Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Multiple issues after Windows XP Recovery trojan

Started by orangutan , Jul 16 2011 01:55 PM

  • This topic is locked This topic is locked

#1
orangutan
Posted 16 July 2011 - 01:55 PM

orangutan

    Member

  • Member
  • PipPip
  • 20 posts
Hi folks. This kind of forum is new to me, but I'll give it a go and I'm grateful for any input.

A few weeks ago I played host to an "XP Recovery Console" type trojan, which it seems came free along with a streaming-video download tool. Since then I have had many issues. I googled everything like crazy, ran a lot of anti-spyware tools and now have basic functionality but the main ongoing problems are:

Google and yahoo search-engine hijack.

"Windows Explorer has encountered an error and has to close" immediately on signing in. If I ignore the window everything seems fine. Only if I respond to it does the system freeze.

"Generic Processes for Windows 32" error after five minutes. Again I ignore the warning. I used to get a "NT Authority will shut down in 60 seconds" message here, but after googling I altered the settings so the system does not restart when this happens.

Occasional random blue-screen with error message and shut-down.

Unable to use Acer Erecovery from the partition on the hard disk. I bought the Acer Aspire travelling in Chile, and did not make recovery disks. Acer UK want 51 quid for a recovery disk. I have ordered an optical drive which should arrive in a few days, and I will see if I can create a disk from Erecovery, something I haven't tried yet. Immediately on start-up Erecovery gives a different response from after the five-minute window mentioned above in connection with the NT Authority issue.

Recent anti-virus and anti-spyware scans bring up nothing.

Any help is welcome. If I manage to restore to factory settings it may not be necessary, but I will not pay what Acer is asking, and I have tried everything to coax Erecovery to work without success.
  • 0

Advertisements

#2
ali.B
Posted 16 July 2011 - 02:03 PM

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
hi :)

Before we begin, I would like to make a few things clear so that we can fix your problem as efficiently as possible:
  • Be sure to follow all my instructions carefully! If there is anything you don''t understand, don't hesitate to ask.
  • Please do not do anything or perform other steps unless I have asked you to do so.
  • Please make sure you post all logs I ask you to, and make sure that the entire log gets posted.


Step 1

Download aswMBR.exe ( 1.8mb ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image

Step 2

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in

    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    %systemroot%\*. /mp /s
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    CREATERESTOREPOINT

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs

Things I would like to see in your reply:
  • aswMBR log
  • OTL.txt and Extras.txt

  • 0

#3
orangutan
Posted 16 July 2011 - 05:45 PM

orangutan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Many thanks for the response. Here are the files you requested:

(1)aswMBR.txt

aswMBR version 0.9.7.753 Copyright© 2011 AVAST Software
Run date: 2011-07-16 21:35:23
-----------------------------
21:35:23.328 OS Version: Windows 5.1.2600 Service Pack 3
21:35:23.328 Number of processors: 2 586 0x1C02
21:35:23.359 ComputerName: ACER-074AC68100 UserName: User
21:35:25.078 Initialize success
21:38:25.890 AVAST engine defs: 11071601
21:38:36.484 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
21:38:36.500 Disk 0 Vendor: WDC_WD16 11.0 Size: 152627MB BusType: 3
21:38:36.515 Disk 0 MBR read successfully
21:38:36.531 Disk 0 MBR scan
21:38:37.062 Disk 0 MBR:Alureon-I [Rtk]
21:38:37.078 Disk 0 TDL4@MBR code has been found
21:38:37.078 Disk 0 MBR hidden
21:38:37.093 Disk 0 MBR [TDL4] **ROOTKIT**
21:38:37.093 Disk 0 trace - called modules:
21:38:37.109 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8733de7a]<<
21:38:37.109 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8737a030]
21:38:37.125 3 CLASSPNP.SYS[f783dfd7] -> nt!IofCallDriver -> \Device\0000006a[0x8731b910]
21:38:37.125 5 ACPI.sys[f77b3620] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x8737b030]
21:38:37.171 \Driver\iaStor[0x8737eb90] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0x8733de7a
21:38:38.296 AVAST engine scan C:\WINDOWS
22:07:57.015 AVAST engine scan C:\Documents and Settings\User
22:30:58.250 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\User\Escritorio\MBR.dat"
22:30:58.265 The log file has been saved successfully to "C:\Documents and Settings\User\Escritorio\aswMBR.txt"


aswMBR version 0.9.7.753 Copyright© 2011 AVAST Software
Run date: 2011-07-16 22:35:29
-----------------------------
22:35:29.546 OS Version: Windows 5.1.2600 Service Pack 3
22:35:29.546 Number of processors: 2 586 0x1C02
22:35:29.546 ComputerName: ACER-074AC68100 UserName: User
22:35:30.343 Initialize success
22:35:39.953 AVAST engine defs: 11071601
22:35:43.250 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
22:35:43.250 Disk 0 Vendor: WDC_WD16 11.0 Size: 152627MB BusType: 3
22:35:43.328 Disk 0 MBR read successfully
22:35:43.328 Disk 0 MBR scan
22:35:43.625 Disk 0 MBR:Alureon-I [Rtk]
22:35:43.640 Disk 0 TDL4@MBR code has been found
22:35:43.640 Disk 0 MBR hidden
22:35:43.656 Disk 0 MBR [TDL4] **ROOTKIT**
22:35:43.656 Disk 0 trace - called modules:
22:35:43.671 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8733de7a]<<
22:35:43.671 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8737a030]
22:35:43.687 3 CLASSPNP.SYS[f783dfd7] -> nt!IofCallDriver -> \Device\0000006a[0x8731b910]
22:35:43.687 5 ACPI.sys[f77b3620] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x8737b030]
22:35:43.703 \Driver\iaStor[0x8737eb90] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0x8733de7a
22:35:44.468 AVAST engine scan C:\WINDOWS
23:05:01.578 AVAST engine scan C:\Documents and Settings\User
23:47:54.890 AVAST engine scan C:\Documents and Settings\All Users
23:48:11.750 Scan finished successfully
23:49:41.953 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\User\Escritorio\MBR.dat"
23:49:42.015 The log file has been saved successfully to "C:\Documents and Settings\User\Escritorio\aswMBR.txt"

(2)OTL.txt

OTL logfile created on: 17/07/2011 00:19:10 - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\User\Escritorio
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000809 | Country: Reino Unido | Language: ENG | Date Format: dd/MM/yyyy

1013.88 Mb Total Physical Memory | 426.76 Mb Available Physical Memory | 42.09% Memory free
2.38 Gb Paging File | 1.92 Gb Available in Paging File | 80.71% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Archivos de programa
Drive C: | 142.05 Gb Total Space | 35.17 Gb Free Space | 24.76% Space Free | Partition Type: NTFS

Computer Name: ACER-074AC68100 | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/16 23:50:23 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Escritorio\OTL.scr
PRC - [2011/07/14 01:39:13 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Archivos de programa\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/06/24 22:27:01 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Archivos de programa\Mozilla Firefox\firefox.exe
PRC - [2011/03/28 16:15:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Archivos de programa\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011/03/28 16:15:40 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Archivos de programa\Avira\AntiVir Desktop\sched.exe
PRC - [2011/03/28 16:15:29 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Archivos de programa\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/02/02 02:55:06 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Archivos de programa\OpenOffice.org 3\program\soffice.bin
PRC - [2010/02/02 02:55:04 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Archivos de programa\OpenOffice.org 3\program\soffice.exe
PRC - [2009/02/11 15:46:28 | 000,565,248 | ---- | M] (Acer Incorporated) -- C:\Archivos de programa\Acer\Acer VCM\AcerVCM.exe
PRC - [2009/02/05 08:14:56 | 000,237,568 | ---- | M] (Acer Incorporated) -- C:\Archivos de programa\Acer\Acer VCM\RS_Service.exe
PRC - [2008/12/30 08:09:54 | 000,875,016 | ---- | M] (Dritek System Inc.) -- C:\Archivos de programa\Launch Manager\LManager.exe
PRC - [2008/07/03 14:58:22 | 000,094,208 | ---- | M] (sonix) -- C:\WINDOWS\PLFSetL.exe
PRC - [2008/04/15 17:54:42 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Archivos de programa\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/04/15 17:54:40 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Archivos de programa\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008/04/14 13:00:00 | 001,036,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/14 13:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dwwin.exe


========== Modules (SafeList) ==========

MOD - [2011/07/16 23:50:23 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Escritorio\OTL.scr
MOD - [2010/08/23 17:12:00 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/07/14 01:39:13 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Archivos de programa\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/03/28 16:15:40 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Archivos de programa\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009/02/05 08:14:56 | 000,237,568 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Archivos de programa\Acer\Acer VCM\RS_Service.exe -- (RS_Service)
SRV - [2008/11/04 05:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Archivos de programa\Archivos comunes\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008/04/15 17:54:42 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Archivos de programa\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2007/11/06 21:22:26 | 000,092,792 | ---- | M] (CACE Technologies) [On_Demand | Stopped] -- C:\Archivos de programa\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2006/10/26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Archivos de programa\Archivos comunes\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


========== Driver Services (SafeList) ==========

DRV - [2011/07/14 01:39:14 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/07/14 01:39:14 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/06/17 15:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/06/17 15:27:12 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Archivos de programa\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009/05/06 17:15:38 | 001,759,744 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2009/03/02 06:03:46 | 000,038,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l1c51x86.sys -- (L1c)
DRV - [2009/02/25 19:17:52 | 001,344,224 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416)
DRV - [2009/02/24 09:49:44 | 005,032,448 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009/02/03 07:42:30 | 000,162,816 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2008/08/05 13:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2008/04/14 13:00:00 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2007/11/06 21:22:06 | 000,034,064 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2006/11/02 14:27:36 | 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System | Running] -- C:\Archivos de programa\Launch Manager\DPortIO.sys -- (DritekPortIO)
DRV - [2006/01/04 08:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer...09&m=aspire_one
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...09&m=aspire_one


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-572454927-955046455-3802400216-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer...09&m=aspire_one
IE - HKU\S-1-5-21-572454927-955046455-3802400216-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-572454927-955046455-3802400216-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.co.uk/
IE - HKU\S-1-5-21-572454927-955046455-3802400216-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Archivos de programa\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Archivos de programa\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: C:\Archivos de programa\Real\RealPlayer\Netscape6\nppl3260.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: C:\Archivos de programa\Real\RealPlayer\Netscape6\nprjplug.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.652: C:\Documents and Settings\All Users\Datos de programa\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.652: C:\Documents and Settings\All Users\Datos de programa\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: C:\Archivos de programa\Real\RealPlayer\Netscape6\nprpjplug.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Archivos de programa\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Archivos de programa\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Archivos de programa\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Datos de programa\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Archivos de programa\Mozilla Firefox\components [2011/06/24 22:27:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Archivos de programa\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\FireFox\Extensions\\[email protected]: C:\Archivos de programa\SaveTubeVideo.com\SaveTubeVideo\FF

