Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Infection with CWS.Xplugin, RemAdm-PSKill [Closed]

Started by mphmd , May 17 2009 10:33 PM

  • This topic is locked This topic is locked

#1
mphmd
Posted 17 May 2009 - 10:33 PM

mphmd

    New Member

  • Member
  • Pip
  • 6 posts
The following programs have detected the problem, but failed to remove it:
- spybot search and destroy
- webroots antivirus-antispyware
- McAfee antivirus
- Super Antispyware
- Spyware Doctor


Webroots reported it as CWS.Xplugin. McAfee reported it as: RemAdm-PSKill. I've tried running these programs in safe mode, with the ethernet cable unplugged. They detect problems and suppossedly fix them, but they always reappear in regular mode. When I manually try to remove some detected files, they change names to the following:
C:\System Volume Information\_restore{CE28F3C2-792F-4D83-AAF1-5F9F78B56D3E}\RP1133\A0094844.exe, and the pc won't allow me to delete it, or access it (I tried through the command prompt).

As far as symptoms: my browser gets redirected frequently, especially when I access my gmail account. Also, when I mispell websites for instance "g.com", instead of google.com it redirects me to the same site.

The surfing speed is very slow. There are random "exception errors", "memory errors" while browsing. Before this, I could run housecall from trendmicro with no problems, now I can't... firefox freezes while downloading the browser plugin, the java plugin doesn't seem to work, and internet explorer just gives the error: "the operation couldn't be completed". I ran the MS Malicious software removal tool, the specific one for the conficker virus, fearing an infection- it doesn't detect anything.
I would really appreciate any help possible. I'm attaching the logs you requested:

My OS is Windows XP, service pack 3.

Thank you so much for any help with this! I've been trying to get rid of this nuissance for weeks now.


Malwarebytes' Anti-Malware 1.36
Database version: 2145
Windows 5.1.2600 Service Pack 3

5/17/2009 5:26:25 PM
mbam-log-2009-05-17 (17-26-25).txt

Scan type: Full Scan (C:\|)
Objects scanned: 262512
Time elapsed: 2 hour(s), 20 minute(s), 1 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
-------------------------

Microsoft Windows XP Home Edition (5.1.2600) Service Pack 3

A:\ [Removable] (Total:0 Mo/Free:0 Mo)
C:\ [Fixed] - FAT32 - (Total:38152 Mo/Free:1273 Mo)
N:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)

Sun 05/17/2009|17:31

----------------------\\ Processes..

--Locked-- [System Process]
---------- System
---------- \SystemRoot\System32\smss.exe
---------- \??\C:\WINDOWS\system32\csrss.exe
---------- \??\C:\WINDOWS\system32\winlogon.exe
---------- C:\WINDOWS\system32\services.exe
---------- C:\WINDOWS\system32\lsass.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\Program Files\Windows Defender\MsMpEng.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\system32\spoolsv.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\system32\cisvc.exe
---------- C:\Program Files\Java\jre6\bin\jqs.exe
---------- C:\MATLAB6p5\webserver\bin\win32\matlabserver.exe
---------- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
---------- C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
---------- c:\matlab6p5\bin\win32\matlab.exe
---------- C:\WINDOWS\Explorer.EXE
---------- c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
---------- c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
---------- C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
---------- C:\Program Files\McAfee\MPF\MPFSrv.exe
---------- C:\Program Files\McAfee\MSK\MskSrver.exe
---------- c:\PROGRA~1\mcafee.com\agent\mcagent.exe
---------- C:\WINDOWS\System32\nvsvc32.exe
---------- C:\WINDOWS\system32\tcpsvcs.exe
---------- C:\WINDOWS\System32\snmp.exe
---------- C:\WINDOWS\System32\PAStiSvc.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\SCANJET\PrecisionScanLT\hppwrsav.exe
---------- C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
---------- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
---------- C:\WINDOWS\System32\DLA\DLACTRLW.EXE
---------- C:\Program Files\QuickTime\qttask.exe
---------- C:\Program Files\Windows Defender\MSASCui.exe
---------- C:\Program Files\Java\jre6\bin\jusched.exe
---------- C:\Program Files\Netscape\Netscape\Netscp.exe
---------- C:\WINDOWS\system32\ctfmon.exe
---------- C:\Program Files\Registry Mechanic\RegMech.exe
---------- C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
---------- C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
---------- C:\WINDOWS\System32\alg.exe
---------- C:\WINDOWS\system32\cidaemon.exe
---------- C:\Program Files\MSN Messenger\msnmsgr.exe
---------- C:\Program Files\Internet Explorer\IEXPLORE.EXE
---------- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
---------- C:\WINDOWS\system32\rundll32.exe
---------- C:\WINDOWS\system32\wuauclt.exe
---------- C:\WINDOWS\system32\cmd.exe
---------- C:\Rooter$\RK.exe

----------------------\\ Search..

----------------------\\ ROOTKIT !!


----------------------\\ Cracks & Keygens..

C:\DOCUME~1\ALLUSE~1\Desktop\Online Services\TCIBackup\BACKUP\DESK\AOMdisk1\Crack\AoM.eXe
C:\DOCUME~1\ALLUSE~1\Desktop\Online Services\TCIBackup\Norton\Norton Antivirus Professional 2004\KEYGEN\KEYGEN_INSTRUCTIONS_READ_BEFORE_USE.txt
C:\DOCUME~1\ALLUSE~1\Desktop\Online Services\TCIBackup\FinePrint Enterprise v4.61\CRACK\fineprintent.exe


1 - "C:\Rooter$\Rooter_1.txt" - Sun 05/17/2009|17:33

----------------------\\ Scan completed at 17:33
------------------------

OTListIt Extras logfile created on: 5/17/2009 5:50:07 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.15.8 Folder = C:\Documents and Settings\Manuel\Desktop\newtry\morestuff
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.46 Mb Total Physical Memory | 128.40 Mb Available Physical Memory | 25.10% Memory free
770.71 Mb Paging File | 175.48 Mb Available in Paging File | 22.77% Paging File free
Paging file location(s): C:\pagefile.sys 192 384 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 1.24 Gb Free Space | 3.34% Space Free | Partition Type: FAT32
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MPH
Current User Name: Manuel
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
.js [@ = JSFile] -- C:\Program Files\Macromedia\Dreamweaver 4\Dreamweaver.exe (Macromedia, Inc.)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3587:TCP" = 3587:TCP:*:Enabled:Windows Peer-to-Peer Grouping
"3540:UDP" = 3540:UDP:*:Enabled:Peer Name Resolution Protocol (PNRP)

