Author Topic: worms in my computer (Read 19151 times)

SuperDave · « **Reply #15 on:** June 09, 2011, 04:16:01 PM »

Quote

Searching for "c:\windows\System32\regsvc.dll "
No files found.

Oh Oh. Do you have your OS disk(s)?

Quote

I then managed to return it to its current position.
For Sale! Cheap! Slightly used Acer!

Does this mean that you restored it to it's original state and you want to sell it?

tepetapan · « **Reply #16 on:** June 09, 2011, 05:36:25 PM »

Ha! No to the first question. How much you offering for the 2nd question. Shipping not included.

SuperDave · « **Reply #17 on:** June 10, 2011, 05:31:59 PM »

Quote

In the end, early this morning before I started these proceedures, the thing was running far better than it had been. I then managed to return it to its current position.

What do you mean "I then managed to return it to its current position"?
Can you try running the OTL script as described in Reply # 8

tepetapan · « **Reply #18 on:** June 12, 2011, 05:58:44 PM »

By current condition meaning it runs slow but it is not freezing up every 15 minutes. Usable is what I would call it.
I will do the download in the AM and post the results. I am a bit gun shy after the last bout but I would sure like to have this thing bug free.
This computer owes me nothing (besides a few documents), it is used in a tough enviroment since my "office" is outdoors,( covered ) but it can get hot down here..... pushing 100 F, six weeks a year. Being able to save a few things is my goal and to buy a desk top since they are cheaper here than laptops. Something fairly cheap since heat will always be an issue.

tepetapan · « **Reply #19 on:** June 14, 2011, 08:02:11 AM »

Tried 2 times to run the OTL.with no success. Both times, after 3 or 4 minutes it was noted "Program not responding" The second time I waited over 30 minutes just to be sure but things were locked up. I could not close the OTL program. I tried to shut down to computer but it froze up. Popped the battery again. The thing is running very poor at this moment.

SuperDave · « **Reply #20 on:** June 14, 2011, 05:00:05 PM »

Go to Start > Run > type Notepad.exe and click OK to open Notepad.

Copy all of the text in the below Code box into Notepad.

Code:
@echo off
copy c:\windows\ServicePackFiles\i386\regsvc.dll c:\windows\System32\regsvc.dll
exit

In Notepad go to File > Save as, choose to save it to your desktop and name it event.bat

Now double click the event.bat file you just created and let it finish.

You will know it's finished when there is a new file on your desktop.
********************************************************

* Double click on the OTL icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
* When the window appears, underneath Output at the top change it to Minimal Output.
* Check the boxes beside LOP Check and Purity Check.
* Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.

Please copy and pate the contents of these files, one at a time, into your next reply.

Note: You may need two or more posts to fit them all in.

tepetapan · « **Reply #21 on:** June 16, 2011, 08:44:05 AM »

OTL Extras logfile created on: 6/16/2011 9:16:07 AM - Run 1
OTL by OldTimer - Version 3.2.24.0 Folder = C:\Documents and Settings\gne\Escritorio
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: Estados Unidos | Language: ENU | Date Format: M/d/yyyy

502.05 Mb Total Physical Memory | 59.60 Mb Available Physical Memory | 11.87% Memory free
1.33 Gb Paging File | 0.28 Gb Available in Paging File | 21.29% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Archivos de programa
Drive C: | 74.52 Gb Total Space | 55.70 Gb Free Space | 74.75% Space Free | Partition Type: NTFS

Computer Name: ACER | User Name: gene | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Archivos de programa\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /k cd "%L" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
"DisableUnicastResponsesToMulticastBroad cast" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1723:TCP" = 1723:TCP:*:Enabled:@xpsp2res.dll,-22015
"1701:UDP" = 1701:UDP:*:Enabled:@xpsp2res.dll,-22016
"500:UDP" = 500:UDP:*:Enabled:@xpsp2res.dll,-22017

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
"DisableUnicastResponsesToMulticastBroad cast" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"1723:TCP" = 1723:TCP:*:Enabled:@xpsp2res.dll,-22015
"1701:UDP" = 1701:UDP:*:Enabled:@xpsp2res.dll,-22016
"500:UDP" = 500:UDP:*:Enabled:@xpsp2res.dll,-22017

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Archivos de programa\MSN Messenger\msncall.exe" = C:\Archivos de programa\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)
"C:\Archivos de programa\MSN Messenger\msnmsgr.exe" = C:\Archivos de programa\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
"C:\Archivos de programa\MSN Messenger\livecall.exe" = C:\Archivos de programa\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Documents and Settings\gne\Datos de programa\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe" = C:\Documents and Settings\gne\Datos de programa\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe:*:Enabled:Octoshape add-in for Adobe Flash Player -- (Octoshape ApS)
"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Enabled:Consola de administración de Microsoft -- (Microsoft Corporation)
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)
"C:\Archivos de programa\Java\jre6\bin\java.exe" = C:\Archivos de programa\Java\jre6\bin\java.exe:*:Disabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{188F8473-75E0-4210-9E5A-1292A566A506}" = Linksys Wireless Guard
"{1EBB57D4-63FF-87CC-A0F0-D73982CF6008}" = Adobe Media Player
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 26
"{2CCBABCB-6427-4A55-B091-49864623C43F}" = Google Toolbar for Firefox
"{3E9CA789-3AAC-4F5E-B42D-EA4232DAC60F}" = Atheros Wireless LAN
"{3F4EC965-28EF-45C3-B063-04B25D4E9679}" = WIDCOMM Bluetooth Software
"{43BFB9E2-169C-46A9-BB81-141A37FD9750}" = Adobe Shockwave Player
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56364334-9530-11D2-BFFC-00C04FA329AA}" = Microsoft Works 2000
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{868D7896-99D4-4513-BC62-2B3AD3E24926}" = TuneUp Utilities 2006
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver
"{90110C0A-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A2172ACA-FFA8-4808-BD20-08565C7390F9}" = OGA Notifier 1.7.0105.35.0
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A3BC5D37-30F9-4CF7-BD5C-0DFF063E4B6D}" = 2Wire Wireless Client
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.4
"{AF95557C-A14A-42D2-8C9D-E9650D1A8016}" = Asistente Prodigy
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D458BBDC-0363-42E0-8FF9-4736E3CB3CA2}" = Acer Screensaver
"{D70DE630-0D13-4394-A15B-5ACE6CF2A18D}" = Atheros Wireless LAN
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3812D83-86D2-4445-A841-3E0BA4F9A11C}" = Merriam-Webster 3.0
"2Wire SetupWiz" = Prodigy Infinitum Módem Router Inalámbrico
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Network Adapter
"Browser Defender_is1" = Browser Defender 3.0
"cayahooantispy" = CA Yahoo! Anti-Spy (remove only)
"CCleaner" = CCleaner
"com.adobe.amp.4875E02D9FB21EE389F73B8D1 702B320485DF8CE.1" = Adobe Media Player
"Cool Timer_is1" = Cool Timer 3.6
"EasyJob Resume Builder_is1" = EasyJob Resume Builder 4.00.1974
"EuroTalk Talk Now Plus!" = EuroTalk Talk Now Plus!
"Google Updater" = Google Updater
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{188F8473-75E0-4210-9E5A-1292A566A506}" = Linksys Wireless Guard
"KLiteCodecPack_is1" = K-Lite Codec Pack 2.81 Full
"Learn Inglés Your Way" = Learn Inglés Your Way
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.0.1200
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 4.0.1 (x86 es-ES)" = Mozilla Firefox 4.0.1 (x86 es-ES)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSMONEYV80" = Microsoft Money 2000 Standard Edition
"Nero 7_is1" = Nero 7.5.9.0
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"OnlineArmor_is1" = Online Armor 5.0
"Radio365 2.0" = Radio365 2.0
"RealPlayer 12.0" = RealPlayer
"Spyware Doctor" = Spyware Doctor
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Reproductor de Windows Media 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Search Defender" = Yahoo! Search Protection
"Yahoo! Software Update" = Yahoo! Software Update
"YTdetect" = Yahoo! Detect

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/5/2011 9:06:41 AM | Computer Name = ACER | Source = WmiAdapter | ID = 4099
Description = Error al abrir el servicio.

Error - 6/5/2011 9:09:41 AM | Computer Name = ACER | Source = WmiAdapter | ID = 4099
Description = Error al abrir el servicio.

Error - 6/9/2011 11:26:53 AM | Computer Name = ACER | Source = PerfNet | ID = 2004
Description = No se puede abrir el servicio Servidor. No se devolverán datos de rendimiento
del servidor. El código de error devuelto está en los datos DWORD 0.

[ System Events ]
Error - 6/13/2011 7:15:05 PM | Computer Name = ACER | Source = Service Control Manager | ID = 7011
Description = Intervalo de espera (30000 ms.) para la respuesta de transacción del
servicio Spooler.

Error - 6/13/2011 7:15:06 PM | Computer Name = ACER | Source = Service Control Manager | ID = 7011
Description = Intervalo de espera (30000 ms.) para la respuesta de transacción del
servicio Spooler.

Error - 6/13/2011 7:15:07 PM | Computer Name = ACER | Source = Service Control Manager | ID = 7011
Description = Intervalo de espera (30000 ms.) para la respuesta de transacción del
servicio Spooler.

Error - 6/13/2011 7:15:08 PM | Computer Name = ACER | Source = Service Control Manager | ID = 7011
Description = Intervalo de espera (30000 ms.) para la respuesta de transacción del
servicio Spooler.

Error - 6/13/2011 7:15:09 PM | Computer Name = ACER | Source = Service Control Manager | ID = 7011
Description = Intervalo de espera (30000 ms.) para la respuesta de transacción del
servicio Spooler.

Error - 6/13/2011 7:15:10 PM | Computer Name = ACER | Source = Service Control Manager | ID = 7011
Description = Intervalo de espera (30000 ms.) para la respuesta de transacción del
servicio Spooler.

Error - 6/13/2011 7:15:30 PM | Computer Name = ACER | Source = Service Control Manager | ID = 7011
Description = Intervalo de espera (30000 ms.) para la respuesta de transacción del
servicio Spooler.

Error - 6/13/2011 7:15:45 PM | Computer Name = ACER | Source = Service Control Manager | ID = 7011
Description = Intervalo de espera (30000 ms.) para la respuesta de transacción del
servicio Spooler.

Error - 6/14/2011 6:04:54 PM | Computer Name = ACER | Source = Service Control Manager | ID = 7009
Description = Intervalo de espera (30000 ms.) para la conexión con el servicio Servicio
de puerta de enlace de capa de aplicación.

Error - 6/14/2011 6:04:54 PM | Computer Name = ACER | Source = Service Control Manager | ID = 7000
Description = El servicio Servicio de puerta de enlace de capa de aplicación no
pudo iniciarse debido al siguiente error: %%1053

< End of report >

tepetapan · « **Reply #22 on:** June 16, 2011, 08:45:12 AM »

OTL logfile created on: 6/16/2011 9:16:07 AM - Run 1
OTL by OldTimer - Version 3.2.24.0 Folder = C:\Documents and Settings\gne\Escritorio
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: Estados Unidos | Language: ENU | Date Format: M/d/yyyy

502.05 Mb Total Physical Memory | 59.60 Mb Available Physical Memory | 11.87% Memory free
1.33 Gb Paging File | 0.28 Gb Available in Paging File | 21.29% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Archivos de programa
Drive C: | 74.52 Gb Total Space | 55.70 Gb Free Space | 74.75% Space Free | Partition Type: NTFS

Computer Name: ACER | User Name: gene | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\gne\Escritorio\OTL.exe (OldTimer Tools)
PRC - C:\Archivos de programa\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Archivos de programa\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Archivos de programa\PC Tools Security\pctsGui.exe (PC Tools)
PRC - C:\Archivos de programa\PC Tools Security\BDT\FGuard.exe (Threat Expert Ltd.)
PRC - C:\Archivos de programa\PC Tools Security\BDT\BDTUpdateService.exe (Threat Expert Ltd.)
PRC - C:\Archivos de programa\PC Tools Security\TFEngine\TFService.exe (PC Tools)
PRC - C:\Archivos de programa\PC Tools Security\pctsSvc.exe (PC Tools)
PRC - C:\Archivos de programa\Archivos comunes\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
PRC - C:\Archivos de programa\PC Tools Security\Upgrade.exe (PC Tools)
PRC - C:\Archivos de programa\PC Tools Security\pctsAuxs.exe (PC Tools)
PRC - C:\Archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Archivos de programa\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
PRC - C:\Archivos de programa\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\WINDOWS\system32\WgaTray.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\PDF\pdfSaver\pdfSaver3.exe (Tracker Software Products Ltd.)
PRC - C:\Archivos de programa\Linksys Wireless Guard\WscGuard.exe (Wireless Security Corporation)
PRC - C:\Archivos de programa\Linksys Wireless Guard\WscNetMgrSvc.exe (Wireless Security Corporation)
PRC - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Works Shared\wkcalrem.exe (Microsoft® Corporation)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\gne\Escritorio\OTL.exe (OldTimer Tools)
MOD - C:\Archivos de programa\PC Tools Security\TFEngine\TFWAH.dll (PC Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
MOD - C:\Archivos de programa\Linksys Wireless Guard\WscGuiHelper.dll (WSC)

