-
Looks like we need other methods.
Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2- Make sure you are connected to the Internet.
- Double-click on mbam-setup.exe to install the application.
- When the installation begins, follow the prompts and do not make any changes to default settings.
- When installation has finished, make sure you leave both of these checked:
- Update Malwarebytes' Anti-Malware
- Launch Malwarebytes' Anti-Malware
- Then click Finish.
- MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
- On the Scanner tab:
- Make sure the "Perform Full Scan" option is selected.
- Then click on the Scan button.
- If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
- The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
- When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
- Click OK to close the message box and continue with the removal process.
- Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
- Make sure that everything is checked, and click Remove Selected.
- When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
- The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
- Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
Re-run rsit.
Post:
- a fresh rsit log
- mbam log
-
... is that effing thing immortal? Dang! :mad:
-
No, just stubborn.
If that doesn't work, we have other methods left :)
-
MBAM log
I don't see the blasted thing now, neither does the KAV. I hope it's removed, though I confess I froze when I saw Vundo in those logs. I still tremble seeing it on the Quarantine. Do I get to delete them from there? And do you happen to you why the thing never put a full attack on me?
MBAM
Malwarebytes' Anti-Malware 1.33
Database version: 1673
Windows 5.1.2600 Service Pack 2
21/01/2009 03:03:55 p.m.
mbam-log-2009-01-21 (15-03-55).txt
Scan type: Full Scan (C:\|E:\|F:\|)
Objects scanned: 119798
Time elapsed: 32 minute(s), 1 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 7
Registry Values Infected: 1
Registry Data Items Infected: 4
Folders Infected: 0
Files Infected: 4
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
C:\WINDOWS\system32\geBsQIXN.dll (Trojan.Vundo.H) -> Delete on reboot.
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{148e59aa-42ac-407c-8049-546a9a0a696a} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{148e59aa-42ac-407c-8049-546a9a0a696a} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{148e59aa-42ac-407c-8049-546a9a0a696a} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{53fe12c2-4429-488f-847b-7b285f8f6778} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{53fe12c2-4429-488f-847b-7b285f8f6778} (Trojan.Vundo) -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\gebsqixn -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\gebsqixn -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSMHelp (Hijack.Help) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
C:\WINDOWS\system32\geBsQIXN.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\NXIQsBeg.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\NXIQsBeg.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.
-
RSIT fresh log
I want to thank you for helping me out and for being patient with me for free; since I'm a high school teacher I live off being paid to be patient when I'm not XD. I certainly wasn't patient when waiting for the MBAM to finish XD. And if you see the thing gone, I'd like you to give me some pointers to be protected... by the way, is it okay that Windows Firewall apppears to be disabled? I just noticed this today.
Sorry, talking too much. But I have a ton of things to ask...
RSIT
Logfile of random's system information tool 1.05 (written by random/random)
Run by Administrador at 2009-01-21 15:06:22
Microsoft Windows XP Professional Service Pack 2
System drive C: has 49 GB (82%) free of 60 GB
Total RAM: 895 MB (39% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 03:06:26 p.m., on 21/01/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Archivos de programa\CyberLink\PowerDVD\PDVDServ.exe
C:\Archivos de programa\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Archivos de programa\Unlocker\UnlockerAssistant.exe
C:\Archivos de programa\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Archivos de programa\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\rundll32.exe
C:\Archivos de programa\UpsPilot\Winpower.exe
C:\Archivos de programa\UpsPilot\jre\bin\javaw.exe
C:\WINDOWS\system32\WService.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Archivos de programa\Picasa2\PicasaMediaDetector.exe
C:\Archivos de programa\Archivos comunes\Ahead\Lib\NMBgMonitor.exe
C:\Archivos de programa\Spybot - Search & Destroy\TeaTimer.exe
