|
|
|
New Member
Group: Forum Members
Last Login: 2/3/2008 11:14 AM
Posts: 57,
Visits: 60
|
|
Hello Tweaks.com community,
I always get this C++ Error when running Insurgency (HL2 Mod) "Pure Virtual Function Call r6025"
I tried using TuneUp Utilities Registry Cleaner and Defrag and no luck 
I also tried installing http://www.microsoft.com/downloads/details.aspx?familyid=C717D943-7E4B-4622-86EB-95A22B832CAA&displaylang=en] and no luck either
So I decided as last resort this forum as I clearly dont know how to fix it
This is my HiJack This Log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:29:31, on 04/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Archivos de programa\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Archivos de programa\Microsoft Office\Office12\GrooveMonitor.exe
C:\Archivos de programa\Java\jre6\bin\jusched.exe
C:\Archivos de programa\Logitech\SetPoint\SetPoint.exe
C:\Archivos de programa\Archivos comunes\Logishrd\KHAL2\KHALMNPR.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Archivos de programa\Steam\Steam.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Archivos de programa\Mozilla Firefox\firefox.exe
C:\Archivos de programa\Kaspersky Lab\Kaspersky Internet Security 2010\klwtblfs.exe
C:\Documents and Settings\Ettje\Mis documentos\Descargas\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O1 - Hosts: 60.190.218.24 www.kavkiskey.com
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Archivos de programa\Orbitdownloader\orbitcth.dll
O2 - BHO: Aplicación auxiliar de vínculos de Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Archivos comunes\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Archivos de programa\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Archivos de programa\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Archivos de programa\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Archivos de programa\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Archivos de programa\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Archivos de programa\Orbitdownloader\GrabPro.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Archivos de programa\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [amd_dc_opt] C:\Archivos de programa\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [nwiz] C:\Archivos de programa\NVIDIA Corporation\nView\nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVP] "C:\Archivos de programa\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Archivos de programa\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Archivos de programa\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Archivos de programa\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Servicio de red')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Servicio de red')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Archivos de programa\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Archivos de programa\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Archivos de programa\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Archivos de programa\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Archivos de programa\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\ARCHIV~1\Microsoft Office\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARCHIV~1\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARCHIV~1\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra button: &Teclado virtual - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Archivos de programa\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\Microsoft Office\Office12\REFIEBAR.DLL
O9 - Extra button: Compro&bar direcciones URL - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Archivos de programa\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {4E218431-2F07-40BD-A9D3-035324C1F13F} (DyynoX Class) - http://webserver.dyyno.com/tng/dyyno-client/DyynoCAB.1.0.0.26.CAB
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} (Battlefield Heroes Updater) - https://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.21.0.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/dim2/default/popcaploader_v6.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Archivos de programa\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARCHIV~1\ARCHIV~1\Skype\Skype4COM.dll
O20 - AppInit_DLLs: C:\ARCHIV~1\KASPER~1\Kaspersky Internet Security 2010\mzvkbd.dll,C:\ARCHIV~1\KASPER~1\Kaspersky Internet Security 2010\mzvkbd3.dll,C:\ARCHIV~1\KASPER~1\Kaspersky Internet Security 2010\kloehk.dll
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Archivos de programa\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Archivos de programa\Archivos comunes\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Archivos de programa\Archivos comunes\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Servicio del iPod (iPod Service) - Apple Inc. - C:\Archivos de programa\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Archivos de programa\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Archivos de programa\Archivos comunes\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
--
End of file - 9255 bytes
Many thanks in advance!
_______________________________________________
selfishness make us follow our own direction
|
|
|
|
|
Senior Forum Moderator
Group: Moderators
Last Login: 8/9/2008 10:14 AM
Posts: 33,078,
Visits: 54,734
|
|
Welcome 
Download TFC by OldTimer to your Desktop.
* Please double-click TFC.exe to run it,if you're running Windows Vista right click on TFC.exe and click on "Run as Administrator".
* It will close all programs when run, so make sure you have saved all your work before you begin.
* Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Let it run uninterrupted until it's finished.
* Once it's finished it should reboot your machine.If it doesn't,please manually restart the pc to ensure a complete cleanup.
Download Security Check by screen317 and save it to your Desktop.
Double-click on SecurityCheck.exe and follow the on-screen instructions inside the black box.
Notepad should open a file named checkup.txt.
Copy and paste the entire contents of that file into your next reply.
Please read ALL of the following before making a start.
Then download ComboFix from HERE or HERE to your Desktop,by following the steps below.
**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**
1.If you are using Firefox, make sure that your download settings are as follows:
* Click on Tools->Options->"Main" tab
* Set to "Always ask me where to Save the files".
2.During the download,rename Combofix to Combo-Fix as follows:
3.It is important you rename Combofix during the download, but not after.
4.Please do not rename Combofix to other names, but only to the one indicated.
5.Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
* Click Here to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
-----------------------------------------------------------
* Close any open browsers.
* WARNING: Combofix will disconnect your machine from the Internet as soon as it starts.
* Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
* If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
-----------------------------------------------------------
6.Double click on Combo-Fix.exe & follow the prompts,if you're running Windows Vista right click on Combo-Fix.exe and click on "Run as Administrator".
7.When finished, it will produce a report for you.
8.Please post the contents of "C:\Combo-Fix.txt" along with a new HijackThis log into your next reply.
**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**
-----------------------------------------------------------
**VERY IMPORTANT**
* As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
* Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures**
Once the Microsoft Windows Recovery Console is installed using ComboFix,you should see the following message:
Post the following in your next reply please:
The contents of checkup.txt from the Security Check scan.
The contents of C:\ComboFix.txt
A new HijackThis log.
_______________________________________________________________
ASAP & UNITE member since 2006
|
|
|
|
|
New Member
Group: Forum Members
Last Login: 2/3/2008 11:14 AM
Posts: 57,
Visits: 60
|
|
CHECKUP.TXT
Results of screen317's Security Check version 0.99.0
Windows XP Service Pack 3
``````````````````````````````
Antivirus/Firewall Check:
Kaspersky Internet Security 2010
Kaspersky Internet Security 2010
[color=red]Antivirus out of date![/color] (On Access scanning disabled!)
``````````````````````````````
Anti-malware/Other Utilities Check:
SpywareBlaster 4.2
HijackThis 2.0.2
TuneUp Utilities 2008
CCleaner (remove only)
Java(TM) 6 Update 17
Java(TM) 6 Update 7
[color=red]Out of date Java installed![/color]
Adobe Flash Player 10
Adobe Reader 8.1.7 - Español
[color=red]Out of date Adobe Reader installed![/color]
``````````````````````````````
Process Check:
objlist.exe by Laurent
``````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)
`````````End of Log```````````
_______________________________________________
selfishness make us follow our own direction
|
|
|
|
|
New Member
Group: Forum Members
Last Login: 2/3/2008 11:14 AM
Posts: 57,
Visits: 60
|
|
ComboFix.txt
ComboFix 09-11-04.04 - Ettje 05/11/2009 9:53.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.34.3082.18.2047.1611 [GMT 1:00]
Running from: c:\documents and settings\Ettje\Escritorio\Combo-Fix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Outdated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\archivos de programa\WinPCap
c:\archivos de programa\WinPCap\LICENSE
c:\archivos de programa\WinPCap\rpcapd.exe
c:\archivos de programa\WinPCap\uninstall.exe
c:\windows\Downloaded Program Files\popcaploader.dll
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\system32\drivers\npf.sys
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_NPF
-------\Service_NPF
((((((((((((((((((((((((( Files Created from 2009-10-05 to 2009-11-05 )))))))))))))))))))))))))))))))
.
2009-11-05 08:59 . 2009-11-05 08:59 -------- d-----w- c:\windows\system32\wbem\snmp
2009-11-05 08:59 . 2009-11-05 08:59 -------- d-----w- c:\windows\srchasst
2009-11-05 08:59 . 2009-11-05 08:59 -------- d-----w- c:\windows\system32\xircom
2009-11-05 08:59 . 2009-11-05 08:59 -------- d-----w- c:\archivos de programa\microsoft frontpage
2009-11-03 20:47 . 2009-11-03 20:47 152576 ----a-w- c:\documents and settings\Ettje\Datos de programa\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-01 14:50 . 2009-11-01 14:50 -------- d-----w- c:\documents and settings\Ettje\Datos de programa\Switchball
2009-11-01 14:50 . 2009-11-01 14:50 -------- d-----w- c:\documents and settings\All Users\Datos de programa\Trymedia
2009-11-01 14:47 . 2009-11-01 14:47 -------- d-----w- c:\archivos de programa\AGEIA Technologies
2009-11-01 14:47 . 2009-11-01 14:47 -------- d-----w- c:\windows\system32\AGEIA
2009-11-01 14:47 . 2009-11-01 14:47 -------- d-----w- c:\archivos de programa\Sierra Online
2009-10-30 01:23 . 2009-10-30 01:23 -------- d-----w- c:\archivos de programa\Real Alternative
2009-10-29 15:22 . 2009-09-17 16:54 2491192 ----a-w- c:\documents and settings\Ettje\Datos de programa\Mozilla\Firefox\Profiles\lhjtgm13.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
2009-10-29 15:22 . 2008-03-04 17:52 286720 ----a-w- c:\documents and settings\Ettje\Datos de programa\Mozilla\Firefox\Profiles\lhjtgm13.default\extensions\firefox@tvunetworks.com\plugins\libcurl.dll
2009-10-29 15:22 . 2007-10-31 08:39 59904 ----a-w- c:\documents and settings\Ettje\Datos de programa\Mozilla\Firefox\Profiles\lhjtgm13.default\extensions\firefox@tvunetworks.com\plugins\zlib1.dll
2009-10-29 15:22 . 2007-05-17 12:58 143360 ----a-w- c:\documents and settings\Ettje\Datos de programa\Mozilla\Firefox\Profiles\lhjtgm13.default\extensions\firefox@tvunetworks.com\plugins\libexpatw.dll
2009-10-29 15:22 . 2006-10-18 16:32 499712 ----a-w- c:\documents and settings\Ettje\Datos de programa\Mozilla\Firefox\Profiles\lhjtgm13.default\extensions\firefox@tvunetworks.com\plugins\msvcp71.dll
2009-10-29 15:22 . 2006-10-18 16:32 348160 ----a-w- c:\documents and settings\Ettje\Datos de programa\Mozilla\Firefox\Profiles\lhjtgm13.default\extensions\firefox@tvunetworks.com\plugins\msvcr71.dll
2009-10-29 15:22 . 2006-10-16 17:44 196608 ----a-w- c:\documents and settings\Ettje\Datos de programa\Mozilla\Firefox\Profiles\lhjtgm13.default\extensions\firefox@tvunetworks.com\plugins\ssleay32.dll
2009-10-29 15:22 . 2006-10-16 17:44 1028096 ----a-w- c:\documents and settings\Ettje\Datos de programa\Mozilla\Firefox\Profiles\lhjtgm13.default\extensions\firefox@tvunetworks.com\plugins\libeay32.dll
2009-10-28 22:21 . 2009-10-28 22:22 5519752 ----a-w- c:\documents and settings\Ettje\Datos de programa\TVU networks\TVU AutoUpgrade\TVUPlayer2.4.7.2.exe
2009-10-28 22:21 . 2009-10-28 22:21 -------- d-----w- c:\documents and settings\All Users\Datos de programa\TVU Networks
2009-10-16 16:28 . 2009-10-16 16:28 -------- d-----w- c:\archivos de programa\WorldOfGoo
2009-10-16 14:48 . 2009-10-16 16:28 -------- d-----w- c:\documents and settings\All Users\Datos de programa\2DBoy
2009-10-16 01:04 . 2009-10-16 01:04 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-10-14 23:58 . 2009-10-14 23:58 41872 ----a-w- c:\windows\system32\xfcodec.dll
2009-10-14 22:51 . 2009-10-14 22:51 -------- d-----w- c:\windows\system32\TVUAx
2009-10-12 14:51 . 2009-10-12 14:51 -------- d-----w- c:\archivos de programa\7-Zip
2009-10-08 00:01 . 2009-08-16 15:08 178176 ----a-w- c:\windows\system32\unrar.dll
2009-10-08 00:01 . 2009-05-29 21:37 205824 ----a-w- c:\windows\system32\xvidvfw.dll
2009-10-08 00:01 . 2009-05-29 21:31 881664 ----a-w- c:\windows\system32\xvidcore.dll
2009-10-08 00:01 . 2006-04-02 12:47 630784 ----a-w- c:\windows\system32\vp7vfw.dll
2009-10-08 00:01 . 2004-05-18 18:16 39936 ----a-w- c:\windows\system32\huffyuv.dll
2009-10-08 00:01 . 2004-01-25 16:18 217088 ----a-w- c:\windows\system32\yv12vfw.dll
2009-10-08 00:01 . 2009-06-02 16:11 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2009-10-08 00:01 . 2009-10-08 00:01 -------- d-----w- c:\archivos de programa\K-Lite Codec Pack
2009-10-07 23:59 . 2009-10-07 23:59 -------- d-----w- c:\archivos de programa\The KMPlayer
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-05 09:00 . 2009-08-15 08:43 -------- d-----w- c:\documents and settings\All Users\Datos de programa\Kaspersky Lab
2009-11-04 21:49 . 2008-08-01 15:22 -------- d-----w- c:\archivos de programa\Steam
2009-11-04 08:39 . 2009-09-13 03:44 -------- d-----w- c:\archivos de programa\League of Legends
2009-11-03 20:48 . 2008-09-04 19:06 -------- d-----w- c:\archivos de programa\Java
2009-11-03 10:44 . 2008-08-01 10:59 -------- d-----w- c:\archivos de programa\World of Warcraft
2009-11-01 14:47 . 2008-08-01 10:40 -------- d--h--w- c:\archivos de programa\InstallShield Installation Information
2009-10-31 04:20 . 2009-09-14 00:10 -------- d-----w- c:\documents and settings\Ettje\Datos de programa\Skype
2009-10-31 03:42 . 2009-09-14 00:19 -------- d-----w- c:\documents and settings\Ettje\Datos de programa\skypePM
2009-10-30 10:14 . 2008-08-12 14:50 -------- d-----w- c:\archivos de programa\TuneUp Utilities 2008
2009-10-28 22:21 . 2009-01-11 20:34 -------- d-----w- c:\archivos de programa\TVUPlayer
2009-10-28 15:26 . 2009-09-13 09:59 -------- d-----w- c:\archivos de programa\Archivos comunes\Adobe AIR
2009-10-28 15:26 . 2009-09-27 22:58 38208 ----a-w- c:\documents and settings\Ettje\Datos de programa\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-10-28 15:26 . 2009-09-13 10:06 38208 ----a-w- c:\documents and settings\Default User\Datos de programa\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-10-25 21:56 . 2008-08-05 10:57 -------- d-----w- c:\documents and settings\Ettje\Datos de programa\Orbit
2009-10-25 10:32 . 2002-09-10 05:00 98974 ----a-w- c:\windows\system32\perfc00A.dat
2009-10-25 10:32 . 2002-09-10 05:00 520154 ----a-w- c:\windows\system32\perfh00A.dat
2009-10-24 12:37 . 2009-04-09 22:36 -------- d-----w- c:\documents and settings\Ettje\Datos de programa\Xfire
2009-10-23 00:11 . 2009-07-13 00:27 -------- d-----w- c:\documents and settings\All Users\Datos de programa\Microsoft Help
2009-10-21 22:21 . 2009-04-09 22:36 -------- d-----w- c:\archivos de programa\Xfire
2009-10-21 22:19 . 2008-08-04 07:37 -------- d-----w- c:\archivos de programa\Archivos comunes\Adobe
2009-10-18 09:43 . 2008-08-01 13:57 -------- d---a-w- c:\documents and settings\All Users\Datos de programa\TEMP
2009-10-18 09:43 . 2008-08-01 13:57 -------- d-----w- c:\archivos de programa\SpywareBlaster
2009-10-16 14:03 . 2008-08-02 14:54 -------- d-----w- c:\documents and settings\Ettje\Datos de programa\Ventrilo
2009-10-14 22:43 . 2009-01-30 14:17 -------- d-----w- c:\archivos de programa\SopCast
2009-10-14 21:12 . 2009-08-15 08:43 108059 ----a-w- c:\windows\system32\drivers\klin.dat
2009-10-14 21:12 . 2009-08-15 08:43 95259 ----a-w- c:\windows\system32\drivers\klick.dat
2009-10-11 03:17 . 2009-09-05 18:25 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-09-27 10:41 . 2009-09-27 10:41 -------- d-----w- c:\archivos de programa\IObit
2009-09-14 00:19 . 2009-09-14 00:19 48 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-09-14 00:10 . 2009-09-14 00:09 -------- d-----r- c:\archivos de programa\Skype
2009-09-14 00:09 . 2009-09-14 00:09 -------- d-----w- c:\archivos de programa\Archivos comunes\Skype
2009-09-14 00:09 . 2009-09-14 00:09 -------- d-----w- c:\documents and settings\All Users\Datos de programa\Skype
2009-09-13 10:34 . 2009-09-13 10:34 -------- d-----w- c:\documents and settings\Ettje\Datos de programa\LolClient.F24C99354F615F3BAB18AE7B93E3F9B9E8784FA6.1
2009-09-13 02:59 . 2008-08-01 10:54 -------- d-----w- c:\documents and settings\Ettje\Datos de programa\Media Player Classic
2009-09-11 14:18 . 2008-04-14 12:48 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-09 22:38 . 2009-09-09 22:38 -------- d-----w- c:\archivos de programa\Archivos comunes\Logitech
2009-09-09 08:15 . 2009-07-24 22:22 -------- d-----w- c:\documents and settings\All Users\Datos de programa\NOS
2009-09-09 08:14 . 2008-08-12 10:53 -------- d-----w- c:\archivos de programa\Microsoft Silverlight
2009-09-07 06:30 . 2009-02-24 15:18 -------- d-----w- c:\documents and settings\Ettje\Datos de programa\Auslogics
2009-09-07 06:25 . 2009-09-07 06:19 -------- d-----w- c:\archivos de programa\Auslogics
2009-09-05 18:24 . 2009-09-05 18:24 152576 ----a-w- c:\documents and settings\Ettje\Datos de programa\Sun\Java\jre1.6.0_15\lzma.dll
2009-09-05 18:22 . 2009-09-05 18:22 1925024 ----a-w- c:\documents and settings\All Users\Datos de programa\NOS\Adobe_Downloads\install_flash_player.exe
2009-09-04 21:04 . 2008-04-14 12:48 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 07:56 . 2008-06-16 20:47 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-29 07:37 . 2009-08-29 07:37 604140 --sha-w- c:\windows\system32\drivers\ISwift3.dat
2009-08-27 08:24 . 2009-08-27 08:24 109072 ----a-w- c:\documents and settings\All Users\Datos de programa\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.459\mzvkbd3.dll
2009-08-27 08:24 . 2009-08-27 08:24 59920 ----a-w- c:\documents and settings\All Users\Datos de programa\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.459\mzvkbd.dll
2009-08-27 08:24 . 2009-08-27 08:24 264720 ----a-w- c:\documents and settings\All Users\Datos de programa\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.459\klwtbbho.dll
2009-08-26 08:01 . 2008-04-14 12:48 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-17 21:33 . 2009-08-17 21:33 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-15 08:56 . 2009-08-15 08:56 932368 ----a-w- c:\documents and settings\All Users\Datos de programa\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\profiles-1-6.dll
2009-08-15 08:56 . 2009-08-15 08:56 678416 ----a-w- c:\documents and settings\All Users\Datos de programa\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\content_interpreter-1-1.dll
2009-08-15 08:56 . 2009-08-15 08:56 604688 ----a-w- c:\documents and settings\All Users\Datos de programa\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\gsg-3-9.dll
2009-08-15 08:56 . 2009-08-15 08:56 1096208 ----a-w- c:\documents and settings\All Users\Datos de programa\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\filtration-4-6.dll
2009-08-15 08:56 . 2009-08-15 08:56 522768 ----a-w- c:\documents and settings\All Users\Datos de programa\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\database-1-5.dll
2009-08-09 13:31 . 2009-08-09 13:25 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-08-09 13:31 . 2009-08-09 13:31 552 ----a-w- c:\windows\system32\d3d8caps.dat
.
------- Sigcheck -------
[-] 2008-06-18 . E03F514B854C18D1F659D24ABAD79EFD . 1171456 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2008-06-16 . C7C7028864C8D97FDA2D7649D609F7C3 . 1572352 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
c:\windows\system32\regsvc.dll ... is missing !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"amd_dc_opt"="c:\archivos de programa\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2006-11-17 77824]
"nwiz"="c:\archivos de programa\NVIDIA Corporation\nView\nwiz.exe" [2009-07-08 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-07-14 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-14 13877248]
"AVP"="c:\archivos de programa\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe" [2009-07-03 303376]
"Adobe Reader Speed Launcher"="c:\archivos de programa\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-10-03 39792]
"GrooveMonitor"="c:\archivos de programa\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"SunJavaUpdateSched"="c:\archivos de programa\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2008-06-17 16377344]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2008-02-29 76304]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2009-03-08 128512]
c:\documents and settings\All Users\Men£ Inicio\Programas\Inicio\
Logitech SetPoint.lnk - c:\archivos de programa\Logitech\SetPoint\SetPoint.exe [2008-8-1 805392]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 00:42 72208 ----a-w- c:\archivos de programa\Archivos comunes\Logishrd\Bluetooth\LBTWLgn.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"NMIndexingService"=3 (0x3)
"Nero BackItUp Scheduler 3"=2 (0x2)
"Bonjour Service"=2 (0x2)
"TuneUp.Defrag"=3 (0x3)
"PnkBstrB"=2 (0x2)
"PnkBstrA"=2 (0x2)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Octoshape Streaming Services"="c:\documents and settings\Ettje\Configuración local\Datos de programa\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" -inv:bootrun
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\archivos de programa\Archivos comunes\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\archivos de programa\QuickTime\qttask.exe" -atboottime
"iTunesHelper"="c:\archivos de programa\iTunes\iTunesHelper.exe"
"NBKeyScan"="c:\archivos de programa\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
"Nitro PDF Printer Monitor"="c:\archivos de programa\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe"
"GrooveMonitor"="c:\archivos de programa\Microsoft Office\Office12\GrooveMonitor.exe"
"AdobeCS4ServiceManager"="c:\archivos de programa\Archivos comunes\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
"Adobe Reader Speed Launcher"="c:\archivos de programa\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"AGEIA PhysX SysTray"="c:\archivos de programa\AGEIA Technologies\TrayIcon.exe"
"Adobe ARM"="c:\archivos de programa\Archivos comunes\Adobe\ARM\1.0\AdobeARM.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Archivos de programa\\Steam\\steamapps\\kalvin212tommy@hotmail.com\\team fortress 2\\hl2.exe"=
"c:\\Archivos de programa\\Steam\\steamapps\\kalvin212tommy@hotmail.com\\day of defeat source\\hl2.exe"=
"c:\\Archivos de programa\\Tortun\\gui.exe"=
"c:\\Archivos de programa\\Orbitdownloader\\orbitdm.exe"=
"c:\\Archivos de programa\\Orbitdownloader\\orbitnet.exe"=
"c:\\Archivos de programa\\World of Warcraft\\Repair.exe"=
"c:\\Archivos de programa\\Mozilla Firefox\\firefox.exe"=
"c:\\Documents and Settings\\Ettje\\Configuración local\\Datos de programa\\Dyyno Receiver\\DPPM.exe"=
"c:\\Archivos de programa\\Bonjour\\mDNSResponder.exe"=
"c:\\Archivos de programa\\Steam\\steamapps\\kalvin212tommy@hotmail.com\\zombie panic! source\\hl2.exe"=
"c:\\Archivos de programa\\Steam\\steamapps\\kalvin212tommy@hotmail.com\\source sdk base\\hl2.exe"=
"c:\\Archivos de programa\\Steam\\steamapps\\kalvin212tommy@hotmail.com\\insurgency\\hl2.exe"=
"c:\\Archivos de programa\\Archivos comunes\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Archivos de programa\\uTorrent\\uTorrent.exe"=
"c:\\Archivos de programa\\iTunes\\iTunes.exe"=
"c:\\Archivos de programa\\Ventrilo\\Ventrilo.exe"=
"c:\\Archivos de programa\\TVUPlayer\\TVUPlayer.exe"=
"c:\\Archivos de programa\\TVAnts\\Tvants.exe"=
"c:\\Archivos de programa\\SopCast\\SopCast.exe"=
"c:\\Archivos de programa\\SopCast\\adv\\SopAdver.exe"=
"c:\\World of Warcraft Public Test\\Launcher.exe"=
"c:\\Archivos de programa\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Archivos de programa\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Archivos de programa\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Archivos de programa\\Xfire\\Xfire.exe"=
"c:\\Archivos de programa\\World of Warcraft\\Launcher.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\World of Warcraft Public Test\\WoW-0.1.2-enUS-downloader.exe"=
"c:\\Archivos de programa\\Steam\\steamapps\\kalvin212tommy@hotmail.com\\age of chivalry\\hl2.exe"=
"c:\\World of Warcraft Public Test\\WoW-0.2.0.10048-to-0.2.0.10072-enUS-downloader.exe"=
"c:\\World of Warcraft Public Test\\WoW-0.2.0.10072-to-0.2.0.10083-enUS-downloader.exe"=
"c:\\Archivos de programa\\Java\\jre1.6.0_07\\bin\\javaw.exe"=
"c:\\World of Warcraft Public Test\\wow-0.2.0.10083-to-0.2.0.10116-enUS-downloader.exe"=
"c:\\World of Warcraft Public Test\\WoW-0.2.0.10116-to-0.2.0.10128-enUS-downloader.exe"=
"c:\\World of Warcraft Public Test\\WoW-0.2.0.10128-to-0.2.0.10147-enUS-downloader.exe"=
"c:\\World of Warcraft Public Test\\WoW-0.2.0.10147-to-0.2.0.10170-enUS-downloader.exe"=
"c:\\World of Warcraft Public Test\\WoW-0.2.0.10170-to-0.2.0.10179-enUS-downloader.exe"=
"c:\\World of Warcraft Public Test\\WoW-0.2.0.10179-to-0.2.0.10192-enUS-downloader.exe"=
"c:\\Archivos de programa\\League of Legends\\Air\\LolClient.exe"=
"c:\\Archivos de programa\\League of Legends\\Game\\League of Legends.exe"=
"c:\\Archivos de programa\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
"c:\\Archivos de programa\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"8394:TCP"= 8394:TCP:League of Legends Launcher
"8394:UDP"= 8394:UDP:League of Legends Launcher
"6982:TCP"= 6982:TCP:League of Legends Launcher
"6982:UDP"= 6982:UDP:League of Legends Launcher
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [15/12/2008 19:41 33808]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [13/05/2009 16:46 31760]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [16/05/2009 19:59 19472]
S0 NVStrap;NVStrap;c:\windows\system32\drivers\NVStrap.sys [04/08/2008 8:41 4224]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - HELPSVC
*NewlyCreated* - MBR
*Deregistered* - mbr
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
2009-11-05 c:\windows\Tasks\Mantenimiento con 1 clic.job
- c:\archivos de programa\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 07:18]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = local
IE: &Download by Orbit - c:\archivos de programa\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\archivos de programa\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\archivos de programa\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\archivos de programa\Orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\archiv~1\Microsoft Office\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Ettje\Datos de programa\Mozilla\Firefox\Profiles\lhjtgm13.default\
FF - prefs.js: browser.startup.homepage - hxxp://google.com
FF - prefs.js: network.proxy.type - 1
FF - component: c:\archivos de programa\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - plugin: c:\archivos de programa\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\archivos de programa\Mozilla Firefox\plugins\NPTURNMED.dll
FF - plugin: c:\archivos de programa\Mozilla Firefox\plugins\npzylomgamesplayer.dll
FF - plugin: c:\archivos de programa\Veetle\plugins\npVeetle.dll
FF - plugin: c:\archivos de programa\Veetle\VLC\npvlc.dll
FF - plugin: c:\archivos de programa\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
FF - plugin: c:\documents and settings\Ettje\Datos de programa\Mozilla\Firefox\Profiles\lhjtgm13.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll
FF - plugin: c:\documents and settings\Ettje\Datos de programa\Mozilla\Firefox\Profiles\lhjtgm13.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\documents and settings\Ettje\Datos de programa\Mozilla\plugins\npoctoshape.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\archivos de programa\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-05 10:00
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files:
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spxl.sys >>UNKNOWN [0x8A97E938]<<
kernel: MBR read successfully
user & kernel MBR OK
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
atapi.sys @ 0x0 0x0 bytes
\Driver\atapi [ IRP_MJ_CREATE ] 0xA6F2 != 0xB7DFBB40 atapi.sys
\Driver\atapi [ IRP_MJ_CLOSE ] 0xA6F2 != 0xB7DFBB40 atapi.sys
\Driver\atapi [ IRP_MJ_DEVICE_CONTROL ] 0xA712 != 0xB7DFBB40 atapi.sys
\Driver\atapi [ IRP_MJ_INTERNAL_DEVICE_CONTROL ] 0x6852 != 0xB7DFBB40 atapi.sys
\Driver\atapi [ IRP_MJ_POWER ] 0xA73C != 0xB7DFBB40 atapi.sys
\Driver\atapi [ IRP_MJ_SYSTEM_CONTROL ] 0x11336 != 0xB7DFBB40 atapi.sys
\Driver\atapi IRP hooks detected !
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1992)
c:\archivos de programa\archivos comunes\logishrd\bluetooth\LBTWlgn.dll
c:\archivos de programa\archivos comunes\logishrd\bluetooth\LBTServ.dll
- - - - - - - > 'explorer.exe'(1496)
c:\windows\system32\WININET.dll
c:\archivos de programa\Logitech\SetPoint\lgscroll.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\archivos de programa\Java\jre6\bin\jqs.exe
c:\windows\system32\IoctlSvc.exe
c:\windows\system32\RUNDLL32.EXE
c:\archivos de programa\Archivos comunes\Logishrd\KHAL2\KHALMNPR.EXE
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-11-05 10:04 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-05 09:03
Pre-Run: 98.040.860.672 bytes libres
Post-Run: 97.888.788.480 bytes libres
Current=40 Default=40 Failed=39 LastKnownGood=41 Sets=1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41
_______________________________________________
selfishness make us follow our own direction
|
|
|
|
|
New Member
Group: Forum Members
Last Login: 2/3/2008 11:14 AM
Posts: 57,
Visits: 60
|
|
HijackThis.log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:07:56, on 05/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Archivos de programa\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Archivos de programa\Microsoft Office\Office12\GrooveMonitor.exe
C:\Archivos de programa\Java\jre6\bin\jusched.exe
C:\Archivos de programa\Logitech\SetPoint\SetPoint.exe
C:\Archivos de programa\Archivos comunes\Logishrd\KHAL2\KHALMNPR.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Archivos de programa\Mozilla Firefox\firefox.exe
C:\Archivos de programa\Kaspersky Lab\Kaspersky Internet Security 2010\klwtblfs.exe
C:\Documents and Settings\Ettje\Mis documentos\Descargas\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Archivos de programa\Orbitdownloader\orbitcth.dll
O2 - BHO: Aplicación auxiliar de vínculos de Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Archivos comunes\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Archivos de programa\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Archivos de programa\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Archivos de programa\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Archivos de programa\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Archivos de programa\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Archivos de programa\Orbitdownloader\GrabPro.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Archivos de programa\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [amd_dc_opt] C:\Archivos de programa\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [nwiz] C:\Archivos de programa\NVIDIA Corporation\nView\nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVP] "C:\Archivos de programa\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Archivos de programa\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Archivos de programa\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Archivos de programa\Java\jre6\bin\jusched.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Archivos de programa\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Archivos de programa\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Archivos de programa\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Archivos de programa\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Archivos de programa\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\ARCHIV~1\Microsoft Office\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARCHIV~1\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARCHIV~1\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra button: &Teclado virtual - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Archivos de programa\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\Microsoft Office\Office12\REFIEBAR.DLL
O9 - Extra button: Compro&bar direcciones URL - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Archivos de programa\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {4E218431-2F07-40BD-A9D3-035324C1F13F} (DyynoX Class) - http://webserver.dyyno.com/tng/dyyno-client/DyynoCAB.1.0.0.26.CAB
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} (Battlefield Heroes Updater) - https://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.21.0.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/dim2/default/popcaploader_v6.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Archivos de programa\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARCHIV~1\ARCHIV~1\Skype\Skype4COM.dll
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Archivos de programa\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
O23 - Service: CiSvc - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Archivos de programa\Archivos comunes\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Archivos de programa\Archivos comunes\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Servicio del iPod (iPod Service) - Apple Inc. - C:\Archivos de programa\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Archivos de programa\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Archivos de programa\Archivos comunes\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
--
End of file - 8259 bytes
_______________________________________________
selfishness make us follow our own direction
|
|
|
|
|
Senior Forum Moderator
Group: Moderators
Last Login: 8/9/2008 10:14 AM
Posts: 33,078,
Visits: 54,734
|
|
Click on Start/Run,copy and paste ComboFix /u into the 'Open:' space,then press OK [see image below]
This will uninstall Combofix,delete its related folders and files,reset your clock settings,hide file extensions,hide the system/hidden files and resets System Restore.
Out of date Adobe Reader installed!
Launch Adobe Reader,click on Help->Check for Updates...,to update to the latest version.
Out of date Java installed!
Your version of Sun Java is out of date.
Older versions have vulnerabilities that malware can use to infect your system.
Follow these steps to remove older versions of Sun Java,and then update.
1. Download the latest version of Java Runtime Environment (JRE)
2. Scroll down to where it says 'Java Runtime Environment (JRE) - JRE 6 Update 17'.
3. Click the "Download" button to the right.
4. Select the Platform and Language for your download,then check the box that says: "Accept License Agreement".
5. The page will refresh.
6. Click on the link to download 'Windows Offline Installation - jre-6u17-windows-i586-p.exe' [15.90 MB] and save to your desktop.
7. Close any programs you may have running - especially your web browser.
8. Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
9. Check any item with Java Runtime Environment [JRE or J2SE or Java(TM)] in the name.
10. Click the Change/Remove button.
11. Repeat as many times as necessary to remove each Java version.
12. Reboot your computer once all Java components are removed.
13. Then from your desktop double-click on jre-6u17-windows-i586-p.exe to install the newest version.
Verify your installation of Sun Java:
http://www.java.com/en/download/help/testvm.xml
**Note**
JavaTM Quick Starter:
http://java.sun.com/javase/6/docs/technotes/guides/jweb/otherFeatures/jqs.html
To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
Click Ok and reboot your computer.
Please download Malwarebytes Anti-Malware from Here or Here.
Double Click mbam-setup.exe to install the application.
(If using Windows Vista,be sure to "Run As Administrator").
* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform Quick Scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then click Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy and paste the entire report into your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.
Run 'ESET Online Scanner' using Internet Explorer:
http://www.eset.com/onlinescan/
Place a check in the box 'YES,I accept the Terms of Use' after reading.
Then click 'Start'.
Allow the activex control to install.
Then click 'Start' in the 'ESET Online Scanner' window.
Place a check in the box 'Remove found threats'.
Leave the box 'Scan unwanted applications' blank.
Then press 'Scan'.
The scan will take up some time so please be patient.
Once the scan has finished,post the entire contents of the logfile:
C:\Program Files\EsetOnlineScanner\log.txt
Post the following in your next reply:
The Malwarebytes' Anti-Malware report.
The contents of the ESET Online Scanner log.
A new HijackThis log.
Also let me know how your pc is running now please.
_______________________________________________________________
ASAP & UNITE member since 2006
|
|
|
|
|
New Member
Group: Forum Members
Last Login: 2/3/2008 11:14 AM
Posts: 57,
Visits: 60
|
|
RichieUK I am soooo thankful for your great and huge help you are for us the 'noobs' haha
Will post what all you have mentioned as soon as I get to home
Oh and my computer runs hella smooth and fast after the first instructions you gave me ^^
I oooooowe you soo much! :O
Thanksthanksthanksthanksthanks!!!! I am now less woried about that error lol
_______________________________________________
selfishness make us follow our own direction
|
|
|
|
|
Senior Forum Moderator
Group: Moderators
Last Login: 8/9/2008 10:14 AM
Posts: 33,078,
Visits: 54,734
|
|
|
|
|
|
New Member
Group: Forum Members
Last Login: 2/3/2008 11:14 AM
Posts: 57,
Visits: 60
|
|
MBAM.log
Malwarebytes' Anti-Malware 1.41
Database version: 3106
Windows 5.1.2600 Service Pack 3
05/11/2009 21:41:47
mbam-log-2009-11-05 (21-41-47).txt
Scan type: Quick Scan
Objects scanned: 101359
Time elapsed: 3 minute(s), 52 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
_______________________________________________
selfishness make us follow our own direction
|
|
|
|
|
New Member
Group: Forum Members
Last Login: 2/3/2008 11:14 AM
Posts: 57,
Visits: 60
|
|
HijackThis.log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:11:13, on 06/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Archivos de programa\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Archivos de programa\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Archivos de programa\Microsoft Office\Office12\GrooveMonitor.exe
C:\Archivos de programa\Java\jre6\bin\jusched.exe
C:\Archivos de programa\Logitech\SetPoint\SetPoint.exe
C:\Archivos de programa\Archivos comunes\Logishrd\KHAL2\KHALMNPR.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Archivos de programa\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Ettje\Mis documentos\Descargas\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O1 - Hosts: 60.190.218.24 www.kavkiskey.com
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Archivos de programa\Orbitdownloader\orbitcth.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Archivos de programa\Archivos comunes\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Archivos de programa\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Archivos de programa\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Archivos de programa\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Archivos de programa\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Archivos de programa\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Archivos de programa\Orbitdownloader\GrabPro.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Archivos de programa\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [amd_dc_opt] C:\Archivos de programa\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [nwiz] C:\Archivos de programa\NVIDIA Corporation\nView\nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVP] "C:\Archivos de programa\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Archivos de programa\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Archivos de programa\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Archivos de programa\Archivos comunes\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Archivos de programa\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Archivos de programa\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Archivos de programa\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Archivos de programa\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Archivos de programa\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Agregar al componente Anti-Banners - C:\Archivos de programa\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Archivos de programa\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Archivos de programa\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\ARCHIV~1\Microsoft Office\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARCHIV~1\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARCHIV~1\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra button: &Teclado virtual - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Archivos de programa\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\Microsoft Office\Office12\REFIEBAR.DLL
O9 - Extra button: Compro&bar direcciones URL - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Archivos de programa\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {4E218431-2F07-40BD-A9D3-035324C1F13F} (DyynoX Class) - http://webserver.dyyno.com/tng/dyyno-client/DyynoCAB.1.0.0.26.CAB
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} (Battlefield Heroes Updater) - https://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.21.0.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://zone.msn.com/bingame/dim2/default/popcaploader_v6.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Archivos de programa\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARCHIV~1\ARCHIV~1\Skype\Skype4COM.dll
O20 - AppInit_DLLs: C:\ARCHIV~1\KASPER~1\Kaspersky Internet Security 2010\kloehk.dll
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Archivos de programa\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
O23 - Service: CiSvc - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Archivos de programa\Archivos comunes\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Archivos de programa\Archivos comunes\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Servicio del iPod (iPod Service) - Apple Inc. - C:\Archivos de programa\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Archivos de programa\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Archivos de programa\Archivos comunes\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Archivos de programa\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
--
End of file - 9021 bytes
_______________________________________________
selfishness make us follow our own direction
|
|
|
|
© 2009 Advanced PC Media LLC, all rights reserved. Tweaks.com is not affiliated with Microsoft.