearch.config.bak
c:\documents and settings\Kliber\Datos de programa\Azureus\net\pm_8048.dat
c:\documents and settings\Kliber\Datos de programa\Azureus\net\pm_default.dat
c:\documents and settings\Kliber\Datos de programa\Azureus\plugins\azupnpav\cd.dat
c:\documents and settings\Kliber\Datos de programa\Azureus\sidebarauto.config
c:\documents and settings\Kliber\Datos de programa\Azureus\sidebarauto.config.bak
c:\documents and settings\Kliber\Datos de programa\Azureus\subs\11159639D1A511C13ADF.vuze
c:\documents and settings\Kliber\Datos de programa\Azureus\subs\21B6F154E1FA75E4DF0A.vuze
c:\documents and settings\Kliber\Datos de programa\Azureus\subs\3DD4ECBF76D343BDD9E7.vuze
c:\documents and settings\Kliber\Datos de programa\Azureus\subs\5AD4E804B48F5F905AEC.vuze
c:\documents and settings\Kliber\Datos de programa\Azureus\subs\870331F6457575947DB6.vuze
c:\documents and settings\Kliber\Datos de programa\Azureus\subs\97FD078876FD4950C3AB.vuze
c:\documents and settings\Kliber\Datos de programa\Azureus\subs\A57341AB2AA7A98D5F19.vuze
c:\documents and settings\Kliber\Datos de programa\Azureus\subs\A5D4F0797640D9B29FAC.vuze
c:\documents and settings\Kliber\Datos de programa\Azureus\subs\CEA06BACAA04C3DAA925.results
c:\documents and settings\Kliber\Datos de programa\Azureus\subs\CEA06BACAA04C3DAA925.vuze
c:\documents and settings\Kliber\Datos de programa\Azureus\subs\CEA06BACAA04C3DAA925.vuze.3
c:\documents and settings\Kliber\Datos de programa\Azureus\subscriptions.config
c:\documents and settings\Kliber\Datos de programa\Azureus\subscriptions.config.bak
c:\documents and settings\Kliber\Datos de programa\Azureus\tables.config
c:\documents and settings\Kliber\Datos de programa\Azureus\tables.config.bak
c:\documents and settings\Kliber\Datos de programa\Azureus\timingstats.dat
c:\documents and settings\Kliber\Datos de programa\Azureus\tmp\AZU1003282441552593757.tmp
c:\documents and settings\Kliber\Datos de programa\Azureus\tmp\AZU2728781540527464742.tmp
c:\documents and settings\Kliber\Datos de programa\Azureus\tmp\AZU3929973370801122235.tmp
c:\documents and settings\Kliber\Datos de programa\Azureus\tmp\AZU4255822548711950303.tmp
c:\documents and settings\Kliber\Datos de programa\Azureus\tmp\AZU6202921875212230263.tmp
c:\documents and settings\Kliber\Datos de programa\Azureus\tmp\AZU636689197112886446.tmp
c:\documents and settings\Kliber\Datos de programa\Azureus\tmp\AZU6712199784624824941.tmp
c:\documents and settings\Kliber\Datos de programa\Azureus\tmp\AZU6835764447761059200.tmp
c:\documents and settings\Kliber\Datos de programa\Azureus\tmp\AZU8598871609942886174.tmp
c:\documents and settings\Kliber\Datos de programa\Azureus\torrents\[PSP]_Medal_of_Honor__Heroes_[ISO].4646265.TPB.torrent
c:\documents and settings\Kliber\Datos de programa\Azureus\torrents\_Never.Ending.Thermal.2004.COMPLETE.NTSC.DVDR-TWS.4574509.TPB.torrent
c:\documents and settings\Kliber\Datos de programa\Azureus\torrents\_Paragliding.Playground.NTSC.COMPLETE.DVDR-LEECHED.3924269.TPB.torrent
c:\documents and settings\Kliber\Datos de programa\Azureus\torrents\High_Times_-_May_2009-AlienBooks.pdf.4889201.TPB.torrent
c:\documents and settings\Kliber\Datos de programa\Azureus\torrents\N70_Apps_Mobile_Softwares_Symbian.4046450.TPB.torrent
c:\documents and settings\Kliber\Datos de programa\Azureus\torrents\Never.Ending.Thermal.2004.COMPLETE.NTSC.DVDR-TWS.4574509.TPB.torrent
c:\documents and settings\Kliber\Datos de programa\Azureus\torrents\Paragliding.Playground.NTSC.COMPLETE.DVDR-LEECHED.3924269.TPB.torrent
c:\documents and settings\Kliber\Datos de programa\Azureus\torrents\playgravity.4574853.TPB[1].torrent
c:\documents and settings\Kliber\Datos de programa\Azureus\torrents\PSP.Game.LocoRoco2.USA_FULL_Multi.WwW.fantastico.CL.4734214.TPB.torrent
c:\documents and settings\Kliber\Datos de programa\Azureus\torrents\Ski_To_The_Max.4549878.TPB.torrent
c:\documents and settings\Kliber\Datos de programa\Azureus\torrents\Superfumados.[2008][SPANiSH][DVDSCR][XViD].4563887.TPB.torrent
c:\documents and settings\Kliber\Datos de programa\Azureus\torrents\This_is_the_Sea_(PAL)_.iso.4159114.TPB.torrent
c:\documents and settings\Kliber\Datos de programa\Azureus\torrents\Vietnam_War_music_1959-1975.4098853.TPB.torrent
c:\documents and settings\Kliber\Datos de programa\Azureus\tracker.config
c:\documents and settings\Kliber\Datos de programa\Azureus\tracker.config.bak
c:\documents and settings\Kliber\Datos de programa\Azureus\unsentdata.config
c:\documents and settings\Kliber\Datos de programa\Azureus\unsentdata.config.bak
c:\documents and settings\Kliber\Datos de programa\Azureus\v3.Friends.dat
c:\documents and settings\Kliber\Datos de programa\Azureus\v3.Friends.dat.bak
c:\documents and settings\Kliber\Datos de programa\Azureus\VuzeActivities.config
c:\documents and settings\Kliber\Datos de programa\Azureus\VuzeActivities.config.bak
.
((((((((((((((((((((((((( Files Created from 2009-06-07 to 2009-07-07 )))))))))))))))))))))))))))))))
.