C:\Archivos de programa\Archivos comunes\Ahead\Lib\NMIndexStoreSvr.exe
C:\Archivos de programa\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Archivos de programa\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Archivos de programa\Bonjour\mDNSResponder.exe
C:\Archivos de programa\HP\Digital Imaging\bin\hpqtra08.exe
C:\Archivos de programa\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Archivos de programa\Archivos comunes\LightScribe\LSSrvc.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Archivos de programa\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
C:\Archivos de programa\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Archivos de programa\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\ARCHIV~1\UpsPilot\monitor.exe
C:\WINDOWS\system32\DRIVERS\WtSrv.exe
C:\Archivos de programa\UpsPilot\jre\bin\javaw.exe
C:\Archivos de programa\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Archivos de programa\HP\Digital Imaging\bin\hpqSTE08.exe
C:\ARCHIV~1\UpsPilot\wpRMI.exe
C:\Archivos de programa\UpsPilot\jre\bin\javaw.exe
C:\Archivos de programa\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Documents and Settings\Administrador\Escritorio\RSIT.exe
C:\Archivos de programa\trend micro\Administrador.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Barra Yahoo! con bloqueador de ventanas emergentes - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Aplicación auxiliar de vínculos de Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Archivos comunes\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Archivos de programa\FlashGet\jccatch.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARCHIV~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {583DC601-BBD7-4D0E-A9EA-485D9769986E} - (no file)
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Archivos de programa\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARCHIV~1\MICROS~1\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Archivos de programa\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Archivos de programa\FlashGet\getflash.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Archivos de programa\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Archivos de programa\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Archivos de programa\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Archivos de programa\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Archivos de programa\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Archivos de programa\Archivos comunes\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Archivos de programa\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Winpower] C:\Archivos de programa\UpsPilot\Winpower.exe
O4 - HKLM\..\Run: [WService] WService.EXE
O4 - HKLM\..\Run: [AVP] "C:\Archivos de programa\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Archivos de programa\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Archivos de programa\Archivos comunes\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Archivos de programa\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Servicio de red')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Servicio de red')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Archivos de programa\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\ARCHIV~1\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\ARCHIV~1\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Estadísticas de protección del tráfico Web - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Archivos de programa\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARCHIV~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARCHIV~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Archivos de programa\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Archivos de programa\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARCHIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARCHIV~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/spanish...an_unicode.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/actives.../as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Archivos de programa\Yahoo!\Common\yinsthelper.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARCHIV~1\MICROS~1\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: C:\ARCHIV~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\ARCHIV~1\KASPER~1\KASPER~1\mzvkbd3.dll
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Archivos de programa\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Archivos de programa\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Archivos de programa\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Archivos de programa\Archivos comunes\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Archivos de programa\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Archivos de programa\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Archivos de programa\Archivos comunes\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Archivos de programa\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Archivos de programa\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Archivos de programa\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Archivos de programa\CyberLink\Shared files\RichVideo.exe
O23 - Service: Winpowermanager - Macrovision - C:\ARCHIV~1\UpsPilot\manager.exe
O23 - Service: Winpowermonitor - Macrovision - C:\ARCHIV~1\UpsPilot\monitor.exe
O23 - Service: WinpowerRMI - Macrovision - C:\ARCHIV~1\UpsPilot\wpRMI.exe
O23 - Service: WinTab Service (WinTabService) - Tablet Driver - C:\WINDOWS\system32\DRIVERS\WtSrv.exe
--
End of file - 11868 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\Mantenimiento con 1 clic.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Aplicación auxiliar de vínculos de Adobe PDF Reader - C:\Archivos de programa\Archivos comunes\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}]
FGCatchUrl - C:\Archivos de programa\FlashGet\jccatch.dll [2007-08-06 94308]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\ARCHIV~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{583DC601-BBD7-4D0E-A9EA-485D9769986E}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
IEVkbdBHO Class - C:\Archivos de programa\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll [2008-11-11 62728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\ARCHIV~1\MICROS~1\Office12\GRA8E1~1.DLL [2006-10-27 2210608]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Archivos de programa\Java\jre1.6.0_03\bin\ssv.dll [2007-09-25 501136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F156768E-81EF-470C-9057-481BA8380DBA}]
FlashGet GetFlash Class - C:\Archivos de programa\FlashGet\getflash.dll [2007-05-18 163840]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-11-06 16855552]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"RemoteControl"=C:\Archivos de programa\CyberLink\PowerDVD\PDVDServ.exe [2007-02-07 71216]
"LanguageShortcut"=C:\Archivos de programa\CyberLink\PowerDVD\Language\Language.exe [2007-02-07 54832]
"Adobe Reader Speed Launcher"=C:\Archivos de programa\Adobe\Reader 8.0\Reader\Reader_sl.exe [2007-10-10 39792]
"UnlockerAssistant"=C:\Archivos de programa\Unlocker\UnlockerAssistant.exe [2006-09-07 15872]
"GrooveMonitor"=C:\Archivos de programa\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-10-31 7634944]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2006-10-31 86016]
"NeroFilterCheck"=C:\Archivos de programa\Archivos comunes\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]
"HP Software Update"=C:\Archivos de programa\HP\HP Software Update\HPWuSchd2.exe [2005-05-11 49152]
"BluetoothAuthenticationAgent"=C:\WINDOWS\system32\bthprops.cpl [2004-08-19 110592]
"Winpower"=C:\Archivos de programa\UpsPilot\Winpower.exe [2008-09-03 114688]
"WService"=C:\WINDOWS\system32\WService.EXE [2002-09-07 28672]
"AVP"=C:\Archivos de programa\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe [2008-11-11 206088]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-19 15360]
"Picasa Media Detector"=C:\Archivos de programa\Picasa2\PicasaMediaDetector.exe [2007-10-23 443968]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Archivos de programa\Archivos comunes\Ahead\Lib\NMBgMonitor.exe [2006-11-16 139264]
"SpybotSD TeaTimer"=C:\Archivos de programa\Spybot - Search & Destroy\TeaTimer.exe [2008-09-16 1833296]
C:\Documents and Settings\All Users\Menú Inicio\Programas\Inicio
BlueSoleil.lnk - C:\Archivos de programa\IVT Corporation\BlueSoleil\BlueSoleil.exe
HP Digital Imaging Monitor.lnk - C:\Archivos de programa\HP\Digital Imaging\bin\hpqtra08.exe
C:\Documents and Settings\Administrador\Menú Inicio\Programas\Inicio
RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
TransBar.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
UberIcon.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
Y'z Shadow.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\ARCHIV~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\ARCHIV~1\KASPER~1\KASPER~1\mzvkbd3.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
C:\WINDOWS\system32\klogon.dll [2008-11-11 218376]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-04-10 236928]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll [2008-01-09 133632]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\ARCHIV~1\MICROS~1\Office12\GRA8E1~1.DLL [2006-10-27 2210608]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=36
"ForceClassicControlPanel"=1
"NoSMConfigurePrograms"=1
"NoResolveTrack"=1
"NoResolveSearch"=1
"NoDriveAutoRun"=FFFFFFFF
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Archivos de programa\CyberLink\PowerDVD\PowerDVD.exe"="C:\Archivos de programa\CyberLink\PowerDVD\PowerDVD.exe:*:Enabled:CyberLink PowerDVD"
"C:\Archivos de programa\FlashGet\flashget.exe"="C:\Archivos de programa\FlashGet\flashget.exe:*:Enabled:Flashget"
"C:\Archivos de programa\Windows Live\Messenger\msnmsgr.exe"="C:\Archivos de programa\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Archivos de programa\Windows Live\Messenger\livecall.exe"="C:\Archivos de programa\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Archivos de programa\Bonjour\mDNSResponder.exe"="C:\Archivos de programa\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Archivos de programa\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Archivos de programa\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Archivos de programa\Microsoft Office\Office12\GROOVE.EXE"="C:\Archivos de programa\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Archivos de programa\Microsoft Office\Office12\ONENOTE.EXE"="C:\Archivos de programa\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Archivos de programa\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe"="C:\Archivos de programa\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe:*:Enabled:Apache HTTP Server"
"C:\Archivos de programa\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Archivos de programa\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Archivos de programa\HP\Digital Imaging\bin\hpqste08.exe"="C:\Archivos de programa\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Archivos de programa\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Archivos de programa\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Archivos de programa\HP\Digital Imaging\bin\hposfx08.exe"="C:\Archivos de programa\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Archivos de programa\HP\Digital Imaging\bin\hposid01.exe"="C:\Archivos de programa\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Archivos de programa\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Archivos de programa\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Archivos de programa\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Archivos de programa\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Archivos de programa\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Archivos de programa\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Archivos de programa\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Archivos de programa\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Archivos de programa\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Archivos de programa\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Archivos de programa\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Archivos de programa\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Archivos de programa\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Archivos de programa\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Archivos de programa\HP\Digital Imaging\bin\hpoews01.exe"="C:\Archivos de programa\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Archivos de programa\IVT Corporation\BlueSoleil\BlueSoleil.exe"="C:\Archivos de programa\IVT Corporation\BlueSoleil\BlueSoleil.exe:*:Enabled:BlueSoleil"
"C:\Archivos de programa\Malwarebytes' Anti-Malware\mbam.exe"="C:\Archivos de programa\Malwarebytes' Anti-Malware\mbam.exe:*:Enabled:Malwarebytes' Anti-Malware"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Archivos de programa\Windows Live\Messenger\msnmsgr.exe"="C:\Archivos de programa\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Archivos de programa\Windows Live\Messenger\livecall.exe"="C:\Archivos de programa\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
======List of files/folders created in the last 1 months======
2009-01-21 14:21:34 ----D---- C:\Documents and Settings\Administrador\Datos de programa\Malwarebytes
2009-01-21 14:21:29 ----D---- C:\Documents and Settings\All Users\Datos de programa\Malwarebytes
2009-01-21 14:21:29 ----D---- C:\Archivos de programa\Malwarebytes' Anti-Malware
2009-01-21 13:52:37 ----A---- C:\WINDOWS\system32\e7581d93-.txt
2009-01-21 13:50:40 ----D---- C:\_OTMoveIt
2009-01-21 13:47:25 ----D---- C:\WINDOWS\ERDNT