[2011/06/09 23:27:04 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Datos de programa\Mozilla\Extensions
[2011/06/08 13:57:00 | 000,000,000 | ---D | M] (No name found) -- C:\Archivos de programa\Mozilla Firefox\extensions
File not found (No name found) --
[2010/04/02 13:55:18 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\ARCHIVOS DE PROGRAMA\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2009/09/30 11:48:44 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/06/24 22:27:02 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Archivos de programa\mozilla firefox\components\browsercomps.dll
[2010/01/01 09:00:00 | 000,001,538 | ---- | M] () -- C:\Archivos de programa\mozilla firefox\searchplugins\amazon-en-GB.xml
[2010/01/01 09:00:00 | 000,002,252 | ---- | M] () -- C:\Archivos de programa\mozilla firefox\searchplugins\bing.xml
[2010/01/01 09:00:00 | 000,000,947 | ---- | M] () -- C:\Archivos de programa\mozilla firefox\searchplugins\chambers-en-GB.xml
[2010/01/01 09:00:00 | 000,001,180 | ---- | M] () -- C:\Archivos de programa\mozilla firefox\searchplugins\eBay-en-GB.xml
[2010/01/01 09:00:00 | 000,001,135 | ---- | M] () -- C:\Archivos de programa\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2008/04/14 13:00:00 | 000,000,792 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Archivos de programa\Archivos comunes\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe ARM] C:\Archivos de programa\Archivos comunes\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avgnt] C:\Archivos de programa\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [AzMixerSel] C:\Archivos de programa\Realtek\Audio\Drivers\AzMixerSel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [IAAnotif] C:\Archivos de programa\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [LManager] C:\Archivos de programa\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PLFSetL] C:\WINDOWS\PLFSetL.exe (sonix)
O4 - HKLM..\Run: [snp2uvc] C:\WINDOWS\System32\csnp2uvc.dll ( )
O4 - HKLM..\Run: [SunJavaUpdateSched] File not found
O4 - HKLM..\Run: [TkBellExe] File not found
O4 - Startup: C:\Documents and Settings\All Users\Menú Inicio\Programas\Inicio\Acer VCM.lnk = C:\Archivos de programa\Acer\Acer VCM\AcerVCM.exe (Acer Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Menú Inicio\Programas\Inicio\Adobe Gamma Loader.lnk = C:\Archivos de programa\Archivos comunes\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\User\Menú Inicio\Programas\Inicio\OpenOffice.org 3.2.lnk = C:\Archivos de programa\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-572454927-955046455-3802400216-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.micr...78f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0014-0002-0018-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_18)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Archivos de programa\Acer\Acer VCM\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\ARCHIV~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Archivos de programa\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Mi página de inicio actual) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\User\Configuración local\Datos de programa\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\User\Configuración local\Datos de programa\Microsoft\Wallpaper1.bmp
O32 - Unable to read "AutoRun" value or value not present!
O32 - AutoRun File - [2009/03/12 12:49:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/07/16 23:50:21 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\User\Escritorio\OTL.scr
[2011/07/16 22:34:14 | 001,906,176 | ---- | C] (AVAST Software) -- C:\Documents and Settings\User\Escritorio\aswMBR.exe
[2011/07/16 02:11:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Escritorio\Confessionals from medicine ... and Scrabble_files
[2011/07/15 01:01:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Escritorio\dualcitizen_files
[2011/07/15 00:53:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Escritorio\39449_files
[2011/07/14 16:09:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Escritorio\RECENT STUFF
[2011/07/12 00:33:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Escritorio\QUACKLED GAMES
[2011/07/12 00:30:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Mis documentos\Stuff off desktop
[2011/07/12 00:28:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Mis documentos\STUFF
[2011/07/12 00:26:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Mis documentos\Stuff off old memory stick
[2011/07/12 00:12:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Mis documentos\NEWER STUFF
[2011/07/11 23:50:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Mis documentos\APPLICATIONS
[2011/07/11 23:34:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Mis documentos\Lake District stuff
[2011/07/11 23:33:42 | 000,000,000 | R--D | C] -- C:\Documents and Settings\User\Escritorio\SCRABBLE
[2011/07/11 23:15:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Mis documentos\sbmiso
[2011/07/11 22:13:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Mis documentos\Susana Spears video
[2011/07/11 22:12:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Mis documentos\My documents
[2011/06/19 02:08:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Configuración local\Datos de programa\PCHealth
[2011/06/18 15:47:00 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/06/18 15:46:30 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2011/06/18 15:36:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Datos de programa\TEMP
[2011/06/18 15:36:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menú Inicio\Programas\SpywareBlaster
[2011/06/18 15:36:43 | 000,000,000 | ---D | C] -- C:\Archivos de programa\SpywareBlaster
[2011/06/17 21:07:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menú Inicio\Programas\Zyzzyva 2.1.4
[2009/07/05 19:37:06 | 000,196,608 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp2uvc.dll
[2009/07/05 19:37:03 | 000,225,280 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnp2uvc.dll
[2009/03/12 05:34:20 | 000,049,152 | ---- | C] ( ) -- C:\WINDOWS\Interop.IWshRuntimeLibrary.dll
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\User\Configuración local\Datos de programa\*.tmp files -> C:\Documents and Settings\User\Configuración local\Datos de programa\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/17 00:27:01 | 000,001,098 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/17 00:17:02 | 000,001,094 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/17 00:17:00 | 000,000,290 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-572454927-955046455-3802400216-1005.job
[2011/07/17 00:16:27 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/07/16 23:50:23 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Escritorio\OTL.scr
[2011/07/16 23:49:41 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\User\Escritorio\MBR.dat
[2011/07/16 22:35:02 | 001,906,176 | ---- | M] (AVAST Software) -- C:\Documents and Settings\User\Escritorio\aswMBR.exe
[2011/07/16 19:32:50 | 000,000,015 | ---- | M] () -- C:\WINDOWS\System32\package.lst
[2011/07/16 18:29:30 | 000,000,937 | ---- | M] () -- C:\Documents and Settings\User\Escritorio\d to 500.lxp
[2011/07/16 13:47:45 | 000,006,242 | ---- | M] () -- C:\Documents and Settings\User\Escritorio\current bonus.lxp
[2011/07/16 03:25:16 | 000,061,440 | ---- | M] () -- C:\Documents and Settings\User\Configuración local\Datos de programa\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/16 02:12:00 | 000,094,051 | ---- | M] () -- C:\Documents and Settings\User\Escritorio\Confessionals from medicine ... and Scrabble.htm
[2011/07/15 01:01:16 | 000,106,442 | ---- | M] () -- C:\Documents and Settings\User\Escritorio\dualcitizen.html
[2011/07/15 00:53:30 | 000,146,607 | ---- | M] () -- C:\Documents and Settings\User\Escritorio\39449.htm
[2011/07/14 16:24:39 | 000,000,765 | ---- | M] () -- C:\Documents and Settings\User\Escritorio\zyzzyva.lnk
[2011/07/14 03:18:41 | 000,000,851 | ---- | M] () -- C:\Documents and Settings\User\Escritorio\anaHack2025.lnk
[2011/07/14 01:39:14 | 000,138,192 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2011/07/14 01:39:14 | 000,066,616 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2011/07/13 22:04:00 | 000,000,298 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-572454927-955046455-3802400216-1005.job
[2011/07/13 19:07:23 | 000,279,744 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/07/13 18:52:15 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/07/13 17:33:32 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\User\Escritorio\Quackle.lnk
[2011/07/10 18:02:59 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/06/20 22:36:10 | 000,499,736 | ---- | M] () -- C:\WINDOWS\System32\perfh00A.dat
[2011/06/20 22:36:10 | 000,436,044 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/06/20 22:36:10 | 000,088,282 | ---- | M] () -- C:\WINDOWS\System32\perfc00A.dat
[2011/06/20 22:36:10 | 000,069,754 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\User\Configuración local\Datos de programa\*.tmp files -> C:\Documents and Settings\User\Configuración local\Datos de programa\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/16 23:49:41 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\User\Escritorio\MBR.dat
[2011/07/16 13:48:54 | 000,000,937 | ---- | C] () -- C:\Documents and Settings\User\Escritorio\d to 500.lxp
[2011/07/16 02:11:57 | 000,094,051 | ---- | C] () -- C:\Documents and Settings\User\Escritorio\Confessionals from medicine ... and Scrabble.htm
[2011/07/15 01:01:15 | 000,106,442 | ---- | C] () -- C:\Documents and Settings\User\Escritorio\dualcitizen.html
[2011/07/15 00:53:20 | 000,146,607 | ---- | C] () -- C:\Documents and Settings\User\Escritorio\39449.htm
[2011/07/14 16:24:13 | 000,000,765 | ---- | C] () -- C:\Documents and Settings\User\Escritorio\zyzzyva.lnk
[2011/07/14 03:18:24 | 000,000,851 | ---- | C] () -- C:\Documents and Settings\User\Escritorio\anaHack2025.lnk
[2011/07/13 17:32:45 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\User\Escritorio\Quackle.lnk
[2011/07/13 01:19:24 | 000,006,242 | ---- | C] () -- C:\Documents and Settings\User\Escritorio\current bonus.lxp
[2011/06/08 13:57:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/06/03 23:47:44 | 000,000,152 | ---- | C] () -- C:\Documents and Settings\All Users\Datos de programa\~16703268r
[2011/06/03 23:47:44 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\All Users\Datos de programa\~16703268
[2011/06/03 23:47:36 | 000,000,336 | ---- | C] () -- C:\Documents and Settings\All Users\Datos de programa\16703268
[2010/06/12 04:48:44 | 000,070,009 | ---- | C] () -- C:\Documents and Settings\User\Datos de programa\QD info.ini
[2010/04/12 01:13:22 | 000,018,432 | ---- | C] () -- C:\WINDOWS\ss3unstl.exe
[2010/03/27 00:24:49 | 000,000,007 | ---- | C] () -- C:\WINDOWS\treeskp.sys
[2010/03/11 05:29:18 | 000,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/11/23 04:26:45 | 000,075,264 | ---- | C] () -- C:\WINDOWS\System32\ztvunacev2.dll
[2009/11/23 04:26:44 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\7-zip32.dll
[2009/11/23 04:26:44 | 000,156,160 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar3.dll
[2009/10/01 02:43:59 | 000,061,440 | ---- | C] () -- C:\Documents and Settings\User\Configuración local\Datos de programa\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/30 04:08:31 | 000,000,007 | ---- | C] () -- C:\WINDOWS\sbacknt.bin
[2009/09/29 06:02:29 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2009/07/05 19:37:06 | 001,759,744 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2uvc.sys
[2009/07/05 19:37:06 | 000,028,544 | ---- | C] () -- C:\WINDOWS\System32\drivers\sncduvc.sys
[2009/07/05 19:37:06 | 000,000,323 | ---- | C] () -- C:\WINDOWS\PidList.ini
[2009/03/12 14:31:01 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/03/12 13:40:21 | 000,090,772 | ---- | C] () -- C:\WINDOWS\System32\drivers\RtConvEQ.DAT
[2009/03/12 13:40:21 | 000,000,536 | ---- | C] () -- C:\WINDOWS\System32\drivers\RtHdatEx.dat
[2009/03/12 13:40:21 | 000,000,520 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTEQEX2.dat
[2009/03/12 13:40:21 | 000,000,520 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTEQEX1.dat
[2009/03/12 13:40:21 | 000,000,520 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTEQEX0.dat
[2009/03/12 13:40:21 | 000,000,164 | ---- | C] () -- C:\WINDOWS\System32\drivers\SamSfPa.dat
[2009/03/12 13:40:21 | 000,000,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\rtkhdaud.dat
[2009/03/12 13:39:25 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2009/03/12 12:52:30 | 000,032,768 | ---- | C] () -- C:\WINDOWS\AMove.exe
[2009/03/12 12:52:30 | 000,006,782 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2009/03/12 12:51:36 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/03/12 12:47:46 | 000,021,900 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/03/12 12:47:00 | 000,003,656 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2009/03/12 12:44:52 | 000,004,205 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/03/12 12:44:10 | 000,279,744 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/03/12 05:34:20 | 000,020,480 | ---- | C] () -- C:\WINDOWS\LauncheRyDiscCalc.exe
[2009/03/12 05:34:12 | 000,499,736 | ---- | C] () -- C:\WINDOWS\System32\perfh00A.dat
[2009/03/12 05:34:12 | 000,317,534 | ---- | C] () -- C:\WINDOWS\System32\perfi00A.dat
[2009/03/12 05:34:12 | 000,088,282 | ---- | C] () -- C:\WINDOWS\System32\perfc00A.dat
[2009/03/12 05:34:12 | 000,036,284 | ---- | C] () -- C:\WINDOWS\System32\perfd00A.dat
[2009/03/12 05:34:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2009/03/12 05:33:58 | 000,436,044 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2009/03/12 05:33:58 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2009/03/12 05:33:58 | 000,069,754 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2009/03/12 05:33:58 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2009/03/12 05:33:57 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2009/03/12 05:33:57 | 000,004,524 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2009/03/12 05:33:56 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2009/03/12 05:33:53 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2009/03/12 05:33:53 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2009/03/12 05:33:47 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2009/03/12 05:33:45 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2007/11/06 21:19:28 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll

========== LOP Check ==========

[2009/03/12 14:16:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Datos de programa\Acer
[2009/07/05 19:38:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Datos de programa\Acer GameZone Console
[2009/03/12 14:12:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Datos de programa\Super-Cow
[2009/07/05 19:38:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\Acer GameZone Console
[2009/03/12 14:15:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\eSobi
[2011/06/08 17:08:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\Hitman Pro
[2011/06/18 15:36:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\TEMP
[2011/06/09 23:27:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\Transparent
[2011/06/09 23:35:18 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Datos de programa\{7D4B3D1D-104E-4507-9123-568BC721B7E2}
[2009/03/12 14:16:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Datos de programa\Acer
[2009/07/05 19:38:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Datos de programa\Acer GameZone Console
[2009/03/12 14:12:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Datos de programa\Super-Cow
[2009/03/12 14:16:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Invitado\Datos de programa\Acer
[2009/07/05 19:38:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Invitado\Datos de programa\Acer GameZone Console
[2010/03/11 12:47:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Invitado\Datos de programa\Search Settings
[2009/03/12 14:12:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Invitado\Datos de programa\Super-Cow
[2010/03/11 12:48:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Invitado\Datos de programa\YouTube Downloader
[2009/03/12 14:16:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Limited\Datos de programa\Acer
[2009/07/05 19:38:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Limited\Datos de programa\Acer GameZone Console
[2009/03/12 14:12:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Limited\Datos de programa\Super-Cow
[2009/09/29 06:47:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Datos de programa\SACore
[2009/10/02 22:01:01 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\User\Datos de programa\.#
[2009/03/12 14:16:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Datos de programa\Acer
[2009/07/05 19:38:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Datos de programa\Acer GameZone Console
[2011/03/14 19:46:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Datos de programa\Azureus
[2009/10/05 04:38:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Datos de programa\eSobi
[2010/05/21 01:00:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Datos de programa\OpenOffice.org
[2009/03/12 14:12:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Datos de programa\Super-Cow
[2009/09/30 04:05:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Datos de programa\vghd

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2008/04/14 13:00:00 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=7522F548A84ABAD8FA516DE5AB3931EF -- C:\WINDOWS\explorer.exe
[2008/04/14 13:00:00 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=7522F548A84ABAD8FA516DE5AB3931EF -- C:\WINDOWS\system32\dllcache\explorer.exe
[2005/08/16 02:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Documents and Settings\User\Configuración local\Temp\RarSFX10\h\explorer.exe
[2005/08/16 02:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Documents and Settings\User\Configuración local\Temp\RarSFX11\h\explorer.exe
[2005/08/16 02:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Documents and Settings\User\Configuración local\Temp\RarSFX12\h\explorer.exe
[2005/08/16 02:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Documents and Settings\User\Configuración local\Temp\RarSFX13\h\explorer.exe
[2005/08/16 02:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Documents and Settings\User\Configuración local\Temp\RarSFX14\h\explorer.exe
[2005/08/16 02:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Documents and Settings\User\Configuración local\Temp\RarSFX15\h\explorer.exe
[2005/08/16 02:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Documents and Settings\User\Configuración local\Temp\RarSFX16\h\explorer.exe
[2005/08/16 02:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Documents and Settings\User\Configuración local\Temp\RarSFX17\h\explorer.exe
[2005/08/16 02:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Documents and Settings\User\Configuración local\Temp\RarSFX18\h\explorer.exe
[2005/08/16 02:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Documents and Settings\User\Configuración local\Temp\RarSFX19\h\explorer.exe
[2005/08/16 02:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Documents and Settings\User\Configuración local\Temp\RarSFX2\h\explorer.exe
[2005/08/16 02:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Documents and Settings\User\Configuración local\Temp\RarSFX20\h\explorer.exe
[2005/08/16 02:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Documents and Settings\User\Configuración local\Temp\RarSFX21\h\explorer.exe
[2005/08/16 02:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Documents and Settings\User\Configuración local\Temp\RarSFX22\h\explorer.exe
[2005/08/16 02:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Documents and Settings\User\Configuración local\Temp\RarSFX23\h\explorer.exe
[2005/08/16 02:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Documents and Settings\User\Configuración local\Temp\RarSFX24\h\explorer.exe
[2005/08/16 02:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Documents and Settings\User\Configuración local\Temp\RarSFX25\h\explorer.exe
[2005/08/16 02:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Documents and Settings\User\Configuración local\Temp\RarSFX26\h\explorer.exe
[2005/08/16 02:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Documents and Settings\User\Configuración local\Temp\RarSFX27\h\explorer.exe
[2005/08/16 02:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Documents and Settings\User\Configuración local\Temp\RarSFX28\h\explorer.exe
[2005/08/16 02:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Documents and Settings\User\Configuración local\Temp\RarSFX29\h\explorer.exe
[2005/08/16 02:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Documents and Settings\User\Configuración local\Temp\RarSFX3\h\explorer.exe
[2005/08/16 02:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Documents and Settings\User\Configuración local\Temp\RarSFX30\h\explorer.exe
[2005/08/16 02:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Documents and Settings\User\Configuración local\Temp\RarSFX31\h\explorer.exe
[2005/08/16 02:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Documents and Settings\User\Configuración local\Temp\RarSFX32\h\explorer.exe
[2005/08/16 02:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Documents and Settings\User\Configuración local\Temp\RarSFX33\h\explorer.exe
[2005/08/16 02:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Documents and Settings\User\Configuración local\Temp\RarSFX34\h\explorer.exe
[2005/08/16 02:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Documents and Settings\User\Configuración local\Temp\RarSFX35\h\explorer.exe
[2005/08/16 02:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Documents and Settings\User\Configuración local\Temp\RarSFX36\h\explorer.exe
[2005/08/16 02:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Documents and Settings\User\Configuración local\Temp\RarSFX37\h\explorer.exe
[2005/08/16 02:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Documents and Settings\User\Configuración local\Temp\RarSFX38\h\explorer.exe
[2005/08/16 02:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Documents and Settings\User\Configuración local\Temp\RarSFX39\h\explorer.exe
[2005/08/16 02:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Documents and Settings\User\Configuración local\Temp\RarSFX4\h\explorer.exe
[2005/08/16 02:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Documents and Settings\User\Configuración local\Temp\RarSFX40\h\explorer.exe
[2005/08/16 02:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Documents and Settings\User\Configuración local\Temp\RarSFX41\h\explorer.exe
[2005/08/16 02:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Documents and Settings\User\Configuración local\Temp\RarSFX42\h\explorer.exe
[2005/08/16 02:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Documents and Settings\User\Configuración local\Temp\RarSFX43\h\explorer.exe
[2005/08/16 02:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Documents and Settings\User\Configuración local\Temp\RarSFX44\h\explorer.exe
[2005/08/16 02:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Documents and Settings\User\Configuración local\Temp\RarSFX45\h\explorer.exe
[2005/08/16 02:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Documents and Settings\User\Configuración local\Temp\RarSFX46\h\explorer.exe
[2005/08/16 02:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Documents and Settings\User\Configuración local\Temp\RarSFX47\h\explorer.exe
[2005/08/16 02:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Documents and Settings\User\Configuración local\Temp\RarSFX5\h\explorer.exe
[2005/08/16 02:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Documents and Settings\User\Configuración local\Temp\RarSFX6\h\explorer.exe
[2005/08/16 02:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Documents and Settings\User\Configuración local\Temp\RarSFX7\h\explorer.exe
[2005/08/16 02:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Documents and Settings\User\Configuración local\Temp\RarSFX8\h\explorer.exe
[2005/08/16 02:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Documents and Settings\User\Configuración local\Temp\RarSFX9\h\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/04/14 13:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=4F2340F0BD5B6365C38E74DD391919A8 -- C:\WINDOWS\system32\dllcache\svchost.exe
[2008/04/14 13:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=4F2340F0BD5B6365C38E74DD391919A8 -- C:\WINDOWS\system32\svchost.exe

< MD5 for: USERINIT.EXE >
[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\User\Configuración local\Temp\RarSFX10\userinit.exe
[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\User\Configuración local\Temp\RarSFX11\userinit.exe
[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\User\Configuración local\Temp\RarSFX12\userinit.exe
[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\User\Configuración local\Temp\RarSFX13\userinit.exe
[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\User\Configuración local\Temp\RarSFX14\userinit.exe
[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\User\Configuración local\Temp\RarSFX15\userinit.exe
[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\User\Configuración local\Temp\RarSFX16\userinit.exe
[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\User\Configuración local\Temp\RarSFX17\userinit.exe
[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\User\Configuración local\Temp\RarSFX18\userinit.exe
[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\User\Configuración local\Temp\RarSFX19\userinit.exe
[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\User\Configuración local\Temp\RarSFX2\userinit.exe
[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\User\Configuración local\Temp\RarSFX20\userinit.exe
[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\User\Configuración local\Temp\RarSFX21\userinit.exe
[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\User\Configuración local\Temp\RarSFX22\userinit.exe
[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\User\Configuración local\Temp\RarSFX23\userinit.exe
[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\User\Configuración local\Temp\RarSFX24\userinit.exe
[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\User\Configuración local\Temp\RarSFX25\userinit.exe
[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\User\Configuración local\Temp\RarSFX26\userinit.exe
[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\User\Configuración local\Temp\RarSFX27\userinit.exe
[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\User\Configuración local\Temp\RarSFX28\userinit.exe
[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\User\Configuración local\Temp\RarSFX29\userinit.exe
[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\User\Configuración local\Temp\RarSFX3\userinit.exe
[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\User\Configuración local\Temp\RarSFX30\userinit.exe
[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\User\Configuración local\Temp\RarSFX31\userinit.exe
[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\User\Configuración local\Temp\RarSFX32\userinit.exe
[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\User\Configuración local\Temp\RarSFX33\userinit.exe
[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\User\Configuración local\Temp\RarSFX34\userinit.exe
[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\User\Configuración local\Temp\RarSFX35\userinit.exe
[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\User\Configuración local\Temp\RarSFX36\userinit.exe
[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\User\Configuración local\Temp\RarSFX37\userinit.exe
[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\User\Configuración local\Temp\RarSFX38\userinit.exe
[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\User\Configuración local\Temp\RarSFX39\userinit.exe
[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\User\Configuración local\Temp\RarSFX4\userinit.exe
[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\User\Configuración local\Temp\RarSFX40\userinit.exe
[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\User\Configuración local\Temp\RarSFX41\userinit.exe
[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\User\Configuración local\Temp\RarSFX42\userinit.exe
[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\User\Configuración local\Temp\RarSFX43\userinit.exe
[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\User\Configuración local\Temp\RarSFX44\userinit.exe
[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\User\Configuración local\Temp\RarSFX45\userinit.exe
[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\User\Configuración local\Temp\RarSFX5\userinit.exe
[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\User\Configuración local\Temp\RarSFX6\userinit.exe
[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\User\Configuración local\Temp\RarSFX7\userinit.exe
[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\User\Configuración local\Temp\RarSFX8\userinit.exe
[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\User\Configuración local\Temp\RarSFX9\userinit.exe
[2008/04/14 13:00:00 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=F5B8745B9A90EAF17E30C0574E049AA3 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008/04/14 13:00:00 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=F5B8745B9A90EAF17E30C0574E049AA3 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2008/04/14 13:00:00 | 000,510,976 | ---- | M] (Microsoft Corporation) MD5=213C80D912880BBF04453D09FFCCB28C -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008/04/14 13:00:00 | 000,510,976 | ---- | M] (Microsoft Corporation) MD5=213C80D912880BBF04453D09FFCCB28C -- C:\WINDOWS\system32\winlogon.exe
[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\User\Configuración local\Temp\RarSFX10\winlogon.exe
[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\User\Configuración local\Temp\RarSFX11\winlogon.exe
[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\User\Configuración local\Temp\RarSFX12\winlogon.exe
[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\User\Configuración local\Temp\RarSFX13\winlogon.exe
[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\User\Configuración local\Temp\RarSFX14\winlogon.exe
[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\User\Configuración local\Temp\RarSFX15\winlogon.exe
[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\User\Configuración local\Temp\RarSFX16\winlogon.exe
[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\User\Configuración local\Temp\RarSFX17\winlogon.exe
[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\User\Configuración local\Temp\RarSFX18\winlogon.exe
[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\User\Configuración local\Temp\RarSFX19\winlogon.exe
[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\User\Configuración local\Temp\RarSFX2\winlogon.exe
[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\User\Configuración local\Temp\RarSFX20\winlogon.exe
[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\User\Configuración local\Temp\RarSFX21\winlogon.exe
[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\User\Configuración local\Temp\RarSFX22\winlogon.exe
[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\User\Configuración local\Temp\RarSFX23\winlogon.exe
[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\User\Configuración local\Temp\RarSFX24\winlogon.exe
[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\User\Configuración local\Temp\RarSFX25\winlogon.exe
[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\User\Configuración local\Temp\RarSFX26\winlogon.exe
[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\User\Configuración local\Temp\RarSFX27\winlogon.exe
[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\User\Configuración local\Temp\RarSFX28\winlogon.exe
[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\User\Configuración local\Temp\RarSFX29\winlogon.exe
[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\User\Configuración local\Temp\RarSFX3\winlogon.exe
[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\User\Configuración local\Temp\RarSFX30\winlogon.exe
[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\User\Configuración local\Temp\RarSFX31\winlogon.exe
[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\User\Configuración local\Temp\RarSFX32\winlogon.exe
[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\User\Configuración local\Temp\RarSFX33\winlogon.exe
[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\User\Configuración local\Temp\RarSFX34\winlogon.exe
[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\User\Configuración local\Temp\RarSFX35\winlogon.exe
[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\User\Configuración local\Temp\RarSFX36\winlogon.exe
[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\User\Configuración local\Temp\RarSFX37\winlogon.exe
[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\User\Configuración local\Temp\RarSFX38\winlogon.exe
[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\User\Configuración local\Temp\RarSFX39\winlogon.exe
[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\User\Configuración local\Temp\RarSFX4\winlogon.exe
[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\User\Configuración local\Temp\RarSFX40\winlogon.exe
[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\User\Configuración local\Temp\RarSFX41\winlogon.exe
[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\User\Configuración local\Temp\RarSFX42\winlogon.exe
[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\User\Configuración local\Temp\RarSFX43\winlogon.exe
[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\User\Configuración local\Temp\RarSFX44\winlogon.exe
[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\User\Configuración local\Temp\RarSFX45\winlogon.exe
[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\User\Configuración local\Temp\RarSFX5\winlogon.exe
[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\User\Configuración local\Temp\RarSFX6\winlogon.exe
[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\User\Configuración local\Temp\RarSFX7\winlogon.exe
[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\User\Configuración local\Temp\RarSFX8\winlogon.exe
[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\User\Configuración local\Temp\RarSFX9\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Archivos de programa\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/06/24 22:26:58 | 000,712,976 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Archivos de programa\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/06/24 22:26:58 | 000,712,976 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Archivos de programa\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/06/24 22:26:58 | 000,712,976 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Archivos de programa\Mozilla Firefox\firefox.exe [2011/06/24 22:27:01 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Archivos de programa\Mozilla Firefox\firefox.exe" -preferences [2011/06/24 22:27:01 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Archivos de programa\Mozilla Firefox\firefox.exe" -safe-mode [2011/06/24 22:27:01 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/04/25 13:00:32 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/04/25 13:00:32 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/04/25 13:00:32 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Archivos de programa\Internet Explorer\iexplore.exe [2011/04/21 11:58:25 | 000,634,648 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Archivos de programa\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/06/24 22:26:58 | 000,712,976 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Archivos de programa\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/06/24 22:26:58 | 000,712,976 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Archivos de programa\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/06/24 22:26:58 | 000,712,976 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Archivos de programa\Mozilla Firefox\firefox.exe [2011/06/24 22:27:01 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Archivos de programa\Mozilla Firefox\firefox.exe" -preferences [2011/06/24 22:27:01 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Archivos de programa\Mozilla Firefox\firefox.exe" -safe-mode [2011/06/24 22:27:01 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/04/25 13:00:32 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/04/25 13:00:32 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/04/25 13:00:32 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Archivos de programa\Internet Explorer\iexplore.exe [2011/04/21 11:58:25 | 000,634,648 | ---- | M] (Microsoft Corporation)

< End of report >

(3)Extras.txt

OTL Extras logfile created on: 17/07/2011 00:19:10 - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\User\Escritorio
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000809 | Country: Reino Unido | Language: ENG | Date Format: dd/MM/yyyy

1013.88 Mb Total Physical Memory | 426.76 Mb Available Physical Memory | 42.09% Memory free
2.38 Gb Paging File | 1.92 Gb Available in Paging File | 80.71% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Archivos de programa
Drive C: | 142.05 Gb Total Space | 35.17 Gb Free Space | 24.76% Space Free | Partition Type: NTFS

Computer Name: ACER-074AC68100 | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-572454927-955046455-3802400216-1005\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Archivos de programa\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Archivos de programa\Acer\Acer VCM\VC.exe" = C:\Archivos de programa\Acer\Acer VCM\VC.exe:*:Disabled:Acer Video Quality Enhancement -- (Acer Incoporated)
"C:\Archivos de programa\Google\Google Earth\plugin\geplugin.exe" = C:\Archivos de programa\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth
"C:\Archivos de programa\Vuze\Azureus.exe" = C:\Archivos de programa\Vuze\Azureus.exe:*:Enabled:Azureus / Vuze


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Herramienta de carga de Windows Live
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216019FF}" = Java™ 6 Update 20
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{350C9C0A-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{38BB21D5-B0D1-41DA-A0B0-1EFB5EF4AAC2}" = Microsoft Works
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = WebCam
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51F026FA-5146-4232-A8BA-1364740BD053}" = Acer Crystal Eye webcam
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{7148F0A8-6813-11D6-A77B-00B0D0142180}" = Java 2 Runtime Environment, SE v1.4.2_18
"{71C2828F-2678-4675-BDEC-895424861262}_is1" = C:\Archivos de programa\Acer GameZone\GameConsole
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}" = Chicken Invaders 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11109097}" = Luxor - Amun Rising
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111940693}" = Bookworm Adventures
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11198580}" = Fizzball
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113297350}" = Cake Mania 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113644907}" = Gold Miner Vegas
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113938743}" = Supercow
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115329757}" = Jewelleria
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{90120000-0010-0C0A-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (Spanish) 12
"{90120000-0016-0C0A-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Spanish) 2007
"{90120000-0016-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{91A7F72A-3273-4C1E-8BE0-BC9DD0D9345C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0C0A-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Spanish) 2007
"{90120000-0018-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{91A7F72A-3273-4C1E-8BE0-BC9DD0D9345C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0C0A-0000-0000000FF1CE}" = Microsoft Office Word MUI (Spanish) 2007
"{90120000-001B-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{91A7F72A-3273-4C1E-8BE0-BC9DD0D9345C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0403-0000-0000000FF1CE}" = Microsoft Office Proof (Catalan) 2007
"{90120000-001F-0403-0000-0000000FF1CE}_HOMESTUDENTR_{4B47C31E-46B0-462B-BEE4-DC383B6A1F2A}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0416-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Brazil)) 2007
"{90120000-001F-0416-0000-0000000FF1CE}_HOMESTUDENTR_{75EBE365-7FC5-4720-A7D3-804BF550D1BC}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-042D-0000-0000000FF1CE}" = Microsoft Office Proof (Basque) 2007
"{90120000-001F-0456-0000-0000000FF1CE}" = Microsoft Office Proof (Galician) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0C0A-0000-0000000FF1CE}" = Paquete de compatibilidad para 2007 Office system
"{90120000-002C-0C0A-0000-0000000FF1CE}" = Microsoft Office Proofing (Spanish) 2007
"{90120000-006E-0C0A-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Spanish) 2007
"{90120000-006E-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{6113C11D-BACA-4D8E-8002-03C8D06FD5E6}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0C0A-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Spanish) 2007
"{90120000-00A1-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{91A7F72A-3273-4C1E-8BE0-BC9DD0D9345C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0C0A-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (Spanish)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = USB2.0 Card Reader Software
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D2B0720-4787-437E-A949-97D01BF64BAE}_is1" = C:\Archivos de programa\Acer GameZone\GameConsole
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A62892A7-9D90-4A58-8FFF-78FC5A2BC3C5}" = OpenOffice.org 3.2
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1034-7B44-A94000000001}" = Adobe Reader 9.4.5 - Español
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FD9E03B5-AEEA-4D59-B512-6CE4AA0281D4}" = Byki
"Acer Screensaver" = Acer ScreenSaver
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Byki Express" = Byki Express
"CDisplay_is1" = CDisplay 1.8
"Google Desktop" = Google Desktop
"HDMI" = Intel® Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"Internet Scrabble Club_is1" = WordBiz version 1.8
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.7.5 (Basic)
"LeXpert 3.2" = LeXpert 3.2
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 5.0 (x86 en-GB)" = Mozilla Firefox 5.0 (x86 en-GB)
"MP4 Player_is1" = MP4 Player 3.5
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Quackle_is1" = Quackle 0.96 [Beta]
"RAR File Open Knife - Free Opener" = RAR File Open Knife - Free Opener
"RealPlayer 12.0" = RealPlayer
"SpywareBlaster_is1" = SpywareBlaster 4.4
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"vghd" = VirtuaGirl
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Reproductor de Windows Media 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.0.2
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Zyzzyva 2.0.5" = Zyzzyva
"Zyzzyva 2.1.4" = Zyzzyva

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-572454927-955046455-3802400216-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 16/07/2011 19:06:43 | Computer Name = ACER-074AC68100 | Source = Application Hang | ID = 1002
Description = Aplicación que no responde: OTL.scr, versión 3.2.26.1, módulo que
no responde hungapp, versión 0.0.0.0, dirección que no responde 0x00000000.

Error - 16/07/2011 19:07:18 | Computer Name = ACER-074AC68100 | Source = Application Hang | ID = 1002
Description = Aplicación que no responde: OTL.scr, versión 3.2.26.1, módulo que
no responde hungapp, versión 0.0.0.0, dirección que no responde 0x00000000.

Error - 16/07/2011 19:07:23 | Computer Name = ACER-074AC68100 | Source = Application Hang | ID = 1002
Description = Aplicación que no responde: OTL.scr, versión 3.2.26.1, módulo que
no responde hungapp, versión 0.0.0.0, dirección que no responde 0x00000000.

Error - 16/07/2011 19:07:26 | Computer Name = ACER-074AC68100 | Source = Application Hang | ID = 1002
Description = Aplicación que no responde: OTL.scr, versión 3.2.26.1, módulo que
no responde hungapp, versión 0.0.0.0, dirección que no responde 0x00000000.

Error - 16/07/2011 19:07:45 | Computer Name = ACER-074AC68100 | Source = Application Hang | ID = 1002
Description = Aplicación que no responde: OTL.scr, versión 3.2.26.1, módulo que
no responde hungapp, versión 0.0.0.0, dirección que no responde 0x00000000.

Error - 16/07/2011 19:07:55 | Computer Name = ACER-074AC68100 | Source = Application Hang | ID = 1002
Description = Aplicación que no responde: OTL.scr, versión 3.2.26.1, módulo que
no responde hungapp, versión 0.0.0.0, dirección que no responde 0x00000000.

Error - 16/07/2011 19:07:57 | Computer Name = ACER-074AC68100 | Source = Application Error | ID = 1000
Description = Aplicación con errores: drwtsn32.exe, versión: 5.1.2600.0, módulo
con error: dbghelp.dll, versión 5.1.2600.5512, dirección de error 0x0001295d.

Error - 16/07/2011 19:07:59 | Computer Name = ACER-074AC68100 | Source = Application Hang | ID = 1002
Description = Aplicación que no responde: OTL.scr, versión 3.2.26.1, módulo que
no responde hungapp, versión 0.0.0.0, dirección que no responde 0x00000000.

Error - 16/07/2011 19:17:01 | Computer Name = ACER-074AC68100 | Source = Application Error | ID = 1000
Description = Aplicación con errores: explorer.exe, versión: 6.0.2900.5512, módulo
con error: unknown, versión 0.0.0.0, dirección de error 0x00d62ca7.

Error - 16/07/2011 19:19:49 | Computer Name = ACER-074AC68100 | Source = Application Error | ID = 1000
Description = Aplicación con errores: svchost.exe, versión: 5.1.2600.5512, módulo
con error: unknown, versión 0.0.0.0, dirección de error 0x007f1b14.

[ Application Events ]
Error - 16/07/2011 19:06:43 | Computer Name = ACER-074AC68100 | Source = Application Hang | ID = 1002
Description = Aplicación que no responde: OTL.scr, versión 3.2.26.1, módulo que
no responde hungapp, versión 0.0.0.0, dirección que no responde 0x00000000.

Error - 16/07/2011 19:07:18 | Computer Name = ACER-074AC68100 | Source = Application Hang | ID = 1002
Description = Aplicación que no responde: OTL.scr, versión 3.2.26.1, módulo que
no responde hungapp, versión 0.0.0.0, dirección que no responde 0x00000000.

Error - 16/07/2011 19:07:23 | Computer Name = ACER-074AC68100 | Source = Application Hang | ID = 1002
Description = Aplicación que no responde: OTL.scr, versión 3.2.26.1, módulo que
no responde hungapp, versión 0.0.0.0, dirección que no responde 0x00000000.

Error - 16/07/2011 19:07:26 | Computer Name = ACER-074AC68100 | Source = Application Hang | ID = 1002
Description = Aplicación que no responde: OTL.scr, versión 3.2.26.1, módulo que
no responde hungapp, versión 0.0.0.0, dirección que no responde 0x00000000.

Error - 16/07/2011 19:07:45 | Computer Name = ACER-074AC68100 | Source = Application Hang | ID = 1002
Description = Aplicación que no responde: OTL.scr, versión 3.2.26.1, módulo que
no responde hungapp, versión 0.0.0.0, dirección que no responde 0x00000000.

Error - 16/07/2011 19:07:55 | Computer Name = ACER-074AC68100 | Source = Application Hang | ID = 1002
Description = Aplicación que no responde: OTL.scr, versión 3.2.26.1, módulo que
no responde hungapp, versión 0.0.0.0, dirección que no responde 0x00000000.

Error - 16/07/2011 19:07:57 | Computer Name = ACER-074AC68100 | Source = Application Error | ID = 1000
Description = Aplicación con errores: drwtsn32.exe, versión: 5.1.2600.0, módulo
con error: dbghelp.dll, versión 5.1.2600.5512, dirección de error 0x0001295d.

Error - 16/07/2011 19:07:59 | Computer Name = ACER-074AC68100 | Source = Application Hang | ID = 1002
Description = Aplicación que no responde: OTL.scr, versión 3.2.26.1, módulo que
no responde hungapp, versión 0.0.0.0, dirección que no responde 0x00000000.

Error - 16/07/2011 19:17:01 | Computer Name = ACER-074AC68100 | Source = Application Error | ID = 1000
Description = Aplicación con errores: explorer.exe, versión: 6.0.2900.5512, módulo
con error: unknown, versión 0.0.0.0, dirección de error 0x00d62ca7.

Error - 16/07/2011 19:19:49 | Computer Name = ACER-074AC68100 | Source = Application Error | ID = 1000
Description = Aplicación con errores: svchost.exe, versión: 5.1.2600.5512, módulo
con error: unknown, versión 0.0.0.0, dirección de error 0x007f1b14.

[ System Events ]
Error - 15/07/2011 22:17:17 | Computer Name = ACER-074AC68100 | Source = Service Control Manager | ID = 7034
Description = El servicio Servicios de Terminal Server se terminó de manera inesperada.
Esto ha sucedido 1 veces.

Error - 16/07/2011 07:53:26 | Computer Name = ACER-074AC68100 | Source = Service Control Manager | ID = 7031
Description = El servicio Iniciador de procesos de servidor DCOM terminó inesperadamente.
Lo ha hecho 1 veces. Se realizará la siguiente acción correctora en 60000 milisegundos:
Reiniciar el servicio.

Error - 16/07/2011 07:53:26 | Computer Name = ACER-074AC68100 | Source = Service Control Manager | ID = 7034
Description = El servicio Servicios de Terminal Server se terminó de manera inesperada.
Esto ha sucedido 1 veces.

Error - 16/07/2011 13:27:19 | Computer Name = ACER-074AC68100 | Source = Service Control Manager | ID = 7031
Description = El servicio Iniciador de procesos de servidor DCOM terminó inesperadamente.
Lo ha hecho 1 veces. Se realizará la siguiente acción correctora en 60000 milisegundos:
Reiniciar el servicio.

Error - 16/07/2011 13:27:19 | Computer Name = ACER-074AC68100 | Source = Service Control Manager | ID = 7034
Description = El servicio Servicios de Terminal Server se terminó de manera inesperada.
Esto ha sucedido 1 veces.

Error - 16/07/2011 14:27:57 | Computer Name = ACER-074AC68100 | Source = System Error | ID = 1003
Description = Código de error 1000007e, parámetro 1 c0000005, parámetro 2 8736a669,
parámetro 3 f7cb0cbc, parámetro 4 f7cb09b8.

Error - 16/07/2011 14:30:25 | Computer Name = ACER-074AC68100 | Source = Service Control Manager | ID = 7031
Description = El servicio Iniciador de procesos de servidor DCOM terminó inesperadamente.
Lo ha hecho 1 veces. Se realizará la siguiente acción correctora en 60000 milisegundos:
Reiniciar el servicio.

Error - 16/07/2011 14:30:25 | Computer Name = ACER-074AC68100 | Source = Service Control Manager | ID = 7034
Description = El servicio Servicios de Terminal Server se terminó de manera inesperada.
Esto ha sucedido 1 veces.

Error - 16/07/2011 19:24:52 | Computer Name = ACER-074AC68100 | Source = Service Control Manager | ID = 7031
Description = El servicio Iniciador de procesos de servidor DCOM terminó inesperadamente.
Lo ha hecho 1 veces. Se realizará la siguiente acción correctora en 60000 milisegundos:
Reiniciar el servicio.

Error - 16/07/2011 19:24:52 | Computer Name = ACER-074AC68100 | Source = Service Control Manager | ID = 7034
Description = El servicio Servicios de Terminal Server se terminó de manera inesperada.
Esto ha sucedido 1 veces.


< End of report >

I am sorry that my initial description was not quite accurate with the names of error messages etc. due to working from memory. I am doing my best to be systematic now.
  • 0

#4
ali.B
Posted 17 July 2011 - 03:10 AM

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
hi

Step 1

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O4 - HKLM..\Run: [SunJavaUpdateSched] File not found
O4 - HKLM..\Run: [TkBellExe] File not found
[2011/06/03 23:47:44 | 000,000,152 | ---- | C] () -- C:\Documents and Settings\All Users\Datos de programa\~16703268r
[2011/06/03 23:47:44 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\All Users\Datos de programa\~16703268
[2011/06/03 23:47:36 | 000,000,336 | ---- | C] () -- C:\Documents and Settings\All Users\Datos de programa\16703268
[2009/10/02 22:01:01 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\User\Datos de programa\.#
[2009/03/12 12:52:30 | 000,032,768 | ---- | C] () -- C:\WINDOWS\AMove.exe

:Files
ioconfig /flushdns /c

:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Step 2

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.


    Posted Image


  • If an infected file is detected, the default action will be Cure, click on Continue.


    Posted Image

  • If a suspicious file is detected, the default action will be Skip, click on Continue.


    Posted Image

  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


    Posted Image

  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Things I would like to see in your reply:
  • OTL log
  • TDSSkiller log

  • 0

#5
orangutan
Posted 17 July 2011 - 08:13 AM

orangutan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Thanks for your second reply. Here is the OTL log, followed by the TDSSKiller log.

OTL logfile created on: 17/07/2011 14:55:17 - Run 2
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\User\Escritorio
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000809 | Country: Reino Unido | Language: ENG | Date Format: dd/MM/yyyy

1013.88 Mb Total Physical Memory | 400.41 Mb Available Physical Memory | 39.49% Memory free
2.38 Gb Paging File | 1.90 Gb Available in Paging File | 79.79% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Archivos de programa
Drive C: | 142.05 Gb Total Space | 37.58 Gb Free Space | 26.46% Space Free | Partition Type: NTFS

Computer Name: ACER-074AC68100 | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/16 23:50:23 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Escritorio\OTL.scr
PRC - [2011/07/14 01:39:13 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Archivos de programa\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/06/24 22:27:01 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Archivos de programa\Mozilla Firefox\firefox.exe
PRC - [2011/03/28 16:15:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Archivos de programa\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011/03/28 16:15:40 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Archivos de programa\Avira\AntiVir Desktop\sched.exe
PRC - [2011/03/28 16:15:29 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Archivos de programa\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/02/02 02:55:06 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Archivos de programa\OpenOffice.org 3\program\soffice.bin
PRC - [2010/02/02 02:55:04 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Archivos de programa\OpenOffice.org 3\program\soffice.exe
PRC - [2009/02/11 15:46:28 | 000,565,248 | ---- | M] (Acer Incorporated) -- C:\Archivos de programa\Acer\Acer VCM\AcerVCM.exe
PRC - [2009/02/05 08:14:56 | 000,237,568 | ---- | M] (Acer Incorporated) -- C:\Archivos de programa\Acer\Acer VCM\RS_Service.exe
PRC - [2008/12/30 08:09:54 | 000,875,016 | ---- | M] (Dritek System Inc.) -- C:\Archivos de programa\Launch Manager\LManager.exe
PRC - [2008/07/03 14:58:22 | 000,094,208 | ---- | M] (sonix) -- C:\WINDOWS\PLFSetL.exe
PRC - [2008/04/15 17:54:42 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Archivos de programa\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/04/15 17:54:40 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Archivos de programa\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008/04/14 13:00:00 | 001,036,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/14 13:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dwwin.exe
PRC - [2008/04/14 13:00:00 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\savedump.exe


========== Modules (SafeList) ==========

MOD - [2011/07/16 23:50:23 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Escritorio\OTL.scr
MOD - [2010/08/23 17:12:00 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/07/14 01:39:13 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Archivos de programa\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/03/28 16:15:40 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Archivos de programa\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009/02/05 08:14:56 | 000,237,568 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Archivos de programa\Acer\Acer VCM\RS_Service.exe -- (RS_Service)
SRV - [2008/11/04 05:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Archivos de programa\Archivos comunes\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008/04/15 17:54:42 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Archivos de programa\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2007/11/06 21:22:26 | 000,092,792 | ---- | M] (CACE Technologies) [On_Demand | Stopped] -- C:\Archivos de programa\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2006/10/26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Archivos de programa\Archivos comunes\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


========== Driver Services (SafeList) ==========

DRV - [2011/07/14 01:39:14 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/07/14 01:39:14 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/06/17 15:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/06/17 15:27:12 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Archivos de programa\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009/05/06 17:15:38 | 001,759,744 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2009/03/02 06:03:46 | 000,038,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l1c51x86.sys -- (L1c)
DRV - [2009/02/25 19:17:52 | 001,344,224 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416)
DRV - [2009/02/24 09:49:44 | 005,032,448 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009/02/03 07:42:30 | 000,162,816 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2008/08/05 13:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2008/04/14 13:00:00 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2007/11/06 21:22:06 | 000,034,064 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2006/11/02 14:27:36 | 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System | Running] -- C:\Archivos de programa\Launch Manager\DPortIO.sys -- (DritekPortIO)
DRV - [2006/01/04 08:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer...09&m=aspire_one
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...09&m=aspire_one

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer...09&m=aspire_one
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.co.uk/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Archivos de programa\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Archivos de programa\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: C:\Archivos de programa\Real\RealPlayer\Netscape6\nppl3260.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: C:\Archivos de programa\Real\RealPlayer\Netscape6\nprjplug.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.652: C:\Documents and Settings\All Users\Datos de programa\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.652: C:\Documents and Settings\All Users\Datos de programa\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: C:\Archivos de programa\Real\RealPlayer\Netscape6\nprpjplug.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Archivos de programa\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Archivos de programa\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Archivos de programa\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Datos de programa\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Archivos de programa\Mozilla Firefox\components [2011/06/24 22:27:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Archivos de programa\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\FireFox\Extensions\\[email protected]: C:\Archivos de programa\SaveTubeVideo.com\SaveTubeVideo\FF

[2011/06/09 23:27:04 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Datos de programa\Mozilla\Extensions
[2011/06/08 13:57:00 | 000,000,000 | ---D | M] (No name found) -- C:\Archivos de programa\Mozilla Firefox\extensions
File not found (No name found) --
[2010/04/02 13:55:18 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\ARCHIVOS DE PROGRAMA\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2009/09/30 11:48:44 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/06/24 22:27:02 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Archivos de programa\mozilla firefox\components\browsercomps.dll
[2010/01/01 09:00:00 | 000,001,538 | ---- | M] () -- C:\Archivos de programa\mozilla firefox\searchplugins\amazon-en-GB.xml
[2010/01/01 09:00:00 | 000,002,252 | ---- | M] () -- C:\Archivos de programa\mozilla firefox\searchplugins\bing.xml
[2010/01/01 09:00:00 | 000,000,947 | ---- | M] () -- C:\Archivos de programa\mozilla firefox\searchplugins\chambers-en-GB.xml
[2010/01/01 09:00:00 | 000,001,180 | ---- | M] () -- C:\Archivos de programa\mozilla firefox\searchplugins\eBay-en-GB.xml
[2010/01/01 09:00:00 | 000,001,135 | ---- | M] () -- C:\Archivos de programa\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2008/04/14 13:00:00 | 000,000,792 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Archivos de programa\Archivos comunes\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe ARM] C:\Archivos de programa\Archivos comunes\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avgnt] C:\Archivos de programa\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [AzMixerSel] C:\Archivos de programa\Realtek\Audio\Drivers\AzMixerSel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [IAAnotif] C:\Archivos de programa\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [LManager] C:\Archivos de programa\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PLFSetL] C:\WINDOWS\PLFSetL.exe (sonix)
O4 - HKLM..\Run: [snp2uvc] C:\WINDOWS\System32\csnp2uvc.dll ( )
O4 - Startup: C:\Documents and Settings\All Users\Menú Inicio\Programas\Inicio\Acer VCM.lnk = C:\Archivos de programa\Acer\Acer VCM\AcerVCM.exe (Acer Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Menú Inicio\Programas\Inicio\Adobe Gamma Loader.lnk = C:\Archivos de programa\Archivos comunes\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\User\Menú Inicio\Programas\Inicio\OpenOffice.org 3.2.lnk = C:\Archivos de programa\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.micr...78f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0014-0002-0018-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_18)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Archivos de programa\Acer\Acer VCM\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\ARCHIV~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Archivos de programa\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Mi página de inicio actual) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\User\Configuración local\Datos de programa\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\User\Configuración local\Datos de programa\Microsoft\Wallpaper1.bmp
O32 - Unable to read "AutoRun" value or value not present!
O32 - AutoRun File - [2009/03/12 12:49:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/17 14:43:02 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/07/16 23:50:21 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\User\Escritorio\OTL.scr
[2011/07/16 22:34:14 | 001,906,176 | ---- | C] (AVAST Software) -- C:\Documents and Settings\User\Escritorio\aswMBR.exe
[2011/07/16 02:11:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Escritorio\Confessionals from medicine ... and Scrabble_files
[2011/07/15 00:53:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Escritorio\39449_files
[2011/07/14 16:09:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Escritorio\RECENT STUFF
[2011/07/12 00:33:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Escritorio\QUACKLED GAMES
[2011/07/12 00:30:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Mis documentos\Stuff off desktop
[2011/07/12 00:28:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Mis documentos\STUFF
[2011/07/12 00:26:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Mis documentos\Stuff off old memory stick
[2011/07/12 00:12:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Mis documentos\NEWER STUFF
[2011/07/11 23:50:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Mis documentos\APPLICATIONS
[2011/07/11 23:34:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Mis documentos\Lake District stuff
[2011/07/11 23:33:42 | 000,000,000 | R--D | C] -- C:\Documents and Settings\User\Escritorio\SCRABBLE
[2011/07/11 23:15:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Mis documentos\sbmiso
[2011/07/11 22:13:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Mis documentos\Susana Spears video
[2011/07/11 22:12:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Mis documentos\My documents
[2011/06/19 02:08:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Configuración local\Datos de programa\PCHealth
[2011/06/18 15:47:00 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/06/18 15:46:30 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2011/06/18 15:36:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Datos de programa\TEMP
[2011/06/18 15:36:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menú Inicio\Programas\SpywareBlaster
[2011/06/18 15:36:43 | 000,000,000 | ---D | C] -- C:\Archivos de programa\SpywareBlaster
[2011/06/17 21:07:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menú Inicio\Programas\Zyzzyva 2.1.4
[2009/07/05 19:37:06 | 000,196,608 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp2uvc.dll
[2009/07/05 19:37:03 | 000,225,280 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnp2uvc.dll
[2009/03/12 05:34:20 | 000,049,152 | ---- | C] ( ) -- C:\WINDOWS\Interop.IWshRuntimeLibrary.dll
[1 C:\Documents and Settings\User\Configuración local\Datos de programa\*.tmp files -> C:\Documents and Settings\User\Configuración local\Datos de programa\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/17 14:51:43 | 000,001,094 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/17 14:51:42 | 000,000,290 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-572454927-955046455-3802400216-1005.job
[2011/07/17 14:51:32 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/07/17 14:42:17 | 000,000,560 | ---- | M] () -- C:\Documents and Settings\User\Escritorio\d to 500.lxp
[2011/07/17 14:36:10 | 000,000,015 | ---- | M] () -- C:\WINDOWS\System32\package.lst
[2011/07/17 14:34:05 | 000,005,693 | ---- | M] () -- C:\Documents and Settings\User\Escritorio\current bonus.lxp
[2011/07/17 14:27:01 | 000,001,098 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/17 03:24:55 | 000,062,976 | ---- | M] () -- C:\Documents and Settings\User\Configuración local\Datos de programa\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/16 23:50:23 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Escritorio\OTL.scr
[2011/07/16 23:49:41 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\User\Escritorio\MBR.dat
[2011/07/16 22:35:02 | 001,906,176 | ---- | M] (AVAST Software) -- C:\Documents and Settings\User\Escritorio\aswMBR.exe
[2011/07/16 02:12:00 | 000,094,051 | ---- | M] () -- C:\Documents and Settings\User\Escritorio\Confessionals from medicine ... and Scrabble.htm
[2011/07/15 00:53:30 | 000,146,607 | ---- | M] () -- C:\Documents and Settings\User\Escritorio\39449.htm
[2011/07/14 16:24:39 | 000,000,765 | ---- | M] () -- C:\Documents and Settings\User\Escritorio\zyzzyva.lnk
[2011/07/14 03:18:41 | 000,000,851 | ---- | M] () -- C:\Documents and Settings\User\Escritorio\anaHack2025.lnk
[2011/07/14 01:39:14 | 000,138,192 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2011/07/14 01:39:14 | 000,066,616 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2011/07/13 22:04:00 | 000,000,298 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-572454927-955046455-3802400216-1005.job
[2011/07/13 19:07:23 | 000,279,744 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/07/13 18:52:15 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/07/13 17:33:32 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\User\Escritorio\Quackle.lnk
[2011/07/10 18:02:59 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/06/20 22:36:10 | 000,499,736 | ---- | M] () -- C:\WINDOWS\System32\perfh00A.dat
[2011/06/20 22:36:10 | 000,436,044 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/06/20 22:36:10 | 000,088,282 | ---- | M] () -- C:\WINDOWS\System32\perfc00A.dat
[2011/06/20 22:36:10 | 000,069,754 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[1 C:\Documents and Settings\User\Configuración local\Datos de programa\*.tmp files -> C:\Documents and Settings\User\Configuración local\Datos de programa\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/16 23:49:41 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\User\Escritorio\MBR.dat
[2011/07/16 13:48:54 | 000,000,560 | ---- | C] () -- C:\Documents and Settings\User\Escritorio\d to 500.lxp
[2011/07/16 02:11:57 | 000,094,051 | ---- | C] () -- C:\Documents and Settings\User\Escritorio\Confessionals from medicine ... and Scrabble.htm
[2011/07/15 00:53:20 | 000,146,607 | ---- | C] () -- C:\Documents and Settings\User\Escritorio\39449.htm
[2011/07/14 16:24:13 | 000,000,765 | ---- | C] () -- C:\Documents and Settings\User\Escritorio\zyzzyva.lnk
[2011/07/14 03:18:24 | 000,000,851 | ---- | C] () -- C:\Documents and Settings\User\Escritorio\anaHack2025.lnk
[2011/07/13 17:32:45 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\User\Escritorio\Quackle.lnk
[2011/07/13 01:19:24 | 000,005,693 | ---- | C] () -- C:\Documents and Settings\User\Escritorio\current bonus.lxp
[2011/06/08 13:57:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/06/12 04:48:44 | 000,070,009 | ---- | C] () -- C:\Documents and Settings\User\Datos de programa\QD info.ini
[2010/04/12 01:13:22 | 000,018,432 | ---- | C] () -- C:\WINDOWS\ss3unstl.exe
[2010/03/27 00:24:49 | 000,000,007 | ---- | C] () -- C:\WINDOWS\treeskp.sys
[2010/03/11 05:29:18 | 000,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/11/23 04:26:45 | 000,075,264 | ---- | C] () -- C:\WINDOWS\System32\ztvunacev2.dll
[2009/11/23 04:26:44 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\7-zip32.dll
[2009/11/23 04:26:44 | 000,156,160 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar3.dll
[2009/10/01 02:43:59 | 000,062,976 | ---- | C] () -- C:\Documents and Settings\User\Configuración local\Datos de programa\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/30 04:08:31 | 000,000,007 | ---- | C] () -- C:\WINDOWS\sbacknt.bin
[2009/09/29 06:02:29 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2009/07/05 19:37:06 | 001,759,744 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2uvc.sys
[2009/07/05 19:37:06 | 000,028,544 | ---- | C] () -- C:\WINDOWS\System32\drivers\sncduvc.sys
[2009/07/05 19:37:06 | 000,000,323 | ---- | C] () -- C:\WINDOWS\PidList.ini
[2009/03/12 14:31:01 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/03/12 13:40:21 | 000,090,772 | ---- | C] () -- C:\WINDOWS\System32\drivers\RtConvEQ.DAT
[2009/03/12 13:40:21 | 000,000,536 | ---- | C] () -- C:\WINDOWS\System32\drivers\RtHdatEx.dat
[2009/03/12 13:40:21 | 000,000,520 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTEQEX2.dat
[2009/03/12 13:40:21 | 000,000,520 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTEQEX1.dat
[2009/03/12 13:40:21 | 000,000,520 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTEQEX0.dat
[2009/03/12 13:40:21 | 000,000,164 | ---- | C] () -- C:\WINDOWS\System32\drivers\SamSfPa.dat
[2009/03/12 13:40:21 | 000,000,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\rtkhdaud.dat
[2009/03/12 13:39:25 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2009/03/12 12:52:30 | 000,006,782 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2009/03/12 12:51:36 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/03/12 12:47:46 | 000,021,900 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/03/12 12:47:00 | 000,003,656 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2009/03/12 12:44:52 | 000,004,205 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/03/12 12:44:10 | 000,279,744 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/03/12 05:34:20 | 000,020,480 | ---- | C] () -- C:\WINDOWS\LauncheRyDiscCalc.exe
[2009/03/12 05:34:12 | 000,499,736 | ---- | C] () -- C:\WINDOWS\System32\perfh00A.dat
[2009/03/12 05:34:12 | 000,317,534 | ---- | C] () -- C:\WINDOWS\System32\perfi00A.dat
[2009/03/12 05:34:12 | 000,088,282 | ---- | C] () -- C:\WINDOWS\System32\perfc00A.dat
[2009/03/12 05:34:12 | 000,036,284 | ---- | C] () -- C:\WINDOWS\System32\perfd00A.dat
[2009/03/12 05:34:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2009/03/12 05:33:58 | 000,436,044 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2009/03/12 05:33:58 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2009/03/12 05:33:58 | 000,069,754 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2009/03/12 05:33:58 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2009/03/12 05:33:57 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2009/03/12 05:33:57 | 000,004,524 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2009/03/12 05:33:56 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2009/03/12 05:33:53 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2009/03/12 05:33:53 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2009/03/12 05:33:47 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2009/03/12 05:33:45 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2007/11/06 21:19:28 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll

========== LOP Check ==========

[2009/07/05 19:38:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\Acer GameZone Console
[2009/03/12 14:15:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\eSobi
[2011/06/08 17:08:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\Hitman Pro
[2011/06/18 15:36:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\TEMP
[2011/06/09 23:27:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\Transparent
[2011/06/09 23:35:18 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Datos de programa\{7D4B3D1D-104E-4507-9123-568BC721B7E2}
[2009/03/12 14:16:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Datos de programa\Acer
[2009/07/05 19:38:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Datos de programa\Acer GameZone Console
[2011/03/14 19:46:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Datos de programa\Azureus
[2009/10/05 04:38:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Datos de programa\eSobi
[2010/05/21 01:00:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Datos de programa\OpenOffice.org
[2009/03/12 14:12:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Datos de programa\Super-Cow
[2009/09/30 04:05:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Datos de programa\vghd

========== Purity Check ==========



< End of report >




2011/07/17 15:06:18.0671 3900 TDSS rootkit removing tool 2.5.11.0 Jul 11 2011 16:56:56
2011/07/17 15:06:18.0859 3900 ================================================================================
2011/07/17 15:06:18.0859 3900 SystemInfo:
2011/07/17 15:06:18.0859 3900
2011/07/17 15:06:18.0859 3900 OS Version: 5.1.2600 ServicePack: 3.0
2011/07/17 15:06:18.0859 3900 Product type: Workstation
2011/07/17 15:06:18.0859 3900 ComputerName: ACER-074AC68100
2011/07/17 15:06:18.0859 3900 UserName: User
2011/07/17 15:06:18.0859 3900 Windows directory: C:\WINDOWS
2011/07/17 15:06:18.0859 3900 System windows directory: C:\WINDOWS
2011/07/17 15:06:18.0859 3900 Processor architecture: Intel x86
2011/07/17 15:06:18.0859 3900 Number of processors: 2
2011/07/17 15:06:18.0859 3900 Page size: 0x1000
2011/07/17 15:06:18.0859 3900 Boot type: Normal boot
2011/07/17 15:06:18.0859 3900 ================================================================================
2011/07/17 15:06:19.0671 3900 Initialize success
2011/07/17 15:06:24.0203 1464 ================================================================================
2011/07/17 15:06:24.0203 1464 Scan started
2011/07/17 15:06:24.0218 1464 Mode: Manual;
2011/07/17 15:06:24.0218 1464 ================================================================================
2011/07/17 15:06:25.0468 1464 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2011/07/17 15:06:25.0578 1464 ACPI (cf2a07e1751a2d612d7e13aa431ab057) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/07/17 15:06:25.0625 1464 ACPIEC (1c905333c0b9f3d7c68ddf25e54b00f9) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2011/07/17 15:06:25.0703 1464 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2011/07/17 15:06:25.0796 1464 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/07/17 15:06:25.0859 1464 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
2011/07/17 15:06:25.0921 1464 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/07/17 15:06:25.0984 1464 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2011/07/17 15:06:26.0031 1464 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2011/07/17 15:06:26.0093 1464 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2011/07/17 15:06:26.0125 1464 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2011/07/17 15:06:26.0218 1464 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2011/07/17 15:06:26.0281 1464 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2011/07/17 15:06:26.0406 1464 Ambfilt (f6af59d6eee5e1c304f7f73706ad11d8) C:\WINDOWS\system32\drivers\Ambfilt.sys
2011/07/17 15:06:26.0546 1464 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2011/07/17 15:06:26.0609 1464 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2011/07/17 15:06:26.0796 1464 AR5416 (2b7b6a3305fc34a543d34013c14d02a2) C:\WINDOWS\system32\DRIVERS\athw.sys
2011/07/17 15:06:26.0921 1464 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2011/07/17 15:06:26.0968 1464 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2011/07/17 15:06:27.0031 1464 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2011/07/17 15:06:27.0125 1464 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/07/17 15:06:27.0203 1464 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/07/17 15:06:27.0296 1464 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/07/17 15:06:27.0375 1464 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/07/17 15:06:27.0546 1464 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Archivos de programa\Avira\AntiVir Desktop\avgio.sys
2011/07/17 15:06:27.0625 1464 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
2011/07/17 15:06:27.0687 1464 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\WINDOWS\system32\DRIVERS\avipbb.sys
2011/07/17 15:06:27.0750 1464 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/07/17 15:06:27.0828 1464 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2011/07/17 15:06:27.0859 1464 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/07/17 15:06:27.0921 1464 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/07/17 15:06:27.0953 1464 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2011/07/17 15:06:28.0015 1464 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/07/17 15:06:28.0062 1464 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/07/17 15:06:28.0140 1464 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\drivers\Cdrom.sys
2011/07/17 15:06:28.0234 1464 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/07/17 15:06:28.0281 1464 CmdIde (2f86ab1a85e4ecd37c3a88f45d706548) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2011/07/17 15:06:28.0343 1464 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/07/17 15:06:28.0421 1464 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2011/07/17 15:06:28.0468 1464 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2011/07/17 15:06:28.0515 1464 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2011/07/17 15:06:28.0578 1464 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/07/17 15:06:28.0625 1464 DKbFltr (08d30af92c270f2e76787c81589dbad6) C:\WINDOWS\system32\DRIVERS\DKbFltr.sys
2011/07/17 15:06:28.0734 1464 dmboot (c252a99c0a78b39faa2e2d1d048b1050) C:\WINDOWS\system32\drivers\dmboot.sys
2011/07/17 15:06:28.0796 1464 dmio (33b4d4039cd2cb25351a7bf13b2988d9) C:\WINDOWS\system32\drivers\dmio.sys
2011/07/17 15:06:28.0859 1464 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/07/17 15:06:28.0921 1464 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/07/17 15:06:29.0015 1464 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2011/07/17 15:06:29.0156 1464 DritekPortIO (5c918d413f5837e67a85775c9873775e) C:\ARCHIV~1\LAUNCH~1\DPortIO.sys
2011/07/17 15:06:29.0203 1464 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/07/17 15:06:29.0328 1464 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/07/17 15:06:29.0421 1464 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2011/07/17 15:06:29.0453 1464 Fips (e5e61f2c07344e91dbfb7eafde549ab4) C:\WINDOWS\system32\drivers\Fips.sys
2011/07/17 15:06:29.0484 1464 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/07/17 15:06:29.0546 1464 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/07/17 15:06:29.0593 1464 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/07/17 15:06:29.0625 1464 Ftdisk (cc5f3af5711a1c7c8fa1d43bb16b401a) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/07/17 15:06:29.0687 1464 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/07/17 15:06:29.0750 1464 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/07/17 15:06:29.0843 1464 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2011/07/17 15:06:29.0921 1464 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/07/17 15:06:29.0984 1464 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2011/07/17 15:06:30.0031 1464 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2011/07/17 15:06:30.0093 1464 i8042prt (4a2490a66e8271901e89dd5fb79748ae) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/07/17 15:06:30.0421 1464 ialm (48846b31be5a4fa662ccfde7a1ba86b9) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
2011/07/17 15:06:30.0718 1464 iaStor (db0cc620b27a928d968c1a1e9cd9cb87) C:\WINDOWS\system32\drivers\iaStor.sys
2011/07/17 15:06:30.0812 1464 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\drivers\Imapi.sys
2011/07/17 15:06:30.0890 1464 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2011/07/17 15:06:31.0203 1464 IntcAzAudAddService (cb1113029fae50c685198eabd9885161) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2011/07/17 15:06:31.0406 1464 IntelIde (cdc98c84965ac816b3f76ec388e24078) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/07/17 15:06:31.0468 1464 intelppm (49a060498c09db18c3ea9939789005ab) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/07/17 15:06:31.0546 1464 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2011/07/17 15:06:31.0609 1464 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/07/17 15:06:31.0671 1464 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/07/17 15:06:31.0703 1464 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/07/17 15:06:31.0765 1464 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/07/17 15:06:31.0828 1464 isapnp (0f3d281b0410fe5d482aada37d20524b) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/07/17 15:06:31.0890 1464 Kbdclass (188ddd286bc0daea6984858c6a4d7bbf) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/07/17 15:06:31.0937 1464 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/07/17 15:06:31.0984 1464 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/07/17 15:06:32.0062 1464 L1c (6c8658587e91ea25b0fd2e71781ad228) C:\WINDOWS\system32\DRIVERS\l1c51x86.sys
2011/07/17 15:06:32.0187 1464 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/07/17 15:06:32.0281 1464 Modem (9024556e739b8469d2b8f5f0e4c9bc9f) C:\WINDOWS\system32\drivers\Modem.sys
2011/07/17 15:06:32.0390 1464 Monfilt (9fa7207d1b1adead88ae8eed9cdbbaa5) C:\WINDOWS\system32\drivers\Monfilt.sys
2011/07/17 15:06:32.0515 1464 Mouclass (6fd36b4994a2363659a65c9f970cfdb7) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/07/17 15:06:32.0546 1464 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/07/17 15:06:32.0609 1464 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2011/07/17 15:06:32.0640 1464 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/07/17 15:06:32.0734 1464 MRxSmb (0dc719e9b15e902346e87e9dcd5751fa) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/07/17 15:06:32.0796 1464 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/07/17 15:06:32.0890 1464 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/07/17 15:06:32.0921 1464 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/07/17 15:06:32.0968 1464 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/07/17 15:06:33.0031 1464 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/07/17 15:06:33.0062 1464 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/07/17 15:06:33.0109 1464 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
2011/07/17 15:06:33.0156 1464 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/07/17 15:06:33.0203 1464 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/07/17 15:06:33.0265 1464 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/07/17 15:06:33.0328 1464 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/07/17 15:06:33.0359 1464 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/07/17 15:06:33.0390 1464 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/07/17 15:06:33.0484 1464 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/07/17 15:06:33.0515 1464 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/07/17 15:06:33.0562 1464 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/07/17 15:06:33.0687 1464 nm (1e421a6bcf2203cc61b821ada9de878b) C:\WINDOWS\system32\DRIVERS\NMnt.sys
2011/07/17 15:06:33.0734 1464 NPF (6623e51595c0076755c29c00846c4eb2) C:\WINDOWS\system32\drivers\npf.sys
2011/07/17 15:06:33.0765 1464 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/07/17 15:06:33.0859 1464 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/07/17 15:06:33.0921 1464 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/07/17 15:06:33.0984 1464 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/07/17 15:06:34.0015 1464 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/07/17 15:06:34.0125 1464 Parport (e7855cbd8bd1fda085a3f92cff7906e2) C:\WINDOWS\system32\drivers\Parport.sys
2011/07/17 15:06:34.0156 1464 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/07/17 15:06:34.0203 1464 ParVdm (fad44d704ecd7d39ad01415b8bb34204) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/07/17 15:06:34.0265 1464 PCI (f11bc84ae6c7b003b5e0c8eeb4a1f444) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/07/17 15:06:34.0328 1464 PCIIde (33d63f0a9021acb4d75d83b646b93a30) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/07/17 15:06:34.0390 1464 Pcmcia (f50c27cca56dc97b3a45e7f0059bd2ba) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/07/17 15:06:34.0562 1464 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2011/07/17 15:06:34.0609 1464 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2011/07/17 15:06:34.0734 1464 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/07/17 15:06:34.0765 1464 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/07/17 15:06:34.0812 1464 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/07/17 15:06:34.0875 1464 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2011/07/17 15:06:34.0906 1464 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2011/07/17 15:06:34.0953 1464 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2011/07/17 15:06:34.0984 1464 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2011/07/17 15:06:35.0062 1464 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2011/07/17 15:06:35.0093 1464 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/07/17 15:06:35.0140 1464 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/07/17 15:06:35.0187 1464 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/07/17 15:06:35.0250 1464 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/07/17 15:06:35.0328 1464 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/07/17 15:06:35.0359 1464 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/07/17 15:06:35.0406 1464 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/07/17 15:06:35.0468 1464 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/07/17 15:06:35.0609 1464 RSUSBSTOR (7ffa9821b1c5e0e0667e0a2685cfb89f) C:\WINDOWS\system32\Drivers\RtsUStor.sys
2011/07/17 15:06:35.0765 1464 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/07/17 15:06:35.0843 1464 Serial (f41b42b92ae9c1191858c3f80cc24a9c) C:\WINDOWS\system32\drivers\Serial.sys
2011/07/17 15:06:35.0937 1464 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
2011/07/17 15:06:36.0031 1464 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2011/07/17 15:06:36.0078 1464 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/07/17 15:06:36.0218 1464 SNP2UVC (c792610f7d2009352721c1ae38da0619) C:\WINDOWS\system32\DRIVERS\snp2uvc.sys
2011/07/17 15:06:36.0328 1464 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
2011/07/17 15:06:36.0375 1464 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2011/07/17 15:06:36.0437 1464 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/07/17 15:06:36.0484 1464 sr (ccb3065c3ee63a4515fe84af9e78d1dd) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/07/17 15:06:36.0562 1464 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/07/17 15:06:36.0640 1464 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
2011/07/17 15:06:36.0718 1464 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/07/17 15:06:36.0781 1464 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/07/17 15:06:36.0812 1464 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/07/17 15:06:36.0875 1464 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2011/07/17 15:06:36.0937 1464 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2011/07/17 15:06:36.0968 1464 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2011/07/17 15:06:37.0015 1464 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2011/07/17 15:06:37.0109 1464 SynTP (5c3e900f41426a372de60675afc8aa07) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2011/07/17 15:06:37.0156 1464 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/07/17 15:06:37.0265 1464 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/07/17 15:06:37.0312 1464 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/07/17 15:06:37.0343 1464 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/07/17 15:06:37.0406 1464 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/07/17 15:06:37.0500 1464 TosIde (95744b77c159ed63774097ddb2e78cb2) C:\WINDOWS\system32\DRIVERS\toside.sys
2011/07/17 15:06:37.0546 1464 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/07/17 15:06:37.0593 1464 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2011/07/17 15:06:37.0656 1464 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/07/17 15:06:37.0750 1464 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/07/17 15:06:37.0828 1464 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/07/17 15:06:37.0859 1464 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/07/17 15:06:37.0921 1464 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/07/17 15:06:37.0984 1464 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/07/17 15:06:38.0015 1464 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
2011/07/17 15:06:38.0062 1464 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/07/17 15:06:38.0093 1464 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2011/07/17 15:06:38.0171 1464 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/07/17 15:06:38.0218 1464 VolSnap (c41ffdc191e6c832e2e53c967eae0a16) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/07/17 15:06:38.0328 1464 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/07/17 15:06:38.0375 1464 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
2011/07/17 15:06:38.0468 1464 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/07/17 15:06:38.0578 1464 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
2011/07/17 15:06:38.0703 1464 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/07/17 15:06:38.0796 1464 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/07/17 15:06:38.0828 1464 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/07/17 15:06:38.0953 1464 MBR (0x1B8) (6f9a1d528242bc09104b85e0becf5554) \Device\Harddisk0\DR0
2011/07/17 15:06:38.0968 1464 \Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.a (0)
2011/07/17 15:06:39.0000 1464 Boot (0x1200) (18dc26fb5637b2af3a340b89d148c1cc) \Device\Harddisk0\DR0\Partition0
2011/07/17 15:06:39.0015 1464 ================================================================================
2011/07/17 15:06:39.0015 1464 Scan finished
2011/07/17 15:06:39.0015 1464 ================================================================================
2011/07/17 15:06:39.0046 1324 Detected object count: 1
2011/07/17 15:06:39.0046 1324 Actual detected object count: 1
2011/07/17 15:06:44.0140 1324 \Device\Harddisk0\DR0 (Rootkit.Boot.SST.a) - will be cured after reboot
2011/07/17 15:06:44.0140 1324 \Device\Harddisk0\DR0 - ok
2011/07/17 15:06:44.0140 1324 Rootkit.Boot.SST.a(\Device\Harddisk0\DR0) - User select action: Cure
2011/07/17 15:07:08.0703 2112 Deinitialize success
  • 0

#6
orangutan
Posted 17 July 2011 - 09:25 AM

orangutan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
I should add that there is now no sign of the symptoms I originally mentioned, or any other issues with the system for that matter.
  • 0

#7
ali.B
Posted 17 July 2011 - 12:17 PM

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
hi

Step 1

Posted Image Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

Step 2

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic


Things i would like to see in your reply:
  • Malwarebytes Results.
  • Eset scanner report.
  • Update on how your computer is running

  • 0

#8
orangutan
Posted 17 July 2011 - 04:09 PM

orangutan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Hi Ali

Here are the Malwarebytes and ESET logs. The computer appears to be running fine, without any problems whatsoever since the last message.


Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7177

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

17/07/2011 21:55:56
mbam-log-2011-07-17 (21-55-56).txt

Scan type: Quick scan
Objects scanned: 189019
Time elapsed: 5 minute(s), 53 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=7.00.6000.17098 (vista_gdr.110420-1745)
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=7171351410223946aff65e4eaf5430fd
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-07-17 10:01:45
# local_time=2011-07-17 11:01:45 (+0000, Hora de verano GMT)
# country="United Kingdom"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1797 16775145 100 93 0 47469765 329165 0
# compatibility_mode=8192 67108863 100 0 292 292 0 0
# scanned=77999
# found=0
# cleaned=0
# scan_time=3291
  • 0

#9
ali.B
Posted 17 July 2011 - 04:27 PM

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
hi

Congratulations your logs appear clean :)

Reset and Re-enable your System Restore

  • Open OTL
  • Under the Custom Scans/Fixes box at the bottom, paste the following:
    :Commands
[clearallrestorepoints]
[createrestorepoint]
  • Click the Run Fix button at the top
  • It might ask you to reboot, if so click YES

NEXT

  • Open OTL to run it. (Vista users, right click on OTL and "Run as administrator")
  • Click on the CleanUp button.
  • Click Yes to begin the cleanup process and remove tools, including this application
  • You may be asked to reboot the machine to finish the cleanup process - if so, choose Yes


Recommendations

See Here for a list of recommendations for free Antivirus\AntiSpyware applications.


  • Keep Your windows up to date by regularly checking their website at:
    http://windowsupdate.microsoft.com/

  • SpywareBlaster protects against bad ActiveX, it immunizes your PC against them.

  • SpywareGuard offers realtime protection from spyware installation attempts. Make sure you are only running one real-time anti-spyware protection program ( eg : TeaTimer, Windows Defender ) or there will be a conflict.

  • Make Internet Explorer more secure
    • Click Start > Run
    • Type Inetcpl.cpl & click OK
    • Click on the Security tab
    • Click Reset all zones to default level
    • Make sure the Internet Zone is selected & Click Custom level
    • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    • Next Click OK, then Apply button and then OK to exit the Internet Properties page.


  • MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

  • Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more
    secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up
    blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from
    Here

    If you choose to use Firefox, I highly recommend these add-ons to keep your PC even more secure.
    • NoScript - for blocking ads and other potential website attacks
    • McAfee SiteAdvisor - this tells you whether the sites you are about to visit are safe or not. A must if you do a lot of Googling

  • Click Here to learn how to keep a backup of your important files

  • FileHippo Update Checkker is an extremely helpful program that will tell you which of your programs need to be updated. Its important to keep programs up to date so that malware doesn't exploit any old security flaws.


Stay safe :unsure:
  • 0

#10
orangutan
Posted 18 July 2011 - 08:17 AM

orangutan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
I'm very grateful to you, more than it is easy to say.

Thank you and good luck.
  • 0

#11
ali.B
Posted 18 July 2011 - 03:46 PM

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP