SAludos
Tengo un problema me aparecen muchas ventanas emergentees
de internet explorer aun sin estar conectado
y hay muchos procesos IEXPLORER.EXE corriendo sin q yo los inicie
ademas q despues de una rato de estar en el Internet Explorer
aparece un mensaje de Error y deve cerrarse

Ahora tambien para navegar por internet tengo q poner la direccion de kada pagina en la barra de direcciones esto por q si pongo la bisqueda aparece un error .. eSpero me ayuden


"" Use el AD-Ware SE Personal "" hice un skan kompleto y elimine todo lo q enkontro pero el problema kon los Errores de I Explorer siguen ademas q
derrepente se poner demaciodo lenta la PC y tengo q apagarla y reinicias

Hola killer007


-Descargate las siguientes herramientas, pero no la ejecutes aún

• SDFix
• SuperAntiSpyware (actualizalo)
• Ccleaner(Manual)

- "Apaga Restaurar Sistema"

-Activa la opción "Ver archivos ocultos"

-"Reinicia a prueba de fallos"


-Usa el Ccleaner para limpiar el sistema,primero utilizá la opción de "Limpiador" para borrar cookies, temporales de Internet y todos los archivos que este te muestre como obsoletos.y luego usa su opción de "Registro" para limpiar todo el registro de Windows (haciendo copia de seguridad).

-Ejecuta SuperAntiSpyware (Elimina todo lo que encuentre y tú antivirus (previamente actualizado)

-Ejecuta SDFix.exe en el escritorio, se creará una nueva carpeta en el escritorio, entra en dicha carpeta y ejecuta el archivo "Runthis.bat" luego, presiona la tecla "Y" para que comience el chequeo, al terminar, se creará un archivo dentro de la carpeta llamado Report.txt, copia y pega lo que indique ese reporte acá.

-Reinicai el PC a "Modo normal"

-Ejecuta solamente y nuevamente SuperAntiSpyware (Elimina todo lo que encuentre)

-Pasa 2 antivirus online el Ewido Scanner Online y Kaspersky Online Scanner.si hay algo que no te eliminen lo pones aquí con su ruta completa.


salu2
Recuerda volver y contarnos los resultados

hola
yo tengo 3 virus desde hace meses y no he podido eliminarlas con nada, esta cosa esta volviendo lenta a mi pc . se llama: Backweb y yo tengo antivirus el sin espias y el ad-aware SE Professional.


en serio necesito ayuda se que hacer

Hola

aomesk abre un nuevo tema explicando tu problema, ya que si tratamos los dos casos en este mensaje lo único que vamos a conseguir es confundirnos...ok?

Salu2

Hice todo al pie de la la letra

-Ejecute SuperAntiSpyware [elimine todo lo q aparecio]


-Aca el reporte de "SDFix.exe "

-------------------------------------------------------------
SDFix: Version 1.85

Run by DELL USER - Mon 05/28/2007 - 13:48:13.82

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\DOCUME~1\DELLUS~1\Desktop\SDFix

Safe Mode:
Checking Services:

Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...

Normal Mode:
Checking Files:

Below files will be copied to Backups folder then removed:

C:\WINDOWS\svchost.exe - Deleted
C:\WINDOWS\system32\vx.tll - Deleted

Removing Temp Files...

ADS Check:

Checking if ADS is attached to system32 Folder
C:\WINDOWS\system32
No streams found.

Checking if ADS is attached to svchost.exe
C:\WINDOWS\system32\svchost.exe
No streams found.

Final Check:

Remaining Services:
------------------

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\standard profile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Kazaa\\kazaa.exe"="C:\\Program Files\\Kazaa\\kazaa.exe:*:Enabled:Kazaa"
"C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe:*:Enabled:Yah oo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Progra m Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Ya hoo! FT Server"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"="C:\ \Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe:*:Dis abled:AOL"
"C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"="C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe:*:Disabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe"="C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe:*:Disabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe"="C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe:*:Disabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Disabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Disabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\1139804548\\EE\\AOLServiceHost.exe"="C :\\Program Files\\Common Files\\AOL\\1139804548\\EE\\AOLServiceHost.exe:*:D isabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Disabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Disabled:AOL Application Loader"
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"="C:\\Prog ram Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe:*:Disabled :AOLTopSpeed"
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"="C:\\Prog ram Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe:*:Disabled :AOLTsMon"
"C:\\Program Files\\QuickTime\\QuickTimePlayer.exe"="C:\\Progra m Files\\QuickTime\\QuickTimePlayer.exe:*:Enabled:Qu ickTime Player"
"C:\\Program Files\\Yahoo!\\Yahoo! Music Engine\\YahooMusicEngine.exe"="C:\\Program Files\\Yahoo!\\Yahoo! Music Engine\\YahooMusicEngine.exe:*:Enabled:SBC Yahoo! Music Engine"
"C:\\mcoinstall.exe"="C:\\mcoinstall.exe:*:Enabled :mcoinstall"
"C:\\Documents and Settings\\DELL USER\\My Documents mm xxkvfokoeeeewwwwwwwwwwwwr\\carlos19\\Setup Files\\Emoticons\\winks, muggins, moods para messenger 7\\DoogalMCO.exe"="C:\\Documents and Settings\\DELL USER\\My Documents mm xxkvfokoeeeewwwwwwwwwwwwr\\carlos19\\Setup Files\\Emoticons\\winks, muggins, moods para messenger 7\\DoogalMCO.exe:*:Enabled: "
"C:\\Program Files\\LimeWire\\comp_artir\\winks,moods,muggins,w eemees and meegos\\mcoinstall.exe"="C:\\Program Files\\LimeWire\\comp_artir\\winks,moods,muggins,w eemees and meegos\\mcoinstall.exe:*:Enabled:mcoinstall"
"C:\\Program Files\\Yahoo!\\browser\\ybrowser.exe"="C:\\Program Files\\Yahoo!\\browser\\ybrowser.exe:*:Enabled:Yah oo! Browser"
"C:\\Program Files\\DAP\\DAP.exe"="C:\\Program Files\\DAP\\DAP.exe:*:Enabled:Download Accelerator Plus (DAP)"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"="C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE:*:Enabled:Internet Explorer"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\ \Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Ena bled:Yahoo! Messenger"
"C:\\Program Files\\Ares\\Ares.exe"="C:\\Program Files\\Ares\\Ares.exe:*:Enabled:Ares"
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Progra m Files\\Real\\RealPlayer\\realplay.exe:*:Enabled:Re alPlayer"
"C:\\WINDOWS\\system32\\P2P Networking\\P2P Networking.exe"="C:\\WINDOWS\\system32\\P2P Networking\\P2P Networking.exe:*:Enabled:P2P Networking"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\MessengerDiscovery\\msgdiscoveryx.exe"="C:\ \Program Files\\MessengerDiscovery\\msgdiscoveryx.exe:*:Ena bled:MessengerDiscovery the MSN Messenger addon"
"C:\\Program Files\\uTorrent\\utorrent.exe"="C:\\Program Files\\uTorrent\\utorrent.exe:*:Enabled:æTorrent"
"C:\\WINDOWS\\svchost.exe"="C:\\WINDOWS\\svchost.e xe:*:Disabled:svchost"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\domainpr ofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"

Remaining Files:
---------------

Backups Folder: - C:\DOCUME~1\DELLUS~1\Desktop\SDFix\backups\backups .zip

Checking For Files with Hidden Attributes:

C:\Documents and Settings\DELL USER\My Documents mm xxkvfokoeeeewwwwwwwwwwwwr\Downloads\Spiderman.3.Te leSync.[Spanish][Xvid-Mp3][wWw.SpaTorrent.com]\Thumbs.db
C:\Program Files\Winamp\Plugins\Milkdrop\Phat+fiShbRaiN+Eo.S_ Mandala_Chasers_remix - www.eos4life.com.milk
C:\Program Files\Common Files\Symantec Shared\VirusDefs\tmp42f3.tmp\ECMSVR32.DLL
C:\Program Files\Common Files\Symantec Shared\VirusDefs\tmp7d12.tmp\ECMSVR32.DLL
C:\Program Files\Common Files\Symantec Shared\VirusDefs\tmp9b5.tmp\ECMSVR32.DLL
C:\WINDOWS\mswtpdxp.dll
C:\WINDOWS\prwttrxp.dll
C:\WINDOWS\system32\dpwttaxp.dll
C:\WINDOWS\system32\mswtpaxp.dll
C:\WINDOWS\system32\verwttxp.dll
C:\Program Files\Winamp\Plugins\freeform\xml\wasabi\xml\old.s ystem-colors.xml
C:\Program Files\Winamp\Plugins\freeform\xml\wasabi\xml\old.s ystem-elements.xml
C:\WINDOWS\windllreg1c.sys
C:\WINDOWS\system32\8A356BA544.sys
C:\WINDOWS\system32\KGyGaAvL.sys
C:\Program Files\Common Files\Symantec Shared\VirusDefs\tmp42f3.tmp\ECBOOTIL.VXD
C:\Program Files\Common Files\Symantec Shared\VirusDefs\tmp42f3.tmp\ECMSVR32.DLL
C:\Program Files\Common Files\Symantec Shared\VirusDefs\tmp7d12.tmp\ECBOOTIL.VXD
C:\Program Files\Common Files\Symantec Shared\VirusDefs\tmp7d12.tmp\ECMSVR32.DLL
C:\Program Files\Common Files\Symantec Shared\VirusDefs\tmp9b5.tmp\ECBOOTIL.VXD
C:\Program Files\Common Files\Symantec Shared\VirusDefs\tmp9b5.tmp\ECMSVR32.DLL
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq24.tmp\comp_artir\ Thumbs.db
C:\Program Files\Windows Media Player\npdrmv2.zip
C:\Program Files\Windows Media Player\npds.zip

Finished
---------------------------------------------------------------------

-Ejecute SuperAntiSpyware otravez [ya no me aparecio nada]
- El scan con Ewido Scanner [elimino todo lo q enkontro]

- Eca el reporte de Kaspersky Online Scanner

------------------------------------------------------
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Monday, May 28, 2007 6:52:05 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 28/05/2007
Kaspersky Anti-Virus database records: 312610
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\

Scan Statistics:
Total number of scanned objects: 43711
Number of viruses found: 3
Number of infected objects: 5 / 0
Number of suspicious objects: 0
Duration of the scan process: 01:13:20

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\3rika.JCMM2M\Local Settings\Temporary Internet Files\Content.IE5\OX23WDMN\fgrenk5nkjdcew[1].jpg Infected: Trojan-Proxy.Win32.Slaper.p skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2007-05-28_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
C:\Documents and Settings\DELL USER\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SUPERAN TISPYWARE.LOG Object is locked skipped
C:\Documents and Settings\DELL USER\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\DELL USER\Desktop\SDFix\backups\backups.zip/backups/svchost.exe Infected: Trojan-Downloader.Win32.Delf.bld skipped
C:\Documents and Settings\DELL USER\Desktop\SDFix\backups\backups.zip ZIP: infected - 1 skipped
C:\Documents and Settings\DELL USER\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\DELL USER\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\DELL USER\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\DELL USER\Local Settings\Temp\Perflib_Perfdata_890.dat Object is locked skipped
C:\Documents and Settings\DELL USER\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\DELL USER\ntuser.dat Object is locked skipped
C:\Documents and Settings\DELL USER\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped
C:\Program Files\DAP\History\Erika\_lasthist.dat Object is locked skipped
C:\Program Files\DAP\History\erika_m\_lasthist.dat Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{161C8C AF-D263-4BB0-A38D-AA68B1E42300}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.lo g Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\etc\Hosts.bak Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\perfc000.dat Infected: Backdoor.Win32.Small.os skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MA P Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MA P Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DAT A Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\WINDOWS\zzzx.exe Infected: Trojan-Downloader.Win32.Delf.bld skipped

Scan process completed.
--------------------------------------------------------------------




Ahora q hay q seguir ???

Hola killer007


- "Apaga Restaurar Sistema"

- Activa la opción "Ver archivos ocultos"

- "Reinicia a prueba de fallos"

- Busca y elimina estos archivos/carpetas (Si no lo/los encuentras activa ''Ver archivos ocultos del sistema''),si no se dejan eliminar descarga el programa "FileASSASSIN",con la opción "Use la función de borrado normal"

• C:\Documents and Settings\3rika.JCMM2M\Local Settings\Temporary Internet Files\Content.IE5\OX23WDMN\fgrenk5nkjdcew[1].jpg
• C:\WINDOWS\system32\perfc000.dat
• C:\WINDOWS\zzzx.exe

- Usa el Ccleaner para limpiar el sistema,primero utilizá la opción de "Limpiador" para borrar cookies, temporales de Internet y todos los archivos que este te muestre como obsoletos.y luego usa su opción de "Registro" para limpiar todo el registro de Windows (haciendo copia de seguridad).

- Ejecuta SuperAntiSpyware y tú antivirus (previamente actualizado)

- Reinici el PC a "Modo normal"

- Elimina todas las cuarentenas que tengas y vacia la papelera tambien.

- Ejecuta solamente y nuevamente SuperAntiSpyware

• Descarga la herramienta ComboFix.exe y guárdala en el escritorio de Win.
• Hace doble-click en el archivo combofix.exe y seguí los avisos.
• Cuando termine este generara un reporte que tendrías que pegar en este mismo mensaje.
  • Nota* Puede que algunos Antivirus como Panda detecten un falso positivo en ComboFix pero no hay que preocuparse por esto.

- Ejecuta SDFix.exe Nuevamente y nos pegas el reporte acá

- Realiza un escaneo online con "Panda ActiveScan Online" nos dejas sus reportes en este mismo mensaje.


salu2
Recuerda volver y contarnos los resultados

[size="1"]DEspues de todo Las ventanas emergentes ya no aparecen y ya no korren los procesos "IExplorer.exe" como antes
Ahora solo sigue el problema para navegar por Internet cosas komo:
-Derrepente copio un URL para abrir una pagina y me sale un mensaje no de pagina no enkontrada si no q en en ese momento no se puede procesar esa peticion y derrepente me abre la pagina [aunq lento no komo antes]
-las imagenes o por ejemplo en Youtube las vistas previas de los videos no aparecen [x]
-Si abro Google.com copiando la URL y hago una busqueda "Forospyware"
me manda resultados k no tienen nada q ver o el mensaje q mencione antes

Ahora hice todo lo q me indikaron......


-Reporte "Comofix"
-------------------------------------------------------------------
"DELL USER" - 2007-05-29 22:07:07 Service Pack 2
ComboFix 07-05.27.V - Running from: "C:\Documents and Settings\DELL USER\Desktop\"


(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


"C:\Temp\17O7\tmpTF.log"
"C:\DOCUME~1\DELLUS~1\Desktop.\internet explorer.lnk"
"C:\DOCUME~1\DELLUS~1\Desktop\internet.lnk"
"C:\WINDOWS\system32\cookie.dat"
"C:\WINDOWS\system32\boa.dat"
"C:\Temp\17O7"


((((((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_NM
-------\nm


((((((((((((((((((((((((((((((( Files Created from 2007-04-28 to 2007-05-29 ))))))))))))))))))))))))))))))))))


2007-05-29 17:58 22,112 -ra------ C:\WINDOWS\system32\drivers\COH_Mon.sys
2007-05-29 06:25 <DIR> d-------- C:\N360_BACKUP
2007-05-28 21:39 <DIR> d-------- C:\Program Files\Norton 360
2007-05-28 20:51 467,536 --a------ C:\ycomp_setup_nis_us.exe
2007-05-28 20:35 <DIR> d-------- C:\DOCUME~1\DELLUS~1\APPLIC~1\WholeSecurity
2007-05-28 15:28 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-05-28 12:35 <DIR> d-------- C:\copya registro
2007-05-28 12:21 <DIR> d-------- C:\Program Files\CCleaner
2007-05-28 12:20 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
2007-05-28 12:19 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-05-28 12:19 <DIR> d-------- C:\DOCUME~1\DELLUS~1\APPLIC~1\SUPERAntiSpyware.com
2007-05-28 12:18 <DIR> d-------- C:\Program Files\SDFix
2007-05-28 12:11 2,719,216 --a------ C:\ccsetup140.exe
2007-05-28 12:10 5,797,152 --------- C:\SUPERAntiSpyware.exe
2007-05-28 12:09 720,010 --------- C:\SDFix.exe
2007-05-28 11:25 <DIR> d-------- C:\WINDOWS\system\temp
2007-05-28 11:25 <DIR> d-------- C:\WINDOWS\system\Content.IE5
2007-05-28 11:20 6,511,392 --a------ C:\dap85.exe
2007-05-27 23:14 <DIR> d-------- C:\DOCUME~1\DELLUS~1\APPLIC~1\Lavasoft
2007-05-27 23:05 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-05-27 23:04 <DIR> d-------- C:\Program Files\Lavasoft
2007-05-27 23:03 2,566,736 --a------ C:\spywareblastersetup351.exe
2007-05-27 23:01 5,037,072 --------- C:\spybotsd14.exe
2007-05-27 22:57 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-05-27 22:56 4,850,920 --a------ C:\aawsepersonal.exe
2007-05-27 19:04 <DIR> d-------- C:\Program Files\VeryPDF PDF2TXT v3.2
2007-05-27 19:04 <DIR> d-------- C:\Naevius.GVI.Converter.v1.4.Keygen.Only-FALLEN
2007-05-27 19:03 <DIR> d-------- C:\Program Files\DivX
2007-05-27 19:01 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-05-27 19:00 <DIR> d-------- C:\Program Files\Instant Messenger Names
2007-05-27 18:59 <DIR> d-------- C:\Program Files\TorrentQ
2007-05-27 18:59 <DIR> d-------- C:\Program Files\ShopperReports(3)
2007-05-27 18:59 <DIR> d-------- C:\Program Files\DelPSGuard
2007-05-27 18:57 <DIR> d-------- C:\Program Files\Norton AntiVirus
2007-05-27 18:54 <DIR> d-------- C:\Program Files\LimeWire
2007-05-27 14:52 786,432 --ah----- C:\DOCUME~1\Guest\NTUSER.DAT
2007-05-25 13:14 <DIR> d-------- C:\Program Files\ESTsoft
2007-05-23 21:39 4 --a------ C:\WINDOWS\system32\stfv.bin
2007-05-23 21:20 12 --a------ C:\WINDOWS\system32\sl.bin
2007-05-23 21:19 12 --a------ C:\WINDOWS\system32\gtv_sd.bin
2007-05-16 15:27 1 --a------ C:\WINDOWS\system32\ps.dat
2007-05-14 20:33 <DIR> d-------- C:\Program Files\DelPSGuard(2)
2007-05-13 23:02 <DIR> d-------- C:\Norton.360.100% Working KeyGen
2007-05-13 16:07 <DIR> d-------- C:\Program Files\PowerISO
2007-05-12 18:19 786,432 --ah----- C:\DOCUME~1\3RIKA~1.JCM\NTUSER.DAT
2007-05-11 15:37 926,241 --a------ C:\WINDOWS\system32\model.dat
2007-05-09 03:06 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-05-05 19:06 11,010,048 --a------ C:\Documents and Settings\DELL USER\ntuser.dat
2007-05-05 19:06 11,010,048 --a------ C:\DOCUME~1\DELLUS~1\ntuser.dat
2007-05-03 23:25 <DIR> d-------- C:\Program Files\BlueSquad
2007-05-03 23:21 1,024 --a------ C:\WINDOWS\system32\PDF2TXT.DAT
2007-05-01 11:04 26,787 --a------ C:\WINDOWS\system32\drivers\vetmonnt.sys
2007-05-01 11:04 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\CA
2007-05-01 09:42 <DIR> d-------- C:\Program Files\Yahoo!
2007-05-01 09:41 <DIR> d-------- C:\Program Files\2Wire
2007-04-30 21:16 <DIR> d-------- C:\DOCUME~1\DELLUS~1\APPLIC~1\TorrentQ
2007-04-30 21:06 <DIR> d-------- C:\Mis descargas
2007-04-29 15:53 <DIR> d-------- C:\45


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )))

2007-05-29 22:15:31 -------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-05-29 02:44:48 -------- d-----w C:\Program Files\Symantec
2007-05-29 02:44:46 48,776 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
2007-05-29 02:44:46 115,000 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-05-29 01:52:55 -------- d-----w C:\Program Files\Common Files\Scanner
2007-05-28 18:42:05 -------- d-----w C:\DOCUME~1\DELLUS~1\APPLIC~1\Burn vga 01
2007-05-28 00:04:58 -------- d-----w C:\DOCUME~1\DELLUS~1\APPLIC~1\uTorrent
2007-05-28 00:02:40 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-05-27 23:28:20 -------- d-----w C:\Program Files\HJT
2007-05-27 23:20:42 -------- d-----w C:\DOCUME~1\DELLUS~1\APPLIC~1\Yahoo!
2007-05-27 23:19:13 -------- d-----w C:\Program Files\Windows NT
2007-05-25 19:07:03 -------- d-----w C:\Program Files\Winamp
2007-05-10 02:12:52 -------- d-----w C:\Program Files\WMR11
2007-05-01 16:04:44 629,264 ----a-w C:\WINDOWS\system32\drivers\VetEFile.sys
2007-05-01 16:04:44 108,592 ----a-w C:\WINDOWS\system32\drivers\VetEBoot.sys
2007-05-01 16:04:08 74,864 ----a-w C:\WINDOWS\system32\VetRedir.dll
2007-05-01 16:04:08 115,824 ----a-w C:\WINDOWS\UnVet32.exe
2007-05-01 16:04:07 21,031 ----a-w C:\WINDOWS\system32\drivers\Vet-Filt.sys
2007-05-01 16:04:07 15,735 ----a-w C:\WINDOWS\system32\drivers\VetFDDNT.sys
2007-05-01 16:04:07 15,478 ----a-w C:\WINDOWS\system32\drivers\Vet-Rec.sys
2007-05-01 16:04:07 111,728 ----a-w C:\WINDOWS\AVShlExt.dll
2007-05-01 02:08:05 -------- d-----w C:\Program Files\ATI Technologies
2007-04-28 16:55:15 -------- d-----w C:\DOCUME~1\DELLUS~1\APPLIC~1\Symantec
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-15 04:43:45 -------- d-----w C:\Program Files\Burn vga 01
2007-04-15 03:23:46 -------- d-----w C:\Program Files\Sonic
2007-04-08 20:47:29 -------- d-----w C:\DOCUME~1\DELLUS~1\APPLIC~1\LimeWire
2007-03-30 21:44:52 186,520 ----a-w C:\WINDOWS\system32\SymNPPWA.dll
2007-03-22 23:07:19 427,520 ----a-w C:\FFSJ_1.exe
2007-03-17 13:43:01 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll
2007-03-08 15:36:28 577,536 ----a-w C:\WINDOWS\system32\user32.dll
2007-03-08 15:36:28 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll
2007-03-08 15:36:28 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll
2007-03-08 13:47:48 1,843,584 ----a-w C:\WINDOWS\system32\win32k.sys
2006-11-30 23:53:58 2 --sh--w C:\WINDOWS\system32\verwttxp.dll
2006-05-06 00:30:38 21 --sh--w C:\WINDOWS\prwttrxp.dll
2006-05-04 23:17:06 21 --sh--w C:\WINDOWS\system32\dpwttaxp.dll
2006-05-04 23:17:06 14 --sh--w C:\WINDOWS\system32\mswtpaxp.dll
2006-05-04 23:17:06 14 --sh--w C:\WINDOWS\mswtpdxp.dll
2006-05-03 01:07:30 6,580 --sh--w C:\WINDOWS\system32\KGyGaAvL.sys
2006-05-03 01:07:27 56 --sh--r C:\WINDOWS\system32\8A356BA544.sys
1758-04-10 21:37:19 4,263 --sh--w C:\WINDOWS\windllreg1c.sys


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects]
{02478D38-C3F9-4EFB-9B51-7695ECA05670}=C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2006-10-26 10:28]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [2003-05-15 01:47]
{1E8A6170-7264-4D0F-BEAE-D42A53123C75}=C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll [2007-02-18 22:22]
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}=C:\PROGRA~1\Yahoo!\common\yiesrvc.dl l [2006-10-31 15:33]
{5CA3D70E-1895-11CF-8E15-001234567890}=C:\WINDOWS\System32\DLA\DLASHX_W.DLL [2006-06-13 05:20]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll [2006-11-09 16:21]
{F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D}=C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll [2005-02-03 17:07]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 18:30]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 00:59]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 18:23]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-03-01 18:11]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-02-27 11:39]

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\system]
"NoDispAppearancePage"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"="C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 12:55]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Iniciar guiños Messenger.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Iniciar guiños Messenger.lnk
backup=C:\WINDOWS\pss\Iniciar guiños Messenger.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=C:\WINDOWS\pss\Logitech SetPoint.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^DELL USER^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\Documents and Settings\DELL USER\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^DELL USER^Start Menu^Programs^Startup^Herramienta de búsqueda de soportes de Cyber-shot Viewer.lnk]
path=C:\Documents and Settings\DELL USER\Start Menu\Programs\Startup\Herramienta de búsqueda de soportes de Cyber-shot Viewer.lnk
backup=C:\WINDOWS\pss\Herramienta de búsqueda de soportes de Cyber-shot Viewer.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^DELL USER^Start Menu^Programs^Startup^Herramienta de búsqueda de soportes de Picture Motion Browser.lnk]
path=C:\Documents and Settings\DELL USER\Start Menu\Programs\Startup\Herramienta de búsqueda de soportes de Picture Motion Browser.lnk
backup=C:\WINDOWS\pss\Herramienta de búsqueda de soportes de Picture Motion Browser.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^DELL USER^Start Menu^Programs^Startup^Iomega Product Registration.lnk]
path=C:\Documents and Settings\DELL USER\Start Menu\Programs\Startup\Iomega Product Registration.lnk
backup=C:\WINDOWS\pss\Iomega Product Registration.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^DELL USER^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=C:\Documents and Settings\DELL USER\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
"C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start]
"C:\Program Files\America Online 9.0\AOL.EXE" -b

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
"C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BoreDelete]
C:\DOCUME~1\DELLUS~1\APPLIC~1\BURNVG~1\Win Loud.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CaAvTray]
"C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CAVRID]
"C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dale Time Trans Bend]
C:\Documents and Settings\All Users\Application Data\FLAP NEW DALE TIME\optionsite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]
C:\WINDOWS\System32\DLA\DLACTRLW.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Drag'n'Drop_Autolaunch]
"C:\Program Files\Iomega\Iomega HotBurn Pro\Autolaunch.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gcasServ]
"C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
C:\Program Files\Common Files\AOL\1139804548\ee\AOLHostManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KAZAA]
C:\Program Files\Kazaa\kazaa.exe /SYSTRAY

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
KHALMNPR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]
KHALMNPR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerDiscovery]
C:\Program Files\MessengerDiscovery\msgdiscoveryx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\MSN Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar]
rundll32 C:\PROGRA~1\MYWEBS~1\bar\3.bin\MWSBAR.DLL,S

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]
C:\PROGRA~1\MYWEBS~1\bar\3.bin\mwsoemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P2P Networking]
C:\WINDOWS\system32\P2P Networking\P2P Networking.exe /AUTOSTART

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PRISMSVR.EXE]
"C:\WINDOWS\system32\PRISMSVR.EXE" /APPLY

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pure Networks Port Magic]
"C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tbon]
C:\Program Files\TBONBin\tbon.exe /r

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YBrowser]
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ymetray]
"C:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe" -preload

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YOP]
C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\You've Got Pictures Screensaver]
C:\Program Files\Common Files\AOL\Screensaver\ygpsstra.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YPC]
C:\PROGRA~1\Yahoo!\PARENT~1\ypc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AOL TopSpeedMonitor"=2 (0x2)
"Macromedia Licensing Service"=3 (0x3)
"ccSetMgr"=2 (0x2)
"ccEvtMgr"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Usnsvc usnsvc

*Newly Created Service* -COMHOST


~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

backup-20070527-175203-632
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe

backup-20070527-175203-728
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

backup-20070527-175203-856
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

backup-20070527-175203-195
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

backup-20070527-175203-683
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

backup-20070527-175203-730
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE

backup-20070527-175203-839
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

backup-20070527-175203-933
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe

backup-20070527-175203-594
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

backup-20070527-175203-613
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

backup-20070527-175201-961
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
"Logon"="WLEventLogon"
"Logoff"="WLEventLogoff"
"Startup"="WLEventStartup"
"Shutdown"="WLEventShutdown"
"StartScreenSaver"="WLEventStartScreenSaver"
"StopScreenSaver"="WLEventStopScreenSaver"
"Lock"="WLEventLock"
"Unlock"="WLEventUnlock"
"StartShell"="WLEventStartShell"
"PostShell"="WLEventPostShell"
"Disconnect"="WLEventDisconnect"
"Reconnect"="WLEventReconnect"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000000
"SafeMode"=dword:00000001
"MaxWait"=dword:ffffffff
"DllName"=hex(2):57,00,67,00,61,00,4c,00,6f,00,67, 00,6f,00,6e,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Event"=dword:00000000
"InstallNotifyShown"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon\Setting s]
"Data"=hex:01,00,00,00,d0,8c,9d,df,01,15,d1,11,8c, 7a,00,c0,4f,c2,97,eb,01,00,\
00,00,98,f7,86,89,b9,aa,13,41,80,4c,3b,a6,89,85,b1 ,8f,04,00,00,00,04,00,00,\
00,53,00,00,00,03,66,00,00,a8,00,00,00,10,00,00,00 ,e7,9e,34,77,13,54,8b,c2,\
14,a6,cf,c7,2c,23,4d,14,00,00,00,00,04,80,00,00,a0 ,00,00,00,10,00,00,00,74,\
b4,32,11,c4,87,58,a6,cc,91,0e,ff,5b,95,b0,31,18,02 ,00,00,b5,9b,c0,5a,60,55,\
8f,28,27,dd,80,4e,ca,34,1a,56,4f,02,e3,ea,4c,55,4a ,3b,c9,c7,80,34,bb,ae,49,\
18,f6,e6,f0,aa,b4,b1,7d,bd,f4,cb,c4,fd,6f,c0,b4,7d ,30,18,57,16,39,54,2e,50,\
eb,fd,08,fd,64,2b,29,94,8e,b0,3d,d3,f6,ee,88,3a,8a ,fe,b4,58,62,f2,01,24,e1,\
5e,c7,3a,1c,e3,09,af,a3,18,f3,3d,95,8e,31,6e,29,85 ,dc,45,a3,35,be,88,5b,28,\
43,c0,f5,21,4e,d3,2f,58,bc,90,7c,1a,44,ce,40,fc,3e ,59,c6,eb,27,ef,cd,37,83,\
c6,ea,88,67,c1,aa,9f,7f,49,16,b8,28,05,09,cf,d8,2b ,ef,5f,d1,2d,f6,44,5d,32,\
6c,0a,c8,d6,d7,55,6a,81,61,7c,c2,ef,b5,04,80,49,d9 ,ce,90,c4,cd,7d,06,a4,c3,\
ba,f0,2c,30,73,3d,f9,f4,9f,f3,fd,2f,b7,fb,37,a8,ba ,2e,79,0c,f6,23,3d,e0,e0,\
c8,f6,ef,bd,8c,16,9e,65,56,f8,4f,c5,b7,8f,2d,f8,46 ,e5,54,d1,31,28,8b,dc,91,\
9c,f0,61,24,71,5f,bc,29,90,54,13,83,62,30,96,b6,59 ,b7,63,09,83,62,46,6e,79,\
3d,d6,dc,fb,d1,46,85,5a,1f,3f,b5,f3,83,2b,01,f0,26 ,1d,cb,9f,90,2a,6b,a7,b1,\
e1,15,6c,e1,e8,f8,69,e9,b6,2d,25,c0,99,b6,74,ed,4d ,5f,24,4e,96,99,04,06,71,\
c1,a9,23,12,5b,74,e7,1f,e0,be,50,89,04,54,06,3f,3f ,3e,fb,bf,cd,3b,fc,ed,38,\
56,2d,9b,70,54,bb,18,03,c8,4b,d3,c5,88,dc,40,4e,8d ,ec,8c,79,5a,9b,cf,6e,7b,\
84,4a,62,31,99,80,86,9b,7b,df,0a,87,7e,12,a7,e2,12 ,f7,84,81,e0,d3,62,26,53,\
f0,5d,b8,d6,8b,04,95,3c,fd,8b,b8,02,52,c1,f1,fc,71 ,bf,28,91,f4,9a,e1,dc,fb,\
b0,f7,b3,41,50,0d,a4,00,f3,69,71,e5,52,78,ce,d0,8f ,45,fd,f0,59,39,6e,bd,4e,\
91,e5,65,54,ed,f2,78,4a,fa,c0,59,62,de,99,54,ed,45 ,63,fc,ce,e6,0d,07,10,8f,\
b8,05,4c,3d,1d,f5,00,84,16,67,98,7f,0b,be,89,d8,07 ,97,a8,90,a3,87,45,5e,04,\
f0,28,b2,42,b2,f4,bf,45,3e,a5,55,d1,c4,0d,91,2a,78 ,d8,91,3b,f6,fe,76,31,d0,\
54,e5,78,6a,e9,c5,d0,90,b9,4e,09,62,e8,3b,45,1d,b0 ,cb,1d,f4,68,af,5a,3f,da,\
f9,66,41,23,71,14,00,00,00,ca,29,53,3b,55,4e,e9,f7 ,41,bf,c2,57,8d,1b,92,1d,\
5f,7a,c0,59



backup-20070527-175157-685
O18 - Filter: text/html - (no CLSID) - (no file)

backup-20070527-175157-785
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

backup-20070527-175156-746
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab

???

backup-20070527-175157-126
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

backup-20070527-175155-582
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1149455476582

???

backup-20070527-175154-637
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab

????

backup-20070527-175153-566
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper2007261.dll

????

backup-20070527-175151-912
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab

??????

backup-20070527-175149-532
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

????

backup-20070527-175149-600
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm

backup-20070527-175149-569
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZS

backup-20070527-175149-607
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm

backup-20070527-175149-493
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

backup-20070527-175149-274
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm

backup-20070527-175147-677
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

???????????????????????????????????????????????4?? ?????????????????????????

backup-20070527-175149-626
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm

backup-20070527-175149-391
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML

backup-20070527-175147-407
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet

backup-20070527-175147-984
O4 - HKCU\..\Run: [BoreDelete] C:\DOCUME~1\DELLUS~1\APPLIC~1\BURNVG~1\Win Loud.exe

backup-20070527-175147-905
O4 - HKCU\..\Run: [Genric Host Process] mswin32ex

backup-20070527-175147-920
O4 - HKLM\..\Run: [Install.exe] C:\WINDOWS\svchost.exe

backup-20070527-175147-255
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R

backup-20070527-175147-127
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll

backup-20070527-175147-277
O4 - HKLM\..\Run: [Genric Host Process] mswin32ex

backup-20070527-175147-760
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE

backup-20070527-175147-790
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll

backup-20070527-175147-329
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

backup-20070527-175147-975
O2 - BHO: WebManager Class - {D5792AA9-D373-4039-8670-2CDAB6A71F15} - C:\Program Files\TorrentQ\TorrentManager.dll (file missing)

backup-20070527-175147-991
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL

backup-20070527-175147-990
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\common\yiesrvc.dll

backup-20070527-175147-447
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

backup-20070527-175147-209
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll

backup-20070527-175147-776
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Config\csrss.exe

backup-20070527-175147-387
O1 - Hosts: 127.0.0.

backup-20070527-175147-261
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html

backup-20070527-175147-601
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

backup-20070527-175147-381
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll

backup-20061201-220836-246
O4 - HKLM\..\Run: [msnsyslog] C:\WINDOWS\msnlogm.exe

backup-20061201-220836-679
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

backup-20061201-220836-217
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll

backup-20061201-220836-331
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll

backup-20061201-220835-498
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll

backup-20061201-220835-732
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

backup-20061201-220835-208
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

backup-20061201-220835-832
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

backup-20061201-220835-109
O1 - Hosts: 212.227.64.159 www.winmx.com

backup-20061201-220835-985
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

backup-20061201-220835-537
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

backup-20060529-180606-575
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet

backup-20060529-180606-369
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

backup-20060529-180606-794
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

backup-20060529-180606-332
O4 - HKLM\..\Run: [Drag'n'Drop_Autolaunch] "C:\Program Files\Iomega\Iomega HotBurn Pro\Autolaunch.exe"

backup-20060529-180606-443
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

backup-20060529-180605-449
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart

backup-20060529-180605-743
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe

backup-20060529-180605-436
O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\system32\PRISMSVR.EXE" /APPLY

backup-20060529-180605-323
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP

backup-20060529-180605-692
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

backup-20060529-180605-376
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN

backup-20060529-180605-689
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
************************************************** ******************

catchme 0.3.681 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-29 22:24:06
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Creative Detector = "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R???w0??w????*??w???w?p??O??w????m???x???????????? ???h???h??????????wO??w????m???x???????????????k!? s???w???w????????V??w???????w??o????????w????V??w? ??w???????s????g??w???w???????w???w???????????

scanning hidden files ...

scan completed successfully
hidden files: 0


************************************************** ******************

Completion time: 2007-05-29 22:28:51 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-05-29 22:28

--- E O F ---
-----------------------------------------------------------

-aca Reporte de ""SDFix.exe""

--------------------------------------------

SDFix: Version 1.85

Run by DELL USER - Wed 05/30/2007 - 0:46:39.21

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\DOCUME~1\DELLUS~1\Desktop\SDFix

Safe Mode:
Checking Services:

Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

No Trojan Files Found

Removing Temp Files...

ADS Check:

Checking if ADS is attached to system32 Folder
C:\WINDOWS\system32
No streams found.

Checking if ADS is attached to svchost.exe
C:\WINDOWS\system32\svchost.exe
No streams found.

Final Check:

Remaining Services:
------------------

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\standard profile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\domainpr ofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

Remaining Files:
---------------


Checking For Files with Hidden Attributes:

C:\Program Files\Winamp\Plugins\Milkdrop\Phat+fiShbRaiN+Eo.S_ Mandala_Chasers_remix - www.eos4life.com.milk
C:\Program Files\Common Files\Symantec Shared\VirusDefs\tmp42f3.tmp\ECMSVR32.DLL
C:\Program Files\Common Files\Symantec Shared\VirusDefs\tmp7d12.tmp\ECMSVR32.DLL
C:\Program Files\Common Files\Symantec Shared\VirusDefs\tmp9b5.tmp\ECMSVR32.DLL
C:\WINDOWS\mswtpdxp.dll
C:\WINDOWS\prwttrxp.dll
C:\WINDOWS\system32\dpwttaxp.dll
C:\WINDOWS\system32\mswtpaxp.dll
C:\WINDOWS\system32\verwttxp.dll
C:\Program Files\Winamp\Plugins\freeform\xml\wasabi\xml\old.s ystem-colors.xml
C:\Program Files\Winamp\Plugins\freeform\xml\wasabi\xml\old.s ystem-elements.xml
C:\WINDOWS\windllreg1c.sys
C:\WINDOWS\system32\8A356BA544.sys
C:\WINDOWS\system32\KGyGaAvL.sys
C:\Program Files\Common Files\Symantec Shared\VirusDefs\tmp42f3.tmp\ECBOOTIL.VXD
C:\Program Files\Common Files\Symantec Shared\VirusDefs\tmp42f3.tmp\ECMSVR32.DLL
C:\Program Files\Common Files\Symantec Shared\VirusDefs\tmp7d12.tmp\ECBOOTIL.VXD
C:\Program Files\Common Files\Symantec Shared\VirusDefs\tmp7d12.tmp\ECMSVR32.DLL
C:\Program Files\Common Files\Symantec Shared\VirusDefs\tmp9b5.tmp\ECBOOTIL.VXD
C:\Program Files\Common Files\Symantec Shared\VirusDefs\tmp9b5.tmp\ECMSVR32.DLL
C:\WINDOWS\system32\config\default.tmp.LOG
C:\WINDOWS\system32\config\SAM.tmp.LOG
C:\WINDOWS\system32\config\SECURITY.tmp.LOG
C:\WINDOWS\system32\config\software.tmp.LOG
C:\WINDOWS\system32\config\system.tmp.LOG
C:\Program Files\Windows Media Player\npdrmv2.zip
C:\Program Files\Windows Media Player\npds.zip

Finished


---------------------------------------------

-Reporte Panda ActiveScan

---------------------------------------------
Incidencia Estado Elemento

Herramienta potencialmente no deseada:application/funweb No desinfectado c:\program files\FunWebProducts
Herramienta potencialmente no deseada:application/mywebsearch No desinfectado HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&Search\
Adware:adware/comet No desinfectado Registro de Windows
Virus:Trj/Tigen.A Desinfectado C:\Archivos de programa\MSN Messenger Guiños\instalar guiños.exe
Herramienta potencialmente no deseada:Application/NirCmd.A No desinfectado C:\Documents and Settings\DELL USER\Desktop\ComboFix.exe[ComboFixT\nircmd.exe]
Herramienta potencialmente no deseada:Application/Processor No desinfectado C:\Documents and Settings\DELL USER\Desktop\SDFix\apps\Process.exe
Virus:Bck/Dbot.A Desinfectado C:\Documents and Settings\DELL USER\Desktop\SDFix\backups_old1\backups.zip[backups/svchost.exe]
Herramienta potencialmente no deseada:Application/NirCmd.A No desinfectado C:\Documents and Settings\DELL USER\My Documents mm xxkvfokoeeeewwwwwwwwwwwwr\My Completed Downloads\ComboFix.exe[ComboFixT\nircmd.exe]
Spyware:Cookie/did-it No desinfectado C:\Documents and Settings\LocalService\Cookies\system@did-it[1].txt
Herramienta potencialmente no deseada:Application/Processor No desinfectado C:\Program Files\SDFix\apps\Process.exe
Herramienta potencialmente no deseada:Application/Processor No desinfectado C:\SDFix.exe[SDFix\apps\Process.exe]
Herramienta potencialmente no deseada:Application/MSNContentPlus No desinfectado C:\WINDOWS\msnlogm.exe
Herramienta potencialmente no deseada:Application/MSNContentPlus No desinfectado C:\WINDOWS\msnlogs.exe
Herramienta potencialmente no deseada:Application/NirCmd.A No desinfectado C:\WINDOWS\nircmd.exe

---------------------------------------------

Hola killer007

El ComboFix hizo bien su "trabajo" , ahora para que los Antivirus online o tú propio antivirus no detecten amenaza en la palicación ComboFix eliminalo...

- Ve a Panel de contro // Agregar o quitar programas y dede ahí desintala MSNContentPlus

- Busca y elimina estos archivos/carpetas (Si no lo/los encuentras activa ''Ver archivos ocultos del sistema''),si no se dejan eliminar descarga el programa "FileASSASSIN",con la opción "Use la función de borrado normal"

• c:\program files\FunWebProducts
• C:\WINDOWS\msnlogm.exe
• C:\WINDOWS\msnlogs.exe

- Usa el Ccleaner para limpiar el sistema,primero utilizá la opción de "Limpiador" para borrar cookies, temporales de Internet y todos los archivos que este te muestre como obsoletos.y luego usa su opción de "Registro" para limpiar todo el registro de Windows (haciendo copia de seguridad).

Sabes, tengo una gran inquietud, es que la aplicación SDfix muestra unos archivos ocultos que sospecho que vienen del Malware Vundo (creo, no estoy muy seguro), si es posible sube los 5 (cinco) archivos a Virus Total y pegas los resultados de cada uno aquí

1. C:\WINDOWS\mswtpdxp.dll
2. C:\WINDOWS\prwttrxp.dll
3. C:\WINDOWS\system32\dpwttaxp.dll
4. C:\WINDOWS\system32\mswtpaxp.dll
5. C:\WINDOWS\system32\verwttxp.dll

salu2
recuerda volver