========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- File not found
SRV - (ERSvc) -- File not found
SRV - (CiSvc) -- File not found
SRV - (MBAMService) -- C:\Archivos de programa\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (Browser Defender Update Service) -- C:\Archivos de programa\PC Tools Security\BDT\BDTUpdateService.exe (Threat Expert Ltd.)
SRV - (ThreatFire) -- C:\Archivos de programa\PC Tools Security\TFEngine\TFService.exe (PC Tools)
SRV - (sdCoreService) -- C:\Archivos de programa\PC Tools Security\pctsSvc.exe (PC Tools)
SRV - (nosGetPlusHelper) getPlus(R) -- C:\Archivos de programa\NOS\bin\getPlus_Helper_3004.dll (NOS Microsystems Ltd.)
SRV - (sdAuxService) -- C:\Archivos de programa\PC Tools Security\pctsAuxs.exe (PC Tools)
SRV - (YahooAUService) -- C:\Archivos de programa\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (WinDefend) -- C:\Archivos de programa\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SRV - (UxTuneUp) -- C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software GmbH)
SRV - (WSCNetManager) -- C:\Archivos de programa\Linksys Wireless Guard\WscNetMgrSvc.exe (Wireless Security Corporation)
SRV - (ose) -- C:\Archivos de programa\Archivos comunes\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (pctgntdi) -- C:\WINDOWS\system32\drivers\pctgntdi.sys (PC Tools)
DRV - (TFSysMon) -- C:\WINDOWS\system32\drivers\TfSysMon.sys (PC Tools)
DRV - (TfNetMon) -- C:\WINDOWS\system32\drivers\TfNetMon.sys (PC Tools)
DRV - (TfFsMon) -- C:\WINDOWS\system32\drivers\TfFsMon.sys (PC Tools)
DRV - (pctplsg) -- C:\WINDOWS\system32\drivers\pctplsg.sys (PC Tools)
DRV - (PCTCore) -- C:\WINDOWS\system32\drivers\PCTCore.sys (PC Tools)
DRV - (taphss) -- C:\WINDOWS\system32\drivers\taphss.sys (AnchorFree Inc)
DRV - (pctEFA) -- C:\WINDOWS\system32\drivers\pctEFA.sys (PC Tools)
DRV - (pctDS) -- C:\WINDOWS\system32\drivers\pctDS.sys (PC Tools)
DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (AR5211) -- C:\WINDOWS\system32\drivers\ar5211.sys (Atheros Communications, Inc.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (2WIREPCP) -- C:\WINDOWS\system32\drivers\2WirePCP.sys (2Wire, Inc.)
DRV - (ESMCR) -- C:\WINDOWS\system32\drivers\ESM7SK.sys (ENE Technology Inc.)
DRV - (ESDCR) -- C:\WINDOWS\system32\drivers\ESD7SK.sys (ENE Technology Inc.)
DRV - (EMSCR) -- C:\WINDOWS\system32\drivers\EMS7SK.sys (ENE Technology Inc.)
DRV - (btaudio) -- C:\WINDOWS\system32\drivers\btaudio.sys (Broadcom Corporation.)
DRV - (BTSERIAL) -- C:\WINDOWS\system32\drivers\btserial.sys (Broadcom Corporation.)
DRV - (BTKRNL) -- C:\WINDOWS\system32\drivers\btkrnl.sys (Broadcom Corporation.)
DRV - (BTDriver) -- C:\WINDOWS\system32\drivers\btport.sys (Broadcom Corporation.)
DRV - (BTWDNDIS) -- C:\WINDOWS\system32\drivers\btwdndis.sys (Broadcom Corporation.)
DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (MDC8021X) AEGIS Protocol (IEEE 802.1x) -- C:\WINDOWS\system32\drivers\mdc8021x.sys (Meetinghouse Data Communications)
DRV - (WscNetDr) -- C:\WINDOWS\system32\drivers\WscNetDr.sys (Wireless Security Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://mx.my.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\g, = http://www.google.es/search?q=%s
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Archivos de programa\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultEngine: "Yahoo"
FF - prefs.js..browser.search.defaultenginen ame: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p="
FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com//?fr=fp-tyc8"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.6.20090220
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p="

FF - HKLM\software\mozilla\Firefox\Extensions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16}: C:\Archivos de programa\PC Tools Security\BDT\Firefox\ [2011/04/21 08:31:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\Documents and Settings\All Users\Datos de programa\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2011/05/09 08:05:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Archivos de programa\Mozilla Firefox\components [2011/05/08 12:51:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Archivos de programa\Mozilla Firefox\plugins [2011/06/08 07:21:43 | 000,000,000 | ---D | M]

[2009/05/03 15:25:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\gne\Datos de programa\Mozilla\Extensions
[2011/06/15 13:58:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\gne\Datos de programa\Mozilla\Firefox\Profiles\q616o4o9.default\extensions
[2011/06/03 12:18:01 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\gne\Datos de programa\Mozilla\Firefox\Profiles\q616o4o9.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011/06/15 13:58:35 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\gne\Datos de programa\Mozilla\Firefox\Profiles\q616o4o9.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/05/12 14:36:14 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Documents and Settings\gne\Datos de programa\Mozilla\Firefox\Profiles\q616o4o9.default\extensions\[email protected]
[2011/06/07 18:54:27 | 000,000,000 | ---D | M] (No name found) -- C:\Archivos de programa\Mozilla Firefox\extensions
[2011/06/07 18:47:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Archivos de programa\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
File not found (No name found) --
[2011/06/07 18:47:00 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\ARCHIVOS DE PROGRAMA\JAVA\JRE6\LIB\DEPLOY\JQS\FF
() (No name found) -- C:\DOCUMENTS AND SETTINGS\GNE\DATOS DE PROGRAMA\MOZILLA\FIREFOX\PROFILES\Q616O4O9.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2009/09/01 10:00:51 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/04/14 11:43:44 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Archivos de programa\Mozilla Firefox\components\browsercomps.dll
[2011/06/07 18:46:55 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Archivos de programa\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Archivos de programa\Mozilla Firefox\searchplugins\bing.xml
[2010/01/01 03:00:00 | 000,003,996 | ---- | M] () -- C:\Archivos de programa\Mozilla Firefox\searchplugins\drae.xml
[2010/01/01 03:00:00 | 000,001,143 | ---- | M] () -- C:\Archivos de programa\Mozilla Firefox\searchplugins\eBay-es.xml
[2010/01/01 03:00:00 | 000,001,178 | ---- | M] () -- C:\Archivos de programa\Mozilla Firefox\searchplugins\wikipedia-es.xml
[2010/01/01 03:00:00 | 000,001,102 | ---- | M] () -- C:\Archivos de programa\Mozilla Firefox\searchplugins\yahoo-es.xml

O1 HOSTS File: ([2011/06/08 17:54:59 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - File not found
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Archivos de programa\Archivos comunes\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Archivos de programa\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Archivos de programa\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Archivos de programa\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - File not found
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Archivos de programa\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Archivos de programa\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O4 - HKLM..\Run: [Adobe ARM] C:\Archivos de programa\Archivos comunes\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ISTray] C:\Archivos de programa\PC Tools Security\pctsGui.exe (PC Tools)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Archivos de programa\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PCTools FGuard] C:\Archivos de programa\PC Tools Security\BDT\FGuard.exe (Threat Expert Ltd.)
O4 - HKLM..\Run: [TkBellExe] C:\Archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [YSearchProtection] C:\Archivos de programa\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKCU..\Run: [pdfSaver3] C:\Program Files\PDF\pdfSaver\pdfSaver3.exe (Tracker Software Products Ltd.)
O4 - HKCU..\Run: [Search Protection] C:\Archivos de programa\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKCU..\Run: [YSearchProtection] C:\Archivos de programa\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - Startup: C:\Documents and Settings\All Users\Menú Inicio\Programas\Inicio\Linksys Wireless Guard.lnk = C:\Archivos de programa\Linksys Wireless Guard\WscGuard.exe (Wireless Security Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Menú Inicio\Programas\Inicio\Microsoft Works Calendar Reminders.lnk = C:\Archivos de programa\Archivos comunes\Microsoft Shared\Works Shared\wkcalrem.exe (Microsoft® Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoInternetOpenWith = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre6\bin\npjpi160_26.dll (Sun Microsystems, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Archivos de programa\Archivos comunes\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Archivos de programa\Archivos comunes\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Archivos de programa\Archivos comunes\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Archivos de programa\Archivos comunes\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O15 - HKCU\..Trusted Domains: bcnonline.com ([www] https in Trusted sites)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1187408947453 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1195573220859 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} http://148.213.21.243/activex/AMC.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Archivos de programa\Archivos comunes\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (XPize_Logon.exe) - C:\WINDOWS\System32\XPize_Logon.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Mi página de inicio actual) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\gne\Configuración local\Datos de programa\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\gne\Configuración local\Datos de programa\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Archivos de programa\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/08/15 20:48:56 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/16 09:13:13 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\gne\Escritorio\OTL.exe
[2011/06/16 09:08:54 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\regsvc.dll
[2011/06/09 09:55:38 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011/06/09 09:42:28 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/06/08 17:17:07 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\proquota.exe
[2011/06/08 17:03:02 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/06/08 16:58:45 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/06/08 16:58:45 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/06/08 16:58:45 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/06/08 16:58:45 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/06/08 16:49:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/06/08 16:41:48 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/06/08 09:08:26 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/06/07 18:47:36 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/06/07 18:47:36 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/06/07 18:47:36 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/06/05 09:56:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\gne\Datos de programa\Malwarebytes
[2011/06/05 09:56:18 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/06/05 09:56:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menú Inicio\Programas\Malwarebytes' Anti-Malware
[2011/06/05 09:56:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Datos de programa\Malwarebytes
[2011/06/05 09:56:12 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/06/05 09:56:12 | 000,000,000 | ---D | C] -- C:\Archivos de programa\Malwarebytes' Anti-Malware
[2011/06/05 09:48:01 | 000,000,000 | ---D | C] -- C:\Archivos de programa\CCleaner
[2011/06/05 08:50:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\gne\Datos de programa\OnlineArmor
[2011/06/05 08:50:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Datos de programa\OnlineArmor
[2011/06/04 17:49:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\gne\Datos de programa\SUPERAntiSpyware.com
[2011/06/04 17:48:08 | 000,000,000 | ---D | C] -- C:\Archivos de programa\SUPERAntiSpyware
[2011/06/04 17:37:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menú Inicio\Programas\CCleaner
[2011/06/04 15:32:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menú Inicio\Programas\Online Armor
[2011/06/04 15:32:19 | 000,029,464 | ---- | C] (Emsisoft) -- C:\WINDOWS\System32\drivers\OAnet.sys
[2011/06/04 15:32:19 | 000,025,192 | ---- | C] (Emsisoft) -- C:\WINDOWS\System32\drivers\OAmon.sys
[2011/06/04 15:32:11 | 000,000,000 | ---D | C] -- C:\Archivos de programa\Online Armor
[2011/05/27 07:34:46 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2009/01/20 12:59:00 | 000,018,944 | ---- | C] ( ) -- C:\WINDOWS\System32\Implode.dll
[91 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[86 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[24 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/16 09:28:32 | 000,000,434 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{24DAE1F8-C8C2-44DD-A5B3-29D9CCA234F3}.job
[2011/06/16 09:28:01 | 000,000,434 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{CC7F30DA-B4C9-4AD8-BE6E-62B4DDA2FBFC}.job
[2011/06/16 09:14:54 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\gne\Escritorio\OTL.exe
[2011/06/16 09:13:31 | 000,001,102 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/16 09:09:46 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/16 09:08:14 | 000,000,098 | ---- | M] () -- C:\Documents and Settings\gne\Escritorio\event.bat
[2011/06/16 08:14:37 | 000,001,020 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/06/16 08:13:38 | 000,001,098 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/16 07:29:57 | 000,000,264 | ---- | M] () -- C:\WINDOWS\tasks\OGADaily.job
[2011/06/16 07:09:24 | 000,000,264 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2011/06/16 07:03:30 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/15 13:02:20 | 000,000,344 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/06/14 10:15:00 | 000,000,452 | ---- | M] () -- C:\WINDOWS\tasks\Mantenimiento con 1 clic.job
[2011/06/09 13:37:13 | 000,014,848 | ---- | M] () -- C:\Documents and Settings\gne\Mis documentos\amazon.WPS
[2011/06/09 10:34:36 | 003,444,736 | ---- | M] () -- C:\Documents and Settings\gne\Mis documentos\My Money2.mny
[2011/06/09 10:34:35 | 003,445,957 | R--- | M] () -- C:\Documents and Settings\gne\Mis documentos\My Money Backup.mbf
[2011/06/08 17:54:59 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/06/08 17:03:08 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/06/08 09:57:42 | 000,693,570 | ---- | M] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2011/06/08 09:52:14 | 000,000,134 | ---- | M] () -- C:\Documents and Settings\gne\Escritorio\Internet Explorer Troubleshooting.url
[2011/06/07 18:46:54 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2011/06/07 18:46:54 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/06/07 18:46:54 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/06/07 18:46:54 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/06/07 18:46:54 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011/06/06 07:40:23 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/06/05 09:56:18 | 000,000,833 | ---- | M] () -- C:\Documents and Settings\All Users\Escritorio\Malwarebytes' Anti-Malware.lnk
[2011/06/05 09:48:03 | 000,000,731 | ---- | M] () -- C:\Documents and Settings\All Users\Escritorio\CCleaner.lnk
[2011/06/04 13:40:05 | 000,000,071 | ---- | M] () -- C:\WINDOWS\PrintWorkShop2004LE.ini
[2011/06/04 07:45:48 | 000,044,751 | ---- | M] () -- C:\Documents and Settings\gne\Mis documentos\My Money2 ddd.qif
[2011/06/04 07:42:50 | 000,035,718 | ---- | M] () -- C:\Documents and Settings\gne\Mis documentos\My Money2 hh.qif
[2011/06/03 15:35:39 | 000,000,921 | ---- | M] () -- C:\Documents and Settings\gne\Mis documentos\My Sharing Folders.lnk
[2011/06/02 10:42:27 | 000,013,824 | ---- | M] () -- C:\Documents and Settings\gne\Mis documentos\WISH LIST.wps
[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[91 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[86 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[24 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/16 09:08:14 | 000,000,098 | ---- | C] () -- C:\Documents and Settings\gne\Escritorio\event.bat
[2011/06/09 13:37:12 | 000,014,848 | ---- | C] () -- C:\Documents and Settings\gne\Mis documentos\amazon.WPS
[2011/06/08 17:03:08 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/06/08 17:03:06 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/06/08 16:58:45 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/06/08 16:58:45 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/06/08 16:58:45 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/06/08 16:58:45 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/06/08 16:58:45 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/06/08 09:52:14 | 000,000,134 | ---- | C] () -- C:\Documents and Settings\gne\Escritorio\Internet Explorer Troubleshooting.url
[2011/06/05 09:56:18 | 000,000,833 | ---- | C] () -- C:\Documents and Settings\All Users\Escritorio\Malwarebytes' Anti-Malware.lnk
[2011/06/05 09:48:02 | 000,000,731 | ---- | C] () -- C:\Documents and Settings\All Users\Escritorio\CCleaner.lnk
[2011/06/04 15:32:19 | 000,205,864 | ---- | C] () -- C:\WINDOWS\System32\drivers\OADriver.sys
[2011/06/04 15:32:19 | 000,039,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\oahlp32.sys
[2011/06/04 07:45:43 | 000,044,751 | ---- | C] () -- C:\Documents and Settings\gne\Mis documentos\My Money2 ddd.qif
[2011/06/04 07:42:40 | 000,035,718 | ---- | C] () -- C:\Documents and Settings\gne\Mis documentos\My Money2 hh.qif
[2011/06/02 10:11:16 | 000,013,824 | ---- | C] () -- C:\Documents and Settings\gne\Mis documentos\WISH LIST.wps
[2011/04/19 13:07:16 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll0457.old
[2011/04/19 13:07:16 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
[2009/01/20 12:59:02 | 000,204,848 | ---- | C] () -- C:\WINDOWS\System32\gswin32c.exe
[2009/01/20 12:59:00 | 000,748,160 | ---- | C] () -- C:\WINDOWS\System32\Co2c40en.dll
[2009/01/20 12:59:00 | 000,054,272 | ---- | C] () -- C:\WINDOWS\System32\P2irdao.dll
[2009/01/20 12:59:00 | 000,050,176 | ---- | C] () -- C:\WINDOWS\System32\P2ctdao.dll
[2008/12/31 18:04:42 | 000,691,560 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2008/12/31 18:04:42 | 000,528,744 | ---- | C] () -- C:\WINDOWS\System32\OGAVerify.exe
[2008/11/19 13:19:50 | 000,006,144 | ---- | C] () -- C:\Documents and Settings\gne\Configuración local\Datos de programa\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/31 15:14:52 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2008/09/02 09:58:06 | 000,000,421 | ---- | C] () -- C:\Documents and Settings\gne\Datos de programa\.googlewebacchosts
[2008/06/03 12:29:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/04/12 18:20:58 | 000,000,049 | ---- | C] () -- C:\WINDOWS\System32\imon1.dat
[2008/03/29 11:59:18 | 000,071,456 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2008/03/28 15:55:13 | 000,000,765 | ---- | C] () -- C:\WINDOWS\602Photo.INI
[2008/02/25 13:21:48 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Datos de programa\ezsid.dat
[2008/02/13 15:30:01 | 000,000,105 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/09/24 08:02:21 | 000,000,071 | ---- | C] () -- C:\WINDOWS\PrintWorkShop2004LE.ini
[2007/08/19 17:43:52 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/08/19 09:35:09 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\gne\Configuración local\Datos de programa\fusioncache.dat
[2007/08/15 23:24:51 | 000,356,352 | R--- | C] () -- C:\WINDOWS\EMCRI.dll
[2007/08/15 23:22:33 | 000,086,016 | R--- | C] () -- C:\WINDOWS\System32\preflib.dll
[2007/08/15 22:51:34 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2007/08/15 22:33:22 | 000,018,944 | R--- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
[2007/08/15 22:33:21 | 000,757,760 | R--- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2007/08/15 21:40:29 | 000,004,205 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007/08/15 21:39:25 | 000,368,096 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2007/08/15 21:02:22 | 000,000,379 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/08/15 20:58:55 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\BCGPOleAcc.dll
[2007/08/15 20:58:24 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/08/15 20:58:24 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007/08/15 20:58:24 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2007/08/15 20:58:23 | 000,005,120 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2007/08/15 20:49:39 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2007/08/15 20:45:52 | 000,021,900 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/01/17 03:31:30 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2005/12/14 13:59:52 | 000,000,038 | ---- | C] () -- C:\WINDOWS\Acer.ini
[2004/08/19 08:58:52 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/02 07:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2003/08/14 12:59:40 | 000,026,013 | ---- | C] () -- C:\WINDOWS\System32\sleep.exe
[2001/11/14 05:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[2001/10/06 11:58:36 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/10/06 11:58:34 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/24 10:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/24 10:00:00 | 000,520,188 | ---- | C] () -- C:\WINDOWS\System32\perfh00A.dat
[2001/08/24 10:00:00 | 000,453,530 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/24 10:00:00 | 000,317,534 | ---- | C] () -- C:\WINDOWS\System32\perfi00A.dat
[2001/08/24 10:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/24 10:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/24 10:00:00 | 000,100,202 | ---- | C] () -- C:\WINDOWS\System32\perfc00A.dat
[2001/08/24 10:00:00 | 000,077,890 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/24 10:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/24 10:00:00 | 000,036,284 | ---- | C] () -- C:\WINDOWS\System32\perfd00A.dat
[2001/08/24 10:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat

========== LOP Check ==========

[2011/04/19 12:00:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\avg9
[2011/06/05 09:35:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\OnlineArmor
[2011/06/16 07:17:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\TEMP
[2010/08/25 18:26:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\WinZip
[2011/06/16 07:10:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\WSC Guard
[2010/08/07 07:30:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\gne\Datos de programa\AVG9
[2010/01/03 14:06:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\gne\Datos de programa\EasyJob Resume Builder
[2007/09/16 11:45:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\gne\Datos de programa\EuroTalk
[2009/11/13 10:33:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\gne\Datos de programa\Gizmo5
[2008/06/22 16:28:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\gne\Datos de programa\ieSpell
[2011/06/05 08:51:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\gne\Datos de programa\OnlineArmor
[2010/07/30 08:36:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\gne\Datos de programa\Sammsoft
[2010/01/03 14:07:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\gne\Datos de programa\SmartDraw
[2007/09/24 08:18:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\gne\Datos de programa\Software602
[2009/04/01 09:49:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\gne\Datos de programa\StarOffice8
[2007/09/28 10:23:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\gne\Datos de programa\TuneUp Software
[2008/10/13 08:45:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\gne\Datos de programa\WeatherWatcher
[2008/11/20 08:28:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\gne\Datos de programa\WeatherWatcherLive
[2009/01/20 10:36:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\gne\Datos de programa\Your Company
[2011/06/14 10:15:00 | 000,000,452 | ---- | M] () -- C:\WINDOWS\Tasks\Mantenimiento con 1 clic.job
[2011/06/15 13:02:20 | 000,000,344 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2011/06/16 07:29:57 | 000,000,264 | ---- | M] () -- C:\WINDOWS\Tasks\OGADaily.job
[2011/06/16 07:09:24 | 000,000,264 | ---- | M] () -- C:\WINDOWS\Tasks\OGALogon.job
[2011/06/16 09:28:32 | 000,000,434 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{24DAE1F8-C8C2-44DD-A5B3-29D9CCA234F3}.job
[2011/06/16 09:28:01 | 000,000,434 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{CC7F30DA-B4C9-4AD8-BE6E-62B4DDA2FBFC}.job

========== Purity Check ==========

========== Custom Scans ==========

< :OTL >

< TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File >

< TB: {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - No File >

< TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File >

< uRun: [<NO NAME>] >

< mRun: [TkBellExe] "c:\archivos de programa\archivos comunes\real\update_ob\realsched.exe" -osboot >

< Trusted Zone: bcnonline.com\www >

< c:\windows\DUMP78e9.tmp >
[24 c:\windows\*.tmp files -> c:\windows\*.tmp -> ]

< c:\windows\DUMP74e1.tmp >
[24 c:\windows\*.tmp files -> c:\windows\*.tmp -> ]

< >

< :COMMANDS >

< [resethosts] >

< [purity] >

< [emptytemp] >

< [start explorer] >

========== Alternate Data Streams ==========

@Alternate Data Stream - 196 bytes -> C:\Documents and Settings\All Users\Datos de programa\TEMP:DFC5A2B2
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Datos de programa\TEMP:430C6D84
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Datos de programa\TEMP:A8ADE5D8
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Datos de programa\TEMP:FA5F15C4

< End of report >

tepetapan · « **Reply #23 on:** June 16, 2011, 12:06:45 PM »

I don´t know what happened but we must have stirred something up. 22 e-mails sent out by the worm. It had been over a week or more since that happened.

tepetapan · « **Reply #24 on:** June 16, 2011, 04:09:56 PM »

I noticed errors of the spool server so I had to look it up. From what I saw it has to do with a printer, which I do not have and I have not had a printer for years. It´s cheaper to have stuff printed at an internet cafe and use their ink.

SuperDave · « **Reply #25 on:** June 16, 2011, 04:39:56 PM »

Please run another scan with ComboFix and post the log.

* Open OTL
* Copy and Paste the following text in the codebox into the Custom Scans/Fixes window.

Code: [Select]

:OTL
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} -  File not found
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} -  File not found
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -  File not found
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -  File not found
O4 - HKLM..\Run: [TkBellExe] C:\Archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe (RealNetworks, Inc.)

:COMMANDS
[resethosts]
[purity]
[emptytemp]
[start explorer]

* Click Run Fix
* OTLI2 may ask to reboot the machine. Please do so if asked.
* Click OK
* A report will open. Copy and Paste that report in your next reply.

tepetapan · « **Reply #26 on:** June 16, 2011, 06:33:25 PM »

OK SuperDave. I must have really stirred things up today, like poking at a snake with a stick Just sent out another 20+ emails.

I will do it in the AM.

tepetapan · « **Reply #27 on:** June 17, 2011, 08:33:56 AM »

ComboFix 11-06-16.02 - gene 06/17/2011 9:12.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.34.3082.18.502.213 [GMT -5:00]
Running from: c:\documents and settings\gne\Escritorio\ComboFix.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-05-17 to 2011-06-17 )))))))))))))))))))))))))))))))
.
.
2011-06-16 14:08 . 2008-04-14 02:18   59904   ----a-w-   c:\windows\system32\regsvc.dll
2011-06-16 14:08 . 2008-04-14 02:18   59904   ----a-w-   c:\windows\system32\dllcache\regsvc.dll
2011-06-08 22:17 . 2008-04-14 02:19   50688   ----a-w-   c:\windows\system32\proquota.exe
2011-06-08 21:50 . 2008-04-14 01:51   53248   ----a-w-   c:\windows\system32\drivers\Volsnap.sys
2011-06-08 14:08 . 2011-06-08 14:08   --------   d-----w-   C:\_OTL
2011-06-05 14:56 . 2011-06-05 14:56   --------   d-----w-   c:\documents and settings\gne\Datos de programa\Malwarebytes
2011-06-05 14:56 . 2011-05-29 14:11   39984   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-05 14:56 . 2011-06-05 14:56   --------   d-----w-   c:\documents and settings\All Users\Datos de programa\Malwarebytes
2011-06-05 14:56 . 2011-06-05 14:56   --------   d-----w-   c:\archivos de programa\Malwarebytes' Anti-Malware
2011-06-05 14:56 . 2011-05-29 14:11   22712   ----a-w-   c:\windows\system32\drivers\mbam.sys
2011-06-05 14:48 . 2011-06-05 14:48   --------   d-----w-   c:\archivos de programa\CCleaner
2011-06-05 14:36 . 2011-06-05 14:36   --------   d-----w-   c:\windows\system32\wbem\Repository
2011-06-05 13:50 . 2011-06-05 14:35   --------   d-----w-   c:\documents and settings\All Users\Datos de programa\OnlineArmor
2011-06-05 13:50 . 2011-06-05 13:51   --------   d-----w-   c:\documents and settings\gne\Datos de programa\OnlineArmor
2011-06-05 13:22 . 2011-06-05 13:22   --------   d-----w-   c:\documents and settings\Invitado.ACER\Datos de programa\OnlineArmor
2011-06-04 22:49 . 2011-06-04 22:49   --------   d-----w-   c:\documents and settings\gne\Datos de programa\SUPERAntiSpyware.com
2011-06-04 22:48 . 2011-06-05 13:36   --------   d-----w-   c:\archivos de programa\SUPERAntiSpyware
2011-06-04 20:32 . 2011-04-06 18:02   39048   ----a-w-   c:\windows\system32\drivers\oahlp32.sys
2011-06-04 20:32 . 2011-04-06 18:01   29464   ----a-w-   c:\windows\system32\drivers\OAnet.sys
2011-06-04 20:32 . 2011-04-06 18:01   25192   ----a-w-   c:\windows\system32\drivers\OAmon.sys
2011-06-04 20:32 . 2011-04-06 18:01   205864   ----a-w-   c:\windows\system32\drivers\OADriver.sys
2011-06-04 20:32 . 2011-06-05 14:06   --------   d-----w-   c:\archivos de programa\Online Armor
2011-05-27 12:34 . 2011-06-06 12:40   404640   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-19 19:02 . 2011-05-19 23:33   --------   d-----w-   c:\documents and settings\Invitado.ACER\Configuración local\Datos de programa\Adobe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-07 23:46 . 2010-06-04 14:19   472808   ----a-w-   c:\windows\system32\deployJava1.dll
2011-06-07 23:46 . 2007-08-16 01:58   73728   ----a-w-   c:\windows\system32\javacpl.cpl
2011-06-04 20:02 . 2007-08-16 03:34   98304   ----a-w-   c:\windows\DUMP78e9.tmp
2011-06-04 14:37 . 2007-08-16 03:34   98304   ----a-w-   c:\windows\DUMP74e1.tmp
2011-04-18 14:15 . 2011-04-19 18:05   7071056   ----a-w-   c:\documents and settings\All Users\Datos de programa\Microsoft\Windows Defender\Definition Updates\{0D6AB577-A1AF-4499-8FD0-F4E3D16E44D4}\mpengine.dll
2011-04-14 16:43 . 2011-05-07 21:31   142296   ----a-w-   c:\archivos de programa\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"pdfSaver3"="c:\program files\PDF\pdfSaver\pdfSaver3.exe" [2004-05-19 385024]
"swg"="c:\archivos de programa\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-19 68856]
"Search Protection"="c:\archivos de programa\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"YSearchProtection"="c:\archivos de programa\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"Skype"="c:\archivos de programa\Skype\Phone\Skype.exe" [2011-01-26 15026056]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"YSearchProtection"="c:\archivos de programa\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"TkBellExe"="c:\archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe" [2009-11-25 198160]
"Adobe Reader Speed Launcher"="c:\archivos de programa\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\archivos de programa\Archivos comunes\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"Malwarebytes' Anti-Malware"="c:\archivos de programa\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]
"ISTray"="c:\archivos de programa\PC Tools Security\pctsGui.exe" [2011-01-13 1589208]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\archiv~1\ARCHIV~1\MICROS~1\DW\dwtrig20.exe" [2007-03-23 39264]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"=hex(2):58,50,69,7a,65,5f,4c,6f,67,6f,6e,2e,65,78,65,00
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menú Inicio^Programas^Inicio^BTTray.lnk]
path=c:\documents and settings\All Users\Menú Inicio\Programas\Inicio\BTTray.lnk
backup=c:\windows\pss\BTTray.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-03 02:43   69632   ----a-w-   c:\windows\Alcmtr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcWzrd]
2006-05-04 00:26   2808832   ----a-w-   c:\windows\alcwzrd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]
2005-11-11 12:40   1236992   ----a-r-   c:\windows\system32\WLTRAY.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 02:18   15360   ----a-w-   c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
2006-03-23 04:13   77824   ----a-r-   c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
2006-03-23 04:17   118784   ----a-r-   c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
2006-03-23 04:17   94208   ----a-r-   c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2006-12-18 19:12   16062464   ----a-w-   c:\windows\RTHDCPL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
2006-05-16 02:04   2879488   ----a-w-   c:\windows\SkyTel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2006-07-21 00:14   86016   ----a-w-   c:\windows\SoundMan.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TaskSwitchXP]
2006-08-04 22:29   62976   ----a-w-   c:\archivos de programa\TaskSwitchXP\TaskSwitchXP.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableUnicastResponsesToMulticastBroad cast"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\gne\\Datos de programa\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Archivos de programa\\Java\\jre6\\bin\\java.exe"=
"c:\\Archivos de programa\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Archivos de programa\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [8/15/2007 8:49 PM 639224]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]
R0 TFSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]
R2 MBAMService;MBAMService;c:\archivos de programa\Malwarebytes' Anti-Malware\mbamservice.exe [6/5/2011 9:56 AM 366640]
R2 WinDefend;Windows Defender;c:\archivos de programa\Windows Defender\MsMpEng.exe [11/3/2006 8:19 PM 13592]
R2 WSCNetManager;Linksys Wireless Guard Network Manager Service;c:\archivos de programa\Linksys Wireless Guard\WscNetMgrSvc.exe [4/18/2004 9:57 AM 663635]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [6/5/2011 9:56 AM 22712]
R3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\TfNetMon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]
R4 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys --> c:\windows\system32\drivers\PCTCore.sys [?]
R4 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys --> c:\windows\system32\drivers\pctDS.sys [?]
R4 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys --> c:\windows\system32\drivers\pctEFA.sys [?]
R4 pctgntdi;pctgntdi;\??\c:\windows\system32\drivers\pctgntdi.sys --> c:\windows\system32\drivers\pctgntdi.sys [?]
S2 gupdate1c98614e61c2c66;Google Update Service (gupdate1c98614e61c2c66);c:\archivos de programa\Google\Update\GoogleUpdate.exe [2/3/2009 10:34 AM 133104]
S3 gupdatem;Servicio de Google Update (gupdatem);c:\archivos de programa\Google\Update\GoogleUpdate.exe [2/3/2009 10:34 AM 133104]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [6/5/2011 9:56 AM 39984]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [8/19/2004 8:43 AM 14336]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - pctplsg
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper   REG_MULTI_SZ     nosGetPlusHelper
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 09:32   128512   ------w-   c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-17 c:\windows\Tasks\Google Software Updater.job
- c:\archivos de programa\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-08-18 23:22]
.
2011-06-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\archivos de programa\Google\Update\GoogleUpdate.exe [2009-02-03 15:34]
.
2011-06-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\archivos de programa\Google\Update\GoogleUpdate.exe [2009-02-03 15:34]
.
2011-06-16 c:\windows\Tasks\Mantenimiento con 1 clic.job
- c:\archivos de programa\TuneUp Utilities 2006\SystemOptimizer.exe [2006-10-06 03:37]
.
2011-06-17 c:\windows\Tasks\MP Scheduled Scan.job
- c:\archivos de programa\Windows Defender\MpCmdRun.exe [2006-11-04 01:20]
.
2011-06-17 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 23:04]
.
2011-06-17 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 23:04]
.
2011-06-17 c:\windows\Tasks\User_Feed_Synchronization-{24DAE1F8-C8C2-44DD-A5B3-29D9CCA234F3}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 09:31]
.
2011-06-17 c:\windows\Tasks\User_Feed_Synchronization-{CC7F30DA-B4C9-4AD8-BE6E-62B4DDA2FBFC}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://mx.my.yahoo.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xportar a Microsoft Excel - c:\archiv~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\archivos de programa\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: Lookup on Merriam Webster - file://c:\archivos de programa\ieSpell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\archivos de programa\ieSpell\wikipedia.HTM
Trusted Zone: bcnonline.com\www
TCP: DhcpNameServer = 192.168.1.254
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://148.213.21.243/activex/AMC.cab
FF - ProfilePath - c:\documents and settings\gne\Datos de programa\Mozilla\Firefox\Profiles\q616o4o9.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com//?fr=fp-tyc8
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - user.js: yahoo.homepage.dontask - true
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-17 09:25
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
"A0C0110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(716)
c:\archivos de programa\PC Tools Security\TFEngine\TFMon.dll
c:\archivos de programa\PC Tools Security\TFEngine\TFRK.dll
.
- - - - - - - > 'lsass.exe'(792)
c:\archivos de programa\Archivos comunes\PC Tools\Lsp\PCTLsp.dll
.
- - - - - - - > 'explorer.exe'(3840)
c:\windows\system32\WININET.dll
c:\archivos de programa\Linksys Wireless Guard\WscGuiHelper.dll
c:\archiv~1\WINDOW~2\wmpband.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-06-17 09:30:13
ComboFix-quarantined-files.txt 2011-06-17 14:30
.
Pre-Run: 59,876,802,560 bytes libres
Post-Run: 59,870,609,408 bytes libres
.
- - End Of File - - 7FBE86461726F9ACEBF4833202C47ADE

tepetapan · « **Reply #28 on:** June 17, 2011, 09:09:02 AM »

I ran otl and it froze up again. I waited 30 minutes but it said " no responde" and I could not close the program or the computer so I popped the battery yet again. Upon starting back up it went into some mode, a couple things translated from spanish is "verifying the system of you file in c" and "would verify of disc". After it finished this process the computer started normally.
On another note, after the Combofix ran, the computer acted good, even fast as compared to before. It still seems to be running good.
I will try to run OTL again in a bit.

tepetapan · « **Reply #29 on:** June 17, 2011, 01:16:05 PM »

tried OTL again, it ran for less than 15 seconds and stopped. "No Responde" it says.

Computer Hope Forum

News:

Author Topic: worms in my computer (Read 19151 times)

SuperDave

Re: worms in my computer

tepetapan

Re: worms in my computer

SuperDave

Re: worms in my computer

tepetapan

Re: worms in my computer

tepetapan

Re: worms in my computer

SuperDave

Re: worms in my computer

tepetapan

Re: worms in my computer

tepetapan

Re: worms in my computer

tepetapan

Re: worms in my computer

tepetapan

Re: worms in my computer

SuperDave

Re: worms in my computer

tepetapan

Re: worms in my computer

tepetapan

Re: worms in my computer

tepetapan

Re: worms in my computer

tepetapan

Re: worms in my computer