Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Everything(?) is starting to work wrong


  • Please log in to reply

#1
usa_akagi

usa_akagi

    Member

  • Member
  • PipPip
  • 61 posts
So....back again...
I don't know the name of the infection, but I do know there is one... some programs are not running, like mbam, i reintaled it before i could run it... so,...logs:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

2010-07-20 13:48:14
mbam-log-2010-07-20 (13-48-14).txt

Scan type: Quick scan
Objects scanned: 127643
Time elapsed: 6 minute(s), 1 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Jesica\Escritorio\PotMaker.exe (Trojan.Downloader) -> No action taken.


GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-07-20 13:37:38
Windows 5.1.2600 Service Pack 2
Running: gmer.exe; Driver: C:\DOCUME~1\Jesica\CONFIG~1\Temp\pwtdypog.sys


---- System - GMER 1.0.15 ----

SSDT B87E2756 ZwCreateKey
SSDT B87E274C ZwCreateThread
SSDT B87E275B ZwDeleteKey
SSDT B87E2765 ZwDeleteValueKey
SSDT spjn.sys ZwEnumerateKey [0xB7EC5CA4]
SSDT spjn.sys ZwEnumerateValueKey [0xB7EC6032]
SSDT B87E276A ZwLoadKey
SSDT spjn.sys ZwOpenKey [0xB7EA70C0]
SSDT B87E2738 ZwOpenProcess
SSDT B87E273D ZwOpenThread
SSDT spjn.sys ZwQueryKey [0xB7EC610A]
SSDT spjn.sys ZwQueryValueKey [0xB7EC5F8A]
SSDT B87E2774 ZwReplaceKey
SSDT B87E276F ZwRestoreKey
SSDT B87E2760 ZwSetValueKey
SSDT B87E2747 ZwTerminateProcess

INT 0x62 ? 8ABD0BF8
INT 0x73 ? 8A9A5F00
INT 0x83 ? 8AB61BF8
INT 0xB4 ? 8A9A5F00

---- Kernel code sections - GMER 1.0.15 ----

? spjn.sys El sistema no puede hallar el archivo especificado. !
.text USBPORT.SYS!DllUnload B73B162C 5 Bytes JMP 8A9A54E0
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB6A7E360, 0x3D46A5, 0xE8000020]
.text a5v88i9q.SYS B6A32386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
.text a5v88i9q.SYS B6A323AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text a5v88i9q.SYS B6A323C4 3 Bytes [00, 70, 02] {ADD [EAX+0x2], DH}
.text a5v88i9q.SYS B6A323C9 1 Byte [30]
.text a5v88i9q.SYS B6A323C9 11 Bytes [30, 00, 00, 00, 5C, 02, 00, ...] {XOR [EAX], AL; ADD [EAX], AL; POP ESP; ADD AL, [EAX]; ADD [EAX], AL; ADD [EAX], AL}
.text ...
init C:\Archivos de programa\TFE\npkcusb.sys entry point in "init" section [0xB828F0F7]

---- User code sections - GMER 1.0.15 ----

.text C:\Archivos de programa\Mozilla Firefox\firefox.exe[1124] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 004013F0 C:\Archivos de programa\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
.text C:\Archivos de programa\Mozilla Firefox\plugin-container.exe[1676] USER32.dll!TrackPopupMenu 7E3E50EE 5 Bytes JMP 104505FE C:\Archivos de programa\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Archivos de programa\Windows Live\Messenger\msnmsgr.exe[2856] kernel32.dll!LoadResource 7C809FC5 7 Bytes JMP 28001E30 C:\Archivos de programa\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Archivos de programa\Windows Live\Messenger\msnmsgr.exe[2856] kernel32.dll!FindResourceExW 7C80AC98 7 Bytes JMP 28001C70 C:\Archivos de programa\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Archivos de programa\Windows Live\Messenger\msnmsgr.exe[2856] kernel32.dll!FindResourceW 7C80BBDE 7 Bytes JMP 28001BF0 C:\Archivos de programa\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Archivos de programa\Windows Live\Messenger\msnmsgr.exe[2856] kernel32.dll!SizeofResource 7C80BC79 7 Bytes JMP 28001EF0 C:\Archivos de programa\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Archivos de programa\Windows Live\Messenger\msnmsgr.exe[2856] kernel32.dll!FindResourceA 7C80BE99 7 Bytes JMP 28001D00 C:\Archivos de programa\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Archivos de programa\Windows Live\Messenger\msnmsgr.exe[2856] kernel32.dll!LockResource 7C80CCA7 5 Bytes JMP 28001F60 C:\Archivos de programa\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Archivos de programa\Windows Live\Messenger\msnmsgr.exe[2856] kernel32.dll!CreateEventA 7C8308C9 5 Bytes JMP 28001850 C:\Archivos de programa\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Archivos de programa\Windows Live\Messenger\msnmsgr.exe[2856] kernel32.dll!FindResourceExA 7C835FC0 7 Bytes JMP 28001D90 C:\Archivos de programa\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Archivos de programa\Windows Live\Messenger\msnmsgr.exe[2856] ADVAPI32.dll!CryptDeriveKey 77DBA1A5 7 Bytes JMP 28001000 C:\Archivos de programa\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Archivos de programa\Windows Live\Messenger\msnmsgr.exe[2856] ADVAPI32.dll!CryptDecrypt 77DBA2D1 7 Bytes JMP 28001060 C:\Archivos de programa\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Archivos de programa\Windows Live\Messenger\msnmsgr.exe[2856] USER32.dll!GetWindowLongW 7E3988A6 7 Bytes JMP 28006AF0 C:\Archivos de programa\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Archivos de programa\Windows Live\Messenger\msnmsgr.exe[2856] USER32.dll!PeekMessageW 7E39929B 5 Bytes JMP 280046B0 C:\Archivos de programa\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Archivos de programa\Windows Live\Messenger\msnmsgr.exe[2856] USER32.dll!CreateWindowExW 7E39FC25 5 Bytes JMP 28003CE0 C:\Archivos de programa\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Archivos de programa\Windows Live\Messenger\msnmsgr.exe[2856] USER32.dll!SetWindowRgn 7E39FFB2 7 Bytes JMP 28005FD0 C:\Archivos de programa\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Archivos de programa\Windows Live\Messenger\msnmsgr.exe[2856] USER32.dll!LoadIconW 7E3A0894 5 Bytes JMP 28006950 C:\Archivos de programa\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Archivos de programa\Windows Live\Messenger\msnmsgr.exe[2856] USER32.dll!LoadImageW 7E3A2CFE 5 Bytes JMP 28006760 C:\Archivos de programa\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Archivos de programa\Windows Live\Messenger\msnmsgr.exe[2856] USER32.dll!CreateDialogParamW 7E3A7D4F 5 Bytes JMP 28006110 C:\Archivos de programa\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Archivos de programa\Windows Live\Messenger\msnmsgr.exe[2856] USER32.dll!SetWindowPlacement 7E3AD84C 5 Bytes JMP 28005E90 C:\Archivos de programa\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Archivos de programa\Windows Live\Messenger\msnmsgr.exe[2856] USER32.dll!MessageBoxIndirectW 7E3E62AB 5 Bytes JMP 28006300 C:\Archivos de programa\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Archivos de programa\Windows Live\Messenger\msnmsgr.exe[2856] USER32.dll!TrackPopupMenuEx 7E3ECD28 5 Bytes JMP 28004F90 C:\Archivos de programa\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Archivos de programa\Windows Live\Messenger\msnmsgr.exe[2856] SHELL32.dll!Shell_NotifyIconW 7E701BEA 5 Bytes JMP 28003430 C:\Archivos de programa\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Archivos de programa\Windows Live\Messenger\msnmsgr.exe[2856] ole32.dll!CoInitializeEx 774CEF6B 5 Bytes JMP 28002270 C:\Archivos de programa\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Archivos de programa\Windows Live\Messenger\msnmsgr.exe[2856] ole32.dll!CoCreateInstance 774CFAC3 5 Bytes JMP 28002610 C:\Archivos de programa\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Archivos de programa\Windows Live\Messenger\msnmsgr.exe[2856] ole32.dll!CoRegisterClassObject 774E8720 5 Bytes JMP 28002370 C:\Archivos de programa\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Archivos de programa\Windows Live\Messenger\msnmsgr.exe[2856] WININET.dll!InternetReadFile 3FA1654B 5 Bytes JMP 2800A0E0 C:\Archivos de programa\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Archivos de programa\Windows Live\Messenger\msnmsgr.exe[2856] WININET.dll!InternetCloseHandle 3FA19088 5 Bytes JMP 2800A290 C:\Archivos de programa\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Archivos de programa\Windows Live\Messenger\msnmsgr.exe[2856] WININET.dll!HttpOpenRequestA 3FA1D508 5 Bytes JMP 28009F50 C:\Archivos de programa\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Archivos de programa\Windows Live\Messenger\msnmsgr.exe[2856] WININET.dll!HttpSendRequestA 3FA2EE89 5 Bytes JMP 2800A1C0 C:\Archivos de programa\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8AB601F8
Device \FileSystem\Fastfat \FatCdrom 8A8A9500
Device \FileSystem\Udfs \UdfsCdRom 8A4ED500
Device \FileSystem\Udfs \UdfsDisk 8A4ED500
Device \Driver\sptd \Device\2428629562 spjn.sys
Device \Driver\usbohci \Device\USBPDO-0 8A9A31F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 8AB621F8
Device \Driver\dmio \Device\DmControl\DmConfig 8AB621F8
Device \Driver\dmio \Device\DmControl\DmPnP 8AB621F8
Device \Driver\dmio \Device\DmControl\DmInfo 8AB621F8
Device \Driver\usbehci \Device\USBPDO-1 8A99F1F8
Device \Driver\Ftdisk \Device\HarddiskVolume1 8ABD11F8
Device \Driver\Cdrom \Device\CdRom0 8A8DE1F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{405C5288-3744-4F4D-B927-6FF856E5AFAF} 8A9724D8
Device \Driver\Cdrom \Device\CdRom1 8A8DE1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 8ABD01F8
Device \Driver\atapi \Device\Ide\IdePort0 8ABD01F8
Device \Driver\atapi \Device\Ide\IdePort1 8ABD01F8
Device \Driver\Cdrom \Device\CdRom2 8A8DE1F8
Device \Driver\Cdrom \Device\CdRom3 8A8DE1F8
Device \Driver\Cdrom \Device\CdRom4 8A8DE1F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 8A9724D8
Device \Driver\NetBT \Device\NetbiosSmb 8A9724D8
Device \Driver\PCI_PNP4562 \Device\0000004c spjn.sys
Device \Driver\usbohci \Device\USBFDO-0 8A9A31F8
Device \Driver\usbehci \Device\USBFDO-1 8A99F1F8
Device \Driver\nvata \Device\NvAta0 8AB611F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8A71E500
Device \FileSystem\MRxSmb \Device\LanmanRedirector 8A71E500
Device \Driver\nvata \Device\0000006f 8AB611F8
Device \Driver\Ftdisk \Device\FtControl 8ABD11F8
Device \Driver\a5v88i9q \Device\Scsi\a5v88i9q1Port3Path0Target0Lun0 8A97C1F8
Device \Driver\a5v88i9q \Device\Scsi\a5v88i9q1 8A97C1F8
Device \Driver\a5v88i9q \Device\Scsi\a5v88i9q1Port3Path0Target2Lun0 8A97C1F8
Device \Driver\a5v88i9q \Device\Scsi\a5v88i9q1Port3Path0Target3Lun0 8A97C1F8
Device \Driver\a5v88i9q \Device\Scsi\a5v88i9q1Port3Path0Target1Lun0 8A97C1F8
Device \FileSystem\Fastfat \Fat 8A8A9500

AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Cdfs \Cdfs 8A665500

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\[email protected] C:\Archivos de programa\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\[email protected] 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\[email protected] 0x52 0xD2 0xFB 0x52 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\0[email protected] 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\0[email protected] 0xD8 0xD3 0xC7 0xFE ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0[email protected] 0x81 0x01 0xBA 0xD7 ...
Reg HKLM\SYSTEM\ControlSet001\Services\[email protected] 1
Reg HKLM\SYSTEM\ControlSet001\Services\[email protected] 1
Reg HKLM\SYSTEM\ControlSet001\Services\[email protected] \systemroot\system32\drivers\TDSSserv.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\[email protected] 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\[email protected] 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\[email protected] 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected] C:\Archivos de programa\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected] 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected] 0x12 0x9A 0x72 0xB3 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\0[email protected] 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\0[email protected] 0x6F 0xF4 0x19 0xAC ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\[email protected] 0x0B 0x9D 0xA3 0xAB ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\[email protected] 0xAB 0x4A 0xB2 0xF2 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\[email protected] 0x55 0x27 0x27 0xCD ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\[email protected] 0x4C 0x9D 0x27 0x94 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected] 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected] 0x8F 0xA8 0xEC 0x93 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\0[email protected] 0xD8 0xD3 0xC7 0xFE ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0[email protected] 0x1E 0x5D 0xC1 0x29 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0[email protected] 0x1F 0x6F 0x58 0xE9 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0[email protected] 0xF0 0x95 0x7A 0x3A ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\[email protected] C:\Archivos de programa\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\[email protected] 1
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\[email protected] 0x12 0x9A 0x72 0xB3 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\0[email protected] 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\0[email protected] 0x6F 0xF4 0x19 0xAC ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\[email protected] 0x0B 0x9D 0xA3 0xAB ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\[email protected] 0xAB 0x4A 0xB2 0xF2 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\[email protected] 0x55 0x27 0x27 0xCD ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\[email protected] 0x4C 0x9D 0x27 0x94 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\[email protected] 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\[email protected] 0x8F 0xA8 0xEC 0x93 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\0[email protected] 0xD8 0xD3 0xC7 0xFE ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0[email protected] 0x1E 0x5D 0xC1 0x29 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0[email protected] 0x1F 0x6F 0x58 0xE9 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0[email protected] 0xF0 0x95 0x7A 0x3A ...

---- EOF - GMER 1.0.15 ----


OTL logfile created on: 2010-07-20 13:38:47 - Run 4
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Jesica\Escritorio
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00002C0A | Country: Argentina | Language: ESS | Date Format: yyyy-MM-dd

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 68.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Archivos de programa
Drive C: | 298.09 Gb Total Space | 70.78 Gb Free Space | 23.75% Space Free | Partition Type: NTFS
Drive D: | 4.37 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JESICA
Current User Name: Jesica
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010-07-20 13:36:26 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jesica\Escritorio\OTL.exe
PRC - [2010-06-27 21:08:28 | 000,014,808 | ---- | M] (Mozilla Corporation) -- C:\Archivos de programa\Mozilla Firefox\plugin-container.exe
PRC - [2010-06-27 21:08:27 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Archivos de programa\Mozilla Firefox\firefox.exe
PRC - [2010-04-16 18:36:42 | 000,026,480 | ---- | M] (Microsoft Corporation) -- C:\Archivos de programa\Windows Live\Contacts\wlcomm.exe
PRC - [2010-02-18 11:43:18 | 000,248,040 | ---- | M] (Sun Microsystems, Inc.) -- C:\Archivos de programa\Archivos comunes\Java\Java Update\jusched.exe
PRC - [2010-02-18 01:59:45 | 000,470,785 | ---- | M] (Avira GmbH) -- c:\Archivos de programa\Avira\AntiVir Desktop\avcenter.exe
PRC - [2009-07-21 13:40:24 | 000,404,737 | ---- | M] (Avira GmbH) -- C:\Archivos de programa\Avira\AntiVir Desktop\update.exe
PRC - [2009-05-13 15:48:22 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Archivos de programa\Avira\AntiVir Desktop\sched.exe
PRC - [2009-03-02 12:08:47 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Archivos de programa\Avira\AntiVir Desktop\avgnt.exe
PRC - [2007-06-13 10:22:28 | 001,035,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006-05-24 15:31:39 | 001,372,160 | ---- | M] () -- C:\Archivos de programa\TGTSoft\StyleXP\StyleXP.exe
PRC - [2003-06-19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7DEBUG\MDM.EXE


========== Modules (SafeList) ==========

MOD - [2010-07-20 13:36:26 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jesica\Escritorio\OTL.exe
MOD - [2006-08-25 12:46:26 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2004-08-03 18:01:18 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Archivos de programa\TGTSoft\StyleXP\StyleXPService.exe -- (StyleXPService)
SRV - File not found [Auto | Stopped] -- -- (BackWeb Plug-in - 4476822)
SRV - [2009-07-21 13:34:33 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Archivos de programa\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009-05-13 15:48:22 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Archivos de programa\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2008-12-13 14:12:42 | 000,413,696 | ---- | M] (Ares Development Group) [On_Demand | Stopped] -- C:\Archivos de programa\Ares\chatServer.exe -- (AresChatServer)
SRV - [2008-09-15 00:34:33 | 000,072,704 | ---- | M] (Adobe Systems) [On_Demand | Stopped] -- C:\Archivos de programa\Archivos comunes\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)
SRV - [2007-10-25 15:27:54 | 000,266,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Archivos de programa\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc)
SRV - [2007-03-26 13:06:24 | 000,292,864 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Archivos de programa\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2005-04-04 00:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Archivos de programa\Archivos comunes\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2003-07-28 20:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Archivos de programa\Archivos comunes\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2003-06-19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\drivers\alppfium.sys -- (vack)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\philcam2.sys -- (phil2vid)
DRV - File not found [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\drivers\hheausq.sys -- (kgznaszq)
DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\InCDRm.sys -- (InCDRm)
DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\InCDPass.sys -- (InCDPass)
DRV - File not found [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\InCDFs.sys -- (InCDFs)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\asyncmac.sys -- (AsyncMac)
DRV - [2010-02-18 02:00:07 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009-10-13 05:50:00 | 000,133,632 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Mkd2kfNT.sys -- (Mkd2kfNt)
DRV - [2009-07-13 05:37:00 | 000,079,360 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Mkd2Nadr.sys -- (Mkd2Nadr)
DRV - [2009-06-29 16:32:58 | 000,721,904 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009-06-10 18:33:00 | 008,087,712 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2009-05-11 09:12:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009-03-30 09:33:07 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2009-02-13 11:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Archivos de programa\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008-09-22 09:04:02 | 000,019,712 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Archivos de programa\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2008-09-22 09:04:02 | 000,018,304 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Archivos de programa\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2007-10-10 17:41:50 | 000,042,112 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motodrv.sys -- (MotDev)
DRV - [2007-06-18 15:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)
DRV - [2007-03-01 06:27:00 | 004,484,608 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006-10-19 02:12:16 | 000,012,664 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AsIO.sys -- (AsIO)
DRV - [2006-10-17 21:31:38 | 000,105,472 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata)
DRV - [2006-09-27 04:04:16 | 000,019,968 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006-09-27 04:04:12 | 000,057,856 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2006-07-01 22:43:02 | 000,043,520 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2005-10-31 18:44:39 | 000,010,880 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | System | Running] -- C:\Archivos de programa\TGTSoft\StyleXP\StyleXPHelper.exe -- (StyleXPHelper)
DRV - [2005-10-19 13:00:00 | 000,011,264 | R--- | M] (ASUSTeK Computer Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\EIO.sys -- (EIO)
DRV - [2005-04-06 11:30:16 | 000,026,752 | ---- | M] (ENCORE ELECTRONICS, INC. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ipfnd51.sys -- (ip100xp)
DRV - [2005-02-01 18:55:40 | 000,037,009 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Archivos de programa\TFE\npkcusb.sys -- (npkcusb)
DRV - [2005-02-01 18:55:40 | 000,021,442 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Archivos de programa\TFE\npkcrypt.sys -- (npkcrypt)
DRV - [2005-01-07 17:07:18 | 000,138,752 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
DRV - [2004-08-11 13:00:00 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2004-08-03 22:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Controlador de Windows NT del adaptador Fast Ethernet PCI basado en Realtek RTL8139(A/B/C)
DRV - [2004-08-03 22:07:56 | 000,059,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) Controlador de audio USB (WDM)
DRV - [2004-05-05 22:46:16 | 000,004,228 | ---- | M] (PowerQuest Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\PQNTDRV.sys -- (PQNTDrv)
DRV - [2001-11-07 01:00:00 | 000,166,504 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\webc3vid.sys -- (CTL511Plus) Video Blaster WebCam 3/WebCam Plus (WDM)
DRV - [2001-09-18 11:00:00 | 000,167,816 | ---- | M] (OmniVision Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\omcamvid.sys -- (OVT511Plus)
DRV - [2000-10-25 09:27:24 | 000,003,000 | R--- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\SetupNT.sys -- (SetupNT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.co...es&source=iglk"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.8.86
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Archivos de programa\Mozilla Firefox\components [2010-06-27 21:08:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Archivos de programa\Mozilla Firefox\plugins [2010-07-05 15:49:39 | 000,000,000 | ---D | M]

[2009-01-12 17:33:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jesica\Datos de programa\Mozilla\Extensions
[2010-07-20 13:38:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jesica\Datos de programa\Mozilla\Firefox\Profiles\4l29m2nj.default\extensions
[2009-09-14 22:00:51 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\Jesica\Datos de programa\Mozilla\Firefox\Profiles\4l29m2nj.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2009-09-06 17:29:46 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Jesica\Datos de programa\Mozilla\Firefox\Profiles\4l29m2nj.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009-01-12 21:29:21 | 000,001,504 | ---- | M] () -- C:\Documents and Settings\Jesica\Datos de programa\Mozilla\Firefox\Profiles\4l29m2nj.default\searchplugins\imdb.xml
[2009-01-12 21:36:10 | 000,000,887 | ---- | M] () -- C:\Documents and Settings\Jesica\Datos de programa\Mozilla\Firefox\Profiles\4l29m2nj.default\searchplugins\mininova.xml
[2010-07-20 13:38:30 | 000,000,000 | ---D | M] -- C:\Archivos de programa\Mozilla Firefox\extensions
[2010-06-27 21:29:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Archivos de programa\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010-06-27 21:28:50 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Archivos de programa\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2008-11-10 22:33:25 | 000,000,687 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Archivos de programa\Archivos comunes\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Archivos de programa\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Archivos de programa\Archivos comunes\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [STYLEXP] C:\Archivos de programa\TGTSoft\StyleXP\StyleXP.exe ()
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Archivos de programa\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} http://www.kaspersky...can_unicode.cab (Reg Error: Key error.)
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} http://downloads.ewi...oOnlineScan.cab (ewidoOnlineScan Control)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.co...sreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} http://messenger.zon...S.cab109791.cab ()
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} http://messenger.zon...wn.cab56986.cab (Solitaire Showdown Class)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zon...1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1229647118765 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1229647086796 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zon...er.cab56986.cab (Minesweeper Flags Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 200.115.192.29 200.115.192.30 200.115.192.28
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Archivos de programa\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Archivos de programa\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Archivos de programa\Archivos comunes\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Mi página de inicio actual) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Jesica\Configuración local\Datos de programa\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Jesica\Configuración local\Datos de programa\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008-09-08 19:23:59 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{1a3828e4-8234-11dd-95bf-0018e727858b}\Shell\AutoRun\command - "" = J:\svchost.exe -- File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: aux - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.ac3acm - C:\WINDOWS\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lhacm - C:\WINDOWS\System32\lhacm.acm (Microsoft Corporation)
Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: VIDC.FPS1 - C:\WINDOWS\System32\frapsvid.dll (Beepa P/L)
Drivers32: VIDC.I420 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.IYUV - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)
Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: VIDC.UYVY - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.VP60 - C:\WINDOWS\system32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\WINDOWS\system32\vp6vfw.dll (On2.com)
Drivers32: VIDC.wmv3 - C:\WINDOWS\System32\WMV9VCM.dll (Microsoft Corporation)
Drivers32: VIDC.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: VIDC.YUY2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVU9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVYU - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (54619756233228288)

========== Files/Folders - Created Within 30 Days ==========

[2010-07-20 13:36:20 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jesica\Escritorio\OTL.exe
[2010-07-20 13:33:10 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010-07-20 13:33:10 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010-07-20 13:33:09 | 000,000,000 | ---D | C] -- C:\Archivos de programa\Malwarebytes' Anti-Malware
[2010-07-20 13:20:11 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2010-07-18 17:09:43 | 000,000,000 | ---D | C] -- C:\Archivos de programa\Personal Internet Movil
[2010-07-15 15:59:53 | 000,000,000 | -HSD | C] -- C:\found.009
[2010-07-05 16:16:57 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Jesica\Mis documentos\My Web Sites
[2010-07-05 15:49:34 | 000,000,000 | ---D | C] -- C:\Archivos de programa\Archivos comunes\L&H
[2010-07-05 15:49:22 | 000,000,000 | ---D | C] -- C:\Archivos de programa\Microsoft Works
[2010-07-05 15:49:19 | 000,000,000 | ---D | C] -- C:\Archivos de programa\Microsoft Visual Studio
[2010-07-05 15:49:19 | 000,000,000 | ---D | C] -- C:\Archivos de programa\Microsoft ActiveSync
[2010-07-03 22:16:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jesica\Escritorio\Nueva carpeta (3)
[2010-06-27 21:29:19 | 000,000,000 | ---D | C] -- C:\Archivos de programa\Archivos comunes\Java
[2010-06-27 21:29:03 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010-06-27 21:29:03 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010-06-27 21:29:03 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010-06-27 21:29:03 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010-06-27 21:29:03 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010-06-27 17:52:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jesica\Escritorio\emblemas
[2010-06-23 01:32:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jesica\Datos de programa\Mumble
[2010-06-23 01:32:09 | 000,000,000 | ---D | C] -- C:\Archivos de programa\Mumble
[2010-06-22 18:29:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jesica\Mis documentos\My Received Files
[2010-06-20 20:51:44 | 000,720,896 | ---- | C] (Indigo Rose Corporation) -- C:\WINDOWS\iun6002ev.exe
[2010-06-20 20:51:44 | 000,000,000 | ---D | C] -- C:\Archivos de programa\TegNet1.3.5
[9 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Jesica\*.tmp files -> C:\Documents and Settings\Jesica\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010-07-20 13:36:26 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jesica\Escritorio\OTL.exe
[2010-07-20 13:34:20 | 010,223,616 | ---- | M] () -- C:\Documents and Settings\Jesica\ntuser.dat
[2010-07-20 13:23:19 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{08F50F74-2844-4602-B4B5-E00A36606543}.job
[2010-07-20 13:22:20 | 000,081,531 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010-07-20 13:21:54 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010-07-20 13:21:36 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010-07-20 13:21:34 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010-07-20 13:06:00 | 004,238,448 | -H-- | M] () -- C:\Documents and Settings\Jesica\Configuración local\Datos de programa\IconCache.db
[2010-07-20 02:13:31 | 000,000,126 | ---- | M] () -- C:\Documents and Settings\Jesica\default.pls
[2010-07-18 17:12:16 | 000,452,990 | ---- | M] () -- C:\WINDOWS\System32\perfh00A.dat
[2010-07-18 17:12:16 | 000,392,296 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010-07-18 17:12:16 | 000,076,352 | ---- | M] () -- C:\WINDOWS\System32\perfc00A.dat
[2010-07-18 17:12:16 | 000,058,596 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010-07-15 21:25:55 | 000,000,000 | RHS- | M] () -- C:\Documents and Settings\All Users\Documentos\khw
[2010-07-13 00:48:52 | 000,000,000 | RHS- | M] () -- C:\Documents and Settings\All Users\Documentos\khq
[2010-07-11 01:35:58 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010-07-10 21:27:22 | 000,000,000 | RHS- | M] () -- C:\Documents and Settings\All Users\Documentos\khx
[2010-07-10 20:52:56 | 000,023,040 | ---- | M] () -- C:\Documents and Settings\Jesica\Configuración local\Datos de programa\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-07-08 19:27:40 | 000,000,192 | -HS- | M] () -- C:\Documents and Settings\Jesica\ntuser.ini
[2010-07-07 09:31:42 | 000,514,560 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010-07-05 16:16:50 | 000,143,192 | ---- | M] () -- C:\Documents and Settings\Jesica\Configuración local\Datos de programa\GDIPFONTCACHEV1.DAT
[2010-07-05 15:50:13 | 000,000,379 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2010-07-01 23:59:04 | 000,104,569 | ---- | M] () -- C:\Documents and Settings\Jesica\Escritorio\2do_parcial.rar
[2010-06-27 21:32:08 | 000,001,695 | ---- | M] () -- C:\Documents and Settings\Jesica\Escritorio\Update Checker.lnk
[2010-06-27 21:28:50 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010-06-27 21:28:50 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010-06-27 21:28:50 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010-06-27 21:28:50 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010-06-27 21:28:50 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010-06-23 01:36:51 | 000,002,385 | ---- | M] () -- C:\Documents and Settings\Jesica\Mis documentos\MumbleAutomaticCertificateBackup.p12
[2010-06-23 01:32:21 | 000,000,703 | ---- | M] () -- C:\Documents and Settings\All Users\Escritorio\Mumble.lnk
[2010-06-22 17:27:13 | 000,000,934 | ---- | M] () -- C:\Documents and Settings\Jesica\Mis documentos\Mis carpetas para compartir.lnk
[2010-06-20 20:51:46 | 000,001,740 | ---- | M] () -- C:\Documents and Settings\Jesica\Escritorio\TegNet.lnk
[2010-06-20 20:51:25 | 000,720,896 | ---- | M] (Indigo Rose Corporation) -- C:\WINDOWS\iun6002ev.exe
[9 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Jesica\*.tmp files -> C:\Documents and Settings\Jesica\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010-07-20 13:34:07 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Jesica\Escritorio\gmer.exe
[2010-07-15 21:25:55 | 000,000,000 | RHS- | C] () -- C:\Documents and Settings\All Users\Documentos\khw
[2010-07-13 00:48:52 | 000,000,000 | RHS- | C] () -- C:\Documents and Settings\All Users\Documentos\khq
[2010-07-11 09:02:13 | 010,223,616 | ---- | C] () -- C:\Documents and Settings\Jesica\ntuser.dat
[2010-07-10 21:27:22 | 000,000,000 | RHS- | C] () -- C:\Documents and Settings\All Users\Documentos\khx
[2010-07-10 21:26:57 | 000,601,116 | ---- | C] () -- C:\Documents and Settings\All Users\Documentos\qndzrs.exe
[2010-07-01 23:59:03 | 000,104,569 | ---- | C] () -- C:\Documents and Settings\Jesica\Escritorio\2do_parcial.rar
[2010-06-23 01:36:51 | 000,002,385 | ---- | C] () -- C:\Documents and Settings\Jesica\Mis documentos\MumbleAutomaticCertificateBackup.p12
[2010-06-23 01:32:21 | 000,000,703 | ---- | C] () -- C:\Documents and Settings\All Users\Escritorio\Mumble.lnk
[2010-06-20 20:51:46 | 000,001,740 | ---- | C] () -- C:\Documents and Settings\Jesica\Escritorio\TegNet.lnk
[2010-05-27 16:44:17 | 000,000,172 | ---- | C] () -- C:\WINDOWS\7THLEVEL.INI
[2010-04-30 20:28:41 | 000,000,210 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010-04-22 22:12:21 | 000,000,024 | ---- | C] () -- C:\WINDOWS\sysdat.dll
[2010-03-18 20:48:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Mapper.INI
[2009-12-22 17:31:08 | 000,000,031 | ---- | C] () -- C:\WINDOWS\warhead.ini
[2009-11-21 05:06:59 | 001,216,512 | ---- | C] () -- C:\WINDOWS\System32\cfgmig32.dll
[2009-11-21 05:06:59 | 001,155,072 | ---- | C] () -- C:\WINDOWS\System32\winsflt.dll
[2009-11-20 17:21:05 | 000,000,176 | ---- | C] () -- C:\WINDOWS\ImageExplorer.INI
[2009-11-20 17:11:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\WinPM.INI
[2009-11-20 16:33:29 | 003,870,720 | ---- | C] () -- C:\WINDOWS\System32\qt-mt323.dll
[2009-10-11 01:23:17 | 000,000,030 | ---- | C] () -- C:\WINDOWS\Monitor.INI
[2009-10-06 14:59:07 | 001,970,176 | ---- | C] () -- C:\WINDOWS\System32\d3dx9.dll
[2009-08-06 00:16:00 | 000,162,304 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar36.dll
[2009-08-06 00:16:00 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\UNRAR3.dll
[2009-08-06 00:16:00 | 000,077,312 | ---- | C] () -- C:\WINDOWS\System32\ztvunace26.dll
[2009-08-06 00:16:00 | 000,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll
[2009-06-10 08:29:34 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2009-06-10 08:29:34 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2009-06-10 08:29:34 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2009-06-10 08:29:32 | 001,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2009-04-08 20:03:34 | 000,002,925 | ---- | C] () -- C:\WINDOWS\SubCreator.INI
[2009-03-04 18:28:24 | 000,014,211 | ---- | C] () -- C:\WINDOWS\twacker.ini
[2008-12-30 16:02:28 | 000,000,050 | ---- | C] () -- C:\WINDOWS\MegaManager.INI
[2008-12-28 17:22:48 | 000,000,250 | ---- | C] () -- C:\WINDOWS\gmer.ini
[2008-12-28 17:22:46 | 000,884,736 | ---- | C] () -- C:\WINDOWS\gmer.dll
[2008-12-09 23:08:21 | 000,000,230 | ---- | C] () -- C:\WINDOWS\EntPack.ini
[2008-11-23 16:14:29 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\AsIO.dll
[2008-11-23 16:14:29 | 000,012,664 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsIO.sys
[2008-11-23 16:14:26 | 000,012,096 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp64.sys
[2008-11-23 16:14:26 | 000,010,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp32.sys
[2008-10-10 21:39:14 | 000,002,245 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008-10-10 20:38:09 | 000,000,104 | ---- | C] () -- C:\WINDOWS\System32\ProxySettings.ini
[2008-10-10 20:38:08 | 000,000,124 | ---- | C] () -- C:\WINDOWS\System32\SDEarlyDelete.ini
[2008-09-09 03:14:37 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008-09-09 02:27:06 | 000,721,904 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2008-09-09 01:06:49 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008-09-09 01:06:49 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008-09-09 01:06:49 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008-09-09 01:06:48 | 000,005,120 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008-09-09 01:06:48 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2008-09-09 00:40:23 | 000,003,000 | R--- | C] () -- C:\WINDOWS\System32\SetupNT.sys
[2008-09-08 23:42:39 | 000,000,379 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008-09-08 19:30:10 | 000,014,731 | ---- | C] () -- C:\WINDOWS\Ascd_log.ini
[2008-09-08 19:29:51 | 000,014,693 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2008-09-08 19:29:51 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2008-09-08 19:29:43 | 000,010,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2006-10-30 19:35:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006-10-30 19:35:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2001-09-18 11:00:00 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\bmpproc.dll

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2008-09-08 19:23:59 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2008-10-10 21:57:01 | 000,000,223 | ---- | M] () -- C:\Boot.bak
[2009-12-22 12:19:36 | 000,000,293 | RHS- | M] () -- C:\boot.ini
[2001-08-24 08:00:00 | 000,004,952 | RHS- | M] () -- C:\Bootfont.bin
[2004-08-03 23:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
[2009-12-23 20:42:57 | 000,012,878 | ---- | M] () -- C:\ComboFix.txt
[2008-09-08 19:23:59 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2008-09-08 19:23:59 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010-07-20 13:34:41 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
[2008-09-08 19:23:59 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004-08-03 17:38:34 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2004-08-03 17:59:42 | 000,250,640 | RHS- | M] () -- C:\ntldr
[2010-07-20 13:21:26 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2008-09-08 19:38:02 | 000,000,582 | ---- | M] () -- C:\RHDSetup.log
[2009-03-20 22:46:27 | 000,002,993 | ---- | M] () -- C:\Rooter.txt
[2009-03-28 19:15:04 | 000,001,572 | ---- | M] () -- C:\TCleaner.txt
[2009-12-22 18:36:10 | 000,000,045 | ---- | M] () -- C:\TEST.XML

< %systemroot%\system32\*.wt >

< %systemroot%\system32\*.ruy >

< %systemroot%\Fonts\*.com >

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2008-09-08 19:23:31 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2003-06-19 01:31:48 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >
[2008-11-05 22:03:26 | 000,001,506 | -H-- | M] () -- C:\Documents and Settings\Jesica\Datos de programa\Microsoft\LastFlashConfig.WFC

< %PROGRAMFILES%\*.* >
[2009-08-11 00:48:26 | 000,000,728 | ---- | M] () -- C:\Archivos de programa\injsf.txt

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2008-09-08 16:11:04 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2008-09-08 16:11:04 | 000,667,648 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2008-09-08 16:11:04 | 000,471,040 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\user32.dll /md5 >
[2007-03-08 12:36:30 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=FED9881C07A301271F52B51389A028C9 -- C:\WINDOWS\system32\user32.dll

< %systemroot%\system32\ws2_32.dll /md5 >
[2004-08-19 10:42:32 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=B4A90738BA4355F187BD26D6C112082B -- C:\WINDOWS\system32\ws2_32.dll

< %systemroot%\system32\ws2help.dll /md5 >
[2004-08-19 10:42:32 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=0EDF3501370A14BEFB27526CD06FACEE -- C:\WINDOWS\system32\ws2help.dll

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-05-29 00:22:50

========== Alternate Data Streams ==========

@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Datos de programa\TEMP:D1E22E44
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Datos de programa\TEMP:931BB48A
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Datos de programa\TEMP:CB0AACC9
< End of report >
  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,709 posts
  • MVP
You have an infected USB drive.

Download, save and install Autorun Eater v2.4.
http://oldmcdonald.w...orun-eater-v24/


Copy the text in the code box by highlighting and Ctrl + c

:OTL
[2010-07-15 21:25:55 | 000,000,000 | RHS- | C] () -- C:\Documents and Settings\All Users\Documentos\khw
[2010-07-13 00:48:52 | 000,000,000 | RHS- | C] () -- C:\Documents and Settings\All Users\Documentos\khq
[2010-07-10 21:27:22 | 000,000,000 | RHS- | C] () -- C:\Documents and Settings\All Users\Documentos\khx
[2010-07-10 21:26:57 | 000,601,116 | ---- | C] () -- C:\Documents and Settings\All Users\Documentos\qndzrs.exe
SRV - File not found [Auto | Stopped] -- C:\Archivos de programa\TGTSoft\StyleXP\StyleXPService.exe -- (StyleXPService)
SRV - File not found [Auto | Stopped] -- -- (BackWeb Plug-in - 4476822)
DRV - File not found [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\drivers\alppfium.sys -- (vack)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\philcam2.sys -- (phil2vid)
DRV - File not found [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\drivers\hheausq.sys -- (kgznaszq)
DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\InCDRm.sys -- (InCDRm)
DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\InCDPass.sys -- (InCDPass)
DRV - File not found [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\InCDFs.sys -- (InCDFs)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\asyncmac.sys -- (AsyncMac)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} http://www.kaspersky.com/kos/spanish/kavwebscan_unicode.cab  (Reg Error: Key error.)
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} http://downloads.ewido.net/ewidoOnlineScan.cab (ewidoOnlineScan Control)
O33 - MountPoints2\{1a3828e4-8234-11dd-95bf-0018e727858b}\Shell\AutoRun\command - "" = J:\svchost.exe -- File not found

:Commands
[purity]
[emptytemp]
[Reboot]
then run OTL and Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the Run Fix button at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it to a reply.

Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Download but do not yet run ComboFix
:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Rename this file -- (call it george.exe ) to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Doubleclick on george to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.


A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Re-activate your protection programs at this time :!:


Ron
  • 0

#3
usa_akagi

usa_akagi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 61 posts
Also, while copying it, i noticed that the computer user is administrator. At the begining of the infection, one of the earliest things that happened was that after reboot a messege poped saying that it couldn't use my user....it might be related...or not... but since it is uncommon....

ComboFix 10-07-20.03 - Jesica 2010-07-21 12:09:12.10.1 - x86
Running from: c:\documents and settings\Jesica\Escritorio\george.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Jesica\Datos de programa\inst.exe
c:\windows\sysdat.dll
c:\windows\system32\Thumbs.db

c:\windows\system32\drivers\asyncmac.sys was missing
Restored copy from - c:\windows\ERDNT\cache\asyncmac.sys

.
((((((((((((((((((((((((( Files Created from 2010-06-21 to 2010-07-21 )))))))))))))))))))))))))))))))
.

2010-07-21 15:12 . 2004-08-03 21:05 14336 ----a-w- c:\windows\system32\drivers\asyncmac.sys
2010-07-21 15:12 . 2004-08-03 21:05 14336 ----a-w- c:\windows\system32\dllcache\asyncmac.sys
2010-07-21 14:55 . 2010-07-21 14:55 -------- d-----w- c:\documents and settings\All Users\Datos de programa\Autorun Eater
2010-07-21 14:49 . 2010-07-21 14:49 -------- d-----w- c:\archivos de programa\Autorun Eater
2010-07-20 23:13 . 2010-07-20 23:28 -------- d-----w- c:\documents and settings\All Users\Datos de programa\FarmFrenzy3_Madagascar
2010-07-20 23:11 . 2010-07-20 23:11 -------- d-----w- c:\archivos de programa\Alawar
2010-07-20 16:33 . 2010-04-29 18:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-20 16:33 . 2010-04-29 18:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-20 16:33 . 2010-07-20 16:34 -------- d-----w- c:\archivos de programa\Malwarebytes' Anti-Malware
2010-07-20 16:20 . 2010-07-20 16:20 -------- d-----w- c:\windows\system32\wbem\Repository
2010-07-18 20:09 . 2010-07-20 16:19 -------- d-----w- c:\archivos de programa\Personal Internet Movil
2010-07-16 00:19 . 2010-07-16 00:21 -------- d-----w- c:\documents and settings\Administrador.JESICA\Mis documentos
2010-07-15 18:59 . 2010-07-15 18:59 -------- d-----w- C:\found.009
2010-07-05 18:49 . 2010-07-05 18:49 -------- d-----w- c:\archivos de programa\Archivos comunes\L&H
2010-07-05 18:49 . 2010-07-05 18:49 -------- d-----w- c:\archivos de programa\Microsoft Works
2010-07-05 18:49 . 2010-07-05 18:49 -------- d-----w- c:\archivos de programa\Microsoft ActiveSync
2010-06-28 00:29 . 2010-06-28 00:29 503808 ----a-w- c:\documents and settings\Jesica\Datos de programa\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-65b4bad4-n\msvcp71.dll
2010-06-28 00:29 . 2010-06-28 00:29 499712 ----a-w- c:\documents and settings\Jesica\Datos de programa\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-65b4bad4-n\jmc.dll
2010-06-28 00:29 . 2010-06-28 00:29 348160 ----a-w- c:\documents and settings\Jesica\Datos de programa\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-65b4bad4-n\msvcr71.dll
2010-06-28 00:29 . 2010-06-28 00:29 -------- d-----w- c:\archivos de programa\Archivos comunes\Java
2010-06-28 00:29 . 2010-06-28 00:29 61440 ----a-w- c:\documents and settings\Jesica\Datos de programa\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-70196f66-n\decora-sse.dll
2010-06-28 00:29 . 2010-06-28 00:29 12800 ----a-w- c:\documents and settings\Jesica\Datos de programa\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-70196f66-n\decora-d3d.dll
2010-06-28 00:29 . 2010-06-28 00:28 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-28 00:28 . 2010-06-28 00:28 79488 ----a-w- c:\documents and settings\Jesica\Datos de programa\Sun\Java\jre1.6.0_20\gtapi.dll
2010-06-28 00:28 . 2010-06-28 00:28 152576 ----a-w- c:\documents and settings\Jesica\Datos de programa\Sun\Java\jre1.6.0_20\lzma.dll
2010-06-23 04:32 . 2010-07-21 07:38 -------- d-----w- c:\documents and settings\Jesica\Datos de programa\Mumble
2010-06-23 04:32 . 2010-06-23 04:32 -------- d-----w- c:\archivos de programa\Mumble

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-21 14:51 . 2008-09-09 05:27 -------- d-----w- c:\documents and settings\Jesica\Datos de programa\uTorrent
2010-07-20 16:20 . 2010-01-06 01:19 -------- d-----w- c:\archivos de programa\LeeGTs Games
2010-07-20 16:19 . 2010-07-16 00:28 -------- d-----w- c:\documents and settings\Administrador.JESICA\Datos de programa\uTorrent
2010-07-20 16:19 . 2009-08-06 03:15 -------- d-----w- c:\archivos de programa\Trojan Remover
2010-07-20 16:19 . 2010-03-27 02:52 -------- d-----w- c:\archivos de programa\TFE
2010-07-20 16:19 . 2009-10-06 17:59 -------- d-----w- c:\archivos de programa\Cheat Engine
2010-07-20 16:19 . 2009-09-10 07:53 -------- d-----w- c:\archivos de programa\Games
2010-07-20 15:48 . 2008-10-01 03:18 -------- d---a-w- c:\documents and settings\All Users\Datos de programa\TEMP
2010-07-20 04:41 . 2010-05-18 20:14 -------- d-----w- c:\archivos de programa\Crayon Physics Deluxe
2010-07-18 20:12 . 2001-08-24 11:00 76352 ----a-w- c:\windows\system32\perfc00A.dat
2010-07-18 20:12 . 2001-08-24 11:00 452990 ----a-w- c:\windows\system32\perfh00A.dat
2010-07-16 00:28 . 2008-09-09 05:27 -------- d-----w- c:\archivos de programa\uTorrent
2010-07-16 00:25 . 2010-07-16 00:25 -------- d-----w- c:\documents and settings\Administrador.JESICA\Datos de programa\Malwarebytes
2010-07-14 17:08 . 2009-10-01 17:45 -------- d-----w- c:\documents and settings\Jesica\Datos de programa\Skype
2010-07-14 16:53 . 2009-10-01 17:47 -------- d-----w- c:\documents and settings\Jesica\Datos de programa\skypePM
2010-07-14 00:53 . 2010-05-27 06:00 -------- d-----w- c:\archivos de programa\Ricochet Infinity
2010-07-11 17:51 . 2009-01-24 05:05 -------- d-----w- c:\documents and settings\All Users\Datos de programa\Sandlot Games
2010-07-03 06:15 . 2009-03-04 21:56 1146 ----a-w- c:\documents and settings\Jesica\Datos de programa\Creative\WebCam Monitor\Setting.sys
2010-06-21 21:34 . 2010-06-07 17:08 -------- d-----w- c:\archivos de programa\LRO
2010-06-20 23:51 . 2010-06-20 23:51 -------- d-----w- c:\archivos de programa\TegNet1.3.5
2010-06-20 23:51 . 2010-06-20 23:51 720896 ----a-w- c:\windows\iun6002ev.exe
2010-06-14 05:16 . 2009-03-04 21:56 476 ----a-w- c:\documents and settings\Jesica\Datos de programa\Creative\WebCam Monitor\CacheSetting.sys
2010-06-07 19:53 . 2009-11-28 16:02 -------- d-----w- c:\archivos de programa\Total Video Converter
2010-06-07 19:53 . 2010-03-18 00:27 -------- d-----w- c:\archivos de programa\TelecomArgentina
2010-06-07 19:53 . 2008-11-15 02:36 -------- d-----w- c:\archivos de programa\mp3DirectCut
2010-06-07 19:53 . 2009-05-03 23:44 -------- d-----w- c:\archivos de programa\hotkey
2010-06-07 19:53 . 2010-03-27 02:20 -------- d-----w- c:\archivos de programa\ARO
2010-06-07 19:53 . 2009-12-04 00:40 -------- d-----w- c:\archivos de programa\Atlas RO
2010-06-03 07:19 . 2010-05-27 05:41 -------- d-----w- c:\documents and settings\All Users\Datos de programa\FarmFrenzy3_Russia
2010-05-30 07:04 . 2010-05-27 05:39 -------- d-----w- c:\archivos de programa\Farm Frenzy 3 Russian Roulette
2010-05-27 19:44 . 2010-05-27 19:44 -------- d-----w- c:\archivos de programa\Bandai
2009-08-11 03:48 . 2009-08-11 03:48 728 ----a-w- c:\archivos de programa\injsf.txt
2009-12-21 17:16 . 2009-12-21 17:16 10240 --sha-w- c:\windows\rnapxs\Rnapxs.dat
2009-03-22 23:34 . 2009-03-22 23:25 188448 --sha-w- c:\windows\system32\drivers\fidbox.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"STYLEXP"="c:\archivos de programa\TGTSoft\StyleXP\StyleXP.exe" [2006-05-24 1372160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-06-10 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-10 13758464]
"avgnt"="c:\archivos de programa\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"SunJavaUpdateSched"="c:\archivos de programa\Archivos comunes\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Autorun Eater"="c:\archivos de programa\Autorun Eater\oldmcdonald.exe" [2009-05-27 549400]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0autocheck autochk *

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-03 10:43 69632 ------r- c:\windows\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-05-26 20:18 413696 ----a-w- c:\archivos de programa\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2007-02-26 07:03 16125440 ------r- c:\windows\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Archivos de programa\\uTorrent\\uTorrent.exe"=
"c:\\Archivos de programa\\Ventrilo\\Ventrilo.exe"=
"c:\\Archivos de programa\\Atlas RO\\AtlantisRO.exe"=
"c:\\Archivos de programa\\Ares\\Ares.exe"=
"c:\\Archivos de programa\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Archivos de programa\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Archivos de programa\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Archivos de programa\\Skype\\Phone\\Skype.exe"=

R3 CTL511Plus;Video Blaster WebCam 3/WebCam Plus (WDM);c:\windows\system32\DRIVERS\webc3vid.sys [2001-11-07 166504]
R3 ip100xp;ENCORE 10/100Mbps Fast Ethernet PCI Adapter NT Driver;c:\windows\system32\DRIVERS\ipfnd51.sys [2005-04-06 26752]
R3 Mkd2kfNt;Mkd2kfNt;c:\windows\system32\drivers\Mkd2kfNt.sys [2009-10-13 133632]
R3 Mkd2Nadr;Mkd2Nadr;c:\windows\system32\drivers\Mkd2Nadr.sys [2009-07-13 79360]
R3 MotDev;Motorola Inc. USB Device;c:\windows\system32\DRIVERS\motodrv.sys [2007-10-10 42112]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2009-06-29 721904]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\archivos de programa\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]

.
Contents of the 'Scheduled Tasks' folder

2010-07-21 c:\windows\Tasks\User_Feed_Synchronization-{08F50F74-2844-4602-B4B5-E00A36606543}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 07:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.daemon-search.com/startpage
uInternet Connection Wizard,ShellNext = ftp://ftp.f-secure.com/anti-virus/updates/fsupdate.exe
uInternet Settings,ProxyOverride = local
IE: E&xportar a Microsoft Excel - c:\archiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {6EE6D4FB-2967-4890-A22D-EBFA6825694F} = 192.168.1.1
TCP: {7C9D01D0-3096-4291-BEE7-9F1F6C645BB8} = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Jesica\Datos de programa\Mozilla\Firefox\Profiles\4l29m2nj.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.ar/ig?hl=es&source=iglk
FF - plugin: c:\archivos de programa\AhnLab\ASP\MyKeyDefense 2.5\npmkd25aos.dll
FF - plugin: c:\archivos de programa\Java\jre6\bin\new_plugin\npdeployJava1.dll

---- FIREFOX POLICIES ----
c:\archivos de programa\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\archivos de programa\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\archivos de programa\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\archivos de programa\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\archivos de programa\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\archivos de programa\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\archivos de programa\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\archivos de programa\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\archivos de programa\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\archivos de programa\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\archivos de programa\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\archivos de programa\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\archivos de programa\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\archivos de programa\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\archivos de programa\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\archivos de programa\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\archivos de programa\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\archivos de programa\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\archivos de programa\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\archivos de programa\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\archivos de programa\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\archivos de programa\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\archivos de programa\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\archivos de programa\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\archivos de programa\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

AddRemove-Kaspersky Online Scanner - c:\windows\system32\KASPER~1\KASPER~1\kavuninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-21 12:12
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2010-07-21 12:14:43
ComboFix-quarantined-files.txt 2010-07-21 15:14
ComboFix2.txt 2009-12-23 23:42

Pre-Run: 75,013,201,920 bytes libres
Post-Run: 74,970,484,736 bytes libres

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer

- - End Of File - - 6310E3F9162EE03787AF57C5F0BA59C0


All processes killed
========== OTL ==========
C:\Documents and Settings\All Users\Documentos\khw moved successfully.
C:\Documents and Settings\All Users\Documentos\khq moved successfully.
C:\Documents and Settings\All Users\Documentos\khx moved successfully.
C:\Documents and Settings\All Users\Documentos\qndzrs.exe moved successfully.
Service StyleXPService stopped successfully!
Service StyleXPService deleted successfully!
File C:\Archivos de programa\TGTSoft\StyleXP\StyleXPService.exe not found.
Service BackWeb Plug-in - 4476822 stopped successfully!
Service BackWeb Plug-in - 4476822 deleted successfully!
Service vack stopped successfully!
Service vack deleted successfully!
File C:\WINDOWS\System32\drivers\alppfium.sys not found.
Service phil2vid stopped successfully!
Service phil2vid deleted successfully!
File C:\WINDOWS\System32\DRIVERS\philcam2.sys not found.
Service kgznaszq stopped successfully!
Service kgznaszq deleted successfully!
File C:\WINDOWS\System32\drivers\hheausq.sys not found.
Service InCDRm stopped successfully!
Service InCDRm deleted successfully!
File C:\WINDOWS\System32\drivers\InCDRm.sys not found.
Service InCDPass stopped successfully!
Service InCDPass deleted successfully!
File C:\WINDOWS\System32\drivers\InCDPass.sys not found.
Service InCDFs stopped successfully!
Service InCDFs deleted successfully!
File C:\WINDOWS\System32\drivers\InCDFs.sys not found.
Service AsyncMac stopped successfully!
Service AsyncMac deleted successfully!
File C:\WINDOWS\System32\DRIVERS\asyncmac.sys not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\KernelFaultCheck deleted successfully.
Starting removal of ActiveX control {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75}
C:\WINDOWS\Downloaded Program Files\kavwebscan.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75}\ not found.
Starting removal of ActiveX control {193C772A-87BE-4B19-A7BB-445B226FE9A1}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{193C772A-87BE-4B19-A7BB-445B226FE9A1}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{193C772A-87BE-4B19-A7BB-445B226FE9A1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{193C772A-87BE-4B19-A7BB-445B226FE9A1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{193C772A-87BE-4B19-A7BB-445B226FE9A1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{193C772A-87BE-4B19-A7BB-445B226FE9A1}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1a3828e4-8234-11dd-95bf-0018e727858b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1a3828e4-8234-11dd-95bf-0018e727858b}\ not found.
File J:\svchost.exe not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrador
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Administrador.JESICA
->Temp folder emptied: 3000 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 11240 bytes
->Flash cache emptied: 3270 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 41620 bytes

User: Jesica
->Temp folder emptied: 489672943 bytes
->Temporary Internet Files folder emptied: 24339164 bytes
->Java cache emptied: 5496626 bytes
->FireFox cache emptied: 60424573 bytes
->Flash cache emptied: 275565 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 483 bytes
RecycleBin emptied: 740160068 bytes

Total Files Cleaned = 1,259.00 mb


OTL by OldTimer - Version 3.2.9.1 log created on 07212010_115205

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,709 posts
  • MVP
Copy the text between the lines of stars by highlighting and Ctrl + c.

******************************************

Killall:

DirLook::
C:\Program Files\Common
%user%\library

File::
c:\windows\system32\Drivers\sptd.sys
C:\Documents and Settings\Jesica\Escritorio\PotMaker.exe

Driver::
sptd


******************************************

Now open notepad (Start, Run, notepad, OK) and Ctrl + V to paste the text into Notepad. Make sure you got it all then File, SAVE AS, (to your Desktop), CFScript , OK. Close notepad. (Overwrite the old one if it's still there.) You should see a file CFScript.txt on your desktop.

Pause your anti-virus.

Drag it over to george and let it start as before.

Post the new log.

Also run OTL again, press the Quick Scan and post the log.


Run the free on-line scan from Bitdefender:

Copy the next line by highlighting and ctrl + c

http://www.bitdefend...nline/free.html

Close all programs and browsers. Start either IE or Firefox. Then click on the area where you put in the URL and paste (Ctrl + v). The line you copied should appear. Hit Enter. Do not run other programs or tabs while the scan is running. Copy and paste the report you get into a reply.

Ron

Ron
  • 0

#5
usa_akagi

usa_akagi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 61 posts
ComboFix 10-07-20.03 - Jesica 2010-07-23 13:00:22.11.1 - x86
Running from: c:\documents and settings\Jesica\Escritorio\george.exe
Command switches used :: c:\documents and settings\Jesica\Escritorio\CFScript.txt
* Created a new restore point

FILE ::
"c:\documents and settings\Jesica\Escritorio\PotMaker.exe"
"c:\windows\system32\Drivers\sptd.sys"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\Drivers\sptd.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SPTD
-------\Service_sptd


((((((((((((((((((((((((( Files Created from 2010-06-23 to 2010-07-23 )))))))))))))))))))))))))))))))
.

2010-07-22 18:28 . 2010-07-22 18:28 4096 ----a-w- c:\windows\system32\drivers\nocashio.sys
2010-07-21 15:14 . 2010-07-23 16:07 -------- d-----w- c:\windows\system32\config\systemprofile\Configuración local
2010-07-21 15:12 . 2004-08-03 21:05 14336 ----a-w- c:\windows\system32\drivers\asyncmac.sys
2010-07-21 15:12 . 2004-08-03 21:05 14336 ----a-w- c:\windows\system32\dllcache\asyncmac.sys
2010-07-21 14:55 . 2010-07-21 21:57 -------- d-----w- c:\documents and settings\All Users\Datos de programa\Autorun Eater
2010-07-21 14:49 . 2010-07-21 14:49 -------- d-----w- c:\archivos de programa\Autorun Eater
2010-07-20 23:13 . 2010-07-20 23:28 -------- d-----w- c:\documents and settings\All Users\Datos de programa\FarmFrenzy3_Madagascar
2010-07-20 23:11 . 2010-07-20 23:11 -------- d-----w- c:\archivos de programa\Alawar
2010-07-20 16:33 . 2010-04-29 18:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-20 16:33 . 2010-04-29 18:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-20 16:33 . 2010-07-20 16:34 -------- d-----w- c:\archivos de programa\Malwarebytes' Anti-Malware
2010-07-20 16:20 . 2010-07-20 16:20 -------- d-----w- c:\windows\system32\wbem\Repository
2010-07-18 20:09 . 2010-07-20 16:19 -------- d-----w- c:\archivos de programa\Personal Internet Movil
2010-07-16 00:19 . 2010-07-16 00:21 -------- d-----w- c:\documents and settings\Administrador.JESICA\Mis documentos
2010-07-15 18:59 . 2010-07-15 18:59 -------- d-----w- C:\found.009
2010-07-05 18:49 . 2010-07-05 18:49 -------- d-----w- c:\archivos de programa\Archivos comunes\L&H
2010-07-05 18:49 . 2010-07-05 18:49 -------- d-----w- c:\archivos de programa\Microsoft Works
2010-07-05 18:49 . 2010-07-05 18:49 -------- d-----w- c:\archivos de programa\Microsoft ActiveSync
2010-06-28 00:29 . 2010-06-28 00:29 503808 ----a-w- c:\documents and settings\Jesica\Datos de programa\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-65b4bad4-n\msvcp71.dll
2010-06-28 00:29 . 2010-06-28 00:29 499712 ----a-w- c:\documents and settings\Jesica\Datos de programa\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-65b4bad4-n\jmc.dll
2010-06-28 00:29 . 2010-06-28 00:29 348160 ----a-w- c:\documents and settings\Jesica\Datos de programa\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-65b4bad4-n\msvcr71.dll
2010-06-28 00:29 . 2010-06-28 00:29 -------- d-----w- c:\archivos de programa\Archivos comunes\Java
2010-06-28 00:29 . 2010-06-28 00:29 61440 ----a-w- c:\documents and settings\Jesica\Datos de programa\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-70196f66-n\decora-sse.dll
2010-06-28 00:29 . 2010-06-28 00:29 12800 ----a-w- c:\documents and settings\Jesica\Datos de programa\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-70196f66-n\decora-d3d.dll
2010-06-28 00:29 . 2010-06-28 00:28 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-28 00:28 . 2010-06-28 00:28 79488 ----a-w- c:\documents and settings\Jesica\Datos de programa\Sun\Java\jre1.6.0_20\gtapi.dll
2010-06-28 00:28 . 2010-06-28 00:28 152576 ----a-w- c:\documents and settings\Jesica\Datos de programa\Sun\Java\jre1.6.0_20\lzma.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-23 15:53 . 2008-09-09 05:27 -------- d-----w- c:\documents and settings\Jesica\Datos de programa\uTorrent
2010-07-23 05:44 . 2010-06-23 04:32 -------- d-----w- c:\documents and settings\Jesica\Datos de programa\Mumble
2010-07-20 16:20 . 2010-01-06 01:19 -------- d-----w- c:\archivos de programa\LeeGTs Games
2010-07-20 16:19 . 2010-07-16 00:28 -------- d-----w- c:\documents and settings\Administrador.JESICA\Datos de programa\uTorrent
2010-07-20 16:19 . 2009-08-06 03:15 -------- d-----w- c:\archivos de programa\Trojan Remover
2010-07-20 16:19 . 2010-03-27 02:52 -------- d-----w- c:\archivos de programa\TFE
2010-07-20 16:19 . 2009-10-06 17:59 -------- d-----w- c:\archivos de programa\Cheat Engine
2010-07-20 16:19 . 2009-09-10 07:53 -------- d-----w- c:\archivos de programa\Games
2010-07-20 15:48 . 2008-10-01 03:18 -------- d---a-w- c:\documents and settings\All Users\Datos de programa\TEMP
2010-07-20 04:41 . 2010-05-18 20:14 -------- d-----w- c:\archivos de programa\Crayon Physics Deluxe
2010-07-18 20:12 . 2001-08-24 11:00 76352 ----a-w- c:\windows\system32\perfc00A.dat
2010-07-18 20:12 . 2001-08-24 11:00 452990 ----a-w- c:\windows\system32\perfh00A.dat
2010-07-16 00:28 . 2008-09-09 05:27 -------- d-----w- c:\archivos de programa\uTorrent
2010-07-16 00:25 . 2010-07-16 00:25 -------- d-----w- c:\documents and settings\Administrador.JESICA\Datos de programa\Malwarebytes
2010-07-14 17:08 . 2009-10-01 17:45 -------- d-----w- c:\documents and settings\Jesica\Datos de programa\Skype
2010-07-14 16:53 . 2009-10-01 17:47 -------- d-----w- c:\documents and settings\Jesica\Datos de programa\skypePM
2010-07-14 00:53 . 2010-05-27 06:00 -------- d-----w- c:\archivos de programa\Ricochet Infinity
2010-07-11 17:51 . 2009-01-24 05:05 -------- d-----w- c:\documents and settings\All Users\Datos de programa\Sandlot Games
2010-07-03 06:15 . 2009-03-04 21:56 1146 ----a-w- c:\documents and settings\Jesica\Datos de programa\Creative\WebCam Monitor\Setting.sys
2010-06-23 04:32 . 2010-06-23 04:32 -------- d-----w- c:\archivos de programa\Mumble
2010-06-21 21:34 . 2010-06-07 17:08 -------- d-----w- c:\archivos de programa\LRO
2010-06-20 23:51 . 2010-06-20 23:51 -------- d-----w- c:\archivos de programa\TegNet1.3.5
2010-06-20 23:51 . 2010-06-20 23:51 720896 ----a-w- c:\windows\iun6002ev.exe
2010-06-14 05:16 . 2009-03-04 21:56 476 ----a-w- c:\documents and settings\Jesica\Datos de programa\Creative\WebCam Monitor\CacheSetting.sys
2010-06-07 19:53 . 2009-11-28 16:02 -------- d-----w- c:\archivos de programa\Total Video Converter
2010-06-07 19:53 . 2010-03-18 00:27 -------- d-----w- c:\archivos de programa\TelecomArgentina
2010-06-07 19:53 . 2008-11-15 02:36 -------- d-----w- c:\archivos de programa\mp3DirectCut
2010-06-07 19:53 . 2009-05-03 23:44 -------- d-----w- c:\archivos de programa\hotkey
2010-06-07 19:53 . 2010-03-27 02:20 -------- d-----w- c:\archivos de programa\ARO
2010-06-07 19:53 . 2009-12-04 00:40 -------- d-----w- c:\archivos de programa\Atlas RO
2010-06-03 07:19 . 2010-05-27 05:41 -------- d-----w- c:\documents and settings\All Users\Datos de programa\FarmFrenzy3_Russia
2010-05-30 07:04 . 2010-05-27 05:39 -------- d-----w- c:\archivos de programa\Farm Frenzy 3 Russian Roulette
2010-05-27 19:44 . 2010-05-27 19:44 -------- d-----w- c:\archivos de programa\Bandai
2009-08-11 03:48 . 2009-08-11 03:48 728 ----a-w- c:\archivos de programa\injsf.txt
2009-12-21 17:16 . 2009-12-21 17:16 10240 --sha-w- c:\windows\rnapxs\Rnapxs.dat
2009-03-22 23:34 . 2009-03-22 23:25 188448 --sha-w- c:\windows\system32\drivers\fidbox.dat
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of %user%\library ----


---- Directory of c:\program files\Common ----



((((((((((((((((((((((((((((( [email protected]_15.12.52 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-07-23 16:08 . 2010-07-23 16:08 16384 c:\windows\temp\Perflib_Perfdata_620.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"STYLEXP"="c:\archivos de programa\TGTSoft\StyleXP\StyleXP.exe" [2006-05-24 1372160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-06-10 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-10 13758464]
"avgnt"="c:\archivos de programa\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"SunJavaUpdateSched"="c:\archivos de programa\Archivos comunes\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Autorun Eater"="c:\archivos de programa\Autorun Eater\oldmcdonald.exe" [2009-05-27 549400]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0autocheck autochk *

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-03 10:43 69632 ------r- c:\windows\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-05-26 20:18 413696 ----a-w- c:\archivos de programa\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2007-02-26 07:03 16125440 ------r- c:\windows\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Archivos de programa\\uTorrent\\uTorrent.exe"=
"c:\\Archivos de programa\\Ventrilo\\Ventrilo.exe"=
"c:\\Archivos de programa\\Atlas RO\\AtlantisRO.exe"=
"c:\\Archivos de programa\\Ares\\Ares.exe"=
"c:\\Archivos de programa\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Archivos de programa\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Archivos de programa\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Archivos de programa\\Skype\\Phone\\Skype.exe"=

R3 CTL511Plus;Video Blaster WebCam 3/WebCam Plus (WDM);c:\windows\system32\DRIVERS\webc3vid.sys [2001-11-07 166504]
R3 ip100xp;ENCORE 10/100Mbps Fast Ethernet PCI Adapter NT Driver;c:\windows\system32\DRIVERS\ipfnd51.sys [2005-04-06 26752]
R3 Mkd2kfNt;Mkd2kfNt;c:\windows\system32\drivers\Mkd2kfNt.sys [2009-10-13 133632]
R3 Mkd2Nadr;Mkd2Nadr;c:\windows\system32\drivers\Mkd2Nadr.sys [2009-07-13 79360]
R3 MotDev;Motorola Inc. USB Device;c:\windows\system32\DRIVERS\motodrv.sys [2007-10-10 42112]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\archivos de programa\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]

.
Contents of the 'Scheduled Tasks' folder

2010-07-23 c:\windows\Tasks\User_Feed_Synchronization-{08F50F74-2844-4602-B4B5-E00A36606543}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 07:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.daemon-search.com/startpage
uInternet Connection Wizard,ShellNext = ftp://ftp.f-secure.com/anti-virus/updates/fsupdate.exe
uInternet Settings,ProxyOverride = local
IE: E&xportar a Microsoft Excel - c:\archiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {6EE6D4FB-2967-4890-A22D-EBFA6825694F} = 192.168.1.1
TCP: {7C9D01D0-3096-4291-BEE7-9F1F6C645BB8} = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Jesica\Datos de programa\Mozilla\Firefox\Profiles\4l29m2nj.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.ar/ig?hl=es&source=iglk
FF - plugin: c:\archivos de programa\AhnLab\ASP\MyKeyDefense 2.5\npmkd25aos.dll
FF - plugin: c:\archivos de programa\Java\jre6\bin\new_plugin\npdeployJava1.dll

---- FIREFOX POLICIES ----
c:\archivos de programa\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\archivos de programa\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\archivos de programa\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\archivos de programa\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\archivos de programa\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\archivos de programa\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\archivos de programa\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\archivos de programa\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\archivos de programa\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\archivos de programa\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\archivos de programa\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\archivos de programa\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\archivos de programa\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\archivos de programa\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\archivos de programa\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\archivos de programa\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\archivos de programa\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\archivos de programa\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\archivos de programa\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\archivos de programa\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\archivos de programa\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\archivos de programa\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\archivos de programa\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\archivos de programa\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\archivos de programa\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-23 13:09
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2548)
c:\windows\system32\WININET.dll
c:\windows\system32\wpdshext.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\Audiodev.dll
c:\windows\system32\WMVCore.DLL
c:\windows\system32\WMASF.DLL
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\archivos de programa\Avira\AntiVir Desktop\avguard.exe
c:\archivos de programa\Java\jre6\bin\jqs.exe
c:\archivos de programa\Common Files\Motive\McciCMService.exe
c:\archivos de programa\Archivos comunes\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\wscntfy.exe
c:\windows\system32\RUNDLL32.EXE
c:\archivos de programa\Autorun Eater\billy.exe
.
**************************************************************************
.
Completion time: 2010-07-23 13:15:21 - machine was rebooted
ComboFix-quarantined-files.txt 2010-07-23 16:15
ComboFix2.txt 2010-07-21 15:14
ComboFix3.txt 2009-12-23 23:42

Pre-Run: 69,294,903,296 bytes libres
Post-Run: 69,186,891,776 bytes libres

- - End Of File - - D54E27E6A0DE96E2EEC3A0C65BD264A3


QuickScan Beta 32-bit v0.9.9.23
-------------------------------
Scan date: Fri Jul 23 13:37:07 2010
Machine ID: 4B06EEBD

C:\Archivos de programa\Mozilla Firefox - could not be accessed


No infection found.
-------------------



Processes
---------
<unsigned> AntiVir Desktop 2508 C:\archivos de programa\avira\antivir desktop\avcenter.exe
<unsigned> AntiVir Desktop 3416 C:\Archivos de programa\Avira\AntiVir Desktop\avgnt.exe
<unsigned> AntiVir Desktop 1320 C:\Archivos de programa\Avira\AntiVir Desktop\avguard.exe
<unsigned> AntiVir Desktop 1304 C:\Archivos de programa\Avira\AntiVir Desktop\sched.exe
<unsigned> Billy The Goat 3788 C:\Archivos de programa\Autorun Eater\billy.exe
<unsigned> mcci+McciCMService 1600 C:\Archivos de programa\Common Files\Motive\McciCMService.exe
<unsigned> NVIDIA Driver Helper Service, Version 1 764 C:\WINDOWS\system32\nvsvc32.exe
<unsigned> Old McDonald 3412 C:\Archivos de programa\Autorun Eater\oldmcdonald.exe
<unsigned> StyleXP Application 3564 C:\Archivos de programa\TGTSoft\StyleXP\StyleXP.exe

<verified> Firefox 3784 C:\Archivos de programa\Mozilla Firefox\firefox.exe
<verified> Firefox 1908 C:\Archivos de programa\Mozilla Firefox\plugin-container.exe
<verified> Java™ Platform SE 6 U20 1568 C:\Archivos de programa\Java\jre6\bin\jqs.exe
<verified> Java™ Platform SE Auto Updater 2 0 3428 C:\Archivos de programa\Archivos comunes\Java\Java Update\jusched.exe
<verified> Microsoft® Visual Studio .NET 1680 C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7DEBUG\MDM.EXE
<verified> Microsoft® Windows® Operating System 280 C:\WINDOWS\System32\alg.exe
<verified> Microsoft® Windows® Operating System 524 C:\WINDOWS\system32\csrss.exe
<verified> Microsoft® Windows® Operating System 604 C:\WINDOWS\system32\lsass.exe
<verified> Microsoft® Windows® Operating System 1264 C:\WINDOWS\system32\spoolsv.exe
<verified> Microsoft® Windows® Operating System 1148 C:\WINDOWS\system32\svchost.exe
<verified> Microsoft® Windows® Operating System 984 C:\WINDOWS\system32\svchost.exe
<verified> Microsoft® Windows® Operating System 1740 C:\WINDOWS\system32\svchost.exe
<verified> Microsoft® Windows® Operating System 916 C:\WINDOWS\System32\svchost.exe
<verified> Microsoft® Windows® Operating System 848 C:\WINDOWS\system32\svchost.exe
<verified> Microsoft® Windows® Operating System 796 C:\WINDOWS\System32\svchost.exe
<verified> Microsoft® Windows® Operating System 788 C:\WINDOWS\system32\svchost.exe
<verified> Microsoft® Windows® Operating System 1384 C:\WINDOWS\system32\svchost.exe
<verified> Microsoft® Windows® Operating System 2716 C:\WINDOWS\system32\wscntfy.exe
<verified> Microsoft® Windows® Operating System 3456 C:\WINDOWS\system32\wuauclt.exe
<verified> Sistema operativo Microsoft® Windows® 2548 C:\WINDOWS\explorer.exe
<verified> Sistema operativo Microsoft® Windows® 3372 C:\WINDOWS\system32\RUNDLL32.EXE
<verified> Sistema operativo Microsoft® Windows® 592 C:\WINDOWS\system32\services.exe
<verified> Sistema operativo Microsoft® Windows® 468 C:\WINDOWS\System32\smss.exe
<verified> Sistema operativo Microsoft® Windows® 548 C:\WINDOWS\system32\winlogon.exe


Network activity
----------------
Process firefox.exe (3784) connected on port 80 (HTTP) --> 199.7.52.190
Process firefox.exe (3784) connected on port 80 (HTTP) --> 173.222.69.115
Process firefox.exe (3784) connected on port 80 (HTTP) --> 200.123.197.168
Process firefox.exe (3784) connected on port 80 (HTTP) --> 200.123.197.168
Process firefox.exe (3784) connected on port 80 (HTTP) --> 200.123.197.226
Process firefox.exe (3784) connected on port 80 (HTTP) --> 209.85.195.100
Process firefox.exe (3784) connected on port 80 (HTTP) --> 66.220.156.18
Process firefox.exe (3784) connected on port 80 (HTTP) --> 72.14.253.93
Process firefox.exe (3784) connected on port 80 (HTTP) --> 200.123.197.168
Process firefox.exe (3784) connected on port 80 (HTTP) --> 199.7.71.190
Process firefox.exe (3784) connected on port 80 (HTTP) --> 200.123.197.169
Process firefox.exe (3784) connected on port 80 (HTTP) --> 209.85.195.100
Process firefox.exe (3784) connected on port 80 (HTTP) --> 209.85.195.100
Process firefox.exe (3784) connected on port 80 (HTTP) --> 209.85.195.118
Process firefox.exe (3784) connected on port 80 (HTTP) --> 200.123.197.168
Process firefox.exe (3784) connected on port 80 (HTTP) --> 209.85.195.100

Process svchost.exe (848) listens on ports: 135 (RPC)
Process svchost.exe (1148) listens on ports: 2869 (SSDP event notification, UPNP)


Autoruns and critical files
---------------------------
<unsigned> AntiVir Desktop C:\Archivos de programa\Avira\AntiVir Desktop\avgnt.exe
<unsigned> NVIDIA Compatible Windows 2000 Display C:\WINDOWS\system32\NvCpl.dll
<unsigned> NVIDIA Media Center Library C:\WINDOWS\system32\nvmctray.dll
<unsigned> Old McDonald C:\Archivos de programa\Autorun Eater\oldmcdonald.exe
<unsigned> StyleXP Application C:\Archivos de programa\TGTSoft\StyleXP\StyleXP.exe

<verified> Java™ Platform SE Auto Updater 2 0 C:\Archivos de programa\Archivos comunes\Java\Java Update\jusched.exe
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\browseui.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\cryptnet.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\WPDShServiceObj.dll
<verified> Programa de Ventajas de Windows Origina C:\WINDOWS\system32\WgaLogon.dll
<verified> Sistema operativo Microsoft® Windows® C:\WINDOWS\system32\crypt32.dll
<verified> Sistema operativo Microsoft® Windows® C:\WINDOWS\system32\cscdll.dll
<verified> Sistema operativo Microsoft® Windows® C:\WINDOWS\system32\LogonUI.EXE
<verified> Sistema operativo Microsoft® Windows® C:\WINDOWS\system32\sclgntfy.dll
<verified> Sistema operativo Microsoft® Windows® C:\WINDOWS\system32\shell32.dll
<verified> Sistema operativo Microsoft® Windows® C:\WINDOWS\system32\stobject.dll
<verified> Sistema operativo Microsoft® Windows® c:\windows\system32\userinit.exe
<verified> Sistema operativo Microsoft® Windows® C:\WINDOWS\system32\wlnotify.dll
<verified> Windows® Internet Explorer C:\WINDOWS\system32\msfeedssync.exe
<verified> Windows® Internet Explorer C:\WINDOWS\system32\webcheck.dll


Browser plugins
---------------
<unsigned> QuickTime Plug-in 7.6.2 C:\Archivos de programa\Mozilla Firefox\plugins\npqtplugin.dll
<unsigned> QuickTime Plug-in 7.6.2 C:\Archivos de programa\Mozilla Firefox\plugins\npqtplugin2.dll
<unsigned> QuickTime Plug-in 7.6.2 C:\Archivos de programa\Mozilla Firefox\plugins\npqtplugin3.dll
<unsigned> QuickTime Plug-in 7.6.2 C:\Archivos de programa\Mozilla Firefox\plugins\npqtplugin4.dll
<unsigned> QuickTime Plug-in 7.6.2 C:\Archivos de programa\Mozilla Firefox\plugins\npqtplugin5.dll
<unsigned> QuickTime Plug-in 7.6.2 C:\Archivos de programa\Mozilla Firefox\plugins\npqtplugin6.dll
<unsigned> QuickTime Plug-in 7.6.2 C:\Archivos de programa\Mozilla Firefox\plugins\npqtplugin7.dll
<unsigned> Shockwave for Director C:\WINDOWS\system32\Adobe\Director\np32dsw.dll

<verified> AcroIEHelperShim Library c:\archivos de programa\archivos comunes\adobe\acrobat\activex\acroiehelpershim.dll
<verified> Adobe Acrobat C:\Archivos de programa\Internet Explorer\plugins\nppdf32.dll
<verified> Adobe Acrobat C:\Archivos de programa\Mozilla Firefox\plugins\nppdf32.dll
<verified> Adobe® Flash® Player ActiveX C:\WINDOWS\Downloaded Program Files\CONFLICT.1\FP_AX_CAB_INSTALLER.exe
<verified> Adobe® Flash® Player ActiveX C:\WINDOWS\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe
<verified> AhnLab MyKeyDefense 2.5 C:\Archivos de programa\AhnLab\ASP\MyKeyDefense 2.5\npmkd25aos.dll
<verified> BitDefender QuickScan C:\Documents and Settings\Jesica\Datos de programa\Mozilla\Firefox\Profiles\4l29m2nj.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
<verified> BitDefender QuickScan C:\Documents and Settings\Jesica\Datos de programa\Mozilla\Firefox\Profiles\4l29m2nj.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
<verified> ewido anti-spyware C:\WINDOWS\Downloaded Program Files\ewidoOnlineScan.dll
<verified> Java Deployment Toolkit 6.0.200.2 C:\Archivos de programa\Mozilla Firefox\plugins\npdeployJava1.dll
<verified> Java™ Platform SE 6 U20 c:\archivos de programa\java\jre6\bin\jp2ssv.dll
<verified> Java™ Platform SE 6 U20 c:\archivos de programa\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
<verified> Messenger C:\Archivos de programa\Messenger\msmsgs.exe
<verified> Microsoft Office 2003 C:\Archivos de programa\Mozilla Firefox\plugins\NPOFFICE.DLL
<verified> Microsoft® Windows Live Login Helper c:\archivos de programa\archivos comunes\microsoft shared\windows live\windowslivelogin.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\rsvpsp.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\winrnr.dll
<verified> Mozilla Default Plug-in C:\Archivos de programa\Mozilla Firefox\plugins\npnul32.dll
<verified> MSN® Games by Zone.com C:\WINDOWS\Downloaded Program Files\MessengerStatsPAClient.dll
<verified> MSN® Games by Zone.com C:\WINDOWS\Downloaded Program Files\MineSweeper.dll
<verified> MSN® Games by Zone.com C:\WINDOWS\Downloaded Program Files\MJSS.ocx
<verified> MSN® Games by Zone.com C:\WINDOWS\Downloaded Program Files\SolitaireShowdown.dll
<verified> NPSWF32.dll C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
<verified> Sistema operativo Microsoft® Windows® C:\WINDOWS\system32\mswsock.dll
<verified> System Requirements Lab C:\WINDOWS\Downloaded Program Files\sysreqlab_nvd.dll
<verified> UNO Messenger C:\WINDOWS\Downloaded Program Files\GAME_UNO1.dll
<verified> Windows® Internet Explorer C:\WINDOWS\system32\ieframe.dll


Missing files
-------------
File not found: C:\Archivos de programa\TGTSoft\StyleXP\StyleXPService.exe
referenced in: HKLM\System\ControlSet001\services\StyleXPService\"ImagePath"

File not found: System32\Drivers\sptd.sys
referenced in: HKLM\System\ControlSet001\services\sptd\"ImagePath"

File not found: system32\drivers\InCDFs.sys
referenced in: HKLM\System\ControlSet001\services\InCDFs\"ImagePath"

File not found: system32\drivers\InCDPass.sys
referenced in: HKLM\System\ControlSet001\services\InCDPass\"ImagePath"

File not found: system32\drivers\InCDRm.sys
referenced in: HKLM\System\ControlSet001\services\InCDRm\"ImagePath"


Scan
----
<unsigned> MD5: 8b46d5a1d3ef08232c04d0eafb871fb2 C:\Archivos de programa\Archivos comunes\Adobe Systems Shared\Service\Adobelmsvc.exe
<unsigned> MD5: daf66902f08796f9c694901660e5a64a C:\Archivos de programa\Archivos comunes\InstallShield\Driver\1150\Intel 32\IDriverT.exe
<unsigned> MD5: 1cf03c69b49acb70c722df92755c0c8c C:\Archivos de programa\Archivos comunes\InstallShield\Driver\11\Intel 32\IDriverT.exe
<unsigned> MD5: ad59ae6e7421dde816dc1649c794959e C:\Archivos de programa\Ares\chatServer.exe
<unsigned> MD5: e2acab35e410269bc16a3e14fb0396ae C:\Archivos de programa\Autorun Eater\billy.exe
<unsigned> MD5: 61013cb7f9c1f2febe80cc0596b20151 C:\Archivos de programa\Autorun Eater\oldmcdonald.exe
<unsigned> MD5: 7e3d9e781e7d2e099bd424b188fbc9aa C:\Archivos de programa\Avira\AntiVir Desktop\aebb.dll
<unsigned> MD5: abbcb1867ad6c83615ef99220b25a3ad C:\Archivos de programa\Avira\AntiVir Desktop\aecore.dll
<unsigned> MD5: 2364e3d43e8839ae6f47d4ca9ae05762 C:\Archivos de programa\Avira\AntiVir Desktop\aeemu.dll
<unsigned> MD5: 699ed273e38fc99c76b8d0af335919ab C:\Archivos de programa\Avira\AntiVir Desktop\aegen.dll
<unsigned> MD5: 282ff189aa970391cf1b7544a1a8a383 C:\Archivos de programa\Avira\AntiVir Desktop\aehelp.dll
<unsigned> MD5: 948cb2f7b069d13dbaa4be2ee15c411e C:\Archivos de programa\Avira\AntiVir Desktop\aeheur.dll
<unsigned> MD5: 76ae96973eecfa76a88264fd873e5b26 C:\Archivos de programa\Avira\AntiVir Desktop\aeoffice.dll
<unsigned> MD5: 24d418e29e98694727f9829720195d1b C:\Archivos de programa\Avira\AntiVir Desktop\aepack.dll
<unsigned> MD5: c56e00c5335383893257c5b1c1334d9c C:\Archivos de programa\Avira\AntiVir Desktop\aerdl.dll
<unsigned> MD5: f3a07c983a0ee71d150bcff15f6b40ec C:\Archivos de programa\Avira\AntiVir Desktop\aesbx.dll
<unsigned> MD5: 2ee40bd646ae9e2aea3282f2c86a05ad C:\Archivos de programa\Avira\AntiVir Desktop\aescn.dll
<unsigned> MD5: 44814f9a618e8af08c084b80fcd0bd7d C:\Archivos de programa\Avira\AntiVir Desktop\aescript.dll
<unsigned> MD5: 4ce4611f7003ada2198b9e9646a00d09 C:\Archivos de programa\Avira\AntiVir Desktop\aevdf.dll
<unsigned> MD5: fb080b91571e915d1fdf0d8cf6736fa2 C:\archivos de programa\avira\antivir desktop\avcenter.exe
<unsigned> MD5: 8c3372e134e788ccb190913075619948 C:\Archivos de programa\Avira\AntiVir Desktop\avevtlog.dll
<unsigned> MD5: e6279db37754828a2f5016fdeea25a0f C:\Archivos de programa\Avira\AntiVir Desktop\avgio.dll
<unsigned> MD5: 29680a793f690eef4aaa68479d2a6df8 C:\Archivos de programa\Avira\AntiVir Desktop\avgnt.exe
<unsigned> MD5: b8720a787c1223492e6f319465e996ce C:\Archivos de programa\Avira\AntiVir Desktop\avguard.exe
<unsigned> MD5: 2013fba8166c3ef321f15917a4957b9f C:\Archivos de programa\Avira\AntiVir Desktop\avipc.dll
<unsigned> MD5: fb8e5afbd9f99446888ed1df354ad28b C:\Archivos de programa\Avira\AntiVir Desktop\avpref.dll
<unsigned> MD5: d94ace18f4f929f1eb5793cc3cef927d C:\Archivos de programa\Avira\AntiVir Desktop\avscan.dll
<unsigned> MD5: 84882c43f7fe42e3fc59afeb925cbb6a C:\Archivos de programa\Avira\AntiVir Desktop\ccev.dll
<unsigned> MD5: d95c706228f1e16d7346b91265b1bcee C:\Archivos de programa\Avira\AntiVir Desktop\ccevrc.dll
<unsigned> MD5: 6773f1370b793da385eb8b476595c103 C:\Archivos de programa\Avira\AntiVir Desktop\ccgen.dll
<unsigned> MD5: 8dbc6f2f6f04003eed51744ef3a6539e C:\Archivos de programa\Avira\AntiVir Desktop\ccgenrc.dll
<unsigned> MD5: 8ba9b411cf48d13115ebcb071c0463d3 C:\Archivos de programa\Avira\AntiVir Desktop\ccgrdrc.dll
<unsigned> MD5: ce1fccfc91c0a14de738d03d252f87b1 C:\Archivos de programa\Avira\AntiVir Desktop\ccguard.dll
<unsigned> MD5: 580d9dc5effbfef0b2a2186f947bf3ea C:\Archivos de programa\Avira\AntiVir Desktop\cclib.dll
<unsigned> MD5: e77b57b521e5212f341338cc7c4adcdc C:\Archivos de programa\Avira\AntiVir Desktop\cclic.dll
<unsigned> MD5: 3a37ce4877ec2c1d9b6650ac2958855a C:\Archivos de programa\Avira\AntiVir Desktop\cclicrc.dll
<unsigned> MD5: 2bfa5a936b02aaa39d1aba1f9e936b7f C:\Archivos de programa\Avira\AntiVir Desktop\ccmainrc.dll
<unsigned> MD5: 1d03cc5a2ee7204e7222405f71841fc2 C:\Archivos de programa\Avira\AntiVir Desktop\ccmsg.dll
<unsigned> MD5: f9f8c7319361e813347a333a36a6d7f0 C:\Archivos de programa\Avira\AntiVir Desktop\ccprofil.dll
<unsigned> MD5: 5ec8312b9204fa4760794b4cc050ba38 C:\Archivos de programa\Avira\AntiVir Desktop\ccquamgr.dll
<unsigned> MD5: 43dc5391d552c4c487d6b4090916a887 C:\Archivos de programa\Avira\AntiVir Desktop\ccquarc.dll
<unsigned> MD5: 1fc87bd68650ce6b24a7687725420be7 C:\Archivos de programa\Avira\AntiVir Desktop\ccreporc.dll
<unsigned> MD5: 3bed3e20f833d79521a0ca28a5633279 C:\Archivos de programa\Avira\AntiVir Desktop\ccreport.dll
<unsigned> MD5: cd3de246a3b1fb9204db25033cdf2233 C:\Archivos de programa\Avira\AntiVir Desktop\ccscanrc.dll
<unsigned> MD5: 7e15361dda3670f001c969722b0ea439 C:\Archivos de programa\Avira\AntiVir Desktop\ccsched.dll
<unsigned> MD5: eb96817dbad6e0af1dd0da73baa2ec66 C:\Archivos de programa\Avira\AntiVir Desktop\ccscherc.dll
<unsigned> MD5: bbad858e1680c918c89adb48af59e275 C:\Archivos de programa\Avira\AntiVir Desktop\cctpc.dll
<unsigned> MD5: 2a13898f9aac250ead07c7267b16c49d C:\Archivos de programa\Avira\AntiVir Desktop\ccupdate.dll
<unsigned> MD5: 7a62407e622d28df44ec3a7ab849a9c8 C:\Archivos de programa\Avira\AntiVir Desktop\ccupdrc.dll
<unsigned> MD5: c1cfbd76fa002c045a01628c5c0276d2 C:\Archivos de programa\Avira\AntiVir Desktop\guardmsg.dll
<unsigned> MD5: 9015bc03f62940527ec92d45ee89e46f C:\Archivos de programa\Avira\AntiVir Desktop\sched.exe
<unsigned> MD5: 6f4600130b890bc8559d05be9195e869 C:\Archivos de programa\Avira\AntiVir Desktop\schedr.dll
<unsigned> MD5: 4dad5d05d96d57da36f61c40d3fb7241 C:\Archivos de programa\Avira\AntiVir Desktop\smtplib.dll
<unsigned> MD5: 22064f0107f144acaa6bf444ebaca212 C:\Archivos de programa\Avira\AntiVir Desktop\sqlite3.dll
<unsigned> MD5: baf397762779d94bb92db5c5c5aba132 C:\Archivos de programa\Avira\AntiVir Desktop\updaterc.dll
<unsigned> MD5: 2664e0b37669ed4397cd173dbef1a4c8 C:\Archivos de programa\Common Files\Motive\McciCMService.exe
<unsigned> MD5: 80b2ec735495823ae5771a5f603e73bd C:\Archivos de programa\Common Files\Motive\MREMP50.sys
<unsigned> MD5: 37d7c22f7e26da90e2d2d260e5d27846 C:\Archivos de programa\Common Files\Motive\MRESP50.sys
<unsigned> MD5: 86f1895ae8c5e8b17d99ece768a70732 C:\Archivos de programa\Java\jre6\bin\msvcr71.dll
<unsigned> MD5: 58052b16bb86622a8095e5e247cf83a0 C:\Archivos de programa\Mozilla Firefox\freebl3.dll
<unsigned> MD5: 583806dfb32793b02a85ccbfc5fe0862 C:\Archivos de programa\Mozilla Firefox\nssdbm3.dll
<unsigned> MD5: b7b0016f93165ef54e59894e6b464106 C:\Archivos de programa\Mozilla Firefox\plugins\npqtplugin.dll
<unsigned> MD5: b7b0016f93165ef54e59894e6b464106 C:\Archivos de programa\Mozilla Firefox\plugins\npqtplugin2.dll
<unsigned> MD5: b7b0016f93165ef54e59894e6b464106 C:\Archivos de programa\Mozilla Firefox\plugins\npqtplugin3.dll
<unsigned> MD5: b7b0016f93165ef54e59894e6b464106 C:\Archivos de programa\Mozilla Firefox\plugins\npqtplugin4.dll
<unsigned> MD5: b7b0016f93165ef54e59894e6b464106 C:\Archivos de programa\Mozilla Firefox\plugins\npqtplugin5.dll
<unsigned> MD5: b7b0016f93165ef54e59894e6b464106 C:\Archivos de programa\Mozilla Firefox\plugins\npqtplugin6.dll
<unsigned> MD5: b7b0016f93165ef54e59894e6b464106 C:\Archivos de programa\Mozilla Firefox\plugins\npqtplugin7.dll
<unsigned> MD5: 5b4e5d4d459f63fcb5ff4d17002d16c0 C:\Archivos de programa\Mozilla Firefox\softokn3.dll
<unsigned> MD5: 78546cd2eca6dd6bdcd4b13048621f88 C:\Archivos de programa\PC Connectivity Solution\ServiceLayer.exe
<unsigned> MD5: aaf9b4df67938753cb21808ea3574242 C:\Archivos de programa\TFE\npkcrypt.sys
<unsigned> MD5: 3c956a5513a53e2244f0773104fa6d8f C:\Archivos de programa\TFE\npkcusb.sys
<unsigned> MD5: 636a1a04d7033ded923fc151bd0219ae C:\Archivos de programa\TGTSoft\StyleXP\StyleXP.exe
<unsigned> MD5: 7e40b43922b2896f40a5930af7489c60 C:\Archivos de programa\TGTSoft\StyleXP\StyleXPHelper.exe
<unsigned> MD5: 4342b8aa3353862db5acef3edaa21ae3 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Aspnet_perf.dll
<unsigned> MD5: 50dc192e80eb75916a83c3191de6a522 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CORPerfMonExt.dll
<unsigned> MD5: 138216d15e9c64856dc1c04e2636dea6 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
<unsigned> MD5: ff686302948b92caa2358ebe27d3b96b C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\PerfCounter.dll
<unsigned> MD5: 32a783fe8d78db883368ca851e274dbe C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
<unsigned> MD5: 9e3f79b2b23f45f3e6dd5a4896d1893b C:\WINDOWS\system32\ASYCFILT.DLL
<unsigned> MD5: 58a8273918eef2bf9204b12ed171513a C:\WINDOWS\system32\drivers\AEGISP.sys
<unsigned> MD5: 6f41da43aa4806a7bdbb2f9a8b05023e C:\WINDOWS\system32\drivers\EIO.sys
<unsigned> MD5: 1a7715cb3c88281276b443a806c890d0 C:\WINDOWS\System32\drivers\fsdfw.sys
<unsigned> MD5: 647d40b7a2a3847a76a0de51c4ae43f6 C:\WINDOWS\system32\DRIVERS\ipfnd51.sys
<unsigned> MD5: 6f4d79ea861137ef2f9078e265c2aa83 C:\WINDOWS\system32\drivers\MKD2KFNT.sys
<unsigned> MD5: fe7925784f6801e983b41ec118ef62ac C:\WINDOWS\system32\drivers\Mkd2Nadr.sys
<unsigned> MD5: 03bba4dedefb48c510061529651b453a C:\WINDOWS\system32\drivers\NOCASHIO.sys
<unsigned> MD5: d8151977e2a20df13c3d30146fd4e542 C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
<unsigned> MD5: 5b6c11de7e839c05248ced8825470fef C:\WINDOWS\system32\drivers\PCOUFFIN.sys
<unsigned> MD5: 50f76665e381810f3aa86908b1b89e9b C:\WINDOWS\system32\drivers\PQNTDRV.sys
<unsigned> MD5: 88b63f291ae10c1b66d2b9ed6921a7df C:\WINDOWS\system32\DRIVERS\rtl8185.sys
<unsigned> MD5: 3d7ef286e806f9bd9339aa52e28dcd67 C:\WINDOWS\system32\drivers\SJYPKT.sys
<unsigned> MD5: cf0376023360aadd55c89ba50564afdc C:\WINDOWS\system32\mdimon.dll
<unsigned> MD5: d2d327d53eeba51f42c6b46932c0465d C:\WINDOWS\system32\mscoree.dll
<unsigned> MD5: 31fb4b337dd09bdf99429d7dbb5fdd48 C:\WINDOWS\system32\netfxperf.dll
<unsigned> MD5: ad28aff3f09d123edcaf5a4120713a80 C:\WINDOWS\system32\NvCpl.dll
<unsigned> MD5: a1de6200ee8eb2e11ee1c981341224c7 C:\WINDOWS\system32\nvmctray.dll
<unsigned> MD5: ce8cce2b9f96aca02e5ded4298a7796d C:\WINDOWS\system32\nvsvc32.exe
<unsigned> MD5: 549ea830a5d9edd9cd14311126c2849b C:\WINDOWS\system32\SetupNT.sys
<unsigned> MD5: 58e13a2292839321d3cdc918d5a4f5ae C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll


No file uploaded.

Scan finished - communication took 5 sec
Total traffic - 0.07 MB sent, 3.11 KB recvd
Scanned 1007 files and modules - 109 seconds

==============================================================================



OTL logfile created on: 2010-07-23 13:27:10 - Run 5
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Jesica\Escritorio
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00002C0A | Country: Argentina | Language: ESS | Date Format: yyyy-MM-dd

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 78.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 91.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Archivos de programa
Drive C: | 298.09 Gb Total Space | 64.47 Gb Free Space | 21.63% Space Free | Partition Type: NTFS
Drive D: | 4.37 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JESICA
Current User Name: Jesica
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010-07-20 13:36:26 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jesica\Escritorio\OTL.exe
PRC - [2010-02-18 11:43:18 | 000,248,040 | ---- | M] (Sun Microsystems, Inc.) -- C:\Archivos de programa\Archivos comunes\Java\Java Update\jusched.exe
PRC - [2010-02-18 01:59:45 | 000,470,785 | ---- | M] (Avira GmbH) -- c:\Archivos de programa\Avira\AntiVir Desktop\avcenter.exe
PRC - [2009-07-21 13:34:33 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Archivos de programa\Avira\AntiVir Desktop\avguard.exe
PRC - [2009-05-26 22:57:08 | 000,411,108 | ---- | M] (Old McDonald's Farm) -- C:\Archivos de programa\Autorun Eater\billy.exe
PRC - [2009-05-26 22:54:10 | 000,549,400 | ---- | M] (Old McDonald's Farm) -- C:\Archivos de programa\Autorun Eater\oldmcdonald.exe
PRC - [2009-05-13 15:48:22 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Archivos de programa\Avira\AntiVir Desktop\sched.exe
PRC - [2009-03-02 12:08:47 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Archivos de programa\Avira\AntiVir Desktop\avgnt.exe
PRC - [2007-06-13 10:22:28 | 001,035,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006-05-24 15:31:39 | 001,372,160 | ---- | M] () -- C:\Archivos de programa\TGTSoft\StyleXP\StyleXP.exe
PRC - [2003-06-19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7DEBUG\MDM.EXE


========== Modules (SafeList) ==========

MOD - [2010-07-20 13:36:26 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jesica\Escritorio\OTL.exe
MOD - [2006-08-25 12:46:26 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2004-08-03 18:01:18 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2009-07-21 13:34:33 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Archivos de programa\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009-05-13 15:48:22 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Archivos de programa\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2008-12-13 14:12:42 | 000,413,696 | ---- | M] (Ares Development Group) [On_Demand | Stopped] -- C:\Archivos de programa\Ares\chatServer.exe -- (AresChatServer)
SRV - [2008-09-15 00:34:33 | 000,072,704 | ---- | M] (Adobe Systems) [On_Demand | Stopped] -- C:\Archivos de programa\Archivos comunes\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)
SRV - [2007-10-25 15:27:54 | 000,266,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Archivos de programa\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc)
SRV - [2007-03-26 13:06:24 | 000,292,864 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Archivos de programa\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2005-04-04 00:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Archivos de programa\Archivos comunes\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2003-07-28 20:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Archivos de programa\Archivos comunes\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2003-06-19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- C:\george\catchme.sys -- (catchme)
DRV - [2010-07-22 15:28:59 | 000,004,096 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nocashio.sys -- (nocashio)
DRV - [2010-02-18 02:00:07 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009-10-13 05:50:00 | 000,133,632 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Mkd2kfNT.sys -- (Mkd2kfNt)
DRV - [2009-07-13 05:37:00 | 000,079,360 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Mkd2Nadr.sys -- (Mkd2Nadr)
DRV - [2009-06-10 18:33:00 | 008,087,712 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2009-05-11 09:12:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009-03-30 09:33:07 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2009-02-13 11:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Archivos de programa\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008-09-22 09:04:02 | 000,019,712 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Archivos de programa\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2008-09-22 09:04:02 | 000,018,304 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Archivos de programa\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2007-10-10 17:41:50 | 000,042,112 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motodrv.sys -- (MotDev)
DRV - [2007-06-18 15:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)
DRV - [2007-03-01 06:27:00 | 004,484,608 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006-10-19 02:12:16 | 000,012,664 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AsIO.sys -- (AsIO)
DRV - [2006-10-17 21:31:38 | 000,105,472 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata)
DRV - [2006-09-27 04:04:16 | 000,019,968 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006-09-27 04:04:12 | 000,057,856 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2006-07-01 22:43:02 | 000,043,520 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2005-10-31 18:44:39 | 000,010,880 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | System | Running] -- C:\Archivos de programa\TGTSoft\StyleXP\StyleXPHelper.exe -- (StyleXPHelper)
DRV - [2005-10-19 13:00:00 | 000,011,264 | R--- | M] (ASUSTeK Computer Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\EIO.sys -- (EIO)
DRV - [2005-04-06 11:30:16 | 000,026,752 | ---- | M] (ENCORE ELECTRONICS, INC. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ipfnd51.sys -- (ip100xp)
DRV - [2005-02-01 18:55:40 | 000,037,009 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Archivos de programa\TFE\npkcusb.sys -- (npkcusb)
DRV - [2005-02-01 18:55:40 | 000,021,442 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Archivos de programa\TFE\npkcrypt.sys -- (npkcrypt)
DRV - [2005-01-07 17:07:18 | 000,138,752 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
DRV - [2004-08-11 13:00:00 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2004-08-03 22:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Controlador de Windows NT del adaptador Fast Ethernet PCI basado en Realtek RTL8139(A/B/C)
DRV - [2004-08-03 22:07:56 | 000,059,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) Controlador de audio USB (WDM)
DRV - [2004-05-05 22:46:16 | 000,004,228 | ---- | M] (PowerQuest Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\PQNTDRV.sys -- (PQNTDrv)
DRV - [2001-11-07 01:00:00 | 000,166,504 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\webc3vid.sys -- (CTL511Plus) Video Blaster WebCam 3/WebCam Plus (WDM)
DRV - [2001-09-18 11:00:00 | 000,167,816 | ---- | M] (OmniVision Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\omcamvid.sys -- (OVT511Plus)
DRV - [2000-10-25 09:27:24 | 000,003,000 | R--- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\SetupNT.sys -- (SetupNT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.co...es&source=iglk"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.8.86
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Archivos de programa\Mozilla Firefox\components [2010-06-27 21:08:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Archivos de programa\Mozilla Firefox\plugins [2010-07-05 15:49:39 | 000,000,000 | ---D | M]

[2009-01-12 17:33:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jesica\Datos de programa\Mozilla\Extensions
[2010-07-21 14:17:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jesica\Datos de programa\Mozilla\Firefox\Profiles\4l29m2nj.default\extensions
[2009-09-14 22:00:51 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\Jesica\Datos de programa\Mozilla\Firefox\Profiles\4l29m2nj.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2009-09-06 17:29:46 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Jesica\Datos de programa\Mozilla\Firefox\Profiles\4l29m2nj.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009-01-12 21:29:21 | 000,001,504 | ---- | M] () -- C:\Documents and Settings\Jesica\Datos de programa\Mozilla\Firefox\Profiles\4l29m2nj.default\searchplugins\imdb.xml
[2009-01-12 21:36:10 | 000,000,887 | ---- | M] () -- C:\Documents and Settings\Jesica\Datos de programa\Mozilla\Firefox\Profiles\4l29m2nj.default\searchplugins\mininova.xml
[2010-07-21 14:17:27 | 000,000,000 | ---D | M] -- C:\Archivos de programa\Mozilla Firefox\extensions
[2010-06-27 21:29:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Archivos de programa\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010-06-27 21:28:50 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Archivos de programa\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010-07-23 13:08:44 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Archivos de programa\Archivos comunes\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Autorun Eater] C:\Archivos de programa\Autorun Eater\oldmcdonald.exe (Old McDonald's Farm)
O4 - HKLM..\Run: [avgnt] C:\Archivos de programa\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Archivos de programa\Archivos comunes\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [STYLEXP] C:\Archivos de programa\TGTSoft\StyleXP\StyleXP.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.co...sreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} http://messenger.zon...S.cab109791.cab ()
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} http://messenger.zon...wn.cab56986.cab (Solitaire Showdown Class)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zon...1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1229647118765 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1229647086796 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zon...er.cab56986.cab (Minesweeper Flags Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Archivos de programa\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Archivos de programa\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Archivos de programa\Archivos comunes\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Mi página de inicio actual) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Jesica\Configuración local\Datos de programa\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Jesica\Configuración local\Datos de programa\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008-09-08 19:23:59 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010-07-23 13:07:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010-07-21 18:58:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jesica\Escritorio\Nueva carpeta (2)
[2010-07-21 12:12:45 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asyncmac.sys
[2010-07-21 12:06:57 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010-07-21 11:55:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Datos de programa\Autorun Eater
[2010-07-21 11:49:04 | 000,000,000 | ---D | C] -- C:\Archivos de programa\Autorun Eater
[2010-07-20 20:13:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Datos de programa\FarmFrenzy3_Madagascar
[2010-07-20 20:11:13 | 000,000,000 | ---D | C] -- C:\Archivos de programa\Alawar
[2010-07-20 13:36:20 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jesica\Escritorio\OTL.exe
[2010-07-20 13:33:10 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010-07-20 13:33:10 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010-07-20 13:33:09 | 000,000,000 | ---D | C] -- C:\Archivos de programa\Malwarebytes' Anti-Malware
[2010-07-20 13:20:11 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2010-07-18 17:09:43 | 000,000,000 | ---D | C] -- C:\Archivos de programa\Personal Internet Movil
[2010-07-15 15:59:53 | 000,000,000 | ---D | C] -- C:\found.009
[2010-07-05 16:16:57 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Jesica\Mis documentos\My Web Sites
[2010-07-05 15:49:34 | 000,000,000 | ---D | C] -- C:\Archivos de programa\Archivos comunes\L&H
[2010-07-05 15:49:22 | 000,000,000 | ---D | C] -- C:\Archivos de programa\Microsoft Works
[2010-07-05 15:49:19 | 000,000,000 | ---D | C] -- C:\Archivos de programa\Microsoft Visual Studio
[2010-07-05 15:49:19 | 000,000,000 | ---D | C] -- C:\Archivos de programa\Microsoft ActiveSync
[2010-07-03 22:16:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jesica\Escritorio\Nueva carpeta (3)
[2010-06-27 21:29:19 | 000,000,000 | ---D | C] -- C:\Archivos de programa\Archivos comunes\Java
[2010-06-27 21:29:03 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010-06-27 21:29:03 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010-06-27 21:29:03 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010-06-27 21:29:03 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010-06-27 21:29:03 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010-06-27 17:52:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jesica\Escritorio\emblemas
[1 C:\Documents and Settings\Jesica\*.tmp files -> C:\Documents and Settings\Jesica\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010-07-23 13:13:43 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{08F50F74-2844-4602-B4B5-E00A36606543}.job
[2010-07-23 13:10:05 | 000,081,531 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010-07-23 13:09:56 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010-07-23 13:08:44 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010-07-23 13:08:38 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010-07-23 13:08:02 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010-07-23 13:08:01 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010-07-23 13:07:20 | 010,485,760 | ---- | M] () -- C:\Documents and Settings\Jesica\ntuser.dat
[2010-07-23 13:07:20 | 000,000,192 | -HS- | M] () -- C:\Documents and Settings\Jesica\ntuser.ini
[2010-07-23 12:52:09 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010-07-23 03:00:14 | 000,027,136 | ---- | M] () -- C:\Documents and Settings\Jesica\Configuración local\Datos de programa\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-07-22 15:28:59 | 000,004,096 | ---- | M] () -- C:\WINDOWS\System32\drivers\nocashio.sys
[2010-07-21 14:45:42 | 000,000,000 | RHS- | M] () -- C:\Documents and Settings\All Users\Documentos\khx
[2010-07-21 12:07:00 | 000,000,293 | RHS- | M] () -- C:\boot.ini
[2010-07-21 11:49:05 | 000,000,705 | ---- | M] () -- C:\Documents and Settings\All Users\Escritorio\Autorun Eater.lnk
[2010-07-21 03:21:34 | 003,739,613 | R--- | M] () -- C:\Documents and Settings\Jesica\Escritorio\george.exe
[2010-07-20 20:11:45 | 000,001,006 | ---- | M] () -- C:\Documents and Settings\Jesica\Escritorio\Farm Frenzy 3 Madagascar.lnk
[2010-07-20 19:16:05 | 000,000,126 | ---- | M] () -- C:\Documents and Settings\Jesica\default.pls
[2010-07-20 13:44:30 | 000,247,937 | ---- | M] () -- C:\Documents and Settings\Jesica\Escritorio\Dibujo.JPG
[2010-07-20 13:36:26 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jesica\Escritorio\OTL.exe
[2010-07-20 13:06:00 | 004,238,448 | -H-- | M] () -- C:\Documents and Settings\Jesica\Configuración local\Datos de programa\IconCache.db
[2010-07-18 17:12:16 | 000,452,990 | ---- | M] () -- C:\WINDOWS\System32\perfh00A.dat
[2010-07-18 17:12:16 | 000,392,296 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010-07-18 17:12:16 | 000,076,352 | ---- | M] () -- C:\WINDOWS\System32\perfc00A.dat
[2010-07-18 17:12:16 | 000,058,596 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010-07-07 09:31:42 | 000,514,560 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010-07-05 16:16:50 | 000,143,192 | ---- | M] () -- C:\Documents and Settings\Jesica\Configuración local\Datos de programa\GDIPFONTCACHEV1.DAT
[2010-07-05 15:50:13 | 000,000,379 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2010-07-01 23:59:04 | 000,104,569 | ---- | M] () -- C:\Documents and Settings\Jesica\Escritorio\2do_parcial.rar
[2010-06-27 21:32:08 | 000,001,695 | ---- | M] () -- C:\Documents and Settings\Jesica\Escritorio\Update Checker.lnk
[2010-06-27 21:28:50 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010-06-27 21:28:50 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010-06-27 21:28:50 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010-06-27 21:28:50 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010-06-27 21:28:50 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[1 C:\Documents and Settings\Jesica\*.tmp files -> C:\Documents and Settings\Jesica\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010-07-22 15:28:59 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\drivers\nocashio.sys
[2010-07-21 14:45:42 | 000,000,000 | RHS- | C] () -- C:\Documents and Settings\All Users\Documentos\khx
[2010-07-21 14:45:07 | 000,591,454 | ---- | C] () -- C:\Documents and Settings\All Users\Documentos\tygcyw.exe
[2010-07-21 11:49:05 | 000,000,705 | ---- | C] () -- C:\Documents and Settings\All Users\Escritorio\Autorun Eater.lnk
[2010-07-21 03:21:28 | 003,739,613 | R--- | C] () -- C:\Documents and Settings\Jesica\Escritorio\george.exe
[2010-07-20 20:11:45 | 000,001,006 | ---- | C] () -- C:\Documents and Settings\Jesica\Escritorio\Farm Frenzy 3 Madagascar.lnk
[2010-07-20 13:44:30 | 000,247,937 | ---- | C] () -- C:\Documents and Settings\Jesica\Escritorio\Dibujo.JPG
[2010-07-20 13:34:07 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Jesica\Escritorio\gmer.exe
[2010-07-11 09:02:13 | 010,485,760 | ---- | C] () -- C:\Documents and Settings\Jesica\ntuser.dat
[2010-07-01 23:59:03 | 000,104,569 | ---- | C] () -- C:\Documents and Settings\Jesica\Escritorio\2do_parcial.rar
[2010-05-27 16:44:17 | 000,000,172 | ---- | C] () -- C:\WINDOWS\7THLEVEL.INI
[2010-04-30 20:28:41 | 000,000,210 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010-03-18 20:48:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Mapper.INI
[2009-12-22 17:31:08 | 000,000,031 | ---- | C] () -- C:\WINDOWS\warhead.ini
[2009-11-21 05:06:59 | 001,216,512 | ---- | C] () -- C:\WINDOWS\System32\cfgmig32.dll
[2009-11-21 05:06:59 | 001,155,072 | ---- | C] () -- C:\WINDOWS\System32\winsflt.dll
[2009-11-20 17:21:05 | 000,000,176 | ---- | C] () -- C:\WINDOWS\ImageExplorer.INI
[2009-11-20 17:11:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\WinPM.INI
[2009-11-20 16:33:29 | 003,870,720 | ---- | C] () -- C:\WINDOWS\System32\qt-mt323.dll
[2009-10-11 01:23:17 | 000,000,030 | ---- | C] () -- C:\WINDOWS\Monitor.INI
[2009-10-06 14:59:07 | 001,970,176 | ---- | C] () -- C:\WINDOWS\System32\d3dx9.dll
[2009-08-06 00:16:00 | 000,162,304 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar36.dll
[2009-08-06 00:16:00 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\UNRAR3.dll
[2009-08-06 00:16:00 | 000,077,312 | ---- | C] () -- C:\WINDOWS\System32\ztvunace26.dll
[2009-08-06 00:16:00 | 000,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll
[2009-06-10 08:29:34 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2009-06-10 08:29:34 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2009-06-10 08:29:34 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2009-06-10 08:29:32 | 001,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2009-04-08 20:03:34 | 000,002,925 | ---- | C] () -- C:\WINDOWS\SubCreator.INI
[2009-03-04 18:28:24 | 000,014,211 | ---- | C] () -- C:\WINDOWS\twacker.ini
[2008-12-30 16:02:28 | 000,000,050 | ---- | C] () -- C:\WINDOWS\MegaManager.INI
[2008-12-28 17:22:48 | 000,000,250 | ---- | C] () -- C:\WINDOWS\gmer.ini
[2008-12-28 17:22:46 | 000,884,736 | ---- | C] () -- C:\WINDOWS\gmer.dll
[2008-12-09 23:08:21 | 000,000,230 | ---- | C] () -- C:\WINDOWS\EntPack.ini
[2008-11-23 16:14:29 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\AsIO.dll
[2008-11-23 16:14:29 | 000,012,664 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsIO.sys
[2008-11-23 16:14:26 | 000,012,096 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp64.sys
[2008-11-23 16:14:26 | 000,010,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp32.sys
[2008-10-10 21:39:14 | 000,002,245 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008-10-10 20:38:09 | 000,000,104 | ---- | C] () -- C:\WINDOWS\System32\ProxySettings.ini
[2008-10-10 20:38:08 | 000,000,124 | ---- | C] () -- C:\WINDOWS\System32\SDEarlyDelete.ini
[2008-09-09 03:14:37 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008-09-09 01:06:49 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008-09-09 01:06:49 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008-09-09 01:06:49 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008-09-09 01:06:48 | 000,005,120 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008-09-09 01:06:48 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2008-09-09 00:40:23 | 000,003,000 | R--- | C] () -- C:\WINDOWS\System32\SetupNT.sys
[2008-09-08 23:42:39 | 000,000,379 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008-09-08 19:30:10 | 000,014,731 | ---- | C] () -- C:\WINDOWS\Ascd_log.ini
[2008-09-08 19:29:51 | 000,014,693 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2008-09-08 19:29:51 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2008-09-08 19:29:43 | 000,010,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2006-10-30 19:35:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006-10-30 19:35:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2001-09-18 11:00:00 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\bmpproc.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Datos de programa\TEMP:D1E22E44
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Datos de programa\TEMP:931BB48A
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Datos de programa\TEMP:CB0AACC9
< End of report >
  • 0

#6
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,709 posts
  • MVP
Logs look pretty clean now. Are you still having problems?

Ron
  • 0

#7
usa_akagi

usa_akagi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 61 posts
well...everything seems right...but for some reason y cant open .torrent documents... and i cant choose utorrent in the list....it might be related or...not
  • 0

#8
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,709 posts
  • MVP
We need to clean up System Restore. Follow Jim's procedure here:
http://forum.aumha.o...581099691bf108f


You can uninstall or delete any tools we had you download and their logs.
To uninstall combofix, copy the next line:

"%userprofile%\Desktop\george.exe" /Uninstall

Start, Run, cmd, OK then right click, Paste, then hit Enter.

To hide hidden files again:

XP

# Close all programs so that you are at your desktop.
# Double-click on the My Computer icon.
# Select the Tools menu and click Folder Options.
# After the new window appears select the View tab.
# Uncheck the checkbox labeled Display the contents of system folders.
# Under the Hidden files and folders section select the 'Hide protected operating system files (recommended)' option.
# Check the checkbox labeled Hide protected operating system files.
# Press the Apply button and then the OK button and shutdown My Computer.

You only have XP SP2. Support for SP2 has ended so in order to get the latest security patches you need to update to SP3.

Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat. Adobe is fond of foisting GetPlus on you. You can let them install it and then afterwards, go into Control Panel, Add/Remove Software and remove it. It probably doesn't hurt to leave it but I don't see the need for it and it has caused problems in the past.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program. It's the same for Foxit reader except you uncheck Enable Javascript Actions.

I recommend you install the free WinPatrol 2010 from http://www.winpatrol.com/download.html

It's a small program that will sit in your systray and warn you if something tries to make changes to your system.

If you use USB drives you might want to install Autorun Eater v2.4.
http://oldmcdonald.w...orun-eater-v24/
Another small program which will stay resident and prevent an infected USB drive from infecting your PC.

If you use Firefox then get the AdBlock Plus Add-on. WOT (Web of Trust) and No Script are two others you might want to try.

If Firefox is slow loading make sure it only has the current Java add-on. Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox. It seems to work best if you reboot right after running it. You can run it any time that Firefox seems slow.

Be warned: If you use Limewire, utorrent or any of the other P2P programs you will almost certain be coming back to the Malware Removal forum. If you must use P2P then submit any files you get to http://virustotal.com before you open them. (That being said you probably need to uninstall utorrent and reinstall it.)

If you install the MVP Hosts file:
http://www.mvps.org/...p2002/hosts.htm
it will keep you from going to most bad sites. You do not need Spybot's Immunize which does the same thing.

If you have a router, log on to it today and change the default password!

Ron
  • 0

#9
usa_akagi

usa_akagi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 61 posts
Today, a warning appeared, i heard it but avira closed the window bere y could do anything, something about 2gen something.....
Edit: Now i can't use another program, BSPlayer. It's not that i must use torrent... but i dont go downloading every single peace of suspisous crap i find... i never download software and i even use notepad if i HAVE TO open those .nfo files...

Edited by usa_akagi, 24 July 2010 - 04:23 PM.

  • 0

#10
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,709 posts
  • MVP
Avira keeps a log somewhere - think it's called: tool_en.log, but it sounds like Avira may have gotten a false positive on your BSPlayer. Try reinstalling it and see if Avira attacks it again.

Ron
  • 0

#11
usa_akagi

usa_akagi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 61 posts
I couldn't find the log, but i took a screen of a warning. This appear after i conected my cam to download some images.
01.JPG
  • 0

#12
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,709 posts
  • MVP
It is saying that the device you plugged into E:\ is infected. I would let it delete it.

Ron
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP