Internet explorer windows

View previous topic View next topic Go down

Internet explorer windows

Post by vitrola on Tue Oct 19, 2010 4:44 pm

Hi

I'm having problems with internet explorer windows. For example some windows suddenly dissapears (close) by themself or some of them appears partially after a time (the browser top line and another line, and the rest is missed). Like cut.

I passed Malwarebytes, Avira and Spybot but no infections were detected.
Could you help me?

Cheers
Sebastian

vitrola
Novice
Novice

Posts Posts : 32
Joined Joined : 2010-07-17
OS OS : windows XP professional version 2002
Points Points : 23792
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Internet explorer windows

Post by Belahzur on Tue Oct 19, 2010 7:19 pm

Hello.

Download [You must be registered and logged in to see this link.] by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Internet explorer windows

Post by vitrola on Wed Oct 20, 2010 12:53 am

Hello
Here is OTL.txt:
OTL logfile created on: 20/10/2010 01:45:34 a.m. - Run 1
OTL by OldTimer - Version 3.2.16.0 Folder = C:\Archivos de programa
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00002C0A | Country: Argentina | Language: ESS | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 66,00% Memory free
5,00 Gb Paging File | 4,00 Gb Available in Paging File | 82,00% Paging File free
Paging file location(s): C:\pagefile.sys 3055 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Archivos de programa
Drive C: | 232,88 Gb Total Space | 42,81 Gb Free Space | 18,38% Space Free | Partition Type: NTFS

Computer Name: COMMODORE | User Name: yo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/10/20 01:04:21 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Archivos de programa\OTL.exe
PRC - [2010/05/20 17:19:16 | 000,088,176 | ---- | M] (McAfee, Inc.) -- c:\Archivos de programa\McAfee\SiteAdvisor\McSACore.exe
PRC - [2009/07/21 12:34:33 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Archivos de programa\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/07/15 12:48:57 | 000,288,048 | ---- | M] (BitTorrent, Inc.) -- C:\Archivos de programa\uTorrent\uTorrent.exe
PRC - [2009/05/13 14:48:22 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Archivos de programa\Avira\AntiVir Desktop\sched.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | ---- | M] (Safer-Networking Ltd.) -- C:\Archivos de programa\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/03/02 11:08:47 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Archivos de programa\Avira\AntiVir Desktop\avgnt.exe
PRC - [2009/01/01 23:48:27 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Archivos de programa\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2008/04/14 06:48:58 | 001,036,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2003/06/19 22:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7DEBUG\MDM.EXE
PRC - [2001/08/24 07:00:00 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\sndvol32.exe


========== Modules (SafeList) ==========

MOD - [2010/10/20 01:04:21 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Archivos de programa\OTL.exe
MOD - [2010/08/23 13:12:00 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2008/04/14 06:47:12 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/05/20 17:19:16 | 000,088,176 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Archivos de programa\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2009/07/21 12:34:33 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Archivos de programa\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/05/13 14:48:22 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Archivos de programa\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2003/07/28 19:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Archivos de programa\Archivos comunes\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2003/06/19 22:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM)


========== Driver Services (SafeList) ==========

DRV - File not found [File_System | Boot | Stopped] -- C:\WINDOWS\System32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2010/08/03 12:49:02 | 000,016,608 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\gdrv.sys -- (gdrv)
DRV - [2010/01/25 19:00:36 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/05/11 08:12:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/03/30 08:33:07 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2009/02/13 10:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Archivos de programa\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008/04/13 23:15:14 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) Controlador de audio USB (WDM)
DRV - [2008/04/13 21:06:06 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/02/14 06:04:06 | 004,676,096 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/01/03 11:10:16 | 000,105,856 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2007/08/24 00:22:56 | 005,776,928 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKLM\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Archivos de programa\Winamp Toolbar\winamptb.dll (AOL LLC.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Archivos de programa\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Archivos de programa\Winamp Toolbar\winamptb.dll (AOL LLC.)
IE - HKCU\..\URLSearchHook: {c2ed826e-8903-4a9d-b0df-3a8fb8ea918a} - C:\Archivos de programa\Softonic_ES\tbSof1.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Archivos de programa\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Secure Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Mininova-Vuze Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query="
FF - prefs.js..browser.search.selectedEngine: "Secure Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.gooofullsearch.com/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.2
FF - prefs.js..extensions.enabledItems: {0b38152b-1b20-484d-a11f-5e04a9b0661f}:5.6.12.1
FF - prefs.js..keyword.URL: "http://ar.search.yahoo.com/search?fr=mcafee&p="


FF - HKLM\software\mozilla\Firefox\extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Archivos de programa\McAfee\SiteAdvisor [2010/10/13 17:03:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Archivos de programa\Mozilla Firefox\components [2010/10/06 14:45:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Archivos de programa\Mozilla Firefox\plugins [2010/10/07 16:07:03 | 000,000,000 | ---D | M]

[2009/01/17 18:09:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\yo\Datos de programa\Mozilla\Extensions
[2010/10/15 11:57:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\yo\Datos de programa\Mozilla\Firefox\Profiles\pnydudbk.default\extensions
[2010/07/16 18:45:51 | 000,000,000 | ---D | M] (Winamp Toolbar) -- C:\Documents and Settings\yo\Datos de programa\Mozilla\Firefox\Profiles\pnydudbk.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
[2010/06/20 03:09:47 | 000,000,000 | ---D | M] (Free software Gooofull toolbar) -- C:\Documents and Settings\yo\Datos de programa\Mozilla\Firefox\Profiles\pnydudbk.default\extensions\{181F4BBC-2453-40D2-B42C-3135E3B07C7B}
[2010/02/04 15:52:54 | 000,000,000 | ---D | M] (Softonic ES Toolbar) -- C:\Documents and Settings\yo\Datos de programa\Mozilla\Firefox\Profiles\pnydudbk.default\extensions\{c2ed826e-8903-4a9d-b0df-3a8fb8ea918a}
[2010/10/06 14:46:59 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\yo\Datos de programa\Mozilla\Firefox\Profiles\pnydudbk.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/09/21 17:54:38 | 000,000,888 | ---- | M] () -- C:\Documents and Settings\yo\Datos de programa\Mozilla\Firefox\Profiles\pnydudbk.default\searchplugins\conduit.xml
[2010/07/17 19:16:24 | 000,001,196 | ---- | M] () -- C:\Documents and Settings\yo\Datos de programa\Mozilla\Firefox\Profiles\pnydudbk.default\searchplugins\winamp-search.xml
[2010/10/15 11:57:32 | 000,000,000 | ---D | M] -- C:\Archivos de programa\Mozilla Firefox\extensions
[2009/04/28 15:41:20 | 000,000,000 | ---D | M] (shARES Toolbar) -- C:\Archivos de programa\Mozilla Firefox\extensions\{9c905b42-976e-43c1-bc30-fc5937017909}
[2010/07/30 02:12:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Archivos de programa\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/07/30 02:11:55 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Archivos de programa\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/05/25 13:09:48 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Archivos de programa\Mozilla Firefox\plugins\npwachk.dll
[2010/09/14 18:13:13 | 000,003,996 | ---- | M] () -- C:\Archivos de programa\Mozilla Firefox\searchplugins\drae.xml
[2010/09/14 18:13:13 | 000,000,751 | ---- | M] () -- C:\Archivos de programa\Mozilla Firefox\searchplugins\eBay-es.xml
[2010/06/20 03:09:49 | 000,001,836 | ---- | M] () -- C:\Archivos de programa\Mozilla Firefox\searchplugins\Goofullsearch.xml
[2010/10/06 14:42:27 | 000,002,027 | ---- | M] () -- C:\Archivos de programa\Mozilla Firefox\searchplugins\McSiteAdvisor.xml
[2010/09/14 18:13:13 | 000,001,178 | ---- | M] () -- C:\Archivos de programa\Mozilla Firefox\searchplugins\wikipedia-es.xml
[2010/09/14 18:13:13 | 000,001,102 | ---- | M] () -- C:\Archivos de programa\Mozilla Firefox\searchplugins\yahoo-es.xml

O1 HOSTS File: ([2010/08/24 03:29:49 | 000,416,119 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 14388 more lines...
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Archivos de programa\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (AC-Pro) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Archivos de programa\AutocompletePro\AutocompletePro.dll (SimplyGen)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Archivos de programa\Archivos comunes\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Archivos de programa\Winamp Toolbar\winamptb.dll (AOL LLC.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Archivos de programa\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Archivos de programa\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Archivos de programa\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Archivos de programa\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Softonic ES Toolbar) - {c2ed826e-8903-4a9d-b0df-3a8fb8ea918a} - C:\Archivos de programa\Softonic_ES\tbSof1.dll (Conduit Ltd.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Archivos de programa\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Archivos de programa\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Softonic ES Toolbar) - {c2ed826e-8903-4a9d-b0df-3a8fb8ea918a} - C:\Archivos de programa\Softonic_ES\tbSof1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Archivos de programa\Winamp Toolbar\winamptb.dll (AOL LLC.)
O3 - HKLM\..\Toolbar: (Barra Yahoo!) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Archivos de programa\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Archivos de programa\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Softonic ES Toolbar) - {C2ED826E-8903-4A9D-B0DF-3A8FB8EA918A} - C:\Archivos de programa\Softonic_ES\tbSof1.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Archivos de programa\Winamp Toolbar\winamptb.dll (AOL LLC.)
O4 - HKLM..\Run: [Adobe ARM] C:\Archivos de programa\Archivos comunes\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Archivos de programa\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Archivos de programa\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [swg] C:\Archivos de programa\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [uTorrent] C:\Archivos de programa\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Datos de programa\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: Google Sidewiki... - C:\Archivos de programa\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Archivos de programa\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} [You must be registered and logged in to see this link.] (Windows Genuine Advantage Validation Tool)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} [You must be registered and logged in to see this link.] (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_21)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_21)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 200.49.130.20 200.49.130.21 200.49.130.32 172.20.2.23
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Archivos de programa\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Archivos de programa\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O24 - Desktop Components:0 (Mi página de inicio actual) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Felicidad.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Felicidad.bmp
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2008/12/09 10:52:10 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/10/20 01:04:12 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Archivos de programa\OTL.exe
[2010/10/15 13:19:05 | 000,000,000 | ---D | C] -- C:\Archivos de programa\pd
[2010/10/15 01:15:08 | 000,000,000 | ---D | C] -- C:\Archivos de programa\AudioTranscoder
[2010/10/15 01:14:46 | 000,000,000 | ---D | C] -- C:\Archivos de programa\AutocompletePro
[2010/10/15 01:13:28 | 010,625,040 | ---- | C] (Digital Music Software ) -- C:\Archivos de programa\audiotranscoder.exe
[2010/10/13 01:11:48 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc42.dll
[2010/10/13 01:11:48 | 000,953,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40u.dll
[2010/10/13 01:11:30 | 000,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comctl32.dll
[2010/10/08 10:44:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\yo\Escritorio\74937
[2010/10/08 01:54:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\yo\Mis documentos\Descargas
[2010/10/06 14:43:04 | 008,352,152 | ---- | C] (Mozilla) -- C:\Documents and Settings\yo\Escritorio\Firefox Setup 3.6.10.exe
[2010/09/29 04:21:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\yo\Datos de programa\ERS Game Studios
[2010/09/28 18:54:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\yo\Escritorio\90323
[2010/09/26 03:30:03 | 000,000,000 | ---D | C] -- C:\Archivos de programa\vobedit06
[2010/09/20 20:09:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\yo\Escritorio\flash5
[2010/09/17 20:23:50 | 004,179,293 | ---- | C] (Lavalys, Inc. ) -- C:\Archivos de programa\everesthome220.exe
[2010/06/14 18:33:37 | 000,259,072 | ---- | C] ([You must be registered and logged in to see this link.] -- C:\Archivos de programa\Half-open_limit_fix_4.1.exe
[2010/06/04 16:31:33 | 000,299,864 | ---- | C] (Microsoft Corporation) -- C:\Archivos de programa\dxwebsetup.exe
[2009/03/13 12:58:48 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\yo\Datos de programa\pcouffin.sys
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/10/20 01:37:05 | 000,001,038 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/10/20 01:04:21 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Archivos de programa\OTL.exe
[2010/10/20 00:37:00 | 000,001,034 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/10/17 22:48:43 | 000,054,272 | ---- | M] () -- C:\Documents and Settings\yo\Mis documentos\Curriculum Vitae.doc
[2010/10/17 01:42:08 | 000,232,448 | ---- | M] () -- C:\Documents and Settings\yo\Configuración local\Datos de programa\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/16 19:49:15 | 000,000,671 | ---- | M] () -- C:\Documents and Settings\yo\Datos de programa\vso_ts_preview.xml
[2010/10/15 13:19:07 | 000,000,647 | ---- | M] () -- C:\Documents and Settings\yo\Escritorio\Páginas Doradas 2007.lnk
[2010/10/15 01:15:11 | 000,000,817 | ---- | M] () -- C:\Documents and Settings\All Users\Escritorio\Audio Transcoder.lnk
[2010/10/15 01:13:28 | 010,625,040 | ---- | M] (Digital Music Software ) -- C:\Archivos de programa\audiotranscoder.exe
[2010/10/15 00:58:51 | 000,015,349 | ---- | M] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp Music Converter.dat
[2010/10/15 00:58:33 | 000,033,846 | ---- | M] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp Music Converter.bmp
[2010/10/14 20:53:47 | 000,010,752 | ---- | M] () -- C:\Documents and Settings\yo\Mis documentos\Nuevo Documento de Microsoft Word.doc
[2010/10/13 12:00:06 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/10/13 11:59:54 | 000,000,554 | ---- | M] () -- C:\Documents and Settings\yo\Escritorio\Emule incoming.lnk
[2010/10/13 11:32:02 | 000,000,298 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/10/13 03:16:39 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/10/13 03:16:37 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/10/13 03:16:35 | 000,243,128 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/10/13 01:25:50 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/10/07 16:07:03 | 000,001,764 | ---- | M] () -- C:\Documents and Settings\All Users\Escritorio\Adobe Reader 9.lnk
[2010/10/06 14:45:58 | 000,001,665 | ---- | M] () -- C:\Documents and Settings\All Users\Escritorio\Mozilla Firefox.lnk
[2010/10/06 14:44:20 | 008,352,152 | ---- | M] (Mozilla) -- C:\Documents and Settings\yo\Escritorio\Firefox Setup 3.6.10.exe
[2010/09/27 20:10:53 | 000,000,133 | ---- | M] () -- C:\WINDOWS\VobEdit.INI
[2010/09/26 19:18:21 | 000,026,098 | ---- | M] () -- C:\Archivos de programa\121819.rar
[2010/09/24 01:30:08 | 000,001,876 | ---- | M] () -- C:\Documents and Settings\All Users\Escritorio\Google Chrome.lnk
[2010/09/23 19:40:09 | 015,401,508 | ---- | M] () -- C:\Documents and Settings\yo\Escritorio\Roy Ward - The Lion sleeps tonight 2010 Germany.mp4
[2010/09/23 19:14:39 | 015,401,508 | ---- | M] () -- C:\Documents and Settings\yo\Escritorio\Roy Ward - The Lion sleeps tonight 2010.mp4
[2010/09/22 11:37:30 | 000,001,639 | ---- | M] () -- C:\Documents and Settings\All Users\Escritorio\QuickTime Player.lnk
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/15 13:19:07 | 000,000,647 | ---- | C] () -- C:\Documents and Settings\yo\Escritorio\Páginas Doradas 2007.lnk
[2010/10/15 01:15:11 | 000,000,817 | ---- | C] () -- C:\Documents and Settings\All Users\Escritorio\Audio Transcoder.lnk
[2010/10/14 20:53:47 | 000,010,752 | ---- | C] () -- C:\Documents and Settings\yo\Mis documentos\Nuevo Documento de Microsoft Word.doc
[2010/10/13 11:59:54 | 000,000,554 | ---- | C] () -- C:\Documents and Settings\yo\Escritorio\Emule incoming.lnk
[2010/10/07 16:07:03 | 000,001,764 | ---- | C] () -- C:\Documents and Settings\All Users\Escritorio\Adobe Reader 9.lnk
[2010/09/26 19:18:15 | 000,026,098 | ---- | C] () -- C:\Archivos de programa\121819.rar
[2010/09/26 03:30:26 | 000,000,133 | ---- | C] () -- C:\WINDOWS\VobEdit.INI
[2010/09/23 19:40:09 | 015,401,508 | ---- | C] () -- C:\Documents and Settings\yo\Escritorio\Roy Ward - The Lion sleeps tonight 2010 Germany.mp4
[2010/09/23 19:14:39 | 015,401,508 | ---- | C] () -- C:\Documents and Settings\yo\Escritorio\Roy Ward - The Lion sleeps tonight 2010.mp4
[2010/09/22 11:37:30 | 000,001,639 | ---- | C] () -- C:\Documents and Settings\All Users\Escritorio\QuickTime Player.lnk
[2010/09/06 20:39:47 | 000,291,640 | ---- | C] () -- C:\Archivos de programa\SoftonicDownloader22230.exe
[2010/04/06 14:55:30 | 000,081,920 | ---- | C] () -- C:\Documents and Settings\yo\Datos de programa\ezpinst.exe
[2009/03/13 13:31:41 | 000,232,448 | ---- | C] () -- C:\Documents and Settings\yo\Configuración local\Datos de programa\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/13 12:59:17 | 000,000,671 | ---- | C] () -- C:\Documents and Settings\yo\Datos de programa\vso_ts_preview.xml
[2009/03/13 12:58:53 | 000,000,034 | ---- | C] () -- C:\Documents and Settings\yo\Datos de programa\pcouffin.log
[2009/03/13 12:58:48 | 000,007,176 | ---- | C] () -- C:\Documents and Settings\yo\Datos de programa\pcouffin.cat
[2009/03/13 12:58:48 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\yo\Datos de programa\pcouffin.inf
[2008/12/09 17:43:55 | 000,004,205 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/12/09 11:28:41 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/12/09 11:08:14 | 000,000,379 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/12/09 10:59:55 | 000,147,456 | R--- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4864.dll
[2003/04/11 12:14:14 | 000,005,827 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== Alternate Data Streams ==========

@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Datos de programa\TEMP:DFC5A2B2

< End of report >

vitrola
Novice
Novice

Posts Posts : 32
Joined Joined : 2010-07-17
OS OS : windows XP professional version 2002
Points Points : 23792
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Internet explorer windows

Post by vitrola on Wed Oct 20, 2010 12:54 am

and the Extras.Txt:

OTL Extras logfile created on: 20/10/2010 01:45:34 a.m. - Run 1
OTL by OldTimer - Version 3.2.16.0 Folder = C:\Archivos de programa
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00002C0A | Country: Argentina | Language: ESS | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 66,00% Memory free
5,00 Gb Paging File | 4,00 Gb Available in Paging File | 82,00% Paging File free
Paging file location(s): C:\pagefile.sys 3055 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Archivos de programa
Drive C: | 232,88 Gb Total Space | 42,81 Gb Free Space | 18,38% Space Free | Partition Type: NTFS

Computer Name: COMMODORE | User Name: yo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Archivos de programa\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Archivos de programa\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiSpyWareDisableNotify" = 1
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"48312:UDP" = 48312:UDP:*:Enabled:emule puerto
"45113:TCP" = 45113:TCP:*:Enabled:emule puerto

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Archivos de programa\Real Alternative\Media Player Classic\mplayerc.exe" = C:\Archivos de programa\Real Alternative\Media Player Classic\mplayerc.exe:*:Enabled:Media Player Classic -- (Gabest)
"C:\Archivos de programa\uTorrent\uTorrent.exe" = C:\Archivos de programa\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Archivos de programa\eMule\emule.exe" = C:\Archivos de programa\eMule\emule.exe:*:Enabled:eMule -- (http://www.emule-project.net)
"C:\Archivos de programa\VLC\vlc.exe" = C:\Archivos de programa\VLC\vlc.exe:*:Enabled:VLC media player -- ()
"C:\Archivos de programa\Java\jre6\bin\javaw.exe" = C:\Archivos de programa\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0EDB29CF-5FFC-4824-9F13-3D1C4286CA98}_is1" = Audio Transcoder
"{1692CC0E-8798-493A-9580-23555E21C14B}" = Windows Live Messenger
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 21
"{350C9C0A-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{76C24F39-B161-498F-BD8B-C64789812D13}_is1" = ConvertXtoDVD 3.2.8.92
"{90110C0A-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A45F4518-0DC7-474A-BBE1-F04CC2D6FD93}" = Ontrack EasyRecovery Professional Trial
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B96D2269-568B-4CBF-9332-12FAE8B158F7}" = Medieval CUE Splitter
"{CA567AD5-33A4-403D-86D1-EE2D38251951}_is1" = VDownloader 1.1
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AutocompletePro3_is1" = AutocompletePro
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Caratulador" = Caratulador
"CCleaner" = CCleaner
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2008-01-24
"dBpoweramp FLAC Codec" = dBpoweramp FLAC Codec
"dBpoweramp m4a Codec" = dBpoweramp m4a Codec
"dBpoweramp Monkeys Audio Codec" = dBpoweramp Monkeys Audio Codec
"dBpoweramp Music Converter" = dBpoweramp Music Converter
"eMule" = eMule
"ESET Online Scanner" = ESET Online Scanner v3
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"foobar2000" = foobar2000 v1.0.3
"Google Chrome" = Google Chrome
"Guía Telefónica de Páginas Doradas_is1" = Páginas Doradas 2007
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{A45F4518-0DC7-474A-BBE1-F04CC2D6FD93}" = Ontrack EasyRecovery Professional del Ensayo
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Monkey's Audio_is1" = Monkey's Audio
"Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nero7_is1" = Nero 7.10.1.0
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"RealAlt_is1" = Real Alternative 1.9.0
"Softonic_ES Toolbar" = Softonic_ES Toolbar
"VLC media player" = VLC media player 1.1.0
"Winamp" = Winamp
"Winamp Toolbar" = Winamp Toolbar
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Reproductor de Windows Media 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = Compresor WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Barra Yahoo!
"Youtube Downloader HD_is1" = Youtube Downloader HD v. 2.2