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"8281:TCP" = 8281:TCP:*:Disabled:webcam server
"8281:UDP" = 8281:UDP:*:Disabled:Webcam server udp
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3587:TCP" = 3587:TCP:*:Disabled:Windows Peer-to-Peer Grouping
"3540:UDP" = 3540:UDP:*:Enabled:Peer Name Resolution Protocol (PNRP)
"23580:TCP" = 23580:TCP:*:Disabled:PASV-ftp0
"23581:TCP" = 23581:TCP:*:Disabled:PASV-ftp1
"23582:TCP" = 23582:TCP:*:Disabled:PASV-ftp2
"23583:TCP" = 23583:TCP:*:Disabled:PASV-ftp3

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 (Microsoft Corporation)
C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
C:\Program Files\NetMeeting\CONF.EXE:*:Enabled:Windows® NetMeeting® (Microsoft Corporation)
C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\backWeb-7288971.exe:*:Disabled:backWeb-7288971 File not found
C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer (Microsoft Corporation)
C:\Program Files\AIM\aim.exe:*:Disabled:AOL Instant Messenger File not found
C:\Program Files\FTP Commander\Ftpcomm.exe:*:Disabled:Ftpcomm ()
C:\Program Files\Google\Google Talk\googletalk.exe:*:Disabled:Google Talk File not found
C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe:*:Disabled:Kodak Software Updater File not found
C:\Program Files\SolarWinds\2002 Standard Edition\TFTP-Server.exe:*:Disabled:SolarWinds.Net TFTP Server (SolarWinds.Net)
C:\Program Files\TrueTech\WebCam 2.2 Personal Edition\webcam.exe:*:Disabled:webcam File not found
C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Disabled:Yahoo! FT Server File not found
C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Disabled:Yahoo! Messenger File not found
C:\Program Files\Serv-U\ServUDaemon.exe:*:Disabled:ServUDaemon File not found
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 (Microsoft Corporation)
C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) (Microsoft Corporation)
C:\Program Files\Netscape\Netscape\Netscp.exe:*:Disabled:Netscape (Mozilla, Netscape)
C:\Documents and Settings\Manuel\Desktop\downloads\wcapture.exe:*:Disabled:Web cam server File not found
C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox (Mozilla Corporation)
C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent (McAfee, Inc.)
C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype (Skype Technologies S.A.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
"{10F5D9BB-E2F2-4B18-A65D-928B73D22E6F}" = USB 2.0 IrDA Bridge
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic UDF Reader
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 13
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{34C17174-BEA7-45A8-9BD0-7E5AF3639B3E}" = Kodak Memory Albums
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{43DCF766-6838-4F9A-8C91-D92DA586DFA7}" = Microsoft Windows Journal Viewer
"{44635DD7-3F85-4368-8186-6A662A03714C}" = HP_WildTangent_Games
"{49672EC2-171B-47B4-8CE7-50D7806360D7}" = Windows Live Sign-in Assistant
"{4AE3A0CB-87B0-4F51-BECD-3D1F8DFDD62F}" = Cable & Wireless USB ADSL Modem
"{571700F0-DB9D-4B3A-B03D-35A14BB5939F}" = Windows Live Messenger
"{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6DBA54A9-712B-4334-A739-50A3D2149A1E}" = Epi Info
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{77E70C3C-DBB9-4C47-8663-1E1F81FEC623}" = Logitech QuickCam
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{819EE51B-9A62-42EE-A789-F5685C80C9BE}" = D-Link DSB-C120 PC Camera
"{8A62A068-3FD6-495A-9F66-26FE94F32EC9}" = Rhapsody Player Engine
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120C0A-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Standard
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A1960A82-DB70-474D-A86B-FA74466103C6}" = Drivers Install For Linksys Easylink Advisor
"{A5BA14E0-7384-11D4-BAE7-00409631A2C8}" = Macromedia Extension Manager
"{ABDA9912-5D00-11D4-BAE7-9367CA097955}" = Macromedia Dreamweaver 4
"{AC76BA86-7AD7-1033-7B44-A71000000002}" = Adobe Reader 7.1.0
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{D085A1B6-90A4-11D3-82B7-00C04FA309DE}" = Microsoft Money 2001
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{EFCE5837-FC21-11D6-9D24-00010240CE95}" = Java 2 Runtime Environment, SE v1.4.1_02
"{F8D0829C-9C6F-11D3-8080-00C04FA329AA}" = Microsoft Works 6.0
"{FAF7F1D7-C0E7-47EA-8AAA-84E4F9EA3C94}" = Works Suite OS Pack
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT Extension to Microsoft Windows XP CD Writing Wizard
"{FF28417E-8755-4FA1-A54F-B2D18D9ABF15}" = The Sounds of EMG
"A.D.A.M. 3D Library Volume 2" = A.D.A.M. 3D Library Volume 2
"A.D.A.M. Interactive Anatomy" = A.D.A.M. Interactive Anatomy
"Adaptec UDF Reader" = Adaptec UDF Reader
"Adobe ActiveShare" = Adobe ActiveShare 1.3.1
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"CDRoller_is1" = CDRoller version 8.00
"CJRSTR_Deinstall" = BJ Printer Driver
"Corel Applications" = Corel Applications
"EasyLinkAdvisor" = Linksys EasyLink Advisor 1.6 (0032)
"eHelp" = eHelp
"ERUNT_is1" = ERUNT 1.1j
"Ethereal" = Ethereal 0.9.13a
"FMS" = FMS
"FTP Commander" = FTP Commander
"HijackThis" = HijackThis 2.0.2
"hp deskjet 960c series" = hp deskjet 960c series (Remove only)
"HP PrecisionScan LT Software" = HP PrecisionScan LT Software
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{819EE51B-9A62-42EE-A789-F5685C80C9BE}" = D-Link DSB-C120 PC Camera
"InstallShield_{FF28417E-8755-4FA1-A54F-B2D18D9ABF15}" = The Sounds of EMG
"InterActual Player" = InterActual Player
"InterVideo WinDVD" = InterVideo WinDVD
"Java Web Start" = Java Web Start
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Matlab 6.5" = MATLAB 6.5
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox (3.0.10)" = Mozilla Firefox (3.0.10)
"MSC" = McAfee SecurityCenter
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"My Photo Center" = My Photo Center
"Netscape (7.1)" = Netscape (7.1)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA" = NVIDIA Windows 2000/XP Display Drivers
"One-touch Multimedia Keyboard" = One-touch Multimedia Keyboard
"PCDoctor WINDSAPI SDK" = PC-Doctor for Windows
"PhotoFantasy 2000" = PhotoFantasy 2000
"Python 1.5 combined Win32 extensions" = Python 1.5 combined Win32 extensions
"Python 1.5.2 (final)" = Python 1.5.2 (final)
"RealPlayer 6.0" = RealPlayer
"Registry Mechanic_is1" = Registry Mechanic 8.0
"SBPCIUnInstall" = Creative PCI Audio Drivers
"Serv-U" = Serv-U
"SolarWinds TFTP Server" = SolarWinds TFTP Server
"Spyware Doctor" = Spyware Doctor 6.0
"Surfbrd" = HP Internet Center
"Tcl 8.0.5 for Windows" = Tcl 8.0.5 for Windows
"Trellix2DeinstKey9" = Trellix Web
"ViewpointMediaPlayer" = Viewpoint Media Player (Remove Only)
"Web Design For Dummies" = Web Design For Dummies
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinPcapInst" = WinPcap 3.1 beta3
"WinRAR archiver" = WinRAR archiver
"WinZip" = WinZip
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Works2001Setup" = Microsoft Works and Money 2001 Setup Launcher
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/24/2009 7:44:57 PM | Computer Name = MPH | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 4/24/2009 7:45:07 PM | Computer Name = MPH | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 4/24/2009 7:45:07 PM | Computer Name = MPH | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 4/24/2009 7:45:14 PM | Computer Name = MPH | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 4/25/2009 4:33:14 AM | Computer Name = MPH | Source = Application Hang | ID = 1002
Description = Hanging application WinDVD.exe, version 1.0.0.1, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 4/25/2009 4:53:20 AM | Computer Name = MPH | Source = matlabserver | ID = 0
Description =

Error - 4/25/2009 4:53:50 AM | Computer Name = MPH | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The server name or address could not be resolved

Error - 4/25/2009 5:25:13 AM | Computer Name = MPH | Source = matlabserver | ID = 0
Description =

Error - 4/26/2009 3:21:43 AM | Computer Name = MPH | Source = Application Hang | ID = 1002
Description = Hanging application wmplayer.exe, version 11.0.5721.5145, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/29/2009 2:35:30 AM | Computer Name = MPH | Source = matlabserver | ID = 0
Description =

[ System Events ]
Error - 5/17/2009 3:41:24 AM | Computer Name = MPH | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 5/17/2009 3:41:29 AM | Computer Name = MPH | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 5/17/2009 3:41:34 AM | Computer Name = MPH | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 5/17/2009 3:41:38 AM | Computer Name = MPH | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 5/17/2009 3:41:43 AM | Computer Name = MPH | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 5/17/2009 3:42:17 AM | Computer Name = MPH | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort1, did not respond within the timeout
period.

Error - 5/17/2009 3:42:36 AM | Computer Name = MPH | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 5/17/2009 10:11:54 AM | Computer Name = MPH | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 5/17/2009 3:22:48 PM | Computer Name = MPH | Source = Service Control Manager | ID = 7000
Description = The General Purpose USB Driver (adildr.sys) service failed to start
due to the following error: %%2

Error - 5/17/2009 3:22:48 PM | Computer Name = MPH | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1058


< End of report >
---------------------------

OTListIt logfile created on: 5/17/2009 5:50:07 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.15.8 Folder = C:\Documents and Settings\Manuel\Desktop\newtry\morestuff
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.46 Mb Total Physical Memory | 128.40 Mb Available Physical Memory | 25.10% Memory free
770.71 Mb Paging File | 175.48 Mb Available in Paging File | 22.77% Paging File free
Paging file location(s): C:\pagefile.sys 192 384 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 1.24 Gb Free Space | 3.34% Space Free | Partition Type: FAT32
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MPH
Current User Name: Manuel
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\MATLAB6p5\webserver\bin\win32\matlabserver.exe ()
PRC - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe ()
PRC - C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
PRC - c:\matlab6p5\bin\win32\matlab.exe (The MathWorks Inc.)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
PRC - c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\MSK\MskSrver.exe (McAfee, Inc.)
PRC - c:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
PRC - C:\WINDOWS\System32\nvsvc32.exe (NVIDIA Corporation)
PRC - C:\WINDOWS\system32\tcpsvcs.exe (Microsoft Corporation)
PRC - C:\WINDOWS\System32\snmp.exe (Microsoft Corporation)
PRC - C:\WINDOWS\System32\PAStiSvc.exe ()
PRC - C:\SCANJET\PrecisionScanLT\hppwrsav.exe ()
PRC - C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE (Logitech Inc.)
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\WINDOWS\System32\DLA\DLACTRLW.EXE (Sonic Solutions)
PRC - C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Netscape\Netscape\Netscp.exe (Mozilla, Netscape)
PRC - C:\Program Files\Registry Mechanic\RegMech.exe (PC Tools)
PRC - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe (Sony Corporation)
PRC - C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
PRC - C:\WINDOWS\system32\cidaemon.exe (Microsoft Corporation)
PRC - C:\Program Files\MSN Messenger\msnmsgr.exe (Microsoft Corporation)
PRC - C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe (Microsoft Corporation)
PRC - C:\Documents and Settings\Manuel\Desktop\newtry\morestuff\OTListIt2.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (Microsoft Corporation)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (Iprip [Auto | Running]) -- C:\WINDOWS\System32\iprip.dll (Microsoft Corporation)
SRV - (Irmon [Auto | Running]) -- C:\WINDOWS\System32\irmon.dll (Microsoft Corporation)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (LPDSVC [On_Demand | Stopped]) -- C:\WINDOWS\system32\tcpsvcs.exe (Microsoft Corporation)
SRV - (matlabserver [Auto | Running]) -- C:\MATLAB6p5\webserver\bin\win32\matlabserver.exe ()
SRV - (MBackMonitor [On_Demand | Stopped]) -- C:\Program Files\McAfee\MBK\MBackMonitor.exe (McAfee)
SRV - (McAfee SiteAdvisor Service [Auto | Running]) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe ()
SRV - (mcmscsvc [Auto | Running]) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SRV - (McNASvc [Auto | Running]) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
SRV - (McODS [On_Demand | Stopped]) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (McProxy [Auto | Running]) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
SRV - (McShield [Unknown | Running]) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
SRV - (McSysmon [On_Demand | Running]) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
SRV - (MpfService [Auto | Running]) -- C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
SRV - (MSK80Service [Auto | Running]) -- C:\Program Files\McAfee\MSK\MskSrver.exe (McAfee, Inc.)
SRV - (NVSvc [Auto | Running]) -- C:\WINDOWS\System32\nvsvc32.exe (NVIDIA Corporation)
SRV - (p2pgasvc [On_Demand | Stopped]) -- C:\WINDOWS\system32\p2pgasvc.dll (Microsoft Corporation)
SRV - (rpcapd [On_Demand | Stopped]) -- C:\Program Files\WinPcap\rpcapd.exe (NetGroup - Politecnico di Torino)
SRV - (sdAuxService [On_Demand | Stopped]) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe (PC Tools)
SRV - (sdCoreService [On_Demand | Stopped]) -- C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools)
SRV - (SimpTcp [Auto | Running]) -- C:\WINDOWS\system32\tcpsvcs.exe (Microsoft Corporation)
SRV - (SNMP [Auto | Running]) -- C:\WINDOWS\System32\snmp.exe (Microsoft Corporation)
SRV - (STI Simulator [Auto | Running]) -- C:\WINDOWS\System32\PAStiSvc.exe ()
SRV - (usnjsvc [On_Demand | Stopped]) -- C:\Program Files\MSN Messenger\usnsvc.exe (Microsoft Corporation)
SRV - (WinDefend [Auto | Running]) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (DLABOIOM [Auto | Running]) -- C:\WINDOWS\System32\DLA\DLABOIOM.SYS (Sonic Solutions)
DRV - (DLACDBHM [System | Running]) -- C:\WINDOWS\System32\Drivers\DLACDBHM.SYS (Sonic Solutions)
DRV - (DLADResN [Auto | Running]) -- C:\WINDOWS\System32\DLA\DLADResN.SYS (Sonic Solutions)
DRV - (DLAIFS_M [Auto | Running]) -- C:\WINDOWS\System32\DLA\DLAIFS_M.SYS (Sonic Solutions)
DRV - (DLAOPIOM [Auto | Running]) -- C:\WINDOWS\System32\DLA\DLAOPIOM.SYS (Sonic Solutions)
DRV - (DLAPoolM [Auto | Running]) -- C:\WINDOWS\System32\DLA\DLAPoolM.SYS (Sonic Solutions)
DRV - (DLARTL_N [System | Running]) -- C:\WINDOWS\System32\Drivers\DLARTL_N.SYS (Sonic Solutions)
DRV - (DLAUDFAM [Auto | Running]) -- C:\WINDOWS\System32\DLA\DLAUDFAM.SYS (Sonic Solutions)
DRV - (DLAUDF_M [Auto | Running]) -- C:\WINDOWS\System32\DLA\DLAUDF_M.SYS (Sonic Solutions)
DRV - (DRVMCDB [Boot | Running]) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS (Sonic Solutions)
DRV - (DRVNDDM [Auto | Running]) -- C:\WINDOWS\System32\Drivers\DRVNDDM.SYS (Sonic Solutions)
DRV - (elagopro [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\elagopro.sys (Gteko Ltd.)
DRV - (elaunidr [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\elaunidr.sys (Gteko Ltd.)
DRV - (es1371 [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\es1371mp.sys (Creative Technology Ltd.)
DRV - (gameenum [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\gameenum.sys (Microsoft Corporation)
DRV - (ltmodem5 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ltmdmnt.sys (LT)
DRV - (mfeavfk [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfebopk [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (mfehidk [System | Running]) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mferkdk [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\mferkdk.sys (McAfee, Inc.)
DRV - (mfesmfk [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\mfesmfk.sys (McAfee, Inc.)
DRV - (MPFP [System | Running]) -- C:\WINDOWS\System32\Drivers\Mpfp.sys (McAfee, Inc.)
DRV - (nm [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\NMnt.sys (Microsoft Corporation)
DRV - (NPF [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\npf.sys (NetGroup - Politecnico di Torino)
DRV - (nv [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (PAC207 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\pfc027.sys ()
DRV - (pcouffin [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\pcouffin.sys (VSO Software)
DRV - (PCTCore [Boot | Running]) -- C:\WINDOWS\system32\drivers\PCTCore.sys (PC Tools)
DRV - (PPSCAN [Auto | Running]) -- C:\WINDOWS\System32\drivers\ppscan.sys (Hewlett-Packard Co.)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\PxHelp20.sys (Sonic Solutions)
DRV - (QCDonner [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\LVCD.sys (Logitech Inc.)
DRV - (rtl8139 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\RTL8139.SYS (Realtek Semiconductor Corporation)
DRV - (SASDIFSV [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASENUM [On_Demand | Running]) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (STIrUsb [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\irstusb.sys (SigmaTel, Inc.)
DRV - (Tcpip6 [System | Running]) -- C:\WINDOWS\system32\DRIVERS\tcpip6.sys (Microsoft Corporation)
DRV - (tmcomm [Auto | Running]) -- C:\WINDOWS\system32\drivers\tmcomm.sys (Trend Micro Inc.)
DRV - (usbaudio [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (XIRLINK [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\C-itnt.sys (Xirlink, Inc)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_02.src"
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}:6.0.02
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}:6.0.03
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}:6.0.05
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:2.8
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.10

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\PROGRAM FILES\MCAFEE\SITEADVISOR [2009/04/20 01:38:16 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2007/06/30 23:22:58 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2007/06/30 23:22:58 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape 7.1\Extensions\\Components: C:\PROGRAM FILES\NETSCAPE\NETSCAPE\COMPONENTS [2004/07/19 01:47:34 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape 7.1\Extensions\\Plugins: C:\PROGRAM FILES\NETSCAPE\NETSCAPE\PLUGINS [2004/07/19 01:47:10 | 00,000,000 | ---D | M]

[2008/09/01 17:10:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Manuel\Application Data\mozilla\Extensions
[2008/09/01 17:10:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Manuel\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2007/06/30 23:25:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Manuel\Application Data\mozilla\Firefox\Profiles\zv80ryo1.default\extensions
[2007/06/30 23:22:58 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2007/06/30 23:23:02 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2007/09/07 13:47:06 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
[2007/11/10 15:39:30 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
[2008/03/07 15:09:44 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
[2008/09/07 12:40:50 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2008/12/07 13:45:46 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009/04/17 17:55:22 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/04/29 00:29:46 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/04/29 00:29:46 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/03/08 21:42:44 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/03/08 21:42:44 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/03/08 21:42:44 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/03/08 21:42:44 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/03/08 21:42:44 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/03/08 21:42:44 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/03/08 21:42:44 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (23 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll File not found
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - Reg Error: Key error. File not found
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
O4 - HKLM..\Run: [Disk Knight] C:\WINDOWS\Knight.exe File not found
O4 - HKLM..\Run: [DLA] "C:\WINDOWS\System32\DLA\DLACTRLW.EXE" (Sonic Solutions)
O4 - HKLM..\Run: [hppwrsav] "C:\SCANJET\PrecisionScanLT\hppwrsav.exe" ()
O4 - HKLM..\Run: [LVCOMS] "C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE" (Logitech Inc.)
O4 - HKLM..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey (McAfee, Inc.)
O4 - HKLM..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide (McAfee, Inc.)
O4 - HKLM..\Run: [Microsoft Works Portfolio] "C:\Program Files\Microsoft Works\WksSb.exe" /AllUsers (Microsoft® Corporation)
O4 - HKLM..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\System32\NvCpl.dll,NvStartup (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] "nwiz.exe" /install File not found
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SystemTray] "SysTray.Exe" (Microsoft Corporation)
O4 - HKLM..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide (Microsoft Corporation)
O4 - HKCU..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup (Linksys, a Division of Cisco Systems, Inc.)
O4 - HKCU..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe File not found
O4 - HKCU..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo (Mozilla, Netscape)
O4 - HKCU..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H (PC Tools)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\Manuel\Start Menu\Programs\Startup\Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe (Sony Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = [binary data]
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000 (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [PNRP Cloud Namespace Provider] - C:\WINDOWS\system32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [PNRP Name Namespace Provider] - C:\WINDOWS\system32\pnrpnsp.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 93 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} http://housecall60.t...all/xscan60.cab (HouseCall Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} http://housecall65.t...ivex/hcImpl.cab (Trend Micro ActiveX Scan Agent 6.6)
O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} http://codecs.micros...386/wmv9dmo.cab (Reg Error: Key error.)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.syma...n/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1136528495340 (MUWebControl Class)
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} http://eu-housecall....ivex/hcImpl.cab (Housecall ActiveX 6.5)
O16 - DPF: {869F3BBC-A812-4D13-A93B-7B3FC816DCD5} http://download.mcaf...can/mcasupd.cab (McAfee.com Updater)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupd...8185.8762152778 (Reg Error: Key error.)
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} http://us.dl1.yimg.c...utocomplete.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\SYSTEM\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Interfaces\{0321EDF9-6FA2-47ED-B030-A5DDEED129C5}\\Domain = home.net
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Interfaces\{0321EDF9-6FA2-47ED-B030-A5DDEED129C5}\\NameServer = 200.46.127.6
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Interfaces\{6FEA8ADB-5954-49A7-9E80-07217CB256CE}\\Domain = home.net
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Interfaces\{6FEA8ADB-5954-49A7-9E80-07217CB256CE}\\NameServer = 200.75.200.2,200.75.200.3
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter: - text/webviewhtml - Reg Error: Key error. File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O30 - LSA: Authentication Packages - (OWS\s) - File not found
O30 - LSA: Security Packages - (ecurity) - File not found
O30 - LSA: Security Packages - (Packages) - File not found
O30 - LSA: Security Packages - (settings...) - File not found
O30 - LSA: Security Packages - (gs) - File not found
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/07/17 21:45:46 | 00,000,194 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2004/07/17 21:45:46 | 00,000,194 | -HS- | M] () - C:\AUTOEXEC.BAK -- [ FAT32 ]
O33 - MountPoints2\{ca9536f0-df0c-11db-8a35-00e0182b3fb4}\Shell\Auto\command - "" = AdobeR.exe e
O33 - MountPoints2\{ca9536f0-df0c-11db-8a35-00e0182b3fb4}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e4891fd0-eafb-11dd-98b3-00e0182b3fb4}\Shell\AutoRun\command - "" = D:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe -- File not found
O33 - MountPoints2\{e4891fd0-eafb-11dd-98b3-00e0182b3fb4}\Shell\open\command - "" = D:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - * [2009/04/21 18:13:38 | 00,000,000 | ---D | M]

========== Files/Folders - Created Within 30 Days ==========

[11 C:\WINDOWS\*.tmp files]
[2009/05/17 14:16:44 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/05/10 22:39:16 | 00,038,400 | ---- | C] () -- C:\DOCUME~1\MANUEL\Desktop\historia-aleman.doc
[2009/05/06 16:18:54 | 01,222,128 | ---- | C] (McAfee, Inc.) -- C:\DOCUME~1\MANUEL\Desktop\DMSetup.exe
[2009/05/04 00:14:30 | 00,028,160 | ---- | C] () -- C:\DOCUME~1\MANUEL\Desktop\kent place.doc
[2009/04/29 01:45:30 | 00,125,772 | ---- | C] () -- C:\DOCUME~1\MANUEL\Desktop\bptable1.pdf
[2009/04/29 01:12:25 | 00,036,352 | ---- | C] () -- C:\DOCUME~1\MANUEL\Desktop\Historia Clínica de Estudiante de Medicina.doc
[2009/04/26 14:41:19 | 08,414,720 | ---- | C] () -- C:\DOCUME~1\MANUEL\Desktop\French_Revolution_2.ppt
[2009/04/24 01:20:48 | 00,017,535 | ---- | C] () -- C:\DOCUME~1\MANUEL\Desktop\Preguntas del Segundo Parcial de Ortopedia.docx
[2009/04/24 01:20:17 | 00,062,464 | ---- | C] () -- C:\DOCUME~1\MANUEL\Desktop\Preguntas del Segundo Parcial de Ortopedia.doc
[2009/04/21 18:20:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Manuel\Application Data\Malwarebytes
[2009/04/21 18:20:41 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/04/21 18:20:41 | 00,000,611 | ---- | C] () -- C:\DOCUME~1\ALLUSE~1\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/04/21 18:20:37 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/04/21 18:20:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/04/21 18:20:32 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/04/21 18:19:57 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/04/21 18:19:18 | 00,000,526 | ---- | C] () -- C:\DOCUME~1\MANUEL\Desktop\NTREGOPT.lnk
[2009/04/21 18:19:16 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/04/21 17:42:30 | 00,000,000 | ---D | C] -- C:\DOCUME~1\MANUEL\Desktop\newtry
[2009/04/21 16:54:51 | 53,637,9392 | -HS- | C] () -- C:\hiberfil.sys
[2009/04/20 16:47:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2009/04/20 16:46:48 | 00,000,695 | ---- | C] () -- C:\DOCUME~1\ALLUSE~1\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/04/20 16:46:45 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2009/04/20 16:46:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Manuel\Application Data\SUPERAntiSpyware.com
[2009/04/20 16:43:48 | 00,000,000 | ---D | C] -- C:\DOCUME~1\MANUEL\Desktop\virus
[2009/04/20 16:19:54 | 00,159,600 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2009/04/20 16:19:33 | 00,130,936 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2009/04/20 16:19:33 | 00,073,840 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2009/04/20 16:19:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/04/20 16:19:05 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2009/04/20 16:19:04 | 00,064,392 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2009/04/20 16:18:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Manuel\Application Data\PC Tools
[2009/04/20 16:18:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2009/04/20 16:18:48 | 00,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2009/04/20 16:18:41 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\STKIT432.DLL
[2009/04/20 16:18:36 | 00,000,000 | ---D | C] -- C:\Program Files\Registry Mechanic
[2009/04/20 01:43:27 | 00,011,435 | ---- | C] () -- C:\WINDOWS\System32\Config.MPF
[2009/04/20 01:42:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
[2009/04/20 01:41:36 | 00,000,000 | ---D | C] -- C:\Program Files\SiteAdvisor
[2009/04/20 01:31:27 | 00,040,552 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfesmfk.sys
[2009/04/20 01:31:26 | 00,035,272 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfebopk.sys
[2009/04/20 01:31:25 | 00,079,880 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeavfk.sys
[2009/04/20 01:31:16 | 00,120,136 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\Mpfp.sys
[2009/04/20 01:30:27 | 00,000,358 | ---- | C] () -- C:\WINDOWS\tasks\McDefragTask.job
[2009/04/20 01:30:25 | 00,000,334 | ---- | C] () -- C:\WINDOWS\tasks\McQcTask.job
[2009/04/20 01:29:38 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\McAfee
[2009/04/20 01:29:33 | 00,000,000 | ---D | C] -- C:\Program Files\McAfee.com
[2009/04/20 01:28:42 | 00,000,000 | ---D | C] -- C:\Program Files\McAfee
[2009/04/20 01:26:39 | 00,034,216 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mferkdk.sys
[2009/04/20 01:09:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2009/04/18 10:31:01 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/04/17 17:58:21 | 00,000,000 | ---D | C] -- C:\Program Files\Webroot
[2007/02/28 18:47:48 | 00,000,264 | ---- | C] () -- C:\WINDOWS\_delis32.ini
[2007/01/13 19:26:50 | 00,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2006/09/05 23:08:16 | 00,006,280 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/03/17 22:38:42 | 00,000,016 | ---- | C] () -- C:\WINDOWS\ADAMGO.INI
[2005/12/12 21:00:39 | 00,000,039 | ---- | C] () -- C:\WINDOWS\VTWAIN.INI
[2005/12/12 20:59:27 | 00,000,177 | ---- | C] () -- C:\WINDOWS\ppdrv.ini
[2005/12/12 20:53:58 | 00,306,688 | ---- | C] () -- C:\WINDOWS\System32\Lffpx7.dll
[2005/12/12 20:53:58 | 00,095,232 | ---- | C] () -- C:\WINDOWS\System32\Lfkodak.dll
[2005/12/12 20:53:57 | 00,208,896 | ---- | C] () -- C:\WINDOWS\hpud32.dll
[2005/12/12 20:53:57 | 00,000,038 | ---- | C] () -- C:\WINDOWS\hpudrv.ini
[2005/12/12 20:53:56 | 00,123,424 | ---- | C] () -- C:\WINDOWS\p1220_32.dll
[2005/12/12 18:12:45 | 00,000,021 | ---- | C] () -- C:\WINDOWS\Pf_setup.ini
[2005/12/12 18:09:46 | 00,100,864 | ---- | C] () -- C:\WINDOWS\System32\Dc50ip32.dll
[2005/12/12 18:09:46 | 00,065,864 | ---- | C] () -- C:\WINDOWS\System32\Digita.sys
[2005/12/12 18:09:45 | 00,007,808 | ---- | C] () -- C:\WINDOWS\System32\dc240u.sys
[2005/12/12 18:09:41 | 00,153,088 | ---- | C] () -- C:\WINDOWS\System32\SoyWeb.dll
[2005/12/12 18:09:41 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\ImgLibLead.dll
[2005/12/12 18:05:50 | 00,108,032 | ---- | C] () -- C:\WINDOWS\System32\sh33w32.dll
[2005/10/04 16:46:41 | 00,000,170 | ---- | C] () -- C:\WINDOWS\GetServer.ini
[2005/08/12 16:57:09 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005/05/27 14:57:16 | 00,162,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\PFC027.sys
[2005/05/03 11:44:44 | 00,025,157 | ---- | C] () -- C:\WINDOWS\RMAgentOutput.dll
[2005/05/03 11:43:44 | 00,126,976 | ---- | C] () -- C:\WINDOWS\dllTSCLIBMT.dll
[2005/03/03 16:16:42 | 00,000,256 | ---- | C] () -- C:\WINDOWS\aucfg.ini
[2005/01/25 15:15:42 | 00,010,240 | R--- | C] () -- C:\WINDOWS\System32\PA207USD.DLL
[2004/11/11 21:48:55 | 00,000,156 | ---- | C] () -- C:\WINDOWS\matlab.ini
[2004/11/10 19:59:34 | 00,148,992 | ---- | C] () -- C:\WINDOWS\System32\mllink5.dll
[2004/11/10 19:59:34 | 00,000,019 | ---- | C] () -- C:\WINDOWS\exlink.ini
[2004/10/01 17:33:46 | 00,000,679 | ---- | C] () -- C:\WINDOWS\TSC.ini
[2004/09/03 01:11:20 | 00,000,171 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004/08/13 18:24:57 | 03,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll
[2004/07/17 22:44:45 | 00,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2004/07/17 22:26:29 | 00,000,472 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/07/17 22:24:36 | 00,012,783 | ---- | C] () -- C:\WINDOWS\IOS.INI
[2004/07/17 22:24:36 | 00,003,370 | ---- | C] () -- C:\WINDOWS\Hpmmkbd.ini
[2004/07/17 22:24:36 | 00,001,754 | ---- | C] () -- C:\WINDOWS\PSTUDIO.INI
[2004/07/17 22:24:36 | 00,000,825 | ---- | C] () -- C:\WINDOWS\MRUN32.INI
[2004/07/17 22:24:36 | 00,000,787 | ---- | C] () -- C:\WINDOWS\SCANREG.INI
[2004/07/17 22:24:36 | 00,000,520 | ---- | C] () -- C:\WINDOWS\PHOTOPRN.INI
[2004/07/17 22:24:36 | 00,000,486 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/07/17 22:24:36 | 00,000,440 | ---- | C] () -- C:\WINDOWS\FANTASY2.INI
[2004/07/17 22:24:36 | 00,000,303 | ---- | C] () -- C:\WINDOWS\SMSI.INI
[2004/07/17 22:24:36 | 00,000,285 | ---- | C] () -- C:\WINDOWS\Mmkeybd.ini
[2004/07/17 22:24:36 | 00,000,226 | ---- | C] () -- C:\WINDOWS\MSIOSD.INI
[2004/07/17 22:24:36 | 00,000,225 | ---- | C] () -- C:\WINDOWS\TELEPHON.INI
[2004/07/17 22:24:36 | 00,000,060 | ---- | C] () -- C:\WINDOWS\POWERPNT.INI
[2004/07/17 22:24:36 | 00,000,047 | ---- | C] () -- C:\WINDOWS\WARHEAD.INI
[2004/07/17 22:24:36 | 00,000,030 | ---- | C] () -- C:\WINDOWS\MAIN.INI
[2004/07/17 22:24:36 | 00,000,028 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2004/07/17 22:24:36 | 00,000,026 | ---- | C] () -- C:\WINDOWS\MSOFFICE.INI
[2004/07/17 22:24:36 | 00,000,000 | ---- | C] () -- C:\WINDOWS\PROGMAN.INI
[2004/07/17 22:24:35 | 00,007,885 | ---- | C] () -- C:\WINDOWS\NETDET.INI
[2004/07/17 22:24:35 | 00,005,068 | ---- | C] () -- C:\WINDOWS\DELETEFI.INI
[2004/07/17 22:24:35 | 00,003,598 | ---- | C] () -- C:\WINDOWS\HTMLHELP.INI
[2004/07/17 22:24:35 | 00,000,054 | ---- | C] () -- C:\WINDOWS\WAVEMIX.INI
[2004/07/17 22:00:27 | 00,001,904 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/07/17 22:00:00 | 00,000,634 | ---- | C] () -- C:\WINDOWS\system.ini
[2004/01/15 07:01:26 | 00,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2002/12/10 00:00:00 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[2002/12/10 00:00:00 | 00,032,768 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL
[2002/07/04 15:05:34 | 00,000,269 | ---- | C] () -- C:\WINDOWS\tmupdate.ini
[2002/06/26 15:40:02 | 00,000,542 | ---- | C] () -- C:\WINDOWS\openrda.ini
[2001/12/14 13:34:46 | 00,164,864 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[2000/09/08 17:53:50 | 00,073,839 | ---- | C] () -- C:\WINDOWS\System32\KodakOneTouch.dll
[2000/06/06 16:21:34 | 00,057,344 | ---- | C] () -- C:\WINDOWS\System32\icmfilter.dll
[1999/07/23 13:46:48 | 00,000,116 | ---- | C] () -- C:\WINDOWS\AuHCcup1.ini
[1999/07/23 10:53:20 | 00,129,536 | ---- | C] () -- C:\WINDOWS\AuHCcup1.dll
[1999/01/11 18:26:00 | 00,059,392 | ---- | C] ( ) -- C:\WINDOWS\System32\A3D.DLL
[1997/07/17 12:53:08 | 00,804,864 | ---- | C] () -- C:\WINDOWS\System32\Ter32.DLL
[1980/01/01 00:00:00 | 00,249,921 | ---- | C] () -- C:\WINDOWS\System32\PythonCOM15.dll
[1980/01/01 00:00:00 | 00,157,032 | ---- | C] () -- C:\WINDOWS\System32\TwnPRO20.dll
[1980/01/01 00:00:00 | 00,119,808 | ---- | C] () -- C:\WINDOWS\System32\MDMDVDIF.DLL
[1980/01/01 00:00:00 | 00,114,688 | ---- | C] () -- C:\WINDOWS\System32\PCDRJNI.DLL
[1980/01/01 00:00:00 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes15.dll
[1980/01/01 00:00:00 | 00,057,856 | ---- | C] () -- C:\WINDOWS\System32\TlxDlgUtil.dll
[1980/01/01 00:00:00 | 00,057,344 | ---- | C] () -- C:\WINDOWS\System32\MSIKBDSP.DLL
[1980/01/01 00:00:00 | 00,057,344 | ---- | C] () -- C:\WINDOWS\System32\MSIKBDMX.DLL
[1980/01/01 00:00:00 | 00,057,344 | ---- | C] () -- C:\WINDOWS\System32\MSIKBDFR.DLL
[1980/01/01 00:00:00 | 00,057,344 | ---- | C] () -- C:\WINDOWS\System32\MSIKBDFC.DLL
[1980/01/01 00:00:00 | 00,057,344 | ---- | C] () -- C:\WINDOWS\System32\MSIKBDCT.DLL
[1980/01/01 00:00:00 | 00,057,344 | ---- | C] () -- C:\WINDOWS\System32\MSIHRNSP.DLL
[1980/01/01 00:00:00 | 00,057,344 | ---- | C] () -- C:\WINDOWS\System32\MSIHRNMX.DLL
[1980/01/01 00:00:00 | 00,057,344 | ---- | C] () -- C:\WINDOWS\System32\MSIHRNFR.DLL
[1980/01/01 00:00:00 | 00,057,344 | ---- | C] () -- C:\WINDOWS\System32\MSIHRNFC.DLL
[1980/01/01 00:00:00 | 00,057,344 | ---- | C] () -- C:\WINDOWS\System32\MSIHRNCT.DLL
[1980/01/01 00:00:00 | 00,049,152 | ---- | C] () -- C:\WINDOWS\System32\RDBIOS32.DLL
[1980/01/01 00:00:00 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\QUICK.DLL
[1980/01/01 00:00:00 | 00,032,768 | ---- | C] () -- C:\WINDOWS\System32\URMCFG32.DLL
[1980/01/01 00:00:00 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\MSIOSD32.DLL
[1980/01/01 00:00:00 | 00,026,624 | ---- | C] () -- C:\WINDOWS\System32\I81X329X.DLL
[1980/01/01 00:00:00 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\URMCLN32.DLL
[1980/01/01 00:00:00 | 00,016,896 | ---- | C] () -- C:\WINDOWS\System32\BCBMM.DLL
[1980/01/01 00:00:00 | 00,007,680 | ---- | C] () -- C:\WINDOWS\System32\IGFXDGPS.DLL
[1980/01/01 00:00:00 | 00,005,120 | ---- | C] () -- C:\WINDOWS\System32\HpSocEx.dll
[1980/01/01 00:00:00 | 00,001,646 | ---- | C] () -- C:\WINDOWS\MSDOS.SYS

========== Files - Modified Within 30 Days ==========

[11 C:\WINDOWS\*.tmp files]
[2009/05/17 17:18:02 | 00,000,390 | ---- | M] () -- C:\WINDOWS\tasks\PCHealth Scheduler for Data Collection.job
[2009/05/17 14:25:38 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009/05/17 14:25:34 | 00,011,435 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2009/05/17 14:25:26 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/05/17 14:25:06 | 00,000,039 | ---- | M] () -- C:\WINDOWS\VTWAIN.INI
[2009/05/17 14:22:10 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\Manuel\Local Settings\desktop.ini
[2009/05/17 14:22:04 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/05/17 14:21:58 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/05/17 14:21:56 | 53,637,9392 | -HS- | M] () -- C:\hiberfil.sys
[2009/05/17 09:32:04 | 00,002,257 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1\Desktop\Skype.lnk
[2009/05/15 18:17:40 | 00,001,744 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/05/14 23:27:04 | 00,006,280 | ---- | M] () -- C:\WINDOWS\cdplayer.ini
[2009/05/12 23:46:18 | 00,038,400 | ---- | M] () -- C:\DOCUME~1\MANUEL\Desktop\historia-aleman.doc
[2009/05/12 18:38:54 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/05/07 02:16:30 | 24,699,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/05/06 23:00:02 | 00,000,502 | ---- | M] () -- C:\WINDOWS\tasks\Tune-up Application Start.job
[2009/05/06 16:48:28 | 00,203,776 | -HS- | M] () -- C:\DOCUME~1\MANUEL\Desktop\Thumbs.db
[2009/05/06 16:19:04 | 01,222,128 | ---- | M] (McAfee, Inc.) -- C:\DOCUME~1\MANUEL\Desktop\DMSetup.exe
[2009/05/04 00:26:50 | 00,028,160 | ---- | M] () -- C:\DOCUME~1\MANUEL\Desktop\kent place.doc
[2009/04/29 21:58:50 | 00,036,352 | ---- | M] () -- C:\DOCUME~1\MANUEL\Desktop\Historia Clínica de Estudiante de Medicina.doc
[2009/04/29 01:45:32 | 00,125,772 | ---- | M] () -- C:\DOCUME~1\MANUEL\Desktop\bptable1.pdf
[2009/04/26 14:42:28 | 08,414,720 | ---- | M] () -- C:\DOCUME~1\MANUEL\Desktop\French_Revolution_2.ppt
[2009/04/25 04:00:34 | 00,001,632 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2009/04/25 03:57:18 | 00,000,268 | -H-- | M] () -- C:\sqmdata06.sqm
[2009/04/25 03:57:18 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2009/04/24 01:20:48 | 00,017,535 | ---- | M] () -- C:\DOCUME~1\MANUEL\Desktop\Preguntas del Segundo Parcial de Ortopedia.docx
[2009/04/24 01:20:20 | 00,062,464 | ---- | M] () -- C:\DOCUME~1\MANUEL\Desktop\Preguntas del Segundo Parcial de Ortopedia.doc
[2009/04/21 18:20:42 | 00,000,611 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/04/21 18:19:20 | 00,000,526 | ---- | M] () -- C:\DOCUME~1\MANUEL\Desktop\NTREGOPT.lnk
[2009/04/20 16:46:50 | 00,000,695 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/04/20 01:30:28 | 00,000,358 | ---- | M] () -- C:\WINDOWS\tasks\McDefragTask.job
[2009/04/20 01:30:28 | 00,000,334 | ---- | M] () -- C:\WINDOWS\tasks\McQcTask.job
[2009/04/17 18:00:54 | 00,001,904 | ---- | M] () -- C:\WINDOWS\win.ini

========== Purity Check ==========

< End of report >
  • 0

Advertisements

#2
Egwene
Posted 24 May 2009 - 03:01 AM

Egwene

    Member 2k

  • Visiting Consultant
  • 2,141 posts
Hello and welcome to Geeks to go !

Please download DDS and save it to your desktop.
  • Disable any script blocking protection
  • Double click dds.scr to run the tool.
  • When done, DDS.txt will open.
  • Click Yes at the next prompt for Optional Scan.
  • Save both reports to your desktop.
---------------------------------------------------

Please include the contents of the following in your next reply:

DDS.txt
Attach.txt.

========
Download the GMER Rootkit Scanner. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised!

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.
  • Click NO
  • In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is un-checked.
  • Now click the Scan button.
    Once the scan is complete, you may receive another notice about rootkit activity.
  • Click OK.
  • GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt"
  • Save it where you can easily find it, such as your desktop.
Please attach the contents of GMER.txt in your next reply.

To attach a file, do the following:
  • Click Add Reply
  • Under the reply panel is the Attachments Panel
  • Browse for the attachment file you want to upload, then click the green Upload button
  • Once it has uploaded, click the Manage Current Attachments drop down box
  • Click on Posted Image to insert the attachment into your post

Regards,
Egwene.
  • 0

#3
mphmd
Posted 24 May 2009 - 03:13 PM

mphmd

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Hi,

I'm including the log files from DDS and GMER that you requested.
When running GMER, however, the following error appeared:
"c:\WINDOWS\system32\config\system: The process cannot access the file because it is being used by another process"

Thank you very much in advance for your help with this problem.

Regards


Attached File  DDS.txt   13.99KB   119 downloadsAttached File  Attach.zip   3.58KB   162 downloadsAttached File  GMERtxt.zip   5.26KB   120 downloads
  • 0

#4
Egwene
Posted 25 May 2009 - 09:44 AM

Egwene

    Member 2k

  • Visiting Consultant
  • 2,141 posts
Hello,

At first glance, i found nothing really bad in your logs.

C:\DOCUME~1\ALLUSE~1\Desktop\Online Services\TCIBackup\BACKUP\DESK\AOMdisk1\Crack\AoM.eXe
C:\DOCUME~1\ALLUSE~1\Desktop\Online Services\TCIBackup\Norton\Norton Antivirus Professional 2004\KEYGEN\KEYGEN_INSTRUCTIONS_READ_BEFORE_USE.txt
C:\DOCUME~1\ALLUSE~1\Desktop\Online Services\TCIBackup\FinePrint Enterprise v4.61\CRACK\fineprintent.exe


You have at least one peer-to-peer softwares on your computer.
Even if you are using a so called "safe" program,it's only the program that's safe.
You will be sharing files from uncertified sources,and these are often infected.

1) Run MBAM :

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

2) Run Kaspersky Online :

Please do an online scan with Kaspersky WebScanner

Make sure you are using Internet Explorer for this. Click on Kaspersky Online Scanner and click Accept

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

Regards,
Egwene.

Edited by Egwene, 25 May 2009 - 09:44 AM.

  • 0

#5
Egwene
Posted 02 June 2009 - 04:00 AM

Egwene

    Member 2k

  • Visiting Consultant
  • 2,141 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP