Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Several infections, Vundo, hx.exe, cvasds0.dll, etc [Solved]

Started by JBorges , Sep 07 2009 12:06 AM

This topic is locked

#1
JBorges

Posted 07 September 2009 - 12:06 AM

Member

Member
15 posts

Hello, the infections won't let work crashing the windows explorer and antivirus. I already did everything in the Malware and Spyware Cleaning Guide, that removed a lot of infections, but I don't think they are gone for good, Avast just detected another virus and the windows explorer is very slow.

Any expert help really appreciated...

Here are the Malwarebytes' Anti-Malware log, OTL.txt and Extras.txt and RootRepeal.txt

Malwarebytes' Anti-Malware log

Malwarebytes' Anti-Malware 1.40
Versión de la Base de Datos: 2750
Windows 5.1.2600 Service Pack 2

06/09/2009 10:38:22 p.m.
mbam-log-2009-09-06 (22-38-22).txt

Tipo de examen : Examen Rápido
Objetos examinados: 116644
Tiempo transcurrido: 5 minute(s), 29 second(s)

Procesos en Memoria Infectados: 0
Módulos en Memoria Infectados: 0
Claves del Registro Infectadas: 3
Valores del Registro Infectados: 1
Elementos de Datos del Registro Infectados: 2
Carpetas Infectadas: 2
Ficheros Infectados: 12

Procesos en Memoria Infectados:
(No se han detectado elementos maliciosos)

Módulos en Memoria Infectados:
(No se han detectado elementos maliciosos)

Claves del Registro Infectadas:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{28abc5c0-4fcb-11cf-aax5-81cx1c635612} (Generic.Bot.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\MADOWN (Worm.Magania) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\RegSweep (Rogue.RegSweep) -> Quarantined and deleted successfully.

Valores del Registro Infectados:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cdoosoft (Spyware.OnlineGames) -> Quarantined and deleted successfully.

Elementos de Datos del Registro Infectados:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceActiveDesktopOn (Hijack.Desktop) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Carpetas Infectadas:
C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013 (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld (Trojan.Agent) -> Quarantined and deleted successfully.

Ficheros Infectados:
C:\lcw.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\2672359.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\2871968.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\3192093.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\3477734.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\3591453.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\861203.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\888515.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\907859.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\916687.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\autorun.inf (SuspectAutorun.Rootdrive.H) -> Quarantined and deleted successfully.

OTL.txt and Extras.txt

OTL logfile created on: 07/09/2009 01:09:39 a.m. - Run 1
OTL by OldTimer - Version 3.0.10.7 Folder = d:\Documents and Settings\borgesjh\Escritorio\GTG Guide
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 0000200A | Country: Venezuela | Language: ESV | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 100,00% Memory free
4,00 Gb Paging File | 3,72 Gb Available in Paging File | 92,89% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Archivos de programa
Drive C: | 23,44 Gb Total Space | 10,10 Gb Free Space | 43,07% Space Free | Partition Type: NTFS
Drive D: | 51,09 Gb Total Space | 24,01 Gb Free Space | 46,99% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: XMOBILEDD5289F
Current User Name: BORGESJH
NOT logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/08/28 13:30:22 | 00,715,392 | ---- | M] (COMODO) -- C:\Archivos de programa\COMODO\COMODO Internet Security\cmdagent.exe
PRC - [2009/08/17 11:28:55 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Archivos de programa\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009/08/17 11:37:17 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Archivos de programa\Alwil Software\Avast4\ashServ.exe
PRC - [2006/02/15 16:09:20 | 00,258,103 | ---- | M] (Broadcom Corporation.) -- C:\Archivos de programa\WIDCOMM\Software Bluetooth\bin\btwdins.exe
PRC - [2000/06/29 04:15:10 | 00,052,224 | ---- | M] (Kenonic Controls Ltd.) -- C:\WINDOWS\System32\crypserv.exe
PRC - [2004/11/09 10:39:22 | 00,090,112 | ---- | M] (Felten GmbH) -- d:\Archivos de programa\Citect\CitectSCADA 7\Batch\CTBREDDB.exe
PRC - [2009/06/30 19:40:09 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Archivos de programa\Google\Update\1.2.183.7\GoogleCrashHandler.exe
PRC - [2003/07/18 14:32:18 | 01,422,528 | ---- | M] (Cisco Systems, Inc.) -- C:\Archivos de programa\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2003/06/19 22:55:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7DEBUG\MDM.EXE
PRC - [2003/05/01 02:30:22 | 00,049,152 | ---- | M] (National Instruments) -- C:\WINDOWS\System32\niSvcLoc.exe
PRC - [2007/04/17 08:37:50 | 00,135,168 | ---- | M] (OPC Foundation) -- C:\WINDOWS\System32\opcenum.exe
PRC - [2007/04/20 10:52:22 | 00,079,324 | ---- | M] (PostgreSQL Global Development Group) -- C:\Archivos de programa\PostgreSQL\8.2\bin\pg_ctl.exe
PRC - [2001/08/23 03:30:00 | 00,008,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\cidaemon.exe
PRC - [2001/08/23 03:30:00 | 00,008,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\cidaemon.exe
PRC - [2007/04/20 10:52:04 | 03,596,659 | ---- | M] (PostgreSQL Global Development Group) -- C:\Archivos de programa\PostgreSQL\8.2\bin\postgres.exe
PRC - [2007/04/20 10:52:04 | 03,596,659 | ---- | M] (PostgreSQL Global Development Group) -- C:\Archivos de programa\PostgreSQL\8.2\bin\postgres.exe
PRC - [2007/04/20 10:52:04 | 03,596,659 | ---- | M] (PostgreSQL Global Development Group) -- C:\Archivos de programa\PostgreSQL\8.2\bin\postgres.exe
PRC - [2007/04/20 10:52:04 | 03,596,659 | ---- | M] (PostgreSQL Global Development Group) -- C:\Archivos de programa\PostgreSQL\8.2\bin\postgres.exe
PRC - [2005/12/12 14:30:46 | 00,088,203 | ---- | M] (Agere Systems) -- C:\WINDOWS\AGRSMMSG.exe
PRC - [2006/03/02 15:09:42 | 00,131,072 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Archivos de programa\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
PRC - [2006/01/16 21:31:46 | 00,053,248 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\System32\AccelerometerSt.exe
PRC - [2007/05/17 23:35:34 | 00,037,392 | R--- | M] (Mindjet) -- C:\Archivos de programa\Mindjet\MindManager 7\MMReminderService.exe
PRC - [2008/09/12 08:20:49 | 00,036,864 | ---- | M] () -- C:\WINDOWS\System32\ardat.exe
PRC - [2007/01/18 13:20:26 | 00,190,008 | ---- | M] (Seagate LLC) -- D:\Archivos de programa\Seagate\SystemTray\StxMenuMgr.exe
PRC - [2006/04/17 01:16:14 | 00,032,768 | ---- | M] (SHARP CORPORATION) -- C:\Archivos de programa\Sharp\Sharpdesk\SharpTray.exe
PRC - [2006/04/18 11:10:16 | 00,692,224 | ---- | M] (SHARP CORPORATION) -- C:\Archivos de programa\Sharp\Sharpdesk\FtpServer.exe
PRC - [2008/09/12 08:20:49 | 00,315,392 | ---- | M] () -- C:\WINDOWS\System32\sar.exe
PRC - [2006/08/22 00:30:20 | 00,316,992 | ---- | M] (SafeNet, Inc.) -- C:\Archivos de programa\Archivos comunes\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
PRC - [2009/08/28 13:30:21 | 01,796,368 | ---- | M] (COMODO) -- C:\Archivos de programa\COMODO\COMODO Internet Security\cfp.exe
PRC - [2009/08/17 11:37:23 | 00,081,000 | ---- | M] (ALWIL Software) -- C:\Archivos de programa\Alwil Software\Avast4\ashDisp.exe
PRC - [2005/10/28 15:55:44 | 00,094,208 | ---- | M] (Nero AG) -- C:\Archivos de programa\Archivos comunes\Ahead\lib\NMBgMonitor.exe
PRC - [2006/12/21 07:00:02 | 00,206,400 | ---- | M] (SafeNet, Inc) -- C:\Archivos de programa\Archivos comunes\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
PRC - [2004/09/05 16:50:18 | 00,380,928 | ---- | M] (Tracker Software Products Ltd.) -- C:\Archivos de programa\Mindjet\MindManager 7\PDF-XChange\pdfSaver\pdfSaver3.exe
PRC - [2007/05/28 12:27:54 | 00,275,968 | ---- | M] (Rocket Division Software) -- D:\Archivos de programa\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
PRC - [2008/10/30 10:02:44 | 00,565,248 | ---- | M] (Wakoopa) -- D:\Archivos de programa\Wakoopa\Wakoopa.exe
PRC - [2005/01/28 01:06:00 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfmgr.exe
PRC - [2006/02/15 16:16:02 | 00,581,693 | ---- | M] (Broadcom Corporation.) -- C:\Archivos de programa\WIDCOMM\Software Bluetooth\BTTray.exe
PRC - [2006/01/10 11:53:56 | 00,098,304 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Archivos de programa\Hewlett-Packard\Shared\hpqwmiex.exe
PRC - [2009/08/10 15:46:40 | 02,351,616 | ---- | M] (RescueTime, Inc.) -- C:\Archivos de programa\RescueTime\RescueTime.exe
PRC - [2006/05/03 10:48:46 | 00,307,200 | ---- | M] (ta2027) -- D:\Archivos de programa\Styler\Styler.exe
PRC - [2009/08/17 11:37:01 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Archivos de programa\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009/08/17 11:34:21 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Archivos de programa\Alwil Software\Avast4\ashWebSv.exe
PRC - [2001/08/23 04:30:00 | 00,218,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\wmiprvse.exe
PRC - [2009/06/20 12:27:54 | 00,615,176 | ---- | M] (http://tortoisesvn.net) -- C:\Archivos de programa\TortoiseSVN\bin\TSVNCache.exe
PRC - [2006/02/15 16:14:44 | 01,265,748 | ---- | M] (Broadcom Corporation.) -- C:\Archivos de programa\WIDCOMM\Software Bluetooth\BTStackServer.exe
PRC - [2007/06/13 08:52:28 | 01,035,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2009/09/07 01:01:26 | 00,514,048 | ---- | M] (OldTimer Tools) -- d:\Documents and Settings\borgesjh\Escritorio\GTG Guide\OTL.exe
PRC - [2001/08/23 04:30:00 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\notepad.exe
PRC - [2001/08/23 04:30:00 | 00,218,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\wmiprvse.exe
PRC - [2009/08/05 12:59:17 | 00,908,280 | ---- | M] (Mozilla Corporation) -- C:\Archivos de programa\Mozilla Firefox\firefox.exe

========== Win32 Services (SafeList) ==========

SRV - [2007/07/19 09:21:11 | 00,072,704 | ---- | M] (Adobe Systems) -- C:\Archivos de programa\Archivos comunes\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service [On_Demand | Stopped])
SRV - [2007/03/19 20:49:14 | 00,263,168 | ---- | M] (Ares Development Group) -- D:\Archivos de programa\Ares\chatServer.exe -- (AresChatServer [On_Demand | Stopped])
SRV - [2007/10/24 01:17:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2009/08/17 11:28:55 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Archivos de programa\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv [Auto | Running])
SRV - [2006/05/04 12:03:06 | 00,405,504 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe -- (Ati HotKey Poller [Disabled | Stopped])
SRV - [2009/08/17 11:37:17 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Archivos de programa\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus [Auto | Running])
SRV - [2009/08/17 11:37:01 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Archivos de programa\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner [On_Demand | Running])
SRV - [2009/08/17 11:34:21 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Archivos de programa\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner [On_Demand | Running])
SRV - [2006/02/15 16:09:20 | 00,258,103 | ---- | M] (Broadcom Corporation.) -- C:\Archivos de programa\WIDCOMM\Software Bluetooth\bin\btwdins.exe -- (btwdins [Auto | Running])
SRV - [2007/10/24 01:17:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2009/08/28 13:30:22 | 00,715,392 | ---- | M] (COMODO) -- C:\Archivos de programa\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent [Auto | Running])
SRV - File not found -- -- (Crypkey License [Auto | Running])
SRV - [2004/11/09 10:39:22 | 00,090,112 | ---- | M] (Felten GmbH) -- d:\Archivos de programa\Citect\CitectSCADA 7\Batch\CTBREDDB.exe -- (CTBREDDB [Auto | Running])
SRV - [2003/07/18 14:32:18 | 01,422,528 | ---- | M] (Cisco Systems, Inc.) -- C:\Archivos de programa\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND [Auto | Running])
SRV - [2002/12/16 07:30:00 | 00,270,412 | ---- | M] (ICONICS, Inc.) -- D:\Archivos de programa\ICONICS\GraphWorx32\Bin\GenRegistrarServer.exe -- (GenRegistrar [On_Demand | Stopped])
SRV - [2009/05/21 15:19:41 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Archivos de programa\Google\Update\GoogleUpdate.exe -- (gupdate1c9da4d5e2d7b77 [Auto | Stopped])
SRV - [2001/08/23 04:30:00 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2006/01/10 11:53:56 | 00,098,304 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Archivos de programa\Hewlett-Packard\Shared\hpqwmiex.exe -- (hpqwmiex [Auto | Running])
SRV - [2005/04/04 00:11:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Archivos de programa\Archivos comunes\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2003/06/19 22:55:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Running])
SRV - [2004/02/25 13:44:06 | 00,609,280 | ---- | M] (Macrovision Corporation) -- C:\Archivos de programa\National Instruments\Shared\License Manager\Bin\lmgrd.exe -- (NILM License manager [On_Demand | Stopped])
SRV - [2003/05/01 02:30:22 | 00,049,152 | ---- | M] (National Instruments) -- C:\WINDOWS\System32\niSvcLoc.exe -- (niSvcLoc [Auto | Running])
SRV - [2007/04/17 08:37:50 | 00,135,168 | ---- | M] (OPC Foundation) -- C:\WINDOWS\System32\opcenum.exe -- (OpcEnum [Auto | Running])
SRV - [2003/07/28 11:58:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Archivos de programa\Archivos comunes\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2007/04/20 10:52:22 | 00,079,324 | ---- | M] (PostgreSQL Global Development Group) -- C:\Archivos de programa\PostgreSQL\8.2\bin\pg_ctl.exe -- (pgsql-8.2 [Auto | Running])
SRV - [2007/12/06 23:20:56 | 00,088,560 | ---- | M] (Sonic Solutions) -- C:\Archivos de programa\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe -- (Roxio UPnP Renderer 9 [On_Demand | Stopped])
SRV - [2007/12/06 23:20:52 | 00,362,992 | ---- | M] (Sonic Solutions) -- C:\Archivos de programa\Roxio\Digital Home 9\RoxioUpnpService9.exe -- (Roxio Upnp Server 9 [Auto | Stopped])
SRV - [2008/06/08 12:24:48 | 00,313,840 | ---- | M] (Sonic Solutions) -- C:\Archivos de programa\Archivos comunes\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe -- (RoxLiveShare9 [Auto | Stopped])
SRV - [2008/06/08 12:24:26 | 01,108,464 | ---- | M] (Sonic Solutions) -- C:\Archivos de programa\Archivos comunes\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe -- (RoxMediaDB9 [On_Demand | Stopped])
SRV - [2008/06/08 12:24:44 | 00,170,480 | ---- | M] (Sonic Solutions) -- C:\Archivos de programa\Archivos comunes\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe -- (RoxWatch9 [Auto | Stopped])
SRV - [2007/01/25 13:01:34 | 00,093,048 | ---- | M] (CACE Technologies) -- C:\Archivos de programa\WinPcap\rpcapd.exe -- (rpcapd [On_Demand | Stopped])
SRV - [2008/09/12 08:20:49 | 00,315,392 | ---- | M] () -- C:\WINDOWS\System32\sar.exe -- (SAR [Auto | Running])
SRV - [2006/08/22 00:30:20 | 00,316,992 | ---- | M] (SafeNet, Inc.) -- C:\Archivos de programa\Archivos comunes\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe -- (SentinelKeysServer [Auto | Running])
SRV - [2006/12/21 07:00:02 | 00,206,400 | ---- | M] (SafeNet, Inc) -- C:\Archivos de programa\Archivos comunes\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe -- (SentinelProtectionServer [Auto | Running])
SRV - [2007/05/28 12:27:54 | 00,275,968 | ---- | M] (Rocket Division Software) -- D:\Archivos de programa\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE [Auto | Running])
SRV - [2005/01/28 01:06:00 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfmgr.exe -- (UMWdf [Auto | Running])
SRV - [2007/10/18 11:01:54 | 00,098,328 | ---- | M] (Microsoft Corporation) -- C:\Archivos de programa\Windows Live\Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped])
SRV - [2007/10/25 14:57:54 | 00,266,240 | ---- | M] (Microsoft Corporation) -- C:\Archivos de programa\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc [On_Demand | Stopped])

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://intranet.pdvsa.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://intranet.pdvsa.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.c...aspx?TbId=60434
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.c...spx?tb_id=60434

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://intranet.pdvsa.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 162.122.43.*;127.0.0.*;192.168.1.*;162.122.152.*

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Crawler Search"
FF - prefs.js..browser.search.selectedEngine: "Crawler Search"
FF - prefs.js..browser.startup.homepage: "http://www.netvibes.com/"
FF - prefs.js..extensions.enabledItems: [email protected]:4.0.15.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.2.1
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.4
FF - prefs.js..extensions.enabledItems: [email protected]:0.6.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.4.2
FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.30.0
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20090123.1
FF - prefs.js..extensions.enabledItems: {123b2220-59cb-11db-b0de-0800200c9a66}:0.14.4
FF - prefs.js..extensions.enabledItems: [email protected]:1.2.2
FF - prefs.js..extensions.enabledItems: [email protected]:0.9947
FF - prefs.js..extensions.enabledItems: [email protected]:1.8.3
FF - prefs.js..extensions.enabledItems: [email protected]:0.5.4
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.2
FF - prefs.js..keyword.URL: "http://www.crawler.c...bid=60434&qkw="
FF - prefs.js..network.proxy.autoconfig_url: "http://webproxy.pdvs...sa.com/occ.prx"
FF - prefs.js..network.proxy.backup.ftp: "162.122.159.20"
FF - prefs.js..network.proxy.backup.ftp_port: 8000
FF - prefs.js..network.proxy.backup.gopher: "162.122.159.20"
FF - prefs.js..network.proxy.backup.gopher_port: 8000
FF - prefs.js..network.proxy.backup.socks: "162.122.159.20"
FF - prefs.js..network.proxy.backup.socks_port: 8000
FF - prefs.js..network.proxy.backup.ssl: "162.122.159.20"
FF - prefs.js..network.proxy.backup.ssl_port: 8000
FF - prefs.js..network.proxy.ftp: "162.122.159.20"
FF - prefs.js..network.proxy.ftp_port: 8000
FF - prefs.js..network.proxy.gopher: "162.122.159.20"
FF - prefs.js..network.proxy.gopher_port: 8000
FF - prefs.js..network.proxy.http: "162.122.159.20"
FF - prefs.js..network.proxy.http_port: 8000
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "162.122.159.20"
FF - prefs.js..network.proxy.socks_port: 8000
FF - prefs.js..network.proxy.ssl: "162.122.159.20"
FF - prefs.js..network.proxy.ssl_port: 8000

FF - HKLM\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Archivos de programa\Google\Google Gears\Firefox\ [2009/07/17 19:46:57 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Components: C:\Archivos de programa\Mozilla Firefox\components [2009/08/05 12:59:25 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Plugins: C:\Archivos de programa\Mozilla Firefox\plugins [2009/08/29 08:13:36 | 00,000,000 | ---D | M]

[2008/09/15 21:17:32 | 00,000,000 | ---D | M] -- d:\Documents and Settings\borgesjh\Datos de programa\mozilla\Extensions
[2008/09/15 21:17:32 | 00,000,000 | ---D | M] -- d:\Documents and Settings\borgesjh\Datos de programa\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2008/05/26 16:19:31 | 00,000,000 | ---D | M] -- d:\Documents and Settings\borgesjh\Datos de programa\mozilla\eclipse1\extensions
[2009/09/06 22:33:08 | 00,000,000 | ---D | M] -- d:\Documents and Settings\borgesjh\Datos de programa\mozilla\Firefox\Profiles\ddpbu7hg.default\extensions
[2009/04/28 11:56:55 | 00,000,000 | ---D | M] -- d:\Documents and Settings\borgesjh\Datos de programa\mozilla\Firefox\Profiles\ddpbu7hg.default\extensions\{123b2220-59cb-11db-b0de-0800200c9a66}
[2009/06/30 15:25:20 | 00,000,000 | ---D | M] -- d:\Documents and Settings\borgesjh\Datos de programa\mozilla\Firefox\Profiles\ddpbu7hg.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2009/09/02 09:20:22 | 00,000,000 | ---D | M] -- d:\Documents and Settings\borgesjh\Datos de programa\mozilla\Firefox\Profiles\ddpbu7hg.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2009/04/28 16:06:38 | 00,000,000 | ---D | M] -- d:\Documents and Settings\borgesjh\Datos de programa\mozilla\Firefox\Profiles\ddpbu7hg.default\extensions\[email protected]
[2009/01/31 13:51:48 | 00,000,000 | ---D | M] -- d:\Documents and Settings\borgesjh\Datos de programa\mozilla\Firefox\Profiles\ddpbu7hg.default\extensions\[email protected]
[2009/08/11 10:42:55 | 00,000,000 | ---D | M] -- d:\Documents and Settings\borgesjh\Datos de programa\mozilla\Firefox\Profiles\ddpbu7hg.default\extensions\[email protected]
[2009/08/08 06:39:23 | 00,000,000 | ---D | M] -- d:\Documents and Settings\borgesjh\Datos de programa\mozilla\Firefox\Profiles\ddpbu7hg.default\extensions\[email protected]
[2009/07/07 20:12:10 | 00,000,000 | ---D | M] -- d:\Documents and Settings\borgesjh\Datos de programa\mozilla\Firefox\Profiles\ddpbu7hg.default\extensions\[email protected]
[2009/08/11 10:42:55 | 00,000,000 | ---D | M] -- d:\Documents and Settings\borgesjh\Datos de programa\mozilla\Firefox\Profiles\ddpbu7hg.default\extensions\[email protected]
[2009/07/16 13:15:44 | 00,000,000 | ---D | M] -- d:\Documents and Settings\borgesjh\Datos de programa\mozilla\Firefox\Profiles\ddpbu7hg.default\extensions\[email protected]
[2009/09/01 10:28:51 | 00,000,000 | ---D | M] -- d:\Documents and Settings\borgesjh\Datos de programa\mozilla\Firefox\Profiles\ddpbu7hg.default\extensions\[email protected]
[2008/09/15 21:17:34 | 00,000,000 | ---D | M] -- C:\Archivos de programa\mozilla firefox\extensions
[2009/08/05 12:59:25 | 00,000,000 | ---D | M] -- C:\Archivos de programa\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/08/05 12:59:12 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Archivos de programa\mozilla firefox\components\browserdirprovider.dll
[2009/08/05 12:59:12 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Archivos de programa\mozilla firefox\components\brwsrcmp.dll
[2009/07/13 19:46:26 | 01,044,480 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Archivos de programa\mozilla firefox\plugins\libdivx.dll
[2009/07/13 19:45:48 | 01,650,992 | ---- | M] (DivX,Inc.) -- C:\Archivos de programa\mozilla firefox\plugins\npdivx32.dll
[2009/07/13 19:45:58 | 00,098,304 | ---- | M] (DivX, Inc) -- C:\Archivos de programa\mozilla firefox\plugins\npDivxPlayerPlugin.dll
[2003/11/25 13:41:10 | 00,241,664 | ---- | M] (Musicnotes, Inc.) -- C:\Archivos de programa\mozilla firefox\plugins\npmusicn.dll
[2009/08/05 12:59:19 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Archivos de programa\mozilla firefox\plugins\npnul32.dll
[2007/03/22 18:53:30 | 00,017,248 | ---- | M] (Microsoft Corporation) -- C:\Archivos de programa\mozilla firefox\plugins\NPOFFICE.DLL
[2003/05/14 23:31:48 | 00,133,376 | ---- | M] (Adobe Systems Inc.) -- C:\Archivos de programa\mozilla firefox\plugins\nppdf32.dll
[2009/07/13 19:46:26 | 00,200,704 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Archivos de programa\mozilla firefox\plugins\ssldivx.dll
[2009/08/05 12:59:20 | 00,001,394 | ---- | M] () -- C:\Archivos de programa\mozilla firefox\searchplugins\amazondotcom.xml
[2009/08/05 12:59:20 | 00,002,193 | ---- | M] () -- C:\Archivos de programa\mozilla firefox\searchplugins\answers.xml
[2009/08/05 12:59:20 | 00,001,534 | ---- | M] () -- C:\Archivos de programa\mozilla firefox\searchplugins\creativecommons.xml
[2009/08/05 12:59:20 | 00,002,344 | ---- | M] () -- C:\Archivos de programa\mozilla firefox\searchplugins\eBay.xml
[2009/08/05 12:59:20 | 00,002,371 | ---- | M] () -- C:\Archivos de programa\mozilla firefox\searchplugins\google.xml
[2009/08/05 12:59:20 | 00,001,178 | ---- | M] () -- C:\Archivos de programa\mozilla firefox\searchplugins\wikipedia.xml

O1 HOSTS File: (831 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 172.20.2.47 pqvtbzcltpi01 PQVTBZCLTPI01
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - d:\Archivos de programa\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (CmjBrowserHelperObject Object) - {07A11D74-9D25-4fea-A833-8B0D76A5577A} - C:\Archivos de programa\Mindjet\MindManager 7\Mm7InternetExplorer.dll (Mindjet)
O2 - BHO: (IE to GetRight Helper) - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - D:\Archivos de programa\GetRight\xx2gr.dll (Headlight Software, Inc.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Archivos de programa\Java\jre1.5.0_09\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Archivos de programa\Google\Google Gears\Internet Explorer\0.5.30.0\gears.dll (Google Inc.)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Archivos de programa\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (StylerToolBar) - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - d:\Archivos de programa\Styler\TB\StylerTB.dll (StyleFantasist)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Archivos de programa\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKCU\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Archivos de programa\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AccelerometerSysTrayApplet] C:\WINDOWS\System32\AccelerometerSt.exe (Hewlett-Packard Corporation)
O4 - HKLM..\Run: [AGRSMMSG] File not found
O4 - HKLM..\Run: [avast!] C:\Archivos de programa\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Archivos de programa\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [DatosAR] C:\WINDOWS\System32\ardat.exe ()
O4 - HKLM..\Run: [FtpServer.exe] C:\Archivos de programa\Sharp\Sharpdesk\FtpServer.exe (SHARP CORPORATION)
O4 - HKLM..\Run: [IndexTray] C:\Archivos de programa\Sharp\Sharpdesk\IndexTray.exe (SHARP CORPORATION)
O4 - HKLM..\Run: [LogonStudio] C:\Archivos de programa\WinCustomize\LogonStudio\logonstudio.exe (Stardock and Luca Saggese)
O4 - HKLM..\Run: [MMReminderService] C:\Archivos de programa\Mindjet\MindManager 7\MMReminderService.exe (Mindjet)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [pdfSaver3] File not found
O4 - HKLM..\Run: [QlbCtrl] C:\Archivos de programa\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe ( Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [RoxWatchTray] C:\Archivos de programa\Archivos comunes\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [SAR] C:\WINDOWS\System32\sar.exe ()
O4 - HKLM..\Run: [SharpTray] C:\Archivos de programa\Sharp\Sharpdesk\SharpTray.exe (SHARP CORPORATION)
O4 - HKLM..\Run: [Sony Ericsson PC Suite] C:\Archivos de programa\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe ()
O4 - HKLM..\Run: [SoundMAX] C:\Archivos de programa\Analog Devices\SoundMAX\Smax4.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [StxTrayMenu] d:\Archivos de programa\Seagate\SystemTray\StxMenuMgr.exe (Seagate LLC)
O4 - HKLM..\Run: [Synchronization Manager] C:\WINDOWS\System32\mobsync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [TypeRegChecker] C:\Archivos de programa\Sharp\Sharpdesk\TypeRegChecker.exe (SHARP CORPORATION)
O4 - HKLM..\Run: [WinampAgent] D:\Archivos de programa\Winamp\winampa.exe File not found
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Archivos de programa\Archivos comunes\Ahead\lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [EPSON Stylus Photo R270 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBNL.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [Google Update] d:\Documents and Settings\borgesjh\Configuración local\Datos de programa\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKCU..\Run: [pdfSaver3] C:\Archivos de programa\Mindjet\MindManager 7\PDF-XChange\pdfSaver\pdfSaver3.exe (Tracker Software Products Ltd.)
O4 - HKCU..\Run: [Wakoopa] D:\Archivos de programa\Wakoopa\Wakoopa.exe (Wakoopa)
O4 - Startup: d:\Documents and Settings\All Users\Menú Inicio\Programas\Inicio\BTTray.lnk = C:\Archivos de programa\WIDCOMM\Software Bluetooth\BTTray.exe (Broadcom Corporation.)
O4 - Startup: d:\Documents and Settings\All Users\Menú Inicio\Programas\Inicio\Palo Alto Software Update Manager 9.0.lnk = C:\Archivos de programa\Archivos comunes\Palo Alto Software\9.0\PAS9_Update.exe (Palo Alto Software)
O4 - Startup: d:\Documents and Settings\All Users\Menú Inicio\Programas\Inicio\RescueTime.lnk = C:\Archivos de programa\RescueTime\RescueTime.exe (RescueTime, Inc.)
O4 - Startup: d:\Documents and Settings\All Users\Menú Inicio\Programas\Inicio\VPN Client.lnk = File not found
O4 - Startup: d:\Documents and Settings\borgesjh\Menú Inicio\Programas\Inicio\Styler.lnk = d:\Documents and Settings\borgesjh\Datos de programa\Microsoft\Installer\{E9ECF354-2422-4FDB-9ABF-D8ADAC0EF941}\_585b207a.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = Bienvenido a PDVSA
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMyMusic = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MemCheckBoxInRunDlg = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisablePersonalDirChange = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 0
O8 - Extra context menu item: Download with GetRight - D:\Archivos de programa\GetRight\GRdownload.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Archivos de programa\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Enviar a &Bluetooth - C:\Archivos de programa\WIDCOMM\Software Bluetooth\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Open with GetRight Browser - D:\Archivos de programa\GetRight\GRbrowse.htm ()
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Archivos de programa\Google\Google Gears\Internet Explorer\0.5.30.0\gears.dll (Google Inc.)
O9 - Extra Button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - D:\Archivos de programa\WinHTTrack\WinHTTrackIEBar.dll ()
O9 - Extra 'Tools' menuitem : Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - D:\Archivos de programa\WinHTTrack\WinHTTrackIEBar.dll ()
O9 - Extra Button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - d:\Archivos de programa\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Send to Mindjet MindManager - {941E1A34-C6AF-4baa-A973-224F9C3E04BF} - C:\Archivos de programa\Mindjet\MindManager 7\Mm7InternetExplorer.dll (Mindjet)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Archivos de programa\WIDCOMM\Software Bluetooth\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Archivos de programa\WIDCOMM\Software Bluetooth\btsendto_ie.htm ()
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_09)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_09)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 200.44.32.12 200.11.248.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = pdvsa.com
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Archivos de programa\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Archivos de programa\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\saphtmlp {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - C:\Archivos de programa\SAP\FrontEnd\SapGui\saphtmlp.dll (SAP AG, Walldorf)
O18 - Protocol\Handler\sapr3 {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - C:\Archivos de programa\SAP\FrontEnd\SapGui\saphtmlp.dll (SAP AG, Walldorf)
O18 - Protocol\Handler\sds {79E0F14C-9C52-4218-89A7-7C4B0563D121} - C:\Archivos de programa\Sharp\Sharpdesk\ExplorerExtensions.dll (SHARP CORPORATION)
O18 - Protocol\Filter: - application/octet-stream - File not found
O18 - Protocol\Filter: - application/x-complus - File not found
O18 - Protocol\Filter: - application/x-msdownload - File not found
O18 - Protocol\Filter: - text/xml - C:\Archivos de programa\Archivos comunes\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\WINDOWS\system32\guard32.dll) - C:\WINDOWS\System32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - File not found
O20 - HKLM Winlogon: UIHost - (C:\WINDOWS\system32\logonuiX.exe) - C:\WINDOWS\System32\logonuiX.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - File not found
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - File not found
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - File not found
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - File not found
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - File not found
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - File not found
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - File not found
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - File not found
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - File not found
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - File not found
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - File not found
O24 - Desktop Components:0 (Mi página de inicio actual) - About:Home
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - File not found
O29 - HKLM SecurityProviders - (msapsspc.dll) - File not found
O29 - HKLM SecurityProviders - (schannel.dll) - File not found
O29 - HKLM SecurityProviders - (digest.dll) - File not found
O29 - HKLM SecurityProviders - (msnsspc.dll) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/12/27 13:49:04 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/09/06 21:53:24 | 00,000,051 | RHS- | M] () - D:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{08fd427d-7b32-11dc-bf17-0017a4d5289f}\Shell\Auto\command - "" = Recycled\cleardisk.pif
O33 - MountPoints2\{08fd427d-7b32-11dc-bf17-0017a4d5289f}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\cleardisk.pif
O33 - MountPoints2\{096493d6-8bf3-11de-a320-0019d25ef19d}\Shell\AutoRun\command - "" = G:\g8k.exe -- File not found
O33 - MountPoints2\{096493d6-8bf3-11de-a320-0019d25ef19d}\Shell\open\Command - "" = G:\g8k.exe -- File not found
O33 - MountPoints2\{20d6cbfe-e772-11dd-8344-001a6b183798}\Shell\AutoRun\command - "" = K:\hx.exe -- File not found
O33 - MountPoints2\{20d6cbfe-e772-11dd-8344-001a6b183798}\Shell\open\Command - "" = K:\hx.exe -- File not found
O33 - MountPoints2\{27a8e858-e8b8-11dd-8348-001a6b183798}\Shell\AutoRun\command - "" = G:\g8k.exe -- File not found
O33 - MountPoints2\{27a8e858-e8b8-11dd-8348-001a6b183798}\Shell\open\Command - "" = G:\g8k.exe -- File not found
O33 - MountPoints2\{27a8e859-e8b8-11dd-8348-001a6b183798}\Shell\AutoRun\command - "" = H:\g8k.exe -- File not found
O33 - MountPoints2\{27a8e859-e8b8-11dd-8348-001a6b183798}\Shell\open\Command - "" = H:\g8k.exe -- File not found
O33 - MountPoints2\{2ea5aeca-540f-11dc-bed6-0019d25ef19d}\Shell\Auto\command - "" = AdobeR.exe e
O33 - MountPoints2\{3656fdbd-0e09-11dc-be54-806d6172696f}\Shell\AutoRun\command - "" = hx.exe
O33 - MountPoints2\{3656fdbd-0e09-11dc-be54-806d6172696f}\Shell\open\Command - "" = hx.exe
O33 - MountPoints2\{38f72539-44e5-11dc-bea9-0019d25ef19d}\Shell - "" = AutoRun
O33 - MountPoints2\{38f72539-44e5-11dc-bea9-0019d25ef19d}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{3c8e85e9-8e80-11de-a32a-0019d25ef19d}\Shell\AutoRun\command - "" = G:\lcw.exe -- File not found
O33 - MountPoints2\{3c8e85e9-8e80-11de-a32a-0019d25ef19d}\Shell\open\Command - "" = G:\lcw.exe -- File not found
O33 - MountPoints2\{448e3462-66fe-11de-a2c6-001a6b183798}\Shell\AutoRun\command - "" = 1ogf.exe
O33 - MountPoints2\{448e3462-66fe-11de-a2c6-001a6b183798}\Shell\open\Command - "" = 1ogf.exe
O33 - MountPoints2\{520c4e6b-9b04-11de-a355-001a6b183798}\Shell\AutoRun\command - "" = G:\hx.exe -- File not found
O33 - MountPoints2\{520c4e6b-9b04-11de-a355-001a6b183798}\Shell\open\Command - "" = G:\hx.exe -- File not found
O33 - MountPoints2\{5ad71f6e-5f34-11dd-81c6-0017a4d5289f}\Shell\AutoRun\command - "" = H:\driver\S-1-4-89-654352344-54323413-6452342-4545\svchost.exe -- File not found
O33 - MountPoints2\{5ad71f6e-5f34-11dd-81c6-0017a4d5289f}\Shell\open\command - "" = H:\driver\S-1-4-89-654352344-54323413-6452342-4545\svchost.exe -- File not found
O33 - MountPoints2\{5ad71f6f-5f34-11dd-81c6-0017a4d5289f}\Shell - "" = AutoRun
O33 - MountPoints2\{5ad71f6f-5f34-11dd-81c6-0017a4d5289f}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{5f36c166-6f7d-11dd-81fa-0017a4d5289f}\Shell\AutoRun\command - "" = F:\driver\S-1-4-89-654352344-54323413-6452342-4545\svchost.exe -- File not found
O33 - MountPoints2\{5f36c166-6f7d-11dd-81fa-0017a4d5289f}\Shell\open\command - "" = F:\driver\S-1-4-89-654352344-54323413-6452342-4545\svchost.exe -- File not found
O33 - MountPoints2\{5f36c167-6f7d-11dd-81fa-0017a4d5289f}\Shell\AutoRun\command - "" = F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe -- File not found
O33 - MountPoints2\{5f36c167-6f7d-11dd-81fa-0017a4d5289f}\Shell\open\command - "" = F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe -- File not found
O33 - MountPoints2\{642fc1d3-8b9d-11dc-bf39-0019d25ef19d}\Shell\AutoRun\command - "" = t.com
O33 - MountPoints2\{642fc1d3-8b9d-11dc-bf39-0019d25ef19d}\Shell\explore\Command - "" = t.com
O33 - MountPoints2\{642fc1d3-8b9d-11dc-bf39-0019d25ef19d}\Shell\open\Command - "" = t.com
O33 - MountPoints2\{7fd685e9-4932-11de-a275-001a6b183798}\Shell\AutoRun\command - "" = G:\driver\S-1-4-89-654352344-54323413-6452342-4545\svchost.exe -- File not found
O33 - MountPoints2\{7fd685e9-4932-11de-a275-001a6b183798}\Shell\open\command - "" = G:\driver\S-1-4-89-654352344-54323413-6452342-4545\svchost.exe -- File not found
O33 - MountPoints2\{8ece1248-8074-11de-a304-0019d25ef19d}\Shell\AutoRun\command - "" = G:\RECYCLE\D-0-060-0000000000-1111111-2222222\venet.exe -- File not found
O33 - MountPoints2\{8ece1248-8074-11de-a304-0019d25ef19d}\Shell\open\command - "" = G:\RECYCLE\D-0-060-0000000000-1111111-2222222\venet.exe -- File not found
O33 - MountPoints2\{92b13cb2-8945-11de-a318-001a6b183798}\Shell\AutoRun\command - "" = G:\lcw.exe -- File not found
O33 - MountPoints2\{92b13cb2-8945-11de-a318-001a6b183798}\Shell\open\Command - "" = G:\lcw.exe -- File not found
O33 - MountPoints2\{9bb11860-9033-11de-a32e-001a6b183798}\Shell\AutoRun\command - "" = G:\g8k.exe -- File not found
O33 - MountPoints2\{9bb11860-9033-11de-a32e-001a6b183798}\Shell\open\Command - "" = G:\g8k.exe -- File not found
O33 - MountPoints2\{9e50fe94-d583-11dc-802d-0019d25ef19d}\Shell\Auto\command - "" = MSOCache\doWTP_RESTORE.exe -autorun
O33 - MountPoints2\{9e50fe94-d583-11dc-802d-0019d25ef19d}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MSOCache\doWTP_RESTORE.exe -autorun
O33 - MountPoints2\{9f591b09-7527-11dd-8208-0017a4d5289f}\Shell\AutoRun\command - "" = driver\S-1-4-89-654352344-54323413-6452342-4545\svchost.exe
O33 - MountPoints2\{9f591b09-7527-11dd-8208-0017a4d5289f}\Shell\open\command - "" = driver\S-1-4-89-654352344-54323413-6452342-4545\svchost.exe
O33 - MountPoints2\{a15e4b9d-649d-11dd-81d6-0019d25ef19d}\Shell\AutoRun\command - "" = H:\driver\S-1-4-89-654352344-54323413-6452342-4545\svchost.exe -- File not found
O33 - MountPoints2\{a15e4b9d-649d-11dd-81d6-0019d25ef19d}\Shell\open\command - "" = H:\driver\S-1-4-89-654352344-54323413-6452342-4545\svchost.exe -- File not found
O33 - MountPoints2\{a1b42638-1d01-11dd-80e2-0019d25ef19d}\Shell\AutoRun\command - "" = F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\sys32.exe -- File not found
O33 - MountPoints2\{a1b42638-1d01-11dd-80e2-0019d25ef19d}\Shell\open\command - "" = F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\sys32.exe -- File not found
O33 - MountPoints2\{ac68103e-5578-11dc-beda-0019d25ef19d}\Shell\Auto\command - "" = AdobeR.exe e
O33 - MountPoints2\{ae55463a-93af-11dc-bf50-0019d25ef19d}\Shell\AutoRun\command - "" = RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\sys32.exe
O33 - MountPoints2\{ae55463a-93af-11dc-bf50-0019d25ef19d}\Shell\open\command - "" = RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\sys32.exe
O33 - MountPoints2\{af6a509b-5f2b-11de-a2b4-001a6b183798}\Shell\AutoRun\command - "" = G:\StartPortableApps.exe -- File not found
O33 - MountPoints2\{c9156abe-7f75-11de-a301-001a6b183798}\Shell\AutoRun\command - "" = 22yj2fy1.exe
O33 - MountPoints2\{c9156abe-7f75-11de-a301-001a6b183798}\Shell\open\Command - "" = 22yj2fy1.exe
O33 - MountPoints2\{d2fa5166-58df-11dc-bee4-0017a4d5289f}\Shell\Auto\command - "" = F:\RavMonE.exe -- File not found
O33 - MountPoints2\{d38466de-2671-11dd-8105-0019d25ef19d}\Shell\Auto\command - "" = MSOCache\doWTP_RESTORE_0.exe -autorun
O33 - MountPoints2\{d38466de-2671-11dd-8105-0019d25ef19d}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MSOCache\doWTP_RESTORE_0.exe -autorun
O33 - MountPoints2\{dc0e4928-569c-11de-a29c-001a6b183798}\Shell\AutoRun\command - "" = G:\driver\S-1-4-89-654352344-54323413-6452342-4545\service.exe -- File not found
O33 - MountPoints2\{dc0e4928-569c-11de-a29c-001a6b183798}\Shell\open\command - "" = G:\driver\S-1-4-89-654352344-54323413-6452342-4545\service.exe -- File not found
O33 - MountPoints2\{dd7a62f3-a332-11dc-bf97-0017a4d5289f}\Shell\Auto\command - "" = AdobeR.exe e
O33 - MountPoints2\{e37a2bca-8cf8-11de-a323-001a6b183798}\Shell\AutoRun\command - "" = G:\lcw.exe -- File not found
O33 - MountPoints2\{e37a2bca-8cf8-11de-a323-001a6b183798}\Shell\open\Command - "" = G:\lcw.exe -- File not found
O33 - MountPoints2\{e3f04a97-2e44-11dd-8125-0017a4d5289f}\Shell\AutoRun\command - "" = F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\sys32.exe -- File not found
O33 - MountPoints2\{e3f04a97-2e44-11dd-8125-0017a4d5289f}\Shell\open\command - "" = F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\sys32.exe -- File not found
O33 - MountPoints2\{e4ab85a0-6021-11de-a2b7-001a6b183798}\Shell\AutoRun\command - "" = G:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\sys32.exe -- File not found
O33 - MountPoints2\{e4ab85a0-6021-11de-a2b7-001a6b183798}\Shell\open\command - "" = G:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\sys32.exe -- File not found
O33 - MountPoints2\{e75844c1-2b39-11dd-8119-0017a4d5289f}\Shell\AutoRun\command - "" = I:\hx.exe -- File not found
O33 - MountPoints2\{e75844c1-2b39-11dd-8119-0017a4d5289f}\Shell\open\Command - "" = I:\hx.exe -- File not found
O33 - MountPoints2\{f3375671-b70e-11dc-bfd4-0019d25ef19d}\Shell\AutoRun\command - "" = F:\
O33 - MountPoints2\{f3375671-b70e-11dc-bfd4-0019d25ef19d}\Shell\explore\Command - "" = F:\RECYCLER\autorun.exe -- File not found
O33 - MountPoints2\{f3375671-b70e-11dc-bfd4-0019d25ef19d}\Shell\open\Command - "" = F:\RECYCLER\autorun.exe -- File not found
O33 - MountPoints2\{f8231eed-2743-11dd-8109-0019d25ef19d}\Shell\AutoRun\command - "" = F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\sys32.exe -- File not found
O33 - MountPoints2\{f8231eed-2743-11dd-8109-0019d25ef19d}\Shell\open\command - "" = F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\sys32.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

NetSvcs: 6to4 - Service key not found. File not found
NetSvcs: Ias - Service key not found. File not found
NetSvcs: Iprip - Service key not found. File not found
NetSvcs: Irmon - Service key not found. File not found
NetSvcs: NWCWorkstation - Service key not found. File not found
NetSvcs: Nwsapagent - Service key not found. File not found
NetSvcs: WmdmPmSp - Service key not found. File not found
NetSvcs: helpsvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)

========== Files/Folders - Created Within 14 Days ==========

[2009/09/06 23:28:01 | 00,051,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2009/09/06 23:28:01 | 00,026,944 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2009/09/06 23:28:01 | 00,023,152 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2009/09/06 23:28:00 | 00,114,768 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2009/09/06 23:28:00 | 00,097,480 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr
[2009/09/06 23:28:00 | 00,094,160 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2009/09/06 23:28:00 | 00,093,392 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2009/09/06 23:28:00 | 00,020,560 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2009/09/06 23:27:50 | 00,380,928 | ---- | C] () -- C:\WINDOWS\System32\actskin4.ocx
[2009/09/06 23:27:46 | 01,279,456 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2009/09/06 23:27:41 | 00,000,000 | ---D | C] -- C:\Archivos de programa\Alwil Software
[2009/09/06 22:31:15 | 00,000,000 | ---D | C] -- d:\Documents and Settings\borgesjh\Datos de programa\Malwarebytes
[2009/09/06 22:30:57 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/09/06 22:30:55 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/09/06 22:30:55 | 00,000,000 | ---D | C] -- d:\Documents and Settings\All Users\Datos de programa\Malwarebytes
[2009/09/06 22:30:49 | 00,000,000 | ---D | C] -- C:\Archivos de programa\Malwarebytes' Anti-Malware
[2009/09/06 22:29:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/09/06 22:28:44 | 00,000,000 | ---D | C] -- C:\Archivos de programa\ERUNT
[2009/09/06 22:22:45 | 00,000,000 | ---D | C] -- d:\Documents and Settings\borgesjh\Escritorio\GTG Guide
[2009/09/06 21:39:03 | 00,000,000 | ---D | C] -- C:\VundoFix Backups
[2009/09/06 21:19:59 | 00,055,656 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2009/09/06 21:11:48 | 00,000,000 | ---D | C] -- d:\Documents and Settings\All Users\Datos de programa\avg7
[2009/09/06 13:23:15 | 00,000,000 | ---D | C] -- d:\Documents and Settings\borgesjh\Escritorio\TV Soundtrack
[2009/09/04 11:21:48 | 01,297,487 | ---- | C] () -- d:\Documents and Settings\borgesjh\Escritorio\mustang-horse-vector-image.eps
[2009/09/04 11:21:48 | 00,011,348 | ---- | C] () -- d:\Documents and Settings\borgesjh\Escritorio\mustang-horse-vector-image.png
[2009/09/04 11:11:54 | 05,289,936 | ---- | C] () -- d:\Documents and Settings\borgesjh\Escritorio\mustang-horse-vector-image.zip
[2009/09/03 23:31:52 | 12,216,939 | ---- | C] () -- d:\Documents and Settings\borgesjh\Escritorio\SitePoint.The.Principles.of.Beautiful.Web.Design.Jan.2007.pdf
[2009/09/03 23:29:46 | 24,293,096 | ---- | C] () -- d:\Documents and Settings\borgesjh\Escritorio\Manning.jQuery.in.Action.Feb.2008.pdf
[2009/09/03 22:15:02 | 03,122,688 | ---- | C] () -- d:\Documents and Settings\borgesjh\Escritorio\Control de Planillas SS Zulia 03-09-09.xls
[2009/09/03 09:25:09 | 15,126,016 | ---- | C] () -- d:\Documents and Settings\borgesjh\Mis documentos\PO-AIT-P5-GASOCC-09-CLB 080609 VFINAL.mpp
[2009/09/02 22:24:16 | 00,000,130 | ---- | C] () -- C:\WINDOWS\cfplogvw.INI
[2009/09/02 22:20:10 | 00,000,000 | ---D | C] -- d:\Documents and Settings\borgesjh\Datos de programa\Opera
[2009/09/01 23:14:50 | 00,000,000 | ---D | C] -- d:\Documents and Settings\borgesjh\Configuración local\Datos de programa\RescueTime.com
[2009/09/01 23:14:48 | 00,000,782 | ---- | C] () -- d:\Documents and Settings\All Users\Menú Inicio\Programas\Inicio\RescueTime.lnk
[2009/09/01 23:14:41 | 00,000,000 | ---D | C] -- C:\Archivos de programa\RescueTime
[2009/08/30 22:02:53 | 00,171,076 | ---- | C] () -- d:\Documents and Settings\borgesjh\Mis documentos\live.jpg
[2009/08/30 21:56:30 | 00,426,496 | ---- | C] () -- d:\Documents and Settings\borgesjh\Mis documentos\postgrado_SIGMAPv07.mpp
[2009/08/30 20:28:04 | 00,060,416 | ---- | C] () -- d:\Documents and Settings\borgesjh\Mis documentos\post_herra_curvas.xls
[2009/08/30 20:13:55 | 00,429,056 | ---- | C] () -- d:\Documents and Settings\borgesjh\Mis documentos\postgrado_SIGMAPv06.mpp
[2009/08/30 19:44:40 | 00,428,032 | ---- | C] () -- d:\Documents and Settings\borgesjh\Mis documentos\postgrado_SIGMAPv05.mpp
[2009/08/30 18:36:42 | 00,000,000 | ---D | C] -- C:\Archivos de programa\Archivos comunes\Windows Live
[2009/08/30 14:11:05 | 00,436,736 | ---- | C] () -- d:\Documents and Settings\borgesjh\Mis documentos\postgrado_SIGMAPv04.mpp
[2009/08/30 13:53:34 | 00,317,952 | ---- | C] () -- d:\Documents and Settings\borgesjh\Mis documentos\postgrado_SIGMAPv03.mpp
[2009/08/28 23:30:53 | 10,854,909 | ---- | C] () -- d:\Documents and Settings\borgesjh\Mis documentos\post_pres_nivelacion.psd
[2009/08/28 23:30:15 | 10,526,588 | ---- | C] () -- d:\Documents and Settings\borgesjh\Mis documentos\post_pres_herramientasgerenciales.psd
[2009/08/28 13:30:35 | 00,000,000 | ---D | C] -- d:\Documents and Settings\All Users\Datos de programa\Comodo
[2009/08/28 13:30:31 | 00,179,792 | ---- | C] (COMODO) -- C:\WINDOWS\System32\guard32.dll
[2009/08/28 13:30:31 | 00,132,168 | ---- | C] (COMODO) -- C:\WINDOWS\System32\drivers\cmdguard.sys
[2009/08/28 13:30:31 | 00,087,104 | ---- | C] (COMODO) -- C:\WINDOWS\System32\drivers\inspect.sys
[2009/08/28 13:30:31 | 00,025,160 | ---- | C] (COMODO) -- C:\WINDOWS\System32\drivers\cmdhlp.sys
[2009/08/28 13:30:24 | 00,000,000 | ---D | C] -- C:\Archivos de programa\COMODO
[2009/08/28 08:58:10 | 10,301,110 | ---- | C] () -- d:\Documents and Settings\borgesjh\Mis documentos\postgrado_pres_herramientasgerenciales.psd
[2009/08/27 21:47:20 | 01,762,319 | ---- | C] () -- d:\Documents and Settings\borgesjh\Mis documentos\postgrado_plantilla_presentacion.psd
[2009/08/27 12:43:13 | 00,319,488 | ---- | C] () -- d:\Documents and Settings\borgesjh\Mis documentos\postgrado_SIGMAPv02.mpp
[2009/08/27 08:07:35 | 00,000,000 | ---D | C] -- d:\Documents and Settings\borgesjh\Datos de programa\DivX
[2009/08/27 08:06:40 | 00,000,000 | ---D | C] -- C:\Archivos de programa\Archivos comunes\DivX Shared
[2009/08/27 08:06:39 | 00,000,000 | ---D | C] -- C:\Archivos de programa\DivX
[2009/08/27 07:49:13 | 04,411,392 | ---- | C] (Gabest) -- d:\Documents and Settings\borgesjh\Escritorio\mplayerc.exe
[2009/08/26 20:54:20 | 00,157,184 | ---- | C] () -- d:\Documents and Settings\borgesjh\Mis documentos\postgrado_SIGMAP.mpp

========== Files - Modified Within 14 Days ==========

[10 d:\Documents and Settings\borgesjh\Mis documentos\*.tmp files]
[2009/09/07 00:53:15 | 00,000,130 | ---- | M] () -- C:\WINDOWS\cfplogvw.INI
[2009/09/07 00:45:00 | 00,001,038 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2009/09/07 00:37:56 | 00,002,281 | ---- | M] () -- d:\Documents and Settings\borgesjh\Menú Inicio\Programas\Inicio\Styler.lnk
[2009/09/07 00:37:33 | 00,000,024 | ---- | M] () -- C:\WINDOWS\LogonStudio.ini
[2009/09/07 00:36:38 | 00,001,034 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2009/09/07 00:36:27 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/09/07 00:36:12 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/09/06 23:30:23 | 32,206,23360 | -HS- | M] () -- C:\hiberfil.sys
[2009/09/06 23:28:00 | 00,002,958 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/09/06 23:17:00 | 00,001,140 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1078081533-796845957-1801674531-980394UA.job
[2009/09/06 22:25:26 | 00,120,856 | ---- | M] () -- d:\Documents and Settings\borgesjh\Configuración local\Datos de programa\GDIPFONTCACHEV1.DAT
[2009/09/06 18:43:31 | 00,000,256 | ---- | M] () -- C:\WINDOWS\System32\pool.bin
[2009/09/06 14:17:00 | 00,001,088 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1078081533-796845957-1801674531-980394Core.job
[2009/09/04 18:42:36 | 00,409,488 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/09/04 11:18:25 | 05,289,936 | ---- | M] () -- d:\Documents and Settings\borgesjh\Escritorio\mustang-horse-vector-image.zip
[2009/09/03 22:15:38 | 03,122,688 | ---- | M] () -- d:\Documents and Settings\borgesjh\Escritorio\Control de Planillas SS Zulia 03-09-09.xls
[2009/09/03 14:33:42 | 15,126,016 | ---- | M] () -- d:\Documents and Settings\borgesjh\Mis documentos\PO-AIT-P5-GASOCC-09-CLB 080609 VFINAL.mpp
[2009/09/03 14:14:13 | 00,000,085 | ---- | M] () -- C:\WINDOWS\pipc.ini
[2009/09/03 10:15:12 | 00,099,328 | ---- | M] () -- d:\Documents and Settings\borgesjh\Mis documentos\Indicadores MyS GLP Bajo Grande v01.xls
[2009/09/01 23:14:48 | 00,000,782 | ---- | M] () -- d:\Documents and Settings\All Users\Menú Inicio\Programas\Inicio\RescueTime.lnk
[2009/08/31 08:39:44 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/08/30 22:50:33 | 00,060,416 | ---- | M] () -- d:\Documents and Settings\borgesjh\Mis documentos\post_herra_curvas.xls
[2009/08/30 22:23:45 | 00,429,056 | ---- | M] () -- d:\Documents and Settings\borgesjh\Mis documentos\postgrado_SIGMAPv06.mpp
[2009/08/30 22:14:19 | 00,426,496 | ---- | M] () -- d:\Documents and Settings\borgesjh\Mis documentos\postgrado_SIGMAPv07.mpp
[2009/08/30 22:02:54 | 00,171,076 | ---- | M] () -- d:\Documents and Settings\borgesjh\Mis documentos\live.jpg
[2009/08/30 19:48:33 | 00,428,032 | ---- | M] () -- d:\Documents and Settings\borgesjh\Mis documentos\postgrado_SIGMAPv05.mpp
[2009/08/30 19:35:25 | 00,436,736 | ---- | M] () -- d:\Documents and Settings\borgesjh\Mis documentos\postgrado_SIGMAPv04.mpp
[2009/08/30 18:58:16 | 00,076,288 | ---- | M] () -- d:\Documents and Settings\borgesjh\Mis documentos\postgrado02_s00_anteproyectoV02.doc
[2009/08/30 18:36:06 | 00,000,603 | ---- | M] () -- d:\Documents and Settings\borgesjh\Mis documentos\My Sharing Folders.lnk
[2009/08/30 14:11:00 | 00,317,952 | ---- | M] () -- d:\Documents and Settings\borgesjh\Mis documentos\postgrado_SIGMAPv03.mpp
[2009/08/30 13:53:27 | 00,319,488 | ---- | M] () -- d:\Documents and Settings\borgesjh\Mis documentos\postgrado_SIGMAPv02.mpp
[2009/08/29 10:23:57 | 10,854,909 | ---- | M] () -- d:\Documents and Settings\borgesjh\Mis documentos\post_pres_nivelacion.psd
[2009/08/28 23:30:19 | 10,526,588 | ---- | M] () -- d:\Documents and Settings\borgesjh\Mis documentos\post_pres_herramientasgerenciales.psd
[2009/08/28 23:29:28 | 10,301,110 | ---- | M] () -- d:\Documents and Settings\borgesjh\Mis documentos\postgrado_pres_herramientasgerenciales.psd
[2009/08/28 13:30:24 | 00,179,792 | ---- | M] (COMODO) -- C:\WINDOWS\System32\guard32.dll
[2009/08/28 13:30:24 | 00,087,104 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\inspect.sys
[2009/08/28 13:30:23 | 00,132,168 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmdguard.sys
[2009/08/28 13:30:23 | 00,025,160 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmdhlp.sys
[2009/08/27 22:42:10 | 01,762,319 | ---- | M] () -- d:\Documents and Settings\borgesjh\Mis documentos\postgrado_plantilla_presentacion.psd
[2009/08/27 12:43:04 | 00,157,184 | ---- | M] () -- d:\Documents and Settings\borgesjh\Mis documentos\postgrado_SIGMAP.mpp
[2009/08/27 09:52:10 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/08/27 07:34:02 | 00,044,544 | ---- | M] () -- d:\Documents and Settings\borgesjh\Configuración local\Datos de programa\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== LOP Check ==========

[2009/09/06 22:30:55 | 00,000,000 | ---D | M] -- d:\Documents and Settings\All Users\Datos de programa
[2009/07/25 00:58:13 | 00,000,000 | ---D | M] -- d:\Documents and Settings\All Users\Datos de programa\ActiveState
[2007/11/15 22:01:59 | 00,000,000 | ---D | M] -- d:\Documents and Settings\All Users\Datos de programa\Autodesk
[2009/09/06 21:11:48 | 00,000,000 | ---D | M] -- d:\Documents and Settings\All Users\Datos de programa\avg7
[2007/11/01 22:51:47 | 00,000,000 | ---D | M] -- d:\Documents and Settings\All Users\Datos de programa\Azureus
[2008/12/15 10:33:59 | 00,000,000 | ---D | M] -- d:\Documents and Settings\All Users\Datos de programa\Bluetooth
[2008/02/28 08:35:24 | 00,000,000 | ---D | M] -- d:\Documents and Settings\All Users\Datos de programa\Citect
[2007/08/26 16:23:19 | 00,000,000 | ---D | M] -- d:\Documents and Settings\All Users\Datos de programa\EPSON
[2008/03/10 11:39:08 | 00,000,000 | ---D | M] -- d:\Documents and Settings\All Users\Datos de programa\ICONICS
[2008/01/13 14:35:38 | 00,000,000 | ---D | M] -- d:\Documents and Settings\All Users\Datos de programa\Messenger Plus!
[2008/07/05 23:41:18 | 00,000,000 | ---D | M] -- d:\Documents and Settings\All Users\Datos de programa\Mindjet
[2009/03/22 12:24:41 | 00,000,000 | ---D | M] -- d:\Documents and Settings\All Users\Datos de programa\Palo Alto Software
[2009/03/22 12:23:11 | 00,000,000 | ---D | M] -- d:\Documents and Settings\All Users\Datos de programa\PAS
[2009/01/21 22:15:05 | 00,000,000 | ---D | M] -- d:\Documents and Settings\All Users\Datos de programa\Roxio
[2009/02/25 11:02:30 | 00,000,000 | ---D | M] -- d:\Documents and Settings\All Users\Datos de programa\Sharp
[2009/02/25 11:14:09 | 00,000,000 | ---D | M] -- d:\Documents and Settings\All Users\Datos de programa\Sharpdesk
[2007/09/18 13:26:35 | 00,000,000 | ---D | M] -- d:\Documents and Settings\All Users\Datos de programa\Teleca
[2009/09/06 22:31:15 | 00,000,000 | RH-D | M] -- d:\Documents and Settings\borgesjh\Datos de programa
[2009/07/25 01:12:34 | 00,000,000 | ---D | M] -- d:\Documents and Settings\borgesjh\Datos de programa\ActiveState
[2007/12/08 12:36:48 | 00,000,000 | ---D | M] -- d:\Documents and Settings\borgesjh\Datos de programa\Ahead
[2007/11/12 13:59:27 | 00,000,000 | ---D | M] -- d:\Documents and Settings\borgesjh\Datos de programa\Autodesk
[2009/05/30 19:33:08 | 00,000,000 | ---D | M] -- d:\Documents and Settings\borgesjh\Datos de programa\Azureus
[2009/05/17 15:58:37 | 00,000,000 | ---D | M] -- d:\Documents and Settings\borgesjh\Datos de programa\dvdcss
[2009/01/15 17:53:02 | 00,000,000 | ---D | M] -- d:\Documents and Settings\borgesjh\Datos de programa\ExportTool
[2009/04/22 12:54:33 | 00,000,000 | ---D | M] -- d:\Documents and Settings\borgesjh\Datos de programa\FileZilla
[2008/02/27 04:19:15 | 00,000,000 | ---D | M] -- d:\Documents and Settings\borgesjh\Datos de programa\GetRight
[2008/02/26 21:16:26 | 00,000,000 | ---D | M] -- d:\Documents and Settings\borgesjh\Datos de programa\GetRightToGo
[2007/08/12 10:19:06 | 00,000,000 | ---D | M] -- d:\Documents and Settings\borgesjh\Datos de programa\GlobalSCAPE
[2009/05/25 22:56:42 | 00,000,000 | ---D | M] -- d:\Documents and Settings\borgesjh\Datos de programa\ImgBurn
[2009/04/02 12:57:20 | 00,000,000 | ---D | M] -- d:\Documents and Settings\borgesjh\Datos de programa\mIRC
[2009/09/02 22:20:10 | 00,000,000 | ---D | M] -- d:\Documents and Settings\borgesjh\Datos de programa\Opera
[2009/03/22 12:32:03 | 00,000,000 | ---D | M] -- d:\Documents and Settings\borgesjh\Datos de programa\Palo Alto Software
[2009/01/25 22:41:57 | 00,000,000 | ---D | M] -- d:\Documents and Settings\borgesjh\Datos de programa\Plazmic
[2009/06/27 22:10:25 | 00,000,000 | ---D | M] -- d:\Documents and Settings\borgesjh\Datos de programa\RenPy
[2009/01/22 14:35:53 | 00,000,000 | ---D | M] -- d:\Documents and Settings\borgesjh\Datos de programa\Research In Motion
[2009/02/21 19:36:20 | 00,000,000 | ---D | M] -- d:\Documents and Settings\borgesjh\Datos de programa\Roxio
[2009/02/25 11:15:57 | 00,000,000 | ---D | M] -- d:\Documents and Settings\borgesjh\Datos de programa\Sharpdesk
[2009/07/21 14:04:33 | 00,000,000 | ---D | M] -- d:\Documents and Settings\borgesjh\Datos de programa\Sparx Systems
[2009/01/15 13:06:25 | 00,000,000 | ---D | M] -- d:\Documents and Settings\borgesjh\Datos de programa\Styler
[2009/07/25 13:25:10 | 00,000,000 | ---D | M] -- d:\Documents and Settings\borgesjh\Datos de programa\Subversion
[2007/09/19 19:33:13 | 00,000,000 | ---D | M] -- d:\Documents and Settings\borgesjh\Datos de programa\Teleca
[2007/07/21 23:17:11 | 00,000,000 | ---D | M] -- d:\Documents and Settings\borgesjh\Datos de programa\TextPad
[2009/07/26 18:22:31 | 00,000,000 | ---D | M] -- d:\Documents and Settings\borgesjh\Datos de programa\TortoiseSVN
[2009/06/06 22:44:45 | 00,000,000 | ---D | M] -- d:\Documents and Settings\borgesjh\Datos de programa\TweetDeckFast.F9107117265DB7542C1A806C8DB837742CE14C21.1
[2008/08/21 11:09:45 | 00,000,000 | ---D | M] -- d:\Documents and Settings\borgesjh\Datos de programa\U3
[2009/09/03 23:48:56 | 00,000,000 | ---D | M] -- d:\Documents and Settings\borgesjh\Datos de programa\uTorrent
[2001/08/23 04:30:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/09/07 00:36:38 | 00,001,034 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
[2009/09/07 00:45:00 | 00,001,038 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
[2009/09/06 14:17:00 | 00,001,088 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1078081533-796845957-1801674531-980394Core.job
[2009/09/06 23:17:00 | 00,001,140 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1078081533-796845957-1801674531-980394UA.job
[2009/09/07 00:36:27 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >
[1997/09/19 05:31:00 | 00,554,482 | ---- | M] () -- C:\IMPORT.EXE

< %systemroot%\system32\eventlog.dll >
[2001/08/23 03:30:00 | 00,055,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\eventlog.dll

< %systemroot%\system32\scecli.dll >
[2001/08/23 03:30:00 | 00,184,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\netlogon.dll >

< %systemroot%\system32\cngaudit.dll >

< %systemroot%\system32\sceclt.dll >

< %systemroot%\ntelogon.dll >

< %systemroot%\system32\logevent.dll >

========== Alternate Data Streams ==========

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\THREED32.OCX:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\THREED32.OCA:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\Oraipsrv.reg:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\Oraipsrv.dat:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\oradc.reg:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\ORADC.OCX:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\ORADC.LIC:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\oradc.dat:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\ORACLEO.HLP:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\ORAANSI.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\Oo4oparm.reg:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\Oo4oparm.dat:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\OIP22.TLB:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\OIP22.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\MSFLXGRD.OCX:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\MSFLXGRD.oca:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\MSFLXGRD.DEP:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\exel98.reg:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\excel98.reg:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\excel98.dat:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\sapmsg.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\saplogon.ini:KAVICHS
< End of report >

OTL Extras logfile created on: 07/09/2009 01:09:43 a.m. - Run 1
OTL by OldTimer - Version 3.0.10.7 Folder = d:\Documents and Settings\borgesjh\Escritorio\GTG Guide
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 0000200A | Country: Venezuela | Language: ESV | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 100,00% Memory free
4,00 Gb Paging File | 3,72 Gb Available in Paging File | 92,89% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Archivos de programa
Drive C: | 23,44 Gb Total Space | 10,10 Gb Free Space | 43,07% Space Free | Partition Type: NTFS
Drive D: | 51,09 Gb Total Space | 24,01 Gb Free Space | 46,99% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: XMOBILEDD5289F
Current User Name: BORGESJH
NOT logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Archivos de programa\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l
.reg [@ = regfile] -- regedit.exe "%1"

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DoNotAllowExceptions" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DoNotAllowExceptions" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Archivos de programa\Windows Live\Messenger\msnmsgr.exe" = C:\Archivos de programa\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Archivos de programa\Windows Live\Messenger\livecall.exe" = C:\Archivos de programa\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) -- (Microsoft Corporation)
"C:\Archivos de programa\Archivos comunes\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe" = C:\Archivos de programa\Archivos comunes\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe:*:Disabled:Sentinel Protection Server -- (SafeNet, Inc)
"C:\Archivos de programa\Archivos comunes\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe" = C:\Archivos de programa\Archivos comunes\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe:*:Disabled:Sentinel Keys Server -- (SafeNet, Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Archivos de programa\Grisoft\AVG7\avginet.exe" = C:\Archivos de programa\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe -- File not found
"C:\Archivos de programa\Grisoft\AVG7\avgamsvr.exe" = C:\Archivos de programa\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe -- File not found
"C:\Archivos de programa\Grisoft\AVG7\avgcc.exe" = C:\Archivos de programa\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe -- File not found
"C:\Archivos de programa\Windows Live\Messenger\msnmsgr.exe" = C:\Archivos de programa\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Archivos de programa\Windows Live\Messenger\livecall.exe" = C:\Archivos de programa\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) -- (Microsoft Corporation)
"C:\Archivos de programa\AVG\AVG8\avgupd.exe" = C:\Archivos de programa\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- File not found
"C:\Archivos de programa\AVG\AVG8\avgemc.exe" = C:\Archivos de programa\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe -- File not found

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{03178905-E40F-4FF3-AD16-D9310A89D8A6}" = NI Distribution Information - PDS English
"{07D7FEEC-F739-40B1-9E59-1B88D57ADC0B}" = Módem EVDO CDU-650
"{0837A661-FEC3-48B3-876C-91E7D32048A9}" = Macromedia Dreamweaver 8
"{0AEF384B-610F-4309-8DA3-91834FE4E80E}" = Sharpdesk
"{11A8F66F-7B73-422C-88B6-7187BEF92AE7}" = NI LabVIEW 7.1 Core Essentials
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{14AD69CE-B59F-4EC2-BC3A-DB56105F3D62}" = BlackBerry Desktop Software 4.6
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1F701DBD-1660-4108-B10A-FB435EA63BF0}" = PostgreSQL 8.2
"{20585CDC-114E-4372-986A-0686B1A37A30}" = Business Plan Pro 2007
"{213BAB58-DF0D-4345-8CFD-F572CF1088C9}" = JGS QWS3270 PLUS Us (25/Ene/02)
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{2505571C-03B3-4F9F-AC35-33F1CB4B5E9E}_is1" = RescueTime 2.1.0
"{251F8A77-7ACB-47BB-98CE-9F671B69D90F}" = NI Example Finder 2.0
"{2878CD7B-FD12-4ADE-9B90-11DF678EF18C}" = NI Instrument IO Assistant for LabVIEW 7.1
"{2BD5C305-1B27-4D41-B690-7A61172D2FEB}" = Macromedia Flash 8
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.00 D2
"{350C9C0A-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{362F8AC6-4EA5-C5AC-ED7E-1F49F0EE20D5}" = TweetDeck
"{3BC1954F-F5C9-4ED2-BB2A-BAEEF4DAC74D}" = TortoiseSVN 1.6.3.16613 (32 bit)
"{3C15D6C4-8333-4AA6-814B-4679D0A8F261}" = Subversion
"{3E4153AF-3D74-4062-8812-B1FDCE6B1F37}" = LEGO® MINDSTORMS® NXT - English Language Pack
"{3E5562ED-69AB-4CEC-91E2-64E18EC5ACC6}" = Cisco Systems VPN Client 4.0.2 (B)
"{3F4EC965-28EF-45C3-B063-04B25D4E9679}" = HP Integrated Module with Bluetooth wireless technology
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4246326C-E861-43CA-B47D-2357454385F9}" = LEGO® MINDSTORMS® NXT Software v1.0
"{46893F4E-733A-426D-80BE-929A5A269646}" = NI LVBrokerAux71
"{4A6DF6D1-A13D-4AF1-9302-8117890FF598}" = ICONICS GraphWorX32
"{4C24A8C1-7CFA-4650-AF15-732F5BD7B46D}" = Macromedia Fireworks 8
"{4C78E7B2-AE8C-492E-8A97-BA6A641C616B}" = Enterprise Architect 6.1 - 30 Day Trial
"{4C95ED29-871B-4D7E-B773-1235ACC63792}" = ActiveState Komodo IDE 5.1.0
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}" = Windows Live Messenger
"{518930BE-7875-4547-B026-20B92F695781}" = NI LabVIEW Run-Time Engine 7.1
"{54CED721-471C-4F40-914C-4630DE07CE8D}" = NI LVBroker
"{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager
"{55C98239-914A-46C1-B19D-83E90F7E00CC}" = Fingerprint Sensor Minimum Install
"{5E62845C-F953-4221-9EB3-7718E696C512}" = NI LabVIEW PID Control Toolset 6.0
"{5F378E1C-92ED-47AC-BF93-00D30F685D34}" = BlackBerry Device Software v4.5.0 para el smartphone BlackBerry 8320
"{607C8C4E-5FEC-4656-9DA1-3D6D6B7DE0ED}" = NI LabVIEW Advanced Analysis 7.1
"{68A447F3-A77B-47EF-9B15-BB318C69C914}" = Business Plan Pro 2007 Sample Plans
"{75ECB75A-522C-4312-8DE7-597CDA9D96A3}" = HP Mobile Data Protection System
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7BAC5387-44F2-4693-BBA0-78543D928890}" = CIOC 1.0 Sp (30/May/02)
"{7C91593D-CBDF-4B4B-B98C-7C1276CD58DD}" = EMS SQL Manager 2005 for PostgreSQL
"{7E7D257F-326D-11D4-A1AF-AA000400DF04}" = OpenBSI Essentials
"{7EB0D766-982D-4187-88A7-6E0780BAA69F}" = NI LabVIEW Professional Tools 7.1
"{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page
"{8220C40F-AA38-4752-978F-6198328B1C20}" = ACDSee Classic
"{84D0BDE5-5871-4EC8-8D31-63354170BF55}" = NI LabVIEW Picture Control and CIN Tools 7.1
"{8659D9D6-1FBE-4A9F-BF64-939022C801B7}" = BlackBerry Device Software v4.6.0 for the BlackBerry 9000 smartphone
"{885A63EA-382B-4DD4-A755-14809B8557D6}" = Macromedia Flash Player 8
"{8949B09B-852D-4CB0-B3D6-EFA6665593DA}" = PaqStdPdv
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}" = Macromedia Flash 8 Video Encoder
"{8C8ADD9C-1F30-4B1A-927E-B72CC4AADB91}" = IBM Lotus Sametime Connect 7.5.1
"{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4}" = Battlefield Heroes
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{903B0C0A-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Project Professional 2003
"{90510C0A-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Professional 2003
"{91057632-CA70-413C-B628-2D3CDBBB906B}" = Macromedia Flash Player 8 Plugin
"{94435A21-A597-41AC-85BA-680E8348EB50}" = NI LabVIEW Application Builder 7.1
"{95868E9A-0225-4960-8266-99EDBD1CD3FF}" = Mindjet MindManager Pro 7
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AACF183-58C5-11D4-A1C5-AA000400DF04}" = ACCOL WorkBench
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3A9DA06-D9B8-47BE-8179-3AADEB19582A}" = NI Uninstaller
"{A440A53C-17E6-4AD9-8794-97BCC01CF2DD}" = Remedy ARSUSER 5.0 Us (27/Feb/02)
"{A538318F-0FED-44D1-8183-B07AB582AECF}" = VBA (2627.01)
"{A66B369B-2927-8B02-ADF7-5BC0FE941033}" = Nero 7 Demo
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AA6E3433-9E8A-473F-801B-88BF9087E028}" = ProcessBook 2.12 Us (03/Jun/02)
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AB18B0BA-A08F-48B8-8D0E-AA9DDDCA22EA}" = CuteFTP 6 Professional
"{AC76BA86-7AD7-1033-7B44-A00000000001}" = Adobe Reader 6.0.1
"{AD6FA164-CE2E-4637-863F-CA8A79CB2B6E}" = AirMux200 Manager
"{AEB9948B-4FF2-47C9-990E-47014492A0FE}" = MSXML 6.0 Parser
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}" = Windows Live Sign-in Assistant
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B1A9CD45-A702-4E3B-91ED-8CD562869901}" = DWG TrueView 2008
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{B510A987-487E-4C66-9F4F-D386AC275715}" = TextPad 4.7
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
"{C2CDE75C-CA51-4335-9C13-84C00E6093A5}" = Windows Media Player Enterprise Deployment
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D3B1BF8A-B31C-4E94-A370-DF275953882D}" = Lotus Notes 6.51 (131106)
"{D3BA79B7-823E-437A-A7E0-BDB2CB62C7BE}" = NI LabVIEW 7.1
"{E14D4E88-DBBF-4AEE-A8EB-C4744E95EEEA}" = LEGO® MINDSTORMS® NXT Driver
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{E9ECF354-2422-4FDB-9ABF-D8ADAC0EF941}" = Styler
"{EC60B018-251A-47E7-A838-CECB70AE46EF}" = NI LabVIEW Service Locator 1.0
"{EDFE2142-CFB3-44AB-A961-DE85F6408A28}" = Sentinel Protection Installer 7.3.2
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F5A83924-6A0A-40A2-9A9C-00D876B62E7F}" = FreeAgent Pro Tools
"{F6377647-81AF-41C0-BC7E-06CF37E204AB}" = Roxio Media Manager
"{F724042F-367A-3B58-9BE3-8EF7A6F058D6}" = Google Gears
"{F73EE298-2C7F-4155-A61B-5A63F8FA1D7E}" = PI-Datalink 1.9 Us (6/Sep/02)
"{FACF203E-0F4D-489A-B80C-D185253C8FCB}" = Autodesk Design Review 2008
"{FC906D5C-91F9-4DA4-A765-6DCBB669F317}" = Sony Ericsson PC Suite
"{FCC9BA43-E00A-4269-B0CA-6708ED300914}" = NI LabVIEW Full 7.1
"{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}" = EPSON Print CD
"{FFAB5ABB-8AAB-42E2-847F-1743E51E01E9}" = Disc2Phone
"3GP Player_is1" = 3GP Player 2007
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Ares" = Ares 2.0.9
"ATI Display Driver" = ATI Display Driver
"avast!" = avast! Antivirus
"Batch" = Batch
"BlackBerry_{14AD69CE-B59F-4EC2-BC3A-DB56105F3D62}" = BlackBerry Desktop Software 4.6
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"COMODO Internet Security" = COMODO Internet Security
"Data Access Objects (DAO) 3.5" = Data Access Objects (DAO) 3.5
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DWG TrueView 2008" = DWG TrueView 2008
"eMule" = eMule
"EPSON Printer and Utilities" = Software de impresora EPSON
"ERUNT_is1" = ERUNT 1.1j
"Free Realms Installer" = Free Realms Installer
"Free WMA to MP3 Converter_is1" = Free WMA to MP3 Converter 1.16
"GetRight_is1" = GetRight
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ImgBurn" = ImgBurn
"InstallShield_{0AEF384B-610F-4309-8DA3-91834FE4E80E}" = Sharpdesk
"InstallShield_{AB18B0BA-A08F-48B8-8D0E-AA9DDDCA22EA}" = CuteFTP 6 Professional
"InstallShield_{F5A83924-6A0A-40A2-9A9C-00D876B62E7F}" = FreeAgent Pro Tools
"IrfanView" = IrfanView (remove only)
"Katawa Shoujo Act 1" = Katawa Shoujo Act 1
"KyoceraPassportNavigator 2_is1" = Kyocera Passport Navigator 2
"Logicmaster 90-70" = Logicmaster 90-70
"LogixPro PLC Simulator_is1" = TLP LogixPro Simulator
"LogonStudio" = LogonStudio
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Messenger Plus! Live" = Messenger Plus! Live
"Microangelo 5.0" = Microangelo 5.5
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"mIRC" = mIRC
"Mozilla Firefox (3.5.2)" = Mozilla Firefox (3.5.2)
"Netscape Communicator 4.73" = Netscape Communicator 4.73
"NI Uninstaller" = National Instruments Software
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Office8.0" = Microsoft Office 97 Standard
"PDF-XChange 3_is1" = PDF-XChange 3.0
"PI-ProcessBook 2.0 Uninstall" = PI-ProcessBook 2.0 Uninstall
"Plazmic CDK 4.6 for BlackBerry" = Plazmic CDK 4.6 for BlackBerry
"SAPFrontend" = SAP Front End
"Serious Samurize" = Serious Samurize
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"Silent Package Run-Time Sample" = Manual de referencia SP R270
"ST6UNST #1" = Configurador CF3000
"ST6UNST #2" = Configurador CF3000 (D:\Archivos de programa\CF3000 Configurator\)
"VLC media player" = VLC media player 0.9.8a
"WebPost" = Microsoft Web Publishing Wizard 1.52
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Reproductor de Windows Media 10
"Windows Script" = Microsoft Windows Script 5.7
"WinPcapInst" = WinPcap 4.0
"WinRAR archiver" = WinRAR archiver
"xampp" = XAMPP 1.6.2

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"3GP Player_is1" = 3GP Player 2008
"Google Chrome" = Google Chrome
"uTorrent" = µTorrent
"Wakoopa" = Wakoopa
"WinHTTrack Website Copier_is1" = WinHTTrack Website Copier 3.41-rc1

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 07/09/2009 01:07:32 a.m. | Computer Name = XMOBILEDD5289F | Source = AutoEnrollment | ID = 15
Description = La inscripción de certificados automática para Sistema local no puede
ponerse en contacto con el directorio activo (0x8007054b) El dominio especificado
no existe o no se pudo establecer conexión con él. . La inscripción no se efectuará.

Error - 07/09/2009 01:09:30 a.m. | Computer Name = XMOBILEDD5289F | Source = UserInit | ID = 1000
Description = No se pudo ejecutar la siguiente secuencia de comandos \\pdvsa.com\SysVol\pdvsa.com\Scripts\Huso\TimeZone.vbs.
No es posible el acceso a la ubicación de red. Para obtener información para solucionar
problemas de red, vea la Ayuda de Windows.

Error - 07/09/2009 01:09:30 a.m. | Computer Name = XMOBILEDD5289F | Source = UserInit | ID = 1000
Description = No se pudo ejecutar la siguiente secuencia de comandos \\pdvsa.com\sysvol\pdvsa.com\Scripts\McAfee\epoinstall.vbs.
No es posible el acceso a la ubicación de red. Para obtener información para solucionar
problemas de red, vea la Ayuda de Windows.

Error - 07/09/2009 01:09:30 a.m. | Computer Name = XMOBILEDD5289F | Source = UserInit | ID = 1000
Description = No se pudo ejecutar la siguiente secuencia de comandos \\pdvsa.com\netlogon\SP\ControlR\instalarCR.vbs.
El sistema no puede hallar el archivo especificado.

Error - 07/09/2009 01:09:34 a.m. | Computer Name = XMOBILEDD5289F | Source = UserInit | ID = 1000
Description = No se pudo ejecutar la siguiente secuencia de comandos c:\temp\instalar.exe.
Acceso denegado.

Error - 07/09/2009 01:09:35 a.m. | Computer Name = XMOBILEDD5289F | Source = UserInit | ID = 1000
Description = No se pudo ejecutar la siguiente secuencia de comandos \\pdvsa.com\SysVol\pdvsa.com\Scripts\CompScript\netscape.vbs.
No se ha encontrado la ruta de acceso de la red.

Error - 07/09/2009 01:09:35 a.m. | Computer Name = XMOBILEDD5289F | Source = UserInit | ID = 1000
Description = No se pudo ejecutar la siguiente secuencia de comandos \\pdvsa.com\SysVol\pdvsa.com\Scripts\CompScript\occconfigwxp.vbe.
No se ha encontrado la ruta de acceso de la red.

Error - 07/09/2009 01:09:35 a.m. | Computer Name = XMOBILEDD5289F | Source = Userenv | ID = 1054
Description = Windows no puede obtener el nombre del controlador de dominio para
la red de su equipo. (El dominio especificado no existe o no se pudo establecer
conexión con él. ). Se ha anulado el proceso de directiva de grupo.

Error - 07/09/2009 01:09:36 a.m. | Computer Name = XMOBILEDD5289F | Source = UserInit | ID = 1000
Description = No se pudo ejecutar la siguiente secuencia de comandos \\pdvsa.com\SysVol\pdvsa.com\Scripts\SP\instalaSP.vbs.
No se ha encontrado la ruta de acceso de la red.

Error - 07/09/2009 01:09:36 a.m. | Computer Name = XMOBILEDD5289F | Source = UserInit | ID = 1000
Description = No se pudo ejecutar la siguiente secuencia de comandos \\pdvsa.com\netlogon\corregiroffice\POWEREXWORD.VBS.
El sistema no puede hallar el archivo especificado.

[ System Events ]
Error - 07/09/2009 01:07:46 a.m. | Computer Name = XMOBILEDD5289F | Source = Print | ID = 33
Description = No se encuentra el contenedor de PrintQueue porque no se ha podido
recuperar el nombre de dominio DNS. Error: 54b

Error - 07/09/2009 01:08:06 a.m. | Computer Name = XMOBILEDD5289F | Source = Service Control Manager | ID = 7023
Description = El servicio Shell Time terminó con el error: %%126

Error - 07/09/2009 01:08:06 a.m. | Computer Name = XMOBILEDD5289F | Source = Service Control Manager | ID = 7009
Description = Intervalo de espera (30000 ms.) para la conexión con el servicio Roxio
Hard Drive Watcher 9.

Error - 07/09/2009 01:12:42 a.m. | Computer Name = XMOBILEDD5289F | Source = DCOM | ID = 10005
Description = DCOM ha obtenido un error "%1058" al intentar iniciar el servicio
wuauserv con argumentos "" para ejecutar el servidor: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 07/09/2009 01:12:50 a.m. | Computer Name = XMOBILEDD5289F | Source = Service Control Manager | ID = 7023
Description = El servicio Examinador de equipos terminó con el error: %%1460

Error - 07/09/2009 01:13:42 a.m. | Computer Name = XMOBILEDD5289F | Source = DCOM | ID = 10005
Description = DCOM ha obtenido un error "%1058" al intentar iniciar el servicio
wuauserv con argumentos "" para ejecutar el servidor: {9B1F122C-2982-4E91-AA8B-E071D54F2A4D}

Error - 07/09/2009 01:13:45 a.m. | Computer Name = XMOBILEDD5289F | Source = DCOM | ID = 10005
Description = DCOM ha obtenido un error "%1058" al intentar iniciar el servicio
wuauserv con argumentos "" para ejecutar el servidor: {9B1F122C-2982-4E91-AA8B-E071D54F2A4D}

Error - 07/09/2009 01:13:47 a.m. | Computer Name = XMOBILEDD5289F | Source = DCOM | ID = 10005
Description = DCOM ha obtenido un error "%1058" al intentar iniciar el servicio
wuauserv con argumentos "" para ejecutar el servidor: {9B1F122C-2982-4E91-AA8B-E071D54F2A4D}

Error - 07/09/2009 01:14:54 a.m. | Computer Name = XMOBILEDD5289F | Source = W32Time | ID = 39452701
Description = El proveedor de tiempo NtpClient se ha configurado para adquirir la
hora desde uno o más recursos de hora, sin embargo, ninguno de los recursos está
accesible No se hará un intento de ponerse en contacto con un recurso durante 14
minutos. NtpClient no tiene recurso de hora exacta.

Error - 07/09/2009 01:29:56 a.m. | Computer Name = XMOBILEDD5289F | Source = W32Time | ID = 39452701
Description = El proveedor de tiempo NtpClient se ha configurado para adquirir la
hora desde uno o más recursos de hora, sin embargo, ninguno de los recursos está
accesible No se hará un intento de ponerse en contacto con un recurso durante 29
minutos. NtpClient no tiene recurso de hora exacta.

< End of report >

RootRepeal.txt

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/09/07 00:58
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP2
==================================================

Drivers
-------------------
Name: ay55rvgx.SYS
Image Path: C:\WINDOWS\System32\Drivers\ay55rvgx.SYS
Address: 0xB8162000 Size: 417792 File Visible: No Signed: -
Status: -

Name: dump_iastor.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_iastor.sys
Address: 0xA7A76000 Size: 876544 File Visible: No Signed: -
Status: -

Name: PCI_NTPNP9224
Image Path: \Driver\PCI_NTPNP9224
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xA2C1D000 Size: 49152 File Visible: No Signed: -
Status: -

SSDT
-------------------
#: 011 Function Name: NtAdjustPrivilegesToken
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xa7d76f4a

#: 025 Function Name: NtClose
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xa7bc26b8

#: 031 Function Name: NtConnectPort
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xa7d76454

#: 037 Function Name: NtCreateFile
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xa7d76aee

#: 041 Function Name: NtCreateKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xa7bc2574

#: 046 Function Name: NtCreatePort
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xa7d76132

#: 050 Function Name: NtCreateSection
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xa7d781d6

#: 052 Function Name: NtCreateSymbolicLinkObject
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xa7d784ae

#: 053 Function Name: NtCreateThread
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xa7d75cf8

#: 063 Function Name: NtDeleteKey
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xa7d77130

#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xa7bc2a52

#: 068 Function Name: NtDuplicateObject
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xa7bc214c

#: 071 Function Name: NtEnumerateKey
Status: Hooked by "sptd.sys" at address 0xba6c3fb2

#: 073 Function Name: NtEnumerateValueKey
Status: Hooked by "sptd.sys" at address 0xba6c4340

#: 097 Function Name: NtLoadDriver
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xa7d77e58

#: 105 Function Name: NtMakeTemporaryObject
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xa7d766d8

#: 116 Function Name: NtOpenFile
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xa7d76d32

#: 119 Function Name: NtOpenKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xa7bc264e

#: 122 Function Name: NtOpenProcess
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xa7bc208c

#: 125 Function Name: NtOpenSection
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xa7d76968

#: 128 Function Name: NtOpenThread
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xa7bc20f0

#: 160 Function Name: NtQueryKey
Status: Hooked by "sptd.sys" at address 0xba6c4418

#: 177 Function Name: NtQueryValueKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xa7bc276e

#: 192 Function Name: NtRenameKey
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xa7d7788c

#: 200 Function Name: NtRequestWaitReplyPort
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xa7d76250

#: 204 Function Name: NtRestoreKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xa7bc272e

#: 210 Function Name: NtSecureConnectPort
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xa7d77bf4

#: 240 Function Name: NtSetSystemInformation
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xa7d78006

#: 247 Function Name: NtSetValueKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xa7bc28ae

#: 249 Function Name: NtShutdownSystem
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xa7d76672

#: 255 Function Name: NtSystemDebugControl
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xa7d7685c

#: 257 Function Name: NtTerminateProcess
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xa7d75ffc

#: 258 Function Name: NtTerminateThread
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xa7d75eca

Hidden Services
-------------------
Service Name: iplzph
Image Path: %SystemRoot%\system32\svchost.exe -k netsvcs

==EOF==

#2
fenzodahl512

Posted 10 September 2009 - 10:50 AM

Malware Removal
9,863 posts

Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..

Please download ComboFix by sUBs from one of the locations below, and save it to your Desktop.
Link 2
Link 3
Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.

If ComboFix asked you to install Recovery Console, please do so.. It will be your best interest..

When finished, it shall produce a log for you. Post that log and a fresh HijackThis log in your next reply..

Note: DON'T do anything with your computer while ComboFix is running.. Let ComboFix finishes its job..

#3
JBorges

Posted 10 September 2009 - 01:08 PM

Member

Topic Starter
Member
15 posts

Thanks for taking my case.

ComboFix

ComboFix 09-09-09.09 - BORGESJH 10/09/2009 14:01.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.58.3082.18.3071.2502 [GMT -4,5:30]
Running from: d:\documents and settings\borgesjh\Escritorio\ComboFix.exe
AV: avast! antivirus 4.8.1351 [VPS 090910-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\recycler\S-1-5-21-2650350907-201546465-1892764099-500
c:\recycler\S-1-5-21-3912398786-861159790-3837866307-500
c:\recycler\S-1-5-21-789336058-842925246-725345543-500
c:\windows\Installer\42128.msi
c:\windows\Installer\42433.msi
c:\windows\Installer\faa09.msi
c:\windows\system32\BReWErS.dll
c:\windows\system32\Ijl11.dll
D:\autorun.inf
d:\documents and settings\Administrador\Cookies\[email protected][1].txt
D:\g8k.exe
D:\lcw.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_AVPsys

((((((((((((((((((((((((( Files Created from 2009-08-10 to 2009-09-10 )))))))))))))))))))))))))))))))
.

2009-09-07 03:58 . 2009-08-17 16:04 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-09-07 03:58 . 2009-08-17 16:04 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-09-07 03:58 . 2009-08-17 16:03 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-09-07 03:58 . 2009-08-17 16:06 93392 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-09-07 03:58 . 2009-08-17 16:06 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-09-07 03:58 . 2009-08-17 16:05 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-09-07 03:58 . 2009-08-17 16:05 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-09-07 03:58 . 2009-08-17 16:02 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-09-07 03:57 . 2009-08-17 16:10 1279456 ----a-w- c:\windows\system32\aswBoot.exe
2009-09-07 03:57 . 2009-09-07 03:57 -------- d-----w- c:\archivos de programa\Alwil Software
2009-09-07 03:01 . 2009-09-07 03:01 -------- d-----w- d:\documents and settings\borgesjh\Datos de programa\Malwarebytes
2009-09-07 03:00 . 2009-08-03 18:06 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-07 03:00 . 2009-09-07 03:00 -------- d-----w- d:\documents and settings\All Users\Datos de programa\Malwarebytes
2009-09-07 03:00 . 2009-08-03 18:06 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-07 03:00 . 2009-09-07 03:01 -------- d-----w- c:\archivos de programa\Malwarebytes' Anti-Malware
2009-09-07 02:58 . 2009-09-07 02:58 -------- d-----w- c:\archivos de programa\ERUNT
2009-09-07 02:09 . 2009-09-07 02:09 -------- d-----w- C:\VundoFix Backups
2009-09-07 01:49 . 2009-07-28 21:03 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-09-07 01:41 . 2009-09-07 01:41 262144 ----a-w- d:\documents and settings\GUTIER~2.COM
2009-09-07 01:41 . 2009-09-07 01:41 -------- d-----w- d:\documents and settings\All Users\Datos de programa\avg7
2009-09-07 01:40 . 2009-09-07 01:40 262144 ----a-w- d:\documents and settings\GUTIER~1.COM
2009-09-02 03:44 . 2009-09-02 03:44 -------- d-----w- c:\archivos de programa\RescueTime
2009-08-30 23:06 . 2009-08-30 23:06 -------- d-----w- c:\archivos de programa\Archivos comunes\Windows Live
2009-08-28 18:00 . 2009-08-28 18:08 -------- d-----w- d:\documents and settings\All Users\Datos de programa\Comodo
2009-08-28 18:00 . 2009-08-28 18:00 87104 ----a-w- c:\windows\system32\drivers\inspect.sys
2009-08-28 18:00 . 2009-08-28 18:00 179792 ----a-w- c:\windows\system32\guard32.dll
2009-08-28 18:00 . 2009-08-28 18:00 25160 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2009-08-28 18:00 . 2009-08-28 18:00 132168 ----a-w- c:\windows\system32\drivers\cmdguard.sys
2009-08-28 18:00 . 2009-08-28 18:00 -------- d-----w- c:\archivos de programa\COMODO
2009-08-27 12:37 . 2009-08-27 12:39 -------- d-----w- d:\documents and settings\borgesjh\Datos de programa\DivX
2009-08-27 12:36 . 2009-08-27 12:36 -------- d-----w- c:\archivos de programa\Archivos comunes\DivX Shared
2009-08-27 12:36 . 2009-08-27 12:37 -------- d-----w- c:\archivos de programa\DivX

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-10 10:56 . 2009-06-02 03:16 -------- d-----w- d:\documents and settings\borgesjh\Datos de programa\uTorrent
2009-09-09 03:16 . 2009-05-21 19:49 -------- d-----w- c:\archivos de programa\Google
2009-09-06 23:13 . 2009-01-22 19:05 256 ----a-w- c:\windows\system32\pool.bin
2009-09-06 22:09 . 2009-01-22 02:34 -------- d-----w- c:\archivos de programa\Archivos comunes\Research In Motion
2009-07-26 22:52 . 2009-07-26 19:20 -------- d-----w- d:\documents and settings\borgesjh\Datos de programa\TortoiseSVN
2009-07-26 19:01 . 2009-07-26 19:01 -------- d-----w- c:\archivos de programa\Subversion
2009-07-25 22:53 . 2009-07-25 22:53 -------- d-----w- c:\archivos de programa\TortoiseSVN
2009-07-25 22:53 . 2009-07-25 22:53 -------- d-----w- c:\archivos de programa\Archivos comunes\TortoiseOverlays
2009-07-25 17:55 . 2009-07-25 17:55 -------- d-----w- d:\documents and settings\borgesjh\Datos de programa\Subversion
2009-07-25 05:42 . 2009-07-25 05:22 -------- d-----w- d:\documents and settings\borgesjh\Datos de programa\ActiveState
2009-07-25 05:41 . 2009-07-25 05:23 -------- d-----w- c:\archivos de programa\ActiveState Komodo IDE 5
2009-07-25 05:28 . 2009-07-25 05:28 -------- d-----w- d:\documents and settings\All Users\Datos de programa\ActiveState
2009-07-25 01:41 . 2009-07-25 01:41 -------- d-----w- c:\archivos de programa\TweetDeck
2009-07-21 18:34 . 2009-07-21 18:34 -------- d-----w- d:\documents and settings\borgesjh\Datos de programa\Sparx Systems
2009-07-14 00:17 . 2008-01-22 01:01 129784 ------w- c:\windows\system32\pxafs.dll
2009-07-14 00:15 . 2009-07-14 00:15 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-07-14 00:15 . 2009-07-14 00:15 823296 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-07-14 00:15 . 2009-07-14 00:15 823296 ----a-w- c:\windows\system32\divx_xx07.dll
2009-07-14 00:15 . 2009-07-14 00:15 815104 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-07-14 00:15 . 2009-07-14 00:15 811008 ----a-w- c:\windows\system32\divx_xx16.dll
2009-07-14 00:15 . 2009-07-14 00:15 802816 ----a-w- c:\windows\system32\divx_xx11.dll
2009-07-14 00:15 . 2009-07-14 00:15 685056 ----a-w- c:\windows\system32\DivX.dll
2004-03-15 22:51 . 2004-03-15 22:51 114688 ----a-w- c:\archivos de programa\internet explorer\plugins\LV71ActiveXControl.dll
2009-07-14 00:16 . 2009-07-14 00:16 1044480 ----a-w- c:\archivos de programa\mozilla firefox\plugins\libdivx.dll
2009-07-14 00:16 . 2009-07-14 00:16 200704 ----a-w- c:\archivos de programa\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2009-06-05 22:31 85712 ----a-w- c:\archivos de programa\Archivos comunes\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2009-06-05 22:31 85712 ----a-w- c:\archivos de programa\Archivos comunes\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2009-06-05 22:31 85712 ----a-w- c:\archivos de programa\Archivos comunes\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2009-06-05 22:31 85712 ----a-w- c:\archivos de programa\Archivos comunes\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2009-06-05 22:31 85712 ----a-w- c:\archivos de programa\Archivos comunes\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2009-06-05 22:31 85712 ----a-w- c:\archivos de programa\Archivos comunes\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2009-06-05 22:31 85712 ----a-w- c:\archivos de programa\Archivos comunes\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2009-06-05 22:31 85712 ----a-w- c:\archivos de programa\Archivos comunes\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2009-06-05 22:31 85712 ----a-w- c:\archivos de programa\Archivos comunes\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\archivos de programa\Archivos comunes\Ahead\lib\NMBgMonitor.exe" [2005-10-28 94208]
"pdfSaver3"="c:\archivos de programa\Mindjet\MindManager 7\PDF-XChange\pdfSaver\pdfSaver3.exe" [2004-09-05 380928]
"Google Update"="d:\documents and settings\borgesjh\Configuración local\Datos de programa\Google\Update\GoogleUpdate.exe" [2008-12-19 133104]
"Wakoopa"="d:\archivos de programa\Wakoopa\Wakoopa.exe" [2008-10-30 565248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QlbCtrl"="c:\archivos de programa\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-03-02 131072]
"AccelerometerSysTrayApplet"="c:\windows\system32\AccelerometerSt.exe" [2006-01-17 53248]
"Synchronization Manager"="c:\windows\system32\mobsync.exe" [2001-08-23 143872]
"Sony Ericsson PC Suite"="c:\archivos de programa\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2006-11-24 487424]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"MMReminderService"="c:\archivos de programa\Mindjet\MindManager 7\MMReminderService.exe" [2007-05-18 37392]
"SAR"="c:\windows\system32\sar.exe" [2008-09-12 315392]
"DatosAR"="c:\windows\System32\ardat.exe" [2008-09-12 36864]
"StxTrayMenu"="d:\archivos de programa\Seagate\SystemTray\StxMenuMgr.exe" [2007-01-18 190008]
"RoxWatchTray"="c:\archivos de programa\Archivos comunes\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2008-06-08 236016]
"IndexTray"="c:\archivos de programa\Sharp\Sharpdesk\IndexTray.exe" [2006-04-17 106496]
"SharpTray"="c:\archivos de programa\Sharp\Sharpdesk\SharpTray.exe" [2006-04-17 32768]
"TypeRegChecker"="c:\archivos de programa\Sharp\Sharpdesk\TypeRegChecker.exe" [2006-04-17 57344]
"FtpServer.exe"="c:\archivos de programa\Sharp\Sharpdesk\FtpServer.exe" [2006-04-18 692224]
"LogonStudio"="c:\archivos de programa\WinCustomize\LogonStudio\logonstudio.exe" [2002-09-03 987187]
"COMODO Internet Security"="c:\archivos de programa\COMODO\COMODO Internet Security\cfp.exe" [2009-08-28 1796368]
"avast!"="c:\archiv~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2005-12-12 88203]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2001-08-23 15360]

d:\documents and settings\borgesjh\Men£ Inicio\Programas\Inicio\
Styler.lnk - d:\documents and settings\borgesjh\Datos de programa\Microsoft\Installer\{E9ECF354-2422-4FDB-9ABF-D8ADAC0EF941}\_585b207a.exe [2009-1-15 15086]

d:\documents and settings\Administrador\Men£ Inicio\Programas\Inicio\
Adobe Gamma.lnk - c:\archivos de programa\Archivos comunes\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

d:\documents and settings\Administrador\Men£ Inicio\Programas\Inicio\
Adobe Gamma.lnk - c:\archivos de programa\Archivos comunes\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

d:\documents and settings\borgesjh\Men£ Inicio\Programas\Inicio\
Styler.lnk - d:\documents and settings\borgesjh\Datos de programa\Microsoft\Installer\{E9ECF354-2422-4FDB-9ABF-D8ADAC0EF941}\_585b207a.exe [2009-1-15 15086]

d:\documents and settings\borgesjh\Men£ Inicio\Programas\Inicio\
Styler.lnk - d:\documents and settings\borgesjh\Datos de programa\Microsoft\Installer\{E9ECF354-2422-4FDB-9ABF-D8ADAC0EF941}\_585b207a.exe [2009-1-15 15086]

d:\documents and settings\All Users\Men£ Inicio\Programas\Inicio\
BTTray.lnk - c:\archivos de programa\WIDCOMM\Software Bluetooth\BTTray.exe [2006-2-15 581693]
Palo Alto Software Update Manager 9.0.lnk - c:\archivos de programa\Archivos comunes\Palo Alto Software\9.0\PAS9_Update.exe [2006-9-5 122880]
RescueTime.lnk - c:\archivos de programa\RescueTime\RescueTime.exe [2009-9-1 2351616]

d:\documents and settings\borgesjh\Men£ Inicio\Programas\Inicio\
Styler.lnk - d:\documents and settings\borgesjh\Datos de programa\Microsoft\Installer\{E9ECF354-2422-4FDB-9ABF-D8ADAC0EF941}\_585b207a.exe [2009-1-15 15086]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMMyPictures"= 1 (0x1)
"NoStartMenuMyMusic"= 1 (0x1)
"MemCheckBoxInRunDlg"= 1 (0x1)
"DisablePersonalDirChange"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\windows\system32\logonuiX.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1078081533-796845957-1801674531-980394\Scripts\Logon\0\0]
"Script"=\\pdvsa.com\SysVol\pdvsa.com\Scripts\SP\instalaSP.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1078081533-796845957-1801674531-980394\Scripts\Logon\0\1]
"Script"=\\pdvsa.com\netlogon\corregiroffice\POWEREXWORD.VBS

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Archivos de programa\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Archivos de programa\\Windows Live\\Messenger\\livecall.exe"=

R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [31/07/2008 08:45 p.m. 20616]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [06/09/2009 11:28 p.m. 114768]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [28/08/2009 01:30 p.m. 132168]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [28/08/2009 01:30 p.m. 25160]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [06/09/2009 11:28 p.m. 20560]
R2 CTBREDDB;Citect Batch Redundant Database;d:\archiv~1\Citect\CITECT~1\Batch\CTBREDDB.exe [28/02/2008 08:40 a.m. 90112]
R2 pgsql-8.2;PostgreSQL Database Server 8.2;c:\archivos de programa\PostgreSQL\8.2\bin\pg_ctl.exe [20/04/2007 10:52 a.m. 79324]
R2 SAR;SAR Server 1.2.0;c:\windows\system32\sar.exe [12/09/2008 08:20 a.m. 315392]
R2 SentinelKeysServer;Sentinel Keys Server;c:\archivos de programa\Archivos comunes\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [22/08/2006 12:30 a.m. 316992]
R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [27/12/2006 02:37 p.m. 88192]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [27/12/2006 02:38 p.m. 36352]
R3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [02/07/2008 02:58 p.m. 26248]
S2 gupdate1c9da4d5e2d7b77;Google Update Service (gupdate1c9da4d5e2d7b77);c:\archivos de programa\Google\Update\GoogleUpdate.exe [21/05/2009 03:19 p.m. 133104]
S2 iplzph;Shell Time;c:\windows\system32\svchost.exe -k netsvcs [23/08/2001 03:30 a.m. 14336]
S3 cmo_bus;Data Modem @ CDMA Composite Device driver (WDM);c:\windows\system32\drivers\cmo_bus.sys [09/10/2008 06:18 p.m. 58352]
S3 cmo_mdfl;Data Modem @ CDMA Filter;c:\windows\system32\drivers\cmo_mdfl.sys [09/10/2008 06:18 p.m. 8304]
S3 cmo_mdm;Data Modem @ CDMA Drivers;c:\windows\system32\drivers\cmo_mdm.sys [09/10/2008 06:18 p.m. 93904]
S3 cmo_serd;Data Modem @ CDMA Diagnostic Serial Port (WDM);c:\windows\system32\drivers\cmo_serd.sys [09/10/2008 06:19 p.m. 73696]
S3 FANTOM;LEGO MINDSTORMS NXT Driver;c:\windows\system32\drivers\fantom.sys [10/03/2006 03:25 p.m. 39424]
S3 kwkxusb;Kyocera CDMA Wireless Modem Driver;c:\windows\system32\drivers\kwusb2k.sys [27/06/2007 09:22 a.m. 29952]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [25/01/2007 01:01 p.m. 42000]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
iplzph

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{EEBF9CA6-567B-41cd-B5F6-EF2C7FEF37B5}]
rundll32.exe advpack.dll,LaunchINFSectionEx c:\windows\INF\wmactedp.inf,PerUserStub,,4
.
Contents of the 'Scheduled Tasks' folder

2009-09-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\archivos de programa\Google\Update\GoogleUpdate.exe [2009-05-21 19:49]

2009-09-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\archivos de programa\Google\Update\GoogleUpdate.exe [2009-05-21 19:49]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://intranet.pdvsa.com
mStart Page = hxxp://intranet.pdvsa.com/
uInternet Connection Wizard,ShellNext = hxxp://intranet.pdvsa.com/
uInternet Settings,ProxyOverride = 162.122.43.*;127.0.0.*;192.168.1.*;162.122.152.*
IE: Download with GetRight - d:\archivos de programa\GetRight\GRdownload.htm
IE: E&xport to Microsoft Excel - c:\archiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Enviar a &Bluetooth - c:\archivos de programa\WIDCOMM\Software Bluetooth\btsendto_ie_ctx.htm
IE: Open with GetRight Browser - d:\archivos de programa\GetRight\GRbrowse.htm
FF - ProfilePath - d:\documents and settings\borgesjh\Datos de programa\Mozilla\Firefox\Profiles\ddpbu7hg.default\
FF - prefs.js: browser.search.selectedEngine - Crawler Search
FF - prefs.js: browser.startup.homepage - hxxp://www.netvibes.com/
FF - prefs.js: keyword.URL - hxxp://www.crawler.com/search/dispatcher.aspx?tp=aus&tbid=60434&qkw=
FF - component: c:\archivos de programa\Google\Google Gears\Firefox\lib\ff35\gears.dll
FF - plugin: c:\archiv~1\SONYON~1\npsoe.dll
FF - plugin: c:\archivos de programa\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\archivos de programa\Java\jre1.5.0_09\bin\NPJava11.dll
FF - plugin: c:\archivos de programa\Java\jre1.5.0_09\bin\NPJava12.dll
FF - plugin: c:\archivos de programa\Java\jre1.5.0_09\bin\NPJava13.dll
FF - plugin: c:\archivos de programa\Java\jre1.5.0_09\bin\NPJava14.dll
FF - plugin: c:\archivos de programa\Java\jre1.5.0_09\bin\NPJava32.dll
FF - plugin: c:\archivos de programa\Java\jre1.5.0_09\bin\NPJPI150_09.dll
FF - plugin: c:\archivos de programa\Java\jre1.5.0_09\bin\NPOJI610.dll
FF - plugin: c:\archivos de programa\Mozilla Firefox\plugins\npmusicn.dll
FF - plugin: c:\archivos de programa\Netscape\Communicator\Program\Plugins\npaudio.dll
FF - plugin: c:\archivos de programa\Netscape\Communicator\Program\Plugins\npavi32.dll
FF - plugin: c:\archivos de programa\Netscape\Communicator\Program\Plugins\NPBeatSP.dll
FF - plugin: c:\archivos de programa\Netscape\Communicator\Program\Plugins\npdrmv2.dll
FF - plugin: c:\archivos de programa\Netscape\Communicator\Program\Plugins\npdsplay.dll
FF - plugin: c:\archivos de programa\Netscape\Communicator\Program\Plugins\NPLV71Win32.dll
FF - plugin: c:\archivos de programa\Netscape\Communicator\Program\Plugins\npmusicn.dll
FF - plugin: c:\archivos de programa\Netscape\Communicator\Program\Plugins\npnul32.dll
FF - plugin: c:\archivos de programa\Netscape\Communicator\Program\Plugins\NPOFFICE.DLL
FF - plugin: c:\archivos de programa\Netscape\Communicator\Program\Plugins\npsoestb.dll
FF - plugin: c:\archivos de programa\Netscape\Communicator\Program\Plugins\npswf32.dll
FF - plugin: c:\archivos de programa\Netscape\Communicator\Program\Plugins\npwmsdrm.dll
FF - plugin: d:\archivos de programa\Adobe\Acrobat 6.0\Reader\browser\nppdf32.dll
FF - plugin: d:\archivos de programa\VideoLAN\VLC\npvlc.dll
FF - plugin: d:\documents and settings\borgesjh\Datos de programa\Mozilla\Firefox\Profiles\ddpbu7hg.default\extensions\[email protected]\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-WinampAgent - d:\archivos de programa\Winamp\winampa.exe
HKLM-Run-pdfSaver3 - (no file)

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-10 14:16
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwClose, ZwOpenFile

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,79,00,73,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1064)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2480)
c:\archivos de programa\Archivos comunes\TortoiseOverlays\TortoiseOverlays.dll
c:\archivos de programa\TortoiseSVN\bin\TortoiseStub.dll
c:\archivos de programa\TortoiseSVN\bin\TortoiseSVN.dll
c:\archivos de programa\TortoiseSVN\bin\intl3_tsvn.dll
.
------------------------ Other Running Processes ------------------------
.
c:\archivos de programa\COMODO\COMODO Internet Security\cmdagent.exe
c:\archivos de programa\Alwil Software\Avast4\aswUpdSv.exe
c:\archivos de programa\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\scardsvr.exe
c:\archivos de programa\WIDCOMM\Software Bluetooth\bin\btwdins.exe
c:\windows\system32\Crypserv.exe
c:\archivos de programa\Cisco Systems\VPN Client\cvpnd.exe
c:\archivos de programa\Archivos comunes\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\niSvcLoc.exe
c:\archivos de programa\Google\Update\1.2.183.7\GoogleCrashHandler.exe
c:\windows\system32\opcenum.exe
c:\archivos de programa\PostgreSQL\8.2\bin\postgres.exe
c:\archivos de programa\PostgreSQL\8.2\bin\postgres.exe
c:\archivos de programa\PostgreSQL\8.2\bin\postgres.exe
c:\archivos de programa\PostgreSQL\8.2\bin\postgres.exe
c:\archivos de programa\TortoiseSVN\bin\TSVNCache.exe
c:\archivos de programa\Archivos comunes\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
d:\archivos de programa\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\windows\system32\wdfmgr.exe
c:\archivos de programa\Hewlett-Packard\Shared\hpqwmiex.exe
d:\archivos de programa\Styler\Styler.exe
c:\archivos de programa\Alwil Software\Avast4\ashMaiSv.exe
c:\archivos de programa\Alwil Software\Avast4\ashWebSv.exe
.
**************************************************************************
.
Completion time: 2009-09-10 14:20 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-10 18:50

Pre-Run: 10.733.166.592 bytes libres
Post-Run: 10.551.668.736 bytes libres

325 --- E O F --- 2008-06-16 17:03

HijackThis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:32:03, on 10/09/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Archivos de programa\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\Archivos de programa\Alwil Software\Avast4\aswUpdSv.exe
C:\Archivos de programa\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Archivos de programa\WIDCOMM\Software Bluetooth\bin\btwdins.exe
C:\WINDOWS\system32\crypserv.exe
d:\ARCHIV~1\Citect\CITECT~1\Batch\CTBREDDB.exe
C:\Archivos de programa\Cisco Systems\VPN Client\cvpnd.exe
C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\niSvcLoc.exe
C:\Archivos de programa\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\WINDOWS\system32\opcenum.exe
C:\Archivos de programa\TortoiseSVN\bin\TSVNCache.exe
C:\WINDOWS\system32\sar.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Archivos de programa\Archivos comunes\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
C:\Archivos de programa\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\WINDOWS\system32\AccelerometerSt.exe
C:\Archivos de programa\Archivos comunes\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
C:\Archivos de programa\Mindjet\MindManager 7\MMReminderService.exe
C:\WINDOWS\System32\ardat.exe
D:\Archivos de programa\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Archivos de programa\Sharp\Sharpdesk\SharpTray.exe
C:\Archivos de programa\Sharp\Sharpdesk\FtpServer.exe
C:\WINDOWS\system32\svchost.exe
C:\ARCHIV~1\ALWILS~1\Avast4\ashDisp.exe
C:\Archivos de programa\Archivos comunes\Ahead\lib\NMBgMonitor.exe
C:\Archivos de programa\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Archivos de programa\Mindjet\MindManager 7\PDF-XChange\pdfSaver\pdfSaver3.exe
D:\Archivos de programa\Wakoopa\Wakoopa.exe
C:\Archivos de programa\WIDCOMM\Software Bluetooth\BTTray.exe
D:\Archivos de programa\Styler\Styler.exe
C:\Archivos de programa\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Archivos de programa\Alwil Software\Avast4\ashMaiSv.exe
C:\Archivos de programa\COMODO\COMODO Internet Security\cfp.exe
C:\Archivos de programa\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Archivos de programa\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://intranet.pdvsa.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.c...spx?tb_id=60434
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.c...aspx?TbId=60434
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://intranet.pdvsa.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://intranet.pdvsa.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 162.122.43.*;127.0.0.*;192.168.1.*;162.122.152.*
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - d:\Archivos de programa\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: CmjBrowserHelperObject Object - {07A11D74-9D25-4fea-A833-8B0D76A5577A} - C:\Archivos de programa\Mindjet\MindManager 7\Mm7InternetExplorer.dll
O2 - BHO: IE to GetRight Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - D:\Archivos de programa\GetRight\xx2gr.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Archivos de programa\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Archivos de programa\Google\Google Gears\Internet Explorer\0.5.32.0\gears.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Archivos de programa\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Archivos de programa\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - d:\Archivos de programa\Styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [AccelerometerSysTrayApplet] C:\WINDOWS\system32\AccelerometerSt.exe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Archivos de programa\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MMReminderService] C:\Archivos de programa\Mindjet\MindManager 7\MMReminderService.exe
O4 - HKLM\..\Run: [SAR] "C:\WINDOWS\system32\sar.exe" -servicehelper
O4 - HKLM\..\Run: [DatosAR] %SystemRoot%\System32\ardat.exe
O4 - HKLM\..\Run: [StxTrayMenu] "d:\Archivos de programa\Seagate\SystemTray\StxMenuMgr.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Archivos de programa\Archivos comunes\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [IndexTray] "C:\Archivos de programa\Sharp\Sharpdesk\IndexTray.exe" /n
O4 - HKLM\..\Run: [SharpTray] "C:\Archivos de programa\Sharp\Sharpdesk\SharpTray.exe"
O4 - HKLM\..\Run: [TypeRegChecker] "C:\Archivos de programa\Sharp\Sharpdesk\TypeRegChecker.exe"
O4 - HKLM\..\Run: [FtpServer.exe] "C:\Archivos de programa\Sharp\Sharpdesk\FtpServer.exe" -usedefault
O4 - HKLM\..\Run: [LogonStudio] "C:\Archivos de programa\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Archivos de programa\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [avast!] C:\ARCHIV~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Archivos de programa\Archivos comunes\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [pdfSaver3] "C:\Archivos de programa\Mindjet\MindManager 7\PDF-XChange\pdfSaver\pdfSaver3.exe"
O4 - HKCU\..\Run: [Google Update] "d:\Documents and Settings\borgesjh\Configuración local\Datos de programa\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Wakoopa] D:\Archivos de programa\Wakoopa\Wakoopa.exe
O4 - HKUS\S-1-5-21-804370243-3699599220-1119816787-1008\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'postgres')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: Styler.lnk = ? (User 'SYSTEM')
O4 - .DEFAULT Startup: Styler.lnk = ? (User 'Default user')
O4 - Startup: Styler.lnk = ?
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Palo Alto Software Update Manager 9.0.lnk = C:\Archivos de programa\Archivos comunes\Palo Alto Software\9.0\PAS9_Update.exe
O4 - Global Startup: RescueTime.lnk = C:\Archivos de programa\RescueTime\RescueTime.exe
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: Download with GetRight - D:\Archivos de programa\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Enviar a &Bluetooth - C:\Archivos de programa\WIDCOMM\Software Bluetooth\btsendto_ie_ctx.htm
O8 - Extra context menu item: Open with GetRight Browser - D:\Archivos de programa\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Archivos de programa\Google\Google Gears\Internet Explorer\0.5.32.0\gears.dll
O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Archivos de programa\Google\Google Gears\Internet Explorer\0.5.32.0\gears.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - D:\Archivos de programa\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - D:\Archivos de programa\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - d:\ARCHIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Send to Mindjet MindManager - {941E1A34-C6AF-4baa-A973-224F9C3E04BF} - C:\Archivos de programa\Mindjet\MindManager 7\Mm7InternetExplorer.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Archivos de programa\WIDCOMM\Software Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Archivos de programa\WIDCOMM\Software Bluetooth\btsendto_ie.htm
O14 - IERESET.INF: START_PAGE_URL=http://intranet.pdvsa.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = pdvsa.com
O17 - HKLM\Software\..\Telephony: DomainName = occ.pdvsa.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{F7E7BC96-66E0-4CB8-BE2D-49B534238C25}: Domain = occ.pdvsa.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = pdvsa.com
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Archivos de programa\Archivos comunes\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - D:\Archivos de programa\Ares\chatServer.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Archivos de programa\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Archivos de programa\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Archivos de programa\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Archivos de programa\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Archivos de programa\WIDCOMM\Software Bluetooth\bin\btwdins.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Archivos de programa\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: Citect Batch Redundant Database (CTBREDDB) - Felten GmbH - d:\ARCHIV~1\Citect\CITECT~1\Batch\CTBREDDB.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Archivos de programa\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: ICONICS License Server (GenRegistrar) (GenRegistrar) - ICONICS, Inc. - D:\Archivos de programa\ICONICS\GraphWorx32\Bin\GenRegistrarServer.exe
O23 - Service: Google Update Service (gupdate1c9da4d5e2d7b77) (gupdate1c9da4d5e2d7b77) - Google Inc. - C:\Archivos de programa\Google\Update\GoogleUpdate.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Archivos de programa\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Archivos de programa\Archivos comunes\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NILM License manager - Macrovision Corporation - C:\Archivos de programa\National Instruments\Shared\License Manager\Bin\lmgrd.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments - C:\WINDOWS\system32\niSvcLoc.exe
O23 - Service: OpcEnum - OPC Foundation - C:\WINDOWS\system32\opcenum.exe
O23 - Service: PostgreSQL Database Server 8.2 (pgsql-8.2) - PostgreSQL Global Development Group - C:\Archivos de programa\PostgreSQL\8.2\bin\pg_ctl.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Archivos de programa\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Archivos de programa\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Archivos de programa\Archivos comunes\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Archivos de programa\Archivos comunes\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Archivos de programa\Archivos comunes\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Archivos de programa\WinPcap\rpcapd.exe
O23 - Service: SAR Server 1.2.0 (SAR) - Unknown owner - C:\WINDOWS\system32\sar.exe
O23 - Service: Sentinel Keys Server (SentinelKeysServer) - SafeNet, Inc. - C:\Archivos de programa\Archivos comunes\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Archivos de programa\Archivos comunes\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - D:\Archivos de programa\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 13970 bytes

#4
fenzodahl512

Posted 10 September 2009 - 01:29 PM

Malware Removal
9,863 posts

1. Please open Notepad

If you don't know how, just go to Start >> Run >> copy/paste notepad.exe >> Enter

2. Now copy/paste the entire content of the codebox below into the Notepad window:

KillAll::

NetSvc::
iplzph

Driver::
iplzph

RegLock::
[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image

5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

Combofix.txt
A new HijackThis log.

#5
JBorges

Posted 10 September 2009 - 05:27 PM

Member

Topic Starter
Member
15 posts

Ok, done that.

ComboFix

ComboFix 09-09-09.09 - BORGESJH 10/09/2009 18:37.2.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.58.3082.18.3071.2524 [GMT -4,5:30]
Running from: d:\documents and settings\borgesjh\Escritorio\ComboFix.exe
Command switches used :: d:\documents and settings\borgesjh\Escritorio\CFScript.txt
AV: avast! antivirus 4.8.1351 [VPS 090910-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_IPLZPH
-------\Service_iplzph

((((((((((((((((((((((((( Files Created from 2009-08-10 to 2009-09-10 )))))))))))))))))))))))))))))))
.

2009-09-10 19:01 . 2009-09-10 19:01 -------- d-----w- c:\archivos de programa\Trend Micro
2009-09-07 03:58 . 2009-08-17 16:04 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-09-07 03:58 . 2009-08-17 16:04 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-09-07 03:58 . 2009-08-17 16:03 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-09-07 03:58 . 2009-08-17 16:06 93392 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-09-07 03:58 . 2009-08-17 16:06 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-09-07 03:58 . 2009-08-17 16:05 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-09-07 03:58 . 2009-08-17 16:05 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-09-07 03:58 . 2009-08-17 16:02 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-09-07 03:57 . 2009-08-17 16:10 1279456 ----a-w- c:\windows\system32\aswBoot.exe
2009-09-07 03:57 . 2009-09-07 03:57 -------- d-----w- c:\archivos de programa\Alwil Software
2009-09-07 03:01 . 2009-09-07 03:01 -------- d-----w- d:\documents and settings\borgesjh\Datos de programa\Malwarebytes
2009-09-07 03:00 . 2009-08-03 18:06 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-07 03:00 . 2009-09-07 03:00 -------- d-----w- d:\documents and settings\All Users\Datos de programa\Malwarebytes
2009-09-07 03:00 . 2009-08-03 18:06 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-07 03:00 . 2009-09-07 03:01 -------- d-----w- c:\archivos de programa\Malwarebytes' Anti-Malware
2009-09-07 02:58 . 2009-09-07 02:58 -------- d-----w- c:\archivos de programa\ERUNT
2009-09-07 02:09 . 2009-09-07 02:09 -------- d-----w- C:\VundoFix Backups
2009-09-07 01:49 . 2009-07-28 21:03 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-09-07 01:41 . 2009-09-07 01:41 262144 ----a-w- d:\documents and settings\GUTIER~2.COM
2009-09-07 01:41 . 2009-09-07 01:41 -------- d-----w- d:\documents and settings\All Users\Datos de programa\avg7
2009-09-07 01:40 . 2009-09-07 01:40 262144 ----a-w- d:\documents and settings\GUTIER~1.COM
2009-09-02 03:44 . 2009-09-02 03:44 -------- d-----w- c:\archivos de programa\RescueTime
2009-08-30 23:06 . 2009-08-30 23:06 -------- d-----w- c:\archivos de programa\Archivos comunes\Windows Live
2009-08-28 18:00 . 2009-08-28 18:08 -------- d-----w- d:\documents and settings\All Users\Datos de programa\Comodo
2009-08-28 18:00 . 2009-08-28 18:00 87104 ----a-w- c:\windows\system32\drivers\inspect.sys
2009-08-28 18:00 . 2009-08-28 18:00 179792 ----a-w- c:\windows\system32\guard32.dll
2009-08-28 18:00 . 2009-08-28 18:00 25160 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2009-08-28 18:00 . 2009-08-28 18:00 132168 ----a-w- c:\windows\system32\drivers\cmdguard.sys
2009-08-28 18:00 . 2009-08-28 18:00 -------- d-----w- c:\archivos de programa\COMODO
2009-08-27 12:37 . 2009-08-27 12:39 -------- d-----w- d:\documents and settings\borgesjh\Datos de programa\DivX
2009-08-27 12:36 . 2009-08-27 12:36 -------- d-----w- c:\archivos de programa\Archivos comunes\DivX Shared
2009-08-27 12:36 . 2009-08-27 12:37 -------- d-----w- c:\archivos de programa\DivX

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-10 18:49 . 2001-08-23 08:00 88674 ----a-w- c:\windows\system32\perfc00A.dat
2009-09-10 18:49 . 2001-08-23 08:00 481582 ----a-w- c:\windows\system32\perfh00A.dat
2009-09-10 10:56 . 2009-06-02 03:16 -------- d-----w- d:\documents and settings\borgesjh\Datos de programa\uTorrent
2009-09-09 03:16 . 2009-05-21 19:49 -------- d-----w- c:\archivos de programa\Google
2009-09-06 23:13 . 2009-01-22 19:05 256 ----a-w- c:\windows\system32\pool.bin
2009-09-06 22:09 . 2009-01-22 02:34 -------- d-----w- c:\archivos de programa\Archivos comunes\Research In Motion
2009-07-26 22:52 . 2009-07-26 19:20 -------- d-----w- d:\documents and settings\borgesjh\Datos de programa\TortoiseSVN
2009-07-26 19:01 . 2009-07-26 19:01 -------- d-----w- c:\archivos de programa\Subversion
2009-07-25 22:53 . 2009-07-25 22:53 -------- d-----w- c:\archivos de programa\TortoiseSVN
2009-07-25 22:53 . 2009-07-25 22:53 -------- d-----w- c:\archivos de programa\Archivos comunes\TortoiseOverlays
2009-07-25 17:55 . 2009-07-25 17:55 -------- d-----w- d:\documents and settings\borgesjh\Datos de programa\Subversion
2009-07-25 05:42 . 2009-07-25 05:22 -------- d-----w- d:\documents and settings\borgesjh\Datos de programa\ActiveState
2009-07-25 05:41 . 2009-07-25 05:23 -------- d-----w- c:\archivos de programa\ActiveState Komodo IDE 5
2009-07-25 05:28 . 2009-07-25 05:28 -------- d-----w- d:\documents and settings\All Users\Datos de programa\ActiveState
2009-07-25 01:41 . 2009-07-25 01:41 -------- d-----w- c:\archivos de programa\TweetDeck
2009-07-21 18:34 . 2009-07-21 18:34 -------- d-----w- d:\documents and settings\borgesjh\Datos de programa\Sparx Systems
2009-07-14 00:17 . 2008-01-22 01:01 129784 ------w- c:\windows\system32\pxafs.dll
2009-07-14 00:15 . 2009-07-14 00:15 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-07-14 00:15 . 2009-07-14 00:15 823296 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-07-14 00:15 . 2009-07-14 00:15 823296 ----a-w- c:\windows\system32\divx_xx07.dll
2009-07-14 00:15 . 2009-07-14 00:15 815104 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-07-14 00:15 . 2009-07-14 00:15 811008 ----a-w- c:\windows\system32\divx_xx16.dll
2009-07-14 00:15 . 2009-07-14 00:15 802816 ----a-w- c:\windows\system32\divx_xx11.dll
2009-07-14 00:15 . 2009-07-14 00:15 685056 ----a-w- c:\windows\system32\DivX.dll
2004-03-15 22:51 . 2004-03-15 22:51 114688 ----a-w- c:\archivos de programa\internet explorer\plugins\LV71ActiveXControl.dll
2009-07-14 00:16 . 2009-07-14 00:16 1044480 ----a-w- c:\archivos de programa\mozilla firefox\plugins\libdivx.dll
2009-07-14 00:16 . 2009-07-14 00:16 200704 ----a-w- c:\archivos de programa\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-09-10_18.46.47 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-09-10 23:14 . 2009-09-10 23:14 16384 c:\windows\Temp\Perflib_Perfdata_770.dat
+ 2001-08-23 08:00 . 2009-09-10 18:49 69782 c:\windows\system32\perfc009.dat
- 2001-08-23 08:00 . 2008-09-20 12:50 69782 c:\windows\system32\perfc009.dat
+ 2001-08-23 08:00 . 2009-09-10 18:49 418942 c:\windows\system32\perfh009.dat
- 2001-08-23 08:00 . 2008-09-20 12:50 418942 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2009-06-05 22:31 85712 ----a-w- c:\archivos de programa\Archivos comunes\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2009-06-05 22:31 85712 ----a-w- c:\archivos de programa\Archivos comunes\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2009-06-05 22:31 85712 ----a-w- c:\archivos de programa\Archivos comunes\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2009-06-05 22:31 85712 ----a-w- c:\archivos de programa\Archivos comunes\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2009-06-05 22:31 85712 ----a-w- c:\archivos de programa\Archivos comunes\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2009-06-05 22:31 85712 ----a-w- c:\archivos de programa\Archivos comunes\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2009-06-05 22:31 85712 ----a-w- c:\archivos de programa\Archivos comunes\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2009-06-05 22:31 85712 ----a-w- c:\archivos de programa\Archivos comunes\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2009-06-05 22:31 85712 ----a-w- c:\archivos de programa\Archivos comunes\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\archivos de programa\Archivos comunes\Ahead\lib\NMBgMonitor.exe" [2005-10-28 94208]
"pdfSaver3"="c:\archivos de programa\Mindjet\MindManager 7\PDF-XChange\pdfSaver\pdfSaver3.exe" [2004-09-05 380928]
"Google Update"="d:\documents and settings\borgesjh\Configuración local\Datos de programa\Google\Update\GoogleUpdate.exe" [2008-12-19 133104]
"Wakoopa"="d:\archivos de programa\Wakoopa\Wakoopa.exe" [2008-10-30 565248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QlbCtrl"="c:\archivos de programa\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-03-02 131072]
"AccelerometerSysTrayApplet"="c:\windows\system32\AccelerometerSt.exe" [2006-01-17 53248]
"Synchronization Manager"="c:\windows\system32\mobsync.exe" [2001-08-23 143872]
"Sony Ericsson PC Suite"="c:\archivos de programa\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2006-11-24 487424]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"MMReminderService"="c:\archivos de programa\Mindjet\MindManager 7\MMReminderService.exe" [2007-05-18 37392]
"SAR"="c:\windows\system32\sar.exe" [2008-09-12 315392]
"DatosAR"="c:\windows\System32\ardat.exe" [2008-09-12 36864]
"StxTrayMenu"="d:\archivos de programa\Seagate\SystemTray\StxMenuMgr.exe" [2007-01-18 190008]
"RoxWatchTray"="c:\archivos de programa\Archivos comunes\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2008-06-08 236016]
"IndexTray"="c:\archivos de programa\Sharp\Sharpdesk\IndexTray.exe" [2006-04-17 106496]
"SharpTray"="c:\archivos de programa\Sharp\Sharpdesk\SharpTray.exe" [2006-04-17 32768]
"TypeRegChecker"="c:\archivos de programa\Sharp\Sharpdesk\TypeRegChecker.exe" [2006-04-17 57344]
"FtpServer.exe"="c:\archivos de programa\Sharp\Sharpdesk\FtpServer.exe" [2006-04-18 692224]
"LogonStudio"="c:\archivos de programa\WinCustomize\LogonStudio\logonstudio.exe" [2002-09-03 987187]
"COMODO Internet Security"="c:\archivos de programa\COMODO\COMODO Internet Security\cfp.exe" [2009-08-28 1796368]
"avast!"="c:\archiv~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2005-12-12 88203]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2001-08-23 15360]

d:\documents and settings\borgesjh\Men£ Inicio\Programas\Inicio\
Styler.lnk - d:\documents and settings\borgesjh\Datos de programa\Microsoft\Installer\{E9ECF354-2422-4FDB-9ABF-D8ADAC0EF941}\_585b207a.exe [2009-1-15 15086]

d:\documents and settings\Administrador\Men£ Inicio\Programas\Inicio\
Adobe Gamma.lnk - c:\archivos de programa\Archivos comunes\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

d:\documents and settings\Administrador\Men£ Inicio\Programas\Inicio\
Adobe Gamma.lnk - c:\archivos de programa\Archivos comunes\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

d:\documents and settings\borgesjh\Men£ Inicio\Programas\Inicio\
Styler.lnk - d:\documents and settings\borgesjh\Datos de programa\Microsoft\Installer\{E9ECF354-2422-4FDB-9ABF-D8ADAC0EF941}\_585b207a.exe [2009-1-15 15086]

d:\documents and settings\borgesjh\Men£ Inicio\Programas\Inicio\
Styler.lnk - d:\documents and settings\borgesjh\Datos de programa\Microsoft\Installer\{E9ECF354-2422-4FDB-9ABF-D8ADAC0EF941}\_585b207a.exe [2009-1-15 15086]

d:\documents and settings\All Users\Men£ Inicio\Programas\Inicio\
BTTray.lnk - c:\archivos de programa\WIDCOMM\Software Bluetooth\BTTray.exe [2006-2-15 581693]
Palo Alto Software Update Manager 9.0.lnk - c:\archivos de programa\Archivos comunes\Palo Alto Software\9.0\PAS9_Update.exe [2006-9-5 122880]
RescueTime.lnk - c:\archivos de programa\RescueTime\RescueTime.exe [2009-9-1 2351616]

d:\documents and settings\borgesjh\Men£ Inicio\Programas\Inicio\
Styler.lnk - d:\documents and settings\borgesjh\Datos de programa\Microsoft\Installer\{E9ECF354-2422-4FDB-9ABF-D8ADAC0EF941}\_585b207a.exe [2009-1-15 15086]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMMyPictures"= 1 (0x1)
"NoStartMenuMyMusic"= 1 (0x1)
"MemCheckBoxInRunDlg"= 1 (0x1)
"DisablePersonalDirChange"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\windows\system32\logonuiX.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1078081533-796845957-1801674531-980394\Scripts\Logon\0\0]
"Script"=\\pdvsa.com\SysVol\pdvsa.com\Scripts\SP\instalaSP.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1078081533-796845957-1801674531-980394\Scripts\Logon\0\1]
"Script"=\\pdvsa.com\netlogon\corregiroffice\POWEREXWORD.VBS

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Archivos de programa\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Archivos de programa\\Windows Live\\Messenger\\livecall.exe"=

R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [31/07/2008 08:45 p.m. 20616]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [06/09/2009 11:28 p.m. 114768]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [28/08/2009 01:30 p.m. 132168]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [28/08/2009 01:30 p.m. 25160]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [06/09/2009 11:28 p.m. 20560]
R2 CTBREDDB;Citect Batch Redundant Database;d:\archiv~1\Citect\CITECT~1\Batch\CTBREDDB.exe [28/02/2008 08:40 a.m. 90112]
R2 pgsql-8.2;PostgreSQL Database Server 8.2;c:\archivos de programa\PostgreSQL\8.2\bin\pg_ctl.exe [20/04/2007 10:52 a.m. 79324]
R2 SAR;SAR Server 1.2.0;c:\windows\system32\sar.exe [12/09/2008 08:20 a.m. 315392]
R2 SentinelKeysServer;Sentinel Keys Server;c:\archivos de programa\Archivos comunes\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [22/08/2006 12:30 a.m. 316992]
R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [27/12/2006 02:37 p.m. 88192]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [27/12/2006 02:38 p.m. 36352]
R3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [02/07/2008 02:58 p.m. 26248]
S2 gupdate1c9da4d5e2d7b77;Google Update Service (gupdate1c9da4d5e2d7b77);c:\archivos de programa\Google\Update\GoogleUpdate.exe [21/05/2009 03:19 p.m. 133104]
S3 cmo_bus;Data Modem @ CDMA Composite Device driver (WDM);c:\windows\system32\drivers\cmo_bus.sys [09/10/2008 06:18 p.m. 58352]
S3 cmo_mdfl;Data Modem @ CDMA Filter;c:\windows\system32\drivers\cmo_mdfl.sys [09/10/2008 06:18 p.m. 8304]
S3 cmo_mdm;Data Modem @ CDMA Drivers;c:\windows\system32\drivers\cmo_mdm.sys [09/10/2008 06:18 p.m. 93904]
S3 cmo_serd;Data Modem @ CDMA Diagnostic Serial Port (WDM);c:\windows\system32\drivers\cmo_serd.sys [09/10/2008 06:19 p.m. 73696]
S3 FANTOM;LEGO MINDSTORMS NXT Driver;c:\windows\system32\drivers\fantom.sys [10/03/2006 03:25 p.m. 39424]
S3 kwkxusb;Kyocera CDMA Wireless Modem Driver;c:\windows\system32\drivers\kwusb2k.sys [27/06/2007 09:22 a.m. 29952]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [25/01/2007 01:01 p.m. 42000]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{EEBF9CA6-567B-41cd-B5F6-EF2C7FEF37B5}]
rundll32.exe advpack.dll,LaunchINFSectionEx c:\windows\INF\wmactedp.inf,PerUserStub,,4
.
Contents of the 'Scheduled Tasks' folder

2009-09-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\archivos de programa\Google\Update\GoogleUpdate.exe [2009-05-21 19:49]

2009-09-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\archivos de programa\Google\Update\GoogleUpdate.exe [2009-05-21 19:49]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://intranet.pdvsa.com
mStart Page = hxxp://intranet.pdvsa.com/
uInternet Connection Wizard,ShellNext = hxxp://intranet.pdvsa.com/
uInternet Settings,ProxyOverride = 162.122.43.*;127.0.0.*;192.168.1.*;162.122.152.*
IE: Download with GetRight - d:\archivos de programa\GetRight\GRdownload.htm
IE: E&xport to Microsoft Excel - c:\archiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Enviar a &Bluetooth - c:\archivos de programa\WIDCOMM\Software Bluetooth\btsendto_ie_ctx.htm
IE: Open with GetRight Browser - d:\archivos de programa\GetRight\GRbrowse.htm
FF - ProfilePath - d:\documents and settings\borgesjh\Datos de programa\Mozilla\Firefox\Profiles\ddpbu7hg.default\
FF - prefs.js: browser.search.selectedEngine - Crawler Search
FF - prefs.js: browser.startup.homepage - hxxp://www.netvibes.com/
FF - prefs.js: keyword.URL - hxxp://www.crawler.com/search/dispatcher.aspx?tp=aus&tbid=60434&qkw=
FF - component: c:\archivos de programa\Google\Google Gears\Firefox\lib\ff35\gears.dll
FF - plugin: c:\archiv~1\SONYON~1\npsoe.dll
FF - plugin: c:\archivos de programa\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\archivos de programa\Java\jre1.5.0_09\bin\NPJava11.dll
FF - plugin: c:\archivos de programa\Java\jre1.5.0_09\bin\NPJava12.dll
FF - plugin: c:\archivos de programa\Java\jre1.5.0_09\bin\NPJava13.dll
FF - plugin: c:\archivos de programa\Java\jre1.5.0_09\bin\NPJava14.dll
FF - plugin: c:\archivos de programa\Java\jre1.5.0_09\bin\NPJava32.dll
FF - plugin: c:\archivos de programa\Java\jre1.5.0_09\bin\NPJPI150_09.dll
FF - plugin: c:\archivos de programa\Java\jre1.5.0_09\bin\NPOJI610.dll
FF - plugin: c:\archivos de programa\Mozilla Firefox\plugins\npmusicn.dll
FF - plugin: c:\archivos de programa\Netscape\Communicator\Program\Plugins\npaudio.dll
FF - plugin: c:\archivos de programa\Netscape\Communicator\Program\Plugins\npavi32.dll
FF - plugin: c:\archivos de programa\Netscape\Communicator\Program\Plugins\NPBeatSP.dll
FF - plugin: c:\archivos de programa\Netscape\Communicator\Program\Plugins\npdrmv2.dll
FF - plugin: c:\archivos de programa\Netscape\Communicator\Program\Plugins\npdsplay.dll
FF - plugin: c:\archivos de programa\Netscape\Communicator\Program\Plugins\NPLV71Win32.dll
FF - plugin: c:\archivos de programa\Netscape\Communicator\Program\Plugins\npmusicn.dll
FF - plugin: c:\archivos de programa\Netscape\Communicator\Program\Plugins\npnul32.dll
FF - plugin: c:\archivos de programa\Netscape\Communicator\Program\Plugins\NPOFFICE.DLL
FF - plugin: c:\archivos de programa\Netscape\Communicator\Program\Plugins\npsoestb.dll
FF - plugin: c:\archivos de programa\Netscape\Communicator\Program\Plugins\npswf32.dll
FF - plugin: c:\archivos de programa\Netscape\Communicator\Program\Plugins\npwmsdrm.dll
FF - plugin: d:\archivos de programa\Adobe\Acrobat 6.0\Reader\browser\nppdf32.dll
FF - plugin: d:\archivos de programa\VideoLAN\VLC\npvlc.dll
FF - plugin: d:\documents and settings\borgesjh\Datos de programa\Mozilla\Firefox\Profiles\ddpbu7hg.default\extensions\[email protected]\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-10 18:48
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwClose, ZwOpenFile

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,79,00,73,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1064)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3816)
c:\archivos de programa\Archivos comunes\TortoiseOverlays\TortoiseOverlays.dll
c:\archivos de programa\TortoiseSVN\bin\TortoiseStub.dll
c:\archivos de programa\TortoiseSVN\bin\TortoiseSVN.dll
c:\archivos de programa\TortoiseSVN\bin\intl3_tsvn.dll
.
------------------------ Other Running Processes ------------------------
.
c:\archivos de programa\COMODO\COMODO Internet Security\cmdagent.exe
c:\archivos de programa\Alwil Software\Avast4\aswUpdSv.exe
c:\archivos de programa\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\scardsvr.exe
c:\archivos de programa\WIDCOMM\Software Bluetooth\bin\btwdins.exe
c:\windows\system32\Crypserv.exe
c:\archivos de programa\Cisco Systems\VPN Client\cvpnd.exe
c:\archivos de programa\Archivos comunes\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\niSvcLoc.exe
c:\archivos de programa\Google\Update\1.2.183.7\GoogleCrashHandler.exe
c:\windows\system32\opcenum.exe
c:\archivos de programa\PostgreSQL\8.2\bin\postgres.exe
c:\archivos de programa\PostgreSQL\8.2\bin\postgres.exe
c:\archivos de programa\PostgreSQL\8.2\bin\postgres.exe
c:\archivos de programa\PostgreSQL\8.2\bin\postgres.exe
c:\archivos de programa\TortoiseSVN\bin\TSVNCache.exe
c:\archivos de programa\Archivos comunes\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
d:\archivos de programa\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\windows\system32\wdfmgr.exe
c:\archivos de programa\Hewlett-Packard\Shared\hpqwmiex.exe
d:\archivos de programa\Styler\Styler.exe
c:\archivos de programa\Alwil Software\Avast4\ashMaiSv.exe
c:\archivos de programa\Alwil Software\Avast4\ashWebSv.exe
.
**************************************************************************
.
Completion time: 2009-09-10 18:52 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-10 23:22
ComboFix2.txt 2009-09-10 18:50

Pre-Run: 10.534.408.192 bytes libres
Post-Run: 10.483.429.376 bytes libres

321 --- E O F --- 2008-06-16 17:03

Hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 06:54:39, on 10/09/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Archivos de programa\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\Archivos de programa\Alwil Software\Avast4\aswUpdSv.exe
C:\Archivos de programa\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Archivos de programa\WIDCOMM\Software Bluetooth\bin\btwdins.exe
C:\WINDOWS\system32\crypserv.exe
d:\ARCHIV~1\Citect\CITECT~1\Batch\CTBREDDB.exe
C:\Archivos de programa\Cisco Systems\VPN Client\cvpnd.exe
C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\niSvcLoc.exe
C:\Archivos de programa\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\WINDOWS\system32\opcenum.exe
C:\Archivos de programa\TortoiseSVN\bin\TSVNCache.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Archivos de programa\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\WINDOWS\system32\AccelerometerSt.exe
C:\Archivos de programa\Mindjet\MindManager 7\MMReminderService.exe
C:\WINDOWS\System32\ardat.exe
C:\WINDOWS\system32\sar.exe
C:\Archivos de programa\Archivos comunes\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
C:\Archivos de programa\Sharp\Sharpdesk\SharpTray.exe
C:\Archivos de programa\Archivos comunes\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
C:\Archivos de programa\Sharp\Sharpdesk\FtpServer.exe
D:\Archivos de programa\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\ARCHIV~1\ALWILS~1\Avast4\ashDisp.exe
C:\Archivos de programa\Archivos comunes\Ahead\lib\NMBgMonitor.exe
C:\Archivos de programa\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Archivos de programa\Mindjet\MindManager 7\PDF-XChange\pdfSaver\pdfSaver3.exe
D:\Documents and Settings\borgesjh\Configuración local\Datos de programa\Google\Update\GoogleUpdate.exe
D:\Archivos de programa\Wakoopa\Wakoopa.exe
C:\Archivos de programa\WIDCOMM\Software Bluetooth\BTTray.exe
D:\Archivos de programa\Styler\Styler.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Archivos de programa\Alwil Software\Avast4\ashWebSv.exe
C:\Archivos de programa\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://intranet.pdvsa.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.c...spx?tb_id=60434
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.c...aspx?TbId=60434
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://intranet.pdvsa.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://intranet.pdvsa.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 162.122.43.*;127.0.0.*;192.168.1.*;162.122.152.*
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - d:\Archivos de programa\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: CmjBrowserHelperObject Object - {07A11D74-9D25-4fea-A833-8B0D76A5577A} - C:\Archivos de programa\Mindjet\MindManager 7\Mm7InternetExplorer.dll
O2 - BHO: IE to GetRight Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - D:\Archivos de programa\GetRight\xx2gr.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Archivos de programa\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Archivos de programa\Google\Google Gears\Internet Explorer\0.5.32.0\gears.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Archivos de programa\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Archivos de programa\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - d:\Archivos de programa\Styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [AccelerometerSysTrayApplet] C:\WINDOWS\system32\AccelerometerSt.exe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Archivos de programa\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MMReminderService] C:\Archivos de programa\Mindjet\MindManager 7\MMReminderService.exe
O4 - HKLM\..\Run: [SAR] "C:\WINDOWS\system32\sar.exe" -servicehelper
O4 - HKLM\..\Run: [DatosAR] %SystemRoot%\System32\ardat.exe
O4 - HKLM\..\Run: [StxTrayMenu] "d:\Archivos de programa\Seagate\SystemTray\StxMenuMgr.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Archivos de programa\Archivos comunes\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [IndexTray] "C:\Archivos de programa\Sharp\Sharpdesk\IndexTray.exe" /n
O4 - HKLM\..\Run: [SharpTray] "C:\Archivos de programa\Sharp\Sharpdesk\SharpTray.exe"
O4 - HKLM\..\Run: [TypeRegChecker] "C:\Archivos de programa\Sharp\Sharpdesk\TypeRegChecker.exe"
O4 - HKLM\..\Run: [FtpServer.exe] "C:\Archivos de programa\Sharp\Sharpdesk\FtpServer.exe" -usedefault
O4 - HKLM\..\Run: [LogonStudio] "C:\Archivos de programa\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Archivos de programa\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [avast!] C:\ARCHIV~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Archivos de programa\Archivos comunes\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [pdfSaver3] "C:\Archivos de programa\Mindjet\MindManager 7\PDF-XChange\pdfSaver\pdfSaver3.exe"
O4 - HKCU\..\Run: [Google Update] "d:\Documents and Settings\borgesjh\Configuración local\Datos de programa\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Wakoopa] D:\Archivos de programa\Wakoopa\Wakoopa.exe
O4 - HKUS\S-1-5-21-804370243-3699599220-1119816787-1008\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'postgres')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: Styler.lnk = ? (User 'SYSTEM')
O4 - .DEFAULT Startup: Styler.lnk = ? (User 'Default user')
O4 - Startup: Styler.lnk = ?
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Palo Alto Software Update Manager 9.0.lnk = C:\Archivos de programa\Archivos comunes\Palo Alto Software\9.0\PAS9_Update.exe
O4 - Global Startup: RescueTime.lnk = C:\Archivos de programa\RescueTime\RescueTime.exe
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: Download with GetRight - D:\Archivos de programa\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Enviar a &Bluetooth - C:\Archivos de programa\WIDCOMM\Software Bluetooth\btsendto_ie_ctx.htm
O8 - Extra context menu item: Open with GetRight Browser - D:\Archivos de programa\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Archivos de programa\Google\Google Gears\Internet Explorer\0.5.32.0\gears.dll
O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Archivos de programa\Google\Google Gears\Internet Explorer\0.5.32.0\gears.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - D:\Archivos de programa\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - D:\Archivos de programa\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - d:\ARCHIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Send to Mindjet MindManager - {941E1A34-C6AF-4baa-A973-224F9C3E04BF} - C:\Archivos de programa\Mindjet\MindManager 7\Mm7InternetExplorer.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Archivos de programa\WIDCOMM\Software Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Archivos de programa\WIDCOMM\Software Bluetooth\btsendto_ie.htm
O14 - IERESET.INF: START_PAGE_URL=http://intranet.pdvsa.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = pdvsa.com
O17 - HKLM\Software\..\Telephony: DomainName = occ.pdvsa.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{F7E7BC96-66E0-4CB8-BE2D-49B534238C25}: Domain = occ.pdvsa.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = pdvsa.com
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Archivos de programa\Archivos comunes\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - D:\Archivos de programa\Ares\chatServer.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Archivos de programa\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Archivos de programa\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Archivos de programa\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Archivos de programa\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Archivos de programa\WIDCOMM\Software Bluetooth\bin\btwdins.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Archivos de programa\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: Citect Batch Redundant Database (CTBREDDB) - Felten GmbH - d:\ARCHIV~1\Citect\CITECT~1\Batch\CTBREDDB.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Archivos de programa\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: ICONICS License Server (GenRegistrar) (GenRegistrar) - ICONICS, Inc. - D:\Archivos de programa\ICONICS\GraphWorx32\Bin\GenRegistrarServer.exe
O23 - Service: Google Update Service (gupdate1c9da4d5e2d7b77) (gupdate1c9da4d5e2d7b77) - Google Inc. - C:\Archivos de programa\Google\Update\GoogleUpdate.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Archivos de programa\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Archivos de programa\Archivos comunes\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NILM License manager - Macrovision Corporation - C:\Archivos de programa\National Instruments\Shared\License Manager\Bin\lmgrd.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments - C:\WINDOWS\system32\niSvcLoc.exe
O23 - Service: OpcEnum - OPC Foundation - C:\WINDOWS\system32\opcenum.exe
O23 - Service: PostgreSQL Database Server 8.2 (pgsql-8.2) - PostgreSQL Global Development Group - C:\Archivos de programa\PostgreSQL\8.2\bin\pg_ctl.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Archivos de programa\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Archivos de programa\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Archivos de programa\Archivos comunes\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Archivos de programa\Archivos comunes\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Archivos de programa\Archivos comunes\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Archivos de programa\WinPcap\rpcapd.exe
O23 - Service: SAR Server 1.2.0 (SAR) - Unknown owner - C:\WINDOWS\system32\sar.exe
O23 - Service: Sentinel Keys Server (SentinelKeysServer) - SafeNet, Inc. - C:\Archivos de programa\Archivos comunes\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Archivos de programa\Archivos comunes\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - D:\Archivos de programa\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 13864 bytes

#6
fenzodahl512

Posted 10 September 2009 - 10:14 PM

Malware Removal
9,863 posts

Please show hidden files and folders

Please go to VirusTotal.

1. Browse these files

c:\windows\system32\sar.exe
c:\windows\System32\ardat.exe

2. Hit the Send File >> Don't close the browser!

3. If the files have been analyze before, click on the Reanalyze file now button

4. Let it do the scanning until finish

5. Copy the report and paste it here (alternatively you can just post the link of the result)

Note: you can only send one file at a time..

NEXT

Please download Malwarebytes' Anti-Malware from HERE or HERE

Note: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Full Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

#7
JBorges

Posted 11 September 2009 - 09:35 AM

Member

Topic Starter
Member
15 posts

sar.exe
http://www.virustota...fae4-1252677893

ardat.exe
http://www.virustota...b0a3-1252678057

Antimalware: Please notice that I didn't delete L2Security.dll because it's a necessary file for a game.

Malwarebytes' Anti-Malware 1.41
Database version: 2780
Windows 5.1.2600 Service Pack 2

11/09/2009 10:48:14 a.m.
mbam-log-2009-09-11 (10-48-14).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 222426
Time elapsed: 39 minute(s), 42 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Qoobox\Quarantine\D\g8k.exe.vir (Worm.Magania) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\D\lcw.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully.
D:\Archivos de programa\Lineage II\L2\L2Security.dll (Malware.Packer.T) -> Not selected for removal.

#8
fenzodahl512

Posted 11 September 2009 - 09:43 AM

Malware Removal
9,863 posts

Do you know this program?

SAR Server

Also, do you have any idea of these files?

C:\WINDOWS\System32\ardat.exe
C:\WINDOWS\system32\sar.exe

#9
JBorges

Posted 11 September 2009 - 12:15 PM

Member

Topic Starter
Member
15 posts

Nope, I don't know that program or files.

#10
fenzodahl512

Posted 11 September 2009 - 12:21 PM

Malware Removal
9,863 posts

Are you from Venezuela?

1. Please open Notepad

If you don't know how, just go to Start >> Run >> copy/paste notepad.exe >> Enter

2. Now copy/paste the entire content of the codebox below into the Notepad window:

KillAll::

Driver::
SAR

File::
C:\WINDOWS\System32\ardat.exe
C:\WINDOWS\system32\sar.exe

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image

5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

Combofix.txt
A new HijackThis log.

#11
JBorges

Posted 11 September 2009 - 08:04 PM

Member

Topic Starter
Member
15 posts

That's right! Did you run an IP check on me or something? Are you Venezuelan as well ?

ComboFix

ComboFix 09-09-09.09 - BORGESJH 11/09/2009 21:15.3.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.58.3082.18.3071.2521 [GMT -4,5:30]
Running from: d:\documents and settings\borgesjh\Escritorio\ComboFix.exe
Command switches used :: d:\documents and settings\borgesjh\Escritorio\CFScript.txt
AV: avast! antivirus 4.8.1351 [VPS 090911-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
"c:\windows\System32\ardat.exe"
"c:\windows\system32\sar.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\System32\ardat.exe
c:\windows\system32\sar.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SAR
-------\Service_SAR

((((((((((((((((((((((((( Files Created from 2009-08-12 to 2009-09-12 )))))))))))))))))))))))))))))))
.

2009-09-10 19:01 . 2009-09-10 19:01 -------- d-----w- c:\archivos de programa\Trend Micro
2009-09-07 03:58 . 2009-08-17 16:04 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-09-07 03:58 . 2009-08-17 16:04 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-09-07 03:58 . 2009-08-17 16:03 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-09-07 03:58 . 2009-08-17 16:06 93392 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-09-07 03:58 . 2009-08-17 16:06 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-09-07 03:58 . 2009-08-17 16:05 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-09-07 03:58 . 2009-08-17 16:05 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-09-07 03:58 . 2009-08-17 16:02 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-09-07 03:57 . 2009-08-17 16:10 1279456 ----a-w- c:\windows\system32\aswBoot.exe
2009-09-07 03:57 . 2009-09-07 03:57 -------- d-----w- c:\archivos de programa\Alwil Software
2009-09-07 03:01 . 2009-09-07 03:01 -------- d-----w- d:\documents and settings\borgesjh\Datos de programa\Malwarebytes
2009-09-07 03:00 . 2009-09-10 19:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-07 03:00 . 2009-09-10 19:23 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-07 03:00 . 2009-09-07 03:00 -------- d-----w- d:\documents and settings\All Users\Datos de programa\Malwarebytes
2009-09-07 03:00 . 2009-09-11 14:14 -------- d-----w- c:\archivos de programa\Malwarebytes' Anti-Malware
2009-09-07 02:58 . 2009-09-07 02:58 -------- d-----w- c:\archivos de programa\ERUNT
2009-09-07 02:09 . 2009-09-07 02:09 -------- d-----w- C:\VundoFix Backups
2009-09-07 01:49 . 2009-07-28 21:03 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-09-07 01:41 . 2009-09-07 01:41 262144 ----a-w- d:\documents and settings\GUTIER~2.COM
2009-09-07 01:41 . 2009-09-07 01:41 -------- d-----w- d:\documents and settings\All Users\Datos de programa\avg7
2009-09-07 01:40 . 2009-09-07 01:40 262144 ----a-w- d:\documents and settings\GUTIER~1.COM
2009-09-02 03:44 . 2009-09-02 03:44 -------- d-----w- c:\archivos de programa\RescueTime
2009-08-30 23:06 . 2009-08-30 23:06 -------- d-----w- c:\archivos de programa\Archivos comunes\Windows Live
2009-08-28 18:00 . 2009-08-28 18:08 -------- d-----w- d:\documents and settings\All Users\Datos de programa\Comodo
2009-08-28 18:00 . 2009-08-28 18:00 87104 ----a-w- c:\windows\system32\drivers\inspect.sys
2009-08-28 18:00 . 2009-08-28 18:00 179792 ----a-w- c:\windows\system32\guard32.dll
2009-08-28 18:00 . 2009-08-28 18:00 25160 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2009-08-28 18:00 . 2009-08-28 18:00 132168 ----a-w- c:\windows\system32\drivers\cmdguard.sys
2009-08-28 18:00 . 2009-08-28 18:00 -------- d-----w- c:\archivos de programa\COMODO
2009-08-27 12:37 . 2009-08-27 12:39 -------- d-----w- d:\documents and settings\borgesjh\Datos de programa\DivX
2009-08-27 12:36 . 2009-08-27 12:36 -------- d-----w- c:\archivos de programa\Archivos comunes\DivX Shared
2009-08-27 12:36 . 2009-08-27 12:37 -------- d-----w- c:\archivos de programa\DivX

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-11 02:18 . 2009-06-02 03:16 -------- d-----w- d:\documents and settings\borgesjh\Datos de programa\uTorrent
2009-09-11 01:18 . 2009-05-21 19:49 -------- d-----w- c:\archivos de programa\Google
2009-09-10 18:49 . 2001-08-23 08:00 88674 ----a-w- c:\windows\system32\perfc00A.dat
2009-09-10 18:49 . 2001-08-23 08:00 481582 ----a-w- c:\windows\system32\perfh00A.dat
2009-09-06 23:13 . 2009-01-22 19:05 256 ----a-w- c:\windows\system32\pool.bin
2009-09-06 22:09 . 2009-01-22 02:34 -------- d-----w- c:\archivos de programa\Archivos comunes\Research In Motion
2009-07-26 22:52 . 2009-07-26 19:20 -------- d-----w- d:\documents and settings\borgesjh\Datos de programa\TortoiseSVN
2009-07-26 19:01 . 2009-07-26 19:01 -------- d-----w- c:\archivos de programa\Subversion
2009-07-25 22:53 . 2009-07-25 22:53 -------- d-----w- c:\archivos de programa\TortoiseSVN
2009-07-25 22:53 . 2009-07-25 22:53 -------- d-----w- c:\archivos de programa\Archivos comunes\TortoiseOverlays
2009-07-25 17:55 . 2009-07-25 17:55 -------- d-----w- d:\documents and settings\borgesjh\Datos de programa\Subversion
2009-07-25 05:42 . 2009-07-25 05:22 -------- d-----w- d:\documents and settings\borgesjh\Datos de programa\ActiveState
2009-07-25 05:41 . 2009-07-25 05:23 -------- d-----w- c:\archivos de programa\ActiveState Komodo IDE 5
2009-07-25 05:28 . 2009-07-25 05:28 -------- d-----w- d:\documents and settings\All Users\Datos de programa\ActiveState
2009-07-25 01:41 . 2009-07-25 01:41 -------- d-----w- c:\archivos de programa\TweetDeck
2009-07-21 18:34 . 2009-07-21 18:34 -------- d-----w- d:\documents and settings\borgesjh\Datos de programa\Sparx Systems
2009-07-14 00:17 . 2008-01-22 01:01 129784 ------w- c:\windows\system32\pxafs.dll
2009-07-14 00:15 . 2009-07-14 00:15 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-07-14 00:15 . 2009-07-14 00:15 823296 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-07-14 00:15 . 2009-07-14 00:15 823296 ----a-w- c:\windows\system32\divx_xx07.dll
2009-07-14 00:15 . 2009-07-14 00:15 815104 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-07-14 00:15 . 2009-07-14 00:15 811008 ----a-w- c:\windows\system32\divx_xx16.dll
2009-07-14 00:15 . 2009-07-14 00:15 802816 ----a-w- c:\windows\system32\divx_xx11.dll
2009-07-14 00:15 . 2009-07-14 00:15 685056 ----a-w- c:\windows\system32\DivX.dll
2004-03-15 22:51 . 2004-03-15 22:51 114688 ----a-w- c:\archivos de programa\internet explorer\plugins\LV71ActiveXControl.dll
2009-07-14 00:16 . 2009-07-14 00:16 1044480 ----a-w- c:\archivos de programa\mozilla firefox\plugins\libdivx.dll
2009-07-14 00:16 . 2009-07-14 00:16 200704 ----a-w- c:\archivos de programa\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-09-10_18.46.47 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-09-10 18:43 . 2009-09-10 18:43 16384 c:\windows\Temp\Perflib_Perfdata_76c.dat
+ 2009-09-12 01:53 . 2009-09-12 01:53 16384 c:\windows\Temp\Perflib_Perfdata_76c.dat
+ 2001-08-23 08:00 . 2009-09-10 18:49 69782 c:\windows\system32\perfc009.dat
- 2001-08-23 08:00 . 2008-09-20 12:50 69782 c:\windows\system32\perfc009.dat
+ 2001-08-23 08:00 . 2009-09-10 18:49 418942 c:\windows\system32\perfh009.dat
- 2001-08-23 08:00 . 2008-09-20 12:50 418942 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2009-06-05 22:31 85712 ----a-w- c:\archivos de programa\Archivos comunes\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2009-06-05 22:31 85712 ----a-w- c:\archivos de programa\Archivos comunes\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2009-06-05 22:31 85712 ----a-w- c:\archivos de programa\Archivos comunes\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2009-06-05 22:31 85712 ----a-w- c:\archivos de programa\Archivos comunes\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2009-06-05 22:31 85712 ----a-w- c:\archivos de programa\Archivos comunes\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2009-06-05 22:31 85712 ----a-w- c:\archivos de programa\Archivos comunes\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2009-06-05 22:31 85712 ----a-w- c:\archivos de programa\Archivos comunes\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2009-06-05 22:31 85712 ----a-w- c:\archivos de programa\Archivos comunes\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2009-06-05 22:31 85712 ----a-w- c:\archivos de programa\Archivos comunes\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\archivos de programa\Archivos comunes\Ahead\lib\NMBgMonitor.exe" [2005-10-28 94208]
"pdfSaver3"="c:\archivos de programa\Mindjet\MindManager 7\PDF-XChange\pdfSaver\pdfSaver3.exe" [2004-09-05 380928]
"Google Update"="d:\documents and settings\borgesjh\Configuración local\Datos de programa\Google\Update\GoogleUpdate.exe" [2008-12-19 133104]
"Wakoopa"="d:\archivos de programa\Wakoopa\Wakoopa.exe" [2008-10-30 565248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QlbCtrl"="c:\archivos de programa\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-03-02 131072]
"AccelerometerSysTrayApplet"="c:\windows\system32\AccelerometerSt.exe" [2006-01-17 53248]
"Synchronization Manager"="c:\windows\system32\mobsync.exe" [2001-08-23 143872]
"Sony Ericsson PC Suite"="c:\archivos de programa\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2006-11-24 487424]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"MMReminderService"="c:\archivos de programa\Mindjet\MindManager 7\MMReminderService.exe" [2007-05-18 37392]
"StxTrayMenu"="d:\archivos de programa\Seagate\SystemTray\StxMenuMgr.exe" [2007-01-18 190008]
"RoxWatchTray"="c:\archivos de programa\Archivos comunes\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2008-06-08 236016]
"IndexTray"="c:\archivos de programa\Sharp\Sharpdesk\IndexTray.exe" [2006-04-17 106496]
"SharpTray"="c:\archivos de programa\Sharp\Sharpdesk\SharpTray.exe" [2006-04-17 32768]
"TypeRegChecker"="c:\archivos de programa\Sharp\Sharpdesk\TypeRegChecker.exe" [2006-04-17 57344]
"FtpServer.exe"="c:\archivos de programa\Sharp\Sharpdesk\FtpServer.exe" [2006-04-18 692224]
"LogonStudio"="c:\archivos de programa\WinCustomize\LogonStudio\logonstudio.exe" [2002-09-03 987187]
"COMODO Internet Security"="c:\archivos de programa\COMODO\COMODO Internet Security\cfp.exe" [2009-08-28 1796368]
"avast!"="c:\archiv~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\archivos de programa\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
"Malwarebytes Anti-Malware (reboot)"="c:\archivos de programa\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2005-12-12 88203]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2001-08-23 15360]

d:\documents and settings\borgesjh\Men£ Inicio\Programas\Inicio\
Styler.lnk - d:\documents and settings\borgesjh\Datos de programa\Microsoft\Installer\{E9ECF354-2422-4FDB-9ABF-D8ADAC0EF941}\_585b207a.exe [2009-1-15 15086]

d:\documents and settings\Administrador\Men£ Inicio\Programas\Inicio\
Adobe Gamma.lnk - c:\archivos de programa\Archivos comunes\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

d:\documents and settings\Administrador\Men£ Inicio\Programas\Inicio\
Adobe Gamma.lnk - c:\archivos de programa\Archivos comunes\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

d:\documents and settings\borgesjh\Men£ Inicio\Programas\Inicio\
Styler.lnk - d:\documents and settings\borgesjh\Datos de programa\Microsoft\Installer\{E9ECF354-2422-4FDB-9ABF-D8ADAC0EF941}\_585b207a.exe [2009-1-15 15086]

d:\documents and settings\borgesjh\Men£ Inicio\Programas\Inicio\
Styler.lnk - d:\documents and settings\borgesjh\Datos de programa\Microsoft\Installer\{E9ECF354-2422-4FDB-9ABF-D8ADAC0EF941}\_585b207a.exe [2009-1-15 15086]

d:\documents and settings\All Users\Men£ Inicio\Programas\Inicio\
BTTray.lnk - c:\archivos de programa\WIDCOMM\Software Bluetooth\BTTray.exe [2006-2-15 581693]
Palo Alto Software Update Manager 9.0.lnk - c:\archivos de programa\Archivos comunes\Palo Alto Software\9.0\PAS9_Update.exe [2006-9-5 122880]
RescueTime.lnk - c:\archivos de programa\RescueTime\RescueTime.exe [2009-9-1 2351616]

d:\documents and settings\borgesjh\Men£ Inicio\Programas\Inicio\
Styler.lnk - d:\documents and settings\borgesjh\Datos de programa\Microsoft\Installer\{E9ECF354-2422-4FDB-9ABF-D8ADAC0EF941}\_585b207a.exe [2009-1-15 15086]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMMyPictures"= 1 (0x1)
"NoStartMenuMyMusic"= 1 (0x1)
"MemCheckBoxInRunDlg"= 1 (0x1)
"DisablePersonalDirChange"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\windows\system32\logonuiX.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1078081533-796845957-1801674531-980394\Scripts\Logon\0\0]
"Script"=\\pdvsa.com\SysVol\pdvsa.com\Scripts\SP\instalaSP.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1078081533-796845957-1801674531-980394\Scripts\Logon\0\1]
"Script"=\\pdvsa.com\netlogon\corregiroffice\POWEREXWORD.VBS

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Archivos de programa\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Archivos de programa\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Archivos de programa\\uTorrent\\uTorrent.exe"=

R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [31/07/2008 08:45 p.m. 20616]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [06/09/2009 11:28 p.m. 114768]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [28/08/2009 01:30 p.m. 132168]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [28/08/2009 01:30 p.m. 25160]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [06/09/2009 11:28 p.m. 20560]
R2 CTBREDDB;Citect Batch Redundant Database;d:\archiv~1\Citect\CITECT~1\Batch\CTBREDDB.exe [28/02/2008 08:40 a.m. 90112]
R2 pgsql-8.2;PostgreSQL Database Server 8.2;c:\archivos de programa\PostgreSQL\8.2\bin\pg_ctl.exe [20/04/2007 10:52 a.m. 79324]
R2 SentinelKeysServer;Sentinel Keys Server;c:\archivos de programa\Archivos comunes\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [22/08/2006 12:30 a.m. 316992]
R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [27/12/2006 02:37 p.m. 88192]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [27/12/2006 02:38 p.m. 36352]
R3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [02/07/2008 02:58 p.m. 26248]
S2 gupdate1c9da4d5e2d7b77;Google Update Service (gupdate1c9da4d5e2d7b77);c:\archivos de programa\Google\Update\GoogleUpdate.exe [21/05/2009 03:19 p.m. 133104]
S3 cmo_bus;Data Modem @ CDMA Composite Device driver (WDM);c:\windows\system32\drivers\cmo_bus.sys [09/10/2008 06:18 p.m. 58352]
S3 cmo_mdfl;Data Modem @ CDMA Filter;c:\windows\system32\drivers\cmo_mdfl.sys [09/10/2008 06:18 p.m. 8304]
S3 cmo_mdm;Data Modem @ CDMA Drivers;c:\windows\system32\drivers\cmo_mdm.sys [09/10/2008 06:18 p.m. 93904]
S3 cmo_serd;Data Modem @ CDMA Diagnostic Serial Port (WDM);c:\windows\system32\drivers\cmo_serd.sys [09/10/2008 06:19 p.m. 73696]
S3 FANTOM;LEGO MINDSTORMS NXT Driver;c:\windows\system32\drivers\fantom.sys [10/03/2006 03:25 p.m. 39424]
S3 kwkxusb;Kyocera CDMA Wireless Modem Driver;c:\windows\system32\drivers\kwusb2k.sys [27/06/2007 09:22 a.m. 29952]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [25/01/2007 01:01 p.m. 42000]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{EEBF9CA6-567B-41cd-B5F6-EF2C7FEF37B5}]
rundll32.exe advpack.dll,LaunchINFSectionEx c:\windows\INF\wmactedp.inf,PerUserStub,,4
.
Contents of the 'Scheduled Tasks' folder

2009-09-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\archivos de programa\Google\Update\GoogleUpdate.exe [2009-05-21 19:49]

2009-09-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\archivos de programa\Google\Update\GoogleUpdate.exe [2009-05-21 19:49]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://intranet.pdvsa.com
mStart Page = hxxp://intranet.pdvsa.com/
uInternet Connection Wizard,ShellNext = hxxp://intranet.pdvsa.com/
uInternet Settings,ProxyOverride = 162.122.43.*;127.0.0.*;192.168.1.*;162.122.152.*
IE: Download with GetRight - d:\archivos de programa\GetRight\GRdownload.htm
IE: E&xport to Microsoft Excel - c:\archiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Enviar a &Bluetooth - c:\archivos de programa\WIDCOMM\Software Bluetooth\btsendto_ie_ctx.htm
IE: Open with GetRight Browser - d:\archivos de programa\GetRight\GRbrowse.htm
FF - ProfilePath - d:\documents and settings\borgesjh\Datos de programa\Mozilla\Firefox\Profiles\ddpbu7hg.default\
FF - prefs.js: browser.search.selectedEngine - Crawler Search
FF - prefs.js: browser.startup.homepage - hxxp://www.netvibes.com/
FF - prefs.js: keyword.URL - hxxp://www.crawler.com/search/dispatcher.aspx?tp=aus&tbid=60434&qkw=
FF - component: c:\archivos de programa\Google\Google Gears\Firefox\lib\ff35\gears.dll
FF - plugin: c:\archiv~1\SONYON~1\npsoe.dll
FF - plugin: c:\archivos de programa\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\archivos de programa\Java\jre1.5.0_09\bin\NPJava11.dll
FF - plugin: c:\archivos de programa\Java\jre1.5.0_09\bin\NPJava12.dll
FF - plugin: c:\archivos de programa\Java\jre1.5.0_09\bin\NPJava13.dll
FF - plugin: c:\archivos de programa\Java\jre1.5.0_09\bin\NPJava14.dll
FF - plugin: c:\archivos de programa\Java\jre1.5.0_09\bin\NPJava32.dll
FF - plugin: c:\archivos de programa\Java\jre1.5.0_09\bin\NPJPI150_09.dll
FF - plugin: c:\archivos de programa\Java\jre1.5.0_09\bin\NPOJI610.dll
FF - plugin: c:\archivos de programa\Mozilla Firefox\plugins\npmusicn.dll
FF - plugin: c:\archivos de programa\Netscape\Communicator\Program\Plugins\npaudio.dll
FF - plugin: c:\archivos de programa\Netscape\Communicator\Program\Plugins\npavi32.dll
FF - plugin: c:\archivos de programa\Netscape\Communicator\Program\Plugins\NPBeatSP.dll
FF - plugin: c:\archivos de programa\Netscape\Communicator\Program\Plugins\npdrmv2.dll
FF - plugin: c:\archivos de programa\Netscape\Communicator\Program\Plugins\npdsplay.dll
FF - plugin: c:\archivos de programa\Netscape\Communicator\Program\Plugins\NPLV71Win32.dll
FF - plugin: c:\archivos de programa\Netscape\Communicator\Program\Plugins\npmusicn.dll
FF - plugin: c:\archivos de programa\Netscape\Communicator\Program\Plugins\npnul32.dll
FF - plugin: c:\archivos de programa\Netscape\Communicator\Program\Plugins\NPOFFICE.DLL
FF - plugin: c:\archivos de programa\Netscape\Communicator\Program\Plugins\npsoestb.dll
FF - plugin: c:\archivos de programa\Netscape\Communicator\Program\Plugins\npswf32.dll
FF - plugin: c:\archivos de programa\Netscape\Communicator\Program\Plugins\npwmsdrm.dll
FF - plugin: d:\archivos de programa\Adobe\Acrobat 6.0\Reader\browser\nppdf32.dll
FF - plugin: d:\archivos de programa\VideoLAN\VLC\npvlc.dll
FF - plugin: d:\documents and settings\borgesjh\Datos de programa\Mozilla\Firefox\Profiles\ddpbu7hg.default\extensions\[email protected]\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-SAR - c:\windows\system32\sar.exe
HKLM-Run-DatosAR - c:\windows\System32\ardat.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-11 21:26
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,79,00,73,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1064)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3100)
c:\archivos de programa\Archivos comunes\TortoiseOverlays\TortoiseOverlays.dll
c:\archivos de programa\TortoiseSVN\bin\TortoiseStub.dll
c:\archivos de programa\TortoiseSVN\bin\TortoiseSVN.dll
c:\archivos de programa\TortoiseSVN\bin\intl3_tsvn.dll
.
------------------------ Other Running Processes ------------------------
.
c:\archivos de programa\COMODO\COMODO Internet Security\cmdagent.exe
c:\archivos de programa\Alwil Software\Avast4\aswUpdSv.exe
c:\archivos de programa\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\scardsvr.exe
c:\archivos de programa\WIDCOMM\Software Bluetooth\bin\btwdins.exe
c:\windows\system32\Crypserv.exe
c:\archivos de programa\Cisco Systems\VPN Client\cvpnd.exe
c:\archivos de programa\Archivos comunes\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\niSvcLoc.exe
c:\archivos de programa\Google\Update\1.2.183.7\GoogleCrashHandler.exe
c:\windows\system32\opcenum.exe
c:\archivos de programa\PostgreSQL\8.2\bin\postgres.exe
c:\archivos de programa\PostgreSQL\8.2\bin\postgres.exe
c:\archivos de programa\PostgreSQL\8.2\bin\postgres.exe
c:\archivos de programa\PostgreSQL\8.2\bin\postgres.exe
c:\archivos de programa\TortoiseSVN\bin\TSVNCache.exe
c:\archivos de programa\Archivos comunes\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
d:\archivos de programa\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\windows\system32\wdfmgr.exe
c:\archivos de programa\Hewlett-Packard\Shared\hpqwmiex.exe
d:\archivos de programa\Styler\Styler.exe
c:\archivos de programa\Alwil Software\Avast4\ashMaiSv.exe
c:\archivos de programa\Alwil Software\Avast4\ashWebSv.exe
.
**************************************************************************
.
Completion time: 2009-09-12 21:30 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-12 02:00
ComboFix2.txt 2009-09-10 23:22
ComboFix3.txt 2009-09-10 18:50

Pre-Run: 10.484.838.400 bytes libres
Post-Run: 10.438.352.896 bytes libres

329 --- E O F --- 2008-06-16 17:03

HijackThis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:31:55, on 11/09/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Archivos de programa\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\Archivos de programa\Alwil Software\Avast4\aswUpdSv.exe
C:\Archivos de programa\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Archivos de programa\WIDCOMM\Software Bluetooth\bin\btwdins.exe
C:\WINDOWS\system32\crypserv.exe
d:\ARCHIV~1\Citect\CITECT~1\Batch\CTBREDDB.exe
C:\Archivos de programa\Cisco Systems\VPN Client\cvpnd.exe
C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\niSvcLoc.exe
C:\Archivos de programa\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\WINDOWS\system32\opcenum.exe
C:\Archivos de programa\TortoiseSVN\bin\TSVNCache.exe
C:\Archivos de programa\Archivos comunes\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
C:\Archivos de programa\Archivos comunes\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
D:\Archivos de programa\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Archivos de programa\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Archivos de programa\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\WINDOWS\system32\AccelerometerSt.exe
C:\Archivos de programa\Mindjet\MindManager 7\MMReminderService.exe
C:\Archivos de programa\Sharp\Sharpdesk\SharpTray.exe
C:\Archivos de programa\Sharp\Sharpdesk\FtpServer.exe
C:\ARCHIV~1\ALWILS~1\Avast4\ashDisp.exe
C:\Archivos de programa\Google\Gmail Notifier\gnotify.exe
C:\Archivos de programa\Archivos comunes\Ahead\lib\NMBgMonitor.exe
C:\Archivos de programa\Mindjet\MindManager 7\PDF-XChange\pdfSaver\pdfSaver3.exe
D:\Documents and Settings\borgesjh\Configuración local\Datos de programa\Google\Update\GoogleUpdate.exe
D:\Archivos de programa\Wakoopa\Wakoopa.exe
C:\Archivos de programa\WIDCOMM\Software Bluetooth\BTTray.exe
D:\Archivos de programa\Styler\Styler.exe
C:\Archivos de programa\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Archivos de programa\Alwil Software\Avast4\ashMaiSv.exe
C:\Archivos de programa\COMODO\COMODO Internet Security\cfp.exe
C:\ARCHIV~1\WIDCOMM\SOFTWA~1\BTSTAC~1.EXE
C:\Archivos de programa\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://intranet.pdvsa.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.c...spx?tb_id=60434
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.c...aspx?TbId=60434
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://intranet.pdvsa.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://intranet.pdvsa.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 162.122.43.*;127.0.0.*;192.168.1.*;162.122.152.*
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - d:\Archivos de programa\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: CmjBrowserHelperObject Object - {07A11D74-9D25-4fea-A833-8B0D76A5577A} - C:\Archivos de programa\Mindjet\MindManager 7\Mm7InternetExplorer.dll
O2 - BHO: IE to GetRight Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - D:\Archivos de programa\GetRight\xx2gr.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Archivos de programa\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Archivos de programa\Google\Google Gears\Internet Explorer\0.5.32.0\gears.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Archivos de programa\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Archivos de programa\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - d:\Archivos de programa\Styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [AccelerometerSysTrayApplet] C:\WINDOWS\system32\AccelerometerSt.exe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Archivos de programa\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MMReminderService] C:\Archivos de programa\Mindjet\MindManager 7\MMReminderService.exe
O4 - HKLM\..\Run: [StxTrayMenu] "d:\Archivos de programa\Seagate\SystemTray\StxMenuMgr.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Archivos de programa\Archivos comunes\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [IndexTray] "C:\Archivos de programa\Sharp\Sharpdesk\IndexTray.exe" /n
O4 - HKLM\..\Run: [SharpTray] "C:\Archivos de programa\Sharp\Sharpdesk\SharpTray.exe"
O4 - HKLM\..\Run: [TypeRegChecker] "C:\Archivos de programa\Sharp\Sharpdesk\TypeRegChecker.exe"
O4 - HKLM\..\Run: [FtpServer.exe] "C:\Archivos de programa\Sharp\Sharpdesk\FtpServer.exe" -usedefault
O4 - HKLM\..\Run: [LogonStudio] "C:\Archivos de programa\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Archivos de programa\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [avast!] C:\ARCHIV~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Archivos de programa\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Archivos de programa\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Archivos de programa\Archivos comunes\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [pdfSaver3] "C:\Archivos de programa\Mindjet\MindManager 7\PDF-XChange\pdfSaver\pdfSaver3.exe"
O4 - HKCU\..\Run: [Google Update] "d:\Documents and Settings\borgesjh\Configuración local\Datos de programa\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Wakoopa] D:\Archivos de programa\Wakoopa\Wakoopa.exe
O4 - HKUS\S-1-5-21-804370243-3699599220-1119816787-1008\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'postgres')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: Styler.lnk = ? (User 'SYSTEM')
O4 - .DEFAULT Startup: Styler.lnk = ? (User 'Default user')
O4 - Startup: Styler.lnk = ?
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Palo Alto Software Update Manager 9.0.lnk = C:\Archivos de programa\Archivos comunes\Palo Alto Software\9.0\PAS9_Update.exe
O4 - Global Startup: RescueTime.lnk = C:\Archivos de programa\RescueTime\RescueTime.exe
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: Download with GetRight - D:\Archivos de programa\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Enviar a &Bluetooth - C:\Archivos de programa\WIDCOMM\Software Bluetooth\btsendto_ie_ctx.htm
O8 - Extra context menu item: Open with GetRight Browser - D:\Archivos de programa\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Archivos de programa\Google\Google Gears\Internet Explorer\0.5.32.0\gears.dll
O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Archivos de programa\Google\Google Gears\Internet Explorer\0.5.32.0\gears.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - D:\Archivos de programa\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - D:\Archivos de programa\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - d:\ARCHIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Send to Mindjet MindManager - {941E1A34-C6AF-4baa-A973-224F9C3E04BF} - C:\Archivos de programa\Mindjet\MindManager 7\Mm7InternetExplorer.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Archivos de programa\WIDCOMM\Software Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Archivos de programa\WIDCOMM\Software Bluetooth\btsendto_ie.htm
O14 - IERESET.INF: START_PAGE_URL=http://intranet.pdvsa.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = pdvsa.com
O17 - HKLM\Software\..\Telephony: DomainName = occ.pdvsa.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{F7E7BC96-66E0-4CB8-BE2D-49B534238C25}: Domain = occ.pdvsa.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = pdvsa.com
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Archivos de programa\Archivos comunes\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - D:\Archivos de programa\Ares\chatServer.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Archivos de programa\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Archivos de programa\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Archivos de programa\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Archivos de programa\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Archivos de programa\WIDCOMM\Software Bluetooth\bin\btwdins.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Archivos de programa\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: Citect Batch Redundant Database (CTBREDDB) - Felten GmbH - d:\ARCHIV~1\Citect\CITECT~1\Batch\CTBREDDB.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Archivos de programa\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: ICONICS License Server (GenRegistrar) (GenRegistrar) - ICONICS, Inc. - D:\Archivos de programa\ICONICS\GraphWorx32\Bin\GenRegistrarServer.exe
O23 - Service: Google Update Service (gupdate1c9da4d5e2d7b77) (gupdate1c9da4d5e2d7b77) - Google Inc. - C:\Archivos de programa\Google\Update\GoogleUpdate.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Archivos de programa\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Archivos de programa\Archivos comunes\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NILM License manager - Macrovision Corporation - C:\Archivos de programa\National Instruments\Shared\License Manager\Bin\lmgrd.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments - C:\WINDOWS\system32\niSvcLoc.exe
O23 - Service: OpcEnum - OPC Foundation - C:\WINDOWS\system32\opcenum.exe
O23 - Service: PostgreSQL Database Server 8.2 (pgsql-8.2) - PostgreSQL Global Development Group - C:\Archivos de programa\PostgreSQL\8.2\bin\pg_ctl.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Archivos de programa\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Archivos de programa\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Archivos de programa\Archivos comunes\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Archivos de programa\Archivos comunes\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Archivos de programa\Archivos comunes\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Archivos de programa\WinPcap\rpcapd.exe
O23 - Service: Sentinel Keys Server (SentinelKeysServer) - SafeNet, Inc. - C:\Archivos de programa\Archivos comunes\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Archivos de programa\Archivos comunes\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - D:\Archivos de programa\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 14069 bytes

#12
fenzodahl512

Posted 11 September 2009 - 08:45 PM

Malware Removal
9,863 posts

Locale: 0000200A | Country: Venezuela | Language: ESV | Date Format: dd/MM/yyyy

Your log suggesting you're from Venezuela.. I just ask to confirm it

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan.

Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the ActiveX control to install
Click Start
Make sure that the options Remove found threats and the option Scan unwanted applications is checked
Click Scan
Wait for the scan to finish
Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
Copy and paste that log as a reply to this topic

How's the computer now?

#13
JBorges

Posted 12 September 2009 - 06:18 PM

Member

Topic Starter
Member
15 posts

Computer feels much better now, thanks a lot. Everything seems to be running stable now...

I'm trying to run the ESET Online Scanner, but it won't work.

To run the scan, I updated my Internet Explorer to the latest version and deactivated both my Avast Antivirus and Comodo Firewall.

I also tried the ESET Smart Installer and that won't work either.

Here's the log anyways

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
esets_scanner_update returned -1 esets_gle=0
# version=6
# iexplore.exe=6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
# OnlineScanner.ocx=1.0.0.6050
# api_version=3.0.2
# EOSSerial=75f7d476ff2ace40b36ec67cb6823e10
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2009-09-12 02:54:45
# local_time=2009-09-11 10:24:45 (-04-30, Hora estándar de Venezuela)
# country="Venezuela"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=769 21 100 100 32173281250
# compatibility_mode=3073 61 80 88 12416616718750
# scanned=0
# found=0
# cleaned=0
# scan_time=0
ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetesets_scanner_update returned -1 esets_gle=0
# version=6
# iexplore.exe=6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
# OnlineScanner.ocx=1.0.0.6050
# api_version=3.0.2
# EOSSerial=75f7d476ff2ace40b36ec67cb6823e10
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2009-09-12 10:31:50
# local_time=2009-09-12 06:01:50 (-04-30, Hora estándar de Venezuela)
# country="Venezuela"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=769 21 100 100 230935000000
# compatibility_mode=3073 61 80 88 13122864375000
# scanned=0
# found=0
# cleaned=0
# scan_time=0
ESETSmartInstaller@High as downloader log:
Can not open internetesets_scanner_update returned -1 esets_gle=0
# version=6
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6050
# api_version=3.0.2
# EOSSerial=75f7d476ff2ace40b36ec67cb6823e10
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2009-09-13 12:12:20
# local_time=2009-09-12 07:42:20 (-04-30, Hora estándar de Venezuela)
# country="Venezuela"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=769 21 100 100 3755937500
# compatibility_mode=3073 61 80 88 13183166406250
# scanned=0
# found=0
# cleaned=0
# scan_time=0

Edited by JBorges, 12 September 2009 - 06:18 PM.

#14
fenzodahl512

Posted 12 September 2009 - 11:03 PM

Malware Removal
9,863 posts

Well, I believe you can run a full scan on your own with your Avast Antivirus right?

Looks good to me.. Lets do some cleanup...

Please download OTC and save it to Desktop.

Make sure you have internet connection..
Double-click OTC
Click the CleanUp! button.
Select Yes when the "Begin cleanup Process?" prompt appears.
If you are prompted to Reboot during the cleanup, select Yes

Please read these excellent articles write by my friends:
Preventing Malware and Safe Computing by Rorschach112
What makes your machine slow? by Artellos

Also, please read these excellent articles by miekiemoes :
Help! My computer is slow!
How to prevent Malware

Read these great info's about safe internet surfing..

http://www.pcpitstop...safesurfing.asp
http://bluefive.pair...afe_surfing.htm

Please reply to this thread once more and tell us about the computer behaviour before we can close this thread

Have a safe and happy computing day!

Regards
fenzodahl512

#15
JBorges

Posted 14 September 2009 - 03:41 PM

Member

Topic Starter
Member
15 posts

OK, just did the cleanup OTC thing.

Also, I just did a full computer scan with Avast and nothing is infected. The computer is way faster now... it boots up faster as well.

Case closed. Thanks for everything fenzodahl512.