Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

TROJAN / MALWARE [Closed]

Started by Markius , Jan 17 2012 08:33 AM

This topic is locked

#1
Markius

Posted 17 January 2012 - 08:33 AM

Member

Member
12 posts

Hi everyone,
Yesterday I started to have some problems with some virus. Avast alerts me about some malware in desktop.ini and windows/system32/alg.exe.
I tried to google the alg.exe file to know if I could remove this and how, but I realized that every link I clicked from there sent to nowhere (and the same url by the way).
I run the avast and a found and remove some trojan virus and program to do the same at windows boot. It found some more and eliminate them.
I download, install and run MalwareAntiSpyware. It also found some trojan virus.
The desktop.ini and alg.exe problem are still bugging, and now I have some problems with the windows/system32/svchost.exe among other (firefox, explorer, etc)
The internet connection is now very low.
So Im very much in need for help
Please give me a hand with this.
Thanks in advance!

OTL logfile:

OTL logfile created on: 17/01/2012 11:01:14 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Archivos de programa\0.Programas
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C0A | Country: España | Language: ESN | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 1,04 Gb Available Physical Memory | 52,25% Memory free
3,16 Gb Paging File | 2,43 Gb Available in Paging File | 76,96% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Archivos de programa
Drive C: | 76,69 Gb Total Space | 11,24 Gb Free Space | 14,66% Space Free | Partition Type: NTFS
Drive E: | 3,96 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: ASROCKN68 | User Name: Administrador | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/17 10:59:28 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Archivos de programa\0.Programas\OTL.exe
PRC - [2012/01/02 15:19:13 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Archivos de programa\Mozilla Firefox\firefox.exe
PRC - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- C:\Archivos de programa\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/12/24 17:50:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Archivos de programa\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/08/02 17:39:45 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Archivos de programa\Archivos comunes\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2011/05/25 14:06:20 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/03/10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) -- c:\Archivos de programa\Archivos comunes\Protexis\License Service\PsiService_2.exe
PRC - [2010/02/11 15:53:42 | 002,756,488 | ---- | M] (ALWIL Software) -- C:\Archivos de programa\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/02/11 15:53:39 | 000,040,384 | ---- | M] (ALWIL Software) -- C:\Archivos de programa\Alwil Software\Avast5\AvastSvc.exe
PRC - [2008/04/13 23:18:57 | 001,036,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/12/13 19:10:56 | 001,688,872 | ---- | M] (Nero AG) -- C:\Archivos de programa\Archivos comunes\Nero\Lib\NMIndexStoreSvr.exe
PRC - [2007/12/13 19:10:56 | 000,447,784 | ---- | M] (Nero AG) -- C:\Archivos de programa\Archivos comunes\Nero\Lib\NMIndexingService.exe
PRC - [2007/05/10 22:46:20 | 000,624,248 | ---- | M] (Adobe Systems Inc.) -- C:\Archivos de programa\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
PRC - [2006/10/26 13:40:34 | 000,335,872 | ---- | M] (Microsoft Corporation) -- C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7DEBUG\mdm.exe
PRC - [2005/11/21 15:55:16 | 000,045,056 | ---- | M] (HP) -- C:\Archivos de programa\HP\ToolBoxFX\bin\HPTLBXFX.exe

========== Modules (No Company Name) ==========

MOD - [2012/01/17 06:57:23 | 001,678,848 | ---- | M] () -- C:\Archivos de programa\Alwil Software\Avast5\defs\12011700\algo.dll
MOD - [2012/01/02 15:19:12 | 002,124,760 | ---- | M] () -- C:\Archivos de programa\Mozilla Firefox\mozjs.dll
MOD - [2011/09/02 19:16:25 | 000,229,376 | ---- | M] () -- c:\windows\assembly\gac\mscorlib.resources\1.0.5000.0_es_b77a5c561934e089\mscorlib.resources.dll
MOD - [2011/09/02 19:16:18 | 002,076,672 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_250f697f\system.xml.dll
MOD - [2011/09/02 19:16:16 | 002,994,176 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_56f7fca2\system.windows.forms.dll
MOD - [2011/09/02 19:16:14 | 000,835,584 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_99dbd145\system.drawing.dll
MOD - [2011/09/02 19:16:13 | 001,929,216 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_39dd60b3\system.dll
MOD - [2011/09/02 19:16:09 | 003,289,088 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_df961b19\mscorlib.dll
MOD - [2011/09/02 19:15:51 | 001,335,296 | ---- | M] () -- c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll
MOD - [2011/09/02 19:15:50 | 002,039,808 | ---- | M] () -- c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll
MOD - [2011/09/02 19:15:50 | 001,245,184 | ---- | M] () -- c:\windows\assembly\gac\system.web\1.0.5000.0__b03f5f7f11d50a3a\system.web.dll
MOD - [2011/09/02 19:15:50 | 000,466,944 | ---- | M] () -- c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll
MOD - [2011/09/02 19:15:50 | 000,368,640 | ---- | M] () -- c:\windows\assembly\gac\system.management\1.0.5000.0__b03f5f7f11d50a3a\system.management.dll
MOD - [2011/09/02 19:15:50 | 000,131,072 | ---- | M] () -- c:\windows\assembly\gac\system.runtime.serialization.formatters.soap\1.0.5000.0__b03f5f7f11d50a3a\system.runtime.serialization.formatters.soap.dll
MOD - [2011/09/02 19:15:49 | 001,216,512 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll
MOD - [2011/08/20 21:30:46 | 006,277,280 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2009/11/03 15:51:42 | 000,067,872 | ---- | M] () -- C:\Archivos de programa\Archivos comunes\Apple\Apple Application Support\zlib1.dll
MOD - [2009/04/13 21:03:00 | 000,466,944 | ---- | M] () -- C:\WINDOWS\system32\nvshell.dll
MOD - [2008/06/20 14:47:55 | 000,248,320 | ---- | M] () -- \\?\globalroot\systemroot\system32\mswsock.dll
MOD - [2006/12/04 17:00:00 | 000,126,464 | ---- | M] () -- C:\Archivos de programa\WinRAR\RarExt.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (RichVideo) Cyberlink RichVideo Service(CRVS)
SRV - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Archivos de programa\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/08/02 17:39:45 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:\Archivos de programa\Archivos comunes\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/05/25 14:06:20 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/03/10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Archivos de programa\Archivos comunes\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2010/02/11 15:53:39 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Archivos de programa\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/02/11 15:53:39 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Archivos de programa\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/02/11 15:53:39 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Archivos de programa\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2007/12/13 19:10:56 | 000,447,784 | ---- | M] (Nero AG) [On_Demand | Running] -- C:\Archivos de programa\Archivos comunes\Nero\Lib\NMIndexingService.exe -- (NMIndexingService)
SRV - [2007/03/20 16:41:24 | 000,153,792 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Archivos de programa\Archivos comunes\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe -- (Adobe Version Cue CS3)
SRV - [2006/10/26 19:49:34 | 000,441,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Archivos de programa\Archivos comunes\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006/10/26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Archivos de programa\Archivos comunes\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006/10/26 13:40:34 | 000,335,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | System | Running] -- -- (AFD)
DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/11/29 13:04:24 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2011/11/29 13:04:23 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2011/08/27 20:58:39 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/02/11 15:42:34 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/02/11 15:42:13 | 000,162,512 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/02/11 15:39:01 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/02/11 15:38:34 | 000,100,432 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/02/11 15:38:23 | 000,019,024 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/02/11 15:38:07 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2009/05/08 00:22:28 | 001,358,720 | R--- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV - [2008/10/31 00:38:08 | 004,942,336 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/08/18 07:54:24 | 000,145,952 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvgts.sys -- (nvgts)
DRV - [2008/03/25 00:48:08 | 000,022,016 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2008/03/25 00:48:06 | 000,054,400 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2008/02/14 03:12:00 | 001,389,056 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\monfilt.sys -- (monfilt)
DRV - [2007/04/16 16:46:34 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)
DRV - [2005/09/20 07:22:37 | 000,009,344 | ---- | M] (Hewlett Packard) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hpfxbulk.sys -- (HPFXBULK)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoo...earchTerms}&f=4

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.ar/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://es.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = es
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 18 CA 2F C0 A7 D0 CC 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Archivos de programa\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Archivos de programa\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Archivos de programa\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Archivos de programa\Microsoft Silverlight\3.0.40624.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Archivos de programa\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Archivos de programa\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Archivos de programa\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Archivos de programa\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\[email protected] [2011/10/15 12:25:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Archivos de programa\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\[email protected] [2011/10/15 13:49:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Archivos de programa\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\[email protected] [2011/10/15 12:25:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Archivos de programa\Mozilla Firefox\components [2012/01/02 15:19:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Archivos de programa\Mozilla Firefox\plugins [2011/09/21 18:35:16 | 000,000,000 | ---D | M]

[2011/09/05 10:56:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrador\Datos de programa\Mozilla\Extensions
[2011/10/15 21:26:18 | 000,000,000 | ---D | M] (No name found) -- C:\Archivos de programa\Mozilla Firefox\extensions
[2011/10/15 12:17:06 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Archivos de programa\Mozilla Firefox\extensions\[email protected]_bak
[2011/10/15 12:17:05 | 000,000,000 | ---D | M] (Supervisor Kaspersky de vínculos URL) -- C:\Archivos de programa\Mozilla Firefox\extensions\[email protected]_bak
[2012/01/02 15:19:13 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Archivos de programa\mozilla firefox\components\browsercomps.dll
[2011/04/15 09:20:18 | 001,034,544 | ---- | M] (BitComet) -- C:\Archivos de programa\mozilla firefox\plugins\npBitCometAgent.dll
[2011/08/17 17:16:39 | 000,002,252 | ---- | M] () -- C:\Archivos de programa\mozilla firefox\searchplugins\bing.xml
[2011/08/17 17:16:39 | 000,003,996 | ---- | M] () -- C:\Archivos de programa\mozilla firefox\searchplugins\drae.xml
[2011/08/17 17:16:39 | 000,001,143 | ---- | M] () -- C:\Archivos de programa\mozilla firefox\searchplugins\eBay-es.xml
[2011/08/10 09:53:42 | 000,002,048 | ---- | M] () -- C:\Archivos de programa\mozilla firefox\searchplugins\fcmdSrch.xml
[2012/01/02 15:19:13 | 000,002,040 | ---- | M] () -- C:\Archivos de programa\mozilla firefox\searchplugins\twitter.xml
[2011/08/17 17:16:39 | 000,001,178 | ---- | M] () -- C:\Archivos de programa\mozilla firefox\searchplugins\wikipedia-es.xml
[2011/08/17 17:16:39 | 000,001,102 | ---- | M] () -- C:\Archivos de programa\mozilla firefox\searchplugins\yahoo-es.xml

O1 HOSTS File: ([2004/08/20 09:00:00 | 000,000,792 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Archivos de programa\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Archivos de programa\Archivos comunes\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Archivos de programa\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live Aplicación auxiliar de inicio de sesión) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Archivos de programa\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Archivos de programa\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Archivos de programa\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Archivos de programa\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Archivos de programa\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe_ID0EYTHM] C:\Archivos de programa\Archivos comunes\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avast5] C:\Archivos de programa\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Archivos de programa\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [ToolBoxFX] C:\Archivos de programa\HP\ToolBoxFX\bin\HPTLBXFX.exe (HP)
O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Archivos de programa\Archivos comunes\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &D&escargar &con BitComet - C:\Archivos de programa\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&escargar todo con BitComet - C:\Archivos de programa\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Append to existing PDF - C:\Archivos de programa\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Archivos de programa\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Archivos de programa\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Archivos de programa\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Archivos de programa\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Archivos de programa\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Archivos de programa\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Archivos de programa\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Sothink SWF Catcher - C:\Archivos de programa\Archivos comunes\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Archivos de programa\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)
O9 - Extra Button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Archivos de programa\Archivos comunes\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra 'Tools' menuitem : Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Archivos de programa\Archivos comunes\SourceTec\SWF Catcher\InternetExplorer.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Archivos de programa\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Archivos de programa\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Archivos de programa\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Archivos de programa\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Archivos de programa\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Archivos de programa\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Archivos de programa\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Archivos de programa\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Archivos de programa\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Archivos de programa\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Archivos de programa\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Archivos de programa\Bonjour\mdnsNSP.dll File not found
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8CC51F53-12C6-479B-9CB3-41AAAA2BDEE0}: DhcpNameServer = 10.0.0.2
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (C:\Documents and Settings\Administrador\Configuración local\Datos de programa\1571a130\X) - File not found
O20 - Winlogon\Notify\klogon: DllName - (C:\WINDOWS\system32\klogon.dll) - File not found
O24 - Desktop Components:0 (Mi página de inicio actual) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Microsoft\Wallpaper1.bmp
O29 - HKLM SecurityProviders - (AxhoccUbsugk.dll) -C:\WINDOWS\System32\AxhoccUbsugk.dll ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/10/20 17:02:31 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (aswBoot.exe /M:677200e34)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/17 10:18:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrador\Menú Inicio\Programas\CleanUp!
[2012/01/17 10:18:04 | 000,000,000 | ---D | C] -- C:\Archivos de programa\CleanUp!
[2012/01/17 02:03:14 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrador\Recent
[2012/01/17 01:17:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrador\Datos de programa\Malwarebytes
[2012/01/17 01:16:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menú Inicio\Programas\Malwarebytes' Anti-Malware
[2012/01/17 01:16:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Datos de programa\Malwarebytes
[2012/01/17 01:16:54 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/01/17 01:16:54 | 000,000,000 | ---D | C] -- C:\Archivos de programa\Malwarebytes' Anti-Malware
[2012/01/16 21:08:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2012/01/16 21:05:43 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrador\Configuración local\Datos de programa\1571a130
[2012/01/16 20:54:49 | 000,000,000 | ---D | C] -- C:\JFK_4X3LB_LATIN_AMERICA_SIDE_B
[2012/01/16 20:38:49 | 000,000,000 | ---D | C] -- C:\JFK_4X3_LB_LATIN_A
[2012/01/13 12:08:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrador\Datos de programa\FileZilla
[2012/01/11 18:27:31 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrador\IECompatCache
[2012/01/04 15:47:58 | 000,049,664 | ---- | C] (CamStudio Group) -- C:\WINDOWS\System32\CamCodec.dll
[2012/01/04 15:47:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menú Inicio\Programas\CamStudio
[2012/01/04 15:47:57 | 000,000,000 | ---D | C] -- C:\Archivos de programa\CamStudio 2.6b
[2011/12/27 16:34:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrador\Escritorio\BONDIS
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/17 10:09:25 | 000,212,641 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2012/01/17 10:05:27 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/01/17 01:16:55 | 000,000,840 | ---- | M] () -- C:\Documents and Settings\All Users\Escritorio\Malwarebytes Anti-Malware.lnk
[2012/01/17 01:15:07 | 000,065,645 | ---- | M] () -- C:\Documents and Settings\Administrador\Escritorio\¿Cómo eliminar un troyano - Foro de InfoSpyware.htm
[2012/01/16 21:05:51 | 000,029,184 | ---- | M] () -- C:\WINDOWS\System32\AxhoccUbsugk.dll
[2012/01/15 10:58:26 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/01/13 12:59:01 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012/01/09 14:21:13 | 002,910,251 | ---- | M] () -- C:\Documents and Settings\Administrador\Escritorio\Walicki.JPG
[2011/12/20 08:18:04 | 001,881,952 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/17 01:16:55 | 000,000,840 | ---- | C] () -- C:\Documents and Settings\All Users\Escritorio\Malwarebytes Anti-Malware.lnk
[2012/01/17 01:15:07 | 000,065,645 | ---- | C] () -- C:\Documents and Settings\Administrador\Escritorio\¿Cómo eliminar un troyano - Foro de InfoSpyware.htm
[2012/01/16 21:05:51 | 000,029,184 | ---- | C] () -- C:\WINDOWS\System32\AxhoccUbsugk.dll
[2012/01/09 14:21:12 | 002,910,251 | ---- | C] () -- C:\Documents and Settings\Administrador\Escritorio\Walicki.JPG
[2011/11/29 13:04:24 | 000,281,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2011/11/29 13:04:23 | 000,025,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2011/09/16 17:41:47 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/09/05 11:51:32 | 000,012,800 | ---- | C] () -- C:\Documents and Settings\Administrador\Configuración local\Datos de programa\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/09/05 10:35:54 | 000,000,142 | ---- | C] () -- C:\Documents and Settings\Administrador\Configuración local\Datos de programa\fusioncache.dat
[2011/09/02 19:18:32 | 000,000,378 | ---- | C] () -- C:\WINDOWS\hpbvspst.ini
[2011/09/02 19:18:21 | 000,001,275 | ---- | C] () -- C:\WINDOWS\hpbvnstp.ini
[2011/09/02 19:13:13 | 000,093,956 | ---- | C] () -- C:\WINDOWS\hppins03.dat
[2011/09/02 19:13:13 | 000,001,822 | ---- | C] () -- C:\WINDOWS\hppmdl03.dat
[2011/08/11 00:49:04 | 000,000,034 | ---- | C] () -- C:\WINDOWS\System32\imon1.dat
[2011/08/03 19:26:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/08/02 17:48:13 | 002,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
[2011/08/02 17:22:15 | 004,161,944 | ---- | C] () -- C:\Documents and Settings\LocalService\Configuración local\Datos de programa\FontCache3.0.0.0.dat
[2011/01/14 14:41:23 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2011/01/14 14:40:28 | 000,000,012 | ---- | C] () -- C:\Documents and Settings\All Users\Datos de programa\ReminderNextRun
[2011/01/14 14:32:31 | 000,000,870 | ---- | C] () -- C:\WINDOWS\wincmd.ini
[2009/10/20 19:47:54 | 000,000,231 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2009/10/20 19:45:18 | 000,000,379 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/10/20 19:41:06 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/10/20 19:41:06 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2009/10/20 19:41:04 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2009/10/20 19:41:04 | 000,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/10/20 19:41:04 | 000,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/10/20 19:41:03 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/10/20 17:09:02 | 000,003,948 | R--- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin
[2009/10/20 17:08:06 | 000,005,417 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2009/10/20 17:08:05 | 000,010,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2009/10/20 17:04:08 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/10/20 17:00:29 | 000,021,900 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/10/20 12:53:45 | 000,004,205 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/10/20 12:52:55 | 001,881,952 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/04/13 21:03:00 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2009/04/13 21:03:00 | 001,657,376 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2009/04/13 21:03:00 | 001,503,232 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2009/04/13 21:03:00 | 001,346,080 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2009/04/13 21:03:00 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2009/04/13 21:03:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2009/04/13 21:03:00 | 000,449,056 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2009/04/13 21:03:00 | 000,436,768 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2005/12/01 08:33:55 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\hppapr02.DLL
[2005/09/07 07:34:50 | 000,000,526 | ---- | C] () -- C:\WINDOWS\System32\hppapr02.DAT
[2004/08/20 09:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/20 09:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/20 09:00:00 | 000,508,270 | ---- | C] () -- C:\WINDOWS\System32\perfh00A.dat
[2004/08/20 09:00:00 | 000,443,724 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/20 09:00:00 | 000,317,534 | ---- | C] () -- C:\WINDOWS\System32\perfi00A.dat
[2004/08/20 09:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/20 09:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/20 09:00:00 | 000,091,854 | ---- | C] () -- C:\WINDOWS\System32\perfc00A.dat
[2004/08/20 09:00:00 | 000,071,982 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/20 09:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/20 09:00:00 | 000,036,284 | ---- | C] () -- C:\WINDOWS\System32\perfd00A.dat
[2004/08/20 09:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/20 09:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/20 09:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/20 09:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/20 09:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2001/07/06 16:30:02 | 000,003,269 | ---- | C] () -- C:\WINDOWS\System32\HPTCPMON.INI

========== LOP Check ==========

[2012/01/17 01:43:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Datos de programa\BitComet
[2011/09/07 10:29:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Datos de programa\DAEMON Tools Lite
[2012/01/13 16:22:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Datos de programa\FileZilla
[2011/10/24 12:57:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Datos de programa\MAXON
[2011/11/29 13:08:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Datos de programa\Ubisoft
[2011/10/24 15:44:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\Alwil Software
[2011/08/05 10:33:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\Bitstream
[2011/08/27 20:58:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\DAEMON Tools Lite
[2011/10/24 15:39:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\G DATA
[2011/11/29 13:05:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\Tages
[2010/10/21 13:27:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\Temp
[2011/08/03 22:07:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\WINDOWS\System32\alg.exe:SummaryInformation

< End of report >

#2
CompCav

Posted 17 January 2012 - 11:27 AM

Member 5k

Expert
12,454 posts

Hi, markius! Posted Image

My nick name is CompCav and I will be assisting you with your Malware/Security problems. Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any questions or you are unsure about anything, just ask and I will help you out.

