Well here are the results:
1) RKreport[1].txt
RogueKiller V6.2.4 [01/12/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback:
http://www.geekstogo...13-roguekiller/Blog:
http://tigzyrk.blogspot.comOperating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Administrador [Admin rights]
Mode: Remove -- Date : 01/17/2012 19:11:30
¤¤¤ Bad processes: 0 ¤¤¤
¤¤¤ Registry Entries: 1 ¤¤¤
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver: [LOADED] ¤¤¤
¤¤¤ Infection : ZeroAccess ¤¤¤
[ZeroAccess] (LOCKED) windir\NtUpdateKBxxxx present!
¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: +++++
--- User ---
[MBR] 8faf30b47ae9904e730ff316b216322e
[BSP] d566f91ad9e361730e905f1f69f387db : MBR Code unknown
Partition table:
0 - [ACTIVE] NTFS [VISIBLE] Offset (sectors): 63 | Size: 82343 Mo
User = LL1 ... OK!
Error reading LL2 MBR!
Finished : << RKreport[1].txt >>
RKreport[1].txt
2) *NOTE: the programe didn´t create the other .txt you´re asking for the RogueKiller, Just this one.
3) OTL fix Log
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache_TIMESTAMP| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@java.com/JavaPlugin\ deleted successfully.
C:\Archivos de programa\Java\jre6\bin\new_plugin\npjp2.dll moved successfully.
C:\Archivos de programa\Mozilla Firefox\plugins\npBitCometAgent.dll moved successfully.
C:\Archivos de programa\Mozilla Firefox\searchplugins\drae.xml moved successfully.
C:\Archivos de programa\Mozilla Firefox\searchplugins\fcmdSrch.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}\ deleted successfully.
C:\Archivos de programa\BitComet\tools\BitCometBHO_1.5.4.11.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&D&escargar &con BitComet\ deleted successfully.
C:\Archivos de programa\BitComet\BitComet.exe moved successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&D&escargar todo con BitComet\ deleted successfully.
File C:\Archivos de programa\BitComet\BitComet.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A}\ not found.
File C:\Archivos de programa\BitComet\tools\BitCometBHO_1.5.4.11.dll not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
C:\Documents and Settings\Administrador\Configuración local\Datos de programa\1571a130\U folder moved successfully.
C:\Documents and Settings\Administrador\Configuración local\Datos de programa\1571a130 folder moved successfully.
C:\WINDOWS\system32\AxhoccUbsugk.dll moved successfully.
C:\Documents and Settings\Administrador\Datos de programa\BitComet\torrents folder moved successfully.
C:\Documents and Settings\Administrador\Datos de programa\BitComet\share folder moved successfully.
C:\Documents and Settings\Administrador\Datos de programa\BitComet\rules folder moved successfully.
C:\Documents and Settings\Administrador\Datos de programa\BitComet\fav folder moved successfully.
C:\Documents and Settings\Administrador\Datos de programa\BitComet\cache folder moved successfully.
C:\Documents and Settings\Administrador\Datos de programa\BitComet\archive folder moved successfully.
C:\Documents and Settings\Administrador\Datos de programa\BitComet folder moved successfully.
C:\Documents and Settings\All Users\Datos de programa\Bitstream\Font Navigator\6.0\Groups folder moved successfully.
C:\Documents and Settings\All Users\Datos de programa\Bitstream\Font Navigator\6.0\Data_NT folder moved successfully.
C:\Documents and Settings\All Users\Datos de programa\Bitstream\Font Navigator\6.0\Cache folder moved successfully.
C:\Documents and Settings\All Users\Datos de programa\Bitstream\Font Navigator\6.0 folder moved successfully.
C:\Documents and Settings\All Users\Datos de programa\Bitstream\Font Navigator folder moved successfully.
C:\Documents and Settings\All Users\Datos de programa\Bitstream folder moved successfully.
ADS C:\WINDOWS\System32\alg.exe:SummaryInformation deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >Configuración IP de Windows
Se vació con éxito la caché de resolución de DNS.
C:\Documents and Settings\Administrador\Escritorio\cmd.bat deleted successfully.
C:\Documents and Settings\Administrador\Escritorio\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C >0 archivos copiados
C:\Documents and Settings\Administrador\Escritorio\cmd.bat deleted successfully.
C:\Documents and Settings\Administrador\Escritorio\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C >0 archivos copiados
C:\Documents and Settings\Administrador\Escritorio\cmd.bat deleted successfully.
C:\Documents and Settings\Administrador\Escritorio\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C >0 archivos copiados
C:\Documents and Settings\Administrador\Escritorio\cmd.bat deleted successfully.
C:\Documents and Settings\Administrador\Escritorio\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C >0 archivos copiados
C:\Documents and Settings\Administrador\Escritorio\cmd.bat deleted successfully.
C:\Documents and Settings\Administrador\Escritorio\cmd.txt deleted successfully.
< C:\Documents and Settings\All Users\Datos de programa\Temp\*.* /s /c >C:\Documents and Settings\Administrador\Escritorio\cmd.bat deleted successfully.
C:\Documents and Settings\Administrador\Escritorio\cmd.txt deleted successfully.
C:\WINDOWS\System32\alg.exe moved successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYFLASH]
User: Administrador
->Flash cache emptied: 1252 bytes
User: All Users
User: Default User
User: LocalService
User: NetworkService
User: Usuario
->Flash cache emptied: 3085 bytes
Total Flash Files Cleaned = 0,00 mb
[EMPTYJAVA]
User: Administrador
->Java cache emptied: 343169 bytes
User: All Users
User: Default User
User: LocalService
User: NetworkService
User: Usuario
->Java cache emptied: 696535 bytes
Total Java Files Cleaned = 1,00 mb
Restore point Set: OTL Restore Point (0)
OTL by OldTimer - Version 3.2.31.0 log created on 01172012_191348
4) Combofix.txt
ComboFix 12-01-17.01 - Administrador 17/01/2012 19:40:14.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.34.3082.18.2047.1679 [GMT -3:00]
Running from: c:\documents and settings\Administrador\Escritorio\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Datos de programa\TEMP
c:\documents and settings\All Users\Datos de programa\TEMP\{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}\PostBuild.exe
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\system32\ \updaterSettings.ini
c:\windows\system32\winlogon.bak
.
.
((((((((((((((((((((((((( Files Created from 2011-12-17 to 2012-01-17 )))))))))))))))))))))))))))))))
.
.
2012-01-17 22:24 . 2012-01-17 22:24 0 --sha-w- c:\windows\system32\dds_log_trash.cmd
2012-01-17 22:13 . 2012-01-17 22:13 -------- d-----w- C:\_OTL
2012-01-17 13:18 . 2012-01-17 13:18 -------- d-----w- c:\archivos de programa\CleanUp!
2012-01-17 04:17 . 2012-01-17 04:17 -------- d-----w- c:\documents and settings\Administrador\Datos de programa\Malwarebytes
2012-01-17 04:16 . 2012-01-17 04:16 -------- d-----w- c:\documents and settings\All Users\Datos de programa\Malwarebytes
2012-01-17 04:16 . 2012-01-17 04:16 -------- d-----w- c:\archivos de programa\Malwarebytes' Anti-Malware
2012-01-17 04:16 . 2011-12-10 18:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-16 23:54 . 2012-01-16 23:54 -------- d-----w- C:\JFK_4X3LB_LATIN_AMERICA_SIDE_B
2012-01-16 23:38 . 2012-01-16 23:38 -------- d-----w- C:\JFK_4X3_LB_LATIN_A
2012-01-13 15:08 . 2012-01-13 19:22 -------- d-----w- c:\documents and settings\Administrador\Datos de programa\FileZilla
2012-01-11 21:27 . 2012-01-11 21:27 -------- d-sh--w- c:\documents and settings\Administrador\IECompatCache
2012-01-04 18:47 . 2010-10-24 03:56 49664 ----a-w- c:\windows\system32\CamCodec.dll
2012-01-04 18:47 . 2012-01-04 18:47 -------- d-----w- c:\archivos de programa\CamStudio 2.6b
2012-01-02 18:19 . 2012-01-02 18:19 626688 ----a-w- c:\archivos de programa\Mozilla Firefox\msvcr80.dll
2012-01-02 18:19 . 2012-01-02 18:19 548864 ----a-w- c:\archivos de programa\Mozilla Firefox\msvcp80.dll
2012-01-02 18:19 . 2012-01-02 18:19 479232 ----a-w- c:\archivos de programa\Mozilla Firefox\msvcm80.dll
2012-01-02 18:19 . 2012-01-02 18:19 43992 ----a-w- c:\archivos de programa\Mozilla Firefox\mozutils.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-17 00:51 . 2004-08-20 12:00 44544 ----a-w- c:\windows\system32\alg.exe
2011-11-29 16:04 . 2011-11-29 16:04 281760 ----a-w- c:\windows\system32\drivers\atksgt.sys
2011-11-29 16:04 . 2011-11-29 16:04 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2011-11-08 20:12 . 2011-11-08 20:13 286720 ----a-w- c:\windows\iun506.exe
2012-01-02 18:19 . 2011-08-03 22:26 121816 ----a-w- c:\archivos de programa\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2009-10-20 . 7147BBE51D9D5B8974FB4FD9E38BA18A . 510976 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[-] 2009-10-20 . E870CE8ABA525F6A5263693C783F5906 . 505344 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\winlogon.exe
[7] 2008-04-14 . 213C80D912880BBF04453D09FFCCB28C . 510976 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\winlogon.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\archivos de programa\Archivos comunes\Nero\Lib\NMIndexStoreSvr.exe" [2007-12-13 1688872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-04-14 13684736]
"nwiz"="nwiz.exe" [2009-04-14 1657376]
"RTHDCPL"="RTHDCPL.EXE" [2008-10-28 17331200]
"HDAudDeck"="c:\archivos de programa\VIA\VIAudioi\HDADeck\HDeck.exe" [2009-06-01 33624064]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-04-14 86016]
"Acrobat Assistant 8.0"="c:\archivos de programa\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-11 624248]
"QuickTime Task"="c:\archivos de programa\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\archivos de programa\iTunes\iTunesHelper.exe" [2011-07-19 421736]
"ToolBoxFX"="c:\archivos de programa\HP\ToolBoxFX\bin\HPTLBXFX.exe" [2005-11-21 45056]
"HP Software Update"="c:\archivos de programa\HP\HP Software Update\HPWuSchd2.exe" [2005-09-24 49152]
"avast5"="c:\archiv~1\ALWILS~1\Avast5\avastUI.exe" [2010-02-11 2756488]
"Malwarebytes' Anti-Malware"="c:\archivos de programa\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0aswBoot.exe /M:677200e34
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, AxhoccUbsugk.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-06-12 05:38 34672 ----a-w- c:\archivos de programa\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-27 03:47 31016 ----a-w- c:\archivos de programa\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 17:57 153136 ----a-w- c:\archivos de programa\Archivos comunes\Nero\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVD9LanguageShortcut]
2008-10-13 23:41 50472 ------w- c:\archivos de programa\CyberLink\PowerDVD9\Language\Language.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 20:38 421888 ----a-w- c:\archivos de programa\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl9]
2009-02-16 12:55 87336 ------w- c:\archivos de programa\CyberLink\PowerDVD9\PDVD9Serv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 14:44 248552 ----a-w- c:\archivos de programa\Archivos comunes\Java\Java Update\jusched.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Archivos de programa\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Archivos de programa\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Archivos de programa\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Archivos de programa\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Archivos de programa\\Skype\\Phone\\Skype.exe"=
"c:\\Archivos de programa\\Ares\\Ares.exe"=
"c:\\Archivos de programa\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Archivos de programa\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Archivos de programa\\Archivos comunes\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"c:\\Archivos de programa\\Bonjour\\mDNSResponder.exe"=
"c:\\Archivos de programa\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Archivos de programa\\Ubisoft\\Related Designs\\ANNO 1404\\Anno4.exe"=
"c:\\Archivos de programa\\Ubisoft\\Related Designs\\ANNO 1404\\tools\\Anno4Web.exe"=
"c:\\Archivos de programa\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server
"9032:TCP"= 9032:TCP:BitComet 9032 TCP
"9032:UDP"= 9032:UDP:BitComet 9032 UDP
"13687:TCP"= 13687:TCP:BitComet 13687 TCP
"13687:UDP"= 13687:UDP:BitComet 13687 UDP
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [27/08/2011 20:58 691696]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [24/10/2011 15:44 162512]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [24/10/2011 15:44 19024]
R2 MBAMService;MBAMService;c:\archivos de programa\Malwarebytes' Anti-Malware\mbamservice.exe [17/01/2012 1:16 652872]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [17/01/2012 1:16 20464]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [19/03/2010 8:57 1358720]
S3 AsrCDDrv;AsrCDDrv;\??\c:\windows\system32\Drivers\AsrCDDrv.sys --> c:\windows\system32\Drivers\AsrCDDrv.sys [?]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
CTAudSvcService
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.ar/
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append to existing PDF - c:\archivos de programa\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\archivos de programa\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\archivos de programa\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\archivos de programa\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\archivos de programa\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\archivos de programa\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\archivos de programa\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\archivos de programa\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xportar a Microsoft Excel - c:\archiv~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Sothink SWF Catcher - c:\archivos de programa\Archivos comunes\SourceTec\SWF Catcher\InternetExplorer.htm
TCP: DhcpNameServer = 10.0.0.2
FF - ProfilePath - c:\documents and settings\Administrador\Datos de programa\Mozilla\Firefox\Profiles\hmhy79e8.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.ar/
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-UpdateReminder - c:\archivos de programa\Eset\UpdateReminder.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2012-01-17 19:47
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HDAudDeck = c:\archivos de programa\VIA\VIAudioi\HDADeck\HDeck.exe 1???????????????????????????????????????????????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1801674531-484061587-839522115-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,7a,68,b2,85,63,a1,73,4d,81,f8,3c,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,7a,68,b2,85,63,a1,73,4d,81,f8,3c,\
.
Completion time: 2012-01-17 19:48:27
ComboFix-quarantined-files.txt 2012-01-17 22:48
.
Pre-Run: 11.129.339.904 bytes libres
Post-Run: 11.396.894.720 bytes libres
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 4428DA915DBE5177EFA237EE63659202
5) TDSSKILLER log
19:50:54.0078 0432 TDSS rootkit removing tool 2.7.3.0 Jan 16 2012 18:53:41
19:50:54.0921 0432 ============================================================
19:50:54.0921 0432 Current date / time: 2012/01/17 19:50:54.0921
19:50:54.0921 0432 SystemInfo:
19:50:54.0921 0432
19:50:54.0921 0432 OS Version: 5.1.2600 ServicePack: 3.0
19:50:54.0921 0432 Product type: Workstation
19:50:54.0921 0432 ComputerName: ASROCKN68
19:50:54.0921 0432 UserName: Administrador
19:50:54.0921 0432 Windows directory: C:\WINDOWS
19:50:54.0921 0432 System windows directory: C:\WINDOWS
19:50:54.0921 0432 Processor architecture: Intel x86
19:50:54.0921 0432 Number of processors: 1
19:50:54.0921 0432 Page size: 0x1000
19:50:54.0921 0432 Boot type: Normal boot
19:50:54.0921 0432 ============================================================
19:50:55.0500 0432 Drive \Device\Harddisk0\DR0 - Size: 0x132C570000 (76.69 Gb), SectorSize: 0x200, Cylinders: 0x271B, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000058
19:50:55.0531 0432 Initialize success
19:51:29.0093 2088 ============================================================
19:51:29.0093 2088 Scan started
19:51:29.0093 2088 Mode: Manual; SigCheck; TDLFS;
19:51:29.0093 2088 ============================================================
19:51:29.0390 2088 Aavmker4 (31a8ab3deb93e3d90717ad8fb0974c3f) C:\WINDOWS\system32\drivers\Aavmker4.sys
19:51:29.0453 2088 Aavmker4 - ok
19:51:29.0468 2088 Abiosdsk - ok
19:51:29.0468 2088 abp480n5 - ok
19:51:29.0500 2088 ACPI (cf2a07e1751a2d612d7e13aa431ab057) C:\WINDOWS\system32\DRIVERS\ACPI.sys
19:51:29.0656 2088 ACPI - ok
19:51:29.0750 2088 ACPIEC (1c905333c0b9f3d7c68ddf25e54b00f9) C:\WINDOWS\system32\drivers\ACPIEC.sys
19:51:29.0843 2088 ACPIEC - ok
19:51:29.0843 2088 adpu160m - ok
19:51:29.0890 2088 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
19:51:29.0968 2088 aec - ok
19:51:30.0062 2088 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
19:51:30.0109 2088 AFD - ok
19:51:30.0109 2088 Aha154x - ok
19:51:30.0125 2088 aic78u2 - ok
19:51:30.0140 2088 aic78xx - ok
19:51:30.0140 2088 AliIde - ok
19:51:30.0171 2088 AmdPPM (033448d435e65c4bd72e70521fd05c76) C:\WINDOWS\system32\DRIVERS\AmdPPM.sys
19:51:30.0203 2088 AmdPPM - ok
19:51:30.0296 2088 amsint - ok
19:51:30.0312 2088 asc - ok
19:51:30.0328 2088 asc3350p - ok
19:51:30.0328 2088 asc3550 - ok
19:51:30.0359 2088 AsrCDDrv - ok
19:51:30.0390 2088 aswFsBlk (a289930e70f3fa3b07df80d2b052794e) C:\WINDOWS\system32\drivers\aswFsBlk.sys
19:51:30.0390 2088 aswFsBlk - ok
19:51:30.0453 2088 aswMon2 (1aca2b7efe91ca68ceed9c904ed3310d) C:\WINDOWS\system32\drivers\aswMon2.sys
19:51:30.0468 2088 aswMon2 - ok
19:51:30.0484 2088 aswRdr (cc40b9c301af5d145713b2764eec3907) C:\WINDOWS\system32\drivers\aswRdr.sys
19:51:30.0484 2088 aswRdr - ok
19:51:30.0515 2088 aswSP (67db88b01fc1d815968230458814eb8d) C:\WINDOWS\system32\drivers\aswSP.sys
19:51:30.0515 2088 aswSP - ok
19:51:30.0546 2088 aswTdi (ec8ef1ce2d6ca1071be8b7888ffa48c0) C:\WINDOWS\system32\drivers\aswTdi.sys
19:51:30.0546 2088 aswTdi - ok
19:51:30.0578 2088 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
19:51:30.0656 2088 AsyncMac - ok
19:51:30.0750 2088 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
19:51:30.0828 2088 atapi - ok
19:51:30.0828 2088 Atdisk - ok
19:51:30.0875 2088 atksgt (f0d933b42cd0594048e4d5200ae9e417) C:\WINDOWS\system32\DRIVERS\atksgt.sys
19:51:30.0890 2088 atksgt - ok
19:51:30.0906 2088 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
19:51:30.0968 2088 Atmarpc - ok
19:51:30.0984 2088 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
19:51:31.0078 2088 audstub - ok
19:51:31.0125 2088 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
19:51:31.0203 2088 Beep - ok
19:51:31.0265 2088 catchme - ok
19:51:31.0359 2088 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
19:51:31.0468 2088 cbidf2k - ok
19:51:31.0468 2088 cd20xrnt - ok
19:51:31.0484 2088 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
19:51:31.0562 2088 Cdaudio - ok
19:51:31.0609 2088 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
19:51:31.0656 2088 Cdfs - ok
19:51:31.0671 2088 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
19:51:31.0750 2088 Cdrom - ok
19:51:31.0843 2088 Changer - ok
19:51:31.0859 2088 CmdIde - ok
19:51:31.0875 2088 Cpqarray - ok
19:51:31.0890 2088 dac2w2k - ok
19:51:31.0890 2088 dac960nt - ok
19:51:31.0937 2088 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
19:51:32.0015 2088 Disk - ok
19:51:32.0078 2088 dmboot (c252a99c0a78b39faa2e2d1d048b1050) C:\WINDOWS\system32\drivers\dmboot.sys
19:51:32.0203 2088 dmboot - ok
19:51:32.0296 2088 dmio (33b4d4039cd2cb25351a7bf13b2988d9) C:\WINDOWS\system32\drivers\dmio.sys
19:51:32.0375 2088 dmio - ok
19:51:32.0390 2088 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
19:51:32.0484 2088 dmload - ok
19:51:32.0531 2088 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
19:51:32.0593 2088 DMusic - ok
19:51:32.0609 2088 dpti2o - ok
19:51:32.0640 2088 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
19:51:32.0703 2088 drmkaud - ok
19:51:32.0734 2088 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
19:51:32.0812 2088 Fastfat - ok
19:51:32.0921 2088 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
19:51:33.0000 2088 Fdc - ok
19:51:33.0031 2088 Fips (e5e61f2c07344e91dbfb7eafde549ab4) C:\WINDOWS\system32\drivers\Fips.sys
19:51:33.0093 2088 Fips - ok
19:51:33.0109 2088 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
19:51:33.0171 2088 Flpydisk - ok
19:51:33.0187 2088 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
19:51:33.0265 2088 FltMgr - ok
19:51:33.0375 2088 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
19:51:33.0468 2088 Fs_Rec - ok
19:51:33.0484 2088 Ftdisk (cc5f3af5711a1c7c8fa1d43bb16b401a) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
19:51:33.0578 2088 Ftdisk - ok
19:51:33.0609 2088 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
19:51:33.0609 2088 GEARAspiWDM - ok
19:51:33.0656 2088 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
19:51:33.0734 2088 Gpc - ok
19:51:33.0812 2088 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
19:51:33.0890 2088 HDAudBus - ok
19:51:33.0921 2088 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
19:51:34.0000 2088 HidUsb - ok
19:51:34.0046 2088 HPFXBULK (e4e0b356a8756066cf89080d9da69f22) C:\WINDOWS\system32\drivers\hpfxbulk.sys
19:51:34.0078 2088 HPFXBULK - ok
19:51:34.0156 2088 hpn - ok
19:51:34.0218 2088 HTTP (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys
19:51:34.0265 2088 HTTP - ok
19:51:34.0281 2088 i2omgmt - ok
19:51:34.0296 2088 i2omp - ok
19:51:34.0312 2088 i8042prt (4a2490a66e8271901e89dd5fb79748ae) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
19:51:34.0390 2088 i8042prt - ok
19:51:34.0406 2088 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
19:51:34.0500 2088 Imapi - ok
19:51:34.0515 2088 ini910u - ok
19:51:34.0703 2088 IntcAzAudAddService (19d3781892a3794672cd1962f3d8d3b8) C:\WINDOWS\system32\drivers\RtkHDAud.sys
19:51:34.0921 2088 IntcAzAudAddService - ok
19:51:35.0000 2088 IntelIde - ok
19:51:35.0015 2088 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
19:51:35.0093 2088 Ip6Fw - ok
19:51:35.0140 2088 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
19:51:35.0234 2088 IpFilterDriver - ok
19:51:35.0250 2088 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
19:51:35.0312 2088 IpInIp - ok
19:51:35.0328 2088 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
19:51:35.0406 2088 IpNat - ok
19:51:35.0593 2088 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
19:51:35.0671 2088 IPSec - ok
19:51:35.0703 2088 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
19:51:35.0781 2088 IRENUM - ok
19:51:35.0796 2088 isapnp (0f3d281b0410fe5d482aada37d20524b) C:\WINDOWS\system32\DRIVERS\isapnp.sys
19:51:35.0859 2088 isapnp - ok
19:51:35.0906 2088 Kbdclass (188ddd286bc0daea6984858c6a4d7bbf) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
19:51:35.0984 2088 Kbdclass - ok
19:51:36.0062 2088 kbdhid (72efebecf76eb1dccc5ba9ea746d90e8) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
19:51:36.0140 2088 kbdhid - ok
19:51:36.0171 2088 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
19:51:36.0250 2088 kmixer - ok
19:51:36.0296 2088 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
19:51:36.0328 2088 KSecDD - ok
19:51:36.0375 2088 lbrtfdc - ok
19:51:36.0406 2088 lirsgt (f8a7212d0864ef5e9185fb95e6623f4d) C:\WINDOWS\system32\DRIVERS\lirsgt.sys
19:51:36.0406 2088 lirsgt - ok
19:51:36.0453 2088 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys
19:51:36.0453 2088 MBAMProtector - ok
19:51:36.0484 2088 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
19:51:36.0578 2088 mnmdd - ok
19:51:36.0656 2088 Modem (9024556e739b8469d2b8f5f0e4c9bc9f) C:\WINDOWS\system32\drivers\Modem.sys
19:51:36.0718 2088 Modem - ok
19:51:36.0828 2088 monfilt (9fa7207d1b1adead88ae8eed9cdbbaa5) C:\WINDOWS\system32\drivers\monfilt.sys
19:51:36.0906 2088 monfilt - ok
19:51:36.0968 2088 Mouclass (6fd36b4994a2363659a65c9f970cfdb7) C:\WINDOWS\system32\DRIVERS\mouclass.sys
19:51:37.0046 2088 Mouclass - ok
19:51:37.0109 2088 mouhid (8ee532e516b2d23d686cfc1cc0a15c25) C:\WINDOWS\system32\DRIVERS\mouhid.sys
19:51:37.0203 2088 mouhid - ok
19:51:37.0234 2088 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
19:51:37.0296 2088 MountMgr - ok
19:51:37.0328 2088 mraid35x - ok
19:51:37.0343 2088 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
19:51:37.0421 2088 MRxDAV - ok
19:51:37.0468 2088 MRxSmb (60ae98742484e7ab80c3c1450e708148) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
19:51:37.0515 2088 MRxSmb - ok
19:51:37.0609 2088 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
19:51:37.0687 2088 Msfs - ok
19:51:37.0703 2088 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
19:51:37.0765 2088 MSKSSRV - ok
19:51:37.0796 2088 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
19:51:37.0875 2088 MSPCLOCK - ok
19:51:37.0906 2088 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
19:51:37.0968 2088 MSPQM - ok
19:51:38.0000 2088 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
19:51:38.0078 2088 mssmbios - ok
19:51:38.0140 2088 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
19:51:38.0203 2088 Mup - ok
19:51:38.0234 2088 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
19:51:38.0281 2088 NDIS - ok
19:51:38.0312 2088 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
19:51:38.0390 2088 NdisTapi - ok
19:51:38.0421 2088 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
19:51:38.0500 2088 Ndisuio - ok
19:51:38.0578 2088 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
19:51:38.0656 2088 NdisWan - ok
19:51:38.0687 2088 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
19:51:38.0734 2088 NDProxy - ok
19:51:38.0765 2088 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
19:51:38.0843 2088 NetBIOS - ok
19:51:38.0875 2088 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
19:51:38.0937 2088 NetBT - ok
19:51:39.0046 2088 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
19:51:39.0109 2088 Npfs - ok
19:51:39.0156 2088 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
19:51:39.0234 2088 Ntfs - ok
19:51:39.0265 2088 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
19:51:39.0359 2088 Null - ok
19:51:39.0593 2088 nv (02e3a5cf6de77dba144550fd1c4a4cd9) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
19:51:39.0812 2088 nv - ok
19:51:39.0906 2088 NVENETFD (70217a23470f4bb4c8fb4abe06813081) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
19:51:39.0937 2088 NVENETFD - ok
19:51:39.0953 2088 nvgts (ea98bfe4931bd13d747d647c1859796e) C:\WINDOWS\system32\DRIVERS\nvgts.sys
19:51:39.0968 2088 nvgts - ok
19:51:39.0984 2088 nvnetbus (be8513730653384939a4d2d977c81027) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
19:51:39.0984 2088 nvnetbus - ok
19:51:40.0015 2088 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
19:51:40.0109 2088 NwlnkFlt - ok
19:51:40.0203 2088 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
19:51:40.0265 2088 NwlnkFwd - ok
19:51:40.0296 2088 Parport (e7855cbd8bd1fda085a3f92cff7906e2) C:\WINDOWS\system32\DRIVERS\parport.sys
19:51:40.0375 2088 Parport - ok
19:51:40.0375 2088 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
19:51:40.0437 2088 PartMgr - ok
19:51:40.0468 2088 ParVdm (fad44d704ecd7d39ad01415b8bb34204) C:\WINDOWS\system32\drivers\ParVdm.sys
19:51:40.0562 2088 ParVdm - ok
19:51:40.0578 2088 PCI (f11bc84ae6c7b003b5e0c8eeb4a1f444) C:\WINDOWS\system32\DRIVERS\pci.sys
19:51:40.0656 2088 PCI - ok
19:51:40.0734 2088 PCIDump - ok
19:51:40.0765 2088 PCIIde (33d63f0a9021acb4d75d83b646b93a30) C:\WINDOWS\system32\DRIVERS\pciide.sys
19:51:40.0859 2088 PCIIde - ok
19:51:40.0906 2088 Pcmcia (f50c27cca56dc97b3a45e7f0059bd2ba) C:\WINDOWS\system32\drivers\Pcmcia.sys
19:51:40.0968 2088 Pcmcia - ok
19:51:40.0984 2088 PDCOMP - ok
19:51:40.0984 2088 PDFRAME - ok
19:51:41.0000 2088 PDRELI - ok
19:51:41.0015 2088 PDRFRAME - ok
19:51:41.0015 2088 perc2 - ok
19:51:41.0031 2088 perc2hib - ok
19:51:41.0078 2088 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
19:51:41.0140 2088 PptpMiniport - ok
19:51:41.0234 2088 Processor (d4d8634dfdae3eca83620ee4088f7aa9) C:\WINDOWS\system32\DRIVERS\processr.sys
19:51:41.0296 2088 Processor - ok
19:51:41.0312 2088 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
19:51:41.0375 2088 PSched - ok
19:51:41.0406 2088 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
19:51:41.0500 2088 Ptilink - ok
19:51:41.0546 2088 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
19:51:41.0546 2088 PxHelp20 - ok
19:51:41.0546 2088 ql1080 - ok
19:51:41.0562 2088 Ql10wnt - ok
19:51:41.0578 2088 ql12160 - ok
19:51:41.0578 2088 ql1240 - ok
19:51:41.0593 2088 ql1280 - ok
19:51:41.0609 2088 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
19:51:41.0687 2088 RasAcd - ok
19:51:41.0734 2088 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
19:51:41.0796 2088 Rasl2tp - ok
19:51:41.0906 2088 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
19:51:41.0984 2088 RasPppoe - ok
19:51:42.0031 2088 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
19:51:42.0109 2088 Raspti - ok
19:51:42.0140 2088 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
19:51:42.0218 2088 Rdbss - ok
19:51:42.0296 2088 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
19:51:42.0375 2088 RDPCDD - ok
19:51:42.0421 2088 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
19:51:42.0484 2088 rdpdr - ok
19:51:42.0515 2088 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
19:51:42.0593 2088 RDPWD - ok
19:51:42.0609 2088 redbook (20950948970a0ea329b4254052bcf093) C:\WINDOWS\system32\DRIVERS\redbook.sys
19:51:42.0671 2088 redbook - ok
19:51:42.0796 2088 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
19:51:42.0875 2088 Secdrv - ok
19:51:42.0890 2088 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
19:51:42.0968 2088 serenum - ok
19:51:43.0000 2088 Serial (f41b42b92ae9c1191858c3f80cc24a9c) C:\WINDOWS\system32\DRIVERS\serial.sys
19:51:43.0078 2088 Serial - ok
19:51:43.0171 2088 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
19:51:43.0234 2088 Sfloppy - ok
19:51:43.0250 2088 Simbad - ok
19:51:43.0265 2088 Sparrow - ok
19:51:43.0281 2088 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
19:51:43.0359 2088 splitter - ok
19:51:43.0406 2088 sptd (cdddec541bc3c96f91ecb48759673505) C:\WINDOWS\system32\Drivers\sptd.sys
19:51:43.0406 2088 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
19:51:43.0406 2088 sptd ( LockedFile.Multi.Generic ) - warning
19:51:43.0406 2088 sptd - detected LockedFile.Multi.Generic (1)
19:51:43.0484 2088 sr (ccb3065c3ee63a4515fe84af9e78d1dd) C:\WINDOWS\system32\DRIVERS\sr.sys
19:51:43.0562 2088 sr - ok
19:51:43.0625 2088 Srv (3bb03f2ba89d2be417206c373d2af17c) C:\WINDOWS\system32\DRIVERS\srv.sys
19:51:43.0656 2088 Srv - ok
19:51:43.0765 2088 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
19:51:43.0828 2088 swenum - ok
19:51:43.0859 2088 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
19:51:43.0937 2088 swmidi - ok
19:51:43.0953 2088 symc810 - ok
19:51:43.0968 2088 symc8xx - ok
19:51:43.0968 2088 sym_hi - ok
19:51:43.0984 2088 sym_u3 - ok
19:51:44.0015 2088 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
19:51:44.0078 2088 sysaudio - ok
19:51:44.0109 2088 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
19:51:44.0140 2088 Tcpip - ok
19:51:44.0281 2088 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
19:51:44.0359 2088 TDPIPE - ok
19:51:44.0390 2088 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
19:51:44.0468 2088 TDTCP - ok
19:51:44.0484 2088 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
19:51:44.0562 2088 TermDD - ok
19:51:44.0625 2088 TosIde - ok
19:51:44.0671 2088 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
19:51:44.0734 2088 Udfs - ok
19:51:44.0750 2088 ultra - ok
19:51:44.0796 2088 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
19:51:44.0859 2088 Update - ok
19:51:44.0890 2088 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
19:51:44.0968 2088 usbccgp - ok
19:51:45.0031 2088 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
19:51:45.0109 2088 usbehci - ok
19:51:45.0140 2088 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
19:51:45.0218 2088 usbhub - ok
19:51:45.0234 2088 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
19:51:45.0312 2088 usbohci - ok
19:51:45.0343 2088 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
19:51:45.0421 2088 usbprint - ok
19:51:45.0484 2088 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
19:51:45.0546 2088 usbstor - ok
19:51:45.0562 2088 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
19:51:45.0640 2088 VgaSave - ok
19:51:45.0718 2088 VIAHdAudAddService (242a8309b952f7ca9e220d3439955b0e) C:\WINDOWS\system32\drivers\viahduaa.sys
19:51:45.0750 2088 VIAHdAudAddService - ok
19:51:45.0843 2088 ViaIde - ok
19:51:45.0875 2088 VolSnap (c41ffdc191e6c832e2e53c967eae0a16) C:\WINDOWS\system32\drivers\VolSnap.sys
19:51:45.0953 2088 VolSnap - ok
19:51:45.0968 2088 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
19:51:46.0046 2088 Wanarp - ok
19:51:46.0062 2088 WDICA - ok
19:51:46.0093 2088 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
19:51:46.0156 2088 wdmaud - ok
19:51:46.0218 2088 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
19:51:46.0296 2088 WS2IFSL - ok
19:51:46.0421 2088 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
19:51:46.0437 2088 WudfPf - ok
19:51:46.0453 2088 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
19:51:46.0453 2088 WudfRd - ok
19:51:46.0484 2088 MBR (0x1B8) (4242ed2ee0db4e0a0925aa6400e1183f) \Device\Harddisk0\DR0
19:51:46.0625 2088 \Device\Harddisk0\DR0 - ok
19:51:46.0625 2088 Boot (0x1200) (a12cd82e49138d65a3fdb8754a0463c3) \Device\Harddisk0\DR0\Partition0
19:51:46.0625 2088 \Device\Harddisk0\DR0\Partition0 - ok
19:51:46.0640 2088 ============================================================
19:51:46.0640 2088 Scan finished
19:51:46.0640 2088 ============================================================
19:51:46.0750 2072 Detected object count: 1
19:51:46.0750 2072 Actual detected object count: 1
19:51:59.0562 2072 sptd ( LockedFile.Multi.Generic ) - skipped by user
19:51:59.0562 2072 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
19:52:43.0968 3804 Deinitialize success
6) OTL.txt
OTL logfile created on: 17/01/2012 19:57:53 - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Administrador\Escritorio
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C0A | Country: España | Language: ESN | Date Format: dd/MM/yyyy
2,00 Gb Total Physical Memory | 1,55 Gb Available Physical Memory | 77,70% Memory free
3,16 Gb Paging File | 2,94 Gb Available in Paging File | 93,06% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Archivos de programa
Drive C: | 76,69 Gb Total Space | 10,65 Gb Free Space | 13,89% Space Free | Partition Type: NTFS
Drive E: | 3,96 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name: ASROCKN68 | User Name: Administrador | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ========== PRC - C:\Documents and Settings\Administrador\Escritorio\OTL.exe (OldTimer Tools)
PRC - C:\Archivos de programa\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - c:\Archivos de programa\Archivos comunes\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
PRC - C:\Archivos de programa\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7DEBUG\mdm.exe (Microsoft Corporation)
========== Modules (No Company Name) ========== MOD - C:\Archivos de programa\Alwil Software\Avast5\defs\12011701\algo.dll ()
MOD - C:\Archivos de programa\WinRAR\RarExt.dll ()
========== Win32 Services (SafeList) ========== SRV - (RichVideo) Cyberlink RichVideo Service(CRVS) -- File not found
SRV - (CTAudSvcService) -- File not found
SRV - (MBAMService) -- C:\Archivos de programa\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Archivos de programa\Archivos comunes\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (Apple Mobile Device) -- C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (PSI_SVC_2) -- c:\Archivos de programa\Archivos comunes\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (avast! Web Scanner) -- C:\Archivos de programa\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
SRV - (avast! Mail Scanner) -- C:\Archivos de programa\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
SRV - (avast! Antivirus) -- C:\Archivos de programa\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
SRV - (NMIndexingService) -- C:\Archivos de programa\Archivos comunes\Nero\Lib\NMIndexingService.exe (Nero AG)
SRV - (Adobe Version Cue CS3) -- C:\Archivos de programa\Archivos comunes\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe (Adobe Systems Incorporated)
SRV - (odserv) -- C:\Archivos de programa\Archivos comunes\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose) -- C:\Archivos de programa\Archivos comunes\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (MDM) -- C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
========== Driver Services (SafeList) ========== DRV - (catchme) -- File not found
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (atksgt) -- C:\WINDOWS\system32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\WINDOWS\system32\drivers\lirsgt.sys ()
DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (ALWIL Software)
DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (ALWIL Software)
DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (ALWIL Software)
DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (ALWIL Software)
DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (ALWIL Software)
DRV - (VIAHdAudAddService) -- C:\WINDOWS\system32\drivers\viahduaa.sys (VIA Technologies, Inc.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (nvgts) -- C:\WINDOWS\system32\DRIVERS\nvgts.sys (NVIDIA Corporation)
DRV - (nvnetbus) -- C:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation)
DRV - (monfilt) -- C:\WINDOWS\system32\drivers\monfilt.sys (Creative Technology Ltd.)
DRV - (AmdPPM) -- C:\WINDOWS\system32\drivers\AmdPPM.sys (Advanced Micro Devices)
DRV - (HPFXBULK) -- C:\WINDOWS\system32\drivers\hpfxbulk.sys (Hewlett Packard)
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1801674531-484061587-839522115-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.com.ar/IE - HKU\S-1-5-21-1801674531-484061587-839522115-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = es
IE - HKU\S-1-5-21-1801674531-484061587-839522115-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP =
IE - HKU\S-1-5-21-1801674531-484061587-839522115-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Archivos de programa\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Archivos de programa\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Archivos de programa\Microsoft Silverlight\3.0.40624.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Archivos de programa\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Archivos de programa\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Archivos de programa\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\
[email protected]: C:\Archivos de programa\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\
[email protected] [2011/10/15 12:25:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\
[email protected]: C:\Archivos de programa\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\
[email protected] [2011/10/15 13:49:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\
[email protected]: C:\Archivos de programa\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\
[email protected] [2011/10/15 12:25:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Archivos de programa\Mozilla Firefox\components [2012/01/02 15:19:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Archivos de programa\Mozilla Firefox\plugins [2011/09/21 18:35:16 | 000,000,000 | ---D | M]
[2011/09/05 10:56:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrador\Datos de programa\Mozilla\Extensions
[2011/10/15 21:26:18 | 000,000,000 | ---D | M] (No name found) -- C:\Archivos de programa\Mozilla Firefox\extensions
[2011/10/15 12:17:06 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Archivos de programa\Mozilla Firefox\extensions\
[email protected]_bak
[2011/10/15 12:17:05 | 000,000,000 | ---D | M] (Supervisor Kaspersky de vínculos URL) -- C:\Archivos de programa\Mozilla Firefox\extensions\
[email protected]_bak
[2012/01/02 15:19:13 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Archivos de programa\mozilla firefox\components\browsercomps.dll
[2011/08/17 17:16:39 | 000,002,252 | ---- | M] () -- C:\Archivos de programa\mozilla firefox\searchplugins\bing.xml
[2011/08/17 17:16:39 | 000,001,143 | ---- | M] () -- C:\Archivos de programa\mozilla firefox\searchplugins\eBay-es.xml
[2012/01/02 15:19:13 | 000,002,040 | ---- | M] () -- C:\Archivos de programa\mozilla firefox\searchplugins\twitter.xml
[2011/08/17 17:16:39 | 000,001,178 | ---- | M] () -- C:\Archivos de programa\mozilla firefox\searchplugins\wikipedia-es.xml
[2011/08/17 17:16:39 | 000,001,102 | ---- | M] () -- C:\Archivos de programa\mozilla firefox\searchplugins\yahoo-es.xml
O1 HOSTS File: ([2012/01/17 19:46:58 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Archivos de programa\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Archivos de programa\Archivos comunes\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Windows Live Aplicación auxiliar de inicio de sesión) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Archivos de programa\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Archivos de programa\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Archivos de programa\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O3 - HKU\S-1-5-21-1801674531-484061587-839522115-500\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Archivos de programa\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Archivos de programa\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe_ID0EYTHM] C:\Archivos de programa\Archivos comunes\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast5] C:\Archivos de programa\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Archivos de programa\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [ToolBoxFX] C:\Archivos de programa\HP\ToolBoxFX\bin\HPTLBXFX.exe (HP)
O4 - HKU\S-1-5-21-1801674531-484061587-839522115-500..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Archivos de programa\Archivos comunes\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1801674531-484061587-839522115-500\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1801674531-484061587-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1801674531-484061587-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1801674531-484061587-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Append to existing PDF - C:\Archivos de programa\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Archivos de programa\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Archivos de programa\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Archivos de programa\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Archivos de programa\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Archivos de programa\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Archivos de programa\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Archivos de programa\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Sothink SWF Catcher - C:\Archivos de programa\Archivos comunes\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra Button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Archivos de programa\Archivos comunes\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra 'Tools' menuitem : Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Archivos de programa\Archivos comunes\SourceTec\SWF Catcher\InternetExplorer.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Archivos de programa\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700}
http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8CC51F53-12C6-479B-9CB3-41AAAA2BDEE0}: DhcpNameServer = 10.0.0.2
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - (C:\WINDOWS\system32\klogon.dll) - File not found
O24 - Desktop Components:0 (Mi página de inicio actual) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Microsoft\Wallpaper1.bmp
O29 - HKLM SecurityProviders - (AxhoccUbsugk.dll) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/10/20 17:02:31 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (aswBoot.exe /M:677200e34)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: CTAudSvcService - File not found
NetSvcs: WmdmPmSp - File not found
MsConfig - StartUpReg:
Adobe Reader Speed Launcher - hkey= - key= - C:\Archivos de programa\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg:
GrooveMonitor - hkey= - key= - C:\Archivos de programa\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
MsConfig - StartUpReg:
NeroFilterCheck - hkey= - key= - C:\Archivos de programa\Archivos comunes\Nero\Lib\NeroCheck.exe (Nero AG)
MsConfig - StartUpReg:
PDVD9LanguageShortcut - hkey= - key= - C:\Archivos de programa\CyberLink\PowerDVD9\Language\Language.exe (CyberLink Corp.)
MsConfig - StartUpReg:
QuickTime Task - hkey= - key= - C:\Archivos de programa\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg:
RemoteControl9 - hkey= - key= - C:\Archivos de programa\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
MsConfig - StartUpReg:
SunJavaUpdateSched - hkey= - key= - C:\Archivos de programa\Archivos comunes\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ========== [2012/01/17 19:33:39 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/01/17 19:25:25 | 000,138,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\afd.svs
[2012/01/17 19:21:09 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/01/17 19:21:09 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/01/17 19:21:09 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/01/17 19:21:09 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/01/17 19:21:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/01/17 19:21:00 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/01/17 19:20:57 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrador\Menú Inicio\Programas\Herramientas administrativas
[2012/01/17 19:13:48 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/01/17 19:10:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrador\Escritorio\RK_Quarantine
[2012/01/17 19:07:32 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrador\Recent
[2012/01/17 19:04:51 | 001,976,112 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Administrador\Escritorio\tdsskiller.exe
[2012/01/17 18:12:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrador\Escritorio\page__p__2108943_files
[2012/01/17 18:10:46 | 004,386,439 | R--- | C] (Swearware) -- C:\Documents and Settings\Administrador\Escritorio\ComboFix.exe
[2012/01/17 10:59:17 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrador\Escritorio\OTL.exe
[2012/01/17 10:18:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrador\Menú Inicio\Programas\CleanUp!
[2012/01/17 10:18:04 | 000,000,000 | ---D | C] -- C:\Archivos de programa\CleanUp!
[2012/01/17 01:17:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrador\Datos de programa\Malwarebytes
[2012/01/17 01:16:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menú Inicio\Programas\Malwarebytes' Anti-Malware
[2012/01/17 01:16:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Datos de programa\Malwarebytes
[2012/01/17 01:16:54 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/01/17 01:16:54 | 000,000,000 | ---D | C] -- C:\Archivos de programa\Malwarebytes' Anti-Malware
[2012/01/16 21:08:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2012/01/16 20:54:49 | 000,000,000 | ---D | C] -- C:\JFK_4X3LB_LATIN_AMERICA_SIDE_B
[2012/01/16 20:38:49 | 000,000,000 | ---D | C] -- C:\JFK_4X3_LB_LATIN_A
[2012/01/13 12:08:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrador\Datos de programa\FileZilla
[2012/01/11 18:27:31 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrador\IECompatCache
[2012/01/04 15:47:58 | 000,049,664 | ---- | C] (CamStudio Group) -- C:\WINDOWS\System32\CamCodec.dll
[2012/01/04 15:47:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menú Inicio\Programas\CamStudio
[2012/01/04 15:47:57 | 000,000,000 | ---D | C] -- C:\Archivos de programa\CamStudio 2.6b
[2011/12/27 16:34:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrador\Escritorio\BONDIS
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
========== Files - Modified Within 30 Days ========== [2012/01/17 19:46:58 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/01/17 19:39:24 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/01/17 19:33:45 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/01/17 19:29:46 | 000,212,641 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2012/01/17 19:24:09 | 000,000,000 | -HS- | M] () -- C:\WINDOWS\System32\dds_log_trash.cmd
[2012/01/17 19:05:15 | 001,976,112 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Administrador\Escritorio\tdsskiller.exe
[2012/01/17 18:12:04 | 000,181,974 | ---- | M] () -- C:\Documents and Settings\Administrador\Escritorio\page__p__2108943.htm
[2012/01/17 18:11:26 | 004,386,439 | R--- | M] (Swearware) -- C:\Documents and Settings\Administrador\Escritorio\ComboFix.exe
[2012/01/17 18:08:14 | 000,787,456 | ---- | M] () -- C:\Documents and Settings\Administrador\Escritorio\RogueKiller.exe
[2012/01/17 10:59:28 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrador\Escritorio\OTL.exe
[2012/01/17 01:16:55 | 000,000,840 | ---- | M] () -- C:\Documents and Settings\All Users\Escritorio\Malwarebytes Anti-Malware.lnk
[2012/01/17 01:15:07 | 000,065,645 | ---- | M] () -- C:\Documents and Settings\Administrador\Escritorio\¿Cómo eliminar un troyano - Foro de InfoSpyware.htm
[2012/01/16 21:51:59 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\alg.exe
[2012/01/15 10:58:26 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/01/13 12:59:01 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012/01/09 14:21:13 | 002,910,251 | ---- | M] () -- C:\Documents and Settings\Administrador\Escritorio\Walicki.JPG
[2011/12/20 08:18:04 | 001,881,952 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
========== Files Created - No Company Name ========== [2012/01/17 19:33:45 | 000,000,210 | ---- | C] () -- C:\Boot.bak
[2012/01/17 19:33:42 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/01/17 19:24:09 | 000,000,000 | -HS- | C] () -- C:\WINDOWS\System32\dds_log_trash.cmd
[2012/01/17 19:21:09 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/01/17 19:21:09 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/01/17 19:21:09 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/01/17 19:21:09 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/01/17 19:21:09 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/01/17 18:12:02 | 000,181,974 | ---- | C] () -- C:\Documents and Settings\Administrador\Escritorio\page__p__2108943.htm
[2012/01/17 18:08:11 | 000,787,456 | ---- | C] () -- C:\Documents and Settings\Administrador\Escritorio\RogueKiller.exe
[2012/01/17 01:16:55 | 000,000,840 | ---- | C] () -- C:\Documents and Settings\All Users\Escritorio\Malwarebytes Anti-Malware.lnk
[2012/01/17 01:15:07 | 000,065,645 | ---- | C] () -- C:\Documents and Settings\Administrador\Escritorio\¿Cómo eliminar un troyano - Foro de InfoSpyware.htm
[2012/01/09 14:21:12 | 002,910,251 | ---- | C] () -- C:\Documents and Settings\Administrador\Escritorio\Walicki.JPG
[2011/11/29 13:04:24 | 000,281,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2011/11/29 13:04:23 | 000,025,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2011/09/16 17:41:47 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/09/05 11:51:32 | 000,012,800 | ---- | C] () -- C:\Documents and Settings\Administrador\Configuración local\Datos de programa\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/09/05 10:35:54 | 000,000,142 | ---- | C] () -- C:\Documents and Settings\Administrador\Configuración local\Datos de programa\fusioncache.dat
[2011/09/02 19:18:32 | 000,000,378 | ---- | C] () -- C:\WINDOWS\hpbvspst.ini
[2011/09/02 19:18:21 | 000,001,275 | ---- | C] () -- C:\WINDOWS\hpbvnstp.ini
[2011/09/02 19:13:13 | 000,093,956 | ---- | C] () -- C:\WINDOWS\hppins03.dat
[2011/09/02 19:13:13 | 000,001,822 | ---- | C] () -- C:\WINDOWS\hppmdl03.dat
[2011/08/11 00:49:04 | 000,000,034 | ---- | C] () -- C:\WINDOWS\System32\imon1.dat
[2011/08/03 19:26:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/08/02 17:48:13 | 002,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
[2011/08/02 17:22:15 | 004,161,944 | ---- | C] () -- C:\Documents and Settings\LocalService\Configuración local\Datos de programa\FontCache3.0.0.0.dat
[2011/01/14 14:41:23 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2011/01/14 14:40:28 | 000,000,012 | ---- | C] () -- C:\Documents and Settings\All Users\Datos de programa\ReminderNextRun
[2011/01/14 14:32:31 | 000,000,870 | ---- | C] () -- C:\WINDOWS\wincmd.ini
[2009/10/20 19:47:54 | 000,000,231 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2009/10/20 19:45:18 | 000,000,379 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/10/20 19:41:06 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/10/20 19:41:06 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2009/10/20 19:41:04 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2009/10/20 19:41:04 | 000,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/10/20 19:41:04 | 000,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/10/20 19:41:03 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/10/20 17:09:02 | 000,003,948 | R--- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin
[2009/10/20 17:08:06 | 000,005,417 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2009/10/20 17:08:05 | 000,010,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2009/10/20 17:04:08 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/10/20 17:00:29 | 000,021,900 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/10/20 12:53:45 | 000,004,205 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/10/20 12:52:55 | 001,881,952 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/04/13 21:03:00 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2009/04/13 21:03:00 | 001,657,376 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2009/04/13 21:03:00 | 001,503,232 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2009/04/13 21:03:00 | 001,346,080 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2009/04/13 21:03:00 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2009/04/13 21:03:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2009/04/13 21:03:00 | 000,449,056 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2009/04/13 21:03:00 | 000,436,768 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2005/12/01 08:33:55 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\hppapr02.DLL
[2005/09/07 07:34:50 | 000,000,526 | ---- | C] () -- C:\WINDOWS\System32\hppapr02.DAT
[2004/08/20 09:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/20 09:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/20 09:00:00 | 000,508,270 | ---- | C] () -- C:\WINDOWS\System32\perfh00A.dat
[2004/08/20 09:00:00 | 000,443,724 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/20 09:00:00 | 000,317,534 | ---- | C] () -- C:\WINDOWS\System32\perfi00A.dat
[2004/08/20 09:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/20 09:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/20 09:00:00 | 000,091,854 | ---- | C] () -- C:\WINDOWS\System32\perfc00A.dat
[2004/08/20 09:00:00 | 000,071,982 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/20 09:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/20 09:00:00 | 000,036,284 | ---- | C] () -- C:\WINDOWS\System32\perfd00A.dat
[2004/08/20 09:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/20 09:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/20 09:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/20 09:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/20 09:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2001/07/06 16:30:02 | 000,003,269 | ---- | C] () -- C:\WINDOWS\System32\HPTCPMON.INI
========== LOP Check ========== [2011/09/07 10:29:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Datos de programa\DAEMON Tools Lite
[2012/01/13 16:22:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Datos de programa\FileZilla
[2011/10/24 12:57:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Datos de programa\MAXON
[2011/11/29 13:08:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Datos de programa\Ubisoft
[2011/10/24 15:44:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\Alwil Software
[2011/08/27 20:58:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\DAEMON Tools Lite
[2011/10/24 15:39:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\G DATA
[2011/11/29 13:05:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\Tages
[2011/08/03 22:07:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/09/03 15:50:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Usuario\Datos de programa\BitComet
[2011/08/27 21:02:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Usuario\Datos de programa\DAEMON Tools Lite
[2011/08/04 17:32:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Usuario\Datos de programa\MAXON
========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.exe > < MD5 for: EXPLORER.EXE >[2008/04/13 23:18:57 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=7522F548A84ABAD8FA516DE5AB3931EF -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008/04/13 23:18:57 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=7522F548A84ABAD8FA516DE5AB3931EF -- C:\WINDOWS\explorer.exe
[2008/04/13 23:18:57 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=7522F548A84ABAD8FA516DE5AB3931EF -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2004/08/20 09:00:00 | 001,034,752 | ---- | M] (Microsoft Corporation) MD5=89C8DD146CEAF482D82822766437D93F -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
< MD5 for: SVCHOST.EXE >[2008/04/13 23:19:12 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=4F2340F0BD5B6365C38E74DD391919A8 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2008/04/13 23:19:12 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=4F2340F0BD5B6365C38E74DD391919A8 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/13 23:19:12 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=4F2340F0BD5B6365C38E74DD391919A8 -- C:\WINDOWS\system32\svchost.exe
[2011/12/24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Archivos de programa\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2004/08/20 09:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=FA03E1FC17F38FBDBA81470D08B3E416 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
< MD5 for: USERINIT.EXE >[2004/08/20 09:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=7B30B4D55B4562C733A5DDF6D6F72B3F -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/13 23:19:14 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=F5B8745B9A90EAF17E30C0574E049AA3 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008/04/13 23:19:14 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=F5B8745B9A90EAF17E30C0574E049AA3 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 23:19:14 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=F5B8745B9A90EAF17E30C0574E049AA3 -- C:\WINDOWS\system32\userinit.exe
< MD5 for: WINLOGON.EXE >[2008/04/13 23:19:15 | 000,510,976 | ---- | M] (Microsoft Corporation) MD5=213C80D912880BBF04453D09FFCCB28C -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2009/10/20 19:02:35 | 000,510,976 | ---- | M] (Microsoft Corporation) MD5=7147BBE51D9D5B8974FB4FD9E38BA18A -- C:\WINDOWS\system32\winlogon.exe
[2011/12/24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Archivos de programa\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/10/20 17:17:26 | 000,505,344 | ---- | M] (Microsoft Corporation) MD5=E870CE8ABA525F6A5263693C783F5906 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
< %systemroot%\*. /mp /s > < hklm\software\clients\startmenuinternet|command /rs >HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Archivos de programa\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/01/02 15:19:11 | 000,716,408 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Archivos de programa\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/01/02 15:19:11 | 000,716,408 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Archivos de programa\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/01/02 15:19:11 | 000,716,408 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Archivos de programa\Mozilla Firefox\firefox.exe [2012/01/02 15:19:13 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Archivos de programa\Mozilla Firefox\firefox.exe" -preferences [2012/01/02 15:19:13 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Archivos de programa\Mozilla Firefox\firefox.exe" -safe-mode [2012/01/02 15:19:13 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2009/08/28 07:36:18 | 000,173,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2009/08/28 07:36:18 | 000,173,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2009/08/28 07:36:18 | 000,173,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Archivos de programa\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Archivos de programa\Internet Explorer\iexplore.exe" [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