2009-01-21 13:46:39 ----D---- C:\Archivos de programa\ERUNT
2009-01-21 12:39:00 ----RASHD---- C:\autorun.inf
2009-01-17 08:08:12 ----D---- C:\Archivos de programa\trend micro
2009-01-17 08:08:11 ----D---- C:\rsit
2009-01-17 07:16:06 ----A---- C:\WINDOWS\wininit.ini
2009-01-04 07:53:15 ----A---- C:\WINDOWS\system32\NCTWMAFile2.dll
2009-01-04 07:53:15 ----A---- C:\WINDOWS\system32\NCTAudioInformation2.dll
2009-01-04 07:53:15 ----A---- C:\WINDOWS\system32\NCTAudioFile2.dll
2009-01-04 07:53:15 ----A---- C:\WINDOWS\system32\NCTAudioCDGrabber2.dll
2009-01-04 07:53:15 ----A---- C:\WINDOWS\system32\msvcr70.dll
2009-01-04 07:53:14 ----D---- C:\Archivos de programa\Free Mp3WmaOgg Converter
2009-01-04 07:53:14 ----A---- C:\WINDOWS\system32\lame_enc.dll
2009-01-04 06:39:19 ----A---- C:\WINDOWS\amcap.exe
2009-01-04 06:39:14 ----A---- C:\WINDOWS\vsnpstd.exe
2009-01-04 06:39:14 ----A---- C:\WINDOWS\system32\dsnpstd.dll
2009-01-04 06:39:14 ----A---- C:\WINDOWS\snpstd.ini
2009-01-04 06:39:06 ----D---- C:\Archivos de programa\Archivos comunes\snpstd
2009-01-04 06:39:06 ----A---- C:\WINDOWS\usnpstd.exe
2009-01-04 06:39:06 ----A---- C:\WINDOWS\system32\vsnpstd.dll
2009-01-04 06:39:06 ----A---- C:\WINDOWS\system32\rsnpstd.dll
2009-01-04 06:39:06 ----A---- C:\WINDOWS\system32\csnpstd.dll
2008-12-24 10:24:50 ----D---- C:\Documents and Settings\Administrador\Datos de programa\Mozilla
2008-12-23 20:10:38 ----D---- C:\Documents and Settings\All Users\Datos de programa\Kaspersky Lab
2008-12-23 20:10:38 ----D---- C:\Archivos de programa\Kaspersky Lab
2008-12-23 20:06:29 ----D---- C:\Documents and Settings\All Users\Datos de programa\Kaspersky Lab Setup Files
2008-12-23 19:36:58 ----D---- C:\WINDOWS\system32\Kaspersky Lab
======List of files/folders modified in the last 1 months======
2009-01-21 15:05:32 ----D---- C:\WINDOWS\Temp
2009-01-21 15:04:47 ----D---- C:\WINDOWS
2009-01-21 15:04:41 ----D---- C:\WINDOWS\system32\drivers
2009-01-21 15:04:41 ----D---- C:\WINDOWS\system32
2009-01-21 15:04:21 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-01-21 14:24:22 ----D---- C:\WINDOWS\system32\CatRoot2
2009-01-21 14:21:29 ----RD---- C:\Archivos de programa
2009-01-21 13:57:15 ----D---- C:\Archivos de programa\Mozilla Firefox
2009-01-21 13:16:23 ----D---- C:\Documents and Settings\All Users\Datos de programa\Spybot - Search & Destroy
2009-01-20 17:56:28 ----D---- C:\Archivos de programa\UpsPilot
2009-01-20 15:58:44 ----A---- C:\WINDOWS\NeroDigital.ini
2009-01-18 16:18:16 ----D---- C:\Documents and Settings\Administrador\Datos de programa\Adobe
2009-01-18 15:30:50 ----RSD---- C:\WINDOWS\Fonts
2009-01-17 07:00:51 ----D---- C:\Archivos de programa\Spybot - Search & Destroy
2009-01-15 16:42:15 ----HD---- C:\Config.Msi
2009-01-14 18:22:04 ----D---- C:\Archivos de programa\FlashGet
2009-01-14 15:03:36 ----A---- C:\WINDOWS\avisplitter.INI
2009-01-14 14:46:29 ----SHD---- C:\WINDOWS\Installer
2009-01-14 14:46:21 ----D---- C:\Documents and Settings\All Users\Datos de programa\Microsoft Help
2009-01-14 14:45:53 ----D---- C:\Archivos de programa\Archivos comunes\Microsoft Shared
2009-01-14 14:45:49 ----HD---- C:\WINDOWS\inf
2009-01-04 08:41:56 ----SD---- C:\Documents and Settings\Administrador\Datos de programa\Microsoft
2009-01-04 06:39:14 ----D---- C:\WINDOWS\twain_32
2009-01-04 06:39:06 ----D---- C:\Archivos de programa\Archivos comunes
2009-01-04 06:39:00 ----HD---- C:\Archivos de programa\InstallShield Installation Information
2008-12-24 11:31:05 ----D---- C:\WINDOWS\system32\wbem
2008-12-24 11:31:04 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-12-23 20:38:57 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-12-23 20:00:31 ----D---- C:\Archivos de programa\CCleaner
2008-12-23 19:36:09 ----HDC---- C:\WINDOWS\ie7
2008-12-23 18:26:29 ----D---- C:\WINDOWS\Help
2008-12-22 16:57:29 ----D---- C:\WINDOWS\security
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-06-19 36864]
R1 KLIF;Kaspersky Lab Driver; C:\WINDOWS\system32\DRIVERS\klif.sys [2008-12-23 227344]
R1 Tcpip6;Controlador de protocolo IPv6 de Microsoft; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2008-01-15 225664]
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B}; \??\C:\Archivos de programa\CyberLink\PowerDVD\000.fcl []
R3 BlueletAudio;Bluetooth Audio Service; C:\WINDOWS\system32\DRIVERS\blueletaudio.sys [2005-02-01 20096]
R3 BT;Bluetooth PAN Network Adapter; C:\WINDOWS\system32\DRIVERS\btnetdrv.sys [2004-09-21 10804]
R3 BTHidEnum;Bluetooth HID Enumerator; C:\WINDOWS\system32\DRIVERS\vbtenum.sys [2005-04-07 11860]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2006-02-26 138752]
R3 HidUsb;Controlador de clases HID de Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-11-14 4625408]
R3 klim5;Kaspersky Anti-Virus NDIS Filter; C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-04-30 24592]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-10-31 3964256]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-07-11 57856]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-07-11 20480]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2001-08-24 5888]
R3 tunmp;Controlador de adaptador de minipuerto Tun de Microsoft; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-01-15 12416]
R3 usbehci;Controlador minipuerto de la controladora mejorada USB 2.0 de Microsoft; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-01-15 30208]
R3 usbhub;Concentrador habilitado USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-01-15 59264]
R3 usbohci;Controlador minipuerto de la controladora de host abierto USB de Microsoft; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-01-15 17152]
R3 VComm;Virtual Serial port driver; C:\WINDOWS\system32\DRIVERS\VComm.sys [2004-10-19 61312]
R3 VcommMgr;Bluetooth VComm Manager Service; C:\WINDOWS\System32\Drivers\VcommMgr.sys [2005-03-25 82148]
S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\WINDOWS\System32\Drivers\btcusb.sys [2005-04-06 23000]
S3 BthEnum;Servicio de enumerador de Bluetooth; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2004-08-03 17024]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2004-08-03 100992]
S3 BTHPORT;Controlador de puertos Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2004-08-19 274688]
S3 BTHUSB;Controlador USB de ondas de radio Bluetooth; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2004-08-03 18944]
S3 CCDECODE;Descodificador de título cerrado; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-03-08 51120]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-03-08 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-03-08 21744]
S3 motccgp;Motorola USB Composite Device Driver; C:\WINDOWS\system32\DRIVERS\motccgp.sys [2007-04-02 17920]
S3 motccgpfl;MotCcgpFlService; C:\WINDOWS\system32\DRIVERS\motccgpfl.sys [2007-01-23 7680]
S3 motmodem;Motorola USB CDC ACM Driver; C:\WINDOWS\system32\DRIVERS\motmodem.sys [2007-04-02 21632]
S3 motport;Motorola USB Diagnostic Port; C:\WINDOWS\system32\DRIVERS\motport.sys [2007-04-02 21632]
S3 mouhid;Controlador HID de mouse; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-22 12416]
S3 MSTEE;Convertidor Tee/Sink-to-Sink de transferencia de Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;Códec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Conexión de TV/Vídeo de Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 RFCOMM;Dispositivo Bluetooth (TDI protocolo RFCOMM); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2004-08-03 59648]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 streamip;Receptor BDA IP; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 Tablet2k;Serial Tablet Port Driver; C:\WINDOWS\System32\Drivers\Tablet2k.sys [2000-06-13 15370]
S3 TClass2k;Tablet Class Driver; C:\WINDOWS\system32\DRIVERS\TClass2k.sys [2003-03-05 23202]
S3 UCTblHid;HID Tablet Port Driver; C:\WINDOWS\system32\DRIVERS\UCTblHid.sys [2003-03-05 11090]
S3 usbccgp;Controlador primario genérico USB de Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbprint;Clase de impresora USB de Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;Controlador de escáner USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;Dispositivo de almacenamiento masivo de datos USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WSTCODEC;Códec de teletexto estándar mundial; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2008-01-09 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-01-09 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 6to4;Servicio de ayuda de IPv6; C:\WINDOWS\system32\svchost.exe [2004-08-19 14336]
R2 AVP;Kaspersky Anti-Virus; C:\Archivos de programa\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe [2008-11-11 206088]
R2 BlueSoleil Hid Service;BlueSoleil Hid Service; C:\Archivos de programa\IVT Corporation\BlueSoleil\BTNtService.exe [2005-04-06 110592]
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Archivos de programa\Bonjour\mDNSResponder.exe [2006-02-28 229376]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2004-08-19 14336]
R2 ForcewareWebInterface;Forceware Web Interface; C:\Archivos de programa\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe [2006-04-03 20543]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Archivos de programa\Archivos comunes\LightScribe\LSSrvc.exe [2006-10-19 61440]