If you have resolved the issues you were originally experiencing, or have received help elsewhere, please let me know so that this topic can be closed.

I am currently still in training and my posts have to be approved by an expert so please expect a delay between my posts.

Please make sure you are saving and printing the instructions out prior to each fix, this way you will have them on hand just in case you are unable to access this site. One of the steps I will be asking you to do requires you to boot into Safe Mode and this process will be much easier for you to perform if the instructions are printed out for you to follow.

If you are ready to get started, please review and follow these guidelines so that we resolve your issues in a timely and effective manner:

Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post.
Please make sure to carefully read any instructions that I give you. Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
These instructions have been specifically tailored to your computer and the issues you are experiencing with your computer. These instructions are not suitable for any other computer, even if the issues are fairly similar.
Do not do things I do not ask for, such as running a spyware scan on your computer. However, the one thing that you should always do, is to make sure your anti-virus definitions are up-to-date!
Please do not use the Attachment feature for any log file. Just do a Copy/Paste of the entire contents of the log file inside your post and submit.
You must reply within four days failure to reply will result in the topic being closed!
Please do not PM me directly for help. If you have any questions, post them in this topic. PM me only if I have not responded to your last post in 2 days.
Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to ultimately reformat your hard drive and reinstall the operating system.
Don't worry, this only happens in severe cases, but it sadly does happen. Please have the software and storage media for backing up your data available.

I am currently reviewing your log and will return with the first step to clean your computer later today.

CompCav

#3
Markius

Posted 17 January 2012 - 11:53 AM

Member

Topic Starter
Member
12 posts

Hi CompCav,
First of all, thanks for the quick reply.
I couldn´t resolve the problem, so I´m pretty much in the same place I was when I posted this Topic.
A couple of things that I notice(maybe could help you): Everytime I try to open a link in a new browser/window it took me to some random url (not just with de alg.exe links). And the other thing is that I tried to use PandaOnline/activescan and it just won´t let me (a message appears that says the files are corrupted).
So I´ll wait for your instructions later on.

#4
CompCav

Posted 17 January 2012 - 02:56 PM

Member 5k

Expert
12,454 posts

Step 1.

Download RogueKiller to your desktop.

Quit all running programs
For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
When prompted, type 2 and validate
The RKreport.txt shall be generated next to the executable.
If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe

Please post the contents of the RKreport.txt in your next Reply.

Step 2.

OTL Fix

We need to run an OTL Fix

Please reopen on your desktop.

Copy and Paste the following code into the Posted Image

textbox.

:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoo...earchTerms}&f=4
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 18 CA 2F C0 A7 D0 CC 01 [binary data]
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Archivos de programa\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
[2011/04/15 09:20:18 | 001,034,544 | ---- | M] (BitComet) -- C:\Archivos de programa\mozilla firefox\plugins\npBitCometAgent.dll
[2011/08/17 17:16:39 | 000,003,996 | ---- | M] () -- C:\Archivos de programa\mozilla firefox\searchplugins\drae.xml
[2011/08/10 09:53:42 | 000,002,048 | ---- | M] () -- C:\Archivos de programa\mozilla firefox\searchplugins\fcmdSrch.xml
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Archivos de programa\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O8 - Extra context menu item: &D&escargar &con BitComet - C:\Archivos de programa\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&escargar todo con BitComet - C:\Archivos de programa\BitComet\BitComet.exe (www.BitComet.com)
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Archivos de programa\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
[2012/01/16 21:05:43 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrador\Configuración local\Datos de programa\1571a130
[2012/01/16 21:05:51 | 000,029,184 | ---- | M] () -- C:\WINDOWS\System32\AxhoccUbsugk.dll
[2012/01/17 01:43:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Datos de programa\BitComet
[2011/08/05 10:33:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\Bitstream
@Alternate Data Stream - 88 bytes -> C:\WINDOWS\System32\alg.exe:SummaryInformation



:Files
ipconfig /flushdns /c
xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C
C:\Documents and Settings\All Users\Datos de programa\Temp\*.* /s /c
C:\WINDOWS\System32\alg.exe

:Commands
[purity]
[resethosts]
[EMPTYFLASH]
[emptyjava]
[CREATERESTOREPOINT]
[Reboot]

Push
OTL may ask to reboot the machine. Please do so if asked.
Click the OK button.
A report will open. Copy and Paste that report in your next reply.
If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date and the time of the tool run.

Step 4.

Download and Install Combofix

Download ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop * IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Double click on ComboFix.exe & follow the prompts.
Accept the disclaimer and allow to update if it asks
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
Click on Yes, to continue scanning for malware.
When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt" for further review.

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
Click the Start Scan button.
If a suspicious object is detected, the default action will be Skip, click on Continue.
If malicious objects are found, they will show in the Scan results and offer three (3) options.
Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Step 6.

Download OTL to your Desktop
Double click on the icon to run it.
Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top, make sure Standard output is selected.
Select Scan all users
Under Extra Registry select Use SafeList
Check the boxes beside LOP Check and Purity Check.
Under the Custom Scans/Fixes box copy and paste this in:

netsvcs
msconfig
%SYSTEMDRIVE%\*.exe
/md5start
consrv.dll
explorer.exe
iexplorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s
C:\Windows\assembly\tmp\U\*.* /s
%Temp%\smtmp\1\*.*
%Temp%\smtmp\2\*.*
%Temp%\smtmp\3\*.*
%Temp%\smtmp\4\*.*
CREATERESTOREPOINT
Click the button. Do not change any settings unless otherwise told to do so. The scan won't take long.

When the scan completes, it will open OTL.Txt in Notepad window and the Extras.txt file on the task bar.
Please copy (Edit->Select All, Edit->Copy) the content of this file, the Extras.txt file, and post them with your next reply.

Step 7.

Please post:

RkReport.txt (both)
OTL fix log
Combofix.txt
TDSSKiller log
OTL.txt
Extras.txt

Are all your menu items, desktop icons and files where they normally are?

What problems are you still having?

#5
Markius

Posted 17 January 2012 - 03:35 PM

Member

Topic Starter
Member
12 posts

I have a Couple of questions before starting; Are de OTL Fix the same as the OTL (I tried to find the first one in the Files section but I couldn´t). And couldn´t find either the Karspersky TDSSKILLER. From where can I download both of them?
And the other thing is, From step one I have to close/disable the Antivirus and Antispyware (among the other programs running)?
Thanks,

#6
CompCav

Posted 17 January 2012 - 03:58 PM

Member 5k

Expert
12,454 posts

I have a Couple of questions before starting; Are de OTL Fix the same as the OTL (I tried to find the first one in the Files section but I couldn´t)

If you cannot find it please download it from here to your desktop. It has a Fix button in it as well as the scan button.

And couldn´t find either the Karspersky TDSSKILLER. From where can I download both of them?

You can Download the latest version of TDSSKiller from here and save it to your Desktop.

From step one I have to close/disable the Antivirus and Antispyware (among the other programs running)?

You only have to disable Antivirus and Antispyware before running ComboFix. After you get the log from Combofix you can reenable both.

#7
Markius

Posted 17 January 2012 - 05:33 PM

Member

Topic Starter
Member
12 posts

Well here are the results:

1) RKreport[1].txt

RogueKiller V6.2.4 [01/12/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Administrador [Admin rights]
Mode: Remove -- Date : 01/17/2012 19:11:30

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 1 ¤¤¤
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤
[ZeroAccess] (LOCKED) windir\NtUpdateKBxxxx present!

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: +++++
--- User ---
[MBR] 8faf30b47ae9904e730ff316b216322e
[BSP] d566f91ad9e361730e905f1f69f387db : MBR Code unknown
Partition table:
0 - [ACTIVE] NTFS [VISIBLE] Offset (sectors): 63 | Size: 82343 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[1].txt >>
RKreport[1].txt

2) *NOTE: the programe didn´t create the other .txt you´re asking for the RogueKiller, Just this one.

3) OTL fix Log

========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache_TIMESTAMP| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@java.com/JavaPlugin\ deleted successfully.
C:\Archivos de programa\Java\jre6\bin\new_plugin\npjp2.dll moved successfully.
C:\Archivos de programa\Mozilla Firefox\plugins\npBitCometAgent.dll moved successfully.
C:\Archivos de programa\Mozilla Firefox\searchplugins\drae.xml moved successfully.
C:\Archivos de programa\Mozilla Firefox\searchplugins\fcmdSrch.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}\ deleted successfully.
C:\Archivos de programa\BitComet\tools\BitCometBHO_1.5.4.11.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&D&escargar &con BitComet\ deleted successfully.
C:\Archivos de programa\BitComet\BitComet.exe moved successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&D&escargar todo con BitComet\ deleted successfully.
File C:\Archivos de programa\BitComet\BitComet.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A}\ not found.
File C:\Archivos de programa\BitComet\tools\BitCometBHO_1.5.4.11.dll not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
C:\Documents and Settings\Administrador\Configuración local\Datos de programa\1571a130\U folder moved successfully.
C:\Documents and Settings\Administrador\Configuración local\Datos de programa\1571a130 folder moved successfully.
C:\WINDOWS\system32\AxhoccUbsugk.dll moved successfully.
C:\Documents and Settings\Administrador\Datos de programa\BitComet\torrents folder moved successfully.
C:\Documents and Settings\Administrador\Datos de programa\BitComet\share folder moved successfully.
C:\Documents and Settings\Administrador\Datos de programa\BitComet\rules folder moved successfully.
C:\Documents and Settings\Administrador\Datos de programa\BitComet\fav folder moved successfully.
C:\Documents and Settings\Administrador\Datos de programa\BitComet\cache folder moved successfully.
C:\Documents and Settings\Administrador\Datos de programa\BitComet\archive folder moved successfully.
C:\Documents and Settings\Administrador\Datos de programa\BitComet folder moved successfully.
C:\Documents and Settings\All Users\Datos de programa\Bitstream\Font Navigator\6.0\Groups folder moved successfully.
C:\Documents and Settings\All Users\Datos de programa\Bitstream\Font Navigator\6.0\Data_NT folder moved successfully.
C:\Documents and Settings\All Users\Datos de programa\Bitstream\Font Navigator\6.0\Cache folder moved successfully.
C:\Documents and Settings\All Users\Datos de programa\Bitstream\Font Navigator\6.0 folder moved successfully.
C:\Documents and Settings\All Users\Datos de programa\Bitstream\Font Navigator folder moved successfully.
C:\Documents and Settings\All Users\Datos de programa\Bitstream folder moved successfully.
ADS C:\WINDOWS\System32\alg.exe:SummaryInformation deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Configuración IP de Windows
Se vació con éxito la caché de resolución de DNS.
C:\Documents and Settings\Administrador\Escritorio\cmd.bat deleted successfully.
C:\Documents and Settings\Administrador\Escritorio\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C >
0 archivos copiados
C:\Documents and Settings\Administrador\Escritorio\cmd.bat deleted successfully.
C:\Documents and Settings\Administrador\Escritorio\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C >
0 archivos copiados
C:\Documents and Settings\Administrador\Escritorio\cmd.bat deleted successfully.
C:\Documents and Settings\Administrador\Escritorio\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C >
0 archivos copiados
C:\Documents and Settings\Administrador\Escritorio\cmd.bat deleted successfully.
C:\Documents and Settings\Administrador\Escritorio\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C >
0 archivos copiados
C:\Documents and Settings\Administrador\Escritorio\cmd.bat deleted successfully.
C:\Documents and Settings\Administrador\Escritorio\cmd.txt deleted successfully.
< C:\Documents and Settings\All Users\Datos de programa\Temp\*.* /s /c >
C:\Documents and Settings\Administrador\Escritorio\cmd.bat deleted successfully.
C:\Documents and Settings\Administrador\Escritorio\cmd.txt deleted successfully.
C:\WINDOWS\System32\alg.exe moved successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYFLASH]

User: Administrador
->Flash cache emptied: 1252 bytes

User: All Users

User: Default User

User: LocalService

User: NetworkService

User: Usuario
->Flash cache emptied: 3085 bytes

Total Flash Files Cleaned = 0,00 mb

[EMPTYJAVA]

User: Administrador
->Java cache emptied: 343169 bytes

User: All Users

User: Default User

User: LocalService

User: NetworkService

User: Usuario
->Java cache emptied: 696535 bytes

Total Java Files Cleaned = 1,00 mb

Restore point Set: OTL Restore Point (0)

OTL by OldTimer - Version 3.2.31.0 log created on 01172012_191348

4) Combofix.txt

ComboFix 12-01-17.01 - Administrador 17/01/2012 19:40:14.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.34.3082.18.2047.1679 [GMT -3:00]
Running from: c:\documents and settings\Administrador\Escritorio\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Datos de programa\TEMP
c:\documents and settings\All Users\Datos de programa\TEMP\{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}\PostBuild.exe
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\system32\ \updaterSettings.ini
c:\windows\system32\winlogon.bak
.
.
((((((((((((((((((((((((( Files Created from 2011-12-17 to 2012-01-17 )))))))))))))))))))))))))))))))
.
.
2012-01-17 22:24 . 2012-01-17 22:24 0 --sha-w- c:\windows\system32\dds_log_trash.cmd
2012-01-17 22:13 . 2012-01-17 22:13 -------- d-----w- C:\_OTL
2012-01-17 13:18 . 2012-01-17 13:18 -------- d-----w- c:\archivos de programa\CleanUp!
2012-01-17 04:17 . 2012-01-17 04:17 -------- d-----w- c:\documents and settings\Administrador\Datos de programa\Malwarebytes
2012-01-17 04:16 . 2012-01-17 04:16 -------- d-----w- c:\documents and settings\All Users\Datos de programa\Malwarebytes
2012-01-17 04:16 . 2012-01-17 04:16 -------- d-----w- c:\archivos de programa\Malwarebytes' Anti-Malware
2012-01-17 04:16 . 2011-12-10 18:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-16 23:54 . 2012-01-16 23:54 -------- d-----w- C:\JFK_4X3LB_LATIN_AMERICA_SIDE_B
2012-01-16 23:38 . 2012-01-16 23:38 -------- d-----w- C:\JFK_4X3_LB_LATIN_A
2012-01-13 15:08 . 2012-01-13 19:22 -------- d-----w- c:\documents and settings\Administrador\Datos de programa\FileZilla
2012-01-11 21:27 . 2012-01-11 21:27 -------- d-sh--w- c:\documents and settings\Administrador\IECompatCache
2012-01-04 18:47 . 2010-10-24 03:56 49664 ----a-w- c:\windows\system32\CamCodec.dll
2012-01-04 18:47 . 2012-01-04 18:47 -------- d-----w- c:\archivos de programa\CamStudio 2.6b
2012-01-02 18:19 . 2012-01-02 18:19 626688 ----a-w- c:\archivos de programa\Mozilla Firefox\msvcr80.dll
2012-01-02 18:19 . 2012-01-02 18:19 548864 ----a-w- c:\archivos de programa\Mozilla Firefox\msvcp80.dll
2012-01-02 18:19 . 2012-01-02 18:19 479232 ----a-w- c:\archivos de programa\Mozilla Firefox\msvcm80.dll
2012-01-02 18:19 . 2012-01-02 18:19 43992 ----a-w- c:\archivos de programa\Mozilla Firefox\mozutils.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-17 00:51 . 2004-08-20 12:00 44544 ----a-w- c:\windows\system32\alg.exe
2011-11-29 16:04 . 2011-11-29 16:04 281760 ----a-w- c:\windows\system32\drivers\atksgt.sys
2011-11-29 16:04 . 2011-11-29 16:04 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2011-11-08 20:12 . 2011-11-08 20:13 286720 ----a-w- c:\windows\iun506.exe
2012-01-02 18:19 . 2011-08-03 22:26 121816 ----a-w- c:\archivos de programa\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2009-10-20 . 7147BBE51D9D5B8974FB4FD9E38BA18A . 510976 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[-] 2009-10-20 . E870CE8ABA525F6A5263693C783F5906 . 505344 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\winlogon.exe
[7] 2008-04-14 . 213C80D912880BBF04453D09FFCCB28C . 510976 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\winlogon.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\archivos de programa\Archivos comunes\Nero\Lib\NMIndexStoreSvr.exe" [2007-12-13 1688872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-04-14 13684736]
"nwiz"="nwiz.exe" [2009-04-14 1657376]
"RTHDCPL"="RTHDCPL.EXE" [2008-10-28 17331200]
"HDAudDeck"="c:\archivos de programa\VIA\VIAudioi\HDADeck\HDeck.exe" [2009-06-01 33624064]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-04-14 86016]
"Acrobat Assistant 8.0"="c:\archivos de programa\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-11 624248]
"QuickTime Task"="c:\archivos de programa\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\archivos de programa\iTunes\iTunesHelper.exe" [2011-07-19 421736]
"ToolBoxFX"="c:\archivos de programa\HP\ToolBoxFX\bin\HPTLBXFX.exe" [2005-11-21 45056]
"HP Software Update"="c:\archivos de programa\HP\HP Software Update\HPWuSchd2.exe" [2005-09-24 49152]
"avast5"="c:\archiv~1\ALWILS~1\Avast5\avastUI.exe" [2010-02-11 2756488]
"Malwarebytes' Anti-Malware"="c:\archivos de programa\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0aswBoot.exe /M:677200e34
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, AxhoccUbsugk.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-06-12 05:38 34672 ----a-w- c:\archivos de programa\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-27 03:47 31016 ----a-w- c:\archivos de programa\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 17:57 153136 ----a-w- c:\archivos de programa\Archivos comunes\Nero\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVD9LanguageShortcut]
2008-10-13 23:41 50472 ------w- c:\archivos de programa\CyberLink\PowerDVD9\Language\Language.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 20:38 421888 ----a-w- c:\archivos de programa\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl9]
2009-02-16 12:55 87336 ------w- c:\archivos de programa\CyberLink\PowerDVD9\PDVD9Serv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 14:44 248552 ----a-w- c:\archivos de programa\Archivos comunes\Java\Java Update\jusched.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Archivos de programa\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Archivos de programa\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Archivos de programa\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Archivos de programa\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Archivos de programa\\Skype\\Phone\\Skype.exe"=
"c:\\Archivos de programa\\Ares\\Ares.exe"=
"c:\\Archivos de programa\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Archivos de programa\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Archivos de programa\\Archivos comunes\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"c:\\Archivos de programa\\Bonjour\\mDNSResponder.exe"=
"c:\\Archivos de programa\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Archivos de programa\\Ubisoft\\Related Designs\\ANNO 1404\\Anno4.exe"=
"c:\\Archivos de programa\\Ubisoft\\Related Designs\\ANNO 1404\\tools\\Anno4Web.exe"=
"c:\\Archivos de programa\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server
"9032:TCP"= 9032:TCP:BitComet 9032 TCP
"9032:UDP"= 9032:UDP:BitComet 9032 UDP
"13687:TCP"= 13687:TCP:BitComet 13687 TCP
"13687:UDP"= 13687:UDP:BitComet 13687 UDP
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [27/08/2011 20:58 691696]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [24/10/2011 15:44 162512]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [24/10/2011 15:44 19024]
R2 MBAMService;MBAMService;c:\archivos de programa\Malwarebytes' Anti-Malware\mbamservice.exe [17/01/2012 1:16 652872]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [17/01/2012 1:16 20464]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [19/03/2010 8:57 1358720]
S3 AsrCDDrv;AsrCDDrv;\??\c:\windows\system32\Drivers\AsrCDDrv.sys --> c:\windows\system32\Drivers\AsrCDDrv.sys [?]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
CTAudSvcService
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.ar/
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append to existing PDF - c:\archivos de programa\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\archivos de programa\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\archivos de programa\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\archivos de programa\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\archivos de programa\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\archivos de programa\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\archivos de programa\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\archivos de programa\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xportar a Microsoft Excel - c:\archiv~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Sothink SWF Catcher - c:\archivos de programa\Archivos comunes\SourceTec\SWF Catcher\InternetExplorer.htm
TCP: DhcpNameServer = 10.0.0.2
FF - ProfilePath - c:\documents and settings\Administrador\Datos de programa\Mozilla\Firefox\Profiles\hmhy79e8.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.ar/
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-UpdateReminder - c:\archivos de programa\Eset\UpdateReminder.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-17 19:47
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HDAudDeck = c:\archivos de programa\VIA\VIAudioi\HDADeck\HDeck.exe 1???????????????????????????????????????????????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1801674531-484061587-839522115-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,7a,68,b2,85,63,a1,73,4d,81,f8,3c,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,7a,68,b2,85,63,a1,73,4d,81,f8,3c,\
.
Completion time: 2012-01-17 19:48:27
ComboFix-quarantined-files.txt 2012-01-17 22:48
.
Pre-Run: 11.129.339.904 bytes libres
Post-Run: 11.396.894.720 bytes libres
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 4428DA915DBE5177EFA237EE63659202

5) TDSSKILLER log

19:50:54.0078 0432 TDSS rootkit removing tool 2.7.3.0 Jan 16 2012 18:53:41
19:50:54.0921 0432 ============================================================
19:50:54.0921 0432 Current date / time: 2012/01/17 19:50:54.0921
19:50:54.0921 0432 SystemInfo:
19:50:54.0921 0432
19:50:54.0921 0432 OS Version: 5.1.2600 ServicePack: 3.0
19:50:54.0921 0432 Product type: Workstation
19:50:54.0921 0432 ComputerName: ASROCKN68
19:50:54.0921 0432 UserName: Administrador
19:50:54.0921 0432 Windows directory: C:\WINDOWS
19:50:54.0921 0432 System windows directory: C:\WINDOWS
19:50:54.0921 0432 Processor architecture: Intel x86
19:50:54.0921 0432 Number of processors: 1
19:50:54.0921 0432 Page size: 0x1000
19:50:54.0921 0432 Boot type: Normal boot
19:50:54.0921 0432 ============================================================
19:50:55.0500 0432 Drive \Device\Harddisk0\DR0 - Size: 0x132C570000 (76.69 Gb), SectorSize: 0x200, Cylinders: 0x271B, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000058
19:50:55.0531 0432 Initialize success
19:51:29.0093 2088 ============================================================
19:51:29.0093 2088 Scan started
19:51:29.0093 2088 Mode: Manual; SigCheck; TDLFS;
19:51:29.0093 2088 ============================================================
19:51:29.0390 2088 Aavmker4 (31a8ab3deb93e3d90717ad8fb0974c3f) C:\WINDOWS\system32\drivers\Aavmker4.sys
19:51:29.0453 2088 Aavmker4 - ok
19:51:29.0468 2088 Abiosdsk - ok
19:51:29.0468 2088 abp480n5 - ok
19:51:29.0500 2088 ACPI (cf2a07e1751a2d612d7e13aa431ab057) C:\WINDOWS\system32\DRIVERS\ACPI.sys
19:51:29.0656 2088 ACPI - ok
19:51:29.0750 2088 ACPIEC (1c905333c0b9f3d7c68ddf25e54b00f9) C:\WINDOWS\system32\drivers\ACPIEC.sys
19:51:29.0843 2088 ACPIEC - ok
19:51:29.0843 2088 adpu160m - ok
19:51:29.0890 2088 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
19:51:29.0968 2088 aec - ok
19:51:30.0062 2088 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
19:51:30.0109 2088 AFD - ok
19:51:30.0109 2088 Aha154x - ok
19:51:30.0125 2088 aic78u2 - ok
19:51:30.0140 2088 aic78xx - ok
19:51:30.0140 2088 AliIde - ok
19:51:30.0171 2088 AmdPPM (033448d435e65c4bd72e70521fd05c76) C:\WINDOWS\system32\DRIVERS\AmdPPM.sys
19:51:30.0203 2088 AmdPPM - ok
19:51:30.0296 2088 amsint - ok
19:51:30.0312 2088 asc - ok
19:51:30.0328 2088 asc3350p - ok
19:51:30.0328 2088 asc3550 - ok
19:51:30.0359 2088 AsrCDDrv - ok
19:51:30.0390 2088 aswFsBlk (a289930e70f3fa3b07df80d2b052794e) C:\WINDOWS\system32\drivers\aswFsBlk.sys
19:51:30.0390 2088 aswFsBlk - ok
19:51:30.0453 2088 aswMon2 (1aca2b7efe91ca68ceed9c904ed3310d) C:\WINDOWS\system32\drivers\aswMon2.sys
19:51:30.0468 2088 aswMon2 - ok
19:51:30.0484 2088 aswRdr (cc40b9c301af5d145713b2764eec3907) C:\WINDOWS\system32\drivers\aswRdr.sys
19:51:30.0484 2088 aswRdr - ok
19:51:30.0515 2088 aswSP (67db88b01fc1d815968230458814eb8d) C:\WINDOWS\system32\drivers\aswSP.sys
19:51:30.0515 2088 aswSP - ok
19:51:30.0546 2088 aswTdi (ec8ef1ce2d6ca1071be8b7888ffa48c0) C:\WINDOWS\system32\drivers\aswTdi.sys
19:51:30.0546 2088 aswTdi - ok
19:51:30.0578 2088 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
19:51:30.0656 2088 AsyncMac - ok
19:51:30.0750 2088 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
19:51:30.0828 2088 atapi - ok
19:51:30.0828 2088 Atdisk - ok
19:51:30.0875 2088 atksgt (f0d933b42cd0594048e4d5200ae9e417) C:\WINDOWS\system32\DRIVERS\atksgt.sys
19:51:30.0890 2088 atksgt - ok
19:51:30.0906 2088 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
19:51:30.0968 2088 Atmarpc - ok
19:51:30.0984 2088 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
19:51:31.0078 2088 audstub - ok
19:51:31.0125 2088 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
19:51:31.0203 2088 Beep - ok
19:51:31.0265 2088 catchme - ok
19:51:31.0359 2088 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
19:51:31.0468 2088 cbidf2k - ok
19:51:31.0468 2088 cd20xrnt - ok
19:51:31.0484 2088 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
19:51:31.0562 2088 Cdaudio - ok
19:51:31.0609 2088 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
19:51:31.0656 2088 Cdfs - ok
19:51:31.0671 2088 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
19:51:31.0750 2088 Cdrom - ok
19:51:31.0843 2088 Changer - ok
19:51:31.0859 2088 CmdIde - ok
19:51:31.0875 2088 Cpqarray - ok
19:51:31.0890 2088 dac2w2k - ok
19:51:31.0890 2088 dac960nt - ok
19:51:31.0937 2088 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
19:51:32.0015 2088 Disk - ok
19:51:32.0078 2088 dmboot (c252a99c0a78b39faa2e2d1d048b1050) C:\WINDOWS\system32\drivers\dmboot.sys
19:51:32.0203 2088 dmboot - ok
19:51:32.0296 2088 dmio (33b4d4039cd2cb25351a7bf13b2988d9) C:\WINDOWS\system32\drivers\dmio.sys
19:51:32.0375 2088 dmio - ok
19:51:32.0390 2088 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
19:51:32.0484 2088 dmload - ok
19:51:32.0531 2088 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
19:51:32.0593 2088 DMusic - ok
19:51:32.0609 2088 dpti2o - ok
19:51:32.0640 2088 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
19:51:32.0703 2088 drmkaud - ok
19:51:32.0734 2088 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
19:51:32.0812 2088 Fastfat - ok
19:51:32.0921 2088 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
19:51:33.0000 2088 Fdc - ok
19:51:33.0031 2088 Fips (e5e61f2c07344e91dbfb7eafde549ab4) C:\WINDOWS\system32\drivers\Fips.sys
19:51:33.0093 2088 Fips - ok
19:51:33.0109 2088 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
19:51:33.0171 2088 Flpydisk - ok
19:51:33.0187 2088 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
19:51:33.0265 2088 FltMgr - ok
19:51:33.0375 2088 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
19:51:33.0468 2088 Fs_Rec - ok
19:51:33.0484 2088 Ftdisk (cc5f3af5711a1c7c8fa1d43bb16b401a) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
19:51:33.0578 2088 Ftdisk - ok
19:51:33.0609 2088 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
19:51:33.0609 2088 GEARAspiWDM - ok
19:51:33.0656 2088 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
19:51:33.0734 2088 Gpc - ok
19:51:33.0812 2088 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
19:51:33.0890 2088 HDAudBus - ok
19:51:33.0921 2088 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
19:51:34.0000 2088 HidUsb - ok
19:51:34.0046 2088 HPFXBULK (e4e0b356a8756066cf89080d9da69f22) C:\WINDOWS\system32\drivers\hpfxbulk.sys
19:51:34.0078 2088 HPFXBULK - ok
19:51:34.0156 2088 hpn - ok
19:51:34.0218 2088 HTTP (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys
19:51:34.0265 2088 HTTP - ok
19:51:34.0281 2088 i2omgmt - ok
19:51:34.0296 2088 i2omp - ok
19:51:34.0312 2088 i8042prt (4a2490a66e8271901e89dd5fb79748ae) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
19:51:34.0390 2088 i8042prt - ok
19:51:34.0406 2088 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
19:51:34.0500 2088 Imapi - ok
19:51:34.0515 2088 ini910u - ok
19:51:34.0703 2088 IntcAzAudAddService (19d3781892a3794672cd1962f3d8d3b8) C:\WINDOWS\system32\drivers\RtkHDAud.sys
19:51:34.0921 2088 IntcAzAudAddService - ok
19:51:35.0000 2088 IntelIde - ok
19:51:35.0015 2088 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
19:51:35.0093 2088 Ip6Fw - ok
19:51:35.0140 2088 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
19:51:35.0234 2088 IpFilterDriver - ok
19:51:35.0250 2088 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
19:51:35.0312 2088 IpInIp - ok
19:51:35.0328 2088 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
19:51:35.0406 2088 IpNat - ok
19:51:35.0593 2088 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
19:51:35.0671 2088 IPSec - ok
19:51:35.0703 2088 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
19:51:35.0781 2088 IRENUM - ok
19:51:35.0796 2088 isapnp (0f3d281b0410fe5d482aada37d20524b) C:\WINDOWS\system32\DRIVERS\isapnp.sys
19:51:35.0859 2088 isapnp - ok
19:51:35.0906 2088 Kbdclass (188ddd286bc0daea6984858c6a4d7bbf) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
19:51:35.0984 2088 Kbdclass - ok
19:51:36.0062 2088 kbdhid (72efebecf76eb1dccc5ba9ea746d90e8) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
19:51:36.0140 2088 kbdhid - ok
19:51:36.0171 2088 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
19:51:36.0250 2088 kmixer - ok
19:51:36.0296 2088 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
19:51:36.0328 2088 KSecDD - ok
19:51:36.0375 2088 lbrtfdc - ok
19:51:36.0406 2088 lirsgt (f8a7212d0864ef5e9185fb95e6623f4d) C:\WINDOWS\system32\DRIVERS\lirsgt.sys
19:51:36.0406 2088 lirsgt - ok
19:51:36.0453 2088 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys
19:51:36.0453 2088 MBAMProtector - ok
19:51:36.0484 2088 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
19:51:36.0578 2088 mnmdd - ok
19:51:36.0656 2088 Modem (9024556e739b8469d2b8f5f0e4c9bc9f) C:\WINDOWS\system32\drivers\Modem.sys
19:51:36.0718 2088 Modem - ok
19:51:36.0828 2088 monfilt (9fa7207d1b1adead88ae8eed9cdbbaa5) C:\WINDOWS\system32\drivers\monfilt.sys
19:51:36.0906 2088 monfilt - ok
19:51:36.0968 2088 Mouclass (6fd36b4994a2363659a65c9f970cfdb7) C:\WINDOWS\system32\DRIVERS\mouclass.sys
19:51:37.0046 2088 Mouclass - ok
19:51:37.0109 2088 mouhid (8ee532e516b2d23d686cfc1cc0a15c25) C:\WINDOWS\system32\DRIVERS\mouhid.sys
19:51:37.0203 2088 mouhid - ok
19:51:37.0234 2088 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
19:51:37.0296 2088 MountMgr - ok
19:51:37.0328 2088 mraid35x - ok
19:51:37.0343 2088 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
19:51:37.0421 2088 MRxDAV - ok
19:51:37.0468 2088 MRxSmb (60ae98742484e7ab80c3c1450e708148) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
19:51:37.0515 2088 MRxSmb - ok
19:51:37.0609 2088 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
19:51:37.0687 2088 Msfs - ok
19:51:37.0703 2088 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
19:51:37.0765 2088 MSKSSRV - ok
19:51:37.0796 2088 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
19:51:37.0875 2088 MSPCLOCK - ok
19:51:37.0906 2088 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
19:51:37.0968 2088 MSPQM - ok
19:51:38.0000 2088 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
19:51:38.0078 2088 mssmbios - ok
19:51:38.0140 2088 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
19:51:38.0203 2088 Mup - ok
19:51:38.0234 2088 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
19:51:38.0281 2088 NDIS - ok
19:51:38.0312 2088 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
19:51:38.0390 2088 NdisTapi - ok
19:51:38.0421 2088 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
19:51:38.0500 2088 Ndisuio - ok
19:51:38.0578 2088 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
19:51:38.0656 2088 NdisWan - ok
19:51:38.0687 2088 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
19:51:38.0734 2088 NDProxy - ok
19:51:38.0765 2088 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
19:51:38.0843 2088 NetBIOS - ok
19:51:38.0875 2088 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
19:51:38.0937 2088 NetBT - ok
19:51:39.0046 2088 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
19:51:39.0109 2088 Npfs - ok
19:51:39.0156 2088 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
19:51:39.0234 2088 Ntfs - ok
19:51:39.0265 2088 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
19:51:39.0359 2088 Null - ok
19:51:39.0593 2088 nv (02e3a5cf6de77dba144550fd1c4a4cd9) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
19:51:39.0812 2088 nv - ok
19:51:39.0906 2088 NVENETFD (70217a23470f4bb4c8fb4abe06813081) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
19:51:39.0937 2088 NVENETFD - ok
19:51:39.0953 2088 nvgts (ea98bfe4931bd13d747d647c1859796e) C:\WINDOWS\system32\DRIVERS\nvgts.sys
19:51:39.0968 2088 nvgts - ok
19:51:39.0984 2088 nvnetbus (be8513730653384939a4d2d977c81027) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
19:51:39.0984 2088 nvnetbus - ok
19:51:40.0015 2088 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
19:51:40.0109 2088 NwlnkFlt - ok
19:51:40.0203 2088 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
19:51:40.0265 2088 NwlnkFwd - ok
19:51:40.0296 2088 Parport (e7855cbd8bd1fda085a3f92cff7906e2) C:\WINDOWS\system32\DRIVERS\parport.sys
19:51:40.0375 2088 Parport - ok
19:51:40.0375 2088 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
19:51:40.0437 2088 PartMgr - ok
19:51:40.0468 2088 ParVdm (fad44d704ecd7d39ad01415b8bb34204) C:\WINDOWS\system32\drivers\ParVdm.sys
19:51:40.0562 2088 ParVdm - ok
19:51:40.0578 2088 PCI (f11bc84ae6c7b003b5e0c8eeb4a1f444) C:\WINDOWS\system32\DRIVERS\pci.sys
19:51:40.0656 2088 PCI - ok
19:51:40.0734 2088 PCIDump - ok
19:51:40.0765 2088 PCIIde (33d63f0a9021acb4d75d83b646b93a30) C:\WINDOWS\system32\DRIVERS\pciide.sys
19:51:40.0859 2088 PCIIde - ok
19:51:40.0906 2088 Pcmcia (f50c27cca56dc97b3a45e7f0059bd2ba) C:\WINDOWS\system32\drivers\Pcmcia.sys
19:51:40.0968 2088 Pcmcia - ok
19:51:40.0984 2088 PDCOMP - ok
19:51:40.0984 2088 PDFRAME - ok
19:51:41.0000 2088 PDRELI - ok
19:51:41.0015 2088 PDRFRAME - ok
19:51:41.0015 2088 perc2 - ok
19:51:41.0031 2088 perc2hib - ok
19:51:41.0078 2088 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
19:51:41.0140 2088 PptpMiniport - ok
19:51:41.0234 2088 Processor (d4d8634dfdae3eca83620ee4088f7aa9) C:\WINDOWS\system32\DRIVERS\processr.sys
19:51:41.0296 2088 Processor - ok
19:51:41.0312 2088 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
19:51:41.0375 2088 PSched - ok
19:51:41.0406 2088 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
19:51:41.0500 2088 Ptilink - ok
19:51:41.0546 2088 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
19:51:41.0546 2088 PxHelp20 - ok
19:51:41.0546 2088 ql1080 - ok
19:51:41.0562 2088 Ql10wnt - ok
19:51:41.0578 2088 ql12160 - ok
19:51:41.0578 2088 ql1240 - ok
19:51:41.0593 2088 ql1280 - ok
19:51:41.0609 2088 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
19:51:41.0687 2088 RasAcd - ok
19:51:41.0734 2088 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
19:51:41.0796 2088 Rasl2tp - ok
19:51:41.0906 2088 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
19:51:41.0984 2088 RasPppoe - ok
19:51:42.0031 2088 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
19:51:42.0109 2088 Raspti - ok
19:51:42.0140 2088 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
19:51:42.0218 2088 Rdbss - ok
19:51:42.0296 2088 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
19:51:42.0375 2088 RDPCDD - ok
19:51:42.0421 2088 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
19:51:42.0484 2088 rdpdr - ok
19:51:42.0515 2088 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
19:51:42.0593 2088 RDPWD - ok
19:51:42.0609 2088 redbook (20950948970a0ea329b4254052bcf093) C:\WINDOWS\system32\DRIVERS\redbook.sys
19:51:42.0671 2088 redbook - ok
19:51:42.0796 2088 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
19:51:42.0875 2088 Secdrv - ok
19:51:42.0890 2088 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
19:51:42.0968 2088 serenum - ok
19:51:43.0000 2088 Serial (f41b42b92ae9c1191858c3f80cc24a9c) C:\WINDOWS\system32\DRIVERS\serial.sys
19:51:43.0078 2088 Serial - ok
19:51:43.0171 2088 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
19:51:43.0234 2088 Sfloppy - ok
19:51:43.0250 2088 Simbad - ok
19:51:43.0265 2088 Sparrow - ok
19:51:43.0281 2088 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
19:51:43.0359 2088 splitter - ok
19:51:43.0406 2088 sptd (cdddec541bc3c96f91ecb48759673505) C:\WINDOWS\system32\Drivers\sptd.sys
19:51:43.0406 2088 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
19:51:43.0406 2088 sptd ( LockedFile.Multi.Generic ) - warning
19:51:43.0406 2088 sptd - detected LockedFile.Multi.Generic (1)
19:51:43.0484 2088 sr (ccb3065c3ee63a4515fe84af9e78d1dd) C:\WINDOWS\system32\DRIVERS\sr.sys
19:51:43.0562 2088 sr - ok
19:51:43.0625 2088 Srv (3bb03f2ba89d2be417206c373d2af17c) C:\WINDOWS\system32\DRIVERS\srv.sys
19:51:43.0656 2088 Srv - ok
19:51:43.0765 2088 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
19:51:43.0828 2088 swenum - ok
19:51:43.0859 2088 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
19:51:43.0937 2088 swmidi - ok
19:51:43.0953 2088 symc810 - ok
19:51:43.0968 2088 symc8xx - ok
19:51:43.0968 2088 sym_hi - ok
19:51:43.0984 2088 sym_u3 - ok
19:51:44.0015 2088 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
19:51:44.0078 2088 sysaudio - ok
19:51:44.0109 2088 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
19:51:44.0140 2088 Tcpip - ok
19:51:44.0281 2088 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
19:51:44.0359 2088 TDPIPE - ok
19:51:44.0390 2088 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
19:51:44.0468 2088 TDTCP - ok
19:51:44.0484 2088 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
19:51:44.0562 2088 TermDD - ok
19:51:44.0625 2088 TosIde - ok
19:51:44.0671 2088 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
19:51:44.0734 2088 Udfs - ok
19:51:44.0750 2088 ultra - ok
19:51:44.0796 2088 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
19:51:44.0859 2088 Update - ok
19:51:44.0890 2088 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
19:51:44.0968 2088 usbccgp - ok
19:51:45.0031 2088 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
19:51:45.0109 2088 usbehci - ok
19:51:45.0140 2088 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
19:51:45.0218 2088 usbhub - ok
19:51:45.0234 2088 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
19:51:45.0312 2088 usbohci - ok
19:51:45.0343 2088 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
19:51:45.0421 2088 usbprint - ok
19:51:45.0484 2088 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
19:51:45.0546 2088 usbstor - ok
19:51:45.0562 2088 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
19:51:45.0640 2088 VgaSave - ok
19:51:45.0718 2088 VIAHdAudAddService (242a8309b952f7ca9e220d3439955b0e) C:\WINDOWS\system32\drivers\viahduaa.sys
19:51:45.0750 2088 VIAHdAudAddService - ok
19:51:45.0843 2088 ViaIde - ok
19:51:45.0875 2088 VolSnap (c41ffdc191e6c832e2e53c967eae0a16) C:\WINDOWS\system32\drivers\VolSnap.sys
19:51:45.0953 2088 VolSnap - ok
19:51:45.0968 2088 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
19:51:46.0046 2088 Wanarp - ok
19:51:46.0062 2088 WDICA - ok
19:51:46.0093 2088 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
19:51:46.0156 2088 wdmaud - ok
19:51:46.0218 2088 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
19:51:46.0296 2088 WS2IFSL - ok
19:51:46.0421 2088 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
19:51:46.0437 2088 WudfPf - ok
19:51:46.0453 2088 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
19:51:46.0453 2088 WudfRd - ok
19:51:46.0484 2088 MBR (0x1B8) (4242ed2ee0db4e0a0925aa6400e1183f) \Device\Harddisk0\DR0
19:51:46.0625 2088 \Device\Harddisk0\DR0 - ok
19:51:46.0625 2088 Boot (0x1200) (a12cd82e49138d65a3fdb8754a0463c3) \Device\Harddisk0\DR0\Partition0
19:51:46.0625 2088 \Device\Harddisk0\DR0\Partition0 - ok
19:51:46.0640 2088 ============================================================
19:51:46.0640 2088 Scan finished
19:51:46.0640 2088 ============================================================
19:51:46.0750 2072 Detected object count: 1
19:51:46.0750 2072 Actual detected object count: 1
19:51:59.0562 2072 sptd ( LockedFile.Multi.Generic ) - skipped by user
19:51:59.0562 2072 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
19:52:43.0968 3804 Deinitialize success

6) OTL.txt

OTL logfile created on: 17/01/2012 19:57:53 - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Administrador\Escritorio
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C0A | Country: España | Language: ESN | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 1,55 Gb Available Physical Memory | 77,70% Memory free
3,16 Gb Paging File | 2,94 Gb Available in Paging File | 93,06% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Archivos de programa
Drive C: | 76,69 Gb Total Space | 10,65 Gb Free Space | 13,89% Space Free | Partition Type: NTFS
Drive E: | 3,96 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: ASROCKN68 | User Name: Administrador | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Administrador\Escritorio\OTL.exe (OldTimer Tools)
PRC - C:\Archivos de programa\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - c:\Archivos de programa\Archivos comunes\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
PRC - C:\Archivos de programa\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7DEBUG\mdm.exe (Microsoft Corporation)

========== Modules (No Company Name) ==========

MOD - C:\Archivos de programa\Alwil Software\Avast5\defs\12011701\algo.dll ()
MOD - C:\Archivos de programa\WinRAR\RarExt.dll ()

========== Win32 Services (SafeList) ==========

SRV - (RichVideo) Cyberlink RichVideo Service(CRVS) -- File not found
SRV - (CTAudSvcService) -- File not found
SRV - (MBAMService) -- C:\Archivos de programa\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Archivos de programa\Archivos comunes\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (Apple Mobile Device) -- C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (PSI_SVC_2) -- c:\Archivos de programa\Archivos comunes\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (avast! Web Scanner) -- C:\Archivos de programa\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
SRV - (avast! Mail Scanner) -- C:\Archivos de programa\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
SRV - (avast! Antivirus) -- C:\Archivos de programa\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
SRV - (NMIndexingService) -- C:\Archivos de programa\Archivos comunes\Nero\Lib\NMIndexingService.exe (Nero AG)
SRV - (Adobe Version Cue CS3) -- C:\Archivos de programa\Archivos comunes\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe (Adobe Systems Incorporated)
SRV - (odserv) -- C:\Archivos de programa\Archivos comunes\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose) -- C:\Archivos de programa\Archivos comunes\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (MDM) -- C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (catchme) -- File not found
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (atksgt) -- C:\WINDOWS\system32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\WINDOWS\system32\drivers\lirsgt.sys ()
DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (ALWIL Software)
DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (ALWIL Software)
DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (ALWIL Software)
DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (ALWIL Software)
DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (ALWIL Software)
DRV - (VIAHdAudAddService) -- C:\WINDOWS\system32\drivers\viahduaa.sys (VIA Technologies, Inc.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (nvgts) -- C:\WINDOWS\system32\DRIVERS\nvgts.sys (NVIDIA Corporation)
DRV - (nvnetbus) -- C:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation)
DRV - (monfilt) -- C:\WINDOWS\system32\drivers\monfilt.sys (Creative Technology Ltd.)
DRV - (AmdPPM) -- C:\WINDOWS\system32\drivers\AmdPPM.sys (Advanced Micro Devices)
DRV - (HPFXBULK) -- C:\WINDOWS\system32\drivers\hpfxbulk.sys (Hewlett Packard)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1801674531-484061587-839522115-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.ar/
IE - HKU\S-1-5-21-1801674531-484061587-839522115-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = es
IE - HKU\S-1-5-21-1801674531-484061587-839522115-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP =
IE - HKU\S-1-5-21-1801674531-484061587-839522115-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Archivos de programa\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Archivos de programa\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Archivos de programa\Microsoft Silverlight\3.0.40624.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Archivos de programa\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Archivos de programa\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Archivos de programa\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Archivos de programa\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\[email protected] [2011/10/15 12:25:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Archivos de programa\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\[email protected] [2011/10/15 13:49:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Archivos de programa\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\[email protected] [2011/10/15 12:25:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Archivos de programa\Mozilla Firefox\components [2012/01/02 15:19:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Archivos de programa\Mozilla Firefox\plugins [2011/09/21 18:35:16 | 000,000,000 | ---D | M]

[2011/09/05 10:56:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrador\Datos de programa\Mozilla\Extensions
[2011/10/15 21:26:18 | 000,000,000 | ---D | M] (No name found) -- C:\Archivos de programa\Mozilla Firefox\extensions
[2011/10/15 12:17:06 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Archivos de programa\Mozilla Firefox\extensions\[email protected]_bak
[2011/10/15 12:17:05 | 000,000,000 | ---D | M] (Supervisor Kaspersky de vínculos URL) -- C:\Archivos de programa\Mozilla Firefox\extensions\[email protected]_bak
[2012/01/02 15:19:13 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Archivos de programa\mozilla firefox\components\browsercomps.dll
[2011/08/17 17:16:39 | 000,002,252 | ---- | M] () -- C:\Archivos de programa\mozilla firefox\searchplugins\bing.xml
[2011/08/17 17:16:39 | 000,001,143 | ---- | M] () -- C:\Archivos de programa\mozilla firefox\searchplugins\eBay-es.xml
[2012/01/02 15:19:13 | 000,002,040 | ---- | M] () -- C:\Archivos de programa\mozilla firefox\searchplugins\twitter.xml
[2011/08/17 17:16:39 | 000,001,178 | ---- | M] () -- C:\Archivos de programa\mozilla firefox\searchplugins\wikipedia-es.xml
[2011/08/17 17:16:39 | 000,001,102 | ---- | M] () -- C:\Archivos de programa\mozilla firefox\searchplugins\yahoo-es.xml

O1 HOSTS File: ([2012/01/17 19:46:58 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Archivos de programa\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Archivos de programa\Archivos comunes\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Windows Live Aplicación auxiliar de inicio de sesión) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Archivos de programa\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Archivos de programa\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Archivos de programa\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O3 - HKU\S-1-5-21-1801674531-484061587-839522115-500\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Archivos de programa\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Archivos de programa\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe_ID0EYTHM] C:\Archivos de programa\Archivos comunes\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast5] C:\Archivos de programa\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Archivos de programa\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [ToolBoxFX] C:\Archivos de programa\HP\ToolBoxFX\bin\HPTLBXFX.exe (HP)
O4 - HKU\S-1-5-21-1801674531-484061587-839522115-500..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Archivos de programa\Archivos comunes\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1801674531-484061587-839522115-500\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1801674531-484061587-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1801674531-484061587-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1801674531-484061587-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Append to existing PDF - C:\Archivos de programa\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Archivos de programa\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Archivos de programa\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Archivos de programa\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Archivos de programa\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Archivos de programa\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Archivos de programa\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Archivos de programa\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Sothink SWF Catcher - C:\Archivos de programa\Archivos comunes\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra Button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Archivos de programa\Archivos comunes\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra 'Tools' menuitem : Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Archivos de programa\Archivos comunes\SourceTec\SWF Catcher\InternetExplorer.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Archivos de programa\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8CC51F53-12C6-479B-9CB3-41AAAA2BDEE0}: DhcpNameServer = 10.0.0.2
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - (C:\WINDOWS\system32\klogon.dll) - File not found
O24 - Desktop Components:0 (Mi página de inicio actual) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Microsoft\Wallpaper1.bmp
O29 - HKLM SecurityProviders - (AxhoccUbsugk.dll) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/10/20 17:02:31 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (aswBoot.exe /M:677200e34)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: CTAudSvcService - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Archivos de programa\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: GrooveMonitor - hkey= - key= - C:\Archivos de programa\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= - C:\Archivos de programa\Archivos comunes\Nero\Lib\NeroCheck.exe (Nero AG)
MsConfig - StartUpReg: PDVD9LanguageShortcut - hkey= - key= - C:\Archivos de programa\CyberLink\PowerDVD9\Language\Language.exe (CyberLink Corp.)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Archivos de programa\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: RemoteControl9 - hkey= - key= - C:\Archivos de programa\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Archivos de programa\Archivos comunes\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/01/17 19:33:39 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/01/17 19:25:25 | 000,138,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\afd.svs
[2012/01/17 19:21:09 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/01/17 19:21:09 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/01/17 19:21:09 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/01/17 19:21:09 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/01/17 19:21:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/01/17 19:21:00 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/01/17 19:20:57 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrador\Menú Inicio\Programas\Herramientas administrativas
[2012/01/17 19:13:48 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/01/17 19:10:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrador\Escritorio\RK_Quarantine
[2012/01/17 19:07:32 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrador\Recent
[2012/01/17 19:04:51 | 001,976,112 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Administrador\Escritorio\tdsskiller.exe
[2012/01/17 18:12:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrador\Escritorio\page__p__2108943_files
[2012/01/17 18:10:46 | 004,386,439 | R--- | C] (Swearware) -- C:\Documents and Settings\Administrador\Escritorio\ComboFix.exe
[2012/01/17 10:59:17 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrador\Escritorio\OTL.exe
[2012/01/17 10:18:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrador\Menú Inicio\Programas\CleanUp!
[2012/01/17 10:18:04 | 000,000,000 | ---D | C] -- C:\Archivos de programa\CleanUp!
[2012/01/17 01:17:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrador\Datos de programa\Malwarebytes
[2012/01/17 01:16:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menú Inicio\Programas\Malwarebytes' Anti-Malware
[2012/01/17 01:16:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Datos de programa\Malwarebytes
[2012/01/17 01:16:54 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/01/17 01:16:54 | 000,000,000 | ---D | C] -- C:\Archivos de programa\Malwarebytes' Anti-Malware
[2012/01/16 21:08:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2012/01/16 20:54:49 | 000,000,000 | ---D | C] -- C:\JFK_4X3LB_LATIN_AMERICA_SIDE_B
[2012/01/16 20:38:49 | 000,000,000 | ---D | C] -- C:\JFK_4X3_LB_LATIN_A
[2012/01/13 12:08:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrador\Datos de programa\FileZilla
[2012/01/11 18:27:31 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrador\IECompatCache
[2012/01/04 15:47:58 | 000,049,664 | ---- | C] (CamStudio Group) -- C:\WINDOWS\System32\CamCodec.dll
[2012/01/04 15:47:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menú Inicio\Programas\CamStudio
[2012/01/04 15:47:57 | 000,000,000 | ---D | C] -- C:\Archivos de programa\CamStudio 2.6b
[2011/12/27 16:34:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrador\Escritorio\BONDIS
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/17 19:46:58 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/01/17 19:39:24 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/01/17 19:33:45 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/01/17 19:29:46 | 000,212,641 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2012/01/17 19:24:09 | 000,000,000 | -HS- | M] () -- C:\WINDOWS\System32\dds_log_trash.cmd
[2012/01/17 19:05:15 | 001,976,112 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Administrador\Escritorio\tdsskiller.exe
[2012/01/17 18:12:04 | 000,181,974 | ---- | M] () -- C:\Documents and Settings\Administrador\Escritorio\page__p__2108943.htm
[2012/01/17 18:11:26 | 004,386,439 | R--- | M] (Swearware) -- C:\Documents and Settings\Administrador\Escritorio\ComboFix.exe
[2012/01/17 18:08:14 | 000,787,456 | ---- | M] () -- C:\Documents and Settings\Administrador\Escritorio\RogueKiller.exe
[2012/01/17 10:59:28 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrador\Escritorio\OTL.exe
[2012/01/17 01:16:55 | 000,000,840 | ---- | M] () -- C:\Documents and Settings\All Users\Escritorio\Malwarebytes Anti-Malware.lnk
[2012/01/17 01:15:07 | 000,065,645 | ---- | M] () -- C:\Documents and Settings\Administrador\Escritorio\¿Cómo eliminar un troyano - Foro de InfoSpyware.htm
[2012/01/16 21:51:59 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\alg.exe
[2012/01/15 10:58:26 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/01/13 12:59:01 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012/01/09 14:21:13 | 002,910,251 | ---- | M] () -- C:\Documents and Settings\Administrador\Escritorio\Walicki.JPG
[2011/12/20 08:18:04 | 001,881,952 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/17 19:33:45 | 000,000,210 | ---- | C] () -- C:\Boot.bak
[2012/01/17 19:33:42 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/01/17 19:24:09 | 000,000,000 | -HS- | C] () -- C:\WINDOWS\System32\dds_log_trash.cmd
[2012/01/17 19:21:09 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/01/17 19:21:09 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/01/17 19:21:09 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/01/17 19:21:09 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/01/17 19:21:09 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/01/17 18:12:02 | 000,181,974 | ---- | C] () -- C:\Documents and Settings\Administrador\Escritorio\page__p__2108943.htm
[2012/01/17 18:08:11 | 000,787,456 | ---- | C] () -- C:\Documents and Settings\Administrador\Escritorio\RogueKiller.exe
[2012/01/17 01:16:55 | 000,000,840 | ---- | C] () -- C:\Documents and Settings\All Users\Escritorio\Malwarebytes Anti-Malware.lnk
[2012/01/17 01:15:07 | 000,065,645 | ---- | C] () -- C:\Documents and Settings\Administrador\Escritorio\¿Cómo eliminar un troyano - Foro de InfoSpyware.htm
[2012/01/09 14:21:12 | 002,910,251 | ---- | C] () -- C:\Documents and Settings\Administrador\Escritorio\Walicki.JPG
[2011/11/29 13:04:24 | 000,281,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2011/11/29 13:04:23 | 000,025,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2011/09/16 17:41:47 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/09/05 11:51:32 | 000,012,800 | ---- | C] () -- C:\Documents and Settings\Administrador\Configuración local\Datos de programa\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/09/05 10:35:54 | 000,000,142 | ---- | C] () -- C:\Documents and Settings\Administrador\Configuración local\Datos de programa\fusioncache.dat
[2011/09/02 19:18:32 | 000,000,378 | ---- | C] () -- C:\WINDOWS\hpbvspst.ini
[2011/09/02 19:18:21 | 000,001,275 | ---- | C] () -- C:\WINDOWS\hpbvnstp.ini
[2011/09/02 19:13:13 | 000,093,956 | ---- | C] () -- C:\WINDOWS\hppins03.dat
[2011/09/02 19:13:13 | 000,001,822 | ---- | C] () -- C:\WINDOWS\hppmdl03.dat
[2011/08/11 00:49:04 | 000,000,034 | ---- | C] () -- C:\WINDOWS\System32\imon1.dat
[2011/08/03 19:26:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/08/02 17:48:13 | 002,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
[2011/08/02 17:22:15 | 004,161,944 | ---- | C] () -- C:\Documents and Settings\LocalService\Configuración local\Datos de programa\FontCache3.0.0.0.dat
[2011/01/14 14:41:23 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2011/01/14 14:40:28 | 000,000,012 | ---- | C] () -- C:\Documents and Settings\All Users\Datos de programa\ReminderNextRun
[2011/01/14 14:32:31 | 000,000,870 | ---- | C] () -- C:\WINDOWS\wincmd.ini
[2009/10/20 19:47:54 | 000,000,231 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2009/10/20 19:45:18 | 000,000,379 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/10/20 19:41:06 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/10/20 19:41:06 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2009/10/20 19:41:04 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2009/10/20 19:41:04 | 000,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/10/20 19:41:04 | 000,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/10/20 19:41:03 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/10/20 17:09:02 | 000,003,948 | R--- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin
[2009/10/20 17:08:06 | 000,005,417 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2009/10/20 17:08:05 | 000,010,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2009/10/20 17:04:08 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/10/20 17:00:29 | 000,021,900 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/10/20 12:53:45 | 000,004,205 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/10/20 12:52:55 | 001,881,952 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/04/13 21:03:00 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2009/04/13 21:03:00 | 001,657,376 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2009/04/13 21:03:00 | 001,503,232 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2009/04/13 21:03:00 | 001,346,080 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2009/04/13 21:03:00 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2009/04/13 21:03:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2009/04/13 21:03:00 | 000,449,056 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2009/04/13 21:03:00 | 000,436,768 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2005/12/01 08:33:55 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\hppapr02.DLL
[2005/09/07 07:34:50 | 000,000,526 | ---- | C] () -- C:\WINDOWS\System32\hppapr02.DAT
[2004/08/20 09:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/20 09:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/20 09:00:00 | 000,508,270 | ---- | C] () -- C:\WINDOWS\System32\perfh00A.dat
[2004/08/20 09:00:00 | 000,443,724 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/20 09:00:00 | 000,317,534 | ---- | C] () -- C:\WINDOWS\System32\perfi00A.dat
[2004/08/20 09:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/20 09:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/20 09:00:00 | 000,091,854 | ---- | C] () -- C:\WINDOWS\System32\perfc00A.dat
[2004/08/20 09:00:00 | 000,071,982 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/20 09:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/20 09:00:00 | 000,036,284 | ---- | C] () -- C:\WINDOWS\System32\perfd00A.dat
[2004/08/20 09:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/20 09:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/20 09:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/20 09:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/20 09:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2001/07/06 16:30:02 | 000,003,269 | ---- | C] () -- C:\WINDOWS\System32\HPTCPMON.INI

========== LOP Check ==========

[2011/09/07 10:29:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Datos de programa\DAEMON Tools Lite
[2012/01/13 16:22:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Datos de programa\FileZilla
[2011/10/24 12:57:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Datos de programa\MAXON
[2011/11/29 13:08:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Datos de programa\Ubisoft
[2011/10/24 15:44:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\Alwil Software
[2011/08/27 20:58:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\DAEMON Tools Lite
[2011/10/24 15:39:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\G DATA
[2011/11/29 13:05:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\Tages
[2011/08/03 22:07:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/09/03 15:50:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Usuario\Datos de programa\BitComet
[2011/08/27 21:02:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Usuario\Datos de programa\DAEMON Tools Lite
[2011/08/04 17:32:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Usuario\Datos de programa\MAXON

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2008/04/13 23:18:57 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=7522F548A84ABAD8FA516DE5AB3931EF -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008/04/13 23:18:57 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=7522F548A84ABAD8FA516DE5AB3931EF -- C:\WINDOWS\explorer.exe
[2008/04/13 23:18:57 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=7522F548A84ABAD8FA516DE5AB3931EF -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2004/08/20 09:00:00 | 001,034,752 | ---- | M] (Microsoft Corporation) MD5=89C8DD146CEAF482D82822766437D93F -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/04/13 23:19:12 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=4F2340F0BD5B6365C38E74DD391919A8 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2008/04/13 23:19:12 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=4F2340F0BD5B6365C38E74DD391919A8 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/13 23:19:12 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=4F2340F0BD5B6365C38E74DD391919A8 -- C:\WINDOWS\system32\svchost.exe
[2011/12/24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Archivos de programa\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2004/08/20 09:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=FA03E1FC17F38FBDBA81470D08B3E416 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: USERINIT.EXE >
[2004/08/20 09:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=7B30B4D55B4562C733A5DDF6D6F72B3F -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/13 23:19:14 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=F5B8745B9A90EAF17E30C0574E049AA3 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008/04/13 23:19:14 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=F5B8745B9A90EAF17E30C0574E049AA3 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 23:19:14 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=F5B8745B9A90EAF17E30C0574E049AA3 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2008/04/13 23:19:15 | 000,510,976 | ---- | M] (Microsoft Corporation) MD5=213C80D912880BBF04453D09FFCCB28C -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2009/10/20 19:02:35 | 000,510,976 | ---- | M] (Microsoft Corporation) MD5=7147BBE51D9D5B8974FB4FD9E38BA18A -- C:\WINDOWS\system32\winlogon.exe
[2011/12/24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Archivos de programa\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/10/20 17:17:26 | 000,505,344 | ---- | M] (Microsoft Corporation) MD5=E870CE8ABA525F6A5263693C783F5906 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Archivos de programa\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/01/02 15:19:11 | 000,716,408 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Archivos de programa\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/01/02 15:19:11 | 000,716,408 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Archivos de programa\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/01/02 15:19:11 | 000,716,408 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Archivos de programa\Mozilla Firefox\firefox.exe [2012/01/02 15:19:13 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Archivos de programa\Mozilla Firefox\firefox.exe" -preferences [2012/01/02 15:19:13 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Archivos de programa\Mozilla Firefox\firefox.exe" -safe-mode [2012/01/02 15:19:13 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2009/08/28 07:36:18 | 000,173,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2009/08/28 07:36:18 | 000,173,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2009/08/28 07:36:18 | 000,173,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Archivos de programa\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Archivos de programa\Internet Explorer\iexplore.exe" [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Archivos de programa\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/01/02 15:19:11 | 000,716,408 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Archivos de programa\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/01/02 15:19:11 | 000,716,408 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Archivos de programa\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/01/02 15:19:11 | 000,716,408 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Archivos de programa\Mozilla Firefox\firefox.exe [2012/01/02 15:19:13 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Archivos de programa\Mozilla Firefox\firefox.exe" -preferences [2012/01/02 15:19:13 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Archivos de programa\Mozilla Firefox\firefox.exe" -safe-mode [2012/01/02 15:19:13 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2009/08/28 07:36:18 | 000,173,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2009/08/28 07:36:18 | 000,173,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2009/08/28 07:36:18 | 000,173,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Archivos de programa\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Archivos de programa\Internet Explorer\iexplore.exe" [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s >
"Type" = 1
"Start" = 1
"ErrorControl" = 1
"Tag" = 6
"ImagePath" = system32\DRIVERS\netbt.sys -- [2008/04/13 16:21:00 | 000,162,816 | ---- | M] (Microsoft Corporation)
"DisplayName" = NetBios a través de Tcpip
"Group" = PNP_TDI
"DependOnService" = Tcpip [binary data]
"DependOnGroup" = [binary data]
"Description" = NetBios a través de Tcpip
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Linkage]
"OtherDependencies" = Tcpip [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters]
"NbProvider" = _tcp
"NameServerPort" = 137
"CacheTimeout" = 600000
"BcastNameQueryCount" = 3
"BcastQueryTimeout" = 750
"NameSrvQueryCount" = 3
"NameSrvQueryTimeout" = 1500
"Size/Small/Medium/Large" = 1
"SessionKeepAlive" = 3600000
"TransportBindName" = \Device\
"EnableLMHOSTS" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{2A5773CB-7C04-43BE-B031-DC4B1764F3EF}]
"NameServerList" = [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{8CC51F53-12C6-479B-9CB3-41AAAA2BDEE0}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{8E3D1B4E-69EB-4DCF-9CC3-3CAE6EFF8F0F}]
"NameServerList" = [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Security]
"Security" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Enum]
"0" = Root\LEGACY_NETBT\0000
"Count" = 1
"NextInstance" = 1

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s >
"Type" = 2
"Start" = 1
"ErrorControl" = 1
"Tag" = 1
"ImagePath" = system32\DRIVERS\netbios.sys -- [2008/04/13 15:56:02 | 000,034,688 | ---- | M] (Microsoft Corporation)
"DisplayName" = Interfaz de NetBIOS
"Group" = NetBIOSGroup
"Description" = Interfaz de NetBIOS
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Linkage]
"LanaMap" = 01 00 00 01 00 02 [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Parameters]
"MaxLana" = 2
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Parameters\Winsock]
"HelperDllName" = %SystemRoot%\System32\wshnetbs.dll -- [2004/08/20 09:00:00 | 000,007,168 | ---- | M] (Microsoft Corporation)
"MaxSockAddrLength" = 20
"MinSockAddrLength" = 20
"Mapping" = 02 00 00 00 03 00 00 00 11 00 00 00 05 00 00 00 00 00 00 00 11 00 00 00 02 00 00 00 00 00 00 00 [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Security]
"Security" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Enum]
"0" = Root\LEGACY_NETBIOS\0000
"Count" = 1
"NextInstance" = 1

< C:\Windows\assembly\tmp\U\*.* /s >

< %Temp%\smtmp\1\*.* >

< %Temp%\smtmp\2\*.* >

< %Temp%\smtmp\3\*.* >

< %Temp%\smtmp\4\*.* >

< End of report >

7) Extras.txt

OTL Extras logfile created on: 17/01/2012 19:57:53 - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Administrador\Escritorio
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C0A | Country: España | Language: ESN | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 1,55 Gb Available Physical Memory | 77,70% Memory free
3,16 Gb Paging File | 2,94 Gb Available in Paging File | 93,06% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Archivos de programa
Drive C: | 76,69 Gb Total Space | 10,65 Gb Free Space | 13,89% Space Free | Partition Type: NTFS
Drive E: | 3,96 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: ASROCKN68 | User Name: Administrador | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-1801674531-484061587-839522115-500\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Archivos de programa\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Archivos de programa\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Archivos de programa\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Archivos de programa\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"3703:TCP" = 3703:TCP:*:Enabled:Adobe Version Cue CS3 Server
"3704:TCP" = 3704:TCP:*:Enabled:Adobe Version Cue CS3 Server
"50900:TCP" = 50900:TCP:*:Enabled:Adobe Version Cue CS3 Server
"50901:TCP" = 50901:TCP:*:Enabled:Adobe Version Cue CS3 Server
"9032:TCP" = 9032:TCP:*:Enabled:BitComet 9032 TCP
"9032:UDP" = 9032:UDP:*:Enabled:BitComet 9032 UDP
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"13687:TCP" = 13687:TCP:*:Enabled:BitComet 13687 TCP
"13687:UDP" = 13687:UDP:*:Enabled:BitComet 13687 UDP

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Archivos de programa\Ares\Ares.exe" = C:\Archivos de programa\Ares\Ares.exe:*:Enabled:Ares p2p for windows -- (Ares Development Group)
"C:\Archivos de programa\Archivos comunes\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe" = C:\Archivos de programa\Archivos comunes\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:*:Enabled:Adobe Version Cue CS3 Server -- (Adobe Systems Incorporated)
"C:\Archivos de programa\Java\jre6\bin\javaw.exe" = C:\Archivos de programa\Java\jre6\bin\javaw.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Archivos de programa\Ubisoft\Related Designs\ANNO 1404\Anno4.exe" = C:\Archivos de programa\Ubisoft\Related Designs\ANNO 1404\Anno4.exe:*:Enabled:ANNO 1404 -- ()
"C:\Archivos de programa\Ubisoft\Related Designs\ANNO 1404\tools\Anno4Web.exe" = C:\Archivos de programa\Ubisoft\Related Designs\ANNO 1404\tools\Anno4Web.exe:*:Enabled:Sitio web de ANNO 1404 -- ()

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{44864C09-D493-4B07-BAD0-F65557A3C552}" = CorelDRAW Graphics Suite X5 - KPT Collection
"_{B6BFCD02-BA0E-41A9-9C9C-6624C4BB475F}" = Corel Graphics - Windows Shell Extension
"_{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}" = CorelDRAW® Graphics Suite X5
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3
"{0327FA9D-975C-448C-A086-577D57BB25B8}" = Adobe Soundbooth CS3 Codecs
"{049CAE8B-67B4-4C53-8B08-58331A41A4C0}" = hpzTLBXFX
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{09CF6AF5-9206-4FD7-9B08-BA6819FB47E3}" = Anno 1404
"{11A3D40A-6EF9-4E0E-BB34-E9F458C40601}" = hppIOFiles
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285}" = Adobe After Effects CS3 Presets
"{1D58229F-C505-45CA-8223-F35F3A34B963}" = Adobe Version Cue CS3 Server
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F73D672-6175-4A1D-B3C1-420439D03D0F}" = Product_SF_Full_QFolder
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Herramienta de carga de Windows Live
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23DD8A17-65DB-4D49-A2E0-164C6F460E3F}" = Adobe Photoshop Lightroom 3
"{24BEBF2E-73F3-4599-840B-EDC612CCDD0D}" = Destinations
"{24D9A3E0-D086-4B62-AF93-63CF6B05CB48}" = CorelDRAW Graphics Suite X5 - Custom Data
"{260ED378-2B8C-4831-ADAE-D0712D119AC5}" = CorelDRAW Graphics Suite X5 - VSTA
"{26945917-E053-45F6-AF98-309730CFC318}" = Visual Basic for Applications ® Core
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java™ 6 Update 24
"{299C0434-4F4E-341F-A916-4E07AEB35E79}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2B83A043-BA8C-4164-98AA-29529D0BE756}" = Windows Live Essentials
"{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}" = Adobe Flash Video Encoder
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3472C84E-2FD0-439F-B27F-C290C1E4CD8B}" = CorelDRAW Graphics Suite X5 - Filters
"{34F3FCF1-817B-4D61-B6AF-19D9486AFEA0}" = Unload
"{350C9C0A-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404
"{4041C245-7099-4C96-9738-5EBC23827B3C}" = BufferChm
"{414C803A-6115-4DB6-BD4E-FD81EA6BC71C}" = Product_SF_Min_QFolder
"{4458C442-7376-4CF9-AF58-E8CEA6722363}" = Adobe Setup
"{44864C09-D493-4B07-BAD0-F65557A3C552}" = CorelDRAW Graphics Suite X5 - KPT Collection
"{485ACF57-F364-440A-8496-E1E81C8FA1AA}" = Adobe Premiere Pro CS3 Third Party Content
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A28444E-0532-3264-B07D-5AFE590E30BE}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime Language Pack - ESN
"{4AA5A318-D35A-4CE7-8421-B52E1CAA8BE6}" = Visual Basic for Applications ® Core - Spanish
"{4BE53DB2-C1F2-44D1-A9AB-1630BA7F2AF1}" = SolutionCenter
"{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}" = Adobe Premiere Pro CS3 Functional Content
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{54B2EAD9-A110-43F7-B010-2859A1BD2AFE}" = Adobe Encore CS3
"{54B8F4A1-02B0-4D32-8F37-925526C0EEC6}" = CorelDRAW Graphics Suite X5 - Connect
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57400C1E-BC51-4ECE-AD2A-A6096204DDEC}" = CorelDRAW Graphics Suite X5 - VBA
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{58DCEEE5-532E-44F4-B1D7-A146EF9E9FDA}" = Adobe Premiere Pro CS3
"{59123CCF-FED2-46FF-9293-D1DC80042219}" = CorelDRAW Graphics Suite X5 - Redist
"{5C474A83-A45F-470C-9AC8-2BD1C251BF9A}" = Skype™ 4.2
"{5FCCD531-1B38-4A94-924C-127F722F1034}" = Nero 8
"{62978C1C-FE2E-4A4E-851D-3EB406C9EBC2}" = CorelDRAW Graphics Suite X5 - Draw
"{6441FECE-0E73-4326-81BF-68503E897820}" = CorePLS_Min_QFolder
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{68EE5C41-2F79-4F36-BE85-22A814F55AF7}" = CorelDRAW Graphics Suite X5 - ES
"{69E6C13B-CF6B-47A6-B7A5-77FE82B2CB40}" = hppFonts
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B52140A-F189-4945-BFFC-DB3F00B8C589}" = Adobe Flash CS3
"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
"{6B7E1C85-CAAB-42DD-9319-E785C2C19BB3}" = hppTLBXFX2605
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7593234B-2AEB-4FC9-B02D-C9B30D86084C}" = Windows Live Asistente para el inicio de sesión
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7ACFB90E-8FD0-4397-AD3A-5195412623A3}" = Adobe Help Viewer CS3
"{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}" = Adobe Dreamweaver CS3
"{7DFC1012-D346-46CE-B03E-FF79125AE029}" = Adobe Fireworks CS3
"{83169D43-4660-4347-BC95-E9D6E6BE65CE}" = Microsoft .NET Framework 1.1 Spanish Language Pack
"{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}" = Adobe Video Profiles
"{85AC0FFA-643D-3103-9310-7086ECB0C36C}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - ESN
"{8718DC03-D066-4957-94E5-50C3C5042E8E}" = Adobe Creative Suite 3 Master Collection
"{8924FD04-AFF1-4387-B08B-6A979485F2BD}" = Windows Live Call
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C0118CC-F720-45FF-A4DA-44AD77B2E73C}" = CorePLS_Full_QFolder
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90120000-0010-0C0A-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (Spanish) 12
"{90120000-0015-0C0A-0000-0000000FF1CE}" = Microsoft Office Access MUI (Spanish) 2007
"{90120000-0016-0C0A-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Spanish) 2007
"{90120000-0018-0C0A-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Spanish) 2007
"{90120000-0019-0C0A-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Spanish) 2007
"{90120000-001A-0C0A-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Spanish) 2007
"{90120000-001B-0C0A-0000-0000000FF1CE}" = Microsoft Office Word MUI (Spanish) 2007
"{90120000-001F-0403-0000-0000000FF1CE}" = Microsoft Office Proof (Catalan) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0416-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Brazil)) 2007
"{90120000-001F-042D-0000-0000000FF1CE}" = Microsoft Office Proof (Basque) 2007
"{90120000-001F-0456-0000-0000000FF1CE}" = Microsoft Office Proof (Galician) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0C0A-0000-0000000FF1CE}" = Microsoft Office Proofing (Spanish) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0C0A-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Spanish) 2007
"{90120000-006E-0C0A-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Spanish) 2007
"{90120000-00A1-0C0A-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Spanish) 2007
"{90120000-00BA-0C0A-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Spanish) 2007
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{9244E956-5939-4B88-930C-0699D4AB2B95}" = CorelDRAW Graphics Suite X5 - WT
"{92E4A65F-7007-3357-A69A-167F71A337BD}" = Microsoft .NET Framework 3.5 Language Pack SP1 - esn
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0C0A-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{953D4586-9A16-495E-BA1F-EE5AA66604DB}" = Windows Live Sync
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{983F7145-CABF-4EDD-9F3D-E06B2F024BD3}" = CorelDRAW Graphics Suite X5 - FontNav
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9D08BA75-D917-43FD-A0C4-F81D27C61053}" = hppCLJ2605
"{A1B04B6B-25BB-48AD-8BD9-D31A86E89F3E}" = CorelDRAW Graphics Suite X5 - PHOTO-PAINT
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A6B23EFA-6590-482C-A11F-5ACE1B91F5B9}" = Adobe Soundbooth CS3
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-1033-0000-7760-000000000003}" = Adobe Acrobat 8 Professional
"{AC76BA86-7AD7-1034-7B44-A90000000001}" = Adobe Reader 9 - Español
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B399C91E-96F2-4265-9884-1C9A10E9FCF4}" = CorelDRAW Graphics Suite X5
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3
"{B6BFCD02-BA0E-41A9-9C9C-6624C4BB475F}" = Corel Graphics - Windows Shell Extension
"{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}" = Adobe BridgeTalk Plugin CS3
"{B8B7A4D8-80E1-4DAE-BD33-7FD535BA3931}" = Adobe Encore CS3 Codecs
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BCDB856C-D247-4DEE-9132-89C02F4D6B8C}_is1" = Sothink SWF Decompiler
"{BDEDB104-4067-3D5E-81F0-DBEBFE856B45}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - ESN
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{BEC001F9-0451-4396-92D7-E1A4E7854BF3}" = Windows Live Mail
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C4156B59-DD7E-40DF-AF08-E568A27A6409}" = Windows Live Messenger
"{C53D0627-79E7-45A0-B37C-B92A7E40F122}" = hppManuals2605
"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3
"{C73CA646-73B3-4AEF-A136-C37505745174}" = iTunes
"{CA3861BA-1D96-4D66-B577-318E1602C4F3}" = CorelDRAW Graphics Suite X5 - Common
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB3F8375-B600-4B9F-83C9-238ED1E583FD}" = Adobe InDesign CS3
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}" = CorelDRAW Graphics Suite X5 - Setup Files
"{D03482C5-9AD8-496D-B388-692AE04C93AF}" = Bonjour
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D596EEA2-C6C8-45D3-89DF-FA2DBE99F829}" = Visual Basic for Applications ® Core - English
"{D5A31AB1-345D-47C7-A87B-036A669F6DF1}" = Adobe XMP Panels CS3
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{D642FF8D-438D-4545-A1D5-2EDB4BCAE3BA}" = CorelDRAW Graphics Suite X5 - Photozoom Plugin
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DE6CBC04-8673-4DBA-BA81-07F1639CEB5F}" = CorelDRAW Graphics Suite X5 - IPM
"{DEBB2986-15B0-4D28-95FA-5C966A396589}" = HPProductAssistant
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{EB0202F7-016A-410C-ADE4-40F848CCC661}" = Adobe After Effects CS3
"{EC2715CE-C182-483C-84CC-81D7D914CF14}" = WebReg
"{ECFDD6BD-E0C0-41CC-A171-E6D6AF4C0E93}" = HP Software Update
"{EDAE4F43-833C-443B-8DB5-129F897DF3E8}" = hppWebRegMM
"{EDB98D5A-A6FB-425C-BFB7-51A0924B762D}" = CorelDRAW Graphics Suite X5 - Capture
"{F08E8D2E-F132-4742-9C87-D5FF223A016A}" = Adobe Illustrator CS3
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FC9E08AA-CD59-4C59-BEF9-87E05B9E37D7}" = Adobe Contribute CS3
"{FD9C31B6-F572-414D-81E3-89368C97A125}_is1" = CamStudio OSS Desktop Recorder
"{FE4B83DE-85CF-4DE5-90CE-A2735A0E1F21}" = CorelDRAW Graphics Suite X5 - VideoBrowser
"1489-3350-5074-6281" = JDownloader 0.9
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_4dcfd9b7e901b57f81f667144603236" = Add or Remove Adobe Creative Suite 3 Master Collection
"Ares" = Ares 2.1.6
"BitComet" = BitComet 1.28
"BSPlayer1" = BSPlayer
"CCleaner" = CCleaner
"CDisplay_is1" = CDisplay 1.8
"CleanUp!" = CleanUp!
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink_is1" = DVD Shrink 3.2
"DVDFab 8 Qt_is1" = DVDFab 8.1.3.2 (31/10/2011) Qt
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Flame Painter_is1" = Flame Painter 1.2
"HFSExplorer" = HFSExplorer 0.21
"HP Color LaserJet 2605" = HP Color LaserJet 2605 Series 1.0
"HP Imaging Device Functions" = HP Imaging Device Functions 6.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center and Imaging Support Tools 6.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Administrador de dispositivos de plataforma
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.3.0 (Full) BETA
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware versión 1.60.0.1800
"MAXONA2CF2AFA" = CINEMA 4D 12.048
"Microsoft .NET Framework 3.5 Language Pack SP1 - esn" = Paquete de idioma de Microsoft .NET Framework 3.5 SP1 - esn
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 9.0.1 (x86 es-ES)" = Mozilla Firefox 9.0.1 (x86 es-ES)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NVIDIA Drivers" = NVIDIA Drivers
"Picasa 3" = Picasa 3
"RealAlt_is1" = Real Alternative 2.0.2
"Vector Magic" = Vector Magic
"WebCopier Pro" = WebCopier Pro
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Reproductor de Windows Media 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = Compresor WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 07/09/2011 20:11:14 | Computer Name = ASROCKN68 | Source = Protexis Licensing Service | ID = 49
Description = Failed to Release Mutex Error ID = Returned Error 1

Error - 07/09/2011 20:11:14 | Computer Name = ASROCKN68 | Source = Protexis Licensing Service | ID = 49
Description = Failed to Release Mutex Error ID = Returned Error 288

Error - 07/09/2011 20:11:14 | Computer Name = ASROCKN68 | Source = Protexis Licensing Service | ID = 49
Description = Failed to Release Mutex Error ID = Returned Error 1

Error - 08/09/2011 9:49:25 | Computer Name = ASROCKN68 | Source = Application Hang | ID = 1002
Description = Aplicación que no responde: msnmsgr.exe, versión 14.0.8117.416, módulo
que no responde hungapp, versión 0.0.0.0, dirección que no responde 0x00000000.

Error - 20/09/2011 15:52:48 | Computer Name = ASROCKN68 | Source = Application Hang | ID = 1002
Description = Aplicación que no responde: Illustrator.exe, versión 13.0.128.0, módulo
que no responde hungapp, versión 0.0.0.0, dirección que no responde 0x00000000.

Error - 21/09/2011 17:48:54 | Computer Name = ASROCKN68 | Source = Microsoft Office 12 | ID = 1000
Description = Faulting application winword.exe, version 12.0.4518.1014, stamp 45428028,
faulting module olconnector.dll, version 2.0.2313.0, stamp 491c07db, debug? 0,
fault address 0x0000fd57.

Error - 21/09/2011 17:49:11 | Computer Name = ASROCKN68 | Source = Microsoft Office 12 | ID = 2001
Description = Rejected Safe Mode action : Microsoft Office Word.

Error - 21/09/2011 17:49:14 | Computer Name = ASROCKN68 | Source = Microsoft Office 12 | ID = 1000
Description = Faulting application winword.exe, version 12.0.4518.1014, stamp 45428028,
faulting module olconnector.dll, version 2.0.2313.0, stamp 491c07db, debug? 0,
fault address 0x0000fd57.

Error - 23/09/2011 18:35:07 | Computer Name = ASROCKN68 | Source = Application Error | ID = 1000
Description = Aplicación con errores: photoshop.exe, versión: 10.0.0.0, módulo con
error: unknown, versión 0.0.0.0, dirección de error 0x65637275.

Error - 25/09/2011 18:36:18 | Computer Name = ASROCKN68 | Source = Application Error | ID = 1000
Description = Aplicación con errores: acrobat.exe, versión: 8.1.0.137, módulo con
error: icuuc34.dll, versión 3.4.0.0, dirección de error 0x0000eba3.

[ OSession Events ]
Error - 21/09/2011 17:48:52 | Computer Name = ASROCKN68 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 14
seconds with 0 seconds of active time. This session ended with a crash.

Error - 21/09/2011 17:49:14 | Computer Name = ASROCKN68 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 12
seconds with 0 seconds of active time. This session ended with a crash.

Error - 11/12/2011 15:14:30 | Computer Name = ASROCKN68 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 21
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 17/01/2012 18:20:34 | Computer Name = ASROCKN68 | Source = Service Control Manager | ID = 7000
Description = El servicio Cyberlink RichVideo Service(CRVS) no pudo iniciarse debido
al siguiente error: %%3

Error - 17/01/2012 18:20:34 | Computer Name = ASROCKN68 | Source = Service Control Manager | ID = 7023
Description = El servicio Firewall de Windows/Conexión compartida a Internet (ICS)
terminó con el error: %%10050

Error - 17/01/2012 18:20:34 | Computer Name = ASROCKN68 | Source = Service Control Manager | ID = 7023
Description = El servicio Actualizaciones automáticas terminó con el error: %%2147952450

Error - 17/01/2012 18:20:34 | Computer Name = ASROCKN68 | Source = Service Control Manager | ID = 7003
Description = El servicio NLA (Network Location Awareness) depende del siguiente
servicio no existente: Afd

Error - 17/01/2012 18:26:59 | Computer Name = ASROCKN68 | Source = Service Control Manager | ID = 7023
Description = El servicio Hpci terminó con el error: %%126

Error - 17/01/2012 18:26:59 | Computer Name = ASROCKN68 | Source = Service Control Manager | ID = 7000
Description = El servicio Cyberlink RichVideo Service(CRVS) no pudo iniciarse debido
al siguiente error: %%3

Error - 17/01/2012 18:29:50 | Computer Name = ASROCKN68 | Source = Service Control Manager | ID = 7023
Description = El servicio Hpci terminó con el error: %%126

Error - 17/01/2012 18:29:50 | Computer Name = ASROCKN68 | Source = Service Control Manager | ID = 7000
Description = El servicio Cyberlink RichVideo Service(CRVS) no pudo iniciarse debido
al siguiente error: %%3

Error - 17/01/2012 18:39:30 | Computer Name = ASROCKN68 | Source = Service Control Manager | ID = 7023
Description = El servicio Hpci terminó con el error: %%126

Error - 17/01/2012 18:39:30 | Computer Name = ASROCKN68 | Source = Service Control Manager | ID = 7000
Description = El servicio Cyberlink RichVideo Service(CRVS) no pudo iniciarse debido
al siguiente error: %%3

< End of report >

The Menu items, desktop icons and files are in their normal places.
One thing I noticed is that the normal publicity banners of any site are still exchange with other "banners" that look like a virus (and all are the same basically, no matter the site).
Everything else seems to be working just fine.

#8
CompCav

Posted 17 January 2012 - 05:51 PM

Member 5k

Expert
12,454 posts

One thing I noticed is that the normal publicity banners of any site are still exchange with other "banners" that look like a virus (and all are the same basically, no matter the site).

You have Kaspersky Anti-Banner installed and it will make all the banners look the same. Do you want that product removed?

#9
Markius

Posted 17 January 2012 - 06:24 PM

Member

Topic Starter
Member
12 posts

If removing the anti-banner doesn´t represent a security risk, I´d like to do that. If not, it´s not that big a deal.
What should I do with the folders created in this process? ( "_OTL", "kleaner.tmp", "Qoobox", "Updater", "Config.Msi", "MSOCache",in the C: and "RK_Quarantine" in the desktop).

#10
CompCav

Posted 17 January 2012 - 07:18 PM

Member 5k

Expert
12,454 posts

Anti-banner is supposed to improve your security and speed up the page downloads to your machine.

Cleanup will come later. I still have a few steps left to remove some malware and contributors to malware.

My post will be up tomorrow after my instructor approves it.

CompCav

#11
CompCav

Posted 18 January 2012 - 08:47 AM

Member 5k

Expert
12,454 posts

P2P Warning!:

IMPORTANT I have noticed that there are signs of Ares and Bit Comet P2P (Person to Person) File Sharing Programs on your computer.

As long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur.

Once upon a time, P2P file sharing was fairly safe. This is no longer true. P2P programs form a direct conduit inside your computer, their security measures are easily circumvented, and malware writers are increasingly exploiting them to spread their wares on to your computer. If your P2P program is not configured correctly, your computer may also be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

If you need convincing, please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
infoworld

It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall Ares and Bit Comet, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Add/Remove Programs.

If you wish to keep them, please do not use either of them until your computer is cleaned.

Step 1.

Please reopen on your desktop.

Copy and Paste the following code into the Posted Image

textbox.

:OTL


:Files
ipconfig /flushdns /c


:Commands
[purity]
[resethosts]
[EMPTYTEMP]
[CREATERESTOREPOINT]
[Reboot]

Push
OTL may ask to reboot the machine. Please do so if asked.
Click the OK button.
A report will open. Copy and Paste that report in your next reply.
If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date and the time of the tool run.

Step 2.

Please delete the current copy of ComboFix

Now download a fresh copy to your desktop.

Download ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop * IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Double click on ComboFix.exe & follow the prompts.
Accept the disclaimer and allow to update if it asks
Click on Yes, to continue scanning for malware.
When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt" for further review.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions

Step 3.

Download aswMBR.exe ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image

Step 4.

Please post:

OTL fix log
ComboFix.txt
aswMBR log

What issues remain with your computer?

#12
Markius

Posted 18 January 2012 - 11:30 AM

Member

Topic Starter
Member
12 posts

Here are the logs:

1) OTL

All processes killed
========== OTL ==========
========== FILES ==========
< ipconfig /flushdns /c >
Configuración IP de Windows
Se vació con éxito la caché de resolución de DNS.
C:\Documents and Settings\Administrador\Escritorio\cmd.bat deleted successfully.
C:\Documents and Settings\Administrador\Escritorio\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrador
->Temp folder emptied: 393537 bytes
->Temporary Internet Files folder emptied: 49554 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 50760764 bytes
->Flash cache emptied: 534 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 402 bytes

User: Usuario
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 101366298 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2134225 bytes
%systemroot%\System32 .tmp files removed: 2909 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1166 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 148,00 mb

Restore point Set: OTL Restore Point (0)

OTL by OldTimer - Version 3.2.31.0 log created on 01182012_134719

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

2)COMBOFIX

ComboFix 12-01-18.04 - Administrador 18/01/2012 13:59:12.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.34.3082.18.2047.1677 [GMT -3:00]
Running from: c:\documents and settings\Administrador\Escritorio\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((( Files Created from 2011-12-18 to 2012-01-18 )))))))))))))))))))))))))))))))
.
.
2012-01-17 23:19 . 2012-01-17 23:19 -------- d-----w- c:\documents and settings\Administrador\Datos de programa\BitComet
2012-01-17 22:24 . 2012-01-17 22:24 0 --sha-w- c:\windows\system32\dds_log_trash.cmd
2012-01-17 22:13 . 2012-01-17 22:13 -------- d-----w- C:\_OTL
2012-01-17 13:18 . 2012-01-17 13:18 -------- d-----w- c:\archivos de programa\CleanUp!
2012-01-17 04:17 . 2012-01-17 04:17 -------- d-----w- c:\documents and settings\Administrador\Datos de programa\Malwarebytes
2012-01-17 04:16 . 2012-01-17 04:16 -------- d-----w- c:\documents and settings\All Users\Datos de programa\Malwarebytes
2012-01-17 04:16 . 2012-01-17 04:16 -------- d-----w- c:\archivos de programa\Malwarebytes' Anti-Malware
2012-01-17 04:16 . 2011-12-10 18:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-16 23:54 . 2012-01-16 23:54 -------- d-----w- C:\JFK_4X3LB_LATIN_AMERICA_SIDE_B
2012-01-16 23:38 . 2012-01-16 23:38 -------- d-----w- C:\JFK_4X3_LB_LATIN_A
2012-01-13 15:08 . 2012-01-13 19:22 -------- d-----w- c:\documents and settings\Administrador\Datos de programa\FileZilla
2012-01-11 21:27 . 2012-01-11 21:27 -------- d-sh--w- c:\documents and settings\Administrador\IECompatCache
2012-01-04 18:47 . 2010-10-24 03:56 49664 ----a-w- c:\windows\system32\CamCodec.dll
2012-01-04 18:47 . 2012-01-04 18:47 -------- d-----w- c:\archivos de programa\CamStudio 2.6b
2012-01-02 18:19 . 2012-01-02 18:19 626688 ----a-w- c:\archivos de programa\Mozilla Firefox\msvcr80.dll
2012-01-02 18:19 . 2012-01-02 18:19 548864 ----a-w- c:\archivos de programa\Mozilla Firefox\msvcp80.dll
2012-01-02 18:19 . 2012-01-02 18:19 479232 ----a-w- c:\archivos de programa\Mozilla Firefox\msvcm80.dll
2012-01-02 18:19 . 2012-01-02 18:19 43992 ----a-w- c:\archivos de programa\Mozilla Firefox\mozutils.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-17 00:51 . 2004-08-20 12:00 44544 ----a-w- c:\windows\system32\alg.exe
2011-11-29 16:04 . 2011-11-29 16:04 281760 ----a-w- c:\windows\system32\drivers\atksgt.sys
2011-11-29 16:04 . 2011-11-29 16:04 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2011-11-08 20:12 . 2011-11-08 20:13 286720 ----a-w- c:\windows\iun506.exe
2012-01-02 18:19 . 2011-08-03 22:26 121816 ----a-w- c:\archivos de programa\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2009-10-20 . 7147BBE51D9D5B8974FB4FD9E38BA18A . 510976 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[-] 2009-10-20 . E870CE8ABA525F6A5263693C783F5906 . 505344 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\winlogon.exe
[7] 2008-04-14 . 213C80D912880BBF04453D09FFCCB28C . 510976 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\winlogon.exe
.
((((((((((((((((((((((((((((( SnapShot@2012-01-17_22.47.03 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-01-18 16:58 . 2012-01-18 16:58 16384 c:\windows\Temp\Perflib_Perfdata_6f8.dat
- 2012-01-17 22:39 . 2012-01-17 22:39 16384 c:\windows\Temp\Perflib_Perfdata_6f8.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\archivos de programa\Archivos comunes\Nero\Lib\NMIndexStoreSvr.exe" [2007-12-13 1688872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-04-14 13684736]
"nwiz"="nwiz.exe" [2009-04-14 1657376]
"RTHDCPL"="RTHDCPL.EXE" [2008-10-28 17331200]
"HDAudDeck"="c:\archivos de programa\VIA\VIAudioi\HDADeck\HDeck.exe" [2009-06-01 33624064]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-04-14 86016]
"Acrobat Assistant 8.0"="c:\archivos de programa\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-11 624248]
"QuickTime Task"="c:\archivos de programa\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\archivos de programa\iTunes\iTunesHelper.exe" [2011-07-19 421736]
"ToolBoxFX"="c:\archivos de programa\HP\ToolBoxFX\bin\HPTLBXFX.exe" [2005-11-21 45056]
"HP Software Update"="c:\archivos de programa\HP\HP Software Update\HPWuSchd2.exe" [2005-09-24 49152]
"avast5"="c:\archiv~1\ALWILS~1\Avast5\avastUI.exe" [2010-02-11 2756488]
"Malwarebytes' Anti-Malware"="c:\archivos de programa\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0aswBoot.exe /M:677200e34
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, AxhoccUbsugk.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-06-12 05:38 34672 ----a-w- c:\archivos de programa\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-27 03:47 31016 ----a-w- c:\archivos de programa\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 17:57 153136 ----a-w- c:\archivos de programa\Archivos comunes\Nero\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVD9LanguageShortcut]
2008-10-13 23:41 50472 ------w- c:\archivos de programa\CyberLink\PowerDVD9\Language\Language.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 20:38 421888 ----a-w- c:\archivos de programa\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl9]
2009-02-16 12:55 87336 ------w- c:\archivos de programa\CyberLink\PowerDVD9\PDVD9Serv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 14:44 248552 ----a-w- c:\archivos de programa\Archivos comunes\Java\Java Update\jusched.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Archivos de programa\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Archivos de programa\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Archivos de programa\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Archivos de programa\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Archivos de programa\\Skype\\Phone\\Skype.exe"=
"c:\\Archivos de programa\\Ares\\Ares.exe"=
"c:\\Archivos de programa\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Archivos de programa\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Archivos de programa\\Archivos comunes\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"c:\\Archivos de programa\\Bonjour\\mDNSResponder.exe"=
"c:\\Archivos de programa\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Archivos de programa\\Ubisoft\\Related Designs\\ANNO 1404\\Anno4.exe"=
"c:\\Archivos de programa\\Ubisoft\\Related Designs\\ANNO 1404\\tools\\Anno4Web.exe"=
"c:\\Archivos de programa\\iTunes\\iTunes.exe"=
"c:\\_OTL\\MovedFiles\\01172012_191348\\C_Archivos de programa\\BitComet\\BitComet.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server
"9032:TCP"= 9032:TCP:BitComet 9032 TCP
"9032:UDP"= 9032:UDP:BitComet 9032 UDP
"13687:TCP"= 13687:TCP:BitComet 13687 TCP
"13687:UDP"= 13687:UDP:BitComet 13687 UDP
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [27/08/2011 20:58 691696]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [24/10/2011 15:44 162512]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [24/10/2011 15:44 19024]
R2 MBAMService;MBAMService;c:\archivos de programa\Malwarebytes' Anti-Malware\mbamservice.exe [17/01/2012 1:16 652872]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [17/01/2012 1:16 20464]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [19/03/2010 8:57 1358720]
S3 AsrCDDrv;AsrCDDrv;\??\c:\windows\system32\Drivers\AsrCDDrv.sys --> c:\windows\system32\Drivers\AsrCDDrv.sys [?]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
CTAudSvcService
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.ar/
IE: &D&ownload &with BitComet - c:\_otl\MovedFiles\01172012_191348\C_Archivos de programa\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all with BitComet - c:\_otl\MovedFiles\01172012_191348\C_Archivos de programa\BitComet\BitComet.exe/AddAllLink.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append to existing PDF - c:\archivos de programa\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\archivos de programa\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\archivos de programa\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\archivos de programa\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\archivos de programa\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\archivos de programa\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\archivos de programa\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\archivos de programa\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xportar a Microsoft Excel - c:\archiv~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Sothink SWF Catcher - c:\archivos de programa\Archivos comunes\SourceTec\SWF Catcher\InternetExplorer.htm
TCP: DhcpNameServer = 10.0.0.2
FF - ProfilePath - c:\documents and settings\Administrador\Datos de programa\Mozilla\Firefox\Profiles\hmhy79e8.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.ar/
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-18 14:06
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HDAudDeck = c:\archivos de programa\VIA\VIAudioi\HDADeck\HDeck.exe 1???????????????????????????????????????????????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1801674531-484061587-839522115-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,7a,68,b2,85,63,a1,73,4d,81,f8,3c,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,7a,68,b2,85,63,a1,73,4d,81,f8,3c,\
.
Completion time: 2012-01-18 14:07:13
ComboFix-quarantined-files.txt 2012-01-18 17:07
.
Pre-Run: 15.541.231.616 bytes libres
Post-Run: 15.535.583.232 bytes libres
.
- - End Of File - - C4CB31C785A3B8EA63866CEAE7AA5445

3)ASWMBR

aswMBR version 0.9.9.1297 Copyright© 2011 AVAST Software
Run date: 2012-01-18 14:07:45
-----------------------------
14:07:45.406 OS Version: Windows 5.1.2600 Service Pack 3
14:07:45.406 Number of processors: 1 586 0x602
14:07:45.406 ComputerName: ASROCKN68 UserName:
14:07:45.765 Initialize success
14:07:45.843 AVAST engine defs: 12011800
14:08:00.468 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Scsi\nvgts1Port2Path0Target0Lun0
14:08:00.468 Disk 0 Vendor: HDS72808 PF2O Size: 78533MB BusType: 3
14:08:00.468 Device \Driver\nvgts -> DriverStartIo SCSIPORT.SYS b7e9f40e
14:08:00.468 Device \Driver\nvgts -> MajorFunction 89d7a1f8
14:08:00.468 Disk 0 MBR read successfully
14:08:00.484 Disk 0 MBR scan
14:08:00.546 Disk 0 unknown MBR code
14:08:00.546 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 78528 MB offset 63
14:08:00.546 Disk 0 scanning sectors +160826715
14:08:00.609 Disk 0 scanning C:\WINDOWS\system32\drivers
14:08:06.500 Service scanning
14:08:06.781 Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32
14:08:07.296 Modules scanning
14:08:11.390 Disk 0 trace - called modules:
14:08:11.421 ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x89d7a1f8]<<
14:08:11.421 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89d479c0]
14:08:11.421 3 CLASSPNP.SYS[b80e8fd7] -> nt!IofCallDriver -> \Device\00000065[0x89c61920]
14:08:11.421 5 ACPI.sys[b7e73620] -> nt!IofCallDriver -> \Device\Scsi\nvgts1Port2Path0Target0Lun0[0x89ceea38]
14:08:11.421 \Driver\nvgts[0x89cefa08] -> IRP_MJ_CREATE -> 0x89d7a1f8
14:08:11.703 AVAST engine scan C:\WINDOWS
14:08:14.671 AVAST engine scan C:\WINDOWS\system32
14:09:12.546 AVAST engine scan C:\WINDOWS\system32\drivers
14:09:20.312 AVAST engine scan C:\Documents and Settings\Administrador
14:09:33.828 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Administrador\Escritorio\MBR.dat"
14:09:33.828 The log file has been saved successfully to "C:\Documents and Settings\Administrador\Escritorio\aswMBR.txt"

About the issues remaining, what I noticed is that at booting, after the monitor screen info, appears (just for about a second) the black screen with the options on how to start your computer.
And the other thing is, on windows startup (after clicking Admin icon, when is loading, antivirus, etc), y turns up black screen for maybe 2 seconds (its like the monitor shutting up) and then follows without any problem. Unlike the first one this was already happening before we start with all this processes.
Let me how we´re doing!

#13
CompCav

Posted 18 January 2012 - 12:25 PM

Member 5k

Expert
12,454 posts

You are doing great and the computer is coming along.

I will post the next set of instructions later this afternoon!

CompCav

#14
CompCav

Posted 18 January 2012 - 02:08 PM

Member 5k

Expert
12,454 posts

Step 1.

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

File::
c:\windows\system32\alg.exe

Folder::

FCopy::
c:\windows\ServicePackFiles\i386\winlogon.exe | c:\windows\system32\winlogon.exe

Registry::

Driver::

Save this as CFScript.txt, in the same location as ComboFix.exe

Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Step 2.

Please download MBRCheck.exe to your Desktop. Run the application.

If no infection is found, it will produce a report on the desktop. Post that report in your next reply.

If an infection is found, you will be presented with the following dialog:

Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Type N and press Enter. A report will be produced on the desktop. Post that report in your next reply.

Step 3.

Please rerun OTL.

Click Scan all Users

Then click Quickscan

It will produce an OTL.txt log on your desktop. Please post it in your next reply.

Step 4.

Please post:

ComboFix.txt
MbrCheck log
OTL.txt

Are there any issues remaining with your computer?

#15
Markius

Posted 21 January 2012 - 11:17 PM

Member

Topic Starter
Member
12 posts

First of all, sorry for the late reply; The last steps you gave me removed my windows crack, so I couldn´t use the PC for a couple of days.

here are the results:

1) COMBO FIX

ComboFix 12-01-19.02 - Administrador 20/01/2012 8:41.5.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.34.3082.18.2047.1682 [GMT -3:00]
Running from: c:\documents and settings\Administrador\Escritorio\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\InfoSat.txt
c:\windows\system32\winlogon.bak
.
.
((((((((((((((((((((((((( Files Created from 2011-12-20 to 2012-01-20 )))))))))))))))))))))))))))))))
.
.
2012-01-17 23:19 . 2012-01-17 23:19 -------- d-----w- c:\documents and settings\Administrador\Datos de programa\BitComet
2012-01-17 22:24 . 2012-01-17 22:24 0 --sha-w- c:\windows\system32\dds_log_trash.cmd
2012-01-17 22:13 . 2012-01-17 22:13 -------- d-----w- C:\_OTL
2012-01-17 13:18 . 2012-01-17 13:18 -------- d-----w- c:\archivos de programa\CleanUp!
2012-01-17 04:17 . 2012-01-17 04:17 -------- d-----w- c:\documents and settings\Administrador\Datos de programa\Malwarebytes
2012-01-17 04:16 . 2012-01-17 04:16 -------- d-----w- c:\documents and settings\All Users\Datos de programa\Malwarebytes
2012-01-17 04:16 . 2012-01-19 22:51 -------- d-----w- c:\archivos de programa\Malwarebytes' Anti-Malware
2012-01-17 04:16 . 2011-12-10 18:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-16 23:54 . 2012-01-16 23:54 -------- d-----w- C:\JFK_4X3LB_LATIN_AMERICA_SIDE_B
2012-01-16 23:38 . 2012-01-16 23:38 -------- d-----w- C:\JFK_4X3_LB_LATIN_A
2012-01-13 15:08 . 2012-01-13 19:22 -------- d-----w- c:\documents and settings\Administrador\Datos de programa\FileZilla
2012-01-11 21:27 . 2012-01-11 21:27 -------- d-sh--w- c:\documents and settings\Administrador\IECompatCache
2012-01-04 18:47 . 2010-10-24 03:56 49664 ----a-w- c:\windows\system32\CamCodec.dll
2012-01-04 18:47 . 2012-01-04 18:47 -------- d-----w- c:\archivos de programa\CamStudio 2.6b
2012-01-02 18:19 . 2012-01-02 18:19 626688 ----a-w- c:\archivos de programa\Mozilla Firefox\msvcr80.dll
2012-01-02 18:19 . 2012-01-02 18:19 548864 ----a-w- c:\archivos de programa\Mozilla Firefox\msvcp80.dll
2012-01-02 18:19 . 2012-01-02 18:19 479232 ----a-w- c:\archivos de programa\Mozilla Firefox\msvcm80.dll
2012-01-02 18:19 . 2012-01-02 18:19 43992 ----a-w- c:\archivos de programa\Mozilla Firefox\mozutils.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-19 20:51 . 2004-08-20 12:00 510976 ----a-w- c:\windows\system32\winlogon.exe
2012-01-17 00:51 . 2004-08-20 12:00 44544 ----a-w- c:\windows\system32\alg.exe
2011-11-29 16:04 . 2011-11-29 16:04 281760 ----a-w- c:\windows\system32\drivers\atksgt.sys
2011-11-29 16:04 . 2011-11-29 16:04 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2011-11-08 20:12 . 2011-11-08 20:13 286720 ----a-w- c:\windows\iun506.exe
2012-01-02 18:19 . 2011-08-03 22:26 121816 ----a-w- c:\archivos de programa\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2012-01-19 . 7147BBE51D9D5B8974FB4FD9E38BA18A . 510976 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[-] 2009-10-20 . E870CE8ABA525F6A5263693C783F5906 . 505344 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\winlogon.exe
[7] 2008-04-14 . 213C80D912880BBF04453D09FFCCB28C . 510976 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\winlogon.exe
[7] 2008-04-14 . 213C80D912880BBF04453D09FFCCB28C . 510976 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\winlogon.exe
.
((((((((((((((((((((((((((((( SnapShot@2012-01-17_22.47.03 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-01-20 11:41 . 2012-01-20 11:41 16384 c:\windows\Temp\Perflib_Perfdata_64c.dat
+ 2012-01-19 21:13 . 2012-01-19 21:13 262144 c:\windows\system32\config\systemprofile\NtUser.dat
+ 2012-01-20 11:41 . 2012-01-20 11:41 1881952 c:\windows\system32\FNTCACHE.DAT
- 2009-10-20 15:52 . 2011-12-20 11:18 1881952 c:\windows\system32\FNTCACHE.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\archivos de programa\Archivos comunes\Nero\Lib\NMIndexStoreSvr.exe" [2007-12-13 1688872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-04-14 13684736]
"nwiz"="nwiz.exe" [2009-04-14 1657376]
"RTHDCPL"="RTHDCPL.EXE" [2008-10-28 17331200]
"HDAudDeck"="c:\archivos de programa\VIA\VIAudioi\HDADeck\HDeck.exe" [2009-06-01 33624064]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-04-14 86016]
"QuickTime Task"="c:\archivos de programa\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\archivos de programa\iTunes\iTunesHelper.exe" [2011-07-19 421736]
"HP Software Update"="c:\archivos de programa\HP\HP Software Update\HPWuSchd2.exe" [2005-09-24 49152]
"Malwarebytes' Anti-Malware"="c:\archivos de programa\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0aswBoot.exe /M:677200e34
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, AxhoccUbsugk.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-06-12 05:38 34672 ----a-w- c:\archivos de programa\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-27 03:47 31016 ----a-w- c:\archivos de programa\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 17:57 153136 ----a-w- c:\archivos de programa\Archivos comunes\Nero\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVD9LanguageShortcut]
2008-10-13 23:41 50472 ------w- c:\archivos de programa\CyberLink\PowerDVD9\Language\Language.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 20:38 421888 ----a-w- c:\archivos de programa\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl9]
2009-02-16 12:55 87336 ------w- c:\archivos de programa\CyberLink\PowerDVD9\PDVD9Serv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 14:44 248552 ----a-w- c:\archivos de programa\Archivos comunes\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Archivos de programa\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Archivos de programa\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Archivos de programa\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Archivos de programa\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Archivos de programa\\Skype\\Phone\\Skype.exe"=
"c:\\Archivos de programa\\Ares\\Ares.exe"=
"c:\\Archivos de programa\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Archivos de programa\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Archivos de programa\\Archivos comunes\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"c:\\Archivos de programa\\Bonjour\\mDNSResponder.exe"=
"c:\\Archivos de programa\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Archivos de programa\\Ubisoft\\Related Designs\\ANNO 1404\\Anno4.exe"=
"c:\\Archivos de programa\\Ubisoft\\Related Designs\\ANNO 1404\\tools\\Anno4Web.exe"=
"c:\\Archivos de programa\\iTunes\\iTunes.exe"=
"c:\\_OTL\\MovedFiles\\01172012_191348\\C_Archivos de programa\\BitComet\\BitComet.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server
"9032:TCP"= 9032:TCP:BitComet 9032 TCP
"9032:UDP"= 9032:UDP:BitComet 9032 UDP
"13687:TCP"= 13687:TCP:BitComet 13687 TCP
"13687:UDP"= 13687:UDP:BitComet 13687 UDP
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [27/08/2011 20:58 691696]
R2 MBAMService;MBAMService;c:\archivos de programa\Malwarebytes' Anti-Malware\mbamservice.exe [17/01/2012 1:16 652872]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [17/01/2012 1:16 20464]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [19/03/2010 8:57 1358720]
S3 AsrCDDrv;AsrCDDrv;\??\c:\windows\system32\Drivers\AsrCDDrv.sys --> c:\windows\system32\Drivers\AsrCDDrv.sys [?]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
CTAudSvcService
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = about:blank
mWindow Title =
IE: &D&ownload &with BitComet - c:\_otl\MovedFiles\01172012_191348\C_Archivos de programa\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all with BitComet - c:\_otl\MovedFiles\01172012_191348\C_Archivos de programa\BitComet\BitComet.exe/AddAllLink.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append to existing PDF - c:\archivos de programa\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\archivos de programa\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\archivos de programa\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\archivos de programa\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\archivos de programa\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\archivos de programa\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\archivos de programa\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\archivos de programa\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xportar a Microsoft Excel - c:\archiv~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Sothink SWF Catcher - c:\archivos de programa\Archivos comunes\SourceTec\SWF Catcher\InternetExplorer.htm
TCP: DhcpNameServer = 192.168.3.1
FF - ProfilePath - c:\documents and settings\Administrador\Datos de programa\Mozilla\Firefox\Profiles\hmhy79e8.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.ar/
.
.
------- File Associations -------
.
inifile=Notepad.exe "%1"
txtfile=Notepad.exe "%1"
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-20 08:48
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HDAudDeck = c:\archivos de programa\VIA\VIAudioi\HDADeck\HDeck.exe 1???????????????????????????????????????????????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1801674531-484061587-839522115-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,7a,68,b2,85,63,a1,73,4d,81,f8,3c,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,7a,68,b2,85,63,a1,73,4d,81,f8,3c,\
.
Completion time: 2012-01-20 08:49:44
ComboFix-quarantined-files.txt 2012-01-20 11:49
ComboFix2.txt 2012-01-18 21:09
.
Pre-Run: 15.318.388.736 bytes libres
Post-Run: 15.311.872.000 bytes libres
.
- - End Of File - - C13917A3BE65E1CAB86431C34BEEA2FE

2) MBR CHECK

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000003d

Kernel Drivers (total 132):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806D0000 \WINDOWS\system32\hal.dll
0xB85A8000 \WINDOWS\system32\KDCOM.DLL
0xB84B8000 \WINDOWS\system32\BOOTVID.dll
0xB7EB4000 spbh.sys
0xB85AA000 \WINDOWS\System32\Drivers\WMILIB.SYS
0xB7E9C000 \WINDOWS\System32\Drivers\SCSIPORT.SYS
0xB7E6D000 ACPI.sys
0xB7E5C000 pci.sys
0xB80A8000 isapnp.sys
0xB8670000 pciide.sys
0xB8328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xB80B8000 MountMgr.sys
0xB7E3D000 ftdisk.sys
0xB85AC000 dmload.sys
0xB7E17000 dmio.sys
0xB8330000 PartMgr.sys
0xB80C8000 VolSnap.sys
0xB7DFF000 atapi.sys
0xB7DDA000 nvgts.sys
0xB80D8000 disk.sys
0xB80E8000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xB7DBA000 fltmgr.sys
0xB7DA8000 sr.sys
0xB80F8000 PxHelp20.sys
0xB7D91000 KSecDD.sys
0xB7D04000 Ntfs.sys
0xB7CD7000 NDIS.sys
0xB7CBD000 Mup.sys
0xB81A8000 \SystemRoot\system32\DRIVERS\AmdPPM.sys
0xB8438000 \SystemRoot\system32\DRIVERS\fdc.sys
0xB6E20000 \SystemRoot\system32\DRIVERS\parport.sys
0xB7567000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xB8440000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xB6E0F000 \SystemRoot\system32\DRIVERS\serial.sys
0xB6E44000 \SystemRoot\system32\DRIVERS\serenum.sys
0xB8448000 \SystemRoot\system32\DRIVERS\usbohci.sys
0xB6DEB000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xB8450000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xB6DC3000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xB7557000 \SystemRoot\system32\DRIVERS\imapi.sys
0xB7547000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xB7537000 \SystemRoot\system32\DRIVERS\redbook.sys
0xB6DA0000 \SystemRoot\system32\DRIVERS\ks.sys
0xB8458000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xB7527000 \SystemRoot\system32\DRIVERS\nvnetbus.sys
0xB6CB7000 \SystemRoot\system32\DRIVERS\NVNRM.SYS
0xB6164000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xB6150000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xB6117000 \SystemRoot\System32\Drivers\a5udzaw0.SYS
0xB86CD000 \SystemRoot\system32\DRIVERS\audstub.sys
0xB7507000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xB8564000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB6100000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xB74F7000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xB74E7000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xB8378000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB60EF000 \SystemRoot\system32\DRIVERS\psched.sys
0xB8298000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xB8498000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xB1B62000 \SystemRoot\system32\DRIVERS\raspti.sys
0xB0211000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xB1142000 \SystemRoot\system32\DRIVERS\termdd.sys
0xB1B5A000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xB8654000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB0011000 \SystemRoot\system32\DRIVERS\update.sys
0xB5D67000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xB1112000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xB8258000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xB85BE000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xB8148000 \SystemRoot\system32\DRIVERS\NVENETFD.sys
0xAA46F000 \SystemRoot\system32\drivers\viahduaa.sys
0xAA44B000 \SystemRoot\system32\drivers\portcls.sys
0xB8288000 \SystemRoot\system32\drivers\drmk.sys
0xAA2D6000 \SystemRoot\system32\drivers\monfilt.sys
0xABB82000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0xB860E000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xB8744000 \SystemRoot\System32\Drivers\Null.SYS
0xB8616000 \SystemRoot\System32\Drivers\Beep.SYS
0xAAB2C000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xAAB24000 \SystemRoot\System32\drivers\vga.sys
0xB861A000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xB8618000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xAAB14000 \SystemRoot\System32\Drivers\Msfs.SYS
0xAAB0C000 \SystemRoot\System32\Drivers\Npfs.SYS
0xABA43000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xA9598000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xA953F000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xB0291000 \SystemRoot\System32\Drivers\aswTdi.SYS
0xA9517000 \SystemRoot\system32\DRIVERS\netbt.sys
0xAAAFC000 \SystemRoot\System32\Drivers\aswRdr.SYS
0xABA33000 \SystemRoot\System32\drivers\ws2ifsl.sys
0xA94EB000 \SystemRoot\System32\drivers\afd.sys
0xB0281000 \SystemRoot\system32\DRIVERS\netbios.sys
0xA946E000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xA93FE000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xB0261000 \SystemRoot\System32\Drivers\Fips.SYS
0xA93D8000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xB10D2000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xA93BC000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xA80F0000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xA93B4000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xA5BAE000 \SystemRoot\System32\Drivers\aswSP.SYS
0xA5B41000 \SystemRoot\System32\Drivers\aswSnx.SYS
0xA7AB1000 \SystemRoot\System32\Drivers\Aavmker4.SYS
0xA752A000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xB8554000 \SystemRoot\System32\Drivers\dump_diskdump.sys
0xA5AEE000 \SystemRoot\System32\Drivers\dump_nvgts.sys
0xBF800000 \SystemRoot\System32\win32k.sys
0xB855C000 \SystemRoot\System32\drivers\Dxapi.sys
0xA6707000 \SystemRoot\System32\watchdog.sys
0xBD000000 \SystemRoot\System32\drivers\dxg.sys
0xB8789000 \SystemRoot\System32\drivers\dxgthk.sys
0xBD012000 \SystemRoot\System32\nv4_disp.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xAE70B000 \??\C:\WINDOWS\system32\drivers\mbam.sys
0xAE70F000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0xA9FD3000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA5873000 \SystemRoot\System32\Drivers\aswMon2.SYS
0xA577E000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xA7AA1000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xA573B000 \SystemRoot\system32\DRIVERS\atksgt.sys
0xB83B8000 \SystemRoot\system32\DRIVERS\lirsgt.sys
0xA5699000 \SystemRoot\system32\DRIVERS\srv.sys
0xA542C000 \SystemRoot\system32\drivers\wdmaud.sys
0xA5531000 \SystemRoot\system32\drivers\sysaudio.sys
0xB83A0000 \??\C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\catchme.sys
0xA65B3000 \??\C:\WINDOWS\system32\Drivers\PROCEXP113.SYS
0xA517B000 \SystemRoot\System32\Drivers\HTTP.sys
0xA5150000 \SystemRoot\system32\drivers\kmixer.sys
0x7C910000 \WINDOWS\system32\ntdll.dll
0x10000000 \Archivos de programa\DAEMON Tools Lite\Engine.dll

Processes (total 26):
0 System Idle Process
4 System
604 C:\WINDOWS\system32\smss.exe
676 csrss.exe
700 C:\WINDOWS\system32\winlogon.exe
752 C:\WINDOWS\system32\services.exe
764 C:\WINDOWS\system32\lsass.exe
920 C:\WINDOWS\system32\svchost.exe
980 svchost.exe
1076 C:\WINDOWS\system32\svchost.exe
1160 svchost.exe
1220 svchost.exe
1412 C:\Archivos de programa\Alwil Software\Avast5\AvastSvc.exe
1636 C:\WINDOWS\system32\spoolsv.exe
1700 svchost.exe
1740 C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1756 C:\Archivos de programa\Bonjour\mDNSResponder.exe
1832 C:\Archivos de programa\Java\jre6\bin\jqs.exe
144 C:\Archivos de programa\Malwarebytes' Anti-Malware\mbamservice.exe
200 C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7DEBUG\mdm.exe
240 C:\WINDOWS\system32\nvsvc32.exe
268 C:\Archivos de programa\Archivos comunes\Protexis\License Service\PsiService_2.exe
1944 alg.exe
2020 C:\WINDOWS\system32\wbem\wmiapsrv.exe
4048 C:\WINDOWS\explorer.exe
3796 C:\Documents and Settings\Administrador\Escritorio\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: HDS728080PLA380, Rev: PF2OA6BA

Size Device Name MBR Status
--------------------------------------------
76 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 77FAC0B8A12A8FA01F9977882D41261898FB36E7

Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

3) OTL

OTL logfile created on: 18/01/2012 18:11:29 - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Administrador\Escritorio
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C0A | Country: España | Language: ESN | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 1,54 Gb Available Physical Memory | 77,18% Memory free
3,16 Gb Paging File | 2,93 Gb Available in Paging File | 92,61% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Archivos de programa
Drive C: | 76,69 Gb Total Space | 14,37 Gb Free Space | 18,74% Space Free | Partition Type: NTFS

Computer Name: ASROCKN68 | User Name: Administrador | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Administrador\Escritorio\OTL.exe (OldTimer Tools)
PRC - C:\Archivos de programa\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Archivos de programa\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
PRC - C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - c:\Archivos de programa\Archivos comunes\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7DEBUG\mdm.exe (Microsoft Corporation)

========== Modules (No Company Name) ==========

MOD - C:\Archivos de programa\Alwil Software\Avast5\defs\12011801\algo.dll ()
MOD - C:\Archivos de programa\WinRAR\RarExt.dll ()

========== Win32 Services (SafeList) ==========

SRV - (RichVideo) Cyberlink RichVideo Service(CRVS) -- File not found
SRV - (CTAudSvcService) -- File not found
SRV - (MBAMService) -- C:\Archivos de programa\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (avast! Antivirus) -- C:\Archivos de programa\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (FLEXnet Licensing Service) -- C:\Archivos de programa\Archivos comunes\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (Apple Mobile Device) -- C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (PSI_SVC_2) -- c:\Archivos de programa\Archivos comunes\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (NMIndexingService) -- C:\Archivos de programa\Archivos comunes\Nero\Lib\NMIndexingService.exe (Nero AG)
SRV - (Adobe Version Cue CS3) -- C:\Archivos de programa\Archivos comunes\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe (Adobe Systems Incorporated)
SRV - (odserv) -- C:\Archivos de programa\Archivos comunes\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose) -- C:\Archivos de programa\Archivos comunes\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (MDM) -- C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (catchme) -- File not found
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (atksgt) -- C:\WINDOWS\system32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\WINDOWS\system32\drivers\lirsgt.sys ()
DRV - (aswSnx) -- C:\WINDOWS\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (AVAST Software)
DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (VIAHdAudAddService) -- C:\WINDOWS\system32\drivers\viahduaa.sys (VIA Technologies, Inc.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (nvgts) -- C:\WINDOWS\system32\DRIVERS\nvgts.sys (NVIDIA Corporation)
DRV - (nvnetbus) -- C:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation)
DRV - (monfilt) -- C:\WINDOWS\system32\drivers\monfilt.sys (Creative Technology Ltd.)
DRV - (AmdPPM) -- C:\WINDOWS\system32\drivers\AmdPPM.sys (Advanced Micro Devices)
DRV - (HPFXBULK) -- C:\WINDOWS\system32\drivers\hpfxbulk.sys (Hewlett Packard)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1801674531-484061587-839522115-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.ar/
IE - HKU\S-1-5-21-1801674531-484061587-839522115-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = es
IE - HKU\S-1-5-21-1801674531-484061587-839522115-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP =
IE - HKU\S-1-5-21-1801674531-484061587-839522115-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Archivos de programa\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Archivos de programa\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Archivos de programa\Microsoft Silverlight\3.0.40624.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Archivos de programa\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Archivos de programa\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Archivos de programa\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Archivos de programa\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\[email protected] [2011/10/15 12:25:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Archivos de programa\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\[email protected] [2011/10/15 13:49:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Archivos de programa\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\[email protected] [2011/10/15 12:25:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Archivos de programa\Mozilla Firefox\components [2012/01/02 15:19:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Archivos de programa\Mozilla Firefox\plugins [2011/09/21 18:35:16 | 000,000,000 | ---D | M]

[2011/09/05 10:56:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrador\Datos de programa\Mozilla\Extensions
[2011/10/15 21:26:18 | 000,000,000 | ---D | M] (No name found) -- C:\Archivos de programa\Mozilla Firefox\extensions
[2011/10/15 12:17:06 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Archivos de programa\Mozilla Firefox\extensions\[email protected]_bak
[2011/10/15 12:17:05 | 000,000,000 | ---D | M] (Supervisor Kaspersky de vínculos URL) -- C:\Archivos de programa\Mozilla Firefox\extensions\[email protected]_bak
[2012/01/02 15:19:13 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Archivos de programa\mozilla firefox\components\browsercomps.dll
[2011/08/17 17:16:39 | 000,002,252 | ---- | M] () -- C:\Archivos de programa\mozilla firefox\searchplugins\bing.xml
[2011/08/17 17:16:39 | 000,001,143 | ---- | M] () -- C:\Archivos de programa\mozilla firefox\searchplugins\eBay-es.xml
[2012/01/02 15:19:13 | 000,002,040 | ---- | M] () -- C:\Archivos de programa\mozilla firefox\searchplugins\twitter.xml
[2011/08/17 17:16:39 | 000,001,178 | ---- | M] () -- C:\Archivos de programa\mozilla firefox\searchplugins\wikipedia-es.xml
[2011/08/17 17:16:39 | 000,001,102 | ---- | M] () -- C:\Archivos de programa\mozilla firefox\searchplugins\yahoo-es.xml

O1 HOSTS File: ([2012/01/18 13:47:20 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Archivos de programa\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Archivos de programa\Archivos comunes\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\_OTL\MovedFiles\01172012_191348\C_Archivos de programa\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)
O2 - BHO: (Windows Live Aplicación auxiliar de inicio de sesión) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Archivos de programa\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Archivos de programa\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Archivos de programa\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O3 - HKU\S-1-5-21-1801674531-484061587-839522115-500\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Archivos de programa\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Archivos de programa\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe_ID0EYTHM] C:\Archivos de programa\Archivos comunes\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Archivos de programa\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [ToolBoxFX] C:\Archivos de programa\HP\ToolBoxFX\bin\HPTLBXFX.exe (HP)
O4 - HKU\S-1-5-21-1801674531-484061587-839522115-500..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Archivos de programa\Archivos comunes\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1801674531-484061587-839522115-500\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1801674531-484061587-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1801674531-484061587-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1801674531-484061587-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &D&ownload &with BitComet - C:\_OTL\MovedFiles\01172012_191348\C_Archivos de programa\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all with BitComet - C:\_OTL\MovedFiles\01172012_191348\C_Archivos de programa\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Append to existing PDF - C:\Archivos de programa\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Archivos de programa\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Archivos de programa\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Archivos de programa\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Archivos de programa\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Archivos de programa\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Archivos de programa\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Archivos de programa\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Sothink SWF Catcher - C:\Archivos de programa\Archivos comunes\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\_OTL\MovedFiles\01172012_191348\C_Archivos de programa\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)
O9 - Extra Button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Archivos de programa\Archivos comunes\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra 'Tools' menuitem : Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Archivos de programa\Archivos comunes\SourceTec\SWF Catcher\InternetExplorer.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Archivos de programa\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8CC51F53-12C6-479B-9CB3-41AAAA2BDEE0}: DhcpNameServer = 10.0.0.2
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - (C:\WINDOWS\system32\klogon.dll) - File not found
O24 - Desktop Components:0 (Mi página de inicio actual) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Microsoft\Wallpaper1.bmp
O29 - HKLM SecurityProviders - (AxhoccUbsugk.dll) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/10/20 17:02:31 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (aswBoot.exe /M:677200e34)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/18 17:49:20 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrador\Recent
[2012/01/18 14:15:24 | 000,435,032 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2012/01/18 14:15:23 | 000,041,184 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2012/01/18 13:51:51 | 004,387,138 | R--- | C] (Swearware) -- C:\Documents and Settings\Administrador\Escritorio\ComboFix.exe
[2012/01/18 12:41:25 | 004,713,472 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Administrador\Escritorio\aswMBR.exe
[2012/01/18 12:34:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrador\Escritorio\TROJAN _ MALWARE - Geeks to Go Forums_files
[2012/01/17 20:38:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrador\Escritorio\ANTIVIRUS
[2012/01/17 20:19:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrador\Datos de programa\BitComet
[2012/01/17 19:33:39 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/01/17 19:21:09 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/01/17 19:21:09 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/01/17 19:21:09 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/01/17 19:21:09 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/01/17 19:21:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/01/17 19:21:00 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/01/17 19:20:57 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrador\Menú Inicio\Programas\Herramientas administrativas
[2012/01/17 19:13:48 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/01/17 19:10:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrador\Escritorio\RK_Quarantine
[2012/01/17 10:59:17 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrador\Escritorio\OTL.exe
[2012/01/17 10:18:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrador\Menú Inicio\Programas\CleanUp!
[2012/01/17 10:18:04 | 000,000,000 | ---D | C] -- C:\Archivos de programa\CleanUp!
[2012/01/17 01:17:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrador\Datos de programa\Malwarebytes
[2012/01/17 01:16:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menú Inicio\Programas\Malwarebytes' Anti-Malware
[2012/01/17 01:16:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Datos de programa\Malwarebytes
[2012/01/17 01:16:54 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/01/17 01:16:54 | 000,000,000 | ---D | C] -- C:\Archivos de programa\Malwarebytes' Anti-Malware
[2012/01/16 21:08:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2012/01/16 20:54:49 | 000,000,000 | ---D | C] -- C:\JFK_4X3LB_LATIN_AMERICA_SIDE_B
[2012/01/16 20:38:49 | 000,000,000 | ---D | C] -- C:\JFK_4X3_LB_LATIN_A
[2012/01/13 12:08:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrador\Datos de programa\FileZilla
[2012/01/11 18:27:31 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrador\IECompatCache
[2012/01/04 15:47:58 | 000,049,664 | ---- | C] (CamStudio Group) -- C:\WINDOWS\System32\CamCodec.dll
[2012/01/04 15:47:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menú Inicio\Programas\CamStudio
[2012/01/04 15:47:57 | 000,000,000 | ---D | C] -- C:\Archivos de programa\CamStudio 2.6b
[2011/12/27 16:34:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrador\Escritorio\BONDIS

========== Files - Modified Within 30 Days ==========

[2012/01/18 17:55:37 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/01/18 17:43:42 | 000,346,105 | ---- | M] () -- C:\Documents and Settings\Administrador\Escritorio\TROJAN _ MALWARE - Geeks to Go Forums.htm
[2012/01/18 17:42:32 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Administrador\Escritorio\MBRCheck.exe
[2012/01/18 15:53:00 | 000,212,641 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2012/01/18 15:43:16 | 000,000,780 | ---- | M] () -- C:\Documents and Settings\All Users\Escritorio\Mozilla Firefox.lnk
[2012/01/18 14:15:24 | 000,002,958 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012/01/18 14:09:33 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Administrador\Escritorio\MBR.dat
[2012/01/18 13:53:43 | 004,387,138 | R--- | M] (Swearware) -- C:\Documents and Settings\Administrador\Escritorio\ComboFix.exe
[2012/01/18 13:47:20 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2012/01/18 12:41:08 | 004,713,472 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Administrador\Escritorio\aswMBR.exe
[2012/01/17 19:33:45 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/01/17 19:24:09 | 000,000,000 | -HS- | M] () -- C:\WINDOWS\System32\dds_log_trash.cmd
[2012/01/17 10:59:28 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrador\Escritorio\OTL.exe
[2012/01/15 10:58:26 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/01/13 12:59:01 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012/01/09 14:21:13 | 002,910,251 | ---- | M] () -- C:\Documents and Settings\Administrador\Escritorio\Walicki.JPG
[2011/12/20 08:18:04 | 001,881,952 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2012/01/18 17:42:49 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\Administrador\Escritorio\MBRCheck.exe
[2012/01/18 15:43:16 | 000,000,780 | ---- | C] () -- C:\Documents and Settings\All Users\Escritorio\Mozilla Firefox.lnk
[2012/01/18 14:09:33 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Administrador\Escritorio\MBR.dat
[2012/01/18 12:34:11 | 000,346,105 | ---- | C] () -- C:\Documents and Settings\Administrador\Escritorio\TROJAN _ MALWARE - Geeks to Go Forums.htm
[2012/01/17 19:33:45 | 000,000,210 | ---- | C] () -- C:\Boot.bak
[2012/01/17 19:33:42 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/01/17 19:24:09 | 000,000,000 | -HS- | C] () -- C:\WINDOWS\System32\dds_log_trash.cmd
[2012/01/17 19:21:09 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/01/17 19:21:09 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/01/17 19:21:09 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/01/17 19:21:09 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/01/17 19:21:09 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/01/09 14:21:12 | 002,910,251 | ---- | C] () -- C:\Documents and Settings\Administrador\Escritorio\Walicki.JPG
[2011/11/29 13:04:24 | 000,281,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2011/11/29 13:04:23 | 000,025,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2011/09/16 17:41:47 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/09/05 11:51:32 | 000,012,800 | ---- | C] () -- C:\Documents and Settings\Administrador\Configuración local\Datos de programa\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/09/05 10:35:54 | 000,000,142 | ---- | C] () -- C:\Documents and Settings\Administrador\Configuración local\Datos de programa\fusioncache.dat
[2011/09/02 19:18:32 | 000,000,378 | ---- | C] () -- C:\WINDOWS\hpbvspst.ini
[2011/09/02 19:18:21 | 000,001,275 | ---- | C] () -- C:\WINDOWS\hpbvnstp.ini
[2011/09/02 19:13:13 | 000,093,956 | ---- | C] () -- C:\WINDOWS\hppins03.dat
[2011/09/02 19:13:13 | 000,001,822 | ---- | C] () -- C:\WINDOWS\hppmdl03.dat
[2011/08/11 00:49:04 | 000,000,034 | ---- | C] () -- C:\WINDOWS\System32\imon1.dat
[2011/08/03 19:26:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/08/02 17:48:13 | 002,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
[2011/08/02 17:22:15 | 004,161,944 | ---- | C] () -- C:\Documents and Settings\LocalService\Configuración local\Datos de programa\FontCache3.0.0.0.dat
[2011/01/14 14:41:23 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2011/01/14 14:40:28 | 000,000,012 | ---- | C] () -- C:\Documents and Settings\All Users\Datos de programa\ReminderNextRun
[2011/01/14 14:32:31 | 000,000,870 | ---- | C] () -- C:\WINDOWS\wincmd.ini
[2009/10/20 19:47:54 | 000,000,231 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2009/10/20 19:45:18 | 000,000,379 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/10/20 19:41:06 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/10/20 19:41:06 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2009/10/20 19:41:04 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2009/10/20 19:41:04 | 000,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/10/20 19:41:04 | 000,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/10/20 19:41:03 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/10/20 17:09:02 | 000,003,948 | R--- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin
[2009/10/20 17:08:06 | 000,005,417 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2009/10/20 17:08:05 | 000,010,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2009/10/20 17:04:08 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/10/20 17:00:29 | 000,021,900 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/10/20 12:53:45 | 000,004,205 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/10/20 12:52:55 | 001,881,952 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/04/13 21:03:00 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2009/04/13 21:03:00 | 001,657,376 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2009/04/13 21:03:00 | 001,503,232 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2009/04/13 21:03:00 | 001,346,080 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2009/04/13 21:03:00 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2009/04/13 21:03:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2009/04/13 21:03:00 | 000,449,056 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2009/04/13 21:03:00 | 000,436,768 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2005/12/01 08:33:55 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\hppapr02.DLL
[2005/09/07 07:34:50 | 000,000,526 | ---- | C] () -- C:\WINDOWS\System32\hppapr02.DAT
[2004/08/20 09:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/20 09:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/20 09:00:00 | 000,508,270 | ---- | C] () -- C:\WINDOWS\System32\perfh00A.dat
[2004/08/20 09:00:00 | 000,443,724 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/20 09:00:00 | 000,317,534 | ---- | C] () -- C:\WINDOWS\System32\perfi00A.dat
[2004/08/20 09:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/20 09:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/20 09:00:00 | 000,091,854 | ---- | C] () -- C:\WINDOWS\System32\perfc00A.dat
[2004/08/20 09:00:00 | 000,071,982 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/20 09:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/20 09:00:00 | 000,036,284 | ---- | C] () -- C:\WINDOWS\System32\perfd00A.dat
[2004/08/20 09:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/20 09:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/20 09:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/20 09:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/20 09:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2001/07/06 16:30:02 | 000,003,269 | ---- | C] () -- C:\WINDOWS\System32\HPTCPMON.INI

========== LOP Check ==========

[2012/01/17 20:19:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Datos de programa\BitComet
[2011/09/07 10:29:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Datos de programa\DAEMON Tools Lite
[2012/01/13 16:22:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Datos de programa\FileZilla
[2011/10/24 12:57:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Datos de programa\MAXON
[2011/11/29 13:08:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Datos de programa\Ubisoft
[2011/10/24 15:44:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\Alwil Software
[2011/08/27 20:58:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\DAEMON Tools Lite
[2011/10/24 15:39:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\G DATA
[2011/11/29 13:05:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\Tages
[2011/08/03 22:07:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/09/03 15:50:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Usuario\Datos de programa\BitComet
[2011/08/27 21:02:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Usuario\Datos de programa\DAEMON Tools Lite
[2011/08/04 17:32:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Usuario\Datos de programa\MAXON

========== Purity Check ==========

< End of report >

So after it was posible to restart the PC I noticed that it was a little bit slower (Corroborating that by checking the speed of the CCleaner while executing a cleanup). So I run the Avast and it founded several viruses. Anyway let me know if I am doing something wrong here. Very worried about it.