2009-06-30 22:37 . 2009-06-30 22:37 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-06-30 01:44 . 2009-06-30 01:45 -------- d-----w- c:\archivos de programa\Recuva
2009-06-29 23:38 . 2009-06-29 23:41 -------- d-----w- c:\documents and settings\All Users\Datos de programa\BitDefender
2009-06-29 23:19 . 2009-06-29 23:38 -------- d-----w- c:\archivos de programa\Archivos comunes\BitDefender
2009-06-24 02:19 . 2009-06-24 02:19 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-06-17 19:36 . 2009-06-17 19:36 -------- d-sh--w- c:\documents and settings\Kliber\IECompatCache
2009-06-17 19:35 . 2009-06-17 19:35 -------- d-sh--w- c:\documents and settings\Kliber\PrivacIE
2009-06-17 19:34 . 2009-06-17 19:34 -------- d-sh--w- c:\documents and settings\Kliber\IETldCache
2009-06-17 19:29 . 2009-06-17 19:29 -------- d-----w- c:\windows\ie8updates
2009-06-17 19:26 . 2009-06-17 19:27 -------- dc-h--w- c:\windows\ie8
2009-06-17 18:48 . 2009-06-17 19:30 -------- d--h--w- c:\windows\msdownld.tmp
2009-06-17 18:46 . 2009-04-30 21:14 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-06-17 18:46 . 2009-04-30 21:14 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-06-17 18:44 . 2009-05-12 05:11 102912 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-06-10 15:02 . 2008-08-26 14:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2009-06-10 15:01 . 2009-06-10 15:01 -------- d-----w- c:\archivos de programa\PC Connectivity Solution
2009-06-10 15:00 . 2009-02-09 11:37 7808 ----a-w- c:\windows\system32\drivers\usbser_lowerfltj.sys
2009-06-10 15:00 . 2009-02-09 11:37 7808 ----a-w- c:\windows\system32\drivers\usbser_lowerflt.sys
2009-06-10 15:00 . 2009-02-09 11:37 22016 ----a-w- c:\windows\system32\drivers\ccdcmbo.sys
2009-06-10 15:00 . 2009-02-09 11:37 659968 ----a-w- c:\windows\system32\nmwcdcocls.dll
2009-06-10 15:00 . 2009-02-09 11:37 17664 ----a-w- c:\windows\system32\drivers\ccdcmb.sys
2009-06-10 15:00 . 2009-02-09 11:32 1112288 ----a-w- c:\windows\system32\wdfcoinstaller01007.dll
2009-06-10 14:59 . 2009-06-10 14:47 34348464 ----a-w- c:\documents and settings\All Users\Datos de programa\Installations\{AC4E9457-107B-448F-AD89-605E122E8C59}\Nokia_PC_Suite_7_1_26_1_eng_web.exe
2009-06-10 14:58 . 2009-06-10 14:58 8192 ----a-w- c:\documents and settings\All Users\Datos de programa\Installations\{AC4E9457-107B-448F-AD89-605E122E8C59}\Installer\CommonCustomActions\UninstCCD.exe
2009-06-10 14:58 . 2009-06-10 14:58 61440 ----a-w- c:\documents and settings\All Users\Datos de programa\Installations\{AC4E9457-107B-448F-AD89-605E122E8C59}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2009-06-10 14:58 . 2009-06-10 14:58 10240 ----a-w- c:\documents and settings\All Users\Datos de programa\Installations\{AC4E9457-107B-448F-AD89-605E122E8C59}\Installer\CommonCustomActions\UninstPCS.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-07 03:00 . 2008-06-18 17:49 -------- d-----w- c:\documents and settings\All Users\Datos de programa\Google Updater
2009-07-06 19:57 . 2009-06-30 22:59 81984 ----a-w- c:\windows\system32\bdod.bin
2009-07-01 18:00 . 2008-07-23 00:46 -------- d-----w- c:\archivos de programa\Eset
2009-06-29 22:02 . 2008-09-07 00:14 -------- d-----w- c:\archivos de programa\Malwarebytes' Anti-Malware
2009-06-29 00:59 . 2008-08-07 15:28 -------- d-----w- c:\documents and settings\Kliber\Datos de programa\Vso
2009-06-17 15:27 . 2008-09-07 00:14 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-17 15:27 . 2008-09-07 00:14 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-15 01:43 . 2008-04-01 02:04 -------- d-----w- c:\documents and settings\All Users\Datos de programa\Microsoft Help
2009-06-10 16:10 . 2007-09-30 06:31 -------- d-----w- c:\documents and settings\Kliber\Datos de programa\Nokia
2009-06-10 15:36 . 2007-09-30 06:30 -------- d-----w- c:\documents and settings\Kliber\Datos de programa\PC Suite
2009-06-10 15:25 . 2007-09-30 06:30 -------- d-----w- c:\archivos de programa\Nokia
2009-06-10 15:24 . 2008-12-02 17:19 -------- d-----w- c:\documents and settings\All Users\Datos de programa\Nokia
2009-06-10 15:02 . 2007-09-30 06:30 -------- d-----w- c:\archivos de programa\Archivos comunes\PCSuite
2009-06-10 15:02 . 2007-09-30 06:30 -------- d-----w- c:\archivos de programa\Archivos comunes\Nokia
2009-06-10 14:58 . 2008-12-02 17:15 -------- d-----w- c:\documents and settings\All Users\Datos de programa\Installations
2009-05-28 22:01 . 2009-05-28 22:01 -------- d-----w- c:\documents and settings\Kliber\Datos de programa\ESET
2009-05-28 21:59 . 2009-05-28 21:59 -------- d-----w- c:\documents and settings\All Users\Datos de programa\ESET
2009-05-13 05:04 . 2006-03-20 17:48 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-11 22:50 . 2008-03-13 21:43 -------- d-----w- c:\documents and settings\Kliber\Datos de programa\Corel
2009-05-11 22:50 . 2008-03-13 21:39 -------- d-----w- c:\documents and settings\All Users\Datos de programa\Corel
2009-05-11 22:43 . 2009-04-21 14:24 -------- d-----w- c:\archivos de programa\Zylom Games
2009-05-11 22:42 . 2008-09-06 23:40 -------- d-----w- c:\archivos de programa\Java
2009-05-11 22:41 . 2009-04-21 20:44 -------- d-----w- c:\archivos de programa\Motorola Tools
2009-05-07 15:33 . 2004-08-19 13:42 347648 ----a-w- c:\windows\system32\localspl.dll
2009-04-19 19:50 . 2006-03-20 17:47 1847296 ----a-w- c:\windows\system32\win32k.sys
2009-04-19 02:22 . 2002-09-24 12:00 86836 ----a-w- c:\windows\system32\perfc00A.dat
2009-04-19 02:22 . 2002-09-24 12:00 499018 ----a-w- c:\windows\system32\perfh00A.dat
2009-04-15 14:54 . 2004-08-19 13:42 585216 ----a-w- c:\windows\system32\rpcrt4.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-07-06_17.45.09 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-07 13:16 . 2009-07-07 13:16 16384 c:\windows\temp\Perflib_Perfdata_6d8.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"swg"="c:\archivos de programa\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-06 68856]
"msnmsgr"="c:\archivos de programa\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
"GrooveMonitor"="c:\archivos de programa\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"RemoteControl"="c:\archivos de programa\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]
"LanguageShortcut"="c:\archivos de programa\CyberLink\PowerDVD\Language\Language.exe" [2006-12-06 54832]
"InstantBurn"="c:\archiv~1\CYBERL~1\INSTAN~1\Win2K\IBurn.exe" [2006-12-21 589824]
"TkBellExe"="c:\archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe" [2007-10-26 185632]
"SunJavaUpdateSched"="c:\archivos de programa\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-10-22 1622016]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\winlogon]
"Shell"="Explorer.exe, c:\archivos de programa\Microsoft Office\OFFICE11\services.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Acha.exe]
"Debugger"=cmd.exe /c del
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AmyMastura.exe]
"Debugger"=cmd.exe /c del
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\BabyRina.exe]
"Debugger"=cmd.exe /c del
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cscript.exe]
"Debugger"=rundll32.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\csrsz.exe]
"Debugger"=cmd.exe /c del
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\lsasc.exe]
"Debugger"=cmd.exe /c del
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\registry.exe]
"Debugger"=cmd.exe /c del
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SMSSS.exe]
"Debugger"=cmd.exe /c del
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\wscript.exe]
"Debugger"=rundll32.exe
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menú Inicio^Programas^Inicio^Ralink Wireless Utility.lnk]
path=c:\documents and settings\All Users\Menú Inicio\Programas\Inicio\Ralink Wireless Utility.lnk
backup=c:\windows\pss\Ralink Wireless Utility.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Kliber^Menú Inicio^Programas^Inicio^Recorte de pantalla e Inicio rápido de OneNote 2007.lnk]
path=c:\documents and settings\Kliber\Menú Inicio\Programas\Inicio\Recorte de pantalla e Inicio rápido de OneNote 2007.lnk
backup=c:\windows\pss\Recorte de pantalla e Inicio rápido de OneNote 2007.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Kliber^Menú Inicio^Programas^Inicio^Registration Myst V]
path=c:\documents and settings\Kliber\Menú Inicio\Programas\Inicio\Registration Myst V
backup=c:\windows\pss\Registration Myst VStartup
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Archivos de programa\\Bonjour\\mDNSResponder.exe"=
"c:\\Archivos de programa\\Archivos comunes\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"d:\\Archivos de programa\\Wolfenstein - Enemy Territory\\ET.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"d:\\Archivos de programa\\SmartFTP\\SmartFTP.exe"=
"c:\\Archivos de programa\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Archivos de programa\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Archivos de programa\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Archivos de programa\\CyberLink\\PowerDirector\\PDR.exe"=
"c:\\Archivos de programa\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Archivos de programa\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Archivos de programa\\Archivos comunes\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Archivos de programa\\Naviter\\SeeYou\\SeeYou.exe"=
"c:\\Archivos de programa\\Track-Album\\TrackAlbum.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server
R0 CLBStor;InstantBurn Storage Helper Driver;c:\windows\system32\drivers\CLBStor.sys [23/07/2007 12:46 10368]
R2 CLBUDF;CyberLink InstantBurn UDF Filesystem;c:\windows\system32\drivers\CLBUDF.sys [23/07/2007 12:46 153728]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [21/02/2009 11:18 55152]
S2 gupdate1c8d33df875e1c0;Google Update Service (gupdate1c8d33df875e1c0);c:\archivos de programa\Google\Update\GoogleUpdate.exe [16/07/2008 16:08 133104]
S3 fsssvc;Windows Live Protección Infantil;c:\archivos de programa\Windows Live\Family Safety\fsssvc.exe [06/02/2009 18:08 533360]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [30/07/2008 15:36 13352]
S3 KS-959;Kingsun KS-959 USB Infrared Adapter;c:\windows\system32\drivers\ks-959.sys [23/07/2005 00:17 19034]
S3 usb2vcom;USB Data Cable;c:\windows\system32\drivers\usb2vcom.sys [13/09/2007 22:39 29152]
.
Contents of the 'Scheduled Tasks' folder
2009-07-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\archivos de programa\Google\Update\GoogleUpdate.exe [2008-07-16 19:09]
2009-07-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\archivos de programa\Google\Update\GoogleUpdate.exe [2008-07-16 19:09]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xportar a Microsoft Excel - c:\archiv~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: banesconline.com\www
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.es/scan_es/scan8/oscan8.cab
DPF: {A9ED6AA2-D9D4-4D71-9586-E293E2E3580B} - hxxp://67.15.101.33/g_bin/eng/marbles_2_0_0_32.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game02.zylom.com/activex/zylomgamesplayer.cab
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-07 13:05
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:f0,2e,34,57,c9,5f,bb,19,f2,d2,bd,6d,06,b2,54,7d,66,4f,2a,44,88,
e6,b5,6e,aa,4b,fd,e6,fb,52,11,41,38,6b,db,af,5e,70,13,f5,cd,bf,78,d6,00,a4,\
[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:f0,2e,34,57,c9,5f,bb,19,f2,d2,bd,6d,06,b2,54,7d,66,4f,2a,44,88,
e6,b5,6e,aa,4b,fd,e6,fb,52,11,41,38,6b,db,af,5e,70,13,f5,cd,bf,78,d6,00,a4,\
.
Completion time: 2009-07-07 13:12
ComboFix-quarantined-files.txt 2009-07-07 17:12
ComboFix2.txt 2009-07-06 20:28
ComboFix3.txt 2009-07-06 17:56
ComboFix4.txt 2008-09-06 23:55
Pre-Run: 7,064,276,992 bytes libres
Post-Run: 7,031,808,000 bytes libres
Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
724 --- E O F --- 2009-06-15 01:44
Done the ATF cleaning, Thanks Blade, your help its really appreciated, regards
Kliber.
Kliber,
Since you seem to have Malwarebytes' Anti-Malware installed, please start it and update its definitions. Then run a full scan and let it quarantine all findings. Post back its report.
Hello Blade, it took a while but here its my mbam log:
Malwarebytes' Anti-Malware 1.38
Database version: 2399
Windows 5.1.2600 Service Pack 3
10/07/2009 10:13:54
mbam-log-2009-07-10 (10-13-54).txt
Scan type: Full Scan (C:\|D:\|E:\|)
Objects scanned: 576275
Time elapsed: 4 hour(s), 21 minute(s), 19 second(s)
Memory Processes Infected: 2
Memory Modules Infected: 0
Registry Keys Infected: 9
Registry Values Infected: 0
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 28
Memory Processes Infected:
C:\Archivos de programa\Microsoft Office\OFFICE11\services.exe (Trojan.Agent) -> Unloaded process successfully.
C:\Archivos de programa\Microsoft Office\OFFICE11\*WINWORD.EXE (Trojan.Agent) -> Unloaded process successfully.
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Acha.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AmyMastura.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\csrsz.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\registry.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wscript.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BabyRina.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cscript.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lsasc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SMSSS.exe (Security.Hijack) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Archivos de programa\Microsoft Office\OFFICE11\services.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Archivos de programa\Microsoft Office\OFFICE11\*WINWORD.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{fd0923be-a338-4659-b672-01e6bae8ccc3}\RP207\A0065904.com (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{fd0923be-a338-4659-b672-01e6bae8ccc3}\RP207\A0066943.com (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{fd0923be-a338-4659-b672-01e6bae8ccc3}\RP207\A0067927.com (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{fd0923be-a338-4659-b672-01e6bae8ccc3}\RP207\A0068927.com (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{fd0923be-a338-4659-b672-01e6bae8ccc3}\RP207\A0069927.com (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{fd0923be-a338-4659-b672-01e6bae8ccc3}\RP207\A0070929.com (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{fd0923be-a338-4659-b672-01e6bae8ccc3}\RP207\A0071935.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{fd0923be-a338-4659-b672-01e6bae8ccc3}\RP207\A0072931.com (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{fd0923be-a338-4659-b672-01e6bae8ccc3}\RP208\A0073931.com (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{fd0923be-a338-4659-b672-01e6bae8ccc3}\RP208\A0074941.com (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{fd0923be-a338-4659-b672-01e6bae8ccc3}\RP208\A0075941.com (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{fd0923be-a338-4659-b672-01e6bae8ccc3}\RP208\A0076384.com (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{fd0923be-a338-4659-b672-01e6bae8ccc3}\RP208\A0076865.com (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{fd0923be-a338-4659-b672-01e6bae8ccc3}\RP208\A0077865.com (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{fd0923be-a338-4659-b672-01e6bae8ccc3}\RP208\A0078865.com (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{fd0923be-a338-4659-b672-01e6bae8ccc3}\RP208\A0079865.com (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{fd0923be-a338-4659-b672-01e6bae8ccc3}\RP209\A0080239.com (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{fd0923be-a338-4659-b672-01e6bae8ccc3}\RP209\A0080332.com (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{fd0923be-a338-4659-b672-01e6bae8ccc3}\RP209\A0080348.com (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{fd0923be-a338-4659-b672-01e6bae8ccc3}\RP209\A0081343.com (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{fd0923be-a338-4659-b672-01e6bae8ccc3}\RP210\A0081776.com (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{fd0923be-a338-4659-b672-01e6bae8ccc3}\RP211\A0082774.com (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Kliber\menú inicio\programas\Inicio\Adobe Gamma Loader.com (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Archivos de programa\Microsoft Office\OFFICE11\PUB60SP.mrc (Backdoor.IRCBot) -> Quarantined and deleted successfully.
C:\Archivos de programa\Microsoft Office\OFFICE11\smss.exe (Backdoor.IRCBot) -> Quarantined and deleted successfully.
C:\Archivos de programa\Microsoft Office\OFFICE11\yofc.dll (Backdoor.IRCBot) -> Quarantined and deleted successfully.
I was right, that WINWORD.EXE procces was an infection; also give me the creeps that an IRC Bot open wide my PC and sat down in some IRC obscure channel waiting for someone with nothing more to do, thanks for your time Blade...
also give me the creeps that an IRC Bot open wide my PC and sat down in some IRC obscure channel waiting for someone with nothing more to do
Hi,
I recommend to change your online passwords that have been used from this system.
Please post a fresh dds.txt log and let me know how's the system running :)
Hi Blade!! are we done? :) here its my DDS log, my PC running smooth (thanks to you!); 49 procces running (too much I think) no more weird things happen, still have that little window in my desktop
DDS (Ver_09-06-26.01) - NTFSx86
Run by Kliber at 12:53:55.50 on 10/07/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1252.34.3082.18.511.85 [GMT -4:00]
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Archivos de programa\Bonjour\mDNSResponder.exe
C:\Archivos de programa\Archivos comunes\InterVideo\DeviceService\DevSvc.exe
C:\Documents and Settings\All Users\Datos de programa\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\Archivos de programa\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Archivos de programa\Java\jre6\bin\jqs.exe
C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Archivos de programa\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Archivos de programa\Microsoft Office\Office12\GrooveMonitor.exe
C:\Archivos de programa\CyberLink\PowerDVD\PDVDServ.exe
C:\ARCHIV~1\CYBERL~1\INSTAN~1\Win2K\IBurn.exe
C:\WINDOWS\system32\rundll32.exe
C:\Archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe
C:\Archivos de programa\Java\jre6\bin\jusched.exe
C:\Archivos de programa\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAL.EXE
C:\WINDOWS\system32\devldr32.exe
C:\Archivos de programa\Windows Live\Toolbar\wltuser.exe
C:\Archivos de programa\Google\Google Earth\googleearth.exe
C:\Archivos de programa\Internet Explorer\iexplore.exe
C:\Archivos de programa\Internet Explorer\iexplore.exe
C:\Archivos de programa\Internet Explorer\iexplore.exe
C:\Archivos de programa\Internet Explorer\iexplore.exe
C:\Archivos de programa\Internet Explorer\iexplore.exe
C:\Documents and Settings\Kliber\Escritorio\dds.scr
============== Pseudo HJT Report ===============
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uWinlogon: Shell=Explorer.exe, c:\archivos de programa\microsoft office\office11\services.exe
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - e:\archivos de programa\adobe\/Adobe Contribute CS3/contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\archivos de programa\archivos comunes\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\archiv~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\archivos de programa\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\archivos de programa\microsoft office\office12\GrooveShellExtensions.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\archivos de programa\java\jre6\bin\ssv.dll
BHO: Windows Live Aplicación auxiliar de inicio de sesión: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\archivos de programa\archivos comunes\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\archivos de programa\google\googletoolbarnotifier\5.0.926.3450\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\archivos de programa\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\archivos de programa\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\archivos de programa\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - e:\archivos de programa\adobe\/Adobe Contribute CS3/contributeieplugin.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\archivos de programa\windows live\toolbar\wltcore.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [swg] c:\archivos de programa\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [msnmsgr] "c:\archivos de programa\windows live\messenger\msnmsgr.exe" /background
uRun: [EPSON Stylus CX5600 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatical.exe /fu "c:\docume~1\kliber\config~1\temp\E_S1A.tmp" /EF "HKCU"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [GrooveMonitor] "c:\archivos de programa\microsoft office\office12\GrooveMonitor.exe"
mRun: [RemoteControl] "c:\archivos de programa\cyberlink\powerdvd\PDVDServ.exe"
mRun: [LanguageShortcut] "c:\archivos de programa\cyberlink\powerdvd\language\Language.exe"
mRun: [InstantBurn] c:\archiv~1\cyberl~1\instan~1\win2k\IBurn.exe
mRun: [Adobe_ID0EYTHM] c:\archiv~1\archiv~1\adobe\adobev~1\server\bin\VERSIO~2.EXE
mRun: [TkBellExe] "c:\archivos de programa\archivos comunes\real\update_ob\realsched.exe" -osboot
mRun: [SunJavaUpdateSched] "c:\archivos de programa\java\jre6\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\archivos de programa\adobe\reader 9.0\reader\Reader_sl.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
mPolicies-system: EnableLUA = 0 (0x0)
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xportar a Microsoft Excel - c:\archiv~1\micros~2\office12\EXCEL.EXE/3000
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\archivos de programa\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBC} - c:\archivos de programa\java\jre6\bin\jp2iexp.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\archivos de programa\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\archiv~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\archiv~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\archiv~1\spybot~1\SDHelper.dll
Trusted Zone: banesconline.com\www
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader5.cab
DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/ES-ES/a-UNO1/GAME_UNO1.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.es/scan_es/scan8/oscan8.cab
DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} - hxxp://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {A9ED6AA2-D9D4-4D71-9586-E293E2E3580B} - hxxp://67.15.101.33/g_bin/eng/marbles_2_0_0_32.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game02.zylom.com/activex/zylomgamesplayer.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\archivos de programa\microsoft office\office12\GrooveSystemServices.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\archivos de programa\microsoft office\office12\GrooveShellExtensions.dll
============= SERVICES / DRIVERS ===============
R0 CLBStor;InstantBurn Storage Helper Driver;c:\windows\system32\drivers\CLBStor.sys [2007-7-23 10368]
R2 CLBUDF;CyberLink InstantBurn UDF Filesystem;c:\windows\system32\drivers\CLBUDF.sys [2007-7-23 153728]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-2-21 55152]
R2 SeaPort;SeaPort;c:\archivos de programa\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-5-19 240512]
S2 gupdate1c8d33df875e1c0;Google Update Service (gupdate1c8d33df875e1c0);c:\archivos de programa\google\update\GoogleUpdate.exe [2008-7-16 133104]
S3 fsssvc;Windows Live Protección Infantil;c:\archivos de programa\windows live\family safety\fsssvc.exe [2009-2-6 533360]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2008-7-30 13352]
S3 KS-959;Kingsun KS-959 USB Infrared Adapter;c:\windows\system32\drivers\ks-959.sys [2005-7-23 19034]
S3 usb2vcom;USB Data Cable;c:\windows\system32\drivers\usb2vcom.sys [2007-9-13 29152]
S3 w200bus;Sony Ericsson W200 driver (WDM);c:\windows\system32\drivers\w200bus.sys [2008-1-23 61504]
S3 w200mdfl;Sony Ericsson W200 USB WMC Modem Filter;c:\windows\system32\drivers\w200mdfl.sys [2008-1-23 9328]
S3 w200mdm;Sony Ericsson W200 USB WMC Modem Driver;c:\windows\system32\drivers\w200mdm.sys [2008-1-23 97056]
S3 w200mgmt;Sony Ericsson W200 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\w200mgmt.sys [2008-1-23 88560]
S3 w200obex;Sony Ericsson W200 USB WMC OBEX Interface;c:\windows\system32\drivers\w200obex.sys [2008-1-23 86368]
=============== Created Last 30 ================
2009-07-06 13:48 <DIR> -cd----- c:\windows\system32\dllcache\cache
2009-07-06 13:26 161,792 a------- c:\windows\SWREG.exe
2009-07-06 13:26 155,136 a------- c:\windows\PEV.exe
2009-07-06 13:26 98,816 a------- c:\windows\sed.exe
2009-06-30 19:29 567 a------- c:\windows\system32\BDUpdateV1.xml
2009-06-30 18:59 81,984 a------- c:\windows\system32\bdod.bin
2009-06-29 19:38 <DIR> --d----- c:\docume~1\alluse~1\datosd~1\BitDefender
2009-06-29 19:19 <DIR> --d----- c:\archivos de programa\archivos comunes\BitDefender
2009-06-17 15:36 <DIR> --dsh--- c:\documents and settings\kliber\IECompatCache
2009-06-17 15:35 <DIR> --dsh--- c:\documents and settings\kliber\PrivacIE
2009-06-17 15:34 <DIR> --dsh--- c:\documents and settings\kliber\IETldCache
2009-06-17 15:29 <DIR> --d----- c:\windows\ie8updates
2009-06-17 15:26 <DIR> -cd-h--- c:\windows\ie8
2009-06-17 14:48 <DIR> --d-h--- c:\windows\msdownld.tmp
2009-06-17 14:46 12,800 -c------ c:\windows\system32\dllcache\xpshims.dll
2009-06-17 14:46 246,272 -c------ c:\windows\system32\dllcache\ieproxy.dll
2009-06-17 14:44 102,912 -c------ c:\windows\system32\dllcache\iecompat.dll
==================== Find3M ====================
2009-06-17 11:27 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-17 11:27 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-05-13 01:04 915,456 a------- c:\windows\system32\wininet.dll
2009-05-07 11:33 347,648 a------- c:\windows\system32\localspl.dll
2009-04-19 15:50 1,847,296 a------- c:\windows\system32\win32k.sys
2009-04-18 22:22 499,018 a------- c:\windows\system32\perfh00A.dat
2009-04-18 22:22 86,836 a------- c:\windows\system32\perfc00A.dat
2009-04-15 10:54 585,216 a------- c:\windows\system32\rpcrt4.dll
2009-02-14 12:19 2,828 a--sh--- c:\docume~1\alluse~1\datosd~1\KGyGaAvL.sys
2009-02-14 12:19 88 ---shr-- c:\docume~1\alluse~1\datosd~1\06EB96A50D.sys
2007-12-30 19:56 25,600 a------- c:\documents and settings\kliber\usbsermptxp.sys
2007-12-30 19:56 22,768 a------- c:\documents and settings\kliber\usbsermpt.sys
2007-11-29 18:38 22,328 a------- c:\docume~1\kliber\datosd~1\PnkBstrK.sys
2001-02-02 23:00 40,040 a------- c:\docume~1\kliber\datosd~1\wxnlz.dll
2008-08-20 13:36 32,768 a--sh--- c:\windows\system32\config\systemprofile\configuración local\historial\history.ie5\mshist012008082020080821\index.dat
============= FINISH: 12:54:42.93 ===============
Regards,
Kliber.
Hi,
Still something left.
Open notepad and copy/paste the text in the quotebox below into it:
File::
c:\archivos de programa\microsoft office\office11\services.exe
Registry::
[HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\winlogon]
"Shell"="Explorer.exe"
Reboot::
Save this as
CFScript
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.
http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log & a fresh dds.txt log.
Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.
Ok Blade, here:
ComboFix 09-07-09.08 - Kliber 10/07/2009 16:17.6.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.34.3082.18.511.306 [GMT -4:00]
Running from: c:\documents and settings\Kliber\Escritorio\ComboFix.exe
Command switches used :: c:\documents and settings\Kliber\Escritorio\CFScript.txt
FILE ::
"c:\archivos de programa\microsoft office\office11\services.exe"
.
((((((((((((((((((((((((( Files Created from 2009-06-10 to 2009-07-10 )))))))))))))))))))))))))))))))
.
2009-06-30 22:59 . 2009-07-06 19:57 81984 ----a-w- c:\windows\system32\bdod.bin
2009-06-30 22:37 . 2009-06-30 22:37 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-06-30 01:44 . 2009-06-30 01:45 -------- d-----w- c:\archivos de programa\Recuva
2009-06-29 23:38 . 2009-06-29 23:41 -------- d-----w- c:\documents and settings\All Users\Datos de programa\BitDefender
2009-06-29 23:19 . 2009-06-29 23:38 -------- d-----w- c:\archivos de programa\Archivos comunes\BitDefender
2009-06-24 02:19 . 2009-06-24 02:19 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-06-17 19:36 . 2009-06-17 19:36 -------- d-sh--w- c:\documents and settings\Kliber\IECompatCache
2009-06-17 19:35 . 2009-06-17 19:35 -------- d-sh--w- c:\documents and settings\Kliber\PrivacIE
2009-06-17 19:34 . 2009-06-17 19:34 -------- d-sh--w- c:\documents and settings\Kliber\IETldCache
2009-06-17 19:29 . 2009-06-17 19:29 -------- d-----w- c:\windows\ie8updates
2009-06-17 19:26 . 2009-06-17 19:27 -------- dc-h--w- c:\windows\ie8
2009-06-17 18:48 . 2009-06-17 19:30 -------- d--h--w- c:\windows\msdownld.tmp
2009-06-17 18:46 . 2009-04-30 21:14 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-06-17 18:46 . 2009-04-30 21:14 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-06-17 18:44 . 2009-05-12 05:11 102912 -c----w- c:\windows\system32\dllcache\iecompat.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-10 06:00 . 2008-06-18 17:49 -------- d-----w- c:\documents and settings\All Users\Datos de programa\Google Updater
2009-07-07 18:10 . 2007-06-09 19:38 -------- d-----w- c:\archivos de programa\Archivos comunes\Adobe
2009-07-07 17:49 . 2008-09-06 23:40 -------- d-----w- c:\archivos de programa\Java
2009-07-01 18:00 . 2008-07-23 00:46 -------- d-----w- c:\archivos de programa\Eset
2009-06-29 22:02 . 2008-09-07 00:14 -------- d-----w- c:\archivos de programa\Malwarebytes' Anti-Malware
2009-06-29 00:59 . 2008-08-07 15:28 -------- d-----w- c:\documents and settings\Kliber\Datos de programa\Vso
2009-06-17 15:27 . 2008-09-07 00:14 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-17 15:27 . 2008-09-07 00:14 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-15 01:43 . 2008-04-01 02:04 -------- d-----w- c:\documents and settings\All Users\Datos de programa\Microsoft Help
2009-06-10 16:10 . 2007-09-30 06:31 -------- d-----w- c:\documents and settings\Kliber\Datos de programa\Nokia
2009-06-10 15:36 . 2007-09-30 06:30 -------- d-----w- c:\documents and settings\Kliber\Datos de programa\PC Suite
2009-06-10 15:25 . 2007-09-30 06:30 -------- d-----w- c:\archivos de programa\Nokia
2009-06-10 15:24 . 2008-12-02 17:19 -------- d-----w- c:\documents and settings\All Users\Datos de programa\Nokia
2009-06-10 15:02 . 2007-09-30 06:30 -------- d-----w- c:\archivos de programa\Archivos comunes\PCSuite
2009-06-10 15:02 . 2007-09-30 06:30 -------- d-----w- c:\archivos de programa\Archivos comunes\Nokia
2009-06-10 15:01 . 2009-06-10 15:01 -------- d-----w- c:\archivos de programa\PC Connectivity Solution
2009-06-10 14:58 . 2009-06-10 14:58 8192 ----a-w- c:\documents and settings\All Users\Datos de programa\Installations\{AC4E9457-107B-448F-AD89-605E122E8C59}\Installer\CommonCustomActions\UninstCCD.exe
2009-06-10 14:58 . 2009-06-10 14:58 61440 ----a-w- c:\documents and settings\All Users\Datos de programa\Installations\{AC4E9457-107B-448F-AD89-605E122E8C59}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2009-06-10 14:58 . 2009-06-10 14:58 10240 ----a-w- c:\documents and settings\All Users\Datos de programa\Installations\{AC4E9457-107B-448F-AD89-605E122E8C59}\Installer\CommonCustomActions\UninstPCS.exe
2009-06-10 14:58 . 2008-12-02 17:15 -------- d-----w- c:\documents and settings\All Users\Datos de programa\Installations
2009-06-10 14:47 . 2009-06-10 14:59 34348464 ----a-w- c:\documents and settings\All Users\Datos de programa\Installations\{AC4E9457-107B-448F-AD89-605E122E8C59}\Nokia_PC_Suite_7_1_26_1_eng_web.exe
2009-05-28 22:01 . 2009-05-28 22:01 -------- d-----w- c:\documents and settings\Kliber\Datos de programa\ESET
2009-05-28 21:59 . 2009-05-28 21:59 -------- d-----w- c:\documents and settings\All Users\Datos de programa\ESET
2009-05-13 05:04 . 2006-03-20 17:48 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-11 22:50 . 2008-03-13 21:43 -------- d-----w- c:\documents and settings\Kliber\Datos de programa\Corel
2009-05-11 22:50 . 2008-03-13 21:39 -------- d-----w- c:\documents and settings\All Users\Datos de programa\Corel
2009-05-11 22:43 . 2009-04-21 14:24 -------- d-----w- c:\archivos de programa\Zylom Games
2009-05-11 22:41 . 2009-04-21 20:44 -------- d-----w- c:\archivos de programa\Motorola Tools
2009-05-07 15:33 . 2004-08-19 13:42 347648 ----a-w- c:\windows\system32\localspl.dll
2009-04-19 19:50 . 2006-03-20 17:47 1847296 ----a-w- c:\windows\system32\win32k.sys
2009-04-19 02:22 . 2002-09-24 12:00 86836 ----a-w- c:\windows\system32\perfc00A.dat
2009-04-19 02:22 . 2002-09-24 12:00 499018 ----a-w- c:\windows\system32\perfh00A.dat
2009-04-15 14:54 . 2004-08-19 13:42 585216 ----a-w- c:\windows\system32\rpcrt4.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-07-06_17.45.09 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-10 20:27 . 2009-07-10 20:27 16384 c:\windows\temp\Perflib_Perfdata_6e8.dat
+ 2009-07-07 18:11 . 2009-07-07 18:11 802304 c:\windows\Installer\1acccc.msi
+ 2009-07-07 18:11 . 2009-07-07 18:11 295606 c:\windows\Installer\{AC76BA86-7AD7-5464-3428-900000000004}\ARPPRODUCTICON.exe
+ 2009-07-07 18:11 . 2009-07-07 18:11 3960320 c:\windows\Installer\1accc5.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"swg"="c:\archivos de programa\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-06 68856]
"msnmsgr"="c:\archivos de programa\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
"GrooveMonitor"="c:\archivos de programa\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"RemoteControl"="c:\archivos de programa\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]
"LanguageShortcut"="c:\archivos de programa\CyberLink\PowerDVD\Language\Language.exe" [2006-12-06 54832]
"InstantBurn"="c:\archiv~1\CYBERL~1\INSTAN~1\Win2K\IBurn.exe" [2006-12-21 589824]
"TkBellExe"="c:\archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe" [2007-10-26 185632]
"SunJavaUpdateSched"="c:\archivos de programa\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"Adobe Reader Speed Launcher"="c:\archivos de programa\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-10-22 1622016]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menú Inicio^Programas^Inicio^Ralink Wireless Utility.lnk]
path=c:\documents and settings\All Users\Menú Inicio\Programas\Inicio\Ralink Wireless Utility.lnk
backup=c:\windows\pss\Ralink Wireless Utility.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Kliber^Menú Inicio^Programas^Inicio^Recorte de pantalla e Inicio rápido de OneNote 2007.lnk]
path=c:\documents and settings\Kliber\Menú Inicio\Programas\Inicio\Recorte de pantalla e Inicio rápido de OneNote 2007.lnk
backup=c:\windows\pss\Recorte de pantalla e Inicio rápido de OneNote 2007.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Kliber^Menú Inicio^Programas^Inicio^Registration Myst V]
path=c:\documents and settings\Kliber\Menú Inicio\Programas\Inicio\Registration Myst V
backup=c:\windows\pss\Registration Myst VStartup
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"UacDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Archivos de programa\\Bonjour\\mDNSResponder.exe"=
"c:\\Archivos de programa\\Archivos comunes\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"d:\\Archivos de programa\\Wolfenstein - Enemy Territory\\ET.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"d:\\Archivos de programa\\SmartFTP\\SmartFTP.exe"=
"c:\\Archivos de programa\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Archivos de programa\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Archivos de programa\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Archivos de programa\\CyberLink\\PowerDirector\\PDR.exe"=
"c:\\Archivos de programa\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Archivos de programa\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Archivos de programa\\Archivos comunes\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Archivos de programa\\Naviter\\SeeYou\\SeeYou.exe"=
"c:\\Archivos de programa\\Track-Album\\TrackAlbum.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server
R0 CLBStor;InstantBurn Storage Helper Driver;c:\windows\system32\drivers\CLBStor.sys [23/07/2007 12:46 10368]
R2 CLBUDF;CyberLink InstantBurn UDF Filesystem;c:\windows\system32\drivers\CLBUDF.sys [23/07/2007 12:46 153728]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [21/02/2009 11:18 55152]
S2 gupdate1c8d33df875e1c0;Google Update Service (gupdate1c8d33df875e1c0);c:\archivos de programa\Google\Update\GoogleUpdate.exe [16/07/2008 16:08 133104]
S3 fsssvc;Windows Live Protección Infantil;c:\archivos de programa\Windows Live\Family Safety\fsssvc.exe [06/02/2009 18:08 533360]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [30/07/2008 15:36 13352]
S3 KS-959;Kingsun KS-959 USB Infrared Adapter;c:\windows\system32\drivers\ks-959.sys [23/07/2005 00:17 19034]
S3 usb2vcom;USB Data Cable;c:\windows\system32\drivers\usb2vcom.sys [13/09/2007 22:39 29152]
.
Contents of the 'Scheduled Tasks' folder
2009-07-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\archivos de programa\Google\Update\GoogleUpdate.exe [2008-07-16 19:09]
2009-07-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\archivos de programa\Google\Update\GoogleUpdate.exe [2008-07-16 19:09]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xportar a Microsoft Excel - c:\archiv~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: banesconline.com\www
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.es/scan_es/scan8/oscan8.cab
DPF: {A9ED6AA2-D9D4-4D71-9586-E293E2E3580B} - hxxp://67.15.101.33/g_bin/eng/marbles_2_0_0_32.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game02.zylom.com/activex/zylomgamesplayer.cab
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-10 16:32
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:f0,2e,34,57,c9,5f,bb,19,f2,d2,bd,6d,06,b2,54,7d,66,4f,2a,44,88,
e6,b5,6e,aa,4b,fd,e6,fb,52,11,41,38,6b,db,af,5e,70,13,f5,cd,bf,78,d6,00,a4,\
[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:f0,2e,34,57,c9,5f,bb,19,f2,d2,bd,6d,06,b2,54,7d,66,4f,2a,44,88,
e6,b5,6e,aa,4b,fd,e6,fb,52,11,41,38,6b,db,af,5e,70,13,f5,cd,bf,78,d6,00,a4,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(3264)
c:\windows\system32\WININET.dll
c:\windows\system32\nview.dll
c:\windows\system32\NVWRSESM.DLL
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\nvwddi.dll
c:\archivos de programa\Archivos comunes\Adobe\Acrobat\ActiveX\PDFShell.ESP
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\archivos de programa\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\archivos de programa\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\archivos de programa\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng.nlr
c:\archivos de programa\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
d:\archivos de programa\SmartFTP\smarthook.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\archivos de programa\Bonjour\mDNSResponder.exe
c:\archivos de programa\Archivos comunes\InterVideo\DeviceService\DevSvc.exe
c:\documents and settings\All Users\Datos de programa\EPSON\EPW!3 SSRP\E_S40RP7.EXE
c:\archivos de programa\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\archivos de programa\Java\jre6\bin\jqs.exe
c:\archivos de programa\Archivos comunes\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\archivos de programa\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\devldr32.exe
.
**************************************************************************
.
Completion time: 2009-07-10 16:40 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-10 20:40
ComboFix2.txt 2009-07-07 17:12
ComboFix3.txt 2009-07-06 20:28
ComboFix4.txt 2009-07-06 17:56
ComboFix5.txt 2009-07-10 20:16
Pre-Run: 5,622,677,504 bytes libres
Post-Run: 5,793,280,000 bytes libres
Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
229 --- E O F --- 2009-06-15 01:44
Fresh DDS log:
DDS (Ver_09-06-26.01) - NTFSx86
Run by Kliber at 16:52:00.57 on 10/07/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1252.34.3082.18.511.143 [GMT -4:00]
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Archivos de programa\Bonjour\mDNSResponder.exe
C:\Archivos de programa\Archivos comunes\InterVideo\DeviceService\DevSvc.exe
C:\Documents and Settings\All Users\Datos de programa\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\Archivos de programa\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Archivos de programa\Java\jre6\bin\jqs.exe
C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Archivos de programa\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wscntfy.exe
C:\Archivos de programa\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Archivos de programa\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\devldr32.exe
C:\ARCHIV~1\CYBERL~1\INSTAN~1\Win2K\IBurn.exe
C:\Archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe
C:\Archivos de programa\Java\jre6\bin\jusched.exe
C:\Archivos de programa\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\rundll32.exe
C:\Archivos de programa\Internet Explorer\iexplore.exe
C:\Archivos de programa\Internet Explorer\iexplore.exe
C:\Archivos de programa\Windows Live\Toolbar\wltuser.exe
C:\Documents and Settings\Kliber\Escritorio\dds.scr
============== Pseudo HJT Report ===============
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - e:\archivos de programa\adobe\/Adobe Contribute CS3/contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\archivos de programa\archivos comunes\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\archiv~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\archivos de programa\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\archivos de programa\microsoft office\office12\GrooveShellExtensions.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\archivos de programa\java\jre6\bin\ssv.dll
BHO: Windows Live Aplicación auxiliar de inicio de sesión: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\archivos de programa\archivos comunes\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\archivos de programa\google\googletoolbarnotifier\5.0.926.3450\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\archivos de programa\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\archivos de programa\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\archivos de programa\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - e:\archivos de programa\adobe\/Adobe Contribute CS3/contributeieplugin.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\archivos de programa\windows live\toolbar\wltcore.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [swg] c:\archivos de programa\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [msnmsgr] "c:\archivos de programa\windows live\messenger\msnmsgr.exe" /background
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [GrooveMonitor] "c:\archivos de programa\microsoft office\office12\GrooveMonitor.exe"
mRun: [RemoteControl] "c:\archivos de programa\cyberlink\powerdvd\PDVDServ.exe"
mRun: [LanguageShortcut] "c:\archivos de programa\cyberlink\powerdvd\language\Language.exe"
mRun: [InstantBurn] c:\archiv~1\cyberl~1\instan~1\win2k\IBurn.exe
mRun: [Adobe_ID0EYTHM] c:\archiv~1\archiv~1\adobe\adobev~1\server\bin\VERSIO~2.EXE
mRun: [TkBellExe] "c:\archivos de programa\archivos comunes\real\update_ob\realsched.exe" -osboot
mRun: [SunJavaUpdateSched] "c:\archivos de programa\java\jre6\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\archivos de programa\adobe\reader 9.0\reader\Reader_sl.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xportar a Microsoft Excel - c:\archiv~1\micros~2\office12\EXCEL.EXE/3000
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\archivos de programa\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBC} - c:\archivos de programa\java\jre6\bin\jp2iexp.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\archivos de programa\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\archiv~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\archiv~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\archiv~1\spybot~1\SDHelper.dll
Trusted Zone: banesconline.com\www
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader5.cab
DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/ES-ES/a-UNO1/GAME_UNO1.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.es/scan_es/scan8/oscan8.cab
DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} - hxxp://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {A9ED6AA2-D9D4-4D71-9586-E293E2E3580B} - hxxp://67.15.101.33/g_bin/eng/marbles_2_0_0_32.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game02.zylom.com/activex/zylomgamesplayer.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\archivos de programa\microsoft office\office12\GrooveSystemServices.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\archivos de programa\microsoft office\office12\GrooveShellExtensions.dll
============= SERVICES / DRIVERS ===============
R0 CLBStor;InstantBurn Storage Helper Driver;c:\windows\system32\drivers\CLBStor.sys [2007-7-23 10368]
R2 CLBUDF;CyberLink InstantBurn UDF Filesystem;c:\windows\system32\drivers\CLBUDF.sys [2007-7-23 153728]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-2-21 55152]
R2 SeaPort;SeaPort;c:\archivos de programa\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-5-19 240512]
S2 gupdate1c8d33df875e1c0;Google Update Service (gupdate1c8d33df875e1c0);c:\archivos de programa\google\update\GoogleUpdate.exe [2008-7-16 133104]
S3 fsssvc;Windows Live Protección Infantil;c:\archivos de programa\windows live\family safety\fsssvc.exe [2009-2-6 533360]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2008-7-30 13352]
S3 KS-959;Kingsun KS-959 USB Infrared Adapter;c:\windows\system32\drivers\ks-959.sys [2005-7-23 19034]
S3 usb2vcom;USB Data Cable;c:\windows\system32\drivers\usb2vcom.sys [2007-9-13 29152]
S3 w200bus;Sony Ericsson W200 driver (WDM);c:\windows\system32\drivers\w200bus.sys [2008-1-23 61504]
S3 w200mdfl;Sony Ericsson W200 USB WMC Modem Filter;c:\windows\system32\drivers\w200mdfl.sys [2008-1-23 9328]
S3 w200mdm;Sony Ericsson W200 USB WMC Modem Driver;c:\windows\system32\drivers\w200mdm.sys [2008-1-23 97056]
S3 w200mgmt;Sony Ericsson W200 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\w200mgmt.sys [2008-1-23 88560]
S3 w200obex;Sony Ericsson W200 USB WMC OBEX Interface;c:\windows\system32\drivers\w200obex.sys [2008-1-23 86368]
=============== Created Last 30 ================
2009-07-06 13:48 <DIR> -cd----- c:\windows\system32\dllcache\cache
2009-07-06 13:26 161,792 a------- c:\windows\SWREG.exe
2009-07-06 13:26 155,136 a------- c:\windows\PEV.exe
2009-07-06 13:26 98,816 a------- c:\windows\sed.exe
2009-06-30 19:29 567 a------- c:\windows\system32\BDUpdateV1.xml
2009-06-30 18:59 81,984 a------- c:\windows\system32\bdod.bin
2009-06-29 19:38 <DIR> --d----- c:\docume~1\alluse~1\datosd~1\BitDefender
2009-06-29 19:19 <DIR> --d----- c:\archivos de programa\archivos comunes\BitDefender
2009-06-17 15:36 <DIR> --dsh--- c:\documents and settings\kliber\IECompatCache
2009-06-17 15:35 <DIR> --dsh--- c:\documents and settings\kliber\PrivacIE
2009-06-17 15:34 <DIR> --dsh--- c:\documents and settings\kliber\IETldCache
2009-06-17 15:29 <DIR> --d----- c:\windows\ie8updates
2009-06-17 15:26 <DIR> -cd-h--- c:\windows\ie8
2009-06-17 14:48 <DIR> --d-h--- c:\windows\msdownld.tmp
2009-06-17 14:46 12,800 -c------ c:\windows\system32\dllcache\xpshims.dll
2009-06-17 14:46 246,272 -c------ c:\windows\system32\dllcache\ieproxy.dll
2009-06-17 14:44 102,912 -c------ c:\windows\system32\dllcache\iecompat.dll
==================== Find3M ====================
2009-06-17 11:27 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-17 11:27 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-05-13 01:04 915,456 a------- c:\windows\system32\wininet.dll
2009-05-07 11:33 347,648 a------- c:\windows\system32\localspl.dll
2009-04-19 15:50 1,847,296 a------- c:\windows\system32\win32k.sys
2009-04-18 22:22 499,018 a------- c:\windows\system32\perfh00A.dat
2009-04-18 22:22 86,836 a------- c:\windows\system32\perfc00A.dat
2009-04-15 10:54 585,216 a------- c:\windows\system32\rpcrt4.dll
2009-02-14 12:19 2,828 a--sh--- c:\docume~1\alluse~1\datosd~1\KGyGaAvL.sys
2009-02-14 12:19 88 ---shr-- c:\docume~1\alluse~1\datosd~1\06EB96A50D.sys
2007-12-30 19:56 25,600 a------- c:\documents and settings\kliber\usbsermptxp.sys
2007-12-30 19:56 22,768 a------- c:\documents and settings\kliber\usbsermpt.sys
2007-11-29 18:38 22,328 a------- c:\docume~1\kliber\datosd~1\PnkBstrK.sys
2001-02-02 23:00 40,040 a------- c:\docume~1\kliber\datosd~1\wxnlz.dll
2008-08-20 13:36 32,768 a--sh--- c:\windows\system32\config\systemprofile\configuración local\historial\history.ie5\mshist012008082020080821\index.dat
============= FINISH: 16:52:30.84 ===============
Wow, all this work makes me think: How many computers out there may be infected with malware? and how many users are capable of clean they own computer? no wonder why computer thecnics just format hard drives when users complain about virus; this method preserve information stored (I have about 7 years of info, pictures and documents stored in 3 HD in this pc) and really appreciate the efforts you guys do fighting this annoyances, this sorta makes me interest in looking at the MRU!! and I thogh that I was very good avoiding infection LOL
Thanks Blade, ah! forgot to ask: What can I do with the removable media (Pendrives, Phone, etc.) I found the winword.exe file in my Phone! also my wife have a pendrive with some docs, I made her to scan it and demand to erase all virus there, now she lost some word files and is mad a me LOL! do you think I could use a file recover like recuva or just say to her that they are lost for ever?
Thanks Blade.
Kliber.
Wow, all this work makes me think: How many computers out there may be infected with malware? and how many users are capable of clean they own computer?
There're lots of infected ones. Conficker (http://en.wikipedia.org/wiki/Conficker) worm alone has infected millions of computers. I believe those people are in minority who can clean their computers without help. Big part of people seeking for help here have tried different removal methods making our job sometimes more difficult than it would be if tools weren't used without supervision.
forgot to ask: What can I do with the removable media (Pendrives, Phone, etc.) I found the winword.exe file in my Phone!
You could run MBAM against those removable drives and remove findings.
do you think I could use a file recover like recuva or just say to her that they are lost for ever?
It wouldn't hurt to attempt recovery.
Well congrats, it appears your system is all clean Are you still noticing any problems? If not, it's time to secure your system to prevent against further intrusions.
THESE STEPS ARE VERY IMPORTANT
Let's reset system restore
Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: You will lose all previous restore points which are likely to be infected. Please note you need Administrator Access to do clean the restore points.
1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
2. Reboot.
3. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.
NOTE: only do this ONCE,NOT on a regular basis
Now lets uninstall ComboFix:
Click START then RUN
Now type Combofix /u in the runbox and click OK
You may delete DDS and related logs too.
UPDATING WINDOWS AND INTERNET EXPLORER
IMPORTANT: You Need to Update Windows and Internet Explorer to protect your computer from the malware that is around on the Internet. Please go to the windows update site (http://windowsupdate.microsoft.com/) to get the critical updates.
If you are running Microsoft Office, or any portion thereof, go to the Microsoft's Office Update site and make sure you have at least all the critical updates installed (Free) Microsoft Office Update.
Make your Internet Explorer more secure
This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.
The following are recommended third party programs that are designed to keep your computer clean. A link as well as a brief description is included with each item.
hosts file:
Every version of windows has a hosts file as part of them. In a very basic sense, they are used to locate webpages. We can customize a hosts file so that it blocks certain webpages. However, it can slow down certain computers. This is why using a hosts file is optional!!
Download it here (http://www.mvps.org/winhelp2002/hosts.htm). Make sure you read the instructions on how to install the hosts file. There is a good tutorial here (http://www.bleepingcomputer.com/forums/tutorial51.html)
If you decide to download the hosts file, the slowdown problems can usually be avoided by following these steps:
Click the start button (at the lower left hand corner of your screen) Click run In the dialog box, type services.msc hit enter, then locate dns client Highlight it, then double-click it. On the dropdown box, change the setting from automatic to manual. Click ok
Get Anti Virus Software and keep it updated - Most AVs will update automatically, but if not I would recommend making updating the AV the first job every time the PC is connected to the internet. An AV that is using defs that are seven days old is not going to be much protection. If you do not update your anti virus software then it will not be able to catch any of the new variants that may come out. Good free antivirus programs are:
Antivir (http://free-av.com/en/download/1/download_avira_antivir_personal__free_antivirus.html)
Avast! (http://www.avast.com/eng/download-avast-home.html)
Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly. For more info, check this (http://www.bleepingcomputer.com/forums/tutorial60.html) webpage out.
If you don't have a 3rd party firewall or a router behind NAT then I recommend getting one. I recommend either Online Armor Free (http://www.tallemu.com/free-firewall-protection-software.html) or Comodo Firewall Pro (http://www.personalfirewall.comodo.com/download_firewall.html#fw3.0) (If you choose Comodo: Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" and install firewall ONLY!). Both providers have support forums that help with configuration related questions.
Just a final reminder for you. I am trying to stress these two points.
UPDATE UPDATE UPDATE!!! Make sure you do this about every 1-2 weeks.
Make sure all of your security programs are up to date.
Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
Once again, please post and tell me how things are going with your system... problems etc.
Have a great day,
Blade :cool:
Well Blade, a giant THANK YOU! for your efforts, you must be proud of what you do; computer its running nice and no other "strange behavior" has show so far, already cleaned my restore points and gonna chek in the additional info you gave me, Im gratefull for your advices and software recommendations, hope in the future not being your "client" but your "colleague" in the fight against this annoyances, Best Wishes!
Kliber.
Ah! by the way; looking at the info about the conficker worm found it amazing and got my paranoic mode on, checking the pc I realize that Windows Automatic update its disabled and cannot enable again from control panel, this its sorta weird cuz as far I recall AU was working well; also went to update page in windows: "website found a problem and cannot show the page you want to see" or something like that, well; maybe its me but Im pretty sure automatic update was working before, lol too much info about malware I think...
Hi,
What is the exact error message you get when trying to access Windows Update?
Hi Blade, here its the error message:
El sitio web ha encontrado un problema y no puede mostrar la página que intenta ver. Las opciones que se indican a continuación pueden ayudarle a solucionar el problema.
"The Website has found a problem and cannot show the page you try to see. The options show next can help you to solution your problem:"
*Frequent Asked Questions
*Look for solutions
*newsgroup from windows update
Hi,
Did the message contain any error number?
(Error Number) Número de error: 0x80070424 , searching at windows update database I found that some entries in register must be repaired.
Hi,
Click start->run and copy paste following command into box:
regsvr32 wuaueng.dll
Click ok. Does the error still appear?
YAY!!! its ok now! Thanks a lot Blade! I think we are ready now! no more problems, a nice antivirus running, my PC updating well, you are tha man bro! :laugh:
:thanks:
Kliber.
Great to hear that :)
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help. :)
Note:If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.
If it has been less than four days since your last response and you need the thread re-opened, please send me or MOD a private message (pm). A valid, working link to the closed topic is required.