R2 nSvcIp;ForceWare IP service; C:\Archivos de programa\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe [2006-07-13 131131]
R2 nSvcLog;ForceWare user log service; C:\Archivos de programa\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe [2006-07-13 65599]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-10-31 155715]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Archivos de programa\CyberLink\Shared files\RichVideo.exe [2007-02-07 173616]
R2 UxTuneUp;TuneUp Ampliación del thema; C:\WINDOWS\System32\svchost.exe [2004-08-19 14336]
R2 Winpowermonitor;Winpowermonitor; C:\ARCHIV~1\UpsPilot\monitor.exe [2008-09-03 114688]
R2 WinTabService;WinTab Service; C:\WINDOWS\system32\DRIVERS\WtSrv.exe [2003-09-29 40960]
R3 WinpowerRMI;WinpowerRMI; C:\ARCHIV~1\UpsPilot\wpRMI.exe [2008-09-03 114688]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2004-09-29 69632]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Archivos de programa\Archivos comunes\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-09-02 654848]
S3 gusvc;Google Updater Service; C:\Archivos de programa\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-03 136120]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Archivos de programa\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 NBService;NBService; C:\Archivos de programa\Nero\Nero 7\Nero BackItUp\NBService.exe [2006-11-10 774144]
S3 odserv;Microsoft Office Diagnostics Service; C:\Archivos de programa\Archivos comunes\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Archivos de programa\Archivos comunes\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 usnjsvc;Servicio Lector del diario USN de Carpetas para compartir de Messenger; C:\Archivos de programa\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 Winpowermanager;Winpowermanager; C:\ARCHIV~1\UpsPilot\manager.exe [2008-09-03 114688]
S3 WMPNetworkSvc;Servicio de uso compartido de red del Reproductor de Windows Media; C:\Archivos de programa\Windows Media Player\WMPNetwk.exe [2006-11-03 916480]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-19 14336]
-----------------EOF----------------
-
Please enable windows firewall next if possible.
Delete this file:
C:\WINDOWS\system32\e7581d93-.txt
Empty Recycle Bin.
Please go to Kaspersky website and perform an online antivirus scan.
Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select ''Run as administrator'' to perform this scan.
- Read through the requirements and privacy statement and click on Accept button.
- It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
- When the downloads have finished, click on Settings.
- Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
- Spyware, Adware, Dialers, and other potentially dangerous programs
Archives
- Click on My Computer under Scan.
- Once the scan is complete, it will display the results. Click on View Scan Report.
- You will see a list of infected items there. Click on Save Report As....
- Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
- Please post this log in your next reply along with a fresh HijackThis log.
If you need a tutorial, see here
-
Sorry for the delay, windows firewall enabled, but the online antivirus scan is made of fail for me. The program gets installed, but it fails at the updates (after seven refreshes and new tries, it's only at 7%) because my internet connection isn't very good. I'll keep trying, but I'd like to know if there's some alternative I could try in the meantime.
-
You can try this instead:
Please go to Eset website to perform an online scan. Please use Internet Explorer as it uses ActiveX.
- Check (tick) this box: YES, I accept the Terms of Use.
- Click on the Start button next to it.
- When prompted to run ActiveX. click Yes.
- You will be asked to install an ActiveX. Click Install.
- Once installed, the scanner will be initialized.
- After the scanner is initialized, click Start.
- Uncheck (untick) Remove found threats box.
- Check (tick) Scan unwanted applications.
- Click on Scan.
- It will start scanning. Please be patient.
- Once the scan is done, you will find a log in C:\Program Files\esetonlinescanner\log.txt. Please post this log in your next reply.
-
ESET online scan log
# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3790 (20090122)
# vers_arch_module=1.032 (20050726)
# vers_adv_heur_module=1.064 (20070717)
# EOSSerial=1c0ead9e3e06ff429cbe15d4748fb6fe
# end=finished
# remove_checked=false
# unwanted_checked=true
# utc_time=2009-01-22 06:40:11
# local_time=2009-01-22 03:40:11 (-0300, Hora est. de Sudamérica E.)
# country="Argentina"
# osver=5.1.2600 NT Service Pack 2
# scanned=248712
# found=0
# scan_time=2233
-
That looks good :)
Still problems?