< hklm\software\clients\startmenuinternet|command /64 /rs >HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Archivos de programa\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/01/02 15:19:11 | 000,716,408 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Archivos de programa\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/01/02 15:19:11 | 000,716,408 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Archivos de programa\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/01/02 15:19:11 | 000,716,408 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Archivos de programa\Mozilla Firefox\firefox.exe [2012/01/02 15:19:13 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Archivos de programa\Mozilla Firefox\firefox.exe" -preferences [2012/01/02 15:19:13 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Archivos de programa\Mozilla Firefox\firefox.exe" -safe-mode [2012/01/02 15:19:13 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2009/08/28 07:36:18 | 000,173,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2009/08/28 07:36:18 | 000,173,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2009/08/28 07:36:18 | 000,173,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Archivos de programa\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Archivos de programa\Internet Explorer\iexplore.exe" [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s >"Type" = 1
"Start" = 1
"ErrorControl" = 1
"Tag" = 6
"ImagePath" = system32\DRIVERS\netbt.sys -- [2008/04/13 16:21:00 | 000,162,816 | ---- | M] (Microsoft Corporation)
"DisplayName" = NetBios a través de Tcpip
"Group" = PNP_TDI
"DependOnService" = Tcpip [binary data]
"DependOnGroup" = [binary data]
"Description" = NetBios a través de Tcpip
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Linkage]
"OtherDependencies" = Tcpip [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters]
"NbProvider" = _tcp
"NameServerPort" = 137
"CacheTimeout" = 600000
"BcastNameQueryCount" = 3
"BcastQueryTimeout" = 750
"NameSrvQueryCount" = 3
"NameSrvQueryTimeout" = 1500
"Size/Small/Medium/Large" = 1
"SessionKeepAlive" = 3600000
"TransportBindName" = \Device\
"EnableLMHOSTS" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{2A5773CB-7C04-43BE-B031-DC4B1764F3EF}]
"NameServerList" = [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{8CC51F53-12C6-479B-9CB3-41AAAA2BDEE0}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{8E3D1B4E-69EB-4DCF-9CC3-3CAE6EFF8F0F}]
"NameServerList" = [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Security]
"Security" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Enum]
"0" = Root\LEGACY_NETBT\0000
"Count" = 1
"NextInstance" = 1
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s >"Type" = 2
"Start" = 1
"ErrorControl" = 1
"Tag" = 1
"ImagePath" = system32\DRIVERS\netbios.sys -- [2008/04/13 15:56:02 | 000,034,688 | ---- | M] (Microsoft Corporation)
"DisplayName" = Interfaz de NetBIOS
"Group" = NetBIOSGroup
"Description" = Interfaz de NetBIOS
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Linkage]
"LanaMap" = 01 00 00 01 00 02 [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Parameters]
"MaxLana" = 2
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Parameters\Winsock]
"HelperDllName" = %SystemRoot%\System32\wshnetbs.dll -- [2004/08/20 09:00:00 | 000,007,168 | ---- | M] (Microsoft Corporation)
"MaxSockAddrLength" = 20
"MinSockAddrLength" = 20
"Mapping" = 02 00 00 00 03 00 00 00 11 00 00 00 05 00 00 00 00 00 00 00 11 00 00 00 02 00 00 00 00 00 00 00 [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Security]
"Security" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Enum]
"0" = Root\LEGACY_NETBIOS\0000
"Count" = 1
"NextInstance" = 1
< C:\Windows\assembly\tmp\U\*.* /s > < %Temp%\smtmp\1\*.* > < %Temp%\smtmp\2\*.* > < %Temp%\smtmp\3\*.* > < %Temp%\smtmp\4\*.* >< End of report >
7) Extras.txt
OTL Extras logfile created on: 17/01/2012 19:57:53 - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Administrador\Escritorio
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C0A | Country: España | Language: ESN | Date Format: dd/MM/yyyy
2,00 Gb Total Physical Memory | 1,55 Gb Available Physical Memory | 77,70% Memory free
3,16 Gb Paging File | 2,94 Gb Available in Paging File | 93,06% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Archivos de programa
Drive C: | 76,69 Gb Total Space | 10,65 Gb Free Space | 13,89% Space Free | Partition Type: NTFS
Drive E: | 3,96 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name: ASROCKN68 | User Name: Administrador | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_USERS\S-1-5-21-1801674531-484061587-839522115-500\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Archivos de programa\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Archivos de programa\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Archivos de programa\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Archivos de programa\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"3703:TCP" = 3703:TCP:*:Enabled:Adobe Version Cue CS3 Server
"3704:TCP" = 3704:TCP:*:Enabled:Adobe Version Cue CS3 Server
"50900:TCP" = 50900:TCP:*:Enabled:Adobe Version Cue CS3 Server
"50901:TCP" = 50901:TCP:*:Enabled:Adobe Version Cue CS3 Server
"9032:TCP" = 9032:TCP:*:Enabled:BitComet 9032 TCP
"9032:UDP" = 9032:UDP:*:Enabled:BitComet 9032 UDP
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"13687:TCP" = 13687:TCP:*:Enabled:BitComet 13687 TCP
"13687:UDP" = 13687:UDP:*:Enabled:BitComet 13687 UDP
========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Archivos de programa\Ares\Ares.exe" = C:\Archivos de programa\Ares\Ares.exe:*:Enabled:Ares p2p for windows -- (Ares Development Group)
"C:\Archivos de programa\Archivos comunes\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe" = C:\Archivos de programa\Archivos comunes\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:*:Enabled:Adobe Version Cue CS3 Server -- (Adobe Systems Incorporated)
"C:\Archivos de programa\Java\jre6\bin\javaw.exe" = C:\Archivos de programa\Java\jre6\bin\javaw.exe:*:Enabled:Java Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Archivos de programa\Ubisoft\Related Designs\ANNO 1404\Anno4.exe" = C:\Archivos de programa\Ubisoft\Related Designs\ANNO 1404\Anno4.exe:*:Enabled:ANNO 1404 -- ()
"C:\Archivos de programa\Ubisoft\Related Designs\ANNO 1404\tools\Anno4Web.exe" = C:\Archivos de programa\Ubisoft\Related Designs\ANNO 1404\tools\Anno4Web.exe:*:Enabled:Sitio web de ANNO 1404 -- ()
========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{44864C09-D493-4B07-BAD0-F65557A3C552}" = CorelDRAW Graphics Suite X5 - KPT Collection
"_{B6BFCD02-BA0E-41A9-9C9C-6624C4BB475F}" = Corel Graphics - Windows Shell Extension
"_{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}" = CorelDRAW® Graphics Suite X5
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3
"{0327FA9D-975C-448C-A086-577D57BB25B8}" = Adobe Soundbooth CS3 Codecs
"{049CAE8B-67B4-4C53-8B08-58331A41A4C0}" = hpzTLBXFX
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{09CF6AF5-9206-4FD7-9B08-BA6819FB47E3}" = Anno 1404
"{11A3D40A-6EF9-4E0E-BB34-E9F458C40601}" = hppIOFiles
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285}" = Adobe After Effects CS3 Presets
"{1D58229F-C505-45CA-8223-F35F3A34B963}" = Adobe Version Cue CS3 Server
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F73D672-6175-4A1D-B3C1-420439D03D0F}" = Product_SF_Full_QFolder
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Herramienta de carga de Windows Live
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23DD8A17-65DB-4D49-A2E0-164C6F460E3F}" = Adobe Photoshop Lightroom 3
"{24BEBF2E-73F3-4599-840B-EDC612CCDD0D}" = Destinations
"{24D9A3E0-D086-4B62-AF93-63CF6B05CB48}" = CorelDRAW Graphics Suite X5 - Custom Data
"{260ED378-2B8C-4831-ADAE-D0712D119AC5}" = CorelDRAW Graphics Suite X5 - VSTA
"{26945917-E053-45F6-AF98-309730CFC318}" = Visual Basic for Applications ® Core
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java 6 Update 24
"{299C0434-4F4E-341F-A916-4E07AEB35E79}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2B83A043-BA8C-4164-98AA-29529D0BE756}" = Windows Live Essentials
"{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}" = Adobe Flash Video Encoder
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3472C84E-2FD0-439F-B27F-C290C1E4CD8B}" = CorelDRAW Graphics Suite X5 - Filters
"{34F3FCF1-817B-4D61-B6AF-19D9486AFEA0}" = Unload
"{350C9C0A-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404
"{4041C245-7099-4C96-9738-5EBC23827B3C}" = BufferChm
"{414C803A-6115-4DB6-BD4E-FD81EA6BC71C}" = Product_SF_Min_QFolder
"{4458C442-7376-4CF9-AF58-E8CEA6722363}" = Adobe Setup
"{44864C09-D493-4B07-BAD0-F65557A3C552}" = CorelDRAW Graphics Suite X5 - KPT Collection
"{485ACF57-F364-440A-8496-E1E81C8FA1AA}" = Adobe Premiere Pro CS3 Third Party Content
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A28444E-0532-3264-B07D-5AFE590E30BE}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime Language Pack - ESN
"{4AA5A318-D35A-4CE7-8421-B52E1CAA8BE6}" = Visual Basic for Applications ® Core - Spanish
"{4BE53DB2-C1F2-44D1-A9AB-1630BA7F2AF1}" = SolutionCenter
"{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}" = Adobe Premiere Pro CS3 Functional Content
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{54B2EAD9-A110-43F7-B010-2859A1BD2AFE}" = Adobe Encore CS3
"{54B8F4A1-02B0-4D32-8F37-925526C0EEC6}" = CorelDRAW Graphics Suite X5 - Connect
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57400C1E-BC51-4ECE-AD2A-A6096204DDEC}" = CorelDRAW Graphics Suite X5 - VBA
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{58DCEEE5-532E-44F4-B1D7-A146EF9E9FDA}" = Adobe Premiere Pro CS3
"{59123CCF-FED2-46FF-9293-D1DC80042219}" = CorelDRAW Graphics Suite X5 - Redist
"{5C474A83-A45F-470C-9AC8-2BD1C251BF9A}" = Skype™ 4.2
"{5FCCD531-1B38-4A94-924C-127F722F1034}" = Nero 8
"{62978C1C-FE2E-4A4E-851D-3EB406C9EBC2}" = CorelDRAW Graphics Suite X5 - Draw
"{6441FECE-0E73-4326-81BF-68503E897820}" = CorePLS_Min_QFolder
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{68EE5C41-2F79-4F36-BE85-22A814F55AF7}" = CorelDRAW Graphics Suite X5 - ES
"{69E6C13B-CF6B-47A6-B7A5-77FE82B2CB40}" = hppFonts
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B52140A-F189-4945-BFFC-DB3F00B8C589}" = Adobe Flash CS3
"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
"{6B7E1C85-CAAB-42DD-9319-E785C2C19BB3}" = hppTLBXFX2605
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7593234B-2AEB-4FC9-B02D-C9B30D86084C}" = Windows Live Asistente para el inicio de sesión
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7ACFB90E-8FD0-4397-AD3A-5195412623A3}" = Adobe Help Viewer CS3
"{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}" = Adobe Dreamweaver CS3
"{7DFC1012-D346-46CE-B03E-FF79125AE029}" = Adobe Fireworks CS3
"{83169D43-4660-4347-BC95-E9D6E6BE65CE}" = Microsoft .NET Framework 1.1 Spanish Language Pack
"{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}" = Adobe Video Profiles
"{85AC0FFA-643D-3103-9310-7086ECB0C36C}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - ESN
"{8718DC03-D066-4957-94E5-50C3C5042E8E}" = Adobe Creative Suite 3 Master Collection
"{8924FD04-AFF1-4387-B08B-6A979485F2BD}" = Windows Live Call
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C0118CC-F720-45FF-A4DA-44AD77B2E73C}" = CorePLS_Full_QFolder
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90120000-0010-0C0A-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (Spanish) 12
"{90120000-0015-0C0A-0000-0000000FF1CE}" = Microsoft Office Access MUI (Spanish) 2007
"{90120000-0016-0C0A-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Spanish) 2007
"{90120000-0018-0C0A-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Spanish) 2007
"{90120000-0019-0C0A-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Spanish) 2007
"{90120000-001A-0C0A-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Spanish) 2007
"{90120000-001B-0C0A-0000-0000000FF1CE}" = Microsoft Office Word MUI (Spanish) 2007
"{90120000-001F-0403-0000-0000000FF1CE}" = Microsoft Office Proof (Catalan) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0416-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Brazil)) 2007
"{90120000-001F-042D-0000-0000000FF1CE}" = Microsoft Office Proof (Basque) 2007
"{90120000-001F-0456-0000-0000000FF1CE}" = Microsoft Office Proof (Galician) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0C0A-0000-0000000FF1CE}" = Microsoft Office Proofing (Spanish) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0C0A-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Spanish) 2007
"{90120000-006E-0C0A-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Spanish) 2007
"{90120000-00A1-0C0A-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Spanish) 2007
"{90120000-00BA-0C0A-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Spanish) 2007
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{9244E956-5939-4B88-930C-0699D4AB2B95}" = CorelDRAW Graphics Suite X5 - WT
"{92E4A65F-7007-3357-A69A-167F71A337BD}" = Microsoft .NET Framework 3.5 Language Pack SP1 - esn
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0C0A-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{953D4586-9A16-495E-BA1F-EE5AA66604DB}" = Windows Live Sync
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{983F7145-CABF-4EDD-9F3D-E06B2F024BD3}" = CorelDRAW Graphics Suite X5 - FontNav
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9D08BA75-D917-43FD-A0C4-F81D27C61053}" = hppCLJ2605
"{A1B04B6B-25BB-48AD-8BD9-D31A86E89F3E}" = CorelDRAW Graphics Suite X5 - PHOTO-PAINT
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A6B23EFA-6590-482C-A11F-5ACE1B91F5B9}" = Adobe Soundbooth CS3
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-1033-0000-7760-000000000003}" = Adobe Acrobat 8 Professional
"{AC76BA86-7AD7-1034-7B44-A90000000001}" = Adobe Reader 9 - Español
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B399C91E-96F2-4265-9884-1C9A10E9FCF4}" = CorelDRAW Graphics Suite X5
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3
"{B6BFCD02-BA0E-41A9-9C9C-6624C4BB475F}" = Corel Graphics - Windows Shell Extension
"{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}" = Adobe BridgeTalk Plugin CS3
"{B8B7A4D8-80E1-4DAE-BD33-7FD535BA3931}" = Adobe Encore CS3 Codecs
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BCDB856C-D247-4DEE-9132-89C02F4D6B8C}_is1" = Sothink SWF Decompiler
"{BDEDB104-4067-3D5E-81F0-DBEBFE856B45}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - ESN
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{BEC001F9-0451-4396-92D7-E1A4E7854BF3}" = Windows Live Mail
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C4156B59-DD7E-40DF-AF08-E568A27A6409}" = Windows Live Messenger
"{C53D0627-79E7-45A0-B37C-B92A7E40F122}" = hppManuals2605
"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3
"{C73CA646-73B3-4AEF-A136-C37505745174}" = iTunes
"{CA3861BA-1D96-4D66-B577-318E1602C4F3}" = CorelDRAW Graphics Suite X5 - Common
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB3F8375-B600-4B9F-83C9-238ED1E583FD}" = Adobe InDesign CS3
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}" = CorelDRAW Graphics Suite X5 - Setup Files
"{D03482C5-9AD8-496D-B388-692AE04C93AF}" = Bonjour
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D596EEA2-C6C8-45D3-89DF-FA2DBE99F829}" = Visual Basic for Applications ® Core - English
"{D5A31AB1-345D-47C7-A87B-036A669F6DF1}" = Adobe XMP Panels CS3
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{D642FF8D-438D-4545-A1D5-2EDB4BCAE3BA}" = CorelDRAW Graphics Suite X5 - Photozoom Plugin
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DE6CBC04-8673-4DBA-BA81-07F1639CEB5F}" = CorelDRAW Graphics Suite X5 - IPM
"{DEBB2986-15B0-4D28-95FA-5C966A396589}" = HPProductAssistant
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{EB0202F7-016A-410C-ADE4-40F848CCC661}" = Adobe After Effects CS3
"{EC2715CE-C182-483C-84CC-81D7D914CF14}" = WebReg
"{ECFDD6BD-E0C0-41CC-A171-E6D6AF4C0E93}" = HP Software Update
"{EDAE4F43-833C-443B-8DB5-129F897DF3E8}" = hppWebRegMM
"{EDB98D5A-A6FB-425C-BFB7-51A0924B762D}" = CorelDRAW Graphics Suite X5 - Capture
"{F08E8D2E-F132-4742-9C87-D5FF223A016A}" = Adobe Illustrator CS3
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FC9E08AA-CD59-4C59-BEF9-87E05B9E37D7}" = Adobe Contribute CS3
"{FD9C31B6-F572-414D-81E3-89368C97A125}_is1" = CamStudio OSS Desktop Recorder
"{FE4B83DE-85CF-4DE5-90CE-A2735A0E1F21}" = CorelDRAW Graphics Suite X5 - VideoBrowser
"1489-3350-5074-6281" = JDownloader 0.9
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_4dcfd9b7e901b57f81f667144603236" = Add or Remove Adobe Creative Suite 3 Master Collection
"Ares" = Ares 2.1.6
"BitComet" = BitComet 1.28
"BSPlayer1" = BSPlayer
"CCleaner" = CCleaner
"CDisplay_is1" = CDisplay 1.8
"CleanUp!" = CleanUp!
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink_is1" = DVD Shrink 3.2
"DVDFab 8 Qt_is1" = DVDFab 8.1.3.2 (31/10/2011) Qt
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Flame Painter_is1" = Flame Painter 1.2
"HFSExplorer" = HFSExplorer 0.21
"HP Color LaserJet 2605" = HP Color LaserJet 2605 Series 1.0
"HP Imaging Device Functions" = HP Imaging Device Functions 6.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center and Imaging Support Tools 6.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Administrador de dispositivos de plataforma
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.3.0 (Full) BETA
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware versión 1.60.0.1800
"MAXONA2CF2AFA" = CINEMA 4D 12.048
"Microsoft .NET Framework 3.5 Language Pack SP1 - esn" = Paquete de idioma de Microsoft .NET Framework 3.5 SP1 - esn
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 9.0.1 (x86 es-ES)" = Mozilla Firefox 9.0.1 (x86 es-ES)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NVIDIA Drivers" = NVIDIA Drivers
"Picasa 3" = Picasa 3
"RealAlt_is1" = Real Alternative 2.0.2
"Vector Magic" = Vector Magic
"WebCopier Pro" = WebCopier Pro
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Reproductor de Windows Media 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = Compresor WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
========== Last 10 Event Log Errors ========== [ Application Events ]
Error - 07/09/2011 20:11:14 | Computer Name = ASROCKN68 | Source = Protexis Licensing Service | ID = 49
Description = Failed to Release Mutex Error ID = Returned Error 1
Error - 07/09/2011 20:11:14 | Computer Name = ASROCKN68 | Source = Protexis Licensing Service | ID = 49
Description = Failed to Release Mutex Error ID = Returned Error 288
Error - 07/09/2011 20:11:14 | Computer Name = ASROCKN68 | Source = Protexis Licensing Service | ID = 49
Description = Failed to Release Mutex Error ID = Returned Error 1
Error - 08/09/2011 9:49:25 | Computer Name = ASROCKN68 | Source = Application Hang | ID = 1002
Description = Aplicación que no responde: msnmsgr.exe, versión 14.0.8117.416, módulo
que no responde hungapp, versión 0.0.0.0, dirección que no responde 0x00000000.
Error - 20/09/2011 15:52:48 | Computer Name = ASROCKN68 | Source = Application Hang | ID = 1002
Description = Aplicación que no responde: Illustrator.exe, versión 13.0.128.0, módulo
que no responde hungapp, versión 0.0.0.0, dirección que no responde 0x00000000.
Error - 21/09/2011 17:48:54 | Computer Name = ASROCKN68 | Source = Microsoft Office 12 | ID = 1000
Description = Faulting application winword.exe, version 12.0.4518.1014, stamp 45428028,
faulting module olconnector.dll, version 2.0.2313.0, stamp 491c07db, debug? 0,
fault address 0x0000fd57.
Error - 21/09/2011 17:49:11 | Computer Name = ASROCKN68 | Source = Microsoft Office 12 | ID = 2001
Description = Rejected Safe Mode action : Microsoft Office Word.
Error - 21/09/2011 17:49:14 | Computer Name = ASROCKN68 | Source = Microsoft Office 12 | ID = 1000
Description = Faulting application winword.exe, version 12.0.4518.1014, stamp 45428028,
faulting module olconnector.dll, version 2.0.2313.0, stamp 491c07db, debug? 0,
fault address 0x0000fd57.
Error - 23/09/2011 18:35:07 | Computer Name = ASROCKN68 | Source = Application Error | ID = 1000
Description = Aplicación con errores: photoshop.exe, versión: 10.0.0.0, módulo con
error: unknown, versión 0.0.0.0, dirección de error 0x65637275.
Error - 25/09/2011 18:36:18 | Computer Name = ASROCKN68 | Source = Application Error | ID = 1000
Description = Aplicación con errores: acrobat.exe, versión: 8.1.0.137, módulo con
error: icuuc34.dll, versión 3.4.0.0, dirección de error 0x0000eba3.
[ OSession Events ]
Error - 21/09/2011 17:48:52 | Computer Name = ASROCKN68 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 14
seconds with 0 seconds of active time. This session ended with a crash.
Error - 21/09/2011 17:49:14 | Computer Name = ASROCKN68 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 12
seconds with 0 seconds of active time. This session ended with a crash.
Error - 11/12/2011 15:14:30 | Computer Name = ASROCKN68 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 21
seconds with 0 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 17/01/2012 18:20:34 | Computer Name = ASROCKN68 | Source = Service Control Manager | ID = 7000
Description = El servicio Cyberlink RichVideo Service(CRVS) no pudo iniciarse debido
al siguiente error: %%3
Error - 17/01/2012 18:20:34 | Computer Name = ASROCKN68 | Source = Service Control Manager | ID = 7023
Description = El servicio Firewall de Windows/Conexión compartida a Internet (ICS)
terminó con el error: %%10050
Error - 17/01/2012 18:20:34 | Computer Name = ASROCKN68 | Source = Service Control Manager | ID = 7023
Description = El servicio Actualizaciones automáticas terminó con el error: %%2147952450
Error - 17/01/2012 18:20:34 | Computer Name = ASROCKN68 | Source = Service Control Manager | ID = 7003
Description = El servicio NLA (Network Location Awareness) depende del siguiente
servicio no existente: Afd
Error - 17/01/2012 18:26:59 | Computer Name = ASROCKN68 | Source = Service Control Manager | ID = 7023
Description = El servicio Hpci terminó con el error: %%126
Error - 17/01/2012 18:26:59 | Computer Name = ASROCKN68 | Source = Service Control Manager | ID = 7000
Description = El servicio Cyberlink RichVideo Service(CRVS) no pudo iniciarse debido
al siguiente error: %%3
Error - 17/01/2012 18:29:50 | Computer Name = ASROCKN68 | Source = Service Control Manager | ID = 7023
Description = El servicio Hpci terminó con el error: %%126
Error - 17/01/2012 18:29:50 | Computer Name = ASROCKN68 | Source = Service Control Manager | ID = 7000
Description = El servicio Cyberlink RichVideo Service(CRVS) no pudo iniciarse debido
al siguiente error: %%3
Error - 17/01/2012 18:39:30 | Computer Name = ASROCKN68 | Source = Service Control Manager | ID = 7023
Description = El servicio Hpci terminó con el error: %%126
Error - 17/01/2012 18:39:30 | Computer Name = ASROCKN68 | Source = Service Control Manager | ID = 7000
Description = El servicio Cyberlink RichVideo Service(CRVS) no pudo iniciarse debido
al siguiente error: %%3
< End of report >
The Menu items, desktop icons and files are in their normal places.
One thing I noticed is that the normal publicity banners of any site are still exchange with other "banners" that look like a virus (and all are the same basically, no matter the site).
Everything else seems to be working just fine.