Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Desktop, Startmenu and taskbar won´t load


  • This topic is locked This topic is locked

#1
jps4

jps4

    Member

  • Member
  • PipPip
  • 13 posts
My wife claims the virus software was reporting viruses. Now on booting after getting past the username and password, the computer will not load the desktop, start 5 menu, or the task bar. The only way I can even get online is to go to Ctrl Alt Del and start a new task, and I can get Chrome to load and get onto the internet.

I think we had avast and malwarebytes installed but I can´t see how to start them up.

Any ideas?

The system is a Windows XP system, and I´ll need some handholding if I need to make registry changes .

Thanks
  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there first a question - can you access safe mode ?

Reboot the computer and continually press F8
A menu should appear
Select safe mode with networking

Then

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in

    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    %systemroot%\*. /mp /s
    hklm\software\clients\startmenuinternet|command /rs
    CREATERESTOREPOINT

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs

  • 0

#3
jps4

jps4

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Attached File  Extras.Txt   31.14KB   115 downloadsAttached File  OTL.Txt   112.63KB   86 downloads

Above find two attached log fils after running OTL.

Sorry to be a bit slow after posting a couple days ago.

OTL logfile created on: 29/07/2011 12:59:18 - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Usuario\Mis documentos\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000403 | Country: España | Language: CAT | Date Format: dd/MM/yyyy

1015,23 Mb Total Physical Memory | 663,46 Mb Available Physical Memory | 65,35% Memory free
2,39 Gb Paging File | 2,21 Gb Available in Paging File | 92,68% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Archivos de programa
Drive C: | 74,52 Gb Total Space | 60,22 Gb Free Space | 80,81% Space Free | Partition Type: NTFS
Drive E: | 9,40 Gb Total Space | 8,14 Gb Free Space | 86,60% Space Free | Partition Type: FAT32

Computer Name: value | User Name: Usuario | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/29 12:56:39 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Usuario\Mis documentos\Downloads\OTL.exe
PRC - [2011/06/28 13:19:47 | 001,191,216 | ---- | M] (Lavasoft Limited) -- C:\Archivos de programa\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2011/06/28 13:19:39 | 002,151,640 | ---- | M] (Lavasoft Limited) -- C:\Archivos de programa\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2007/06/13 11:23:08 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Temp\wzef7d\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011/07/29 12:56:39 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Usuario\Mis documentos\Downloads\OTL.exe
MOD - [2008/06/18 19:37:08 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (McSysmon)
SRV - File not found [Unknown | Stopped] -- -- (McShield)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/07/04 13:43:51 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Archivos de programa\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/06/28 13:19:39 | 002,151,640 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Archivos de programa\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/02/18 17:37:16 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Stopped] -- C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/11/17 13:45:44 | 001,942,416 | ---- | M] (Bandoo Media Inc.) [Auto | Stopped] -- C:\Archivos de programa\Bandoo\Bandoo.exe -- (Bandoo Coordinator)
SRV - [2010/01/15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Archivos de programa\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2008/11/09 22:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Stopped] -- C:\Archivos de programa\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/04/28 22:58:20 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Archivos de programa\Archivos comunes\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2001/08/24 20:00:00 | 000,017,920 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\System32\regedt32.exe -- (NOD32FiXTemDono)


========== Driver Services (SafeList) ==========

DRV - [2011/07/04 13:36:43 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/07/04 13:36:32 | 000,309,848 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/07/04 13:35:23 | 000,043,608 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/07/04 13:35:12 | 000,102,616 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/07/04 13:32:32 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/07/04 13:32:13 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/07/04 13:32:12 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/12/03 11:05:34 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2009/08/05 23:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2009/04/28 15:42:23 | 000,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2009/04/28 15:42:19 | 000,325,640 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/04/28 15:42:18 | 000,027,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Stopped] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2008/09/27 17:09:51 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008/04/14 02:26:08 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/03/13 15:44:42 | 010,423,936 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\snpstd3.sys -- (SNPSTD3) USB PC Camera (SNPSTD3)
DRV - [2008/02/05 13:11:10 | 000,200,960 | ---- | M] (eMPIA Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\etFilter.sys -- (FiltUSBET)
DRV - [2007/11/27 14:06:42 | 004,630,016 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/10/23 12:51:04 | 000,103,296 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2007/10/12 12:57:04 | 000,475,392 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\etDevice.sys -- (DCamUSBET)
DRV - [2007/09/07 15:43:54 | 000,006,656 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\etScan.sys -- (ScanUSBET)
DRV - [2001/08/24 20:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2001/08/24 20:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie_rsearch.html


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.busca7.com/
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchURL\g, = http://www.google.es...ID:1&hl=es&q=%s
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.busca7.com/
IE - HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchURL\g, = http://www.google.es...ID:1&hl=es&q=%s
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.busca7.com/
IE - HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchURL\g, = http://www.google.es...ID:1&hl=es&q=%s

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.busca7.com/
IE - HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchURL\g, = http://www.google.es...ID:1&hl=es&q=%s

IE - HKU\S-1-5-21-1659004503-115176313-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
IE - HKU\S-1-5-21-1659004503-115176313-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-1659004503-115176313-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1659004503-115176313-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-1659004503-115176313-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...:0000FF;FORID:1
IE - HKU\S-1-5-21-1659004503-115176313-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.es/
IE - HKU\S-1-5-21-1659004503-115176313-1801674531-1004\Software\Microsoft\Internet Explorer\SearchURL\g, = http://www.google.es...ID:1&hl=es&q=%s
IE - HKU\S-1-5-21-1659004503-115176313-1801674531-1004\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Archivos de programa\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-1659004503-115176313-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1659004503-115176313-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Web Search"
FF - prefs.js..browser.search.order.1: "Web Search"
FF - prefs.js..browser.search.selectedEngine: "Web Search"
FF - prefs.js..browser.startup.homepage: "http://bl166w.blu166...?wa=wsignin1.0"
FF - prefs.js..extensions.enabledItems: [email protected]:5.0
FF - prefs.js..extensions.enabledItems: {7FF99715-3016-4381-84CE-E4E4C9673020}:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..keyword.URL: "http://www.searchqu....web?src=ffb&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Archivos de programa\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Archivos de programa\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Archivos de programa\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Archivos de programa\Microsoft Silverlight\4.0.60129.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Archivos de programa\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Archivos de programa\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2852: C:\Archivos de programa\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.46: C:\Archivos de programa\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1662: C:\Archivos de programa\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.46: C:\Archivos de programa\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Archivos de programa\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Archivos de programa\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Documents and Settings\Usuario\Datos de programa\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\Usuario\Datos de programa\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\Usuario\Datos de programa\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Usuario\Configuración local\Datos de programa\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Usuario\Configuración local\Datos de programa\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Archivos de programa\AVG\AVG8\Firefox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1d5287d1-8a92-0001-1f31-1cec198018d8}: C:\Archivos de programa\AVG\AVG8\ToolbarFF
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Archivos de programa\Mozilla Firefox\components [2011/06/24 10:26:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Archivos de programa\Mozilla Firefox\plugins [2011/03/24 23:02:03 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Documents and Settings\Usuario\Datos de programa\Mozilla\Firefox\Profiles/gjfu04m9.default\extensions\[email protected] [2011/01/03 19:15:40 | 000,000,000 | ---D | M]

[2008/10/22 13:34:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Usuario\Datos de programa\Mozilla\Extensions
[2011/06/02 13:25:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Usuario\Datos de programa\Mozilla\Firefox\Profiles\gjfu04m9.default\extensions
[2011/06/02 13:25:36 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Usuario\Datos de programa\Mozilla\Firefox\Profiles\gjfu04m9.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/09/03 19:14:49 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- C:\Documents and Settings\Usuario\Datos de programa\Mozilla\Firefox\Profiles\gjfu04m9.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}
[2011/01/03 19:15:40 | 000,000,000 | ---D | M] (Bandoo for Firefox) -- C:\Documents and Settings\Usuario\Datos de programa\Mozilla\Firefox\Profiles\gjfu04m9.default\extensions\[email protected]
[2010/02/12 22:40:44 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\Usuario\Datos de programa\Mozilla\Firefox\Profiles\gjfu04m9.default\searchplugins\MyStart Search.xml
[2010/08/12 13:12:24 | 000,005,529 | ---- | M] () -- C:\Documents and Settings\Usuario\Datos de programa\Mozilla\Firefox\Profiles\gjfu04m9.default\searchplugins\SearchquWebSearch.xml
[2011/03/24 22:57:04 | 000,000,000 | ---D | M] (No name found) -- C:\Archivos de programa\Mozilla Firefox\extensions
[2010/05/13 19:50:48 | 000,000,000 | ---D | M] (Internal security) -- C:\Archivos de programa\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}
[2010/10/30 22:14:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Archivos de programa\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011/02/01 14:06:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Archivos de programa\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
File not found (No name found) --
[2010/10/30 22:14:41 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\ARCHIVOS DE PROGRAMA\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/06/24 10:26:27 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Archivos de programa\mozilla firefox\components\browsercomps.dll
[2010/11/12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Archivos de programa\mozilla firefox\plugins\npdeployJava1.dll
[2010/01/01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Archivos de programa\mozilla firefox\searchplugins\bing.xml
[2010/01/01 10:00:00 | 000,007,072 | ---- | M] () -- C:\Archivos de programa\mozilla firefox\searchplugins\diec2.xml
[2010/01/01 10:00:00 | 000,001,060 | ---- | M] () -- C:\Archivos de programa\mozilla firefox\searchplugins\huubs.xml
[2010/01/01 10:00:00 | 000,001,057 | ---- | M] () -- C:\Archivos de programa\mozilla firefox\searchplugins\llibres.xml
[2010/08/12 13:12:24 | 000,005,529 | ---- | M] () -- C:\Archivos de programa\mozilla firefox\searchplugins\SearchquWebSearch.xml
[2010/01/01 10:00:00 | 000,001,162 | ---- | M] () -- C:\Archivos de programa\mozilla firefox\searchplugins\wikipedia-ca.xml

O1 HOSTS File: ([2010/08/11 19:11:21 | 000,002,168 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 0.0.0.0 virusin
O1 - Hosts: 0.0.0.0 www.vir
O1 - Hosts: 0.0.0.0 project
O1 - Hosts: 0.0.0.0 www.pro
O1 - Hosts: 0.0.0.0 novirus
O1 - Hosts: 0.0.0.0 www.nov
O1 - Hosts: 0.0.0.0 www.ant
O1 - Hosts: 0.0.0.0 zeustra
O1 - Hosts: 0.0.0.0 www.zeu
O1 - Hosts: 0.0.0.0 www.mal
O1 - Hosts: 0.0.0.0 www3.ma
O1 - Hosts: 0.0.0.0 forum.m
O1 - Hosts: 0.0.0.0 www.thr
O1 - Hosts: 0.0.0.0 threate
O1 - Hosts: 0.0.0.0 www.av-
O1 - Hosts: 0.0.0.0 av-comp
O1 - Hosts: 0.0.0.0 av-test
O1 - Hosts: 0.0.0.0 www.av-
O1 - Hosts: 0.0.0.0 www.sca
O1 - Hosts: 0.0.0.0 www.vir
O1 - Hosts: 0.0.0.0 adwarer
O1 - Hosts: 0.0.0.0 www.adw
O1 - Hosts: 0.0.0.0 malware
O1 - Hosts: 0.0.0.0 www.mal
O1 - Hosts: 57 more lines...
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Archivos de programa\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live Aplicación auxiliar de inicio de sesión) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Archivos de programa\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (BandooIEPlugin Class) - {EB5CEE80-030A-4ED8-8E20-454E9C68380F} - C:\Archivos de programa\Bandoo\Plugins\IE\ieplugin.dll (Bandoo Media Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Archivos de programa\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Archivos de programa\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [avast5] C:\Archivos de programa\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [etMonitor] C:\WINDOWS\etMon.exe (EMPIA Technology Corporation)
O4 - HKLM..\Run: [NvCplDaemon] File not found
O4 - HKLM..\Run: [QuickTime Task] C:\Archivos de programa\QuickTime Alternative\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Archivos de programa\Archivos comunes\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKU\.DEFAULT..\Run: [cleansweep.exe] File not found
O4 - HKU\S-1-5-18..\Run: [cleansweep.exe] File not found
O4 - HKU\S-1-5-19..\Run: [cleansweep.exe] File not found
O4 - HKU\S-1-5-20..\Run: [cleansweep.exe] File not found
O4 - HKU\S-1-5-21-1659004503-115176313-1801674531-1004..\Run: [DriverScanner] C:\Archivos de programa\Uniblue\DriverScanner\launcher.exe (Uniblue Systems Limited)
O4 - HKU\S-1-5-21-1659004503-115176313-1801674531-1004..\Run: [FileHippo.com] C:\Archivos de programa\FileHippo.com\UpdateChecker.exe (FileHippo.com)
O4 - HKU\.DEFAULT..\RunOnce: [nltide_2] File not found
O4 - HKU\S-1-5-18..\RunOnce: [nltide_2] File not found
O4 - HKU\S-1-5-19..\RunOnce: [nltide_2] File not found
O4 - HKU\S-1-5-20..\RunOnce: [nltide_2] File not found
O4 - Startup: C:\Documents and Settings\All Users\Menú Inicio\Programas\Inicio\Control Center.lnk = C:\Archivos de programa\VAD\Laplace Webcam\Tools\SystemTray.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Menú Inicio\Programas\Inicio\McAfee Security Scan Plus.lnk = C:\Archivos de programa\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Menú Inicio\Programas\Inicio\WinZip Quick Pick.lnk = C:\Archivos de programa\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRemoteRecursiveEvents = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: RTHDBPL = C:\Documents and Settings\Usuario\Datos de programa\SystemProc\lsass.exe
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoInternetOpenWith = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\S-1-5-21-1659004503-115176313-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKU\S-1-5-21-1659004503-115176313-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 1
O7 - HKU\S-1-5-21-1659004503-115176313-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-21-1659004503-115176313-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\S-1-5-21-1659004503-115176313-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\S-1-5-21-1659004503-115176313-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\S-1-5-21-1659004503-115176313-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\S-1-5-21-1659004503-115176313-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O7 - HKU\S-1-5-21-1659004503-115176313-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarsOnTaskbar = 0
O7 - HKU\S-1-5-21-1659004503-115176313-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O7 - HKU\S-1-5-21-1659004503-115176313-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 0
O7 - HKU\S-1-5-21-1659004503-115176313-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClassicShell = 0
O7 - HKU\S-1-5-21-1659004503-115176313-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0
O7 - HKU\S-1-5-21-1659004503-115176313-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoMovingBands = 0
O7 - HKU\S-1-5-21-1659004503-115176313-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCloseDragDropBands = 0
O8 - Extra context menu item: Google Sidewiki... - C:\Archivos de programa\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll (Google Inc.)
O9 - Extra Button: Trillian - {2ef50289-0ea7-482e-a30b-4947a81e44cf} - File not found
O9 - Extra 'Tools' menuitem : Trillian - {2ef50289-0ea7-482e-a30b-4947a81e44cf} - File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Archivos de programa\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 80.58.61.250 80.58.61.254
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - Reg Error: Key error. File not found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\archiv~1\wi9130~1\datamngr\datamngr.dll) - File not found
O20 - AppInit_DLLs: (c:\archiv~1\bandoo\bndhook.dll) - c:\Archivos de programa\Bandoo\BndHook.dll (Discordia Limited)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - File not found
O20 - HKLM Winlogon: UIHost - (XPize_Logon.exe) - C:\WINDOWS\System32\XPize_Logon.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop Components:0 (Mi página de inicio actual) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Usuario\Configuración local\Datos de programa\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Usuario\Configuración local\Datos de programa\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/09/27 17:09:42 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 30 Days ==========

[2011/07/27 02:16:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Uniblue
[2011/07/27 01:49:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Usuario\Datos de programa\Uniblue
[2011/07/27 01:48:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menú Inicio\Programas\Uniblue
[2011/07/27 01:48:21 | 000,000,000 | ---D | C] -- C:\Archivos de programa\Uniblue
[2011/07/27 01:46:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Usuario\Configuración local\Datos de programa\OpenCandy
[2011/07/27 01:46:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Usuario\Datos de programa\OpenCandy
[2011/07/27 01:45:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Usuario\Configuración local\Datos de programa\WinZip
[2011/07/27 01:44:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menú Inicio\Programas\WinZip
[2011/07/27 01:42:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Datos de programa\WinZip
[2011/07/27 01:41:55 | 000,000,000 | ---D | C] -- C:\Archivos de programa\WinZip
[2011/07/26 15:43:16 | 000,000,000 | ---D | C] -- C:\Archivos de programa\FileHippo.com
[2011/07/21 17:19:07 | 000,000,000 | ---D | C] -- C:\Archivos de programa\Apple Software Update
[2011/07/09 15:57:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menú Inicio\Programas\Google Earth
[2011/07/09 10:26:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menú Inicio\Programas\Skype
[2011/07/04 13:25:02 | 000,000,000 | ---D | C] -- C:\fridafables
[2009/04/18 10:37:36 | 000,163,840 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnpstd3.dll
[2009/04/18 10:37:36 | 000,061,440 | ---- | C] ( ) -- C:\WINDOWS\System32\vsnpstd3.dll
[2009/04/18 10:37:36 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\csnpstd3.dll
[2009/04/18 10:37:36 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\csnpstd3.dll
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[5 C:\Documents and Settings\Usuario\Mis documentos\*.tmp files -> C:\Documents and Settings\Usuario\Mis documentos\*.tmp -> ]
[3 C:\Documents and Settings\Usuario\Configuración local\Datos de programa\*.tmp files -> C:\Documents and Settings\Usuario\Configuración local\Datos de programa\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/29 12:58:16 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/07/29 12:55:02 | 000,508,746 | ---- | M] () -- C:\WINDOWS\System32\perfh00A.dat
[2011/07/29 12:55:02 | 000,444,528 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/07/29 12:55:02 | 000,091,840 | ---- | M] () -- C:\WINDOWS\System32\perfc00A.dat
[2011/07/29 12:55:02 | 000,072,152 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/07/29 12:50:29 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/07/29 12:49:05 | 000,001,042 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/29 12:43:16 | 000,000,440 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{EE2D1BA0-0873-4BD1-9F03-FEE5404C5978}.job
[2011/07/29 12:43:04 | 000,001,140 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1659004503-115176313-1801674531-1004UA.job
[2011/07/29 12:43:04 | 000,001,088 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1659004503-115176313-1801674531-1004Core.job
[2011/07/29 10:58:51 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/07/29 10:58:51 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/07/28 23:16:37 | 000,000,443 | ---- | M] () -- C:\WINDOWS\brqikmon.ini
[2011/07/28 20:49:04 | 000,001,038 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/28 13:14:25 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/07/27 16:44:09 | 000,000,298 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/07/27 02:16:58 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\DriverScanner.job
[2011/07/27 02:09:29 | 000,015,129 | ---- | M] () -- C:\Documents and Settings\Usuario\Escritorio\results of scan1.zip
[2011/07/27 01:51:31 | 000,010,470 | ---- | M] () -- C:\Documents and Settings\Usuario\Escritorio\results of scan.zipx
[2011/07/27 01:49:02 | 000,000,799 | ---- | M] () -- C:\Documents and Settings\All Users\Escritorio\DriverScanner.lnk
[2011/07/27 01:44:25 | 000,001,709 | ---- | M] () -- C:\Documents and Settings\All Users\Menú Inicio\Programas\Inicio\WinZip Quick Pick.lnk
[2011/07/27 01:44:23 | 000,001,781 | ---- | M] () -- C:\Documents and Settings\All Users\Escritorio\WinZip.lnk
[2011/07/26 16:18:57 | 000,001,695 | ---- | M] () -- C:\Documents and Settings\Usuario\Escritorio\Update Checker.lnk
[2011/07/26 15:48:49 | 000,002,958 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/07/26 11:50:48 | 000,000,317 | ---- | M] () -- C:\Documents and Settings\Usuario\Escritorio\fix.inf
[2011/07/16 22:21:04 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Usuario\Escritorio\gmer.exe
[2011/07/12 13:00:53 | 000,000,000 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/07/12 12:18:57 | 000,000,476 | ---- | M] () -- C:\WINDOWS\tasks\SDMsgUpdate (TE).job
[2011/07/09 15:57:57 | 000,001,964 | ---- | M] () -- C:\Documents and Settings\All Users\Escritorio\Google Earth.lnk
[2011/07/09 10:26:23 | 000,001,892 | ---- | M] () -- C:\Documents and Settings\All Users\Escritorio\Skype.lnk
[2011/07/04 13:43:53 | 000,040,112 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/07/04 13:43:51 | 000,199,304 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/07/04 13:36:43 | 000,441,176 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/07/04 13:36:32 | 000,309,848 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/07/04 13:35:23 | 000,043,608 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/07/04 13:35:12 | 000,102,616 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/07/04 13:35:09 | 000,096,344 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/07/04 13:32:32 | 000,025,432 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/07/04 13:32:13 | 000,030,808 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/07/04 13:32:12 | 000,019,544 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/06/29 16:22:21 | 000,101,720 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[5 C:\Documents and Settings\Usuario\Mis documentos\*.tmp files -> C:\Documents and Settings\Usuario\Mis documentos\*.tmp -> ]
[3 C:\Documents and Settings\Usuario\Configuración local\Datos de programa\*.tmp files -> C:\Documents and Settings\Usuario\Configuración local\Datos de programa\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/27 02:09:29 | 000,015,129 | ---- | C] () -- C:\Documents and Settings\Usuario\Escritorio\results of scan1.zip
[2011/07/27 01:51:30 | 000,010,470 | ---- | C] () -- C:\Documents and Settings\Usuario\Escritorio\results of scan.zipx
[2011/07/27 01:49:32 | 000,000,278 | ---- | C] () -- C:\WINDOWS\tasks\DriverScanner.job
[2011/07/27 01:49:02 | 000,000,799 | ---- | C] () -- C:\Documents and Settings\All Users\Escritorio\DriverScanner.lnk
[2011/07/27 01:44:25 | 000,001,709 | ---- | C] () -- C:\Documents and Settings\All Users\Menú Inicio\Programas\Inicio\WinZip Quick Pick.lnk
[2011/07/27 01:44:21 | 000,001,781 | ---- | C] () -- C:\Documents and Settings\All Users\Escritorio\WinZip.lnk
[2011/07/26 21:10:20 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Usuario\Escritorio\gmer.exe
[2011/07/26 15:43:17 | 000,001,701 | ---- | C] () -- C:\Documents and Settings\Usuario\Menú Inicio\Programas\Update Checker.lnk
[2011/07/26 15:43:17 | 000,001,695 | ---- | C] () -- C:\Documents and Settings\Usuario\Escritorio\Update Checker.lnk
[2011/07/26 11:50:48 | 000,000,317 | ---- | C] () -- C:\Documents and Settings\Usuario\Escritorio\fix.inf
[2011/07/21 17:21:27 | 000,000,298 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/07/21 17:19:21 | 000,001,830 | ---- | C] () -- C:\Documents and Settings\All Users\Menú Inicio\Programas\Apple Software Update.lnk
[2011/07/09 15:57:57 | 000,001,964 | ---- | C] () -- C:\Documents and Settings\All Users\Escritorio\Google Earth.lnk
[2011/07/09 10:26:23 | 000,001,892 | ---- | C] () -- C:\Documents and Settings\All Users\Escritorio\Skype.lnk
[2011/04/21 21:44:37 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/04/21 21:44:37 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2010/12/22 18:38:21 | 000,016,432 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2010/11/18 19:05:44 | 000,053,248 | ---- | C] () -- C:\WINDOWS\etRunDLL.dll
[2010/05/21 14:13:32 | 000,000,447 | ---- | C] () -- C:\WINDOWS\brwmark.ini
[2010/05/21 14:13:20 | 000,000,443 | ---- | C] () -- C:\WINDOWS\brqikmon.ini
[2010/05/21 14:13:20 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\brss01a.ini
[2010/04/13 13:03:15 | 000,035,484 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/06/02 19:50:59 | 000,000,451 | ---- | C] () -- C:\WINDOWS\RENT2008.INI
[2009/04/18 10:37:47 | 000,020,480 | ---- | C] () -- C:\WINDOWS\FixCamera.exe
[2009/04/18 10:37:45 | 000,015,498 | ---- | C] () -- C:\WINDOWS\snpstd3.ini
[2009/04/18 10:37:43 | 000,270,336 | ---- | C] () -- C:\WINDOWS\tsnpstd3.exe
[2009/04/18 10:37:42 | 000,835,584 | ---- | C] () -- C:\WINDOWS\vsnpstd3.exe
[2009/04/18 10:37:42 | 000,003,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\denoise.sys
[2009/03/07 23:25:53 | 000,000,282 | ---- | C] () -- C:\WINDOWS\EReg077.dat
[2009/03/07 23:08:39 | 000,000,306 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2009/03/07 23:06:37 | 000,125,392 | ---- | C] () -- C:\WINDOWS\bw6uinst.exe
[2008/10/23 16:50:01 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2008/10/22 13:34:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/10/21 21:24:23 | 000,011,264 | ---- | C] () -- C:\Documents and Settings\Usuario\Configuración local\Datos de programa\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/21 11:59:33 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/09/27 18:45:53 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2008/09/27 18:02:17 | 000,004,205 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/09/27 17:59:12 | 000,189,792 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/09/27 17:49:06 | 000,204,800 | R--- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4764.dll
[2008/09/27 17:44:50 | 000,005,532 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2008/09/27 17:44:48 | 000,010,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2008/09/27 17:39:56 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2008/09/27 17:25:06 | 000,000,379 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/09/27 17:23:58 | 000,676,224 | ---- | C] () -- C:\WINDOWS\System32\OgaCheckControl.dll
[2008/09/27 17:22:55 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008/09/27 17:18:21 | 000,064,200 | ---- | C] () -- C:\Documents and Settings\LocalService\Configuración local\Datos de programa\FontCache3.0.0.0.dat
[2008/09/27 17:10:27 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/09/27 17:07:21 | 000,021,900 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/06/18 02:47:50 | 000,000,601 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2008/05/29 05:02:24 | 000,031,232 | ---- | C] () -- C:\WINDOWS\System32\cmdow.exe
[2008/05/29 05:02:24 | 000,026,013 | ---- | C] () -- C:\WINDOWS\System32\sleep.exe
[2008/05/29 05:02:24 | 000,002,048 | ---- | C] () -- C:\WINDOWS\System32\hidcon.exe
[2008/04/28 22:58:50 | 000,005,827 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2008/04/14 10:04:38 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2006/12/31 09:57:08 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2001/10/06 21:58:36 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/10/06 21:58:34 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/24 20:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/24 20:00:00 | 000,508,746 | ---- | C] () -- C:\WINDOWS\System32\perfh00A.dat
[2001/08/24 20:00:00 | 000,444,528 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/24 20:00:00 | 000,317,534 | ---- | C] () -- C:\WINDOWS\System32\perfi00A.dat
[2001/08/24 20:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/24 20:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/24 20:00:00 | 000,091,840 | ---- | C] () -- C:\WINDOWS\System32\perfc00A.dat
[2001/08/24 20:00:00 | 000,072,152 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/24 20:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/24 20:00:00 | 000,036,284 | ---- | C] () -- C:\WINDOWS\System32\perfd00A.dat
[2001/08/24 20:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/24 20:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2010/07/28 16:30:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\Alwil Software
[2010/04/07 16:34:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\Bandoo
[2008/09/27 17:26:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\ESET
[2010/02/12 22:55:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\IM
[2010/02/12 22:54:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\IncrediMail
[2009/04/10 13:30:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\TEMP
[2011/07/27 01:45:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\WinZip
[2010/12/22 16:01:42 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Datos de programa\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}
[2010/05/15 16:33:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/03/23 02:03:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/28 16:45:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Usuario\Datos de programa\AVGTOOLBAR
[2010/03/20 19:23:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Usuario\Datos de programa\Bandoo
[2010/03/09 01:08:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Usuario\Datos de programa\Facebook
[2011/07/27 01:46:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Usuario\Datos de programa\OpenCandy
[2010/08/25 13:34:51 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Usuario\Datos de programa\SystemProc
[2011/01/06 22:36:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Usuario\Datos de programa\TightVNC
[2011/07/27 01:49:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Usuario\Datos de programa\Uniblue
[2010/02/27 17:44:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Usuario\Datos de programa\Windows Live Writer
[2011/07/12 13:00:53 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2011/07/27 02:16:58 | 000,000,278 | ---- | M] () -- C:\WINDOWS\Tasks\DriverScanner.job
[2011/07/12 12:18:57 | 000,000,476 | ---- | M] () -- C:\WINDOWS\Tasks\SDMsgUpdate (TE).job
[2011/07/29 12:43:16 | 000,000,440 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{EE2D1BA0-0873-4BD1-9F03-FEE5404C5978}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2008/04/14 09:48:58 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=7522F548A84ABAD8FA516DE5AB3931EF -- C:\WINDOWS\XPize Darkside\Backup\explorer.exe
[2007/06/13 11:23:08 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\Temp\Rar$EX00.578\explorer.exe
[2007/06/13 11:23:08 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\Temp\wzdb4d\explorer.exe
[2007/06/13 11:23:08 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\Temp\wzef7d\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/04/14 09:49:14 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=4F2340F0BD5B6365C38E74DD391919A8 -- C:\WINDOWS\system32\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/04/14 09:49:16 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=F5B8745B9A90EAF17E30C0574E049AA3 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2008/04/14 09:49:16 | 000,510,976 | ---- | M] (Microsoft Corporation) MD5=213C80D912880BBF04453D09FFCCB28C -- C:\WINDOWS\system32\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\InstallInfo\\ShowIconsCommand: "C:\Archivos de programa\Google\Chrome\Application\chrome.exe" --show-icons [2011/07/09 06:51:19 | 001,012,792 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\InstallInfo\\HideIconsCommand: "C:\Archivos de programa\Google\Chrome\Application\chrome.exe" --hide-icons [2011/07/09 06:51:19 | 001,012,792 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\InstallInfo\\ReinstallCommand: "C:\Archivos de programa\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/07/09 06:51:19 | 001,012,792 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\shell\open\command\\: "C:\Archivos de programa\Google\Chrome\Application\chrome.exe" [2011/07/09 06:51:19 | 001,012,792 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Archivos de programa\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/06/24 10:26:15 | 000,714,928 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Archivos de programa\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/06/24 10:26:15 | 000,714,928 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Archivos de programa\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/06/24 10:26:15 | 000,714,928 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Archivos de programa\Mozilla Firefox\firefox.exe [2011/06/24 10:26:27 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Archivos de programa\Mozilla Firefox\firefox.exe" -preferences [2011/06/24 10:26:27 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Archivos de programa\Mozilla Firefox\firefox.exe" -safe-mode [2011/06/24 10:26:27 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Archivos de programa\Google\Chrome\Application\chrome.exe" --show-icons [2011/07/09 06:51:19 | 001,012,792 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Archivos de programa\Google\Chrome\Application\chrome.exe" --hide-icons [2011/07/09 06:51:19 | 001,012,792 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Archivos de programa\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/07/09 06:51:19 | 001,012,792 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Archivos de programa\Google\Chrome\Application\chrome.exe" [2011/07/09 06:51:19 | 001,012,792 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2009/03/08 04:32:54 | 000,173,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2009/03/08 04:32:54 | 000,173,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2009/03/08 04:32:54 | 000,173,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Archivos de programa\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Archivos de programa\Internet Explorer\iexplore.exe [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Archivos de programa\Safari\Safari.exe" /reinstall [2011/03/21 20:10:48 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Archivos de programa\Safari\Safari.exe" /hideicons [2011/03/21 20:10:48 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Archivos de programa\Safari\Safari.exe" /showicons [2011/03/21 20:10:48 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\Archivos de programa\Safari\Safari.exe" [2011/03/21 20:10:48 | 002,388,264 | ---- | M] (Apple Inc.)

========== Alternate Data Streams ==========

@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Datos de programa\TEMP:DFC5A2B2

< End of report >
  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK I see that something has snaffled your explorer.exe - so lets replace that and then look a bit deeper

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    FF - prefs.js..browser.search.defaultenginename: "Web Search"
    FF - prefs.js..browser.search.order.1: "Web Search"
    FF - prefs.js..browser.search.selectedEngine: "Web Search"
    [2010/08/12 13:12:24 | 000,005,529 | ---- | M] () -- C:\Archivos de programa\mozilla firefox\searchplugins\SearchquWebSearch.xml
    O4 - HKU\.DEFAULT..\Run: [cleansweep.exe] File not found
    O4 - HKU\S-1-5-18..\Run: [cleansweep.exe] File not found
    O4 - HKU\S-1-5-19..\Run: [cleansweep.exe] File not found
    O4 - HKU\S-1-5-20..\Run: [cleansweep.exe] File not found
    O4 - HKU\.DEFAULT..\RunOnce: [nltide_2] File not found
    O4 - HKU\S-1-5-18..\RunOnce: [nltide_2] File not found
    O4 - HKU\S-1-5-19..\RunOnce: [nltide_2] File not found
    O4 - HKU\S-1-5-20..\RunOnce: [nltide_2] File not found
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: RTHDBPL = C:\Documents and Settings\Usuario\Datos de programa\SystemProc\lsass.exe
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoInternetOpenWith = 1
    O20 - AppInit_DLLs: (c:\archiv~1\wi9130~1\datamngr\datamngr.dll) - File not found
    O20 - AppInit_DLLs: (c:\archiv~1\bandoo\bndhook.dll) - c:\Archivos de programa\Bandoo\BndHook.dll (Discordia Limited)
    O20 - HKLM Winlogon: UIHost - (XPize_Logon.exe) - C:\WINDOWS\System32\XPize_Logon.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)

    :Files
    ipconfig /flushdns /c
    C:\WINDOWS\explorer.exe|C:\WINDOWS\XPize Darkside\Backup\explorer.exe /replace

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download aswMBR.exe ( 1.8mb ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image
  • 0

#5
jps4

jps4

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
I´ve run the OTL and the ASW as recommended. Attached attached find the log files.
Thanks for staying with this.

Attached File  OTL.Txt   89.03KB   38 downloads
Attached File  aswMBR.txt   1.95KB   49 downloads
  • 0

#6
jps4

jps4

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
I´ve run the OTL and the ASW as recommended. Attached attached find the log files.
Thanks for staying with this.

Attached File  OTL.Txt   89.03KB   38 downloads
Attached File  aswMBR.txt   1.95KB   49 downloads

OTL logfile created on: 30/07/2011 09:05:21 - Run 2
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Usuario\Mis documentos\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000403 | Country: España | Language: CAT | Date Format: dd/MM/yyyy

1015,23 Mb Total Physical Memory | 150,22 Mb Available Physical Memory | 14,80% Memory free
2,39 Gb Paging File | 1,66 Gb Available in Paging File | 69,68% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Archivos de programa
Drive C: | 74,52 Gb Total Space | 60,27 Gb Free Space | 80,88% Space Free | Partition Type: NTFS
Drive E: | 9,40 Gb Total Space | 8,14 Gb Free Space | 86,60% Space Free | Partition Type: FAT32

Computer Name: value | User Name: Usuario | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/29 12:56:39 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Usuario\Mis documentos\Downloads\OTL.exe
PRC - [2011/07/09 06:51:19 | 001,012,792 | ---- | M] (Google Inc.) -- C:\Archivos de programa\Google\Chrome\Application\chrome.exe
PRC - [2011/07/04 13:43:54 | 003,493,720 | ---- | M] (AVAST Software) -- C:\Archivos de programa\Alwil Software\Avast5\AvastUI.exe
PRC - [2011/07/04 13:43:51 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Archivos de programa\Alwil Software\Avast5\AvastSvc.exe
PRC - [2011/06/28 13:19:47 | 001,191,216 | ---- | M] (Lavasoft Limited) -- C:\Archivos de programa\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2011/06/28 13:19:39 | 002,151,640 | ---- | M] (Lavasoft Limited) -- C:\Archivos de programa\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2011/05/27 15:50:00 | 000,610,120 | R--- | M] (WinZip Computing, S.L.) -- C:\Archivos de programa\WinZip\WZQKPICK.EXE
PRC - [2011/05/16 11:22:26 | 000,326,504 | ---- | M] (Uniblue Systems Limited) -- C:\Archivos de programa\Uniblue\DriverScanner\driverscanner.exe
PRC - [2011/02/18 17:37:16 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/11/17 13:45:44 | 001,942,416 | ---- | M] (Bandoo Media Inc.) -- C:\Archivos de programa\Bandoo\Bandoo.exe
PRC - [2010/08/09 14:47:54 | 000,248,832 | ---- | M] (FileHippo.com) -- C:\Archivos de programa\FileHippo.com\UpdateChecker.exe
PRC - [2010/01/15 14:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Archivos de programa\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2008/11/09 22:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Archivos de programa\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/30 15:12:18 | 000,114,688 | ---- | M] () -- C:\Archivos de programa\VAD\Laplace Webcam\Tools\SystemTray.exe
PRC - [2007/06/13 11:23:08 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Temp\wz0d60\explorer.exe
PRC - [2007/02/14 20:30:06 | 000,102,400 | ---- | M] (EMPIA Technology Corporation) -- C:\WINDOWS\etMon.exe


========== Modules (SafeList) ==========

MOD - [2011/07/29 12:56:39 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Usuario\Mis documentos\Downloads\OTL.exe
MOD - [2011/07/04 13:43:51 | 000,199,792 | ---- | M] (AVAST Software) -- C:\Archivos de programa\Alwil Software\Avast5\snxhk.dll
MOD - [2008/06/18 19:37:08 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (McSysmon)
SRV - File not found [Unknown | Stopped] -- -- (McShield)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/07/04 13:43:51 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Archivos de programa\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/06/28 13:19:39 | 002,151,640 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Archivos de programa\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/02/18 17:37:16 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/11/17 13:45:44 | 001,942,416 | ---- | M] (Bandoo Media Inc.) [Auto | Running] -- C:\Archivos de programa\Bandoo\Bandoo.exe -- (Bandoo Coordinator)
SRV - [2010/01/15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Archivos de programa\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2008/11/09 22:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Archivos de programa\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/04/28 22:58:20 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Archivos de programa\Archivos comunes\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2001/08/24 20:00:00 | 000,017,920 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\System32\regedt32.exe -- (NOD32FiXTemDono)


========== Driver Services (SafeList) ==========

DRV - [2011/07/04 13:36:43 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/07/04 13:36:32 | 000,309,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/07/04 13:35:23 | 000,043,608 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/07/04 13:35:12 | 000,102,616 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/07/04 13:32:32 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/07/04 13:32:13 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/07/04 13:32:12 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/02/04 16:27:14 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Archivos de programa\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2010/12/03 11:05:34 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2009/08/05 23:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2009/04/28 15:42:23 | 000,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2009/04/28 15:42:19 | 000,325,640 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/04/28 15:42:18 | 000,027,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2008/09/27 17:09:51 | 000,717,296 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008/04/14 02:26:08 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/03/13 15:44:42 | 010,423,936 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\snpstd3.sys -- (SNPSTD3) USB PC Camera (SNPSTD3)
DRV - [2008/02/05 13:11:10 | 000,200,960 | ---- | M] (eMPIA Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\etFilter.sys -- (FiltUSBET)
DRV - [2007/11/27 14:06:42 | 004,630,016 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/10/23 12:51:04 | 000,103,296 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2007/10/12 12:57:04 | 000,475,392 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\etDevice.sys -- (DCamUSBET)
DRV - [2007/09/07 15:43:54 | 000,006,656 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\etScan.sys -- (ScanUSBET)
DRV - [2001/08/24 20:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2001/08/24 20:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie_rsearch.html

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...:0000FF;FORID:1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.es/
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\g, = http://www.google.es...ID:1&hl=es&q=%s
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Archivos de programa\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Web Search"
FF - prefs.js..browser.search.order.1: "Web Search"
FF - prefs.js..browser.search.selectedEngine: "Web Search"
FF - prefs.js..browser.startup.homepage: "http://bl166w.blu166...?wa=wsignin1.0"
FF - prefs.js..extensions.enabledItems: [email protected]:5.0
FF - prefs.js..extensions.enabledItems: {7FF99715-3016-4381-84CE-E4E4C9673020}:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..keyword.URL: "http://www.searchqu....web?src=ffb&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Archivos de programa\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Archivos de programa\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Archivos de programa\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Archivos de programa\Microsoft Silverlight\4.0.60129.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Archivos de programa\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Archivos de programa\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2852: C:\Archivos de programa\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.46: C:\Archivos de programa\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1662: C:\Archivos de programa\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.46: C:\Archivos de programa\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Archivos de programa\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Archivos de programa\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Documents and Settings\Usuario\Datos de programa\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\Usuario\Datos de programa\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\Usuario\Datos de programa\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Usuario\Configuración local\Datos de programa\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Usuario\Configuración local\Datos de programa\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Archivos de programa\AVG\AVG8\Firefox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1d5287d1-8a92-0001-1f31-1cec198018d8}: C:\Archivos de programa\AVG\AVG8\ToolbarFF
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Archivos de programa\Mozilla Firefox\components [2011/06/24 10:26:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Archivos de programa\Mozilla Firefox\plugins [2011/03/24 23:02:03 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Documents and Settings\Usuario\Datos de programa\Mozilla\Firefox\Profiles/gjfu04m9.default\extensions\[email protected] [2011/01/03 19:15:40 | 000,000,000 | ---D | M]

[2008/10/22 13:34:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Usuario\Datos de programa\Mozilla\Extensions
[2011/06/02 13:25:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Usuario\Datos de programa\Mozilla\Firefox\Profiles\gjfu04m9.default\extensions
[2011/06/02 13:25:36 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Usuario\Datos de programa\Mozilla\Firefox\Profiles\gjfu04m9.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/09/03 19:14:49 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- C:\Documents and Settings\Usuario\Datos de programa\Mozilla\Firefox\Profiles\gjfu04m9.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}
[2011/01/03 19:15:40 | 000,000,000 | ---D | M] (Bandoo for Firefox) -- C:\Documents and Settings\Usuario\Datos de programa\Mozilla\Firefox\Profiles\gjfu04m9.default\extensions\[email protected]
[2010/02/12 22:40:44 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\Usuario\Datos de programa\Mozilla\Firefox\Profiles\gjfu04m9.default\searchplugins\MyStart Search.xml
[2010/08/12 13:12:24 | 000,005,529 | ---- | M] () -- C:\Documents and Settings\Usuario\Datos de programa\Mozilla\Firefox\Profiles\gjfu04m9.default\searchplugins\SearchquWebSearch.xml
[2011/03/24 22:57:04 | 000,000,000 | ---D | M] (No name found) -- C:\Archivos de programa\Mozilla Firefox\extensions
[2010/05/13 19:50:48 | 000,000,000 | ---D | M] (Internal security) -- C:\Archivos de programa\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}
[2010/10/30 22:14:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Archivos de programa\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011/02/01 14:06:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Archivos de programa\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
File not found (No name found) --
[2010/10/30 22:14:41 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\ARCHIVOS DE PROGRAMA\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/06/24 10:26:27 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Archivos de programa\mozilla firefox\components\browsercomps.dll
[2010/11/12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Archivos de programa\mozilla firefox\plugins\npdeployJava1.dll
[2010/01/01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Archivos de programa\mozilla firefox\searchplugins\bing.xml
[2010/01/01 10:00:00 | 000,007,072 | ---- | M] () -- C:\Archivos de programa\mozilla firefox\searchplugins\diec2.xml
[2010/01/01 10:00:00 | 000,001,060 | ---- | M] () -- C:\Archivos de programa\mozilla firefox\searchplugins\huubs.xml
[2010/01/01 10:00:00 | 000,001,057 | ---- | M] () -- C:\Archivos de programa\mozilla firefox\searchplugins\llibres.xml
[2010/08/12 13:12:24 | 000,005,529 | ---- | M] () -- C:\Archivos de programa\mozilla firefox\searchplugins\SearchquWebSearch.xml
[2010/01/01 10:00:00 | 000,001,162 | ---- | M] () -- C:\Archivos de programa\mozilla firefox\searchplugins\wikipedia-ca.xml

O1 HOSTS File: ([2010/08/11 19:11:21 | 000,002,168 | ---- | M]) - C:\WINDOWS\System32\Drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 0.0.0.0 virusin
O1 - Hosts: 0.0.0.0 www.vir
O1 - Hosts: 0.0.0.0 project
O1 - Hosts: 0.0.0.0 www.pro
O1 - Hosts: 0.0.0.0 novirus
O1 - Hosts: 0.0.0.0 www.nov
O1 - Hosts: 0.0.0.0 www.ant
O1 - Hosts: 0.0.0.0 zeustra
O1 - Hosts: 0.0.0.0 www.zeu
O1 - Hosts: 0.0.0.0 www.mal
O1 - Hosts: 0.0.0.0 www3.ma
O1 - Hosts: 0.0.0.0 forum.m
O1 - Hosts: 0.0.0.0 www.thr
O1 - Hosts: 0.0.0.0 threate
O1 - Hosts: 0.0.0.0 www.av-
O1 - Hosts: 0.0.0.0 av-comp
O1 - Hosts: 0.0.0.0 av-test
O1 - Hosts: 0.0.0.0 www.av-
O1 - Hosts: 0.0.0.0 www.sca
O1 - Hosts: 0.0.0.0 www.vir
O1 - Hosts: 0.0.0.0 adwarer
O1 - Hosts: 0.0.0.0 www.adw
O1 - Hosts: 0.0.0.0 malware
O1 - Hosts: 0.0.0.0 www.mal
O1 - Hosts: 57 more lines...
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Archivos de programa\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live Aplicación auxiliar de inicio de sesión) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Archivos de programa\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (BandooIEPlugin Class) - {EB5CEE80-030A-4ED8-8E20-454E9C68380F} - C:\Archivos de programa\Bandoo\Plugins\IE\ieplugin.dll (Bandoo Media Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Archivos de programa\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Archivos de programa\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [avast5] C:\Archivos de programa\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [etMonitor] C:\WINDOWS\etMon.exe (EMPIA Technology Corporation)
O4 - HKLM..\Run: [NvCplDaemon] File not found
O4 - HKLM..\Run: [QuickTime Task] C:\Archivos de programa\QuickTime Alternative\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Archivos de programa\Archivos comunes\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [DriverScanner] C:\Archivos de programa\Uniblue\DriverScanner\launcher.exe (Uniblue Systems Limited)
O4 - HKCU..\Run: [FileHippo.com] C:\Archivos de programa\FileHippo.com\UpdateChecker.exe (FileHippo.com)
O4 - Startup: C:\Documents and Settings\All Users\Menú Inicio\Programas\Inicio\Control Center.lnk = C:\Archivos de programa\VAD\Laplace Webcam\Tools\SystemTray.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Menú Inicio\Programas\Inicio\McAfee Security Scan Plus.lnk = C:\Archivos de programa\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Menú Inicio\Programas\Inicio\WinZip Quick Pick.lnk = C:\Archivos de programa\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRemoteRecursiveEvents = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: RTHDBPL = C:\Documents and Settings\Usuario\Datos de programa\SystemProc\lsass.exe
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoInternetOpenWith = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarsOnTaskbar = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClassicShell = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoMovingBands = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCloseDragDropBands = 0
O8 - Extra context menu item: Google Sidewiki... - C:\Archivos de programa\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll (Google Inc.)
O9 - Extra Button: Trillian - {2ef50289-0ea7-482e-a30b-4947a81e44cf} - File not found
O9 - Extra 'Tools' menuitem : Trillian - {2ef50289-0ea7-482e-a30b-4947a81e44cf} - File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Archivos de programa\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 80.58.61.250 80.58.61.254
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - Reg Error: Key error. File not found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\archiv~1\wi9130~1\datamngr\datamngr.dll) - File not found
O20 - AppInit_DLLs: (c:\archiv~1\bandoo\bndhook.dll) - c:\Archivos de programa\Bandoo\BndHook.dll (Discordia Limited)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - Explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (XPize_Logon.exe) - C:\WINDOWS\System32\XPize_Logon.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop Components:0 (Mi página de inicio actual) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Usuario\Configuración local\Datos de programa\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Usuario\Configuración local\Datos de programa\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/09/27 17:09:42 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/27 02:16:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Uniblue
[2011/07/27 01:49:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Usuario\Datos de programa\Uniblue
[2011/07/27 01:48:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menú Inicio\Programas\Uniblue
[2011/07/27 01:48:21 | 000,000,000 | ---D | C] -- C:\Archivos de programa\Uniblue
[2011/07/27 01:46:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Usuario\Configuración local\Datos de programa\OpenCandy
[2011/07/27 01:46:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Usuario\Datos de programa\OpenCandy
[2011/07/27 01:45:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Usuario\Configuración local\Datos de programa\WinZip
[2011/07/27 01:44:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menú Inicio\Programas\WinZip
[2011/07/27 01:42:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Datos de programa\WinZip
[2011/07/27 01:41:55 | 000,000,000 | ---D | C] -- C:\Archivos de programa\WinZip
[2011/07/26 15:43:16 | 000,000,000 | ---D | C] -- C:\Archivos de programa\FileHippo.com
[2011/07/21 17:19:07 | 000,000,000 | ---D | C] -- C:\Archivos de programa\Apple Software Update
[2011/07/09 15:57:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menú Inicio\Programas\Google Earth
[2011/07/09 10:26:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menú Inicio\Programas\Skype
[2011/07/04 13:25:02 | 000,000,000 | ---D | C] -- C:\fridafables
[2009/04/18 10:37:36 | 000,163,840 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnpstd3.dll
[2009/04/18 10:37:36 | 000,061,440 | ---- | C] ( ) -- C:\WINDOWS\System32\vsnpstd3.dll
[2009/04/18 10:37:36 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\csnpstd3.dll
[2009/04/18 10:37:36 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\csnpstd3.dll
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[5 C:\Documents and Settings\Usuario\Mis documentos\*.tmp files -> C:\Documents and Settings\Usuario\Mis documentos\*.tmp -> ]
[3 C:\Documents and Settings\Usuario\Configuración local\Datos de programa\*.tmp files -> C:\Documents and Settings\Usuario\Configuración local\Datos de programa\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/30 09:10:31 | 000,000,440 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{EE2D1BA0-0873-4BD1-9F03-FEE5404C5978}.job
[2011/07/30 09:01:55 | 000,000,645 | ---- | M] () -- C:\Documents and Settings\Usuario\Escritorio\Acceso directo a OTL.lnk
[2011/07/30 08:50:30 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/07/30 08:43:23 | 000,001,140 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1659004503-115176313-1801674531-1004UA.job
[2011/07/29 21:49:00 | 000,001,042 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/29 20:49:33 | 000,001,038 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/29 13:20:55 | 000,509,078 | ---- | M] () -- C:\WINDOWS\System32\perfh00A.dat
[2011/07/29 13:20:55 | 000,092,188 | ---- | M] () -- C:\WINDOWS\System32\perfc00A.dat
[2011/07/29 13:20:54 | 000,444,842 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/07/29 13:20:54 | 000,072,466 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/07/29 13:10:35 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/07/29 12:43:04 | 000,001,088 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1659004503-115176313-1801674531-1004Core.job
[2011/07/29 10:58:51 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/07/29 10:58:51 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/07/28 23:16:37 | 000,000,443 | ---- | M] () -- C:\WINDOWS\brqikmon.ini
[2011/07/28 13:14:25 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/07/27 16:44:09 | 000,000,298 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/07/27 02:16:58 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\DriverScanner.job
[2011/07/27 02:09:29 | 000,015,129 | ---- | M] () -- C:\Documents and Settings\Usuario\Escritorio\results of scan1.zip
[2011/07/27 01:51:31 | 000,010,470 | ---- | M] () -- C:\Documents and Settings\Usuario\Escritorio\results of scan.zipx
[2011/07/27 01:49:02 | 000,000,799 | ---- | M] () -- C:\Documents and Settings\All Users\Escritorio\DriverScanner.lnk
[2011/07/27 01:44:25 | 000,001,709 | ---- | M] () -- C:\Documents and Settings\All Users\Menú Inicio\Programas\Inicio\WinZip Quick Pick.lnk
[2011/07/27 01:44:23 | 000,001,781 | ---- | M] () -- C:\Documents and Settings\All Users\Escritorio\WinZip.lnk
[2011/07/26 16:18:57 | 000,001,695 | ---- | M] () -- C:\Documents and Settings\Usuario\Escritorio\Update Checker.lnk
[2011/07/26 15:48:49 | 000,002,958 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/07/26 11:50:48 | 000,000,317 | ---- | M] () -- C:\Documents and Settings\Usuario\Escritorio\fix.inf
[2011/07/16 22:21:04 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Usuario\Escritorio\gmer.exe
[2011/07/12 13:00:53 | 000,000,000 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/07/12 12:18:57 | 000,000,476 | ---- | M] () -- C:\WINDOWS\tasks\SDMsgUpdate (TE).job
[2011/07/09 15:57:57 | 000,001,964 | ---- | M] () -- C:\Documents and Settings\All Users\Escritorio\Google Earth.lnk
[2011/07/09 10:26:23 | 000,001,892 | ---- | M] () -- C:\Documents and Settings\All Users\Escritorio\Skype.lnk
[2011/07/04 13:43:53 | 000,040,112 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/07/04 13:43:51 | 000,199,304 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/07/04 13:36:43 | 000,441,176 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/07/04 13:36:32 | 000,309,848 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/07/04 13:35:23 | 000,043,608 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/07/04 13:35:12 | 000,102,616 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/07/04 13:35:09 | 000,096,344 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/07/04 13:32:32 | 000,025,432 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/07/04 13:32:13 | 000,030,808 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/07/04 13:32:12 | 000,019,544 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[5 C:\Documents and Settings\Usuario\Mis documentos\*.tmp files -> C:\Documents and Settings\Usuario\Mis documentos\*.tmp -> ]
[3 C:\Documents and Settings\Usuario\Configuración local\Datos de programa\*.tmp files -> C:\Documents and Settings\Usuario\Configuración local\Datos de programa\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/30 09:01:55 | 000,000,645 | ---- | C] () -- C:\Documents and Settings\Usuario\Escritorio\Acceso directo a OTL.lnk
[2011/07/27 02:09:29 | 000,015,129 | ---- | C] () -- C:\Documents and Settings\Usuario\Escritorio\results of scan1.zip
[2011/07/27 01:51:30 | 000,010,470 | ---- | C] () -- C:\Documents and Settings\Usuario\Escritorio\results of scan.zipx
[2011/07/27 01:49:32 | 000,000,278 | ---- | C] () -- C:\WINDOWS\tasks\DriverScanner.job
[2011/07/27 01:49:02 | 000,000,799 | ---- | C] () -- C:\Documents and Settings\All Users\Escritorio\DriverScanner.lnk
[2011/07/27 01:44:25 | 000,001,709 | ---- | C] () -- C:\Documents and Settings\All Users\Menú Inicio\Programas\Inicio\WinZip Quick Pick.lnk
[2011/07/27 01:44:21 | 000,001,781 | ---- | C] () -- C:\Documents and Settings\All Users\Escritorio\WinZip.lnk
[2011/07/26 21:10:20 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Usuario\Escritorio\gmer.exe
[2011/07/26 15:43:17 | 000,001,701 | ---- | C] () -- C:\Documents and Settings\Usuario\Menú Inicio\Programas\Update Checker.lnk
[2011/07/26 15:43:17 | 000,001,695 | ---- | C] () -- C:\Documents and Settings\Usuario\Escritorio\Update Checker.lnk
[2011/07/26 11:50:48 | 000,000,317 | ---- | C] () -- C:\Documents and Settings\Usuario\Escritorio\fix.inf
[2011/07/21 17:21:27 | 000,000,298 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/07/21 17:19:21 | 000,001,830 | ---- | C] () -- C:\Documents and Settings\All Users\Menú Inicio\Programas\Apple Software Update.lnk
[2011/07/09 15:57:57 | 000,001,964 | ---- | C] () -- C:\Documents and Settings\All Users\Escritorio\Google Earth.lnk
[2011/07/09 10:26:23 | 000,001,892 | ---- | C] () -- C:\Documents and Settings\All Users\Escritorio\Skype.lnk
[2011/04/21 21:44:37 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/04/21 21:44:37 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2010/12/22 18:38:21 | 000,016,432 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2010/11/18 19:05:44 | 000,053,248 | ---- | C] () -- C:\WINDOWS\etRunDLL.dll
[2010/05/21 14:13:32 | 000,000,447 | ---- | C] () -- C:\WINDOWS\brwmark.ini
[2010/05/21 14:13:20 | 000,000,443 | ---- | C] () -- C:\WINDOWS\brqikmon.ini
[2010/05/21 14:13:20 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\brss01a.ini
[2010/04/13 13:03:15 | 000,035,484 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/06/02 19:50:59 | 000,000,451 | ---- | C] () -- C:\WINDOWS\RENT2008.INI
[2009/04/18 10:37:47 | 000,020,480 | ---- | C] () -- C:\WINDOWS\FixCamera.exe
[2009/04/18 10:37:45 | 000,015,498 | ---- | C] () -- C:\WINDOWS\snpstd3.ini
[2009/04/18 10:37:43 | 000,270,336 | ---- | C] () -- C:\WINDOWS\tsnpstd3.exe
[2009/04/18 10:37:42 | 000,835,584 | ---- | C] () -- C:\WINDOWS\vsnpstd3.exe
[2009/04/18 10:37:42 | 000,003,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\denoise.sys
[2009/03/07 23:25:53 | 000,000,282 | ---- | C] () -- C:\WINDOWS\EReg077.dat
[2009/03/07 23:08:39 | 000,000,306 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2009/03/07 23:06:37 | 000,125,392 | ---- | C] () -- C:\WINDOWS\bw6uinst.exe
[2008/10/23 16:50:01 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2008/10/22 13:34:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/10/21 21:24:23 | 000,011,264 | ---- | C] () -- C:\Documents and Settings\Usuario\Configuración local\Datos de programa\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/21 11:59:33 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/09/27 18:45:53 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2008/09/27 18:02:17 | 000,004,205 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/09/27 17:59:12 | 000,189,792 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/09/27 17:49:06 | 000,204,800 | R--- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4764.dll
[2008/09/27 17:44:50 | 000,005,532 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2008/09/27 17:44:48 | 000,010,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2008/09/27 17:39:56 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2008/09/27 17:25:06 | 000,000,379 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/09/27 17:23:58 | 000,676,224 | ---- | C] () -- C:\WINDOWS\System32\OgaCheckControl.dll
[2008/09/27 17:22:55 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008/09/27 17:18:21 | 000,064,200 | ---- | C] () -- C:\Documents and Settings\LocalService\Configuración local\Datos de programa\FontCache3.0.0.0.dat
[2008/09/27 17:10:27 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/09/27 17:07:21 | 000,021,900 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/06/18 02:47:50 | 000,000,601 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2008/05/29 05:02:24 | 000,031,232 | ---- | C] () -- C:\WINDOWS\System32\cmdow.exe
[2008/05/29 05:02:24 | 000,026,013 | ---- | C] () -- C:\WINDOWS\System32\sleep.exe
[2008/05/29 05:02:24 | 000,002,048 | ---- | C] () -- C:\WINDOWS\System32\hidcon.exe
[2008/04/28 22:58:50 | 000,005,827 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2008/04/14 10:04:38 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2006/12/31 09:57:08 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2001/10/06 21:58:36 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/10/06 21:58:34 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/24 20:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/24 20:00:00 | 000,509,078 | ---- | C] () -- C:\WINDOWS\System32\perfh00A.dat
[2001/08/24 20:00:00 | 000,444,842 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/24 20:00:00 | 000,317,534 | ---- | C] () -- C:\WINDOWS\System32\perfi00A.dat
[2001/08/24 20:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/24 20:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/24 20:00:00 | 000,092,188 | ---- | C] () -- C:\WINDOWS\System32\perfc00A.dat
[2001/08/24 20:00:00 | 000,072,466 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/24 20:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/24 20:00:00 | 000,036,284 | ---- | C] () -- C:\WINDOWS\System32\perfd00A.dat
[2001/08/24 20:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/24 20:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2009/04/28 16:45:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Usuario\Datos de programa\AVGTOOLBAR
[2010/03/20 19:23:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Usuario\Datos de programa\Bandoo
[2010/03/09 01:08:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Usuario\Datos de programa\Facebook
[2011/07/27 01:46:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Usuario\Datos de programa\OpenCandy
[2010/08/25 13:34:51 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Usuario\Datos de programa\SystemProc
[2011/01/06 22:36:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Usuario\Datos de programa\TightVNC
[2011/07/27 01:49:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Usuario\Datos de programa\Uniblue
[2010/02/27 17:44:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Usuario\Datos de programa\Windows Live Writer
[2010/07/28 16:30:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\Alwil Software
[2010/04/07 16:34:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\Bandoo
[2008/09/27 17:26:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\ESET
[2010/02/12 22:55:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\IM
[2010/02/12 22:54:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\IncrediMail
[2009/04/10 13:30:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\TEMP
[2011/07/27 01:45:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\WinZip
[2010/12/22 16:01:42 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Datos de programa\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}
[2010/05/15 16:33:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/03/23 02:03:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2011/07/12 13:00:53 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2011/07/27 02:16:58 | 000,000,278 | ---- | M] () -- C:\WINDOWS\Tasks\DriverScanner.job
[2011/07/12 12:18:57 | 000,000,476 | ---- | M] () -- C:\WINDOWS\Tasks\SDMsgUpdate (TE).job
[2011/07/30 09:10:31 | 000,000,440 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{EE2D1BA0-0873-4BD1-9F03-FEE5404C5978}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Datos de programa\TEMP:DFC5A2B2

< End of report >
  • 0

#7
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you confirm that you ran the script in OTL and pressed run fix, as nothing appears to have changed

Lets try once more

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    FF - prefs.js..browser.search.defaultenginename: "Web Search"
    FF - prefs.js..browser.search.order.1: "Web Search"
    FF - prefs.js..browser.search.selectedEngine: "Web Search"
    [2010/08/12 13:12:24 | 000,005,529 | ---- | M] () -- C:\Archivos de programa\mozilla firefox\searchplugins\SearchquWebSearch.xml
    O4 - HKU\.DEFAULT..\Run: [cleansweep.exe] File not found
    O4 - HKU\S-1-5-18..\Run: [cleansweep.exe] File not found
    O4 - HKU\S-1-5-19..\Run: [cleansweep.exe] File not found
    O4 - HKU\S-1-5-20..\Run: [cleansweep.exe] File not found
    O4 - HKU\.DEFAULT..\RunOnce: [nltide_2] File not found
    O4 - HKU\S-1-5-18..\RunOnce: [nltide_2] File not found
    O4 - HKU\S-1-5-19..\RunOnce: [nltide_2] File not found
    O4 - HKU\S-1-5-20..\RunOnce: [nltide_2] File not found
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: RTHDBPL = C:\Documents and Settings\Usuario\Datos de programa\SystemProc\lsass.exe
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoInternetOpenWith = 1
    O20 - AppInit_DLLs: (c:\archiv~1\wi9130~1\datamngr\datamngr.dll) - File not found
    O20 - AppInit_DLLs: (c:\archiv~1\bandoo\bndhook.dll) - c:\Archivos de programa\Bandoo\BndHook.dll (Discordia Limited)
    O20 - HKLM Winlogon: UIHost - (XPize_Logon.exe) - C:\WINDOWS\System32\XPize_Logon.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)

    :Files
    ipconfig /flushdns /c
    C:\WINDOWS\explorer.exe|C:\WINDOWS\XPize Darkside\Backup\explorer.exe /replace

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [ZipFiles]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

#8
jps4

jps4

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Yes, I had followed your instructions of cutting and posting the script and then pressing the Run Fix.

I´ve now done it again. and am hereby posting the result. Attached File  OTL2.Txt   89.75KB   32 downloads

I haven´t been in ´Safe mode´either of these two times. I was the for the very first scan. And I noticed that at the end of this Run Fix that it seemed to hang on ´Writing log file´, it never went on to say Run fix complete, or anything similar - but maybe it simply doesn´t do that.

Thanks for any further ideas.
  • 0

#9
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK we need to up the ante I feel

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image
  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

  • Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
  • 0

#10
jps4

jps4

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
I ran Combofix, attached find log file.

Computer re-booted automatically but still does not load desktop, startmenu or taskbar.
When I was re-installing explorer.exe from a downloaded zipfile, Combofix began to start up again, but I stopped it.
Once I run Explorer and it constellates my taskbar, start menu and desktop, they only stick around til I reboot, at which point they don´t come back.
A program called Drive Scanner seems to have installed itself i the last few days, with an icon in the rh corner of the taskbar,but is not listed in the list of programmes in the Control panel add remove programmes list. Any ideas about its merits or demerits

Attached Files


  • 0

Advertisements


#11
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK lets use a different programme as Combofix failed

The scan can be done in normal mode, but when I provide the fix I will need that to run in safe mode

To ensure that I get all the information this log will need to be attached (instructions at the end) if it is too large to attach then upload to Mediafire and post the sharing link.

Download OTS to your Desktop
  • Close ALL OTHER PROGRAMS.
  • Double-click on OTS.exe to start the program.
  • Check the box that says Scan All Users
  • Under Additional Scans check the following:
Reg - Disabled MS Config Items
Reg - Drivers32
Reg - NetSvcs
Reg - SafeBoot Minimal
Reg - Shell Spawning
Evnt - EventViewer Logs (Last 10 Errors)
File - Lop Check

  • Under the Custom Scan box paste this in


    %USERPROFILE%\..|smtmp;true;true;true /FP
    %SYSTEMDRIVE%\*.exe
    /md5start
    volsnap.*
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    %systemroot%\*. /mp /s
    hklm\software\clients\startmenuinternet|command /rs
    CREATERESTOREPOINT

  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Please attach the log in your next post.
  • 0

#12
jps4

jps4

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Ran OTS. Attached is log file. Attached File  OTS1.Txt   164.32KB   45 downloads
  • 0

#13
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
When you run this fix please disable Avast by right clicking the Orange blob
Select shield control
Select disable for 10 minutes
Do not allow Avast sandbox to block the programme - select run as normal

After reboot let me know if explorer works

Start OTS. Copy/Paste the information in the quotebox below into the panel where it says "Paste fix here" and then click the Run Fix button.

[Unregister Dlls]
[Registry - Safe List]
< FireFox Settings [Prefs.js] > -> C:\Documents and Settings\Usuario\Datos de programa\Mozilla\FireFox\Profiles\gjfu04m9.default\prefs.js
YN -> browser.search.defaultenginename -> "Web Search"
YN -> browser.search.order.1 -> "Web Search"
YN -> browser.search.selectedEngine -> "Web Search"
YN -> extensions.enabledItems -> {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
< FireFox SearchPlugins [User Folders] > -> 
YY ->  MyStart Search.xml -> C:\Documents and Settings\Usuario\Datos de programa\Mozilla\Firefox\Profiles\gjfu04m9.default\searchplugins\MyStart Search.xml
< FireFox Extensions [Program Folders] > -> 
YY -> Java Console   -> C:\Archivos de programa\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
YN -> \\"NoInternetOpenWith" -> [1]
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
*UIHost* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost
YY -> XPize_Logon.exe -> C:\WINDOWS\System32\XPize_Logon.exe
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
YN -> "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" [HKLM] -> Reg Error: Key error. []
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
YN -> "C:\Archivos de programa\Archivos comunes\McAfee\MNA\McNASvc.exe" -> [C:\Archivos de programa\Archivos comunes\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent]
YN -> "C:\Archivos de programa\AVG\AVG8\avgnsx.exe" -> [C:\Archivos de programa\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe]
YN -> "C:\Archivos de programa\AVG\AVG8\avgupd.exe" -> [C:\Archivos de programa\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe]
YN -> "C:\Archivos de programa\IncrediMail\bin\ImApp.exe" -> [C:\Archivos de programa\IncrediMail\bin\ImApp.exe:*:Enabled:IncrediMail]
YN -> "C:\Archivos de programa\IncrediMail\bin\ImpCnt.exe" -> [C:\Archivos de programa\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail]
YN -> "C:\Archivos de programa\IncrediMail\bin\IncMail.exe" -> [C:\Archivos de programa\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail]
[Custom Items]
:Files
C:\WINDOWS\explorer.exe|C:\WINDOWS\Temp\wze832\explorer.exe /replace
:end
[Empty Temp Folders]
[EmptyFlash]
[CreateRestorePoint]


The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here

I will review the information when it comes back in.

Depending on what the fix contains, this process may take some time and your desktop icons might disappear or other uncommon behavior may occur.

This is no sign of malfunction, do not panic!
  • 0

#14
jps4

jps4

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
The fix seems to have worked. I ran it in Safe mode. At the end it didn´t say completed, it simply said click OK to reboot, which I did, and for the first time the Desktop and taskbar and startmenu all came up. Halelluia! However there was no Log file generated as far as I can tell. If it had tried to generate one there may have been a conflict with the one already on the desktop with the same name, and it doesn´t seem to have overwritten it. Do you want me to run OTS again to do a scan so you can see what things look like?

Thanks for your efforts to get me this far!
  • 0

#15
jps4

jps4

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Also wondering whether you might be able to indicate what you believe may have caused the problem I had, and what remedies I might put in place to avoid it happening again.

I´m running Avast free virus software and A'-aware. Once-a-week I run Malwarebtes. Do you think that's a good cocktail for anti-virus, -malware and -spyware?


I'm not sure how Uniblue Driver Software is, or how it got on my computer, or whether it's useful or trustworthy, but I would welcome you're advice as to whether to keep it or uninstall it.

Similarly with Filehippo.com Update checker, which somehow got installed in the last week. IT's reommending lots of things to download and install. Any thoughts?
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP