Author Topic: worms in my computer (Read 19152 times)

tepetapan · « **on:** June 04, 2011, 12:11:57 PM »

I have a worm, there is no doubt. I am saving my photos to Picasso / Google and plan to wipe the hard drive clean and reinstall windows 7. Here are the questions. Can I email to myself some documents ( not very many, maybe 20) via yahoo mail and when I am back up and running download them back? Can or does the worm have a chance of reinfecting the computer again?

Allan · « **Reply #1 on:** June 04, 2011, 12:36:07 PM »

It is absolutely possible that, depending on the virus, some documents and / or files may be infected. I suggest you do not copy anything at this point and let's see if we can help Please follow the instructions in the following link and post your logs:
http://www.computerhope.com/forum/index.php/topic,46313.0.html

tepetapan · « **Reply #2 on:** June 04, 2011, 04:31:13 PM »

I downloaded Armor firewall and am taking the next step. It did find a couple questionable things on the start up. I did not mention:
I am living in Veracruz, Mexico (10 years now) have a spanish version of XP and my spanish might be better than most but still I have a hard time with many tasks. Next to ccleaner....

tepetapan · « **Reply #3 on:** June 06, 2011, 11:22:25 AM »

OK, here is what happened and what is happening. I did the Armor firewall, ccleaner and the superspy down loads. I left the laptop run the super spy scan overnight and it found problems. I did the quarantine and asked it reboot as required. The reboot did not restart after waiting 20 minutes. Frozen up. I popped the battery and did a restart trying to get the laptop running. In the end , yesterday by 10:00 am I had done 2 system restores, deleting the 3 downloads. Back running again for the most part now. .... I, at some point in the day, tried to download Adobe Flash which I may have deleted and it would not download saying that Firefox was preventing the download. I tried downloading it on Internet Explorer with no success.
yesterday late afternoon I downloaded Malwarebytes Anti-malware and overnight I again let it do a complete scan. This morning I find it had found like 7 bugs (hijacker, etc..) I quarantined them, rebooted ask asked and the reboot went fine. I downloaded Adobe Flash this morning with no problems, things are looking good but......
2 times, today I checked my Yahoo spam file and found 2 mail failures (both time to the same two addresses) meaning something is still sending out emails. In the Malware program it has notified me 6 or 8 time it has blocked outgoing info/messages. I am thinking those are just tracking cookies but who knows?
Should I go back to square one? Do the firewall, etc.. downloads again now that some? bugs are gone?

SuperDave · « **Reply #4 on:** June 06, 2011, 01:22:18 PM »

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*************************************************
Can you please attach the log for MBAM? I need to see what it found. You can find it the Logs tab in MBAM.
Also, the SAS log. You can find it this way: double-click the SUPERAntiSpyware icon on your desktop.
•Click Preferences. Click the Statistics/Logs tab.

•Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.

•It will open in your default text editor (preferably Notepad).
Copy and paste the log in your next reply.

Download DDS from HERE or HERE and save it to your desktop.

Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)

* XP users Double click on dds to run it.
* If your antivirus or firewall try to block DDS then please allow it to run.
* When finished DDS will open two (2) logs.

1) DDS.txt
2) Attach.txt

* Save both logs to your desktop.
* Please copy and paste the entire contents of both logs in your next reply.

Note: DDS will instruct you to post the Attach.txt log as an attachment.
Please just post it as you would any other log by copying and pasting it into the reply.

tepetapan · « **Reply #5 on:** June 06, 2011, 03:59:10 PM »

Here is the MalWare info. The Super spy info was all deleted during a system restore. I will do the download as requested early morning.
Thanks for helping, I need this thing to run as I use it for reservations. The computer is running, sometimes it slows down.
It is an Acer aspire 3690 if it matters.

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6775

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

6/5/2011 11:21:10 AM
mbam-log-2011-06-05 (11-21-10).txt

Scan type: Full scan (C:\|)
Objects scanned: 108213
Time elapsed: 1 hour(s), 22 minute(s), 22 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\WINDOWS\ie7\iexplore.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6775

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

6/6/2011 7:19:27 AM
mbam-log-2011-06-06 (07-19-27).txt

Scan type: Full scan (C:\|)
Objects scanned: 289842
Time elapsed: 1 hour(s), 18 minute(s), 34 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 2
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceClassicControlPanel (Hijack.ControlPanelStyle) -> Value: ForceClassicControlPanel -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceClassicControlPanel (Hijack.ControlPanelStyle) -> Value: ForceClassicControlPanel -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSMHelp (PUM.Hijack.Help) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\system volume information\_restore{6c8a0b6e-6c3c-415f-9b7d-b38290e531d5}\RP1495\A0206907.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.

09:57:47   gene   MESSAGE   Protection started successfully
09:58:01   gene   MESSAGE   IP Protection started successfully
11:29:41   gene   MESSAGE   Protection started successfully
11:30:02   gene   MESSAGE   IP Protection started successfully
13:34:21   gene   IP-BLOCK   208.87.149.250 (Type: outgoing)
13:34:24   gene   IP-BLOCK   208.87.149.250 (Type: outgoing)
13:34:30   gene   IP-BLOCK   208.87.149.250 (Type: outgoing)
13:57:23   gene   IP-BLOCK   208.87.149.250 (Type: outgoing)
13:57:26   gene   IP-BLOCK   208.87.149.250 (Type: outgoing)
13:57:32   gene   IP-BLOCK   208.87.149.250 (Type: outgoing)
16:16:11   gene   MESSAGE   Protection started successfully
16:16:19   gene   MESSAGE   IP Protection started successfully
16:20:47   (null)   MESSAGE   Protection started successfully
16:22:06   (null)   MESSAGE   IP Protection started successfully
16:45:18   Invitado   IP-BLOCK   208.87.149.250 (Type: outgoing)
16:45:27   Invitado   IP-BLOCK   208.87.149.250 (Type: outgoing)
17:08:11   gene   IP-BLOCK   208.87.149.250 (Type: outgoing)
17:08:14   gene   IP-BLOCK   208.87.149.250 (Type: outgoing)
17:08:20   gene   IP-BLOCK   208.87.149.250 (Type: outgoing)

06:03:03   gene   MESSAGE   Scheduled update executed successfully
06:03:07   gene   MESSAGE   IP Protection stopped
06:04:34   gene   MESSAGE   Database updated successfully
06:04:42   gene   MESSAGE   IP Protection started successfully
07:28:34   gene   MESSAGE   Protection started successfully
07:29:07   gene   MESSAGE   IP Protection started successfully
07:51:19   gene   IP-BLOCK   208.87.149.250 (Type: outgoing)
07:51:28   gene   IP-BLOCK   208.87.149.250 (Type: outgoing)
09:01:31   gene   IP-BLOCK   208.87.149.250 (Type: outgoing)
12:41:42   gene   IP-BLOCK   208.87.149.250 (Type: outgoing)
12:41:51   gene   IP-BLOCK   208.87.149.250 (Type: outgoing)
13:17:00   gene   IP-BLOCK   208.87.149.250 (Type: outgoing)
14:24:53   gene   IP-BLOCK   208.87.149.250 (Type: outgoing)
14:37:28   gene   IP-BLOCK   208.87.149.250 (Type: outgoing)
16:38:33   (null)   MESSAGE   Protection started successfully
16:40:12   gene   MESSAGE   IP Protection started successfully

SuperDave · « **Reply #6 on:** June 06, 2011, 04:13:44 PM »

Please do not use System Restore at any point in the cleaning. I could be still infected. I still need to see the DDS logs.

tepetapan · « **Reply #7 on:** June 06, 2011, 06:16:55 PM »

Here are both dds results
thanks again

.
DDS (Ver_2011-06-03.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24
Run by gene at 19:00:11 on 2011-06-06
Microsoft Windows XP Professional 5.1.2600.3.1252.34.3082.18.502.78 [GMT -5:00]
.
AV: Spyware Doctor with AntiVirus *Enabled/Updated* {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Archivos de programa\PC Tools Security\BDT\BDTUpdateService.exe
C:\Archivos de programa\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Archivos de programa\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Archivos de programa\PC Tools Security\pctsAuxs.exe
C:\Archivos de programa\PC Tools Security\pctsSvc.exe
C:\Archivos de programa\Yahoo!\Search Protection\SearchProtection.exe
C:\Archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe
C:\Archivos de programa\PC Tools Security\BDT\FGuard.exe
C:\Archivos de programa\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\PDF\pdfSaver\pdfSaver3.exe
C:\Archivos de programa\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Archivos de programa\Skype\Phone\Skype.exe
C:\Archivos de programa\Linksys Wireless Guard\WscGuard.exe
C:\Archivos de programa\Archivos comunes\Microsoft Shared\Works Shared\wkcalrem.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Archivos de programa\PC Tools Security\pctsGui.exe
C:\Archivos de programa\Linksys Wireless Guard\WscNetMgrSvc.exe
C:\Archivos de programa\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Archivos de programa\PC Tools Security\pctsGui.exe
C:\Archivos de programa\PC Tools Security\TFEngine\TFService.exe
C:\WINDOWS\system32\msiexec.exe
C:\Archivos de programa\Mozilla Firefox\firefox.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://mx.my.yahoo.com/
uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie8
uDefault_Search_URL = hxxp://www.google.com/ie
uWindow Title = Windows Internet Explorer provided by Yahoo!
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\archivos de programa\yahoo!\companion\installs\cpn2\yt.dll
uURLSearchHooks: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\archivos de programa\pc tools security\bdt\PCTBrowserDefender.dll
mURLSearchHooks: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\archivos de programa\pc tools security\bdt\PCTBrowserDefender.dll
mWinlogon: UIHost=XPize_Logon.exe
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\archivos de programa\yahoo!\companion\installs\cpn2\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\archivos de programa\archivos comunes\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\archivos de programa\pc tools security\bdt\PCTBrowserDefender.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\archivos de programa\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\archivos de programa\java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\archivos de programa\yahoo!\companion\installs\cpn2\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\archivos de programa\yahoo!\companion\installs\cpn2\yt.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\archivos de programa\pc tools security\bdt\PCTBrowserDefender.dll
TB: {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [pdfSaver3] "c:\program files\pdf\pdfsaver\pdfSaver3.exe"
uRun: [<NO NAME>]
uRun: [swg] "c:\archivos de programa\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Search Protection] c:\archivos de programa\yahoo!\search protection\SearchProtection.exe
uRun: [YSearchProtection] c:\archivos de programa\yahoo!\search protection\SearchProtection.exe
uRun: [Skype] "c:\archivos de programa\skype\phone\Skype.exe" /nosplash /minimized
mRun: [pdfSaver3]
mRun: [Windows Defender] "c:\archivos de programa\windows defender\MSASCui.exe" -hide
mRun: [PRISMSVR.EXE] "c:\windows\system32\PRISMSVR.EXE" /APPLY
mRun: [YSearchProtection] "c:\archivos de programa\yahoo!\search protection\SearchProtection.exe"
mRun: [TkBellExe] "c:\archivos de programa\archivos comunes\real\update_ob\realsched.exe" -osboot
mRun: [Adobe Reader Speed Launcher] "c:\archivos de programa\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\archivos de programa\archivos comunes\adobe\arm\1.0\AdobeARM.exe"
mRun: [PCTools FGuard] c:\archivos de programa\pc tools security\bdt\FGuard.exe
mRun: [ISTray] "c:\archivos de programa\pc tools security\pctsGui.exe" /hideGUI
mRun: [Malwarebytes' Anti-Malware] "c:\archivos de programa\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [SunJavaUpdateSched] "c:\archivos de programa\archivos comunes\java\java update\jusched.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [DWQueuedReporting] "c:\archiv~1\archiv~1\micros~1\dw\dwtrig20.exe" -t
dRun: [Picasa Media Detector] c:\archivos de programa\picasa2\PicasaMediaDetector.exe
dRunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
StartupFolder: c:\docume~1\alluse~1\menini~1\progra~1\inicio\linksy~1.lnk - c:\archivos de programa\linksys wireless guard\WscGuard.exe
StartupFolder: c:\docume~1\alluse~1\menini~1\progra~1\inicio\micros~1.lnk - c:\archivos de programa\archivos comunes\microsoft shared\works shared\wkcalrem.exe
uPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
uPolicies-explorer: NoSMMyPictures = 1 (0x1)
uPolicies-explorer: NoResolveTrack = 1 (0x1)
mPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
dPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
dPolicies-explorer: NoSMHelp = 1 (0x1)
dPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
dPolicies-explorer: NoSMMyPictures = 1 (0x1)
dPolicies-explorer: NoResolveTrack = 1 (0x1)
IE: E&xportar a Microsoft Excel - c:\archiv~1\micros~1\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\archivos de programa\google\google toolbar\component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: Lookup on Merriam Webster - file://c:\archivos de programa\iespell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\archivos de programa\iespell\wikipedia.HTM
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\archivos de programa\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\archiv~1\micros~1\office11\REFIEBAR.DLL
LSP: c:\archivos de programa\archivos comunes\pc tools\lsp\PCTLsp.dll
Trusted Zone: bcnonline.com\www
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1187408947453
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1195573220859
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://148.213.21.243/activex/AMC.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{54A271AC-5052-4721-9302-DF9B8759B8D1} : DhcpNameServer = 192.168.1.254
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\archiv~1\archiv~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\archiv~1\wifd1f~1\MpShHook.dll
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\archivos de programa\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\gne\datos de programa\mozilla\firefox\profiles\q616o4o9.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com//?fr=fp-tyc8
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - plugin: c:\archivos de programa\google\google updater\2.4.1895.7162\npCIDetect14.dll
FF - plugin: c:\archivos de programa\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\archivos de programa\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\archivos de programa\microsoft silverlight\4.0.60310.0\npctrlui.dll
FF - plugin: c:\archivos de programa\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\archivos de programa\nos\bin\np_gp.dll
FF - plugin: c:\archivos de programa\picasa2\npPicasa3.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nppl3260.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nppl3260.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprjplug.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprjplug.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprpjplug.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprpjplug.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============
.
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2011-4-19 239168]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2011-4-19 338880]
R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2011-4-19 656320]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2011-5-12 51984]
R0 TFSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2011-5-12 69392]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2011-4-19 251560]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\archivos de programa\pc tools security\bdt\BDTUpdateService.exe [2011-4-19 247760]
R2 MBAMService;MBAMService;c:\archivos de programa\malwarebytes' anti-malware\mbamservice.exe [2011-6-5 366640]
R2 sdAuxService;PC Tools Auxiliary Service;c:\archivos de programa\pc tools security\pctsAuxs.exe [2011-4-19 366840]
R2 sdCoreService;PC Tools Security Service;c:\archivos de programa\pc tools security\pctsSvc.exe [2011-4-19 1150936]
R2 WSCNetManager;Linksys Wireless Guard Network Manager Service;c:\archivos de programa\linksys wireless guard\WscNetMgrSvc.exe [2004-4-18 663635]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-6-5 22712]
R3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [2011-4-19 70536]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2011-5-12 33552]
R3 ThreatFire;ThreatFire;c:\archivos de programa\pc tools security\tfengine\tfservice.exe service --> c:\archivos de programa\pc tools security\tfengine\TFService.exe service [?]
S2 gupdate1c98614e61c2c66;Google Update Service (gupdate1c98614e61c2c66);c:\archivos de programa\google\update\GoogleUpdate.exe [2009-2-3 133104]
S2 WinDefend;Windows Defender;c:\archivos de programa\windows defender\MsMpEng.exe [2006-11-3 13592]
S3 gupdatem;Servicio de Google Update (gupdatem);c:\archivos de programa\google\update\GoogleUpdate.exe [2009-2-3 133104]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-6-5 39984]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2004-8-19 14336]
.
=============== Created Last 30 ================
.
2011-06-05 14:56:31   --------   d-----w-   c:\documents and settings\gne\datos de programa\Malwarebytes
2011-06-05 14:56:18   39984   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-05 14:56:17   --------   d-----w-   c:\documents and settings\all users\datos de programa\Malwarebytes
2011-06-05 14:56:12   22712   ----a-w-   c:\windows\system32\drivers\mbam.sys
2011-06-05 14:56:12   --------   d-----w-   c:\archivos de programa\Malwarebytes' Anti-Malware
2011-06-05 14:48:01   --------   d-----w-   c:\archivos de programa\CCleaner
2011-06-05 14:36:05   --------   d-----w-   c:\windows\system32\wbem\repository\FS
2011-06-05 14:36:05   --------   d-----w-   c:\windows\system32\wbem\Repository
2011-06-05 13:50:38   --------   d-----w-   c:\documents and settings\gne\datos de programa\OnlineArmor
2011-06-05 13:50:38   --------   d-----w-   c:\documents and settings\all users\datos de programa\OnlineArmor
2011-06-04 22:49:10   --------   d-----w-   c:\documents and settings\gne\datos de programa\SUPERAntiSpyware.com
2011-06-04 22:48:08   --------   d-----w-   c:\archivos de programa\SUPERAntiSpyware
2011-06-04 20:32:19   39048   ----a-w-   c:\windows\system32\drivers\oahlp32.sys
2011-06-04 20:32:19   29464   ----a-w-   c:\windows\system32\drivers\OAnet.sys
2011-06-04 20:32:19   25192   ----a-w-   c:\windows\system32\drivers\OAmon.sys
2011-06-04 20:32:19   205864   ----a-w-   c:\windows\system32\drivers\OADriver.sys
2011-06-04 20:32:11   --------   d-----w-   c:\archivos de programa\Online Armor
2011-05-27 12:34:46   404640   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-12 12:52:14   69392   --s---w-   c:\windows\system32\drivers\TfSysMon.sys
2011-05-12 12:52:13   51984   --s---w-   c:\windows\system32\drivers\TfFsMon.sys
2011-05-12 12:52:13   33552   --s---w-   c:\windows\system32\drivers\TfNetMon.sys
.
==================== Find3M ====================
.
2011-06-04 20:02:14   98304   ----a-w-   c:\windows\DUMP78e9.tmp
2011-06-04 14:37:25   98304   ----a-w-   c:\windows\DUMP74e1.tmp
.
============= FINISH: 19:04:03.10 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-03.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 8/15/2007 8:49:35 PM
System Uptime: 6/6/2011 6:40:03 PM (1 hours ago)
.
Motherboard: Acer | | Grapevine
Processor: Intel(R) Celeron(R) M CPU 440 @ 1.86GHz | U1 | 1862/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 75 GiB total, 51.244 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1472: 5/22/2011 2:42:08 PM - Punto de control del sistema
RP1473: 5/23/2011 3:28:49 PM - Punto de control del sistema
RP1474: 5/25/2011 9:33:58 AM - Punto de control del sistema
RP1475: 5/26/2011 11:29:10 AM - Punto de control del sistema
RP1476: 5/27/2011 12:32:15 PM - Punto de control del sistema
RP1477: 5/28/2011 12:58:13 PM - Punto de control del sistema
RP1478: 5/29/2011 1:57:10 PM - Punto de control del sistema
RP1479: 5/30/2011 2:46:30 PM - Punto de control del sistema
RP1480: 5/31/2011 1:55:07 PM - Software Distribution Service 3.0
RP1481: 6/1/2011 2:05:44 PM - Punto de control del sistema
RP1482: 6/2/2011 4:01:51 PM - Punto de control del sistema
RP1483: 6/3/2011 3:11:39 PM - Eliminado Asistente Infinitum
RP1484: 6/3/2011 3:24:23 PM - Configured Merriam-Webster
RP1485: 6/3/2011 3:27:04 PM - Removed Office Suite 2006
RP1486: 6/3/2011 3:28:20 PM - Removed OpenOffice.org 2.4
RP1487: 6/3/2011 3:34:43 PM - Removed Windows Live Messenger
RP1488: 6/3/2011 3:37:07 PM - Removed Skype Toolbars
RP1489: 6/4/2011 10:50:37 AM - Operación de restauración
RP1490: 6/4/2011 1:35:43 PM - Eliminado Google Earth.
RP1491: 6/4/2011 1:39:21 PM - Removed Print Workshop 2004 LE
RP1492: 6/4/2011 3:32:58 PM - Online Armor installation
RP1493: 6/5/2011 8:33:49 AM - Operación de restauración
RP1494: 6/5/2011 8:50:07 AM - Online Armor installation
RP1495: 6/5/2011 9:35:05 AM - Operación de restauración
RP1496: 6/6/2011 10:33:44 AM - Punto de control del sistema
RP1497: 6/6/2011 6:54:53 PM - Installed Java(TM) 6 Update 24
.
==== Installed Programs ======================
.
2Wire Wireless Client
Acer Screensaver
Actualización crítica para el Reproductor de Windows Media 11 (KB959772)
Actualización de seguridad para el Reproductor de Windows Media (KB2378111)
Actualización de seguridad para el Reproductor de Windows Media (KB952069)
Actualización de seguridad para el Reproductor de Windows Media (KB954155)
Actualización de seguridad para el Reproductor de Windows Media (KB968816)
Actualización de seguridad para el Reproductor de Windows Media (KB973540)
Actualización de seguridad para el Reproductor de Windows Media (KB975558)
Actualización de seguridad para el Reproductor de Windows Media (KB978695)
Actualización de seguridad para el Reproductor de Windows Media 11 (KB936782)
Actualización de seguridad para el Reproductor de Windows Media 11 (KB954154)
Actualización de seguridad para Windows Internet Explorer 7 (KB937143)
Actualización de seguridad para Windows Internet Explorer 7 (KB938127)
Actualización de seguridad para Windows Internet Explorer 7 (KB939653)
Actualización de seguridad para Windows Internet Explorer 7 (KB942615)
Actualización de seguridad para Windows Internet Explorer 7 (KB944533)
Actualización de seguridad para Windows Internet Explorer 7 (KB950759)
Actualización de seguridad para Windows Internet Explorer 7 (KB953838)
Actualización de seguridad para Windows Internet Explorer 7 (KB956390)
Actualización de seguridad para Windows Internet Explorer 7 (KB958215)
Actualización de seguridad para Windows Internet Explorer 7 (KB960714)
Actualización de seguridad para Windows Internet Explorer 7 (KB961260)
Actualización de seguridad para Windows Internet Explorer 8 (KB2482017)
Actualización de seguridad para Windows Internet Explorer 8 (KB2497640)
Actualización de seguridad para Windows Internet Explorer 8 (KB982381)
Actualización de seguridad para Windows XP (KB2079403)
Actualización de seguridad para Windows XP (KB2115168)
Actualización de seguridad para Windows XP (KB2121546)
Actualización de seguridad para Windows XP (KB2160329)
Actualización de seguridad para Windows XP (KB2229593)
Actualización de seguridad para Windows XP (KB2259922)
Actualización de seguridad para Windows XP (KB2279986)
Actualización de seguridad para Windows XP (KB2286198)
Actualización de seguridad para Windows XP (KB2296011)
Actualización de seguridad para Windows XP (KB2296199)
Actualización de seguridad para Windows XP (KB2347290)
Actualización de seguridad para Windows XP (KB2360937)
Actualización de seguridad para Windows XP (KB2387149)
Actualización de seguridad para Windows XP (KB2393802)
Actualización de seguridad para Windows XP (KB2412687)
Actualización de seguridad para Windows XP (KB2419632)
Actualización de seguridad para Windows XP (KB2423089)
Actualización de seguridad para Windows XP (KB2436673)
Actualización de seguridad para Windows XP (KB2440591)
Actualización de seguridad para Windows XP (KB2476687)
Actualización de seguridad para Windows XP (KB2478960)
Actualización de seguridad para Windows XP (KB2478971)
Actualización de seguridad para Windows XP (KB2479628)
Actualización de seguridad para Windows XP (KB2479943)
Actualización de seguridad para Windows XP (KB2481109)
Actualización de seguridad para Windows XP (KB2483185)
Actualización de seguridad para Windows XP (KB2485376)
Actualización de seguridad para Windows XP (KB2485663)
Actualización de seguridad para Windows XP (KB2503658)
Actualización de seguridad para Windows XP (KB2506212)
Actualización de seguridad para Windows XP (KB2506223)
Actualización de seguridad para Windows XP (KB2507618)
Actualización de seguridad para Windows XP (KB2508272)
Actualización de seguridad para Windows XP (KB2508429)
Actualización de seguridad para Windows XP (KB2509553)
Actualización de seguridad para Windows XP (KB2511455)
Actualización de seguridad para Windows XP (KB2524375)
Actualización de seguridad para Windows XP (KB923561)
Actualización de seguridad para Windows XP (KB938464)
Actualización de seguridad para Windows XP (KB941569)
Actualización de seguridad para Windows XP (KB946648)
Actualización de seguridad para Windows XP (KB950760)
Actualización de seguridad para Windows XP (KB950762)
Actualización de seguridad para Windows XP (KB950974)
Actualización de seguridad para Windows XP (KB951066)
Actualización de seguridad para Windows XP (KB951376-v2)
Actualización de seguridad para Windows XP (KB951698)
Actualización de seguridad para Windows XP (KB951748)
Actualización de seguridad para Windows XP (KB952004)
Actualización de seguridad para Windows XP (KB952954)
Actualización de seguridad para Windows XP (KB953839)
Actualización de seguridad para Windows XP (KB954211)
Actualización de seguridad para Windows XP (KB954459)
Actualización de seguridad para Windows XP (KB954600)
Actualización de seguridad para Windows XP (KB955069)
Actualización de seguridad para Windows XP (KB956391)
Actualización de seguridad para Windows XP (KB956572)
Actualización de seguridad para Windows XP (KB956744)
Actualización de seguridad para Windows XP (KB956802)
Actualización de seguridad para Windows XP (KB956803)
Actualización de seguridad para Windows XP (KB956841)
Actualización de seguridad para Windows XP (KB956844)
Actualización de seguridad para Windows XP (KB957095)
Actualización de seguridad para Windows XP (KB957097)
Actualización de seguridad para Windows XP (KB958644)
Actualización de seguridad para Windows XP (KB958687)
Actualización de seguridad para Windows XP (KB958690)
Actualización de seguridad para Windows XP (KB958869)
Actualización de seguridad para Windows XP (KB959426)
Actualización de seguridad para Windows XP (KB960225)
Actualización de seguridad para Windows XP (KB960715)
Actualización de seguridad para Windows XP (KB960803)
Actualización de seguridad para Windows XP (KB960859)
Actualización de seguridad para Windows XP (KB961371)
Actualización de seguridad para Windows XP (KB961373)
Actualización de seguridad para Windows XP (KB961501)
Actualización de seguridad para Windows XP (KB968537)
Actualización de seguridad para Windows XP (KB969059)
Actualización de seguridad para Windows XP (KB969898)
Actualización de seguridad para Windows XP (KB969947)
Actualización de seguridad para Windows XP (KB970238)
Actualización de seguridad para Windows XP (KB970430)
Actualización de seguridad para Windows XP (KB971468)
Actualización de seguridad para Windows XP (KB971486)
Actualización de seguridad para Windows XP (KB971557)
Actualización de seguridad para Windows XP (KB971633)
Actualización de seguridad para Windows XP (KB971657)
Actualización de seguridad para Windows XP (KB972270)
Actualización de seguridad para Windows XP (KB973346)
Actualización de seguridad para Windows XP (KB973354)
Actualización de seguridad para Windows XP (KB973507)
Actualización de seguridad para Windows XP (KB973525)
Actualización de seguridad para Windows XP (KB973869)
Actualización de seguridad para Windows XP (KB973904)
Actualización de seguridad para Windows XP (KB974112)
Actualización de seguridad para Windows XP (KB974318)
Actualización de seguridad para Windows XP (KB974392)
Actualización de seguridad para Windows XP (KB974571)
Actualización de seguridad para Windows XP (KB975467)
Actualización de seguridad para Windows XP (KB975560)
Actualización de seguridad para Windows XP (KB975562)
Actualización de seguridad para Windows XP (KB975713)
Actualización de seguridad para Windows XP (KB977165)
Actualización de seguridad para Windows XP (KB977816)
Actualización de seguridad para Windows XP (KB977914)
Actualización de seguridad para Windows XP (KB978037)
Actualización de seguridad para Windows XP (KB978251)
Actualización de seguridad para Windows XP (KB978262)
Actualización de seguridad para Windows XP (KB978338)
Actualización de seguridad para Windows XP (KB978542)
Actualización de seguridad para Windows XP (KB978601)
Actualización de seguridad para Windows XP (KB978706)
Actualización de seguridad para Windows XP (KB979482)
Actualización de seguridad para Windows XP (KB979559)
Actualización de seguridad para Windows XP (KB979683)
Actualización de seguridad para Windows XP (KB979687)
Actualización de seguridad para Windows XP (KB980195)
Actualización de seguridad para Windows XP (KB980218)
Actualización de seguridad para Windows XP (KB980232)
Actualización de seguridad para Windows XP (KB980436)
Actualización de seguridad para Windows XP (KB981322)
Actualización de seguridad para Windows XP (KB981852)
Actualización de seguridad para Windows XP (KB981957)
Actualización de seguridad para Windows XP (KB982132)
Actualización de seguridad para Windows XP (KB982214)
Actualización de seguridad para Windows XP (KB982665)
Actualización de seguridad para Windows XP (KB982802)
Actualización para Windows XP (KB2141007)
Actualización para Windows XP (KB2345886)
Actualización para Windows XP (KB2467659)
Actualización para Windows XP (KB951072-v2)
Actualización para Windows XP (KB951978)
Actualización para Windows XP (KB955759)
Actualización para Windows XP (KB955839)
Actualización para Windows XP (KB967715)
Actualización para Windows XP (KB968389)
Actualización para Windows XP (KB971029)
Actualización para Windows XP (KB971737)
Actualización para Windows XP (KB973687)
Actualización para Windows XP (KB973815)
Adobe AIR
Adobe Download Manager
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Media Player
Adobe Reader 9.4.4
Adobe Shockwave Player
Asistente Prodigy
Atheros Wireless LAN
Broadcom 802.11 Network Adapter
Browser Defender 3.0
CA Yahoo! Anti-Spy (remove only)
CCleaner
Cool Timer 3.6
EasyJob Resume Builder 4.00.1974
EuroTalk Talk Now Plus!
Google Toolbar for Firefox
Google Update Helper
Google Updater
High Definition Audio Driver Package - KB888111
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB954550-v5)
Intel(R) Graphics Media Accelerator Driver
Java Auto Updater
Java(TM) 6 Update 24
Java(TM) 6 Update 4
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Java(TM) SE Runtime Environment 6
K-Lite Codec Pack 2.81 Full
Learn Inglés Your Way
Linksys Wireless Guard
Malwarebytes' Anti-Malware version 1.51.0.1200
Merriam-Webster 3.0
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2000 Standard Edition
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works 2000
Move Networks Media Player for Internet Explorer
Mozilla Firefox 4.0.1 (x86 es-ES)
MSXML 4.0 SP2 (KB954430)
Nero 7.5.9.0
Octoshape add-in for Adobe Flash Player
OGA Notifier 1.7.0105.35.0
Online Armor 5.0
Prodigy Infinitum Módem Router Inalámbrico
Radio365 2.0
RealPlayer
Realtek High Definition Audio Driver
Reproductor de Windows Media 11
Revisión para el Reproductor de Windows Media 11 (KB939683)
Revisión para Windows XP (KB2158563)
Revisión para Windows XP (KB2443685)
Revisión para Windows XP (KB952287)
Revisión para Windows XP (KB961118)
Revisión para Windows XP (KB970653-v3)
Revisión para Windows XP (KB976098-v2)
Revisión para Windows XP (KB979306)
Revisión para Windows XP (KB981793)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Skype™ 5.1
Spyware Doctor
TuneUp Utilities 2006
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
WIDCOMM Bluetooth Software
Windows Defender
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
Yahoo! Detect
Yahoo! Search Protection
Yahoo! Software Update
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
6/6/2011 4:23:07 PM, error: Service Control Manager [7011] - Intervalo de espera (30000 ms.) para la respuesta de transacción del servicio Dnscache.
6/5/2011 9:26:58 AM, error: Service Control Manager [7026] - El controlador de inicialización siguiente no se cargó correctamente: Fips intelppm OADevice oahlpXX TfFsMon TFSysMon
6/5/2011 9:03:16 AM, error: Service Control Manager [7034] - El servicio Online Armor se terminó de manera inesperada. Esto ha sucedido 1 veces.
6/5/2011 8:33:34 AM, error: Service Control Manager [7026] - El controlador de inicialización siguiente no se cargó correctamente: Fips intelppm OADevice oahlpXX SASDIFSV SASKUTIL TfFsMon TFSysMon
6/5/2011 8:25:25 AM, error: Service Control Manager [7009] - Intervalo de espera (30000 ms.) para la conexión con el servicio ThreatFire.
6/5/2011 8:23:50 AM, error: Service Control Manager [7000] - El servicio Servicio de puerta de enlace de capa de aplicación no pudo iniciarse debido al siguiente error: El servicio no ha respondido a la petición o inicio del control en un tiempo adecuado.
6/5/2011 8:23:49 AM, error: Service Control Manager [7009] - Intervalo de espera (30000 ms.) para la conexión con el servicio Servicio de puerta de enlace de capa de aplicación.
6/5/2011 8:13:34 AM, error: Service Control Manager [7011] - Intervalo de espera (30000 ms.) para la respuesta de transacción del servicio SharedAccess.
6/5/2011 8:13:32 AM, error: Service Control Manager [7000] - El servicio Adaptador de rendimiento de WMI no pudo iniciarse debido al siguiente error: El servicio no ha respondido a la petición o inicio del control en un tiempo adecuado.
6/5/2011 8:13:31 AM, error: Service Control Manager [7009] - Intervalo de espera (30000 ms.) para la conexión con el servicio Adaptador de rendimiento de WMI.
6/5/2011 8:06:47 AM, error: Service Control Manager [7009] - Intervalo de espera (30000 ms.) para la conexión con el servicio Adaptador de rendimiento de WMI.
6/5/2011 8:06:47 AM, error: Service Control Manager [7000] - El servicio Adaptador de rendimiento de WMI no pudo iniciarse debido al siguiente error: El servicio no ha respondido a la petición o inicio del control en un tiempo adecuado.
6/4/2011 4:04:42 PM, error: Service Control Manager [7034] - El servicio Online Armor se terminó de manera inesperada. Esto ha sucedido 1 veces.
6/4/2011 10:47:55 AM, error: DCOM [10005] - DCOM ha obtenido un error "%1084" al intentar iniciar el servicio EventSystem con argumentos "" para ejecutar el servidor: {1BE1F766-5536-11D1-B726-00C04FB926AF}
6/4/2011 10:47:30 AM, error: Service Control Manager [7026] - El controlador de inicialización siguiente no se cargó correctamente: Fips intelppm TfFsMon TFSysMon
6/3/2011 1:12:11 PM, error: Service Control Manager [7026] - El controlador de inicialización siguiente no se cargó correctamente: AFD Fips intelppm IPSec MRxSmb NetBIOS NetBT pctgntdi RasAcd Rdbss Tcpip WS2IFSL
6/3/2011 1:11:40 PM, error: Service Control Manager [7001] - El servicio Servicios IPSEC depende del servicio Controlador IPSEC, el cual no pudo iniciarse debido al siguiente error: Uno de los dispositivos vinculados al sistema no funciona.
6/3/2011 1:11:40 PM, error: Service Control Manager [7001] - El servicio Cliente DNS depende del servicio Controlador de protocolo TCP/IP, el cual no pudo iniciarse debido al siguiente error: Uno de los dispositivos vinculados al sistema no funciona.
6/3/2011 1:11:40 PM, error: Service Control Manager [7001] - El servicio Cliente DHCP depende del servicio NetBios a través de Tcpip, el cual no pudo iniciarse debido al siguiente error: Uno de los dispositivos vinculados al sistema no funciona.
6/3/2011 1:11:40 PM, error: Service Control Manager [7001] - El servicio Ayuda de NetBIOS sobre TCP/IP depende del servicio AFD, el cual no pudo iniciarse debido al siguiente error: Uno de los dispositivos vinculados al sistema no funciona.
.
==== End Of File ===========================

SuperDave · « **Reply #8 on:** June 07, 2011, 06:03:44 PM »

Update Your Java (JRE)

Old versions of Java have vulnerabilities that malware can use to infect your system.

First Verify your Java Version

If there are any other version(s) installed then update now.

Get the new version (if needed)

If your version is out of date install the newest version of the Sun Java Runtime Environment.

Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Be sure to close ALL open web browsers before starting the installation.

Remove any old versions

1. Download JavaRa and unzip the file to your Desktop.
2. Open JavaRA.exe and choose Remove Older Versions
3. Once complete exit JavaRA.

Additional Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.
*****************************************************
Download OTL to your desktop.

* Open OTL
* Copy and Paste the following text in the codebox into the Custom Scans/Fixes window.

Code: [Select]

:OTL
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
uRun: [<NO NAME>] 
mRun: [TkBellExe] "c:\archivos de programa\archivos comunes\real\update_ob\realsched.exe"  -osboot
Trusted Zone: bcnonline.com\www
c:\windows\DUMP78e9.tmp
c:\windows\DUMP74e1.tmp

:COMMANDS
[resethosts]
[purity]
[emptytemp]
[start explorer]

* Click Run Fix
* OTLI2 may ask to reboot the machine. Please do so if asked.
* Click OK
* A report will open. Copy and Paste that report in your next reply.
***************************************************************
Please download ComboFix

from BleepingComputer.com

Alternate link: GeeksToGo.com

and save it to your Desktop.
It would be easiest to download using Internet Explorer.
If you insist on using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
Double click ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console

Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.

If you have problems with ComboFix usage, see How to use ComboFix

tepetapan · « **Reply #9 on:** June 08, 2011, 09:48:33 AM »

Ok, I did the Java update and removed all the older versions of Java.
I downloaded OTL and ran it..... the OTL box went white and I was told the program is not responding. I waited about 10 mintes but the computer was frozen. I popped the battery and got it running again.
II decided to try the download of OTL with Internet Explorer instead of Firefox. I tried to download IE as the one on the desktop shows it is running without add-ons

The computer loaded IE and rebooted but the download failed. Hmmmm.
I tried again the OTL on the IE I have, the download went smooth but attaching the code took a few tries. Once again I tried to run the OTL and the computer froze up again with the OTL box white. Not responding is what I am told. I tried (as I did the first time) to close the OTL program but the computer would not respond. Popped the battery again. Are we having fun yet?
The computer is running again and I am using it to write this saga.
Should I go ahead with the next step ?

SuperDave · « **Reply #10 on:** June 08, 2011, 12:45:39 PM »

Yes, please proceed with ComboFix and see what kind of luck we have there.

tepetapan · « **Reply #11 on:** June 08, 2011, 05:17:05 PM »

Here is the latest scan. At one point it was noted that a driver as infected but by the time I got a pen to write it down that was deleated.
Spyware Drs. had restarted so it asked me to shut it down, I did and it seemed to continue the scan.
on another note, I have tried to delete the Merrian Webster program in the past and I see it still is hanging around.

ComboFix 11-06-08.01 - gene 06/08/2011 17:04:57.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.34.3082.18.502.254 [GMT -5:00]
Running from: c:\documents and settings\gne\Mis documentos\Descargas\ComboFix.exe
AV: Spyware Doctor with AntiVirus *Enabled/Updated* {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\archivos de programa\Internet Explorer\SET7.tmp
c:\archivos de programa\Internet Explorer\SET8.tmp
c:\archivos de programa\Internet Explorer\SET9.tmp
c:\archivos de programa\Internet Explorer\SETA.tmp
c:\archivos de programa\Internet Explorer\SETB.tmp
c:\archivos de programa\Internet Explorer\SETC.tmp
c:\documents and settings\gne\System
c:\documents and settings\gne\System\win_qs8.jqx
c:\documents and settings\gne\WINDOWS
C:\LOGEEB.tmp
c:\windows\system32\spool\prtprocs\w32x86\lxamPP(2).DLL
.

.
c:\windows\system32\proquota.exe was missing
Restored copy from - c:\windows\ServicePackFiles\i386\proquota.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-05-08 to 2011-06-08 )))))))))))))))))))))))))))))))
.
.
2011-06-08 22:17 . 2008-04-14 02:19   50688   ----a-w-   c:\windows\system32\proquota.exe
2011-06-08 21:50 . 2008-04-14 01:51   53248   ----a-w-   c:\windows\system32\drivers\Volsnap.sys
2011-06-08 14:08 . 2011-06-08 14:08   --------   d-----w-   C:\_OTL
2011-06-05 14:56 . 2011-06-05 14:56   --------   d-----w-   c:\documents and settings\gne\Datos de programa\Malwarebytes
2011-06-05 14:56 . 2011-05-29 14:11   39984   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-05 14:56 . 2011-06-05 14:56   --------   d-----w-   c:\documents and settings\All Users\Datos de programa\Malwarebytes
2011-06-05 14:56 . 2011-06-05 14:56   --------   d-----w-   c:\archivos de programa\Malwarebytes' Anti-Malware
2011-06-05 14:56 . 2011-05-29 14:11   22712   ----a-w-   c:\windows\system32\drivers\mbam.sys
2011-06-05 14:48 . 2011-06-05 14:48   --------   d-----w-   c:\archivos de programa\CCleaner
2011-06-05 14:36 . 2011-06-05 14:36   --------   d-----w-   c:\windows\system32\wbem\Repository
2011-06-05 13:50 . 2011-06-05 14:35   --------   d-----w-   c:\documents and settings\All Users\Datos de programa\OnlineArmor
2011-06-05 13:50 . 2011-06-05 13:51   --------   d-----w-   c:\documents and settings\gne\Datos de programa\OnlineArmor
2011-06-05 13:22 . 2011-06-05 13:22   --------   d-----w-   c:\documents and settings\Invitado.ACER\Datos de programa\OnlineArmor
2011-06-04 22:49 . 2011-06-04 22:49   --------   d-----w-   c:\documents and settings\gne\Datos de programa\SUPERAntiSpyware.com
2011-06-04 22:48 . 2011-06-05 13:36   --------   d-----w-   c:\archivos de programa\SUPERAntiSpyware
2011-06-04 20:32 . 2011-04-06 18:02   39048   ----a-w-   c:\windows\system32\drivers\oahlp32.sys
2011-06-04 20:32 . 2011-04-06 18:01   29464   ----a-w-   c:\windows\system32\drivers\OAnet.sys
2011-06-04 20:32 . 2011-04-06 18:01   25192   ----a-w-   c:\windows\system32\drivers\OAmon.sys
2011-06-04 20:32 . 2011-04-06 18:01   205864   ----a-w-   c:\windows\system32\drivers\OADriver.sys
2011-06-04 20:32 . 2011-06-05 14:06   --------   d-----w-   c:\archivos de programa\Online Armor
2011-05-27 12:34 . 2011-06-06 12:40   404640   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-19 19:02 . 2011-05-19 23:33   --------   d-----w-   c:\documents and settings\Invitado.ACER\Configuración local\Datos de programa\Adobe
2011-05-12 12:52 . 2010-12-31 14:36   69392   --s---w-   c:\windows\system32\drivers\TfSysMon.sys
2011-05-12 12:52 . 2010-12-31 14:36   33552   --s---w-   c:\windows\system32\drivers\TfNetMon.sys
2011-05-12 12:52 . 2010-12-31 14:36   51984   --s---w-   c:\windows\system32\drivers\TfFsMon.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-07 23:46 . 2010-06-04 14:19   472808   ----a-w-   c:\windows\system32\deployJava1.dll
2011-06-07 23:46 . 2007-08-16 01:58   73728   ----a-w-   c:\windows\system32\javacpl.cpl
2011-06-04 20:02 . 2007-08-16 03:34   98304   ----a-w-   c:\windows\DUMP78e9.tmp
2011-06-04 14:37 . 2007-08-16 03:34   98304   ----a-w-   c:\windows\DUMP74e1.tmp
2011-04-18 14:15 . 2011-04-19 18:05   7071056   ----a-w-   c:\documents and settings\All Users\Datos de programa\Microsoft\Windows Defender\Definition Updates\{0D6AB577-A1AF-4499-8FD0-F4E3D16E44D4}\mpengine.dll
2011-04-14 16:43 . 2011-05-07 21:31   142296   ----a-w-   c:\archivos de programa\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2008-04-14 . E424F05B07AC4357DC08D06218D76C7C . 59904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\regsvc.dll
.
c:\windows\System32\regsvc.dll ... is missing !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"pdfSaver3"="c:\program files\PDF\pdfSaver\pdfSaver3.exe" [2004-05-19 385024]
"swg"="c:\archivos de programa\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-19 68856]
"Search Protection"="c:\archivos de programa\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"YSearchProtection"="c:\archivos de programa\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"Skype"="c:\archivos de programa\Skype\Phone\Skype.exe" [2011-01-26 15026056]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"YSearchProtection"="c:\archivos de programa\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"TkBellExe"="c:\archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe" [2009-11-25 198160]
"Adobe Reader Speed Launcher"="c:\archivos de programa\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\archivos de programa\Archivos comunes\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"PCTools FGuard"="c:\archivos de programa\PC Tools Security\BDT\FGuard.exe" [2011-01-07 108496]
"Malwarebytes' Anti-Malware"="c:\archivos de programa\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\archiv~1\ARCHIV~1\MICROS~1\DW\dwtrig20.exe" [2007-03-23 39264]
.
c:\documents and settings\All Users\Men£ Inicio\Programas\Inicio\
Linksys Wireless Guard.lnk - c:\archivos de programa\Linksys Wireless Guard\WscGuard.exe [2004-4-18 872526]
Microsoft Works Calendar Reminders.lnk - c:\archivos de programa\Archivos comunes\Microsoft Shared\Works Shared\wkcalrem.exe [1999-9-4 53317]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"=hex(2):58,50,69,7a,65,5f,4c,6f,67,6f,6e,2e,65,78,65,00
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menú Inicio^Programas^Inicio^BTTray.lnk]
path=c:\documents and settings\All Users\Menú Inicio\Programas\Inicio\BTTray.lnk
backup=c:\windows\pss\BTTray.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-03 02:43   69632   ----a-w-   c:\windows\Alcmtr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcWzrd]
2006-05-04 00:26   2808832   ----a-w-   c:\windows\alcwzrd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]
2005-11-11 12:40   1236992   ----a-r-   c:\windows\system32\WLTRAY.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 02:18   15360   ----a-w-   c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
2006-03-23 04:13   77824   ----a-r-   c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
2006-03-23 04:17   118784   ----a-r-   c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
2006-03-23 04:17   94208   ----a-r-   c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2006-12-18 19:12   16062464   ----a-w-   c:\windows\RTHDCPL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
2006-05-16 02:04   2879488   ----a-w-   c:\windows\SkyTel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2006-07-21 00:14   86016   ----a-w-   c:\windows\SoundMan.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TaskSwitchXP]
2006-08-04 22:29   62976   ----a-w-   c:\archivos de programa\TaskSwitchXP\TaskSwitchXP.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableUnicastResponsesToMulticastBroad cast"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\gne\\Datos de programa\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Archivos de programa\\Java\\jre6\\bin\\java.exe"=
"c:\\Archivos de programa\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Archivos de programa\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017
.
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [4/19/2011 12:56 PM 239168]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [4/19/2011 12:56 PM 338880]
R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [4/19/2011 12:56 PM 656320]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [8/15/2007 8:49 PM 639224]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [5/12/2011 7:52 AM 51984]
R0 TFSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [5/12/2011 7:52 AM 69392]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [4/19/2011 12:56 PM 251560]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\archivos de programa\PC Tools Security\BDT\BDTUpdateService.exe [4/19/2011 1:07 PM 247760]
R2 MBAMService;MBAMService;c:\archivos de programa\Malwarebytes' Anti-Malware\mbamservice.exe [6/5/2011 9:56 AM 366640]
R2 sdAuxService;PC Tools Auxiliary Service;c:\archivos de programa\PC Tools Security\pctsAuxs.exe [4/19/2011 12:55 PM 366840]
R2 WSCNetManager;Linksys Wireless Guard Network Manager Service;c:\archivos de programa\Linksys Wireless Guard\WscNetMgrSvc.exe [4/18/2004 9:57 AM 663635]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [6/5/2011 9:56 AM 22712]
S2 gupdate1c98614e61c2c66;Google Update Service (gupdate1c98614e61c2c66);c:\archivos de programa\Google\Update\GoogleUpdate.exe [2/3/2009 10:34 AM 133104]
S2 WinDefend;Windows Defender;c:\archivos de programa\Windows Defender\MsMpEng.exe [11/3/2006 8:19 PM 13592]
S3 gupdatem;Servicio de Google Update (gupdatem);c:\archivos de programa\Google\Update\GoogleUpdate.exe [2/3/2009 10:34 AM 133104]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [6/5/2011 9:56 AM 39984]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [8/19/2004 8:43 AM 14336]
S3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [4/19/2011 12:56 PM 70536]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [5/12/2011 7:52 AM 33552]
S3 ThreatFire;ThreatFire;c:\archivos de programa\PC Tools Security\TFEngine\TFService.exe service --> c:\archivos de programa\PC Tools Security\TFEngine\TFService.exe service [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper   REG_MULTI_SZ     nosGetPlusHelper
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 09:32   128512   ------w-   c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-08 c:\windows\Tasks\Google Software Updater.job
- c:\archivos de programa\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-08-18 23:22]
.
2011-06-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\archivos de programa\Google\Update\GoogleUpdate.exe [2009-02-03 15:34]
.
2011-06-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\archivos de programa\Google\Update\GoogleUpdate.exe [2009-02-03 15:34]
.
2011-06-08 c:\windows\Tasks\Mantenimiento con 1 clic.job
- c:\archivos de programa\TuneUp Utilities 2006\SystemOptimizer.exe [2006-10-06 03:37]
.
2011-06-08 c:\windows\Tasks\MP Scheduled Scan.job
- c:\archivos de programa\Windows Defender\MpCmdRun.exe [2006-11-04 01:20]
.
2011-06-07 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 23:04]
.
2011-06-08 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 23:04]
.
2011-06-08 c:\windows\Tasks\User_Feed_Synchronization-{24DAE1F8-C8C2-44DD-A5B3-29D9CCA234F3}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 09:31]
.
2011-06-08 c:\windows\Tasks\User_Feed_Synchronization-{CC7F30DA-B4C9-4AD8-BE6E-62B4DDA2FBFC}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://mx.my.yahoo.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xportar a Microsoft Excel - c:\archiv~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\archivos de programa\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: Lookup on Merriam Webster - file://c:\archivos de programa\ieSpell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\archivos de programa\ieSpell\wikipedia.HTM
LSP: c:\archivos de programa\Archivos comunes\PC Tools\Lsp\PCTLsp.dll
Trusted Zone: bcnonline.com\www
TCP: DhcpNameServer = 192.168.1.254
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://148.213.21.243/activex/AMC.cab
FF - ProfilePath - c:\documents and settings\gne\Datos de programa\Mozilla\Firefox\Profiles\q616o4o9.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com//?fr=fp-tyc8
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - user.js: yahoo.homepage.dontask - true
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKLM-Run-pdfSaver3 - (no file)
HKLM-Run-PRISMSVR.EXE - c:\windows\system32\PRISMSVR.EXE
HKLM-Run-SunJavaUpdateSched - c:\archivos de programa\Java\jre6\bin\jusched.exe
HKU-Default-Run-Picasa Media Detector - c:\archivos de programa\Picasa2\PicasaMediaDetector.exe
HKU-Default-RunOnce-nltide3 - rundll32 advpack.dll
MSConfigStartUp-AzMixerSel - c:\archivos de programa\Realtek\InstallShield\AzMixerSel.exe
MSConfigStartUp-EOUApp - c:\archivos de programa\Intel\Wireless\Bin\EOUWiz.exe
MSConfigStartUp-INPROCOMMWireless - c:\archivos de programa\Atheros\Wireless\Utility\WlanUtil.exe
MSConfigStartUp-IntelWireless - c:\archivos de programa\Intel\Wireless\Bin\ifrmewrk.exe
MSConfigStartUp-IntelZeroConfig - c:\archivos de programa\Intel\Wireless\bin\ZCfgSvc.exe
MSConfigStartUp-SynTPEnh - c:\archivos de programa\Synaptics\SynTP\SynTPEnh.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-08 17:55
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•
€|ÿÿÿÿ•€|ù•9~*]
"A0C0110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(800)
c:\archivos de programa\Archivos comunes\PC Tools\Lsp\PCTLsp.dll
.
- - - - - - - > 'explorer.exe'(3152)
c:\windows\system32\WININET.dll
c:\archivos de programa\Linksys Wireless Guard\WscGuiHelper.dll
c:\archiv~1\WINDOW~2\wmpband.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\archivos de programa\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\archivos de programa\Java\jre6\bin\jqs.exe
c:\archivos de programa\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\WgaTray.exe
.
**************************************************************************
.
Completion time: 2011-06-08 18:02:33 - machine was rebooted
ComboFix-quarantined-files.txt 2011-06-08 23:02
.
Pre-Run: 54,692,888,576 bytes libres
Post-Run: 59,617,308,672 bytes libres
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 34212E2914C5CD986CBF7851FCA70E18

SuperDave · « **Reply #12 on:** June 08, 2011, 05:54:58 PM »

Please download SystemLook from one of the links below and save it to your desktop.

Link # 1
Link # 2

Temporarily disable your antivirus and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

Double-click SystemLook.exe to run it.

Copy the contents of the following codebox into the main textfield.

Code: [Select]

:filefind
c:\windows\System32\regsvc.dll

Click the Look button to start the scan.

Note: The scan may take some time so please just let it do its work and be patient (or do something else unrelated to the computer).

When finished, a notepad window will open with the results of the scan. Please post the log. The log can also be found on your desktop entitled SystemLook.txt
******************************************************
I don't believe that ComboFix is running from the correct location: (c:\documents and settings\gne\Mis documentos\Descargas\ComboFix.exe)
It should be running from your desktop. Please uninstall/delete it, download a new one and run another scan and post the log.

tepetapan · « **Reply #13 on:** June 09, 2011, 08:51:13 AM »

SystemLook 04.09.10 by jpshortstuff
Log created at 09:49 on 09/06/2011 by gene
Administrator - Elevation successful

========== filefind ==========

Searching for "c:\windows\System32\regsvc.dll "
No files found.

-= EOF =-

tepetapan · « **Reply #14 on:** June 09, 2011, 12:18:04 PM »

Not having much luck this morning. I removed and then reinstalled the ComboFix to desktop. it notified me that Spyware Drs. was still running, which I had shut off yesterday. I checked it it said it was off but Combo says no. I closed everything, restarted Spyware Drs and then again went through the process of shutting it down As was yesterday Spyware come up with a box
"Disabling the spyware Drs. user interface" with bars going across the area slowly. This went on, as yesterday, nearly 15 minutes but today it just never seemed to finish the job. I finally decided to try and shut down but ended up having to pop the battery yet again.
The computer has been running very bad ever since. Freezing up about every 15 minutes with the hourglass symbol. sometimes it will start up again after 3 or 4 minutes, other times after 15 minutes it is still frozen.
I deleted the ComboFix and the Systemlook from the desktop but that did not seem to help.
In the end, early this morning before I started these proceedures, the thing was running far better than it had been. I then managed to return it to its current position.
For Sale! Cheap! Slightly used Acer!

SuperDave · « **Reply #15 on:** June 09, 2011, 04:16:01 PM »

Quote

Searching for "c:\windows\System32\regsvc.dll "
No files found.

Oh Oh. Do you have your OS disk(s)?

Quote

I then managed to return it to its current position.
For Sale! Cheap! Slightly used Acer!

Does this mean that you restored it to it's original state and you want to sell it?

tepetapan · « **Reply #16 on:** June 09, 2011, 05:36:25 PM »

Ha! No to the first question. How much you offering for the 2nd question. Shipping not included.

SuperDave · « **Reply #17 on:** June 10, 2011, 05:31:59 PM »

Quote

In the end, early this morning before I started these proceedures, the thing was running far better than it had been. I then managed to return it to its current position.

What do you mean "I then managed to return it to its current position"?
Can you try running the OTL script as described in Reply # 8

tepetapan · « **Reply #18 on:** June 12, 2011, 05:58:44 PM »

By current condition meaning it runs slow but it is not freezing up every 15 minutes. Usable is what I would call it.
I will do the download in the AM and post the results. I am a bit gun shy after the last bout but I would sure like to have this thing bug free.
This computer owes me nothing (besides a few documents), it is used in a tough enviroment since my "office" is outdoors,( covered ) but it can get hot down here..... pushing 100 F, six weeks a year. Being able to save a few things is my goal and to buy a desk top since they are cheaper here than laptops. Something fairly cheap since heat will always be an issue.

tepetapan · « **Reply #19 on:** June 14, 2011, 08:02:11 AM »

Tried 2 times to run the OTL.with no success. Both times, after 3 or 4 minutes it was noted "Program not responding" The second time I waited over 30 minutes just to be sure but things were locked up. I could not close the OTL program. I tried to shut down to computer but it froze up. Popped the battery again. The thing is running very poor at this moment.

SuperDave · « **Reply #20 on:** June 14, 2011, 05:00:05 PM »

Go to Start > Run > type Notepad.exe and click OK to open Notepad.

Copy all of the text in the below Code box into Notepad.

Code:
@echo off
copy c:\windows\ServicePackFiles\i386\regsvc.dll c:\windows\System32\regsvc.dll
exit

In Notepad go to File > Save as, choose to save it to your desktop and name it event.bat

Now double click the event.bat file you just created and let it finish.

You will know it's finished when there is a new file on your desktop.
********************************************************

* Double click on the OTL icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
* When the window appears, underneath Output at the top change it to Minimal Output.
* Check the boxes beside LOP Check and Purity Check.
* Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.

Please copy and pate the contents of these files, one at a time, into your next reply.

Note: You may need two or more posts to fit them all in.

tepetapan · « **Reply #21 on:** June 16, 2011, 08:44:05 AM »

OTL Extras logfile created on: 6/16/2011 9:16:07 AM - Run 1
OTL by OldTimer - Version 3.2.24.0 Folder = C:\Documents and Settings\gne\Escritorio
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: Estados Unidos | Language: ENU | Date Format: M/d/yyyy

502.05 Mb Total Physical Memory | 59.60 Mb Available Physical Memory | 11.87% Memory free
1.33 Gb Paging File | 0.28 Gb Available in Paging File | 21.29% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Archivos de programa
Drive C: | 74.52 Gb Total Space | 55.70 Gb Free Space | 74.75% Space Free | Partition Type: NTFS

Computer Name: ACER | User Name: gene | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Archivos de programa\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /k cd "%L" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
"DisableUnicastResponsesToMulticastBroad cast" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1723:TCP" = 1723:TCP:*:Enabled:@xpsp2res.dll,-22015
"1701:UDP" = 1701:UDP:*:Enabled:@xpsp2res.dll,-22016
"500:UDP" = 500:UDP:*:Enabled:@xpsp2res.dll,-22017

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
"DisableUnicastResponsesToMulticastBroad cast" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"1723:TCP" = 1723:TCP:*:Enabled:@xpsp2res.dll,-22015
"1701:UDP" = 1701:UDP:*:Enabled:@xpsp2res.dll,-22016
"500:UDP" = 500:UDP:*:Enabled:@xpsp2res.dll,-22017

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Archivos de programa\MSN Messenger\msncall.exe" = C:\Archivos de programa\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)
"C:\Archivos de programa\MSN Messenger\msnmsgr.exe" = C:\Archivos de programa\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
"C:\Archivos de programa\MSN Messenger\livecall.exe" = C:\Archivos de programa\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Documents and Settings\gne\Datos de programa\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe" = C:\Documents and Settings\gne\Datos de programa\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe:*:Enabled:Octoshape add-in for Adobe Flash Player -- (Octoshape ApS)
"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Enabled:Consola de administración de Microsoft -- (Microsoft Corporation)
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)
"C:\Archivos de programa\Java\jre6\bin\java.exe" = C:\Archivos de programa\Java\jre6\bin\java.exe:*:Disabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{188F8473-75E0-4210-9E5A-1292A566A506}" = Linksys Wireless Guard
"{1EBB57D4-63FF-87CC-A0F0-D73982CF6008}" = Adobe Media Player
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 26
"{2CCBABCB-6427-4A55-B091-49864623C43F}" = Google Toolbar for Firefox
"{3E9CA789-3AAC-4F5E-B42D-EA4232DAC60F}" = Atheros Wireless LAN
"{3F4EC965-28EF-45C3-B063-04B25D4E9679}" = WIDCOMM Bluetooth Software
"{43BFB9E2-169C-46A9-BB81-141A37FD9750}" = Adobe Shockwave Player
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56364334-9530-11D2-BFFC-00C04FA329AA}" = Microsoft Works 2000
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{868D7896-99D4-4513-BC62-2B3AD3E24926}" = TuneUp Utilities 2006
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver
"{90110C0A-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A2172ACA-FFA8-4808-BD20-08565C7390F9}" = OGA Notifier 1.7.0105.35.0
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A3BC5D37-30F9-4CF7-BD5C-0DFF063E4B6D}" = 2Wire Wireless Client
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.4
"{AF95557C-A14A-42D2-8C9D-E9650D1A8016}" = Asistente Prodigy
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D458BBDC-0363-42E0-8FF9-4736E3CB3CA2}" = Acer Screensaver
"{D70DE630-0D13-4394-A15B-5ACE6CF2A18D}" = Atheros Wireless LAN
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3812D83-86D2-4445-A841-3E0BA4F9A11C}" = Merriam-Webster 3.0
"2Wire SetupWiz" = Prodigy Infinitum Módem Router Inalámbrico
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Network Adapter
"Browser Defender_is1" = Browser Defender 3.0
"cayahooantispy" = CA Yahoo! Anti-Spy (remove only)
"CCleaner" = CCleaner
"com.adobe.amp.4875E02D9FB21EE389F73B8D1 702B320485DF8CE.1" = Adobe Media Player
"Cool Timer_is1" = Cool Timer 3.6
"EasyJob Resume Builder_is1" = EasyJob Resume Builder 4.00.1974
"EuroTalk Talk Now Plus!" = EuroTalk Talk Now Plus!
"Google Updater" = Google Updater
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{188F8473-75E0-4210-9E5A-1292A566A506}" = Linksys Wireless Guard
"KLiteCodecPack_is1" = K-Lite Codec Pack 2.81 Full
"Learn Inglés Your Way" = Learn Inglés Your Way
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.0.1200
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 4.0.1 (x86 es-ES)" = Mozilla Firefox 4.0.1 (x86 es-ES)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSMONEYV80" = Microsoft Money 2000 Standard Edition
"Nero 7_is1" = Nero 7.5.9.0
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"OnlineArmor_is1" = Online Armor 5.0
"Radio365 2.0" = Radio365 2.0
"RealPlayer 12.0" = RealPlayer
"Spyware Doctor" = Spyware Doctor
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Reproductor de Windows Media 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Search Defender" = Yahoo! Search Protection
"Yahoo! Software Update" = Yahoo! Software Update
"YTdetect" = Yahoo! Detect

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/5/2011 9:06:41 AM | Computer Name = ACER | Source = WmiAdapter | ID = 4099
Description = Error al abrir el servicio.

Error - 6/5/2011 9:09:41 AM | Computer Name = ACER | Source = WmiAdapter | ID = 4099
Description = Error al abrir el servicio.

Error - 6/9/2011 11:26:53 AM | Computer Name = ACER | Source = PerfNet | ID = 2004
Description = No se puede abrir el servicio Servidor. No se devolverán datos de rendimiento
del servidor. El código de error devuelto está en los datos DWORD 0.

[ System Events ]
Error - 6/13/2011 7:15:05 PM | Computer Name = ACER | Source = Service Control Manager | ID = 7011
Description = Intervalo de espera (30000 ms.) para la respuesta de transacción del
servicio Spooler.

Error - 6/13/2011 7:15:06 PM | Computer Name = ACER | Source = Service Control Manager | ID = 7011
Description = Intervalo de espera (30000 ms.) para la respuesta de transacción del
servicio Spooler.

Error - 6/13/2011 7:15:07 PM | Computer Name = ACER | Source = Service Control Manager | ID = 7011
Description = Intervalo de espera (30000 ms.) para la respuesta de transacción del
servicio Spooler.

Error - 6/13/2011 7:15:08 PM | Computer Name = ACER | Source = Service Control Manager | ID = 7011
Description = Intervalo de espera (30000 ms.) para la respuesta de transacción del
servicio Spooler.

Error - 6/13/2011 7:15:09 PM | Computer Name = ACER | Source = Service Control Manager | ID = 7011
Description = Intervalo de espera (30000 ms.) para la respuesta de transacción del
servicio Spooler.

Error - 6/13/2011 7:15:10 PM | Computer Name = ACER | Source = Service Control Manager | ID = 7011
Description = Intervalo de espera (30000 ms.) para la respuesta de transacción del
servicio Spooler.

Error - 6/13/2011 7:15:30 PM | Computer Name = ACER | Source = Service Control Manager | ID = 7011
Description = Intervalo de espera (30000 ms.) para la respuesta de transacción del
servicio Spooler.

Error - 6/13/2011 7:15:45 PM | Computer Name = ACER | Source = Service Control Manager | ID = 7011
Description = Intervalo de espera (30000 ms.) para la respuesta de transacción del
servicio Spooler.

Error - 6/14/2011 6:04:54 PM | Computer Name = ACER | Source = Service Control Manager | ID = 7009
Description = Intervalo de espera (30000 ms.) para la conexión con el servicio Servicio
de puerta de enlace de capa de aplicación.

Error - 6/14/2011 6:04:54 PM | Computer Name = ACER | Source = Service Control Manager | ID = 7000
Description = El servicio Servicio de puerta de enlace de capa de aplicación no
pudo iniciarse debido al siguiente error: %%1053

< End of report >

tepetapan · « **Reply #22 on:** June 16, 2011, 08:45:12 AM »

OTL logfile created on: 6/16/2011 9:16:07 AM - Run 1
OTL by OldTimer - Version 3.2.24.0 Folder = C:\Documents and Settings\gne\Escritorio
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: Estados Unidos | Language: ENU | Date Format: M/d/yyyy

502.05 Mb Total Physical Memory | 59.60 Mb Available Physical Memory | 11.87% Memory free
1.33 Gb Paging File | 0.28 Gb Available in Paging File | 21.29% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Archivos de programa
Drive C: | 74.52 Gb Total Space | 55.70 Gb Free Space | 74.75% Space Free | Partition Type: NTFS

Computer Name: ACER | User Name: gene | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\gne\Escritorio\OTL.exe (OldTimer Tools)
PRC - C:\Archivos de programa\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Archivos de programa\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Archivos de programa\PC Tools Security\pctsGui.exe (PC Tools)
PRC - C:\Archivos de programa\PC Tools Security\BDT\FGuard.exe (Threat Expert Ltd.)
PRC - C:\Archivos de programa\PC Tools Security\BDT\BDTUpdateService.exe (Threat Expert Ltd.)
PRC - C:\Archivos de programa\PC Tools Security\TFEngine\TFService.exe (PC Tools)
PRC - C:\Archivos de programa\PC Tools Security\pctsSvc.exe (PC Tools)
PRC - C:\Archivos de programa\Archivos comunes\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
PRC - C:\Archivos de programa\PC Tools Security\Upgrade.exe (PC Tools)
PRC - C:\Archivos de programa\PC Tools Security\pctsAuxs.exe (PC Tools)
PRC - C:\Archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Archivos de programa\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
PRC - C:\Archivos de programa\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\WINDOWS\system32\WgaTray.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\PDF\pdfSaver\pdfSaver3.exe (Tracker Software Products Ltd.)
PRC - C:\Archivos de programa\Linksys Wireless Guard\WscGuard.exe (Wireless Security Corporation)
PRC - C:\Archivos de programa\Linksys Wireless Guard\WscNetMgrSvc.exe (Wireless Security Corporation)
PRC - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Works Shared\wkcalrem.exe (Microsoft® Corporation)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\gne\Escritorio\OTL.exe (OldTimer Tools)
MOD - C:\Archivos de programa\PC Tools Security\TFEngine\TFWAH.dll (PC Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
MOD - C:\Archivos de programa\Linksys Wireless Guard\WscGuiHelper.dll (WSC)

========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- File not found
SRV - (ERSvc) -- File not found
SRV - (CiSvc) -- File not found
SRV - (MBAMService) -- C:\Archivos de programa\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (Browser Defender Update Service) -- C:\Archivos de programa\PC Tools Security\BDT\BDTUpdateService.exe (Threat Expert Ltd.)
SRV - (ThreatFire) -- C:\Archivos de programa\PC Tools Security\TFEngine\TFService.exe (PC Tools)
SRV - (sdCoreService) -- C:\Archivos de programa\PC Tools Security\pctsSvc.exe (PC Tools)
SRV - (nosGetPlusHelper) getPlus(R) -- C:\Archivos de programa\NOS\bin\getPlus_Helper_3004.dll (NOS Microsystems Ltd.)
SRV - (sdAuxService) -- C:\Archivos de programa\PC Tools Security\pctsAuxs.exe (PC Tools)
SRV - (YahooAUService) -- C:\Archivos de programa\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (WinDefend) -- C:\Archivos de programa\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SRV - (UxTuneUp) -- C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software GmbH)
SRV - (WSCNetManager) -- C:\Archivos de programa\Linksys Wireless Guard\WscNetMgrSvc.exe (Wireless Security Corporation)
SRV - (ose) -- C:\Archivos de programa\Archivos comunes\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (pctgntdi) -- C:\WINDOWS\system32\drivers\pctgntdi.sys (PC Tools)
DRV - (TFSysMon) -- C:\WINDOWS\system32\drivers\TfSysMon.sys (PC Tools)
DRV - (TfNetMon) -- C:\WINDOWS\system32\drivers\TfNetMon.sys (PC Tools)
DRV - (TfFsMon) -- C:\WINDOWS\system32\drivers\TfFsMon.sys (PC Tools)
DRV - (pctplsg) -- C:\WINDOWS\system32\drivers\pctplsg.sys (PC Tools)
DRV - (PCTCore) -- C:\WINDOWS\system32\drivers\PCTCore.sys (PC Tools)
DRV - (taphss) -- C:\WINDOWS\system32\drivers\taphss.sys (AnchorFree Inc)
DRV - (pctEFA) -- C:\WINDOWS\system32\drivers\pctEFA.sys (PC Tools)
DRV - (pctDS) -- C:\WINDOWS\system32\drivers\pctDS.sys (PC Tools)
DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (AR5211) -- C:\WINDOWS\system32\drivers\ar5211.sys (Atheros Communications, Inc.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (2WIREPCP) -- C:\WINDOWS\system32\drivers\2WirePCP.sys (2Wire, Inc.)
DRV - (ESMCR) -- C:\WINDOWS\system32\drivers\ESM7SK.sys (ENE Technology Inc.)
DRV - (ESDCR) -- C:\WINDOWS\system32\drivers\ESD7SK.sys (ENE Technology Inc.)
DRV - (EMSCR) -- C:\WINDOWS\system32\drivers\EMS7SK.sys (ENE Technology Inc.)
DRV - (btaudio) -- C:\WINDOWS\system32\drivers\btaudio.sys (Broadcom Corporation.)
DRV - (BTSERIAL) -- C:\WINDOWS\system32\drivers\btserial.sys (Broadcom Corporation.)
DRV - (BTKRNL) -- C:\WINDOWS\system32\drivers\btkrnl.sys (Broadcom Corporation.)
DRV - (BTDriver) -- C:\WINDOWS\system32\drivers\btport.sys (Broadcom Corporation.)
DRV - (BTWDNDIS) -- C:\WINDOWS\system32\drivers\btwdndis.sys (Broadcom Corporation.)
DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (MDC8021X) AEGIS Protocol (IEEE 802.1x) -- C:\WINDOWS\system32\drivers\mdc8021x.sys (Meetinghouse Data Communications)
DRV - (WscNetDr) -- C:\WINDOWS\system32\drivers\WscNetDr.sys (Wireless Security Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://mx.my.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\g, = http://www.google.es/search?q=%s
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Archivos de programa\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultEngine: "Yahoo"
FF - prefs.js..browser.search.defaultenginen ame: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p="
FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com//?fr=fp-tyc8"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.6.20090220
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p="

FF - HKLM\software\mozilla\Firefox\Extensions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16}: C:\Archivos de programa\PC Tools Security\BDT\Firefox\ [2011/04/21 08:31:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\Documents and Settings\All Users\Datos de programa\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2011/05/09 08:05:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Archivos de programa\Mozilla Firefox\components [2011/05/08 12:51:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Archivos de programa\Mozilla Firefox\plugins [2011/06/08 07:21:43 | 000,000,000 | ---D | M]

[2009/05/03 15:25:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\gne\Datos de programa\Mozilla\Extensions
[2011/06/15 13:58:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\gne\Datos de programa\Mozilla\Firefox\Profiles\q616o4o9.default\extensions
[2011/06/03 12:18:01 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\gne\Datos de programa\Mozilla\Firefox\Profiles\q616o4o9.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011/06/15 13:58:35 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\gne\Datos de programa\Mozilla\Firefox\Profiles\q616o4o9.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/05/12 14:36:14 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Documents and Settings\gne\Datos de programa\Mozilla\Firefox\Profiles\q616o4o9.default\extensions\[email protected]
[2011/06/07 18:54:27 | 000,000,000 | ---D | M] (No name found) -- C:\Archivos de programa\Mozilla Firefox\extensions
[2011/06/07 18:47:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Archivos de programa\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
File not found (No name found) --
[2011/06/07 18:47:00 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\ARCHIVOS DE PROGRAMA\JAVA\JRE6\LIB\DEPLOY\JQS\FF
() (No name found) -- C:\DOCUMENTS AND SETTINGS\GNE\DATOS DE PROGRAMA\MOZILLA\FIREFOX\PROFILES\Q616O4O9.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2009/09/01 10:00:51 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/04/14 11:43:44 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Archivos de programa\Mozilla Firefox\components\browsercomps.dll
[2011/06/07 18:46:55 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Archivos de programa\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Archivos de programa\Mozilla Firefox\searchplugins\bing.xml
[2010/01/01 03:00:00 | 000,003,996 | ---- | M] () -- C:\Archivos de programa\Mozilla Firefox\searchplugins\drae.xml
[2010/01/01 03:00:00 | 000,001,143 | ---- | M] () -- C:\Archivos de programa\Mozilla Firefox\searchplugins\eBay-es.xml
[2010/01/01 03:00:00 | 000,001,178 | ---- | M] () -- C:\Archivos de programa\Mozilla Firefox\searchplugins\wikipedia-es.xml
[2010/01/01 03:00:00 | 000,001,102 | ---- | M] () -- C:\Archivos de programa\Mozilla Firefox\searchplugins\yahoo-es.xml

O1 HOSTS File: ([2011/06/08 17:54:59 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - File not found
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Archivos de programa\Archivos comunes\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Archivos de programa\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Archivos de programa\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Archivos de programa\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - File not found
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Archivos de programa\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Archivos de programa\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O4 - HKLM..\Run: [Adobe ARM] C:\Archivos de programa\Archivos comunes\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ISTray] C:\Archivos de programa\PC Tools Security\pctsGui.exe (PC Tools)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Archivos de programa\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PCTools FGuard] C:\Archivos de programa\PC Tools Security\BDT\FGuard.exe (Threat Expert Ltd.)
O4 - HKLM..\Run: [TkBellExe] C:\Archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [YSearchProtection] C:\Archivos de programa\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKCU..\Run: [pdfSaver3] C:\Program Files\PDF\pdfSaver\pdfSaver3.exe (Tracker Software Products Ltd.)
O4 - HKCU..\Run: [Search Protection] C:\Archivos de programa\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKCU..\Run: [YSearchProtection] C:\Archivos de programa\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - Startup: C:\Documents and Settings\All Users\Menú Inicio\Programas\Inicio\Linksys Wireless Guard.lnk = C:\Archivos de programa\Linksys Wireless Guard\WscGuard.exe (Wireless Security Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Menú Inicio\Programas\Inicio\Microsoft Works Calendar Reminders.lnk = C:\Archivos de programa\Archivos comunes\Microsoft Shared\Works Shared\wkcalrem.exe (Microsoft® Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoInternetOpenWith = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre6\bin\npjpi160_26.dll (Sun Microsystems, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Archivos de programa\Archivos comunes\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Archivos de programa\Archivos comunes\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Archivos de programa\Archivos comunes\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Archivos de programa\Archivos comunes\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O15 - HKCU\..Trusted Domains: bcnonline.com ([www] https in Trusted sites)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1187408947453 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1195573220859 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} http://148.213.21.243/activex/AMC.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Archivos de programa\Archivos comunes\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (XPize_Logon.exe) - C:\WINDOWS\System32\XPize_Logon.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Mi página de inicio actual) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\gne\Configuración local\Datos de programa\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\gne\Configuración local\Datos de programa\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Archivos de programa\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/08/15 20:48:56 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/16 09:13:13 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\gne\Escritorio\OTL.exe
[2011/06/16 09:08:54 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\regsvc.dll
[2011/06/09 09:55:38 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011/06/09 09:42:28 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/06/08 17:17:07 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\proquota.exe
[2011/06/08 17:03:02 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/06/08 16:58:45 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/06/08 16:58:45 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/06/08 16:58:45 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/06/08 16:58:45 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/06/08 16:49:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/06/08 16:41:48 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/06/08 09:08:26 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/06/07 18:47:36 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/06/07 18:47:36 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/06/07 18:47:36 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/06/05 09:56:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\gne\Datos de programa\Malwarebytes
[2011/06/05 09:56:18 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/06/05 09:56:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menú Inicio\Programas\Malwarebytes' Anti-Malware
[2011/06/05 09:56:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Datos de programa\Malwarebytes
[2011/06/05 09:56:12 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/06/05 09:56:12 | 000,000,000 | ---D | C] -- C:\Archivos de programa\Malwarebytes' Anti-Malware
[2011/06/05 09:48:01 | 000,000,000 | ---D | C] -- C:\Archivos de programa\CCleaner
[2011/06/05 08:50:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\gne\Datos de programa\OnlineArmor
[2011/06/05 08:50:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Datos de programa\OnlineArmor
[2011/06/04 17:49:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\gne\Datos de programa\SUPERAntiSpyware.com
[2011/06/04 17:48:08 | 000,000,000 | ---D | C] -- C:\Archivos de programa\SUPERAntiSpyware
[2011/06/04 17:37:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menú Inicio\Programas\CCleaner
[2011/06/04 15:32:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menú Inicio\Programas\Online Armor
[2011/06/04 15:32:19 | 000,029,464 | ---- | C] (Emsisoft) -- C:\WINDOWS\System32\drivers\OAnet.sys
[2011/06/04 15:32:19 | 000,025,192 | ---- | C] (Emsisoft) -- C:\WINDOWS\System32\drivers\OAmon.sys
[2011/06/04 15:32:11 | 000,000,000 | ---D | C] -- C:\Archivos de programa\Online Armor
[2011/05/27 07:34:46 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2009/01/20 12:59:00 | 000,018,944 | ---- | C] ( ) -- C:\WINDOWS\System32\Implode.dll
[91 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[86 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[24 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/16 09:28:32 | 000,000,434 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{24DAE1F8-C8C2-44DD-A5B3-29D9CCA234F3}.job
[2011/06/16 09:28:01 | 000,000,434 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{CC7F30DA-B4C9-4AD8-BE6E-62B4DDA2FBFC}.job
[2011/06/16 09:14:54 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\gne\Escritorio\OTL.exe
[2011/06/16 09:13:31 | 000,001,102 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/16 09:09:46 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/16 09:08:14 | 000,000,098 | ---- | M] () -- C:\Documents and Settings\gne\Escritorio\event.bat
[2011/06/16 08:14:37 | 000,001,020 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/06/16 08:13:38 | 000,001,098 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/16 07:29:57 | 000,000,264 | ---- | M] () -- C:\WINDOWS\tasks\OGADaily.job
[2011/06/16 07:09:24 | 000,000,264 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2011/06/16 07:03:30 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/15 13:02:20 | 000,000,344 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/06/14 10:15:00 | 000,000,452 | ---- | M] () -- C:\WINDOWS\tasks\Mantenimiento con 1 clic.job
[2011/06/09 13:37:13 | 000,014,848 | ---- | M] () -- C:\Documents and Settings\gne\Mis documentos\amazon.WPS
[2011/06/09 10:34:36 | 003,444,736 | ---- | M] () -- C:\Documents and Settings\gne\Mis documentos\My Money2.mny
[2011/06/09 10:34:35 | 003,445,957 | R--- | M] () -- C:\Documents and Settings\gne\Mis documentos\My Money Backup.mbf
[2011/06/08 17:54:59 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/06/08 17:03:08 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/06/08 09:57:42 | 000,693,570 | ---- | M] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2011/06/08 09:52:14 | 000,000,134 | ---- | M] () -- C:\Documents and Settings\gne\Escritorio\Internet Explorer Troubleshooting.url
[2011/06/07 18:46:54 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2011/06/07 18:46:54 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/06/07 18:46:54 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/06/07 18:46:54 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/06/07 18:46:54 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011/06/06 07:40:23 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/06/05 09:56:18 | 000,000,833 | ---- | M] () -- C:\Documents and Settings\All Users\Escritorio\Malwarebytes' Anti-Malware.lnk
[2011/06/05 09:48:03 | 000,000,731 | ---- | M] () -- C:\Documents and Settings\All Users\Escritorio\CCleaner.lnk
[2011/06/04 13:40:05 | 000,000,071 | ---- | M] () -- C:\WINDOWS\PrintWorkShop2004LE.ini
[2011/06/04 07:45:48 | 000,044,751 | ---- | M] () -- C:\Documents and Settings\gne\Mis documentos\My Money2 ddd.qif
[2011/06/04 07:42:50 | 000,035,718 | ---- | M] () -- C:\Documents and Settings\gne\Mis documentos\My Money2 hh.qif
[2011/06/03 15:35:39 | 000,000,921 | ---- | M] () -- C:\Documents and Settings\gne\Mis documentos\My Sharing Folders.lnk
[2011/06/02 10:42:27 | 000,013,824 | ---- | M] () -- C:\Documents and Settings\gne\Mis documentos\WISH LIST.wps
[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[91 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[86 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[24 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/16 09:08:14 | 000,000,098 | ---- | C] () -- C:\Documents and Settings\gne\Escritorio\event.bat
[2011/06/09 13:37:12 | 000,014,848 | ---- | C] () -- C:\Documents and Settings\gne\Mis documentos\amazon.WPS
[2011/06/08 17:03:08 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/06/08 17:03:06 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/06/08 16:58:45 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/06/08 16:58:45 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/06/08 16:58:45 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/06/08 16:58:45 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/06/08 16:58:45 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/06/08 09:52:14 | 000,000,134 | ---- | C] () -- C:\Documents and Settings\gne\Escritorio\Internet Explorer Troubleshooting.url
[2011/06/05 09:56:18 | 000,000,833 | ---- | C] () -- C:\Documents and Settings\All Users\Escritorio\Malwarebytes' Anti-Malware.lnk
[2011/06/05 09:48:02 | 000,000,731 | ---- | C] () -- C:\Documents and Settings\All Users\Escritorio\CCleaner.lnk
[2011/06/04 15:32:19 | 000,205,864 | ---- | C] () -- C:\WINDOWS\System32\drivers\OADriver.sys
[2011/06/04 15:32:19 | 000,039,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\oahlp32.sys
[2011/06/04 07:45:43 | 000,044,751 | ---- | C] () -- C:\Documents and Settings\gne\Mis documentos\My Money2 ddd.qif
[2011/06/04 07:42:40 | 000,035,718 | ---- | C] () -- C:\Documents and Settings\gne\Mis documentos\My Money2 hh.qif
[2011/06/02 10:11:16 | 000,013,824 | ---- | C] () -- C:\Documents and Settings\gne\Mis documentos\WISH LIST.wps
[2011/04/19 13:07:16 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll0457.old
[2011/04/19 13:07:16 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
[2009/01/20 12:59:02 | 000,204,848 | ---- | C] () -- C:\WINDOWS\System32\gswin32c.exe
[2009/01/20 12:59:00 | 000,748,160 | ---- | C] () -- C:\WINDOWS\System32\Co2c40en.dll
[2009/01/20 12:59:00 | 000,054,272 | ---- | C] () -- C:\WINDOWS\System32\P2irdao.dll
[2009/01/20 12:59:00 | 000,050,176 | ---- | C] () -- C:\WINDOWS\System32\P2ctdao.dll
[2008/12/31 18:04:42 | 000,691,560 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2008/12/31 18:04:42 | 000,528,744 | ---- | C] () -- C:\WINDOWS\System32\OGAVerify.exe
[2008/11/19 13:19:50 | 000,006,144 | ---- | C] () -- C:\Documents and Settings\gne\Configuración local\Datos de programa\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/31 15:14:52 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2008/09/02 09:58:06 | 000,000,421 | ---- | C] () -- C:\Documents and Settings\gne\Datos de programa\.googlewebacchosts
[2008/06/03 12:29:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/04/12 18:20:58 | 000,000,049 | ---- | C] () -- C:\WINDOWS\System32\imon1.dat
[2008/03/29 11:59:18 | 000,071,456 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2008/03/28 15:55:13 | 000,000,765 | ---- | C] () -- C:\WINDOWS\602Photo.INI
[2008/02/25 13:21:48 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Datos de programa\ezsid.dat
[2008/02/13 15:30:01 | 000,000,105 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/09/24 08:02:21 | 000,000,071 | ---- | C] () -- C:\WINDOWS\PrintWorkShop2004LE.ini
[2007/08/19 17:43:52 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/08/19 09:35:09 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\gne\Configuración local\Datos de programa\fusioncache.dat
[2007/08/15 23:24:51 | 000,356,352 | R--- | C] () -- C:\WINDOWS\EMCRI.dll
[2007/08/15 23:22:33 | 000,086,016 | R--- | C] () -- C:\WINDOWS\System32\preflib.dll
[2007/08/15 22:51:34 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2007/08/15 22:33:22 | 000,018,944 | R--- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
[2007/08/15 22:33:21 | 000,757,760 | R--- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2007/08/15 21:40:29 | 000,004,205 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007/08/15 21:39:25 | 000,368,096 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2007/08/15 21:02:22 | 000,000,379 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/08/15 20:58:55 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\BCGPOleAcc.dll
[2007/08/15 20:58:24 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/08/15 20:58:24 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007/08/15 20:58:24 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2007/08/15 20:58:23 | 000,005,120 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2007/08/15 20:49:39 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2007/08/15 20:45:52 | 000,021,900 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/01/17 03:31:30 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2005/12/14 13:59:52 | 000,000,038 | ---- | C] () -- C:\WINDOWS\Acer.ini
[2004/08/19 08:58:52 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/02 07:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2003/08/14 12:59:40 | 000,026,013 | ---- | C] () -- C:\WINDOWS\System32\sleep.exe
[2001/11/14 05:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[2001/10/06 11:58:36 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/10/06 11:58:34 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/24 10:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/24 10:00:00 | 000,520,188 | ---- | C] () -- C:\WINDOWS\System32\perfh00A.dat
[2001/08/24 10:00:00 | 000,453,530 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/24 10:00:00 | 000,317,534 | ---- | C] () -- C:\WINDOWS\System32\perfi00A.dat
[2001/08/24 10:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/24 10:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/24 10:00:00 | 000,100,202 | ---- | C] () -- C:\WINDOWS\System32\perfc00A.dat
[2001/08/24 10:00:00 | 000,077,890 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/24 10:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/24 10:00:00 | 000,036,284 | ---- | C] () -- C:\WINDOWS\System32\perfd00A.dat
[2001/08/24 10:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat

========== LOP Check ==========

[2011/04/19 12:00:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\avg9
[2011/06/05 09:35:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\OnlineArmor
[2011/06/16 07:17:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\TEMP
[2010/08/25 18:26:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\WinZip
[2011/06/16 07:10:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\WSC Guard
[2010/08/07 07:30:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\gne\Datos de programa\AVG9
[2010/01/03 14:06:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\gne\Datos de programa\EasyJob Resume Builder
[2007/09/16 11:45:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\gne\Datos de programa\EuroTalk
[2009/11/13 10:33:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\gne\Datos de programa\Gizmo5
[2008/06/22 16:28:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\gne\Datos de programa\ieSpell
[2011/06/05 08:51:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\gne\Datos de programa\OnlineArmor
[2010/07/30 08:36:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\gne\Datos de programa\Sammsoft
[2010/01/03 14:07:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\gne\Datos de programa\SmartDraw
[2007/09/24 08:18:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\gne\Datos de programa\Software602
[2009/04/01 09:49:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\gne\Datos de programa\StarOffice8
[2007/09/28 10:23:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\gne\Datos de programa\TuneUp Software
[2008/10/13 08:45:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\gne\Datos de programa\WeatherWatcher
[2008/11/20 08:28:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\gne\Datos de programa\WeatherWatcherLive
[2009/01/20 10:36:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\gne\Datos de programa\Your Company
[2011/06/14 10:15:00 | 000,000,452 | ---- | M] () -- C:\WINDOWS\Tasks\Mantenimiento con 1 clic.job
[2011/06/15 13:02:20 | 000,000,344 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2011/06/16 07:29:57 | 000,000,264 | ---- | M] () -- C:\WINDOWS\Tasks\OGADaily.job
[2011/06/16 07:09:24 | 000,000,264 | ---- | M] () -- C:\WINDOWS\Tasks\OGALogon.job
[2011/06/16 09:28:32 | 000,000,434 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{24DAE1F8-C8C2-44DD-A5B3-29D9CCA234F3}.job
[2011/06/16 09:28:01 | 000,000,434 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{CC7F30DA-B4C9-4AD8-BE6E-62B4DDA2FBFC}.job

========== Purity Check ==========

========== Custom Scans ==========

< :OTL >

< TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File >

< TB: {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - No File >

< TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File >

< uRun: [<NO NAME>] >

< mRun: [TkBellExe] "c:\archivos de programa\archivos comunes\real\update_ob\realsched.exe" -osboot >

< Trusted Zone: bcnonline.com\www >

< c:\windows\DUMP78e9.tmp >
[24 c:\windows\*.tmp files -> c:\windows\*.tmp -> ]

< c:\windows\DUMP74e1.tmp >
[24 c:\windows\*.tmp files -> c:\windows\*.tmp -> ]

< >

< :COMMANDS >

< [resethosts] >

< [purity] >

< [emptytemp] >

< [start explorer] >

========== Alternate Data Streams ==========

@Alternate Data Stream - 196 bytes -> C:\Documents and Settings\All Users\Datos de programa\TEMP:DFC5A2B2
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Datos de programa\TEMP:430C6D84
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Datos de programa\TEMP:A8ADE5D8
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Datos de programa\TEMP:FA5F15C4

< End of report >

tepetapan · « **Reply #23 on:** June 16, 2011, 12:06:45 PM »

I don´t know what happened but we must have stirred something up. 22 e-mails sent out by the worm. It had been over a week or more since that happened.

tepetapan · « **Reply #24 on:** June 16, 2011, 04:09:56 PM »

I noticed errors of the spool server so I had to look it up. From what I saw it has to do with a printer, which I do not have and I have not had a printer for years. It´s cheaper to have stuff printed at an internet cafe and use their ink.

SuperDave · « **Reply #25 on:** June 16, 2011, 04:39:56 PM »

Please run another scan with ComboFix and post the log.

* Open OTL
* Copy and Paste the following text in the codebox into the Custom Scans/Fixes window.

Code: [Select]

:OTL
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} -  File not found
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} -  File not found
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -  File not found
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -  File not found
O4 - HKLM..\Run: [TkBellExe] C:\Archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe (RealNetworks, Inc.)

:COMMANDS
[resethosts]
[purity]
[emptytemp]
[start explorer]

* Click Run Fix
* OTLI2 may ask to reboot the machine. Please do so if asked.
* Click OK
* A report will open. Copy and Paste that report in your next reply.

tepetapan · « **Reply #26 on:** June 16, 2011, 06:33:25 PM »

OK SuperDave. I must have really stirred things up today, like poking at a snake with a stick Just sent out another 20+ emails.

I will do it in the AM.

tepetapan · « **Reply #27 on:** June 17, 2011, 08:33:56 AM »

ComboFix 11-06-16.02 - gene 06/17/2011 9:12.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.34.3082.18.502.213 [GMT -5:00]
Running from: c:\documents and settings\gne\Escritorio\ComboFix.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-05-17 to 2011-06-17 )))))))))))))))))))))))))))))))
.
.
2011-06-16 14:08 . 2008-04-14 02:18   59904   ----a-w-   c:\windows\system32\regsvc.dll
2011-06-16 14:08 . 2008-04-14 02:18   59904   ----a-w-   c:\windows\system32\dllcache\regsvc.dll
2011-06-08 22:17 . 2008-04-14 02:19   50688   ----a-w-   c:\windows\system32\proquota.exe
2011-06-08 21:50 . 2008-04-14 01:51   53248   ----a-w-   c:\windows\system32\drivers\Volsnap.sys
2011-06-08 14:08 . 2011-06-08 14:08   --------   d-----w-   C:\_OTL
2011-06-05 14:56 . 2011-06-05 14:56   --------   d-----w-   c:\documents and settings\gne\Datos de programa\Malwarebytes
2011-06-05 14:56 . 2011-05-29 14:11   39984   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-05 14:56 . 2011-06-05 14:56   --------   d-----w-   c:\documents and settings\All Users\Datos de programa\Malwarebytes
2011-06-05 14:56 . 2011-06-05 14:56   --------   d-----w-   c:\archivos de programa\Malwarebytes' Anti-Malware
2011-06-05 14:56 . 2011-05-29 14:11   22712   ----a-w-   c:\windows\system32\drivers\mbam.sys
2011-06-05 14:48 . 2011-06-05 14:48   --------   d-----w-   c:\archivos de programa\CCleaner
2011-06-05 14:36 . 2011-06-05 14:36   --------   d-----w-   c:\windows\system32\wbem\Repository
2011-06-05 13:50 . 2011-06-05 14:35   --------   d-----w-   c:\documents and settings\All Users\Datos de programa\OnlineArmor
2011-06-05 13:50 . 2011-06-05 13:51   --------   d-----w-   c:\documents and settings\gne\Datos de programa\OnlineArmor
2011-06-05 13:22 . 2011-06-05 13:22   --------   d-----w-   c:\documents and settings\Invitado.ACER\Datos de programa\OnlineArmor
2011-06-04 22:49 . 2011-06-04 22:49   --------   d-----w-   c:\documents and settings\gne\Datos de programa\SUPERAntiSpyware.com
2011-06-04 22:48 . 2011-06-05 13:36   --------   d-----w-   c:\archivos de programa\SUPERAntiSpyware
2011-06-04 20:32 . 2011-04-06 18:02   39048   ----a-w-   c:\windows\system32\drivers\oahlp32.sys
2011-06-04 20:32 . 2011-04-06 18:01   29464   ----a-w-   c:\windows\system32\drivers\OAnet.sys
2011-06-04 20:32 . 2011-04-06 18:01   25192   ----a-w-   c:\windows\system32\drivers\OAmon.sys
2011-06-04 20:32 . 2011-04-06 18:01   205864   ----a-w-   c:\windows\system32\drivers\OADriver.sys
2011-06-04 20:32 . 2011-06-05 14:06   --------   d-----w-   c:\archivos de programa\Online Armor
2011-05-27 12:34 . 2011-06-06 12:40   404640   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-19 19:02 . 2011-05-19 23:33   --------   d-----w-   c:\documents and settings\Invitado.ACER\Configuración local\Datos de programa\Adobe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-07 23:46 . 2010-06-04 14:19   472808   ----a-w-   c:\windows\system32\deployJava1.dll
2011-06-07 23:46 . 2007-08-16 01:58   73728   ----a-w-   c:\windows\system32\javacpl.cpl
2011-06-04 20:02 . 2007-08-16 03:34   98304   ----a-w-   c:\windows\DUMP78e9.tmp
2011-06-04 14:37 . 2007-08-16 03:34   98304   ----a-w-   c:\windows\DUMP74e1.tmp
2011-04-18 14:15 . 2011-04-19 18:05   7071056   ----a-w-   c:\documents and settings\All Users\Datos de programa\Microsoft\Windows Defender\Definition Updates\{0D6AB577-A1AF-4499-8FD0-F4E3D16E44D4}\mpengine.dll
2011-04-14 16:43 . 2011-05-07 21:31   142296   ----a-w-   c:\archivos de programa\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"pdfSaver3"="c:\program files\PDF\pdfSaver\pdfSaver3.exe" [2004-05-19 385024]
"swg"="c:\archivos de programa\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-19 68856]
"Search Protection"="c:\archivos de programa\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"YSearchProtection"="c:\archivos de programa\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"Skype"="c:\archivos de programa\Skype\Phone\Skype.exe" [2011-01-26 15026056]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"YSearchProtection"="c:\archivos de programa\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"TkBellExe"="c:\archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe" [2009-11-25 198160]
"Adobe Reader Speed Launcher"="c:\archivos de programa\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\archivos de programa\Archivos comunes\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"Malwarebytes' Anti-Malware"="c:\archivos de programa\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]
"ISTray"="c:\archivos de programa\PC Tools Security\pctsGui.exe" [2011-01-13 1589208]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\archiv~1\ARCHIV~1\MICROS~1\DW\dwtrig20.exe" [2007-03-23 39264]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"=hex(2):58,50,69,7a,65,5f,4c,6f,67,6f,6e,2e,65,78,65,00
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menú Inicio^Programas^Inicio^BTTray.lnk]
path=c:\documents and settings\All Users\Menú Inicio\Programas\Inicio\BTTray.lnk
backup=c:\windows\pss\BTTray.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-03 02:43   69632   ----a-w-   c:\windows\Alcmtr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcWzrd]
2006-05-04 00:26   2808832   ----a-w-   c:\windows\alcwzrd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]
2005-11-11 12:40   1236992   ----a-r-   c:\windows\system32\WLTRAY.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 02:18   15360   ----a-w-   c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
2006-03-23 04:13   77824   ----a-r-   c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
2006-03-23 04:17   118784   ----a-r-   c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
2006-03-23 04:17   94208   ----a-r-   c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2006-12-18 19:12   16062464   ----a-w-   c:\windows\RTHDCPL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
2006-05-16 02:04   2879488   ----a-w-   c:\windows\SkyTel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2006-07-21 00:14   86016   ----a-w-   c:\windows\SoundMan.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TaskSwitchXP]
2006-08-04 22:29   62976   ----a-w-   c:\archivos de programa\TaskSwitchXP\TaskSwitchXP.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableUnicastResponsesToMulticastBroad cast"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\gne\\Datos de programa\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Archivos de programa\\Java\\jre6\\bin\\java.exe"=
"c:\\Archivos de programa\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Archivos de programa\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [8/15/2007 8:49 PM 639224]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]
R0 TFSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]
R2 MBAMService;MBAMService;c:\archivos de programa\Malwarebytes' Anti-Malware\mbamservice.exe [6/5/2011 9:56 AM 366640]
R2 WinDefend;Windows Defender;c:\archivos de programa\Windows Defender\MsMpEng.exe [11/3/2006 8:19 PM 13592]
R2 WSCNetManager;Linksys Wireless Guard Network Manager Service;c:\archivos de programa\Linksys Wireless Guard\WscNetMgrSvc.exe [4/18/2004 9:57 AM 663635]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [6/5/2011 9:56 AM 22712]
R3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\TfNetMon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]
R4 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys --> c:\windows\system32\drivers\PCTCore.sys [?]
R4 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys --> c:\windows\system32\drivers\pctDS.sys [?]
R4 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys --> c:\windows\system32\drivers\pctEFA.sys [?]
R4 pctgntdi;pctgntdi;\??\c:\windows\system32\drivers\pctgntdi.sys --> c:\windows\system32\drivers\pctgntdi.sys [?]
S2 gupdate1c98614e61c2c66;Google Update Service (gupdate1c98614e61c2c66);c:\archivos de programa\Google\Update\GoogleUpdate.exe [2/3/2009 10:34 AM 133104]
S3 gupdatem;Servicio de Google Update (gupdatem);c:\archivos de programa\Google\Update\GoogleUpdate.exe [2/3/2009 10:34 AM 133104]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [6/5/2011 9:56 AM 39984]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [8/19/2004 8:43 AM 14336]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - pctplsg
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper   REG_MULTI_SZ     nosGetPlusHelper
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 09:32   128512   ------w-   c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-17 c:\windows\Tasks\Google Software Updater.job
- c:\archivos de programa\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-08-18 23:22]
.
2011-06-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\archivos de programa\Google\Update\GoogleUpdate.exe [2009-02-03 15:34]
.
2011-06-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\archivos de programa\Google\Update\GoogleUpdate.exe [2009-02-03 15:34]
.
2011-06-16 c:\windows\Tasks\Mantenimiento con 1 clic.job
- c:\archivos de programa\TuneUp Utilities 2006\SystemOptimizer.exe [2006-10-06 03:37]
.
2011-06-17 c:\windows\Tasks\MP Scheduled Scan.job
- c:\archivos de programa\Windows Defender\MpCmdRun.exe [2006-11-04 01:20]
.
2011-06-17 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 23:04]
.
2011-06-17 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 23:04]
.
2011-06-17 c:\windows\Tasks\User_Feed_Synchronization-{24DAE1F8-C8C2-44DD-A5B3-29D9CCA234F3}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 09:31]
.
2011-06-17 c:\windows\Tasks\User_Feed_Synchronization-{CC7F30DA-B4C9-4AD8-BE6E-62B4DDA2FBFC}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://mx.my.yahoo.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xportar a Microsoft Excel - c:\archiv~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\archivos de programa\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: Lookup on Merriam Webster - file://c:\archivos de programa\ieSpell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\archivos de programa\ieSpell\wikipedia.HTM
Trusted Zone: bcnonline.com\www
TCP: DhcpNameServer = 192.168.1.254
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://148.213.21.243/activex/AMC.cab
FF - ProfilePath - c:\documents and settings\gne\Datos de programa\Mozilla\Firefox\Profiles\q616o4o9.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com//?fr=fp-tyc8
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - user.js: yahoo.homepage.dontask - true
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-17 09:25
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
"A0C0110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(716)
c:\archivos de programa\PC Tools Security\TFEngine\TFMon.dll
c:\archivos de programa\PC Tools Security\TFEngine\TFRK.dll
.
- - - - - - - > 'lsass.exe'(792)
c:\archivos de programa\Archivos comunes\PC Tools\Lsp\PCTLsp.dll
.
- - - - - - - > 'explorer.exe'(3840)
c:\windows\system32\WININET.dll
c:\archivos de programa\Linksys Wireless Guard\WscGuiHelper.dll
c:\archiv~1\WINDOW~2\wmpband.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-06-17 09:30:13
ComboFix-quarantined-files.txt 2011-06-17 14:30
.
Pre-Run: 59,876,802,560 bytes libres
Post-Run: 59,870,609,408 bytes libres
.
- - End Of File - - 7FBE86461726F9ACEBF4833202C47ADE

tepetapan · « **Reply #28 on:** June 17, 2011, 09:09:02 AM »

I ran otl and it froze up again. I waited 30 minutes but it said " no responde" and I could not close the program or the computer so I popped the battery yet again. Upon starting back up it went into some mode, a couple things translated from spanish is "verifying the system of you file in c" and "would verify of disc". After it finished this process the computer started normally.
On another note, after the Combofix ran, the computer acted good, even fast as compared to before. It still seems to be running good.
I will try to run OTL again in a bit.

tepetapan · « **Reply #29 on:** June 17, 2011, 01:16:05 PM »

tried OTL again, it ran for less than 15 seconds and stopped. "No Responde" it says.

SuperDave · « **Reply #30 on:** June 17, 2011, 04:42:45 PM »

Re-running ComboFix to remove infections:

Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Open notepad and copy/paste the text in the quotebox below into it:
Quote
KillAll::

File::

c:\windows\DUMP78e9.tmp
c:\windows\DUMP74e1.tmp

DDS::
Trusted Zone: bcnonline.com\www
Save this as CFScript.txt, in the same location as ComboFix.exe
Referring to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at C:\ComboFix.txt
I don't need to see the log from this action.

*************************************************
SysProt Antirootkit

Download
SysProt Antirootkit from the link below (you will find it at the bottom
of the page under attachments, or you can get it from one of the
mirrors).

http://sites.google.com/site/sysprotantirootkit/

Unzip it into a folder on your desktop.

Double click Sysprot.exe to start the program.
Click on the Log tab.
In the Write to log box select the following items.

Process << Selected
Kernel Modules << Selected
SSDT << Selected
Kernel Hooks << Selected
IRP Hooks << NOT Selected
Ports << NOT Selected
Hidden Files << Selected

At the bottom of the page

Hidden Objects Only << Selected

Click on the Create Log button on the bottom right.
After a few seconds a new window should appear.
Select Scan Root Drive. Click on the Start button.
When it is complete a new window will appear to indicate that the scan is finished.
The log will be saved automatically in the same folder Sysprot.exe was extracted to. Open the text file and copy/paste the log here.

tepetapan · « **Reply #31 on:** June 18, 2011, 08:52:51 AM »

After doing the CFScript and the SysProt, and after the smoke cleared, I am looking for the text file. At first it seemed to tell me there was nothing found....poking around I found this.
MZ? ÿÿ ? @ P º ? Í!?LÍ!This program cannot be run in DOS mode.
The main body of this log was deleted by myself, Dave.
It´s all Greek to me........ the SysProt ran fine ( I think) did I miss something?

SuperDave · « **Reply #32 on:** June 18, 2011, 05:19:57 PM »

Quote

MZ? ÿÿ ? @ P º ? Í!?LÍ!This program cannot be run in DOS mode. $

Did you follow the instructions? It states that you cannot run this in DOS mode.

tepetapan · « **Reply #33 on:** June 19, 2011, 06:48:20 AM »

I did not run it in DOS, I am not nearly that smart, I ran it like I was instructed. Here is something I found on the desktop at the end of the day.
# Archive C:\Documents and Settings\gne\Escritorio\SysProt.zip
2009-03-15 23:11 Folder Folder SysProt
2009-03-15 20:18 145408 139772 SysProt\SysProt.exe
2009-03-15 23:10 268146 214248 SysProt\SysProt_AntiRootkit_Help.pdf
#
# Total Size Packed Files
# 413554 354020 3

SuperDave · « **Reply #34 on:** June 19, 2011, 04:34:14 PM »

Ok. Let's just forget about this scanner and we'll try another.

* Download the following tool: RootRepeal - Rootkit Detector
* Direct download link is here: RootRepeal.zip

* Close all programs and temporarily disable your anti-virus, Firewall and any anti-malware real-time protection before performing a scan.
* Click this link to see a list of such programs and how to disable them.

* Extract the program file to a new folder such as C:\RootRepeal
* Run the program RootRepeal.exe and go to the REPORT tab and click on the Scan button.
* Select ALL of the checkboxes and then click OK and it will start scanning your system.
* If you have multiple drives you only need to check the C: drive or the one Windows is installed on.
* When done, click on Save Report
* Save it to the same location where you ran it from, such as C:RootRepeal
* Save it as rootrepeal.txt
* Then open that log and select all and copy/paste it back on your next reply please.
* Close RootRepeal.

Computer Hope Forum

News:

Author Topic: worms in my computer (Read 19152 times)

tepetapan

Allan

tepetapan

tepetapan

SuperDave

tepetapan

SuperDave

tepetapan

SuperDave

tepetapan

SuperDave

tepetapan

SuperDave

tepetapan

tepetapan

SuperDave

tepetapan

SuperDave

tepetapan

tepetapan

SuperDave

tepetapan

tepetapan

tepetapan

tepetapan

SuperDave

tepetapan

tepetapan

tepetapan

tepetapan

SuperDave

tepetapan

SuperDave

tepetapan

SuperDave