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent
"Winamp Detect" = Aplicación para detectar Winamp

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 15/10/2010 10:47:07 a.m. | Computer Name = COMMODORE | Source = Application Error | ID = 1001
Description = Depósito 2030147522 incorrecto.

Error - 17/10/2010 03:56:41 p.m. | Computer Name = COMMODORE | Source = Application Error | ID = 1000
Description = Aplicación con errores: iexplore.exe, versión: 7.0.6000.17091, módulo
con error: unknown, versión 0.0.0.0, dirección de error 0x30488b3f.

Error - 17/10/2010 03:57:43 p.m. | Computer Name = COMMODORE | Source = Application Error | ID = 1001
Description = Depósito 2066832462 incorrecto.

Error - 17/10/2010 05:49:15 p.m. | Computer Name = COMMODORE | Source = Application Hang | ID = 1002
Description = Aplicación que no responde: guardgui.exe, versión 9.0.3.0, módulo
que no responde hungapp, versión 0.0.0.0, dirección que no responde 0x00000000.

Error - 17/10/2010 05:49:26 p.m. | Computer Name = COMMODORE | Source = Application Hang | ID = 1001
Description = Depósito 1249076614 incorrecto.

Error - 17/10/2010 05:57:51 p.m. | Computer Name = COMMODORE | Source = Application Hang | ID = 1002
Description = Aplicación que no responde: guardgui.exe, versión 9.0.3.0, módulo
que no responde hungapp, versión 0.0.0.0, dirección que no responde 0x00000000.

Error - 17/10/2010 05:57:56 p.m. | Computer Name = COMMODORE | Source = Application Hang | ID = 1001
Description = Depósito 1249076614 incorrecto.

Error - 17/10/2010 11:39:24 p.m. | Computer Name = COMMODORE | Source = Application Hang | ID = 1002
Description = Aplicación que no responde: nero.exe, versión 7.10.1.0, módulo que
no responde hungapp, versión 0.0.0.0, dirección que no responde 0x00000000.

Error - 20/10/2010 12:48:05 a.m. | Computer Name = COMMODORE | Source = Application Hang | ID = 1002
Description = Aplicación que no responde: iexplore.exe, versión 7.0.6000.17091,
módulo que no responde hungapp, versión 0.0.0.0, dirección que no responde 0x00000000.

Error - 20/10/2010 12:48:06 a.m. | Computer Name = COMMODORE | Source = Application Hang | ID = 1002
Description = Aplicación que no responde: iexplore.exe, versión 7.0.6000.17091,
módulo que no responde hungapp, versión 0.0.0.0, dirección que no responde 0x00000000.

[ System Events ]
Error - 15/10/2010 12:15:50 a.m. | Computer Name = COMMODORE | Source = atapi | ID = 262153
Description = El dispositivo, \Device\Ide\IdePort1, no respondió en el tiempo de
espera permitido.

Error - 15/10/2010 12:25:00 p.m. | Computer Name = COMMODORE | Source = atapi | ID = 262153
Description = El dispositivo, \Device\Ide\IdePort1, no respondió en el tiempo de
espera permitido.

Error - 15/10/2010 05:40:38 p.m. | Computer Name = COMMODORE | Source = Dhcp | ID = 1002
Description = La concesión de la dirección IP 186.137.232.229 para la tarjeta de
red con la dirección de red 001FD013B863 ha sido denegada por el servidor DHCP 0.0.0.0
(el servidor DHCP envió un mensaje DHCPNACK).

Error - 15/10/2010 05:41:19 p.m. | Computer Name = COMMODORE | Source = Dhcp | ID = 1002
Description = La concesión de la dirección IP 192.168.100.10 para la tarjeta de
red con la dirección de red 001FD013B863 ha sido denegada por el servidor DHCP 186.137.232.1
(el servidor DHCP envió un mensaje DHCPNACK).

Error - 16/10/2010 06:47:49 p.m. | Computer Name = COMMODORE | Source = atapi | ID = 262153
Description = El dispositivo, \Device\Ide\IdePort1, no respondió en el tiempo de
espera permitido.

Error - 17/10/2010 05:03:41 p.m. | Computer Name = COMMODORE | Source = Print | ID = 6161
Description = No se puede imprimir el documento Microsoft Word - Curriculum Vitae.doc
propiedad de yo en la impresora HP DeskJet 840C/841C/842C/843C. Tipo de datos:
NT EMF 1.008. Tamaño del archivo de cola de impresión en bytes: 1158192. Número
de bytes impresos: 16856. Número de páginas en el documento: 4. Número de páginas
impresas: 1. Equipo cliente: \\COMMODORE. Código de error Win32 devuelto por el
procesador de impresión: 0 (0x0).

Error - 17/10/2010 05:36:44 p.m. | Computer Name = COMMODORE | Source = atapi | ID = 262153
Description = El dispositivo, \Device\Ide\IdePort1, no respondió en el tiempo de
espera permitido.

Error - 17/10/2010 05:41:14 p.m. | Computer Name = COMMODORE | Source = Print | ID = 6161
Description = No se puede imprimir el documento Microsoft Word - Curriculum Vitae.doc
propiedad de yo en la impresora HP DeskJet 840C/841C/842C/843C. Tipo de datos:
NT EMF 1.008. Tamaño del archivo de cola de impresión en bytes: 1159060. Número
de bytes impresos: 17808. Número de páginas en el documento: 4. Número de páginas
impresas: 1. Equipo cliente: \\COMMODORE. Código de error Win32 devuelto por el
procesador de impresión: 0 (0x0).

Error - 17/10/2010 06:06:04 p.m. | Computer Name = COMMODORE | Source = atapi | ID = 262153
Description = El dispositivo, \Device\Ide\IdePort1, no respondió en el tiempo de
espera permitido.

Error - 19/10/2010 05:14:03 p.m. | Computer Name = COMMODORE | Source = atapi | ID = 262153
Description = El dispositivo, \Device\Ide\IdePort1, no respondió en el tiempo de
espera permitido.


< End of report >

vitrola
Novice
Novice

Posts Posts : 32
Joined Joined : 2010-07-17
OS OS : windows XP professional version 2002
Points Points : 23792
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Internet explorer windows

Post by vitrola on Wed Oct 20, 2010 3:07 pm

Hello

I'm seeing files (like slides) in my desktop and other folders (my documents, my music and downloads)

Thumbs,thumbs.db, desktop.ini

And I have on C: one called Recycler and another System Volume information, among other ones.

Thanks for your help
Sebastian

vitrola
Novice
Novice

Posts Posts : 32
Joined Joined : 2010-07-17
OS OS : windows XP professional version 2002
Points Points : 23792
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Internet explorer windows

Post by Belahzur on Wed Oct 20, 2010 7:20 pm

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Internet explorer windows

Post by vitrola on Wed Oct 20, 2010 7:56 pm

Hello

Malwarebytes' Anti-Malware 1.46
[You must be registered and logged in to see this link.]

Database version: 4896

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

20/10/2010 08:51:46 p.m.
mbam-log-2010-10-20 (20-51-46).txt

Scan type: Quick scan
Objects scanned: 146341
Time elapsed: 3 minute(s), 34 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

vitrola
Novice
Novice

Posts Posts : 32
Joined Joined : 2010-07-17
OS OS : windows XP professional version 2002
Points Points : 23792
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Internet explorer windows

Post by Belahzur on Thu Oct 21, 2010 8:02 pm

Hello.

  • Download combofix from here
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:





    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See [You must be registered and logged in to see this link.] for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Internet explorer windows

Post by vitrola on Fri Oct 22, 2010 1:43 am

Hello

Here's the log:

ComboFix 10-10-21.02 - yo 22/10/2010 2:26.5.2 - x86
Running from: c:\documents and settings\yo\Escritorio\Combo-Fix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\yo\Datos de programa\PriceGong
c:\documents and settings\yo\Datos de programa\PriceGong\Data\1.xml
c:\documents and settings\yo\Datos de programa\PriceGong\Data\a.xml
c:\documents and settings\yo\Datos de programa\PriceGong\Data\b.xml
c:\documents and settings\yo\Datos de programa\PriceGong\Data\c.xml
c:\documents and settings\yo\Datos de programa\PriceGong\Data\d.xml
c:\documents and settings\yo\Datos de programa\PriceGong\Data\e.xml
c:\documents and settings\yo\Datos de programa\PriceGong\Data\f.xml
c:\documents and settings\yo\Datos de programa\PriceGong\Data\g.xml
c:\documents and settings\yo\Datos de programa\PriceGong\Data\h.xml
c:\documents and settings\yo\Datos de programa\PriceGong\Data\i.xml
c:\documents and settings\yo\Datos de programa\PriceGong\Data\J.xml
c:\documents and settings\yo\Datos de programa\PriceGong\Data\k.xml
c:\documents and settings\yo\Datos de programa\PriceGong\Data\l.xml
c:\documents and settings\yo\Datos de programa\PriceGong\Data\m.xml
c:\documents and settings\yo\Datos de programa\PriceGong\Data\n.xml
c:\documents and settings\yo\Datos de programa\PriceGong\Data\o.xml
c:\documents and settings\yo\Datos de programa\PriceGong\Data\p.xml
c:\documents and settings\yo\Datos de programa\PriceGong\Data\q.xml
c:\documents and settings\yo\Datos de programa\PriceGong\Data\r.xml
c:\documents and settings\yo\Datos de programa\PriceGong\Data\s.xml
c:\documents and settings\yo\Datos de programa\PriceGong\Data\t.xml
c:\documents and settings\yo\Datos de programa\PriceGong\Data\u.xml
c:\documents and settings\yo\Datos de programa\PriceGong\Data\v.xml
c:\documents and settings\yo\Datos de programa\PriceGong\Data\w.xml
c:\documents and settings\yo\Datos de programa\PriceGong\Data\x.xml
c:\documents and settings\yo\Datos de programa\PriceGong\Data\y.xml
c:\documents and settings\yo\Datos de programa\PriceGong\Data\z.xml

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_usnjsvc


((((((((((((((((((((((((( Files Created from 2010-09-22 to 2010-10-22 )))))))))))))))))))))))))))))))
.

2010-10-20 23:47 . 2010-04-29 18:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-20 23:47 . 2010-04-29 18:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-20 23:45 . 2010-10-20 23:45 6153352 ----a-w- c:\archivos de programa\mbam-setup-1.46.exe
2010-10-20 04:04 . 2010-10-20 04:04 575488 ----a-w- c:\archivos de programa\OTL.exe
2010-10-15 16:19 . 2010-10-15 16:19 -------- d-----w- c:\archivos de programa\pd
2010-10-15 04:15 . 2010-10-15 04:15 -------- d-----w- c:\archivos de programa\AudioTranscoder
2010-10-15 04:14 . 2010-10-15 04:14 -------- d-----w- c:\archivos de programa\AutocompletePro
2010-10-15 04:13 . 2010-10-15 04:13 10625040 ----a-w- c:\archivos de programa\audiotranscoder.exe
2010-10-13 04:24 . 2008-04-14 09:48 221184 ----a-w- c:\windows\system32\wmpns.dll
2010-10-13 04:11 . 2010-09-18 06:53 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
2010-10-13 04:11 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2010-10-13 04:11 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2010-10-06 17:45 . 2010-09-14 23:03 718296 ----a-w- c:\archivos de programa\Mozilla Firefox\mozcpp19.dll
2010-10-06 17:45 . 2010-09-14 23:03 14808 ----a-w- c:\archivos de programa\Mozilla Firefox\plugin-container.exe
2010-09-29 07:21 . 2010-09-29 07:21 -------- d-----w- c:\documents and settings\yo\Datos de programa\ERS Game Studios
2010-09-26 06:30 . 2010-09-26 06:30 -------- d-----w- c:\archivos de programa\vobedit06
2010-09-22 21:10 . 2010-09-22 21:10 103864 ----a-w- c:\archivos de programa\Mozilla Firefox\plugins\nppdf32.dll
2010-09-22 21:10 . 2010-09-22 21:10 103864 ----a-w- c:\archivos de programa\Internet Explorer\PLUGINS\nppdf32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\archivos de programa\Winamp Toolbar\winamptb.dll" [2009-05-06 1262888]
"{c2ed826e-8903-4a9d-b0df-3a8fb8ea918a}"= "c:\archivos de programa\Softonic_ES\tbSof1.dll" [2010-09-14 2735200]

[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]

[HKEY_CLASSES_ROOT\clsid\{c2ed826e-8903-4a9d-b0df-3a8fb8ea918a}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c2ed826e-8903-4a9d-b0df-3a8fb8ea918a}]
2010-09-14 04:45 2735200 ----a-w- c:\archivos de programa\Softonic_ES\tbSof1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{c2ed826e-8903-4a9d-b0df-3a8fb8ea918a}"= "c:\archivos de programa\Softonic_ES\tbSof1.dll" [2010-09-14 2735200]

[HKEY_CLASSES_ROOT\clsid\{c2ed826e-8903-4a9d-b0df-3a8fb8ea918a}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{C2ED826E-8903-4A9D-B0DF-3A8FB8EA918A}"= "c:\archivos de programa\Softonic_ES\tbSof1.dll" [2010-09-14 2735200]

[HKEY_CLASSES_ROOT\clsid\{c2ed826e-8903-4a9d-b0df-3a8fb8ea918a}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\archivos de programa\uTorrent\uTorrent.exe" [2009-07-15 288048]
"swg"="c:\archivos de programa\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-02 68856]
"SpybotSD TeaTimer"="c:\archivos de programa\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\archivos de programa\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"QuickTime Task"="c:\archivos de programa\QuickTime\qttask.exe" [2010-09-08 421888]
"Adobe Reader Speed Launcher"="c:\archivos de programa\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\archivos de programa\Archivos comunes\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpybotSD TeaTimer"=c:\archivos de programa\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\archivos de programa\QuickTime\qttask.exe" -atboottime
"Adobe Reader Speed Launcher"="c:\archivos de programa\Adobe\Reader 9.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiSpyWareDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Archivos de programa\\Real Alternative\\Media Player Classic\\mplayerc.exe"=
"c:\\Archivos de programa\\uTorrent\\uTorrent.exe"=
"c:\\Archivos de programa\\MSN Messenger\\msnmsgr.exe"=
"c:\\Archivos de programa\\MSN Messenger\\livecall.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Archivos de programa\\eMule\\emule.exe"=
"c:\\Archivos de programa\\VLC\\vlc.exe"=
"c:\\Archivos de programa\\Java\\jre6\\bin\\javaw.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"48312:UDP"= 48312:UDP:emule puerto
"45113:TCP"= 45113:TCP:emule puerto

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\archivos de programa\Avira\AntiVir Desktop\sched.exe [24/01/2010 06:48 p.m. 108289]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\archiv~1\mcafee\SITEAD~1\mcsacore.exe [23/08/2010 06:37 p.m. 88176]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S2 gupdate;Servicio de actualización de Google (gupdate);c:\archivos de programa\Google\Update\GoogleUpdate.exe [03/02/2010 02:55 p.m. 135664]
.
Contents of the 'Scheduled Tasks' folder

2010-10-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\archivos de programa\Apple Software Update\SoftwareUpdate.exe [2008-07-30 15:34]

2010-10-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\archivos de programa\Google\Update\GoogleUpdate.exe [2010-02-03 17:55]

2010-10-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\archivos de programa\Google\Update\GoogleUpdate.exe [2010-02-03 17:55]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: &Winamp Search - c:\documents and settings\All Users\Datos de programa\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&xportar a Microsoft Excel - c:\archiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\archivos de programa\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
FF - ProfilePath - c:\documents and settings\yo\Datos de programa\Mozilla\Firefox\Profiles\pnydudbk.default\
FF - prefs.js: browser.search.defaulturl - [You must be registered and logged in to see this link.]
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
FF - component: c:\archivos de programa\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - component: c:\documents and settings\yo\Datos de programa\Mozilla\Firefox\Profiles\pnydudbk.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
FF - plugin: c:\archivos de programa\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\archivos de programa\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\archivos de programa\Mozilla Firefox\plugins\npwachk.dll

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:\archivos de programa\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\archivos de programa\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\archivos de programa\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

Notify-WgaLogon - (no file)


.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3988)
c:\windows\system32\WININET.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\archivos de programa\Avira\AntiVir Desktop\avguard.exe
c:\archivos de programa\Java\jre6\bin\jqs.exe
c:\archivos de programa\Archivos comunes\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Completion time: 2010-10-22 02:35:53 - machine was rebooted
ComboFix-quarantined-files.txt 2010-10-22 05:35

Pre-Run: 60.490.002.432 bytes libres
Post-Run: 63.697.776.640 bytes libres

- - End Of File - - D9BB8AD31E322537B03A4655780CDF80

vitrola
Novice
Novice

Posts Posts : 32
Joined Joined : 2010-07-17
OS OS : windows XP professional version 2002
Points Points : 23792
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Internet explorer windows

Post by Belahzur on Fri Oct 22, 2010 7:46 pm

Hello.

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /uninstall

This will also reset your restore points.

Run ESET Online Scan
Please do an online scan with [You must be registered and logged in to see this link.]. Please use Internet Explorer as it uses ActiveX.

  • Check (tick) this box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • When prompted to run ActiveX. click Yes.
  • You will be asked to install an ActiveX. Click Install.
  • Once installed, the scanner will be initialized.
  • After the scanner is initialized, click Start.
  • Check (tick) Remove found threats box.
  • Check (tick) Scan unwanted applications.
  • Click on Scan.
  • It will start scanning. Please be patient.
  • Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Internet explorer windows

Post by vitrola on Sat Oct 23, 2010 12:43 am

Hello


ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=7.00.6000.17080 (vista_gdr.100616-0452)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=6b0f242df8dca049999e7fd9200bc875
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-08-15 03:57:13
# local_time=2010-08-15 12:57:13 (-0300, Hora estándar de Argentina)
# country="Argentina"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1797 16775141 100 94 0 53565836 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=45475
# found=0
# cleaned=0
# scan_time=914
# version=7
# iexplore.exe=7.00.6000.17091 (vista_gdr.100824-1500)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=6b0f242df8dca049999e7fd9200bc875
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-10-23 04:38:06
# local_time=2010-10-23 01:38:06 (-0300, Hora estándar de Argentina)
# country="Argentina"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1797 16775141 100 94 0 59529366 0 0
# compatibility_mode=8192 67108863 100 0 5042289 5042289 0 0
# scanned=61864
# found=2
# cleaned=2
# scan_time=1436
C:\Archivos de programa\VSO\install_vsoconvertxtodvd3_setup_3.2.8.92.exe VBS/StartPage.NCM.Gen trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{59D6C9FD-1AC5-4ADB-81D1-A8E79044010B}\RP93\A0016589.exe VBS/StartPage.NCM.Gen trojan (deleted - quarantined) 00000000000000000000000000000000 C

vitrola
Novice
Novice

Posts Posts : 32
Joined Joined : 2010-07-17
OS OS : windows XP professional version 2002
Points Points : 23792
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Internet explorer windows

Post by Belahzur on Sat Oct 23, 2010 8:05 pm

Hello.


We need to make a new restore point.

To turn off System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Click the Turn off System Restore check box (or the Turn off System Restore on all drives check box), and then click OK.
4. Click Yes when you receive the prompt to the turn off System Restore.

Now we need to make a new restore point.
To turn on System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Click the Turn off System Restore check box (To turn on System Restore), and then click OK.

How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Internet explorer windows

Post by vitrola on Sun Oct 24, 2010 9:49 pm

Hello

I think it's doing fine.
But the problem is related to files (like slides) appearing in my desktop and mainly in folders related to music.
Thumbs.db, desktop.ini

And on C appears a folder called Recycler and another called System Volume Information, among other ones.
What should I do with all these files?

Thanks again for your help

Sebastian

vitrola
Novice
Novice

Posts Posts : 32
Joined Joined : 2010-07-17
OS OS : windows XP professional version 2002
Points Points : 23792
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Internet explorer windows

Post by Belahzur on Mon Oct 25, 2010 8:13 pm

Hello.
You can delete the thumbs.db and desktop.ini files.

The System Volume Information and Recycler are legit.

  1. Open My Computer.
  2. Go to Tools > Folder Options.
  3. Select the View tab.
  4. Scroll down to Hidden files and folders.
  5. Select Don't show hidden files and folders.
  6. Check (tick) Hide protected operating system files (Recommended).
  7. Click Yes when prompted.
  8. Click OK.
  9. Close My Computer.

How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Internet explorer windows

Post by vitrola on Thu Oct 28, 2010 7:57 pm

Hello

I think it's doing OK now but I couldn't check a bit longer.

Thanks a lot for your help

Cheers

Sebastian

vitrola
Novice
Novice

Posts Posts : 32
Joined Joined : 2010-07-17
OS OS : windows XP professional version 2002
Points Points : 23792
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum