0

Hi,

I have been leaving this for a long time, and the truth is that I have tried in the past to clean this up, but its a nightmare. Computer is sooo slow, probably have some viruses, malware or something. How do I clean this mess up? Thanks in advance to anyone that can help!!!

Currently running:
Vista
Norton 360

(Adding Hijack and Malwarebytes reports)
ESET Online Scanner gave 0 infected files.

Logfile of HijackThis v1.99.1
Scan saved at 11:31:29, on 25/06/2009
Platform: Unknown Windows (WinNT 6.00.1906 SP2)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Users\pbgarcia\Program Files\DNA\btdna.exe
C:\Windows\ehome\ehmsas.exe
C:\PROGRA~1\FLOCK\FLOCK.EXE
C:\Users\pbgarcia\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?o=101764&l=dis
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: Thunder AtOnce - {01443AEC-0FD1-40fd-9C87-E93D1494C233} - C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll (file missing)
O2 - BHO: Shareaza Web Download Hook - {0EEDB912-C5FA-486F-8334-57288578C627} - C:\Program Files\Shareaza Pro\Plugins\RazaWebHook.dll (file missing)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (file missing)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Aplicación auxiliar de inicio de sesión - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (file missing)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (file missing)
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (file missing)
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (file missing)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [QuickTime Plugin Install] C:\Program Files\QuickTime\Plugins\DeleteMe1.exe
O4 - HKLM\..\Run: [PhilipsDM] C:\Program Files\Philips\SA43xx\Philips Device Manager\Bin\LaunchDM.exe OS_STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\pbgarcia\Program Files\DNA\btdna.exe"
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - (no file)
O9 - Extra button: Agregar entrada - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (file missing)
O9 - Extra 'Tools' menuitem: &Agregar entrada en Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (file missing)
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - (no file)
O9 - Extra 'Tools' menuitem: Tencent QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - (no file)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International
O13 - Gopher Prefix:
O16 - DPF: {8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} (AxSubmitControl Class) - https://mybank.icbc.com.cn/icbc/newenperbank/AxSafeControls.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ccEvtMgr - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: ccSetMgr - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Google Update Service (gupdate1c9d6d5666b77d2) (gupdate1c9d6d5666b77d2) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe" /svc (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: Programador de LiveUpdate automático - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv) - Syntek America Inc. - C:\Windows\System32\StkCSrv.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SysEnforce - Unknown owner - C:\PROGRA~1\TRISNA~1\SSI\SYSENF~1.EXE (file missing)
O23 - Service: Servicio Lector del diario USN de Carpetas para compartir de Messenger (usnjsvc) - Unknown owner - C:\Program Files\Windows Live\Messenger\usnsvc.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)
-------------------------------------------------------------------

Malwarebytes' Anti-Malware 1.38
Versión de la Base de Datos: 2333
Windows 6.0.6002 Service Pack 2

25/06/2009 11:20:00
mbam-log-2009-06-25 (11-20-00).txt

Tipo de examen : Examen Rápido
Objetos examinados: 83133
Tiempo transcurrido: 6 minute(s), 24 second(s)

Procesos en Memoria Infectados: 0
Módulos en Memoria Infectados: 0
Claves del Registro Infectadas: 1
Valores del Registro Infectados: 0
Elementos de Datos del Registro Infectados: 0
Carpetas Infectadas: 0
Ficheros Infectados: 0

Procesos en Memoria Infectados:
(No se han detectado elementos maliciosos)

Módulos en Memoria Infectados:
(No se han detectado elementos maliciosos)

Claves del Registro Infectadas:
HKEY_CURRENT_USER\SOFTWARE\fcn (Rogue.Residue) -> Quarantined and deleted successfully.

Valores del Registro Infectados:
(No se han detectado elementos maliciosos)

Elementos de Datos del Registro Infectados:
(No se han detectado elementos maliciosos)

Carpetas Infectadas:
(No se han detectado elementos maliciosos)

Ficheros Infectados:
(No se han detectado elementos maliciosos)

2
Contributors
12
Replies
13
Views
8 Years
Discussion Span
Last Post by jholland1964
0

First of all turn off that BitTorrent program and ALL OTHER P2P programs until the computer is clean, this may very well be how you got the infection.
Second, you only ran the Quick Scan with MBA-M. Please run a Full System scan now and Remove Everything found. Post back with that log.
Third, your HiJackThis is WAY out of date. The newest version has been available for well over a year. Uninstall your current HiJackThis and download the NEW version. Run a Full Scan with it and post that new log here.
Judy

0

Ok! Here it is again! Full malware scan gave same registry infection. Hijack included on new version. Thanks again in advance!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 0:01:47, on 26/06/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\ehome\ehtray.exe
C:\Users\pbgarcia\Program Files\DNA\btdna.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\conime.exe
C:\Users\pbgarcia\Desktop\Dictionary\Wenlin.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Flock\flock.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?o=101764&l=dis
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: Thunder AtOnce - {01443AEC-0FD1-40fd-9C87-E93D1494C233} - C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll (file missing)
O2 - BHO: Shareaza Web Download Hook - {0EEDB912-C5FA-486F-8334-57288578C627} - C:\Program Files\Shareaza Pro\Plugins\RazaWebHook.dll (file missing)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (file missing)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Aplicación auxiliar de inicio de sesión - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (file missing)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (file missing)
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (file missing)
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (file missing)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [QuickTime Plugin Install] C:\Program Files\QuickTime\Plugins\DeleteMe1.exe
O4 - HKLM\..\Run: [PhilipsDM] C:\Program Files\Philips\SA43xx\Philips Device Manager\Bin\LaunchDM.exe OS_STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\pbgarcia\Program Files\DNA\btdna.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Servicio de red')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - (no file)
O9 - Extra button: Agregar entrada - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (file missing)
O9 - Extra 'Tools' menuitem: &Agregar entrada en Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (file missing)
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - (no file)
O9 - Extra 'Tools' menuitem: Tencent QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - (no file)
O13 - Gopher Prefix:
O16 - DPF: {8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} (AxSubmitControl Class) - https://mybank.icbc.com.cn/icbc/newenperbank/AxSafeControls.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ccEvtMgr - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: ccSetMgr - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c9d6d5666b77d2) (gupdate1c9d6d5666b77d2) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Programador de LiveUpdate automático - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv) - Syntek America Inc. - C:\Windows\System32\StkCSrv.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SysEnforce - Unknown owner - C:\PROGRA~1\TRISNA~1\SSI\SYSENF~1.EXE (file missing)
O23 - Service: Servicio Lector del diario USN de Carpetas para compartir de Messenger (usnjsvc) - Unknown owner - C:\Program Files\Windows Live\Messenger\usnsvc.exe (file missing)
-------------------------------------------------------------
Malwarebytes' Anti-Malware 1.38
Versión de la Base de Datos: 2335
Windows 6.0.6002 Service Pack 2

26/06/2009 2:47:06
mbam-log-2009-06-26 (02-47-06).txt

Tipo de examen : Examen Completo (C:\|)
Objetos examinados: 365301
Tiempo transcurrido: 2 hour(s), 44 minute(s), 37 second(s)

Procesos en Memoria Infectados: 0
Módulos en Memoria Infectados: 0
Claves del Registro Infectadas: 1
Valores del Registro Infectados: 0
Elementos de Datos del Registro Infectados: 0
Carpetas Infectadas: 0
Ficheros Infectados: 0

Procesos en Memoria Infectados:
(No se han detectado elementos maliciosos)

Módulos en Memoria Infectados:
(No se han detectado elementos maliciosos)

Claves del Registro Infectadas:
HKEY_CURRENT_USER\SOFTWARE\fcn (Rogue.Residue) -> Quarantined and deleted successfully.

Valores del Registro Infectados:
(No se han detectado elementos maliciosos)

Elementos de Datos del Registro Infectados:
(No se han detectado elementos maliciosos)

Carpetas Infectadas:
(No se han detectado elementos maliciosos)

Ficheros Infectados:
(No se han detectado elementos maliciosos)

0

Please do the following:
download ComboFix, You will get a prompt asking if you want to run or save the file. Choose SAVE and save it to the desk top. DO NOT RUN it YET
We are almost ready to start ComboFix, but before we do so, we need to take some preventative measures so that there are no conflicts with other programs when running ComboFix. At this point you should do the following:

* Close all open Windows including this one.
* Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix.

Once these two steps have been completed, double-click on the ComboFix icon found on your desktop. Please note, that once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall. In fact, when ComboFix is running, do not touch your computer at all and just take a break as it may take a while for it to complete.
Windows may issue a prompt because ComboFix does not have a digital signature. This is perfectly normal and safe and you can click on the Run button to continue.
ComboFix is now preparing to run and when it has finished you will see the Disclaimer screen you should press the number 1 key and then press the enter key to continue.
ComboFix will create a System Restore point so that if any problems occur while using the program you can restore back to your previous configuration. When ComboFix has finished creating the restore point, it will then backup your Windows Registry.
Once the Windows Registry has finished being backed up, ComboFix will disconnect your computer from the Internet. Therefore, do not be surprised or concerned if you receive any warnings stating that you are no longer on the Internet as your connection will be completely restored at a later stage in the program.

ComboFix will now start scanning your computer for known infections. This procedure can take some time, so please be patient.
While the program is scanning your computer, it will change your clock format, so do not be concerned when you see this happen. When ComboFix is finished it will restore your clock settings to what they were previously. You will also see the text in the ComboFix window being updated as it goes through the various stages of its scan.

When ComboFix has finished running, you will see a screen stating that it is preparing the log report
This can take a while, so please be patient. If you see your Windows desktop disappear, do not worry. This is normal and ComboFix will restore your desktop before it is finished. Eventually you will see a new screen that states the program is almost finished and telling you the programs log file, or report, will be located at C:\ComboFix.txt.
When ComboFix has finished, it will automatically close the program and change your clock back to its original format. It will then display the log file automatically
You should now post this log here when all is complete.

0

Here is the log!

ComboFix 09-06-26.02 - pbgarcia 27/06/2009 3:24.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.34.3082.18.2047.1342 [GMT 2:00]
Running from: c:\users\pbgarcia\Downloads\ComboFix.exe
AV: Norton 360 *On-access scanning disabled* (Outdated) {A5F1BC7C-EA33-4247-961C-0217208396C4}
FW: Norton 360 *disabled* {371C0A40-5A0C-4AD2-A6E5-69C02037FBF3}
SP: Norton 360 *disabled* (Outdated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\pbgarcia\AppData\Local\waaquau.dat
c:\users\pbgarcia\AppData\Local\waaquau.exe
c:\users\pbgarcia\AppData\Local\waaquau_nav.dat
c:\users\pbgarcia\AppData\Local\waaquau_navps.dat

.
((((((((((((((((((((((((( Files Created from 2009-05-27 to 2009-06-27 )))))))))))))))))))))))))))))))
.

2009-06-26 17:24 . 2009-06-16 10:40 89104 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090626.016\NAVENG.SYS
2009-06-26 17:24 . 2009-06-16 10:40 876144 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090626.016\NAVEX15.SYS
2009-06-26 17:24 . 2009-06-16 10:40 177520 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090626.016\NAVENG32.DLL
2009-06-26 17:24 . 2009-06-16 10:40 1181040 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090626.016\NAVEX32A.DLL
2009-06-26 17:24 . 2009-06-16 10:40 101936 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090626.016\ERASER.SYS
2009-06-26 17:23 . 2009-06-16 10:40 371248 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090626.016\EECTRL.SYS
2009-06-26 17:23 . 2009-06-16 10:40 259368 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090626.016\ECMSVR32.DLL
2009-06-26 17:23 . 2009-06-16 10:40 2414128 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090626.016\CCERASER.DLL
2009-06-25 22:00 . 2009-06-25 22:00 -------- d-----w- c:\program files\Trend Micro
2009-06-25 21:56 . 2009-06-17 09:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-25 21:56 . 2009-06-17 09:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-25 20:39 . 2009-06-16 10:40 89104 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090625.007\NAVENG.SYS
2009-06-25 20:39 . 2009-06-16 10:40 876144 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090625.007\NAVEX15.SYS
2009-06-25 20:39 . 2009-06-16 10:40 371248 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090625.007\EECTRL.SYS
2009-06-25 20:39 . 2009-06-16 10:40 259368 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090625.007\ECMSVR32.DLL
2009-06-25 20:39 . 2009-06-16 10:40 2414128 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090625.007\CCERASER.DLL
2009-06-25 20:39 . 2009-06-16 10:40 177520 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090625.007\NAVENG32.DLL
2009-06-25 20:39 . 2009-06-16 10:40 1181040 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090625.007\NAVEX32A.DLL
2009-06-25 20:39 . 2009-06-16 10:40 101936 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090625.007\ERASER.SYS
2009-06-25 12:03 . 2009-06-25 12:03 -------- d-----w- c:\windows\LastGood.Tmp
2009-06-25 09:12 . 2009-06-25 09:12 -------- d-----w- c:\users\pbgarcia\AppData\Roaming\Malwarebytes
2009-06-25 09:12 . 2009-06-25 21:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-25 09:12 . 2009-06-25 09:12 -------- d-----w- c:\programdata\Malwarebytes
2009-06-23 20:09 . 2009-06-23 22:05 -------- d-----w- c:\program files\GodsWar Online
2009-06-23 19:52 . 2006-12-22 00:12 290 ----a-w- c:\programdata\Symantec\Definitions\SymcData\nco1.0defs\20090623.003\hub.scr
2009-06-23 13:45 . 2006-12-22 00:12 290 ----a-w- c:\programdata\Symantec\Definitions\SymcData\nco1.0defs\20090623.002\hub.scr
2009-06-11 23:03 . 2009-06-11 23:03 -------- d-----w- C:\CrashReport
2009-06-11 22:50 . 2009-06-12 22:24 -------- d-----w- c:\program files\Runes of Magic
2009-06-11 17:50 . 2009-02-09 22:59 272432 ----a-w- c:\programdata\Symantec\Definitions\SymcData\idsdefs\20090610.001\IDSvix86.sys
2009-06-11 17:50 . 2009-02-09 22:59 251768 ----a-w- c:\programdata\Symantec\Definitions\SymcData\idsdefs\20090610.001\SymIDSco.sys
2009-06-11 17:50 . 2009-02-09 22:59 685432 ----a-w- c:\programdata\Symantec\Definitions\SymcData\idsdefs\20090610.001\IDSxpx86.dll
2009-06-11 17:50 . 2009-02-09 22:59 173432 ----a-w- c:\programdata\Symantec\Definitions\SymcData\idsdefs\20090610.001\SymIDSI.dll
2009-06-11 17:50 . 2009-02-09 22:59 370224 ----a-w- c:\programdata\Symantec\Definitions\SymcData\idsdefs\20090610.001\IDSviA64.sys
2009-06-11 17:50 . 2007-12-04 10:05 157120 ----a-w- c:\programdata\Symantec\Definitions\SymcData\idsdefs\20090610.001\IDS9xx86.dll
2009-06-09 20:58 . 2009-05-09 05:50 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-09 20:58 . 2009-05-09 05:34 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-06-09 20:55 . 2009-04-23 12:15 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2009-06-09 20:55 . 2009-04-21 11:39 2034688 ----a-w- c:\windows\system32\win32k.sys
2009-06-09 20:55 . 2009-04-23 12:14 623616 ----a-w- c:\windows\system32\localspl.dll
2009-06-09 20:41 . 2009-02-09 22:59 272432 ----a-w- c:\programdata\Symantec\Definitions\SymcData\idsdefs\20090604.001\IDSvix86.sys
2009-06-09 20:41 . 2009-02-09 22:59 251768 ----a-w- c:\programdata\Symantec\Definitions\SymcData\idsdefs\20090604.001\SymIDSco.sys
2009-06-09 20:41 . 2009-02-09 22:59 685432 ----a-w- c:\programdata\Symantec\Definitions\SymcData\idsdefs\20090604.001\IDSxpx86.dll
2009-06-09 20:41 . 2009-02-09 22:59 173432 ----a-w- c:\programdata\Symantec\Definitions\SymcData\idsdefs\20090604.001\SymIDSI.dll
2009-06-09 20:41 . 2009-02-09 22:59 370224 ----a-w- c:\programdata\Symantec\Definitions\SymcData\idsdefs\20090604.001\IDSviA64.sys
2009-06-09 20:41 . 2007-12-04 10:05 157120 ----a-w- c:\programdata\Symantec\Definitions\SymcData\idsdefs\20090604.001\IDS9xx86.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-27 01:33 . 2009-05-14 08:58 -------- d-----w- c:\users\pbgarcia\AppData\Roaming\DNA
2009-06-27 00:50 . 2007-08-18 10:34 13166 ----a-w- c:\users\pbgarcia\AppData\Roaming\nvModes.dat
2009-06-26 20:08 . 2008-08-02 11:55 -------- d-----w- c:\users\pbgarcia\AppData\Roaming\BitTorrent
2009-06-26 14:20 . 2007-05-11 08:19 -------- d-----w- c:\program files\Google
2009-06-26 09:16 . 2007-05-11 17:27 673782 ----a-w- c:\windows\system32\perfh00A.dat
2009-06-26 09:16 . 2007-05-11 17:27 133642 ----a-w- c:\windows\system32\perfc00A.dat
2009-06-26 01:27 . 2007-05-11 07:48 12 ----a-w- c:\windows\bthservsdp.dat
2009-06-21 00:12 . 2009-05-24 20:02 -------- d-----w- c:\program files\PokerStars
2009-06-16 10:40 . 2009-06-25 12:16 89104 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\BinHub\NAVENG.SYS
2009-06-16 10:40 . 2009-06-25 12:16 876144 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\BinHub\NAVEX15.SYS
2009-06-16 10:40 . 2009-06-25 12:16 177520 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\BinHub\NAVENG32.DLL
2009-06-16 10:40 . 2009-06-25 12:16 1181040 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\BinHub\NAVEX32A.DLL
2009-06-16 10:40 . 2009-06-25 12:16 371248 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\BinHub\EECTRL.SYS
2009-06-16 10:40 . 2009-06-25 12:16 259368 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\BinHub\ECMSVR32.DLL
2009-06-16 10:40 . 2009-06-25 12:16 101936 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\BinHub\ERASER.SYS
2009-06-16 10:40 . 2009-06-25 12:16 2414128 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\BinHub\CCERASER.DLL
2009-06-09 21:14 . 2009-03-28 12:13 -------- d-----w- c:\programdata\Microsoft Help
2009-06-09 20:21 . 2009-05-17 12:29 93 ----a-w- c:\users\pbgarcia\AppData\Local\ygikisg.bat
2009-05-29 22:12 . 2008-02-21 11:23 -------- d-----w- c:\program files\Common Files\Adobe
2009-05-27 17:57 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-05-27 17:57 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-05-27 17:57 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-05-27 17:57 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2009-05-27 17:57 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-05-27 17:55 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-05-25 21:30 . 2009-05-25 21:30 -------- d-----w- c:\programdata\TVU Networks
2009-05-25 21:30 . 2009-05-25 21:30 -------- d-----w- c:\program files\TVUPlayer
2009-05-24 17:32 . 2009-04-29 18:18 -------- d-----w- c:\program files\Flock
2009-05-20 17:35 . 2009-05-20 17:35 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-05-20 17:27 . 2009-05-20 17:26 -------- d-----w- c:\program files\AGEIA Technologies
2009-05-20 17:26 . 2007-10-09 06:11 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-05-20 17:01 . 2009-05-20 17:01 -------- d-----w- c:\program files\505games
2009-05-20 16:59 . 2007-05-11 07:59 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-19 21:46 . 2009-05-19 21:46 -------- d-----w- c:\program files\Firaxis Games
2009-05-18 21:08 . 2009-05-15 23:02 -------- d-----w- c:\programdata\Rosetta Stone
2009-05-17 09:59 . 2007-11-26 07:06 1356 ----a-w- c:\users\pbgarcia\AppData\Local\d3d9caps.dat
2009-05-16 15:15 . 2007-09-11 10:26 -------- d-----w- c:\program files\MagicISO
2009-05-16 15:13 . 2007-11-11 09:39 -------- d-----w- c:\programdata\Skype
2009-05-16 15:13 . 2007-11-11 09:39 -------- d-----r- c:\program files\Skype
2009-05-16 11:18 . 2009-04-11 18:44 -------- d-----w- c:\programdata\FLEXnet
2009-05-15 23:02 . 2009-05-15 23:02 -------- d-----w- c:\program files\Rosetta Stone
2009-05-15 11:21 . 2009-05-15 11:19 -------- d-----w- c:\program files\cFosSpeed
2009-05-14 18:28 . 2007-10-11 10:51 -------- d-----w- c:\program files\Windows Live
2009-05-14 18:27 . 2009-03-24 04:13 -------- d-----w- c:\program files\Microsoft
2009-05-14 18:26 . 2009-05-14 18:26 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-05-14 18:25 . 2009-05-14 18:15 -------- d-----w- c:\program files\RegCure
2009-05-14 18:12 . 2008-04-14 21:03 -------- d-----w- c:\program files\Real
2009-05-14 11:34 . 2007-05-11 07:56 -------- d-----w- c:\program files\Packard Bell
2009-05-14 11:07 . 2007-10-11 11:06 -------- d-----w- c:\program files\Windows Live Toolbar
2009-05-14 10:46 . 2009-05-14 10:46 23 --sha-w- c:\windows\system32\edacded0_x.dat
2009-05-14 10:46 . 2009-05-14 10:46 -------- d-----w- c:\program files\jv16 PowerTools 2009
2009-05-14 08:59 . 2009-05-14 08:58 -------- d-----w- c:\program files\BitTorrent
2009-05-14 08:59 . 2008-08-02 11:55 -------- d-----w- c:\program files\DNA
2009-05-14 08:38 . 2009-05-14 08:38 -------- d-----w- c:\program files\PFConfig
2009-05-08 06:52 . 2009-05-08 06:52 2082104 ----a-w- c:\users\pbgarcia\AppData\Roaming\Mozilla\Firefox\Profiles\msg1o90b.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
2009-05-05 10:15 . 2009-05-05 10:15 1095808 ----a-w- c:\windows\system32\drivers\smserial.sys
2009-05-05 09:02 . 2009-05-05 09:02 532480 ----a-w- c:\windows\system32\sm56co85.dll
2009-04-30 10:15 . 2007-08-18 01:00 115696 ----a-w- c:\users\pbgarcia\AppData\Local\GDIPFONTCACHEV1.DAT
2009-04-30 10:03 . 2009-03-28 12:26 -------- d-----w- c:\program files\Microsoft Works
2009-04-29 18:19 . 2009-04-29 18:19 -------- d-----w- c:\users\pbgarcia\AppData\Roaming\Flock
2009-04-28 12:52 . 2009-04-27 09:23 -------- d-----w- c:\program files\PowerISO
2009-04-17 08:58 . 2009-04-23 15:48 954368 ----a-w- c:\users\pbgarcia\AppData\Roaming\Mozilla\Firefox\Profiles\msg1o90b.default\extensions\piclens@cooliris.com\libs\PicLensHelper.exe
2009-04-17 08:58 . 2009-04-23 15:48 103424 ----a-w- c:\users\pbgarcia\AppData\Roaming\Mozilla\Firefox\Profiles\msg1o90b.default\extensions\piclens@cooliris.com\libs\pixomatic.dll
2009-04-17 08:58 . 2009-04-23 15:48 344064 ----a-w- c:\users\pbgarcia\AppData\Roaming\Mozilla\Firefox\Profiles\msg1o90b.default\extensions\piclens@cooliris.com\libs\LaunchCooliris.exe
2009-04-17 08:58 . 2009-04-23 15:48 1161626 ----a-w- c:\users\pbgarcia\AppData\Roaming\Mozilla\Firefox\Profiles\msg1o90b.default\extensions\piclens@cooliris.com\libs\avcodec-51.dll
2009-04-17 08:58 . 2009-04-23 15:48 65536 ----a-w- c:\users\pbgarcia\AppData\Roaming\Mozilla\Firefox\Profiles\msg1o90b.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
2009-04-17 08:58 . 2009-04-23 15:48 71652 ----a-w- c:\users\pbgarcia\AppData\Roaming\Mozilla\Firefox\Profiles\msg1o90b.default\extensions\piclens@cooliris.com\libs\avutil-49.dll
2009-04-17 08:58 . 2009-04-23 15:48 4579328 ----a-w- c:\users\pbgarcia\AppData\Roaming\Mozilla\Firefox\Profiles\msg1o90b.default\extensions\piclens@cooliris.com\libs\cooliris18.dll
2009-04-17 08:58 . 2009-04-23 15:48 4534272 ----a-w- c:\users\pbgarcia\AppData\Roaming\Mozilla\Firefox\Profiles\msg1o90b.default\extensions\piclens@cooliris.com\libs\cooliris19.dll
2009-04-17 08:58 . 2009-04-23 15:48 131868 ----a-w- c:\users\pbgarcia\AppData\Roaming\Mozilla\Firefox\Profiles\msg1o90b.default\extensions\piclens@cooliris.com\libs\avformat-52.dll
2009-04-11 06:33 . 2009-05-27 11:45 986600 ----a-w- c:\windows\system32\winload.exe
2009-04-11 06:33 . 2009-05-27 11:44 926184 ----a-w- c:\windows\system32\winresume.exe
2009-04-11 06:33 . 2009-05-27 11:44 292840 ----a-w- c:\windows\system32\drivers\volmgrx.sys
2009-04-11 06:33 . 2009-05-27 11:45 897000 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-04-11 06:33 . 2009-05-27 11:45 614376 ----a-w- c:\windows\system32\ci.dll
2009-04-11 06:28 . 2009-05-27 11:45 56320 ----a-w- c:\windows\system32\xmlfilter.dll
2009-04-11 06:27 . 2009-05-27 11:45 441344 ----a-w- c:\windows\system32\SearchIndexer.exe
2009-04-11 06:22 . 2009-05-27 11:43 7168 ----a-w- c:\windows\system32\f3ahvoas.dll
2009-04-11 06:21 . 2009-05-27 11:44 37376 ----a-w- c:\windows\system32\cdd.dll
2009-04-11 05:42 . 2009-05-27 11:43 93696 ----a-w- c:\windows\system32\drivers\bridge.sys
2009-04-11 05:03 . 2009-05-27 11:46 12240896 ----a-w- c:\windows\system32\NlsLexicons0007.dll
2009-04-11 05:03 . 2009-05-27 11:46 2644480 ----a-w- c:\windows\system32\NlsLexicons0009.dll
2009-04-11 04:57 . 2009-05-27 11:43 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-04-11 04:54 . 2009-05-27 11:43 2048 ----a-w- c:\windows\system32\mferror.dll
2009-04-11 04:51 . 2009-05-27 11:44 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2009-04-11 04:47 . 2009-05-27 11:44 273920 ----a-w- c:\windows\system32\drivers\afd.sys
2009-04-11 04:46 . 2009-05-27 11:43 69120 ----a-w- c:\windows\system32\drivers\rassstp.sys
2009-04-11 04:46 . 2009-05-27 11:44 121344 ----a-w- c:\windows\system32\drivers\ndiswan.sys
2009-04-11 04:46 . 2009-05-27 11:43 41472 ----a-w- c:\windows\system32\drivers\raspppoe.sys
2009-04-11 04:46 . 2009-05-27 11:43 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys
2009-04-11 04:46 . 2009-05-27 11:43 33280 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2009-04-11 04:46 . 2009-05-27 11:44 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-04-11 04:45 . 2009-05-27 11:44 72192 ----a-w- c:\windows\system32\drivers\tdx.sys
2009-04-11 04:45 . 2009-05-27 11:44 72192 ----a-w- c:\windows\system32\drivers\pacer.sys
2009-04-11 04:45 . 2009-05-27 11:44 185856 ----a-w- c:\windows\system32\drivers\netbt.sys
2009-04-11 04:45 . 2009-05-27 11:44 401408 ----a-w- c:\windows\system32\drivers\http.sys
2009-04-11 04:45 . 2009-05-27 11:44 113664 ----a-w- c:\windows\system32\drivers\rmcast.sys
2009-04-11 04:45 . 2009-05-27 11:44 66560 ----a-w- c:\windows\system32\drivers\smb.sys
2009-04-11 04:43 . 2009-05-27 11:43 148480 ----a-w- c:\windows\system32\drivers\nwifi.sys
2009-04-11 04:43 . 2009-05-27 11:44 196096 ----a-w- c:\windows\system32\drivers\usbhub.sys
2007-05-11 17:34 . 2007-05-11 17:34 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnhancedStorageShell]
@="{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}"
[HKEY_CLASSES_ROOT\CLSID\{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}]
2009-04-11 06:28 114176 ----a-w- c:\windows\System32\EhStorShell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"BitTorrent DNA"="c:\users\pbgarcia\Program Files\DNA\btdna.exe" [2009-05-15 321344]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2009-05-05 1466368]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-22 815104]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 115816]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-09-26 734264]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2006-12-10 90191]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-12-10 7766016]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-12-10 81920]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"QuickTime Plugin Install"="c:\program files\QuickTime\Plugins\DeleteMe1.exe" [2008-09-26 86016]
"PhilipsDM"="c:\program files\Philips\SA43xx\Philips Device Manager\Bin\LaunchDM.exe" [2007-08-11 40960]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-08 148888]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 443968]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"BindDirectlyToPropertySetStorage"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Thunder

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):a5,5d,fc,b1,f5,de,c9,01

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{366F6DD4-712B-44D7-BB19-3EB1B674C290}"= UDP:c:\program files\Skype\Phone\Skype.exe:Skype
"{A3FF52DB-C74C-427B-AB09-B6A1A176018F}"= UDP:c:\program files\World of Warcraft\BackgroundDownloader.exe:Blizzard Downloader
"{BBF74422-20E5-4A67-B1B7-1DBA7B0D44DB}"= TCP:c:\program files\World of Warcraft\BackgroundDownloader.exe:Blizzard Downloader
"{B14A9895-D55C-4F3B-834A-3E892D573DD8}"= UDP:3724:Blizzard Downloader: 3724
"{345F729C-0FD8-498F-98C1-110A07CE2C2A}"= UDP:c:\program files\Microsoft Games\Halo 2\halo2.exe:Halo 2
"{A661BD08-528E-4323-96AE-7FD321856407}"= TCP:c:\program files\Microsoft Games\Halo 2\halo2.exe:Halo 2
"{8E880B30-1D09-4E00-8BBB-9648100D8077}"= Disabled:UDP:c:\program files\Thunder Network\Thunder\Program\Thunder5.exe:Thunder
"{194F7490-D8CE-4831-A211-8605FA0C726D}"= Disabled:TCP:c:\program files\Thunder Network\Thunder\Program\Thunder5.exe:Thunder
"{D80F533F-D100-425D-B5BA-5F722A947730}"= UDP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent
"{84D38A5A-9414-4916-BEAE-325743AF42AD}"= TCP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent
"{4923311A-1F92-4D95-8E40-663BC1EC9EDD}"= UDP:c:\program files\PPLive\PPLive.exe:PPLive
"{CCA6ACE9-390B-4037-B5E1-A57EFCAC2986}"= TCP:c:\program files\PPLive\PPLive.exe:PPLive
"{D7D13D01-624E-414A-B079-E61D67267A37}"= UDP:c:\program files\DNA\btdna.exe:DNA
"{54018091-4A0B-4911-9D02-A13F665E6EEC}"= TCP:c:\program files\DNA\btdna.exe:DNA
"{15188D5A-33B1-47B4-B491-EB0978C85845}"= UDP:c:\program files\Curse\CurseClient.exe:Curse Client
"{3B98CE8D-9098-41ED-AF11-0FC16211711D}"= TCP:c:\program files\Curse\CurseClient.exe:Curse Client
"{17310823-F89B-44C1-A585-3551D42D2FF1}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{31F29333-B4DB-4CCE-8084-A3103D459175}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{B38AB258-FF10-4355-9F71-C442EEC83F5B}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{D75B61AD-5815-4B20-ADE7-225651A43339}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{F975C038-E432-43E2-9138-BF7DB8303746}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{96F941B9-80D6-41CB-84F9-BE6063A03B47}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{DE91809A-A41E-411A-90BB-F10248EE96D8}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)
"{BD0AD8D6-3CD0-4F69-A64B-89F308E5199E}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\PPStream\\PPStream.exe"= c:\program files\PPStream\PPStream.exe:*:Enabled:PPSÍøÂçµçÊÓ
"c:\\Program Files\\PPStream\\PPSAP.exe"= c:\program files\PPStream\PPSAP.exe:*:Enabled:PPS ÍøÂç¼ÓËÙÆ÷
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\idsdefs\20090610.001\IDSvix86.sys [11/06/2009 19:50 272432]
R2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;c:\windows\System32\StkCSrv.exe [16/02/2008 4:34 24576]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [26/02/2009 18:12 101936]
R3 StkCMini;Syntek AVStream USB2.0 VGA WebCam;c:\windows\System32\drivers\StkCMini.sys [16/02/2008 4:34 1132544]
R3 SYMNDISV;SYMNDISV;c:\windows\System32\drivers\symndisv.sys [09/01/2007 16:32 38200]
S2 gupdate1c9d6d5666b77d2;Google Update Service (gupdate1c9d6d5666b77d2);c:\program files\Google\Update\GoogleUpdate.exe [17/05/2009 11:53 133104]
S3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\System32\drivers\s115bus.sys [19/10/2007 13:43 83208]
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\System32\drivers\s115mdfl.sys [19/10/2007 13:43 15112]
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\System32\drivers\s115mdm.sys [19/10/2007 13:43 108680]
S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\System32\drivers\s115mgmt.sys [19/10/2007 13:44 100488]
S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\System32\drivers\s115obex.sys [19/10/2007 13:44 98568]
S3 stllssvr;stllssvr;c:\program files\Common Files\SureThing Shared\stllssvr.exe [14/09/2006 14:54 73728]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-06-26 c:\windows\Tasks\Garantía ampliable.job
- c:\program files\Packard Bell\SetupmyPC\PBCarNot.exe [2007-05-11 16:38]

2009-06-26 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-17 09:53]

2009-05-16 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2008-12-29 17:58]

2009-05-16 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2008-12-29 17:58]
.
- - - - ORPHANS REMOVED - - - -

BHO-{201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\AskBarDis\bar\bin\askBar.dll


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.ask.com/?o=101764&l=dis
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{09BA8F6D-CB54-424B-839C-C2A6C8E6B436}
IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157b}
DPF: {8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} - hxxps://mybank.icbc.com.cn/icbc/newenperbank/AxSafeControls.cab
FF - ProfilePath -
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-27 03:32
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2836395059-3609504059-337800587-1002\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{5E4D1D1A-1DC3-A4B6-C98C-E4A45C13EABC}*]
@Allowed: (Read) (RestrictedCode)
"abjhodbelgbaboinkkgdjbaakphnfegjhm"=hex:61,62,68,67,66,62,67,6b,6e,70,6d,66,
69,70,63,67,6d,65,69,6e,61,6e,6a,62,69,6b,61,61,66,65,65,6c,62,64,00,00
"bbjhodbelgbaboinkkpjmikkjjlnklhblkbd"=hex:61,62,65,66,6a,62,6a,6c,68,62,6e,69,
65,6e,61,6e,65,65,6b,6f,68,6e,63,64,65,61,67,64,63,69,6e,68,67,66,00,00

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000a0

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-06-27 3:39
ComboFix-quarantined-files.txt 2009-06-27 01:39

Pre-Run: 4.895.535.104 bytes libres
Post-Run: 5.162.246.144 bytes libres

366 --- E O F --- 2009-06-26 09:10

0

How is the computer running now?
Update MBA-M and do another Full system scan. Reboot do another HJT scan and post both logs.

0

Thanks! MBA-M full scan was clean and it does seem to be a bit quicker than before. However, now every time i open Flock (firefox version) i get the Would you like to make Flock your prefered internet browser? question all the time, no matter what i do.

Also, there must be a way to get all these registry entries that go nowhere (have no files associated with them) deleted. They refer to programs that i deleted, some of them, years agao. How can i clean this aweful registry?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 0:01:47, on 26/06/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\ehome\ehtray.exe
C:\Users\pbgarcia\Program Files\DNA\btdna.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\conime.exe
C:\Users\pbgarcia\Desktop\Dictionary\Wenlin.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Flock\flock.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?o=101764&l=dis
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: Thunder AtOnce - {01443AEC-0FD1-40fd-9C87-E93D1494C233} - C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll (file missing)
O2 - BHO: Shareaza Web Download Hook - {0EEDB912-C5FA-486F-8334-57288578C627} - C:\Program Files\Shareaza Pro\Plugins\RazaWebHook.dll (file missing)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (file missing)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Aplicación auxiliar de inicio de sesión - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (file missing)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (file missing)
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (file missing)
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (file missing)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [QuickTime Plugin Install] C:\Program Files\QuickTime\Plugins\DeleteMe1.exe
O4 - HKLM\..\Run: [PhilipsDM] C:\Program Files\Philips\SA43xx\Philips Device Manager\Bin\LaunchDM.exe OS_STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\pbgarcia\Program Files\DNA\btdna.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Servicio de red')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - (no file)
O9 - Extra button: Agregar entrada - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (file missing)
O9 - Extra 'Tools' menuitem: &Agregar entrada en Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (file missing)
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - (no file)
O9 - Extra 'Tools' menuitem: Tencent QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - (no file)
O13 - Gopher Prefix:
O16 - DPF: {8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} (AxSubmitControl Class) - https://mybank.icbc.com.cn/icbc/newenperbank/AxSafeControls.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ccEvtMgr - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: ccSetMgr - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c9d6d5666b77d2) (gupdate1c9d6d5666b77d2) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Programador de LiveUpdate automático - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv) - Syntek America Inc. - C:\Windows\System32\StkCSrv.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SysEnforce - Unknown owner - C:\PROGRA~1\TRISNA~1\SSI\SYSENF~1.EXE (file missing)
O23 - Service: Servicio Lector del diario USN de Carpetas para compartir de Messenger (usnjsvc) - Unknown owner - C:\Program Files\Windows Live\Messenger\usnsvc.exe (file missing)

--

0

--------------Followed from last email.-------------------

Also, this entry seems dubious to me, as I dont bank on mybank and noticing also this in a Chinese site.

O16 - DPF: {8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} (AxSubmitControl Class) - https://mybank.icbc.com.cn/icbc/newe...feControls.cab

last there a a couple of no name files - is there any way to find out what those are...

thanks in advance again

0

Run HiJackThis again and place check marks next to the following entries:
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: Thunder AtOnce - {01443AEC-0FD1-40fd-9C87-E93D1494C233} - C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll (file missing)
O2 - BHO: Shareaza Web Download Hook - {0EEDB912-C5FA-486F-8334-57288578C627} - C:\Program Files\Shareaza Pro\Plugins\RazaWebHook.dll (file missing)
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (file missing)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (file missing)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (file missing)
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll (file missing)

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (file missing)

O9 - Extra button: (no name) - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - (no file)
O9 - Extra button: Agregar entrada - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (file missing)
O9 - Extra 'Tools' menuitem: &Agregar entrada en Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (file missing)
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - (no file)
O9 - Extra 'Tools' menuitem: Tencent QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - (no file)
O16 - DPF: {8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} (AxSubmitControl Class) - https://mybank.icbc.com.cn/icbc/newe...feControls.cab

Once you have placed the check marks then click the Fix Checked button.
Exit HJT.

Also, there must be a way to get all these registry entries that go nowhere (have no files associated with them) deleted. They refer to programs that i deleted, some of them, years agao. How can i clean this aweful registry?

There really is no need to worry about these. They are just old entries that do nothing. The registry isn't awful.
Some programs have hundreds of entries in a registry, yes some from old programs but this doesn't affect the performance of the computer. They just sit there, do nothing. Registries have gotten larger over the years just because of the increase in size of the drives themselves. The belief that old and unused registry entries need to be cleaned out is false, at least in my belief. They do nothing but sit there. Playing in the registry to remove old entries often times do more damage than just letting them sit. Remove the wrong thing, hit the wrong key and you may "zap" the entire operating system itself. Just leave them alone. They hurt nothing.

I am not certain on the Flock browser question since I am not familiar with it. Is there a NO option to make it your default browser? check within preferences, there should be someplace where there is the option to have it ASK you if you want to make it the default browser, if there is make sure there is no check mark there.
Now you need to Uninstall Combofix. You will not need it anymore.

* Click START then RUN
* Now type Combofix /u in the runbox and click OK. The space between the combofix and the /u, it must be there.
When shown the disclaimer, Select "2"


You also need to set a new, clean Restore point.
To do this Right Click My computer.
Choose Properties
When System Properties opens choose the System Restore Tab.
Place a check mark in Shut down System Restore.
You will probably get a message telling you it will be shut down, click ok or yes.
Allow it to shut down.
Wait a moment. Then go back in and take that check mark Out so that System Restore will turn back on.

0

I checked as you said those registry entries but they just reappear. Same thing if I use a registry cleaner.

So, still have not uninstalled combofix. What do i do?

0

I didn't tell you to remove any registry entries, what are you talking about? Did you read my last post concerning old registry entries?

There really is no need to worry about these. They are just old entries that do nothing. The registry isn't awful.
Some programs have hundreds of entries in a registry, yes some from old programs but this doesn't affect the performance of the computer. They just sit there, do nothing. Registries have gotten larger over the years just because of the increase in size of the drives themselves. The belief that old and unused registry entries need to be cleaned out is false, at least in my belief. They do nothing but sit there. Playing in the registry to remove old entries often times do more damage than just letting them sit. Remove the wrong thing, hit the wrong key and you may "zap" the entire operating system itself. Just leave them alone. They hurt nothing.

0

yes i did! i was refering to clicking the program registries in Hijackthis. I do but then they just reappear!

0

yes i did! i was refering to clicking the program registries in Hijackthis. I do but then they just reappear!

The only one you would need to be concerned about is that O16 entry. It WILL reappear if you go back to that site, so if IT keeps coming back then you are visiting that site.
Those entries I noted were just general clean up...there is NO infection putting them on there so don't worry about them Plus they are NOT REGISTRY entries. The Registry is an entirely different thing and we are doing nothing with the registry.
did you follow the instructions as I gave them...all the way through including:
Place the check marks, CLICK the FIX CHECKED button. EXIT HJT.
REBOOT and then run a NEW HJT scan and post the NEW log here?

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.