Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Esta2.in , iesta, homitrlz.in open automatically as start window in Ch

Started by KatyRego , Mar 08 2012 06:05 PM

  • This topic is locked This topic is locked

#1
KatyRego
Posted 08 March 2012 - 06:05 PM

KatyRego

    New Member

  • Member
  • Pip
  • 7 posts
Dear Geeks,

First of all, my apologies for my English, I´m Spanish. And thank you beforehand for trying to help me.

When I open any browser the start windows are other pages that I don´t know.

- In Firefox is http://esta2.in/

- In Explorer is http://homitrlz.in/

- In Chrome it was one of those (I unistalled it, so I cannot check it now)

I could live with it (even though it´s quite annoying, but I am going to start my final research project and I would like to do the cleaning first).

I have tried to fix it by myself:

1. Changing settings of all browsers (start windows)
2. Uninstalling and installing them again.
3. Changin settings again.
4. Malwarebytes Anti-malware
5. Spybot Search & Destroy
6. Glary Utilities

The problem persists.

I was thinking about using OTL or something like that (Combofix?), but I am a bit afraid of doing it by myself. Could you help me? :rolleyes:

My computer has the following basic information:

- Windows 7 Starter
2009. Service Pack 1.

- System
ASUS
Eee PC
Intel® Atom™ CPU N450 @1.66GHz 1.67 GHz
RAM 1 GB
System 32 bits

- Name: Carlota-PC

Possible reasons to get infected:

- Downloading Aladdin for my niece. (I never download films in this small computer, so it had to be that one. Problems started after that) I think the website was http://www.peliculas...no-aladdin-1992 I know it sounds stupid :blush: .

- Dropbox (Dates match, but anything weird is happening)

- My Microsoft Office is "downloaded" or something like that. I installed it from a pen. I always use OpenOffice, but sometimes I have to use Word for work and sometimes it suddenly closes.(Anyway, I had it from before, so it shouldn´t be related).

- My facebook also started to act weird (I just can download the blue lines and few things more, but the info is not there. However, if I have a fast internet connection the problem disappears, so it might not be related).

Should I run OTL? Could you be so kind to help me?

Thank you very much!!!

Sincerely yours,

Carlota
  • 0

Advertisements

#2
KatyRego
Posted 08 March 2012 - 06:49 PM

KatyRego

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
CCleaner doesn´t work either.

The reinstalled Chrome was giving failure messages: "Chrome.exe-No hay disco. No hay disco en la unidad. Inserte un disco en la unidad\Device\Harddisk1\DR1" (Chrome.exe - There is no disk. There is no disk in the unit. Insert a disk in the unit\Device\Harddisk1\DR1)

Thank you again

Edited by KatyRego, 08 March 2012 - 07:01 PM.

  • 0

#3
Essexboy
Posted 09 March 2012 - 03:21 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there

Lets have a look at the system first

Download aswMBR.exe ( 4.1mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image

THEN

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    consrv.dll
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    C:\Windows\assembly\tmp\U\*.* /s
    %Temp%\smtmp\1\*.*
    %Temp%\smtmp\2\*.*
    %Temp%\smtmp\3\*.*
    %Temp%\smtmp\4\*.*
    Drives
    CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs

  • 0

#4
KatyRego
Posted 14 March 2012 - 12:43 PM

KatyRego

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Thank you Essexboy!!! And sorry for the late reply, I´ve been working with old paper books lately.


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-03-14 17:56:03
-----------------------------
17:56:03.168 OS Version: Windows 6.1.7601 Service Pack 1
17:56:03.169 Number of processors: 2 586 0x1C0A
17:56:03.184 ComputerName: CARLOTA-PC UserName: Carlota
17:57:02.925 Initialize success
17:58:58.335 AVAST engine defs: 12031400
18:24:28.386 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
18:24:28.402 Disk 0 Vendor: WDC_WD25 01.0 Size: 238475MB BusType: 3
18:24:28.433 Disk 0 MBR read successfully
18:24:28.448 Disk 0 MBR scan
18:24:28.558 Disk 0 Windows 7 default MBR code
18:24:28.573 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 102400 MB offset 2048
18:24:28.604 Disk 0 Partition 2 00 1B Hidd FAT32 MSDOS5.0 15360 MB offset 209717248
18:24:28.682 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 120694 MB offset 241174528
18:24:28.729 Disk 0 Partition 4 00 EF EFI FAT 20 MB offset 488355840
18:24:28.760 Disk 0 scanning sectors +488397168
18:24:29.369 Disk 0 scanning C:\windows\system32\drivers
18:24:56.934 Service scanning
18:26:13.749 Modules scanning
18:26:47.367 Disk 0 trace - called modules:
18:26:47.429 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll iaStor.sys
18:26:47.460 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84c53498]
18:26:47.491 3 CLASSPNP.SYS[86c6a59e] -> nt!IofCallDriver -> [0x84263900]
18:26:47.507 5 ACPI.sys[864c23d4] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x83e48028]
18:26:48.864 AVAST engine scan C:\windows
18:26:53.622 AVAST engine scan C:\windows\system32
18:33:34.668 AVAST engine scan C:\windows\system32\drivers
18:34:06.351 AVAST engine scan C:\Users\Carlota
18:35:44.366 File: C:\Users\Carlota\AppData\Roaming\13CE.exe **INFECTED** Win32:IRCBot-END [Trj]
18:35:44.491 File: C:\Users\Carlota\AppData\Roaming\1728.exe **INFECTED** Win32:VBCrypt-JL [Trj]
18:35:44.632 File: C:\Users\Carlota\AppData\Roaming\2210.exe **INFECTED** Win32:VBCrypt-ACM [Trj]
18:35:44.772 File: C:\Users\Carlota\AppData\Roaming\2378.exe **INFECTED** Win32:VBCrypt-WJ [Trj]
18:35:44.944 File: C:\Users\Carlota\AppData\Roaming\2D08.tmp **INFECTED** Win32:Crypt-LTT [Trj]
18:35:45.115 File: C:\Users\Carlota\AppData\Roaming\3AB7.tmp **INFECTED** Win32:IRCBot-END [Trj]
18:35:45.256 File: C:\Users\Carlota\AppData\Roaming\3BD4.exe **INFECTED** Win32:VBCrypt-NS [Trj]
18:35:45.412 File: C:\Users\Carlota\AppData\Roaming\3F1C.tmp **INFECTED** Win32:Crypt-LTT [Trj]
18:35:45.568 File: C:\Users\Carlota\AppData\Roaming\4105.tmp **INFECTED** Win32:VBCrypt-ACM [Trj]
18:35:45.724 File: C:\Users\Carlota\AppData\Roaming\4B14.exe **INFECTED** Win32:VBCrypt-NU [Trj]
18:35:45.895 File: C:\Users\Carlota\AppData\Roaming\4D17.exe **INFECTED** Win32:VBCrypt-QJ [Trj]
18:35:46.036 File: C:\Users\Carlota\AppData\Roaming\4D19.tmp **INFECTED** Win32:Crypt-LTT [Trj]
18:35:46.192 File: C:\Users\Carlota\AppData\Roaming\4FA6.exe **INFECTED** Win32:VBCrypt-NS [Trj]
18:35:46.332 File: C:\Users\Carlota\AppData\Roaming\4FC0.exe **INFECTED** Win32:Crypt-LTT [Trj]
18:35:46.504 File: C:\Users\Carlota\AppData\Roaming\535D.tmp **INFECTED** Win32:IRCBot-END [Trj]
18:35:46.660 File: C:\Users\Carlota\AppData\Roaming\5366.exe **INFECTED** Win32:VBCrypt-QJ [Trj]
18:35:46.784 File: C:\Users\Carlota\AppData\Roaming\64D.exe **INFECTED** Win32:VBCrypt-PH [Trj]
18:35:46.972 File: C:\Users\Carlota\AppData\Roaming\65A5.tmp **INFECTED** Win32:VBCrypt-ACT [Trj]
18:35:47.471 File: C:\Users\Carlota\AppData\Roaming\6622.exe **INFECTED** Win32:Crypt-LTT [Trj]
18:35:47.642 File: C:\Users\Carlota\AppData\Roaming\66AF.exe **INFECTED** Win32:VBCrypt-ACM [Trj]
18:35:47.814 File: C:\Users\Carlota\AppData\Roaming\7483.tmp **INFECTED** Win32:IRCBot-END [Trj]
18:35:48.095 File: C:\Users\Carlota\AppData\Roaming\878.exe **INFECTED** Win32:Trojan-gen
18:35:48.266 File: C:\Users\Carlota\AppData\Roaming\8B4E.exe **INFECTED** Win32:VBCrypt-ACT [Trj]
18:35:48.454 File: C:\Users\Carlota\AppData\Roaming\9923.tmp **INFECTED** Win32:IRCBot-END [Trj]
18:35:48.625 File: C:\Users\Carlota\AppData\Roaming\9C57.exe **INFECTED** Win32:VBCrypt-PC [Trj]
18:35:48.797 File: C:\Users\Carlota\AppData\Roaming\9E71.exe **INFECTED** Win32:IRCBot-END [Trj]
18:35:49.000 File: C:\Users\Carlota\AppData\Roaming\9F7A.exe **INFECTED** Win32:Trojan-gen
18:35:49.156 File: C:\Users\Carlota\AppData\Roaming\AB0E.exe **INFECTED** Win32:IRCBot-END [Trj]
18:35:49.343 File: C:\Users\Carlota\AppData\Roaming\AD7D.tmp **INFECTED** Win32:Crypt-LTT [Trj]
18:35:53.352 File: C:\Users\Carlota\AppData\Roaming\B5A7.tmp **INFECTED** Win32:IRCBot-END [Trj]
18:35:53.492 File: C:\Users\Carlota\AppData\Roaming\BD75.exe **INFECTED** Win32:Crypt-LTT [Trj]
18:35:53.664 File: C:\Users\Carlota\AppData\Roaming\C73C.exe **INFECTED** Win32:Crypt-LTT [Trj]
18:35:53.804 File: C:\Users\Carlota\AppData\Roaming\D1BF.exe **INFECTED** Win32:Crypt-LTT [Trj]
18:35:53.929 File: C:\Users\Carlota\AppData\Roaming\D633.exe **INFECTED** Win32:VBCrypt-LY [Trj]
18:35:55.271 File: C:\Users\Carlota\AppData\Roaming\E6B7.exe **INFECTED** Win32:IRCBot-END [Trj]
18:35:55.708 File: C:\Users\Carlota\AppData\Roaming\F9E8.exe **INFECTED** Win32:VBCrypt-JL [Trj]
18:37:27.732 AVAST engine scan C:\ProgramData
18:38:21.911 Scan finished successfully
18:44:10.494 Disk 0 MBR has been saved successfully to "C:\Users\Carlota\Desktop\MBR.dat"
18:44:10.525 The log file has been saved successfully to "C:\Users\Carlota\Desktop\aswMBR1.txt"



OTL:



OTL Extras logfile created on: 3/14/2012 7:10:01 PM - Run 1
OTL by OldTimer - Version 3.2.36.1 Folder = C:\Users\Carlota\Downloads
Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: España | Language: ESN | Date Format: dd/MM/yyyy

1014.18 Mb Total Physical Memory | 221.27 Mb Available Physical Memory | 21.82% Memory free
1.99 Gb Paging File | 0.89 Gb Available in Paging File | 44.86% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 100.00 Gb Total Space | 66.21 Gb Free Space | 66.21% Space Free | Partition Type: NTFS
Drive D: | 117.87 Gb Total Space | 40.27 Gb Free Space | 34.16% Space Free | Partition Type: NTFS

Computer Name: CARLOTA-PC | User Name: Carlota | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AutoUpdateDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP270_series" = Canon MP270 series MP Drivers
"{17780F99-A9DF-450B-81B3-6781B20A17A8}" = FontResizer
"{185AFA7A-F63E-450B-94AA-011CAC18090E}" = E-Cam
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java™ 6 Update 31
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
"{38E5A3B1-ADF1-47E0-8024-76310A30EB36}" = LiveUpdate
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B5092B6-F231-4D18-83BC-2618B729CA45}" = CapsHook
"{4B930AE3-61C6-4D02-A9D4-84F4ACBCEC25}" = OpenOffice.org 3.3
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate for Eee PC
"{6333FC29-BFE5-4024-AC78-958A1A7555D1}" = EeeSplendid
"{718D791F-F4E8-4aa7-98A6-15FDED17BDD0}" = Trend Micro Internet Security
"{71C0E38E-09F2-4386-9977-404D4F6640CD}" = Hotkey Service
"{859D40CF-8491-44AD-8FA8-7389CB418C64}" = 32 Bit HP CIO Components Installer
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{88F08F98-12BC-4613-81A2-8F9B88CFC73E}" = Super Hybrid Engine
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}" = Ralink RT2860 Wireless LAN Card
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0C0A-0000-0000000FF1CE}" = Microsoft Office Access MUI (Spanish) 2007
"{90120000-0015-0C0A-0000-0000000FF1CE}_PROPLUS_{D79E9128-A250-4155-BE90-2BE81DE0406A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0C0A-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Spanish) 2007
"{90120000-0016-0C0A-0000-0000000FF1CE}_PROPLUS_{D79E9128-A250-4155-BE90-2BE81DE0406A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0C0A-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Spanish) 2007
"{90120000-0018-0C0A-0000-0000000FF1CE}_PROPLUS_{D79E9128-A250-4155-BE90-2BE81DE0406A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0C0A-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Spanish) 2007
"{90120000-0019-0C0A-0000-0000000FF1CE}_PROPLUS_{D79E9128-A250-4155-BE90-2BE81DE0406A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0C0A-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Spanish) 2007
"{90120000-001A-0C0A-0000-0000000FF1CE}_PROPLUS_{D79E9128-A250-4155-BE90-2BE81DE0406A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0C0A-0000-0000000FF1CE}" = Microsoft Office Word MUI (Spanish) 2007
"{90120000-001B-0C0A-0000-0000000FF1CE}_PROPLUS_{D79E9128-A250-4155-BE90-2BE81DE0406A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0403-0000-0000000FF1CE}" = Microsoft Office Proof (Catalan) 2007
"{90120000-001F-0403-0000-0000000FF1CE}_PROPLUS_{BEADB115-DB47-4BD0-A9EC-AE585AFAB2D8}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0416-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Brazil)) 2007
"{90120000-001F-0416-0000-0000000FF1CE}_PROPLUS_{8A524694-0CA4-476A-9301-B1E9D70FC952}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-042D-0000-0000000FF1CE}" = Microsoft Office Proof (Basque) 2007
"{90120000-001F-042D-0000-0000000FF1CE}_PROPLUS_{017A6981-5E03-4A97-830A-35FE0927BB7F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0456-0000-0000000FF1CE}" = Microsoft Office Proof (Galician) 2007
"{90120000-001F-0456-0000-0000000FF1CE}_PROPLUS_{A3A03B41-14EA-4E50-97D8-FCF429AE0CCB}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0C0A-0000-0000000FF1CE}" = Microsoft Office Proofing (Spanish) 2007
"{90120000-0044-0C0A-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Spanish) 2007
"{90120000-0044-0C0A-0000-0000000FF1CE}_PROPLUS_{D79E9128-A250-4155-BE90-2BE81DE0406A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0C0A-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Spanish) 2007
"{90120000-006E-0C0A-0000-0000000FF1CE}_PROPLUS_{430AE3E6-E982-4958-90FC-1C062BC74E22}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{95B012AD-3A4A-31D7-9167-5D07D2A71F47}" = Microsoft .NET Framework 4 Client Profile ESN Language Pack
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D2B0322-44AE-460E-9283-4D2D7A9205AE}" = Trend Micro Internet Security
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.1 MUI
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240C1}" = WinZip 15.0
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D802DD00-16A8-4A58-AFC9-020C2380ECDA}" = EeeSplendid
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ASUS VIBE" = ASUS VIBE
"B41C7C96D83162A676DA7365ADEFD6C1AF62A4EE" = Windows Driver Package - Broadcom Bluetooth (07/17/2009 6.2.0.9403)
"B5C82F3814F82FB37F1513B3185399BD88892B08" = Windows Driver Package - Broadcom Bluetooth (07/29/2009 6.1.7100.0)
"BF20603967CFDCB2BBF91950E8A56DFBC5C833FE" = Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)
"CCleaner" = CCleaner
"DriverNavigator_is1" = DriverNavigator 1.5.3
"Eee Docking_is1" = Eee Docking 3.7.0
"Glary Utilities_is1" = Glary Utilities 2.43.0.1419
"Google Chrome" = Google Chrome
"HDMI" = Intel® Graphics Media Accelerator Driver
"HUAWEI DataCard Driver" = HUAWEI DataCard Driver 4.22.02.00
"InstallShield_{17780F99-A9DF-450B-81B3-6781B20A17A8}" = FontResizer
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware versión 1.60.1.1000
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile ESN Language Pack" = Paquete de idioma de Microsoft .NET Framework 4 Client Profile ESN
"movistarES" = Escritorio Movistar
"Mozilla Firefox 4.0.1 (x86 es-ES)" = Mozilla Firefox 4.0.1 (x86 es-ES)
"PROPLUS" = Microsoft Office Professional Plus 2007
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VLC media player 1.1.10

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/8/2012 11:39:03 AM | Computer Name = Carlota-PC | Source = SideBySide | ID = 16842785
Description = Error al generar el contexto de activación para "c:\program files\trend
micro\internet security\component\framework\200\UfNavi.exe". No se encontró el ensamblado
dependiente Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762".
Use
sxstrace.exe para obtener un diagnóstico detallado.

Error - 2/8/2012 11:39:03 AM | Computer Name = Carlota-PC | Source = SideBySide | ID = 16842785
Description = Error al generar el contexto de activación para "c:\program files\trend
micro\internet security\component\framework\200\UfUpdUi.exe". No se encontró el
ensamblado dependiente Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762".
Use
sxstrace.exe para obtener un diagnóstico detallado.

Error - 2/9/2012 10:15:12 AM | Computer Name = Carlota-PC | Source = Application Error | ID = 1000
Description = Nombre de la aplicación con errores: svchost.exe_RasMan, versión:
6.1.7600.16385, marca de tiempo: 0x4a5bc100 Nombre del módulo con errores: msvcrt.dll,
versión: 7.0.7600.16385, marca de tiempo: 0x4a5bda6f Código de excepción: 0xc0000005
Desplazamiento
de errores: 0x0000db79 Id. del proceso con errores: 0x3dc Hora de inicio de la aplicación
con errores: 0x01cce3f0c17ba730 Ruta de acceso de la aplicación con errores: C:\windows\system32\svchost.exe
Ruta
de acceso del módulo con errores: C:\windows\system32\msvcrt.dll Id. del informe:
7a7baf30-5328-11e1-9c35-bcaec5139627

Error - 2/20/2012 6:03:19 PM | Computer Name = Carlota-PC | Source = RasClient | ID = 20227
Description =

Error - 3/1/2012 10:38:33 AM | Computer Name = Carlota-PC | Source = SideBySide | ID = 16842815
Description = Error al generar el contexto de activación para "c:\Program Files\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Error en el archivo de manifiesto
o directiva "c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll"
en la línea 3. El valor "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
del atributo "version" del elemento "assemblyIdentity" no es válido.

Error - 3/1/2012 10:38:36 AM | Computer Name = Carlota-PC | Source = SideBySide | ID = 16842785
Description = Error al generar el contexto de activación para "c:\program files\Easeware\drivernavigator\amd64\dpinst.exe".
No
se encontró el ensamblado dependiente Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0".
Use
sxstrace.exe para obtener un diagnóstico detallado.

Error - 3/1/2012 12:45:41 PM | Computer Name = Carlota-PC | Source = Application Error | ID = 1000
Description = Nombre de la aplicación con errores: chrome.exe, versión: 17.0.963.56,
marca de tiempo: 0x4f3b1160 Nombre del módulo con errores: KERNELBASE.dll, versión:
6.1.7601.17651, marca de tiempo: 0x4e2111c0 Código de excepción: 0x80000003 Desplazamiento
de errores: 0x0000d36f Id. del proceso con errores: 0x11b8 Hora de inicio de la aplicación
con errores: 0x01ccf7bd808a3b16 Ruta de acceso de la aplicación con errores: C:\Users\Carlota\AppData\Local\Google\Chrome\Application\chrome.exe
Ruta
de acceso del módulo con errores: C:\windows\system32\KERNELBASE.dll Id. del informe:
fa99bac3-63bd-11e1-a6db-001e101f2500

Error - 3/1/2012 8:36:17 PM | Computer Name = Carlota-PC | Source = Application Error | ID = 1000
Description = Nombre de la aplicación con errores: chrome.exe, versión: 17.0.963.56,
marca de tiempo: 0x4f3b1160 Nombre del módulo con errores: chrome.dll, versión:
17.0.963.56, marca de tiempo: 0x4f3b1106 Código de excepción: 0xc0000005 Desplazamiento
de errores: 0x0001ba53 Id. del proceso con errores: 0x7b0 Hora de inicio de la aplicación
con errores: 0x01ccf80c762bc112 Ruta de acceso de la aplicación con errores: C:\Users\Carlota\AppData\Local\Google\Chrome\Application\chrome.exe
Ruta
de acceso del módulo con errores: C:\Users\Carlota\AppData\Local\Google\Chrome\Application\17.0.963.56\chrome.dll
Id.
del informe: b8f6cb80-63ff-11e1-a6db-001e101f2500

Error - 3/2/2012 7:19:06 AM | Computer Name = Carlota-PC | Source = SideBySide | ID = 16842815
Description = Error al generar el contexto de activación para "c:\Program Files\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Error en el archivo de manifiesto
o directiva "c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll"
en la línea 3. El valor "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
del atributo "version" del elemento "assemblyIdentity" no es válido.

Error - 3/2/2012 7:19:09 AM | Computer Name = Carlota-PC | Source = SideBySide | ID = 16842785
Description = Error al generar el contexto de activación para "c:\program files\Easeware\drivernavigator\amd64\dpinst.exe".
No
se encontró el ensamblado dependiente Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0".
Use
sxstrace.exe para obtener un diagnóstico detallado.

[ System Events ]
Error - 8/8/2011 2:21:21 PM | Computer Name = Carlota-PC | Source = Service Control Manager | ID = 7026
Description = El siguiente controlador de inicio del sistema o de inicio del arranque
no se cargó correctamente: cdrom

Error - 8/8/2011 4:26:48 PM | Computer Name = Carlota-PC | Source = DCOM | ID = 10010
Description =

Error - 8/10/2011 4:18:59 PM | Computer Name = Carlota-PC | Source = Service Control Manager | ID = 7011
Description = Se agotó el tiempo de espera (30000 ms) para la respuesta de transacción
del servicio ShellHWDetection.

Error - 8/11/2011 3:35:20 AM | Computer Name = Carlota-PC | Source = Service Control Manager | ID = 7009
Description = Se agotó el tiempo de espera (30000 ms) para la conexión con el servicio
Instalador de módulos de Windows.

Error - 8/11/2011 3:35:21 AM | Computer Name = Carlota-PC | Source = Service Control Manager | ID = 7000
Description = El servicio Instalador de módulos de Windows no pudo iniciarse debido
al siguiente error: %%1053

Error - 8/11/2011 3:35:27 AM | Computer Name = Carlota-PC | Source = DCOM | ID = 10005
Description =

Error - 8/11/2011 3:35:27 AM | Computer Name = Carlota-PC | Source = DCOM | ID = 10010
Description =

Error - 8/11/2011 7:35:59 AM | Computer Name = Carlota-PC | Source = Service Control Manager | ID = 7011
Description = Se agotó el tiempo de espera (30000 ms) para la respuesta de transacción
del servicio wscsvc.

Error - 8/11/2011 3:42:11 PM | Computer Name = Carlota-PC | Source = Service Control Manager | ID = 7011
Description = Se agotó el tiempo de espera (30000 ms) para la respuesta de transacción
del servicio ShellHWDetection.

Error - 8/12/2011 12:38:47 AM | Computer Name = Carlota-PC | Source = Service Control Manager | ID = 7011
Description = Se agotó el tiempo de espera (30000 ms) para la respuesta de transacción
del servicio WinDefend.


< End of report >


OTL logfile created on: 3/14/2012 7:10:01 PM - Run 1
OTL by OldTimer - Version 3.2.36.1 Folder = C:\Users\Carlota\Downloads
Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: España | Language: ESN | Date Format: dd/MM/yyyy

1014.18 Mb Total Physical Memory | 221.27 Mb Available Physical Memory | 21.82% Memory free
1.99 Gb Paging File | 0.89 Gb Available in Paging File | 44.86% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 100.00 Gb Total Space | 66.21 Gb Free Space | 66.21% Space Free | Partition Type: NTFS
Drive D: | 117.87 Gb Total Space | 40.27 Gb Free Space | 34.16% Space Free | Partition Type: NTFS

Computer Name: CARLOTA-PC | User Name: Carlota | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days

========== Processes (SafeList) ==========

PRC - [2012/03/14 17:34:46 | 000,055,808 | ---- | M] () -- C:\Users\Carlota\AppData\Roaming\7C11.exe
PRC - [2012/03/10 10:21:44 | 001,049,072 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2012/03/08 23:53:16 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Users\Carlota\Downloads\OTL.exe
PRC - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/01/13 14:53:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 13:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/10/09 09:51:48 | 000,736,040 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
PRC - [2010/09/29 14:08:58 | 000,200,624 | ---- | M] (Telefónica I+D) -- C:\Program Files\Movistar\Escritorio Movistar\ImpWiFiSvc.exe
PRC - [2010/06/09 22:26:34 | 000,412,600 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\SHE\SuperHybridEngine.exe
PRC - [2010/06/04 03:40:30 | 001,242,544 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\HotkeyService\HotkeyService.exe
PRC - [2010/05/29 00:41:36 | 000,445,344 | ---- | M] (ASUS) -- C:\Program Files\EeePC\CapsHook\CapsHook.exe
PRC - [2010/04/13 03:37:47 | 000,083,240 | ---- | M] (Synaptics Incorporated) -- C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe
PRC - [2010/02/23 11:47:04 | 001,024,368 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
PRC - [2010/01/29 19:18:52 | 000,751,592 | ---- | M] () -- C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe
PRC - [2010/01/15 13:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/09/11 19:41:02 | 000,100,328 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe
PRC - [2009/08/19 01:35:56 | 000,219,136 | ---- | M] () -- C:\Windows\System32\AsusService.exe
PRC - [2009/08/03 00:05:24 | 000,795,936 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2009/08/03 00:05:24 | 000,582,944 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
PRC - [2009/06/05 03:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/06/05 03:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
PRC - [2009/01/26 15:31:16 | 002,144,088 | RHS- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe


========== Modules (No Company Name) ==========

MOD - [2012/03/14 17:34:46 | 000,055,808 | ---- | M] () -- C:\Users\Carlota\AppData\Roaming\7C11.exe
MOD - [2009/08/03 00:05:40 | 000,132,384 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/10/09 09:51:48 | 000,736,040 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe -- (SfCtlCom)
SRV - [2010/09/29 14:08:58 | 000,200,624 | ---- | M] (Telefónica I+D) [Auto | Running] -- C:\Program Files\Movistar\Escritorio Movistar\ImpWiFiSvc.exe -- (TGCM_ImportWiFiSvc)
SRV - [2010/04/27 05:13:50 | 000,689,416 | ---- | M] (Trend Micro Inc.) [On_Demand | Stopped] -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe -- (TmProxy)
SRV - [2010/04/27 05:13:48 | 000,497,008 | ---- | M] (Trend Micro Inc.) [On_Demand | Stopped] -- C:\Program Files\Trend Micro\Internet Security\TmPfw.exe -- (TmPfw)
SRV - [2010/04/27 05:13:37 | 000,345,352 | ---- | M] (Trend Micro Inc.) [On_Demand | Stopped] -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe -- (TMBMServer)
SRV - [2010/01/15 13:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/08/19 01:35:56 | 000,219,136 | ---- | M] () [Auto | Running] -- C:\Windows\System32\AsusService.exe -- (AsusService)
SRV - [2009/08/03 00:05:24 | 000,582,944 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009/07/14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2009/06/05 03:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON) Intel®
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Unknown] -- -- (aswMBR)
DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/01/13 03:54:16 | 000,073,344 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV - [2010/12/24 04:48:26 | 000,193,792 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2010/12/23 02:46:46 | 000,353,280 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbwwan.sys -- (ewusbmbb)
DRV - [2010/11/20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/10/08 09:55:06 | 000,025,856 | ---- | M] (Huawei Tech. Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewdcsc.sys -- (Huawei)
DRV - [2010/07/30 18:29:10 | 000,249,424 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmxpflt.sys -- (tmxpflt)
DRV - [2010/07/30 18:29:00 | 000,036,432 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmpreflt.sys -- (tmpreflt)
DRV - [2010/07/30 18:06:08 | 001,331,512 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vsapint.sys -- (vsapint)
DRV - [2010/07/27 02:52:02 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV - [2010/07/19 19:03:10 | 000,059,472 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tmactmon.sys -- (tmactmon)
DRV - [2010/07/19 19:03:00 | 000,051,792 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tmevtmgr.sys -- (tmevtmgr)
DRV - [2010/07/19 19:02:54 | 000,163,408 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2010/06/10 14:14:32 | 000,011,520 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\AsUpIO.sys -- (AsUpIO)
DRV - [2010/04/27 05:13:37 | 000,089,872 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\tmtdi.sys -- (tmtdi)
DRV - [2010/04/27 05:13:36 | 000,283,152 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tmwfp.sys -- (tmwfp)
DRV - [2010/04/27 05:13:36 | 000,146,448 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tmlwf.sys -- (tmlwf)
DRV - [2010/04/13 03:39:17 | 000,051,712 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C) NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20)
DRV - [2010/04/13 03:36:46 | 000,043,944 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btusbflt.sys -- (btusbflt)
DRV - [2010/04/13 03:36:12 | 000,013,880 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\kbfiltr.sys -- (kbfiltr)
DRV - [2009/10/05 17:31:50 | 001,221,632 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/07/14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2007/10/12 02:00:44 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2007/10/12 01:56:22 | 000,490,776 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LV561AV.SYS -- (PID_0928) Logitech QuickCam Express(PID_0928)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://eeepc.asus.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homitrlz.in
IE - HKCU\..\SearchScopes,DefaultScope = {02D4E505-7C9D-4937-AF3E-5394EBA7D90B}
IE - HKCU\..\SearchScopes\{02D4E505-7C9D-4937-AF3E-5394EBA7D90B}: "URL" = http://www.google.co...q={searchTerms}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://homitrlz.in"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/06 19:02:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011/06/06 19:19:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Carlota\AppData\Roaming\mozilla\Extensions
[2012/03/07 12:56:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2012/03/07 12:56:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2011/04/14 17:43:44 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/01/01 09:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010/01/01 09:00:00 | 000,003,996 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\drae.xml
[2010/01/01 09:00:00 | 000,001,143 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-es.xml
[2010/01/01 09:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-es.xml
[2010/01/01 09:00:00 | 000,001,102 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-es.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Carlota\AppData\Local\Google\Chrome\Application\16.0.912.77\gcswf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U24 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Carlota\AppData\Local\Google\Chrome\Application\16.0.912.77\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Carlota\AppData\Local\Google\Chrome\Application\16.0.912.77\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Carlota\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Carlota\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\
CHR - Extension: B\u00FAsqueda de Google = C:\Users\Carlota\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\
CHR - Extension: MegaSkipper = C:\Users\Carlota\AppData\Local\Google\Chrome\User Data\Default\Extensions\phlpjnmkcepflfoglccifhajagahaglm\19.63_0\
CHR - Extension: Gmail = C:\Users\Carlota\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/06/10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [ASUSPRP] C:\Program Files\ASUS\APRP\APRP.EXE (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [CapsHook] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [Eee Docking] C:\Program Files\ASUS\Eee Docking\Eee Docking.exe ()
O4 - HKLM..\Run: [HotkeyMon] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [HotkeyService] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LiveUpdate] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SuperHybridEngine] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [SynAsusAcpi] C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated)
O4 - HKLM..\Run: [UfSeAgnt.exe] C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe (Trend Micro Inc.)
O4 - HKCU..\Run: [Rxlclt] C:\Users\Carlota\AppData\Roaming\Rxlclt.exe ()
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 87.216.1.65 87.216.1.66
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B52D6DBC-245F-489A-A446-C093FA09E1CB}: DhcpNameServer = 87.216.1.65 87.216.1.66
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{280786e7-c1eb-11e0-b63c-bcaec5139627}\Shell - "" = AutoRun
O33 - MountPoints2\{280786e7-c1eb-11e0-b63c-bcaec5139627}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{c3abe024-fc93-11e0-8f05-bcaec5139627}\Shell - "" = AutoRun
O33 - MountPoints2\{c3abe024-fc93-11e0-8f05-bcaec5139627}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{dbcedf2d-aad3-11e0-a7fc-bcaec5139627}\Shell - "" = AutoRun
O33 - MountPoints2\{dbcedf2d-aad3-11e0-a7fc-bcaec5139627}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 60 Days ==========

[2012/03/14 17:55:16 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Carlota\Desktop\aswMBR.exe
[2012/03/14 15:31:28 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\rdpcorekmts.dll
[2012/03/14 15:31:28 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\rdrmemptylst.exe
[2012/03/14 15:31:27 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\rdpwsx.dll
[2012/03/14 15:31:20 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\rdpcore.dll
[2012/03/09 02:05:16 | 000,000,000 | ---D | C] -- C:\Users\Carlota\Desktop\Limpiadores
[2012/03/09 01:47:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/03/09 01:16:32 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/03/09 01:13:27 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2012/03/08 23:27:52 | 000,000,000 | ---D | C] -- C:\Users\Carlota\AppData\Roaming\GlarySoft
[2012/03/08 23:14:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities
[2012/03/08 23:14:31 | 000,000,000 | ---D | C] -- C:\Program Files\Glary Utilities
[2012/03/08 21:46:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012/03/08 21:46:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/03/08 21:46:21 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2012/03/08 15:55:54 | 000,000,000 | ---D | C] -- C:\Users\Carlota\AppData\Roaming\Malwarebytes
[2012/03/08 15:55:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/03/08 15:55:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/03/08 15:55:30 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2012/03/08 15:55:30 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/03/07 13:09:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/03/07 12:56:44 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\System32\javaws.exe
[2012/03/07 12:56:44 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\System32\javaw.exe
[2012/03/07 12:56:44 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\System32\java.exe
[2012/03/07 12:56:07 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012/03/01 23:33:13 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieui.dll
[2012/03/01 23:33:13 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msrating.dll
[2012/03/01 23:33:13 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msls31.dll
[2012/03/01 23:33:13 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieakeng.dll
[2012/03/01 23:33:13 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\IEAdvpack.dll
[2012/03/01 23:33:13 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iesysprep.dll
[2012/03/01 23:33:13 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\SetIEInstalledDate.exe
[2012/03/01 23:33:13 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\RegisterIEPKEYs.exe
[2012/03/01 23:33:13 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jsproxy.dll
[2012/03/01 23:33:13 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mshtmler.dll
[2012/03/01 23:33:13 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeedsbs.dll
[2012/03/01 23:33:13 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeedssync.exe
[2012/03/01 23:33:12 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieapfltr.dat
[2012/03/01 23:33:12 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieapfltr.dll
[2012/03/01 23:33:12 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\html.iec
[2012/03/01 23:33:12 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dxtmsft.dll
[2012/03/01 23:33:12 | 000,353,584 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iedkcs32.dll
[2012/03/01 23:33:12 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\url.dll
[2012/03/01 23:33:12 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dxtrans.dll
[2012/03/01 23:33:12 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iesetup.dll
[2012/03/01 23:33:12 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ie4uinit.exe
[2012/03/01 23:33:12 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iernonce.dll
[2012/03/01 23:33:11 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\inetcpl.cpl
[2012/03/01 23:33:11 | 000,580,608 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeeds.dll
[2012/03/01 23:33:11 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wextract.exe
[2012/03/01 23:33:11 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iexpress.exe
[2012/03/01 23:33:11 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\inseng.dll
[2012/03/01 23:33:11 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\licmgr10.dll
[2012/03/01 23:33:09 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mshtml.tlb
[2012/03/01 23:33:09 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieaksie.dll
[2012/03/01 23:33:09 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieUnatt.exe
[2012/03/01 23:33:09 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\admparse.dll
[2012/03/01 23:33:09 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\pngfilt.dll
[2012/03/01 23:33:08 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieakui.dll
[2012/03/01 23:33:05 | 001,798,656 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jscript9.dll
[2012/03/01 23:33:05 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iepeers.dll
[2012/03/01 23:33:05 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\imgutil.dll
[2012/02/25 17:24:39 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\timedate.cpl
[2012/02/25 17:22:19 | 002,343,424 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\win32k.sys
[2012/02/25 10:39:17 | 000,000,000 | R--D | C] -- C:\Users\Carlota\Saved Games
[2012/02/20 22:49:38 | 000,000,000 | ---D | C] -- C:\windows\System32\SPReview
[2012/02/20 22:47:26 | 000,000,000 | ---D | C] -- C:\Users\Carlota\Documents\Bluetooth Exchange Folder
[2012/02/06 19:19:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2012/02/06 19:16:01 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
[2012/02/06 19:15:34 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2012/02/06 19:15:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2012/02/06 19:14:26 | 000,000,000 | ---D | C] -- C:\windows\PCHEALTH
[2012/02/06 19:11:18 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8
[2012/02/06 19:10:30 | 000,000,000 | ---D | C] -- C:\windows\SHELLNEW
[2012/02/06 19:10:14 | 000,000,000 | ---D | C] -- C:\Users\Carlota\AppData\Local\Microsoft Help
[2012/02/06 19:10:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2012/02/06 19:09:00 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2012/01/28 22:18:12 | 000,000,000 | ---D | C] -- C:\Oki Driver
[2012/01/28 21:53:03 | 000,000,000 | ---D | C] -- C:\OkiDriver
[2012/01/28 15:59:38 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\webio.dll
[2012/01/28 15:59:38 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\sspisrv.dll
[2012/01/24 18:48:34 | 000,000,000 | R--D | C] -- C:\Users\Carlota\Searches
[2012/01/22 13:14:26 | 000,000,000 | R--D | C] -- C:\Users\Carlota\Favorites
[2012/01/22 12:38:02 | 000,000,000 | ---D | C] -- C:\Users\Carlota\AppData\Local\SoftGrid Client
[2012/01/22 12:37:59 | 000,000,000 | ---D | C] -- C:\Users\Carlota\AppData\Roaming\SoftGrid Client
[2012/01/22 12:35:15 | 000,000,000 | ---D | C] -- C:\Users\Carlota\AppData\Roaming\TP
[2012/01/20 14:53:11 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\packager.dll
[2012/01/20 14:52:42 | 001,328,128 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\quartz.dll
[2012/01/20 14:52:41 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\qdvd.dll
[13 C:\Users\Carlota\AppData\Roaming\*.tmp files -> C:\Users\Carlota\AppData\Roaming\*.tmp -> ]

========== Files - Modified Within 60 Days ==========

[2012/03/14 18:44:10 | 000,000,512 | ---- | M] () -- C:\Users\Carlota\Desktop\MBR.dat
[2012/03/14 18:42:38 | 000,119,296 | ---- | M] () -- C:\Users\Carlota\AppData\Roaming\Rxlclt.exe
[2012/03/14 18:23:04 | 000,001,090 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/14 17:57:16 | 000,703,840 | ---- | M] () -- C:\windows\System32\perfh00A.dat
[2012/03/14 17:57:16 | 000,616,008 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2012/03/14 17:57:16 | 000,137,806 | ---- | M] () -- C:\windows\System32\perfc00A.dat
[2012/03/14 17:57:16 | 000,106,388 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2012/03/14 17:40:16 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Carlota\Desktop\aswMBR.exe
[2012/03/14 17:37:53 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/14 17:37:53 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/14 17:34:46 | 000,055,808 | ---- | M] () -- C:\Users\Carlota\AppData\Roaming\7C11.exe
[2012/03/14 17:30:49 | 000,000,316 | ---- | M] () -- C:\windows\tasks\GlaryInitialize.job
[2012/03/14 17:30:48 | 000,001,086 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/14 17:30:07 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/03/14 17:30:00 | 797,581,312 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/14 15:10:41 | 000,312,065 | ---- | M] () -- C:\Users\Carlota\Desktop\bolsas investigación.pdf
[2012/03/14 14:42:22 | 000,055,808 | ---- | M] () -- C:\Users\Carlota\AppData\Roaming\B24.exe
[2012/03/13 15:10:37 | 000,106,496 | ---- | M] () -- C:\Users\Carlota\AppData\Roaming\8B4E.exe
[2012/03/13 02:57:25 | 000,036,206 | ---- | M] () -- C:\Users\Carlota\Desktop\Weirdthing.jpg
[2012/03/13 02:06:46 | 000,106,496 | ---- | M] () -- C:\Users\Carlota\AppData\Roaming\2210.exe
[2012/03/12 17:31:45 | 000,106,496 | ---- | M] () -- C:\Users\Carlota\AppData\Roaming\66AF.exe
[2012/03/09 15:20:21 | 000,000,052 | ---- | M] () -- C:\Users\Carlota\Desktop\Xuventude.net.url
[2012/03/09 12:57:27 | 000,106,496 | ---- | M] () -- C:\Users\Carlota\AppData\Roaming\13CE.exe
[2012/03/08 21:36:45 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerCPLApp.cpl
[2012/03/08 21:33:00 | 000,106,496 | ---- | M] () -- C:\Users\Carlota\AppData\Roaming\9E71.exe
[2012/03/08 12:44:14 | 000,106,496 | ---- | M] () -- C:\Users\Carlota\AppData\Roaming\E6B7.exe
[2012/03/08 00:49:53 | 000,106,496 | ---- | M] () -- C:\Users\Carlota\AppData\Roaming\AB0E.exe
[2012/03/07 12:56:12 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\System32\deployJava1.dll
[2012/03/07 12:56:12 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\System32\javaws.exe
[2012/03/07 12:56:12 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\System32\javaw.exe
[2012/03/07 12:56:12 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\System32\java.exe
[2012/03/07 12:32:36 | 000,019,310 | ---- | M] () -- C:\Users\Carlota\AppData\Roaming\33CD.exe
[2012/03/06 21:14:06 | 000,055,808 | ---- | M] () -- C:\Users\Carlota\AppData\Roaming\C73C.exe
[2012/03/06 17:23:13 | 000,055,808 | ---- | M] () -- C:\Users\Carlota\AppData\Roaming\6622.exe
[2012/03/05 17:47:40 | 000,055,808 | ---- | M] () -- C:\Users\Carlota\AppData\Roaming\BD75.exe
[2012/03/04 15:11:51 | 000,000,073 | ---- | M] () -- C:\Users\Carlota\Desktop\VNU Servicio Voluntariado en Línea - Inicio.url
[2012/03/04 14:15:09 | 000,055,808 | ---- | M] () -- C:\Users\Carlota\AppData\Roaming\D1BF.exe
[2012/03/03 22:44:41 | 000,055,808 | ---- | M] () -- C:\Users\Carlota\AppData\Roaming\4FC0.exe
[2012/03/01 23:33:13 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\ieui.dll
[2012/03/01 23:33:13 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\msrating.dll
[2012/03/01 23:33:13 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\msls31.dll
[2012/03/01 23:33:13 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\ieakeng.dll
[2012/03/01 23:33:13 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\IEAdvpack.dll
[2012/03/01 23:33:13 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\iesysprep.dll
[2012/03/01 23:33:13 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\SetIEInstalledDate.exe
[2012/03/01 23:33:13 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\RegisterIEPKEYs.exe
[2012/03/01 23:33:13 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\jsproxy.dll
[2012/03/01 23:33:13 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\mshtmler.dll
[2012/03/01 23:33:13 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\msfeedsbs.dll
[2012/03/01 23:33:13 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\msfeedssync.exe
[2012/03/01 23:33:12 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\ieapfltr.dat
[2012/03/01 23:33:12 | 001,427,456 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\inetcpl.cpl
[2012/03/01 23:33:12 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\ieapfltr.dll
[2012/03/01 23:33:12 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\html.iec
[2012/03/01 23:33:12 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dxtmsft.dll
[2012/03/01 23:33:12 | 000,353,584 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\iedkcs32.dll
[2012/03/01 23:33:12 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\url.dll
[2012/03/01 23:33:12 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dxtrans.dll
[2012/03/01 23:33:12 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\iesetup.dll
[2012/03/01 23:33:12 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\ie4uinit.exe
[2012/03/01 23:33:12 | 000,072,822 | ---- | M] () -- C:\windows\System32\ieuinit.inf
[2012/03/01 23:33:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\iernonce.dll
[2012/03/01 23:33:11 | 000,580,608 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\msfeeds.dll
[2012/03/01 23:33:11 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\wextract.exe
[2012/03/01 23:33:11 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\iexpress.exe
[2012/03/01 23:33:11 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\inseng.dll
[2012/03/01 23:33:11 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\licmgr10.dll
[2012/03/01 23:33:10 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\mshtml.tlb
[2012/03/01 23:33:09 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\ieaksie.dll
[2012/03/01 23:33:09 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\ieakui.dll
[2012/03/01 23:33:09 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\ieUnatt.exe
[2012/03/01 23:33:09 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\admparse.dll
[2012/03/01 23:33:09 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\pngfilt.dll
[2012/03/01 23:33:08 | 001,798,656 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\jscript9.dll
[2012/03/01 23:33:05 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\iepeers.dll
[2012/03/01 23:33:05 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\imgutil.dll
[2012/03/01 11:14:47 | 000,106,496 | ---- | M] () -- C:\Users\Carlota\AppData\Roaming\878.exe
[2012/03/01 10:57:43 | 000,428,752 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2012/03/01 00:48:15 | 000,000,123 | ---- | M] () -- C:\Users\Carlota\Desktop\Webinar Internet, herramienta útil para encontrar trabajo.url
[2012/02/29 23:06:12 | 000,045,601 | ---- | M] () -- C:\Users\Carlota\Desktop\comercio_internacional.pdf
[2012/02/29 22:55:00 | 000,106,496 | ---- | M] () -- C:\Users\Carlota\AppData\Roaming\9F7A.exe
[2012/02/25 16:56:30 | 000,106,496 | ---- | M] () -- C:\Users\Carlota\AppData\Roaming\2378.exe
[2012/02/23 09:18:36 | 000,237,072 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\MpSigStub.exe
[2012/02/20 23:33:31 | 000,152,576 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\msclmd.dll
[2012/02/17 06:34:22 | 000,826,880 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\rdpcore.dll
[2012/02/09 12:12:31 | 000,086,016 | ---- | M] () -- C:\Users\Carlota\AppData\Roaming\64D.exe
[2012/02/07 22:22:20 | 000,086,016 | ---- | M] () -- C:\Users\Carlota\AppData\Roaming\9C57.exe
[2012/02/06 22:38:42 | 000,086,016 | ---- | M] () -- C:\Users\Carlota\AppData\Roaming\3BD4.exe
[2012/02/06 14:21:48 | 000,086,016 | ---- | M] () -- C:\Users\Carlota\AppData\Roaming\4FA6.exe
[2012/02/05 13:37:09 | 000,844,546 | ---- | M] () -- C:\Users\Carlota\Documents\crisis.png
[2012/02/05 11:29:36 | 000,086,016 | ---- | M] () -- C:\Users\Carlota\AppData\Roaming\4B14.exe
[2012/02/04 11:39:47 | 000,086,016 | ---- | M] () -- C:\Users\Carlota\AppData\Roaming\4D17.exe
[2012/02/03 18:24:55 | 000,086,016 | ---- | M] () -- C:\Users\Carlota\AppData\Roaming\5366.exe
[2012/02/03 12:09:44 | 000,086,016 | ---- | M] () -- C:\Users\Carlota\AppData\Roaming\D633.exe
[2012/01/29 21:13:47 | 000,106,496 | ---- | M] () -- C:\Users\Carlota\AppData\Roaming\1728.exe
[2012/01/29 11:53:34 | 000,106,496 | ---- | M] () -- C:\Users\Carlota\AppData\Roaming\F9E8.exe
[2012/01/25 06:32:35 | 000,058,880 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\rdpwsx.dll
[2012/01/25 06:32:34 | 000,129,536 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\rdpcorekmts.dll
[2012/01/25 06:27:51 | 000,008,192 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\rdrmemptylst.exe
[13 C:\Users\Carlota\AppData\Roaming\*.tmp files -> C:\Users\Carlota\AppData\Roaming\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/03/14 18:44:10 | 000,000,512 | ---- | C] () -- C:\Users\Carlota\Desktop\MBR.dat
[2012/03/14 17:34:46 | 000,055,808 | ---- | C] () -- C:\Users\Carlota\AppData\Roaming\7C11.exe
[2012/03/14 17:34:43 | 000,119,296 | ---- | C] () -- C:\Users\Carlota\AppData\Roaming\Rxlclt.exe
[2012/03/14 15:10:27 | 000,312,065 | ---- | C] () -- C:\Users\Carlota\Desktop\bolsas investigación.pdf
[2012/03/14 14:42:22 | 000,055,808 | ---- | C] () -- C:\Users\Carlota\AppData\Roaming\B24.exe
[2012/03/13 15:10:37 | 000,106,496 | ---- | C] () -- C:\Users\Carlota\AppData\Roaming\8B4E.exe
[2012/03/13 02:55:47 | 000,036,206 | ---- | C] () -- C:\Users\Carlota\Desktop\Weirdthing.jpg
[2012/03/13 02:06:46 | 000,106,496 | ---- | C] () -- C:\Users\Carlota\AppData\Roaming\2210.exe
[2012/03/12 17:31:45 | 000,106,496 | ---- | C] () -- C:\Users\Carlota\AppData\Roaming\66AF.exe
[2012/03/09 15:20:21 | 000,000,052 | ---- | C] () -- C:\Users\Carlota\Desktop\Xuventude.net.url
[2012/03/09 12:57:27 | 000,106,496 | ---- | C] () -- C:\Users\Carlota\AppData\Roaming\13CE.exe
[2012/03/09 01:13:44 | 000,001,090 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/09 01:13:42 | 000,001,086 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/08 23:14:48 | 000,000,316 | ---- | C] () -- C:\windows\tasks\GlaryInitialize.job
[2012/03/08 21:33:00 | 000,106,496 | ---- | C] () -- C:\Users\Carlota\AppData\Roaming\9E71.exe
[2012/03/08 12:44:14 | 000,106,496 | ---- | C] () -- C:\Users\Carlota\AppData\Roaming\E6B7.exe
[2012/03/08 00:49:53 | 000,106,496 | ---- | C] () -- C:\Users\Carlota\AppData\Roaming\AB0E.exe
[2012/03/07 12:32:36 | 000,019,310 | ---- | C] () -- C:\Users\Carlota\AppData\Roaming\33CD.exe
[2012/03/06 21:14:06 | 000,055,808 | ---- | C] () -- C:\Users\Carlota\AppData\Roaming\C73C.exe
[2012/03/06 17:23:13 | 000,055,808 | ---- | C] () -- C:\Users\Carlota\AppData\Roaming\6622.exe
[2012/03/05 17:47:40 | 000,055,808 | ---- | C] () -- C:\Users\Carlota\AppData\Roaming\BD75.exe
[2012/03/04 15:11:51 | 000,000,073 | ---- | C] () -- C:\Users\Carlota\Desktop\VNU Servicio Voluntariado en Línea - Inicio.url
[2012/03/04 14:15:09 | 000,055,808 | ---- | C] () -- C:\Users\Carlota\AppData\Roaming\D1BF.exe
[2012/03/03 22:44:41 | 000,055,808 | ---- | C] () -- C:\Users\Carlota\AppData\Roaming\4FC0.exe
[2012/03/01 23:33:12 | 000,072,822 | ---- | C] () -- C:\windows\System32\ieuinit.inf
[2012/03/01 11:14:47 | 000,106,496 | ---- | C] () -- C:\Users\Carlota\AppData\Roaming\878.exe
[2012/03/01 00:48:15 | 000,000,123 | ---- | C] () -- C:\Users\Carlota\Desktop\Webinar Internet, herramienta útil para encontrar trabajo.url
[2012/02/29 23:06:28 | 000,045,601 | ---- | C] () -- C:\Users\Carlota\Desktop\comercio_internacional.pdf
[2012/02/29 22:55:00 | 000,106,496 | ---- | C] () -- C:\Users\Carlota\AppData\Roaming\9F7A.exe
[2012/02/25 16:56:30 | 000,106,496 | ---- | C] () -- C:\Users\Carlota\AppData\Roaming\2378.exe
[2012/02/09 12:12:31 | 000,086,016 | ---- | C] () -- C:\Users\Carlota\AppData\Roaming\64D.exe
[2012/02/07 22:22:20 | 000,086,016 | ---- | C] () -- C:\Users\Carlota\AppData\Roaming\9C57.exe
[2012/02/06 22:38:42 | 000,086,016 | ---- | C] () -- C:\Users\Carlota\AppData\Roaming\3BD4.exe
[2012/02/06 14:21:48 | 000,086,016 | ---- | C] () -- C:\Users\Carlota\AppData\Roaming\4FA6.exe
[2012/02/05 13:37:19 | 000,844,546 | ---- | C] () -- C:\Users\Carlota\Documents\crisis.png
[2012/02/05 11:29:36 | 000,086,016 | ---- | C] () -- C:\Users\Carlota\AppData\Roaming\4B14.exe
[2012/02/04 11:39:47 | 000,086,016 | ---- | C] () -- C:\Users\Carlota\AppData\Roaming\4D17.exe
[2012/02/03 18:24:55 | 000,086,016 | ---- | C] () -- C:\Users\Carlota\AppData\Roaming\5366.exe
[2012/02/03 12:09:44 | 000,086,016 | ---- | C] () -- C:\Users\Carlota\AppData\Roaming\D633.exe
[2012/01/29 21:13:47 | 000,106,496 | ---- | C] () -- C:\Users\Carlota\AppData\Roaming\1728.exe
[2012/01/29 11:53:34 | 000,106,496 | ---- | C] () -- C:\Users\Carlota\AppData\Roaming\F9E8.exe
[2011/03/09 13:29:42 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/03/09 13:16:36 | 000,000,117 | ---- | C] () -- C:\windows\TmPfw.ini
[2011/03/09 13:14:58 | 000,006,144 | ---- | C] () -- C:\windows\System32\drivers\ASUSHWIO.SYS
[2011/03/09 12:58:32 | 000,004,692 | ---- | C] () -- C:\windows\System32\drivers\SamSfPa.dat
[2011/03/09 12:58:32 | 000,000,008 | ---- | C] () -- C:\windows\System32\drivers\rtkhdaud.dat
[2010/06/24 21:36:05 | 000,129,472 | ---- | C] () -- C:\windows\TISReg.exe
[2010/06/24 21:16:02 | 000,219,136 | ---- | C] () -- C:\windows\System32\AsusService.exe
[2010/06/24 21:16:02 | 000,025,616 | ---- | C] () -- C:\windows\AsAcpiSvrLang.ini
[2010/06/24 21:14:21 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe
[2010/06/24 21:12:36 | 000,011,520 | ---- | C] () -- C:\windows\System32\drivers\AsUpIO.sys
[2010/06/24 21:07:33 | 000,013,931 | ---- | C] () -- C:\windows\System32\RaCoInst.dat
[2010/04/13 03:36:12 | 000,013,880 | ---- | C] ( ) -- C:\windows\System32\drivers\kbfiltr.sys

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2011/02/26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009/07/14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011/02/26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009/10/31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011/02/26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010/11/20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009/08/03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009/08/03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009/10/31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe

< MD5 for: SVCHOST.EXE >
[2009/07/14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009/07/14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2012/01/13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010/11/20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/10/28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009/10/28 06:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2012/01/13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010/11/20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010/11/20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009/07/14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe

< C:\Windows\assembly\tmp\U\*.* /s >

< %Temp%\smtmp\1\*.* >

< %Temp%\smtmp\2\*.* >

< %Temp%\smtmp\3\*.* >

< %Temp%\smtmp\4\*.* >


========== Drive Information ==========
Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media

DeviceID: Disk #0, Partition #0
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 100.00GB
Starting Offset: 1048576
Hidden sectors: 0

DeviceID: Disk #0, Partition #1
PartitionType: Unknown
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 15.00GB
Starting Offset: 107375230976
Hidden sectors: 0

DeviceID: Disk #0, Partition #2
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 118.00GB
Starting Offset: 123481358336
Hidden sectors: 0

DeviceID: Disk #0, Partition #3
PartitionType: Unknown
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 0.00GB
Starting Offset: 250038190080
Hidden sectors: 0


< End of report >


I hope is fine.

By the way, when I try to switch off my computer it says that some programmes are still working.
And a weird box that changes colour appeared on my desktop(you can find a picture attached. I can move it, but not delete it, open it, cut it...

Thank you

Carlota

Attached Thumbnails

  • Weirdthing.jpg

  • 0

#5
Essexboy
Posted 14 March 2012 - 01:27 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Okay madame time to go on a killing spree I feel :ph34r:

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

If you have Malwarebytes 1.6 or better installed please disable it for the duration of this run

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O4 - HKCU..\Run: [Rxlclt] C:\Users\Carlota\AppData\Roaming\Rxlclt.exe ()
    [2012/03/14 15:31:28 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\rdpcorekmts.dll
    [2012/03/14 15:31:28 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\rdrmemptylst.exe
    [2012/03/14 15:31:27 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\rdpwsx.dll
    [2012/03/14 15:31:20 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\rdpcore.dll
    [2012/03/14 18:42:38 | 000,119,296 | ---- | M] () -- C:\Users\Carlota\AppData\Roaming\Rxlclt.exe
    [2012/03/14 17:34:46 | 000,055,808 | ---- | M] () -- C:\Users\Carlota\AppData\Roaming\7C11.exe
    [2012/03/14 14:42:22 | 000,055,808 | ---- | M] () -- C:\Users\Carlota\AppData\Roaming\B24.exe
    [2012/03/13 15:10:37 | 000,106,496 | ---- | M] () -- C:\Users\Carlota\AppData\Roaming\8B4E.exe
    [2012/03/13 02:06:46 | 000,106,496 | ---- | M] () -- C:\Users\Carlota\AppData\Roaming\2210.exe
    [2012/03/12 17:31:45 | 000,106,496 | ---- | M] () -- C:\Users\Carlota\AppData\Roaming\66AF.exe
    [2012/03/09 15:20:21 | 000,000,052 | ---- | M] () -- C:\Users\Carlota\Desktop\Xuventude.net.url
    [2012/03/09 12:57:27 | 000,106,496 | ---- | M] () -- C:\Users\Carlota\AppData\Roaming\13CE.exe
    [2012/03/08 21:33:00 | 000,106,496 | ---- | M] () -- C:\Users\Carlota\AppData\Roaming\9E71.exe
    [2012/03/08 12:44:14 | 000,106,496 | ---- | M] () -- C:\Users\Carlota\AppData\Roaming\E6B7.exe
    [2012/03/08 00:49:53 | 000,106,496 | ---- | M] () -- C:\Users\Carlota\AppData\Roaming\AB0E.exe
    [2012/03/07 12:32:36 | 000,019,310 | ---- | M] () -- C:\Users\Carlota\AppData\Roaming\33CD.exe
    [2012/03/06 21:14:06 | 000,055,808 | ---- | M] () -- C:\Users\Carlota\AppData\Roaming\C73C.exe
    [2012/03/06 17:23:13 | 000,055,808 | ---- | M] () -- C:\Users\Carlota\AppData\Roaming\6622.exe
    [2012/03/05 17:47:40 | 000,055,808 | ---- | M] () -- C:\Users\Carlota\AppData\Roaming\BD75.exe
    [2012/03/04 14:15:09 | 000,055,808 | ---- | M] () -- C:\Users\Carlota\AppData\Roaming\D1BF.exe
    [2012/03/03 22:44:41 | 000,055,808 | ---- | M] () -- C:\Users\Carlota\AppData\Roaming\4FC0.exe
    [2012/02/29 22:55:00 | 000,106,496 | ---- | M] () -- C:\Users\Carlota\AppData\Roaming\9F7A.exe
    [2012/02/25 16:56:30 | 000,106,496 | ---- | M] () -- C:\Users\Carlota\AppData\Roaming\2378.exe
    [2012/02/09 12:12:31 | 000,086,016 | ---- | M] () -- C:\Users\Carlota\AppData\Roaming\64D.exe
    [2012/02/07 22:22:20 | 000,086,016 | ---- | M] () -- C:\Users\Carlota\AppData\Roaming\9C57.exe
    [2012/02/06 22:38:42 | 000,086,016 | ---- | M] () -- C:\Users\Carlota\AppData\Roaming\3BD4.exe
    [2012/02/06 14:21:48 | 000,086,016 | ---- | M] () -- C:\Users\Carlota\AppData\Roaming\4FA6.exe
    [2012/02/05 11:29:36 | 000,086,016 | ---- | M] () -- C:\Users\Carlota\AppData\Roaming\4B14.exe
    [2012/02/04 11:39:47 | 000,086,016 | ---- | M] () -- C:\Users\Carlota\AppData\Roaming\4D17.exe
    [2012/02/03 18:24:55 | 000,086,016 | ---- | M] () -- C:\Users\Carlota\AppData\Roaming\5366.exe
    [2012/02/03 12:09:44 | 000,086,016 | ---- | M] () -- C:\Users\Carlota\AppData\Roaming\D633.exe
    [2012/01/29 21:13:47 | 000,106,496 | ---- | M] () -- C:\Users\Carlota\AppData\Roaming\1728.exe
    [2012/01/29 11:53:34 | 000,106,496 | ---- | M] () -- C:\Users\Carlota\AppData\Roaming\F9E8.exe


    :Files
    ipconfig /flushdns /c
    C:\Users\Carlota\AppData\Roaming\13CE.exe
    C:\Users\Carlota\AppData\Roaming\1728.exe
    C:\Users\Carlota\AppData\Roaming\2210.exe
    C:\Users\Carlota\AppData\Roaming\2378.exe
    C:\Users\Carlota\AppData\Roaming\2D08.tmp
    C:\Users\Carlota\AppData\Roaming\3AB7.tmp
    C:\Users\Carlota\AppData\Roaming\3BD4.exe
    C:\Users\Carlota\AppData\Roaming\3F1C.tmp
    C:\Users\Carlota\AppData\Roaming\4105.tmp
    C:\Users\Carlota\AppData\Roaming\4B14.exe
    C:\Users\Carlota\AppData\Roaming\4D17.exe
    C:\Users\Carlota\AppData\Roaming\4D19.tmp
    C:\Users\Carlota\AppData\Roaming\4FA6.exe
    C:\Users\Carlota\AppData\Roaming\4FC0.exe
    C:\Users\Carlota\AppData\Roaming\535D.tmp
    C:\Users\Carlota\AppData\Roaming\5366.exe
    C:\Users\Carlota\AppData\Roaming\64D.exe
    C:\Users\Carlota\AppData\Roaming\65A5.tmp
    C:\Users\Carlota\AppData\Roaming\6622.exe
    C:\Users\Carlota\AppData\Roaming\66AF.exe
    C:\Users\Carlota\AppData\Roaming\7483.tmp
    C:\Users\Carlota\AppData\Roaming\878.exe
    C:\Users\Carlota\AppData\Roaming\8B4E.exe
    C:\Users\Carlota\AppData\Roaming\9923.tmp
    C:\Users\Carlota\AppData\Roaming\9C57.exe
    C:\Users\Carlota\AppData\Roaming\9E71.exe
    C:\Users\Carlota\AppData\Roaming\9F7A.exe
    C:\Users\Carlota\AppData\Roaming\AB0E.exe
    C:\Users\Carlota\AppData\Roaming\AD7D.tmp
    C:\Users\Carlota\AppData\Roaming\B5A7.tmp
    C:\Users\Carlota\AppData\Roaming\BD75.exe
    C:\Users\Carlota\AppData\Roaming\C73C.exe
    C:\Users\Carlota\AppData\Roaming\D1BF.exe
    C:\Users\Carlota\AppData\Roaming\D633.exe
    C:\Users\Carlota\AppData\Roaming\E6B7.exe
    C:\Users\Carlota\AppData\Roaming\F9E8.exe
    C:\Users\Carlota\AppData\Roaming\7C11.exe

    :Commands
    [emptytemp]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.



Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
  • 0

#6
KatyRego
Posted 15 March 2012 - 05:01 PM

KatyRego

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Hello Essexboy,

This is the log from OTL:


All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Rxlclt not found.
File C:\Users\Carlota\AppData\Roaming\Rxlclt.exe not found.
File move failed. C:\Windows\System32\rdpcorekmts.dll scheduled to be moved on reboot.
File move failed. C:\Windows\System32\rdrmemptylst.exe scheduled to be moved on reboot.
File move failed. C:\Windows\System32\rdpwsx.dll scheduled to be moved on reboot.
File move failed. C:\Windows\System32\rdpcore.dll scheduled to be moved on reboot.
File C:\Users\Carlota\AppData\Roaming\Rxlclt.exe not found.
C:\Users\Carlota\AppData\Roaming\7C11.exe moved successfully.
C:\Users\Carlota\AppData\Roaming\B24.exe moved successfully.
C:\Users\Carlota\AppData\Roaming\8B4E.exe moved successfully.
C:\Users\Carlota\AppData\Roaming\2210.exe moved successfully.
C:\Users\Carlota\AppData\Roaming\66AF.exe moved successfully.
C:\Users\Carlota\Desktop\Xuventude.net.url moved successfully.
C:\Users\Carlota\AppData\Roaming\13CE.exe moved successfully.
C:\Users\Carlota\AppData\Roaming\9E71.exe moved successfully.
C:\Users\Carlota\AppData\Roaming\E6B7.exe moved successfully.
C:\Users\Carlota\AppData\Roaming\AB0E.exe moved successfully.
C:\Users\Carlota\AppData\Roaming\33CD.exe moved successfully.
C:\Users\Carlota\AppData\Roaming\C73C.exe moved successfully.
C:\Users\Carlota\AppData\Roaming\6622.exe moved successfully.
C:\Users\Carlota\AppData\Roaming\BD75.exe moved successfully.
C:\Users\Carlota\AppData\Roaming\D1BF.exe moved successfully.
C:\Users\Carlota\AppData\Roaming\4FC0.exe moved successfully.
C:\Users\Carlota\AppData\Roaming\9F7A.exe moved successfully.
C:\Users\Carlota\AppData\Roaming\2378.exe moved successfully.
C:\Users\Carlota\AppData\Roaming\64D.exe moved successfully.
C:\Users\Carlota\AppData\Roaming\9C57.exe moved successfully.
C:\Users\Carlota\AppData\Roaming\3BD4.exe moved successfully.
C:\Users\Carlota\AppData\Roaming\4FA6.exe moved successfully.
C:\Users\Carlota\AppData\Roaming\4B14.exe moved successfully.
C:\Users\Carlota\AppData\Roaming\4D17.exe moved successfully.
C:\Users\Carlota\AppData\Roaming\5366.exe moved successfully.
C:\Users\Carlota\AppData\Roaming\D633.exe moved successfully.
C:\Users\Carlota\AppData\Roaming\1728.exe moved successfully.
C:\Users\Carlota\AppData\Roaming\F9E8.exe moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Configuraci¢n IP de Windows
Se vaci¢ correctamente la cach‚ de resoluci¢n de DNS.
C:\Users\Carlota\Downloads\cmd.bat deleted successfully.
C:\Users\Carlota\Downloads\cmd.txt deleted successfully.
File\Folder C:\Users\Carlota\AppData\Roaming\13CE.exe not found.
File\Folder C:\Users\Carlota\AppData\Roaming\1728.exe not found.
File\Folder C:\Users\Carlota\AppData\Roaming\2210.exe not found.
File\Folder C:\Users\Carlota\AppData\Roaming\2378.exe not found.
C:\Users\Carlota\AppData\Roaming\2D08.tmp moved successfully.
C:\Users\Carlota\AppData\Roaming\3AB7.tmp moved successfully.
File\Folder C:\Users\Carlota\AppData\Roaming\3BD4.exe not found.
C:\Users\Carlota\AppData\Roaming\3F1C.tmp moved successfully.
C:\Users\Carlota\AppData\Roaming\4105.tmp moved successfully.
File\Folder C:\Users\Carlota\AppData\Roaming\4B14.exe not found.
File\Folder C:\Users\Carlota\AppData\Roaming\4D17.exe not found.
C:\Users\Carlota\AppData\Roaming\4D19.tmp moved successfully.
File\Folder C:\Users\Carlota\AppData\Roaming\4FA6.exe not found.
File\Folder C:\Users\Carlota\AppData\Roaming\4FC0.exe not found.
C:\Users\Carlota\AppData\Roaming\535D.tmp moved successfully.
File\Folder C:\Users\Carlota\AppData\Roaming\5366.exe not found.
File\Folder C:\Users\Carlota\AppData\Roaming\64D.exe not found.
C:\Users\Carlota\AppData\Roaming\65A5.tmp moved successfully.
File\Folder C:\Users\Carlota\AppData\Roaming\6622.exe not found.
File\Folder C:\Users\Carlota\AppData\Roaming\66AF.exe not found.
C:\Users\Carlota\AppData\Roaming\7483.tmp moved successfully.
C:\Users\Carlota\AppData\Roaming\878.exe moved successfully.
File\Folder C:\Users\Carlota\AppData\Roaming\8B4E.exe not found.
C:\Users\Carlota\AppData\Roaming\9923.tmp moved successfully.
File\Folder C:\Users\Carlota\AppData\Roaming\9C57.exe not found.
File\Folder C:\Users\Carlota\AppData\Roaming\9E71.exe not found.
File\Folder C:\Users\Carlota\AppData\Roaming\9F7A.exe not found.
File\Folder C:\Users\Carlota\AppData\Roaming\AB0E.exe not found.
C:\Users\Carlota\AppData\Roaming\AD7D.tmp moved successfully.
C:\Users\Carlota\AppData\Roaming\B5A7.tmp moved successfully.
File\Folder C:\Users\Carlota\AppData\Roaming\BD75.exe not found.
File\Folder C:\Users\Carlota\AppData\Roaming\C73C.exe not found.
File\Folder C:\Users\Carlota\AppData\Roaming\D1BF.exe not found.
File\Folder C:\Users\Carlota\AppData\Roaming\D633.exe not found.
File\Folder C:\Users\Carlota\AppData\Roaming\E6B7.exe not found.
File\Folder C:\Users\Carlota\AppData\Roaming\F9E8.exe not found.
File\Folder C:\Users\Carlota\AppData\Roaming\7C11.exe not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Carlota
->Temp folder emptied: 58529001 bytes
->Temporary Internet Files folder emptied: 66364308 bytes
->Java cache emptied: 52925 bytes
->FireFox cache emptied: 49281452 bytes
->Google Chrome cache emptied: 377127644 bytes
->Flash cache emptied: 53066 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 321 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 51014 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 526.00 mb



OTL by OldTimer - Version 3.2.36.1 log created on 03152012_235047

Files\Folders moved on Reboot...
File move failed. C:\Windows\System32\rdpcorekmts.dll scheduled to be moved on reboot.
File move failed. C:\Windows\System32\rdrmemptylst.exe scheduled to be moved on reboot.
File move failed. C:\Windows\System32\rdpwsx.dll scheduled to be moved on reboot.
File move failed. C:\Windows\System32\rdpcore.dll scheduled to be moved on reboot.
C:\windows\temp\HS.log moved successfully.

Registry entries deleted on Reboot...
  • 0

#7
KatyRego
Posted 15 March 2012 - 05:23 PM

KatyRego

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
And this one:


OTL logfile created on: 3/16/2012 12:06:40 AM - Run 2
OTL by OldTimer - Version 3.2.36.1 Folder = C:\Users\Carlota\Downloads
Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: España | Language: ESN | Date Format: dd/MM/yyyy

1014.18 Mb Total Physical Memory | 157.67 Mb Available Physical Memory | 15.55% Memory free
1.99 Gb Paging File | 0.89 Gb Available in Paging File | 44.55% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 100.00 Gb Total Space | 65.93 Gb Free Space | 65.93% Space Free | Partition Type: NTFS
Drive D: | 117.87 Gb Total Space | 40.12 Gb Free Space | 34.04% Space Free | Partition Type: NTFS

Computer Name: CARLOTA-PC | User Name: Carlota | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/10 10:21:44 | 001,049,072 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2012/03/08 23:53:16 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Users\Carlota\Downloads\OTL.exe
PRC - [2012/03/07 01:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/03/07 01:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/01/13 14:53:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/01/12 18:09:52 | 000,353,144 | ---- | M] (Telefónica I+D) -- C:\Program Files\Movistar\Nori\Nori.exe
PRC - [2010/12/21 13:11:56 | 004,004,216 | ---- | M] (Telefónica I+D) -- C:\Program Files\Movistar\Escritorio Movistar\EMMSN.exe
PRC - [2010/11/20 13:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/10/09 09:51:48 | 000,736,040 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
PRC - [2010/09/29 14:08:58 | 000,200,624 | ---- | M] (Telefónica I+D) -- C:\Program Files\Movistar\Escritorio Movistar\ImpWiFiSvc.exe
PRC - [2010/06/09 22:26:34 | 000,412,600 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\SHE\SuperHybridEngine.exe
PRC - [2010/06/04 03:40:30 | 001,242,544 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\HotkeyService\HotkeyService.exe
PRC - [2010/05/29 00:41:36 | 000,445,344 | ---- | M] (ASUS) -- C:\Program Files\EeePC\CapsHook\CapsHook.exe
PRC - [2010/04/13 03:37:47 | 000,083,240 | ---- | M] (Synaptics Incorporated) -- C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe
PRC - [2010/02/23 11:47:04 | 001,024,368 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
PRC - [2010/01/29 19:18:52 | 000,751,592 | ---- | M] () -- C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe
PRC - [2010/01/15 13:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/09/11 19:41:02 | 000,100,328 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe
PRC - [2009/08/19 01:35:56 | 000,219,136 | ---- | M] () -- C:\Windows\System32\AsusService.exe
PRC - [2009/08/03 00:05:24 | 000,795,936 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2009/08/03 00:05:24 | 000,582,944 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
PRC - [2009/06/05 03:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/06/05 03:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
PRC - [2009/01/26 15:31:16 | 002,144,088 | RHS- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe


========== Modules (No Company Name) ==========

MOD - [2012/03/10 10:21:42 | 000,429,040 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\17.0.963.79\ppGoogleNaClPluginChrome.dll
MOD - [2012/03/10 10:21:41 | 003,772,912 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\17.0.963.79\pdf.dll
MOD - [2012/03/10 10:20:17 | 000,122,880 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\17.0.963.79\avutil-51.dll
MOD - [2012/03/10 10:20:16 | 000,220,672 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\17.0.963.79\avformat-53.dll
MOD - [2012/03/10 10:20:15 | 001,747,456 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\17.0.963.79\avcodec-53.dll
MOD - [2011/01/20 15:49:38 | 000,021,880 | ---- | M] () -- C:\Program Files\Movistar\Escritorio Movistar\langs\es_ES_md.dll
MOD - [2011/01/12 18:10:02 | 000,201,080 | ---- | M] () -- C:\Program Files\Movistar\Nori\legplgs\plgalc.dll
MOD - [2011/01/12 18:09:56 | 000,240,504 | ---- | M] () -- C:\Program Files\Movistar\Nori\legplgs\plghwi.dll
MOD - [2011/01/12 18:09:54 | 000,190,840 | ---- | M] () -- C:\Program Files\Movistar\Nori\legplgs\plgati.dll
MOD - [2010/12/21 13:11:56 | 000,125,304 | ---- | M] () -- C:\Program Files\Movistar\Escritorio Movistar\AgendaLib.dll
MOD - [2010/12/01 17:29:54 | 000,508,760 | ---- | M] () -- C:\Program Files\Movistar\Escritorio Movistar\sqlite3.dll
MOD - [2010/07/08 01:16:06 | 002,623,920 | ---- | M] () -- C:\Program Files\Movistar\Escritorio Movistar\EMSVideoTelLib.DLL
MOD - [2009/08/03 00:05:40 | 000,132,384 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll
MOD - [2009/07/14 02:15:45 | 000,364,544 | ---- | M] () -- C:\Windows\System32\msjetoledb40.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/03/07 01:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/10/09 09:51:48 | 000,736,040 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe -- (SfCtlCom)
SRV - [2010/09/29 14:08:58 | 000,200,624 | ---- | M] (Telefónica I+D) [Auto | Running] -- C:\Program Files\Movistar\Escritorio Movistar\ImpWiFiSvc.exe -- (TGCM_ImportWiFiSvc)
SRV - [2010/04/27 05:13:50 | 000,689,416 | ---- | M] (Trend Micro Inc.) [On_Demand | Stopped] -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe -- (TmProxy)
SRV - [2010/04/27 05:13:48 | 000,497,008 | ---- | M] (Trend Micro Inc.) [On_Demand | Stopped] -- C:\Program Files\Trend Micro\Internet Security\TmPfw.exe -- (TmPfw)
SRV - [2010/04/27 05:13:37 | 000,345,352 | ---- | M] (Trend Micro Inc.) [On_Demand | Stopped] -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe -- (TMBMServer)
SRV - [2010/01/15 13:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/08/19 01:35:56 | 000,219,136 | ---- | M] () [Auto | Running] -- C:\Windows\System32\AsusService.exe -- (AsusService)
SRV - [2009/08/03 00:05:24 | 000,582,944 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009/07/14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2009/06/05 03:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON) Intel®
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)


========== Driver Services (SafeList) ==========

DRV - [2012/03/07 01:03:51 | 000,612,184 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/03/07 01:03:38 | 000,337,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/03/07 01:02:14 | 000,044,376 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\System32\Drivers\aswrdr2.sys -- (aswRdr)
DRV - [2012/03/07 01:01:53 | 000,053,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/03/07 01:01:48 | 000,057,688 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2012/03/07 01:01:30 | 000,020,696 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/01/13 03:54:16 | 000,073,344 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV - [2010/12/24 04:48:26 | 000,193,792 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2010/12/23 02:46:46 | 000,353,280 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ewusbwwan.sys -- (ewusbmbb)
DRV - [2010/11/20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/10/08 09:55:06 | 000,025,856 | ---- | M] (Huawei Tech. Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ewdcsc.sys -- (Huawei)
DRV - [2010/07/30 18:29:10 | 000,249,424 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmxpflt.sys -- (tmxpflt)
DRV - [2010/07/30 18:29:00 | 000,036,432 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmpreflt.sys -- (tmpreflt)
DRV - [2010/07/30 18:06:08 | 001,331,512 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vsapint.sys -- (vsapint)
DRV - [2010/07/27 02:52:02 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV - [2010/07/19 19:03:10 | 000,059,472 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tmactmon.sys -- (tmactmon)
DRV - [2010/07/19 19:03:00 | 000,051,792 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tmevtmgr.sys -- (tmevtmgr)
DRV - [2010/07/19 19:02:54 | 000,163,408 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2010/06/10 14:14:32 | 000,011,520 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\AsUpIO.sys -- (AsUpIO)
DRV - [2010/04/27 05:13:37 | 000,089,872 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\tmtdi.sys -- (tmtdi)
DRV - [2010/04/27 05:13:36 | 000,283,152 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tmwfp.sys -- (tmwfp)
DRV - [2010/04/27 05:13:36 | 000,146,448 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tmlwf.sys -- (tmlwf)
DRV - [2010/04/13 03:39:17 | 000,051,712 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C) NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20)
DRV - [2010/04/13 03:36:46 | 000,043,944 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btusbflt.sys -- (btusbflt)
DRV - [2010/04/13 03:36:12 | 000,013,880 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\kbfiltr.sys -- (kbfiltr)
DRV - [2009/10/05 17:31:50 | 001,221,632 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/07/14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/14 00:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\serial.sys -- (Serial)
DRV - [2007/10/12 02:00:44 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2007/10/12 01:56:22 | 000,490,776 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LV561AV.SYS -- (PID_0928) Logitech QuickCam Express(PID_0928)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://eeepc.asus.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homitrlz.in
IE - HKCU\..\SearchScopes,DefaultScope = {02D4E505-7C9D-4937-AF3E-5394EBA7D90B}
IE - HKCU\..\SearchScopes\{02D4E505-7C9D-4937-AF3E-5394EBA7D90B}: "URL" = http://www.google.co...q={searchTerms}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://homitrlz.in"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/03/14 19:52:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/06 19:02:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011/06/06 19:19:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Carlota\AppData\Roaming\mozilla\Extensions
[2012/03/07 12:56:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2012/03/07 12:56:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2011/04/14 17:43:44 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/01/01 09:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010/01/01 09:00:00 | 000,003,996 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\drae.xml
[2010/01/01 09:00:00 | 000,001,143 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-es.xml
[2010/01/01 09:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-es.xml
[2010/01/01 09:00:00 | 000,001,102 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-es.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Carlota\AppData\Local\Google\Chrome\Application\16.0.912.77\gcswf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U24 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Carlota\AppData\Local\Google\Chrome\Application\16.0.912.77\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Carlota\AppData\Local\Google\Chrome\Application\16.0.912.77\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Carlota\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Carlota\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\
CHR - Extension: YouTube = C:\Users\Carlota\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: B\u00FAsqueda de Google = C:\Users\Carlota\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\
CHR - Extension: No name found = C:\Users\Carlota\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\
CHR - Extension: MegaSkipper = C:\Users\Carlota\AppData\Local\Google\Chrome\User Data\Default\Extensions\phlpjnmkcepflfoglccifhajagahaglm\19.63_0\
CHR - Extension: Gmail = C:\Users\Carlota\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/06/10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [ASUSPRP] C:\Program Files\ASUS\APRP\APRP.EXE (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CapsHook] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [Eee Docking] C:\Program Files\ASUS\Eee Docking\Eee Docking.exe ()
O4 - HKLM..\Run: [HotkeyMon] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [HotkeyService] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LiveUpdate] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SuperHybridEngine] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [SynAsusAcpi] C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated)
O4 - HKLM..\Run: [UfSeAgnt.exe] C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe (Trend Micro Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B9D41F3B-D735-4E65-ACA2-0C35549AAD78}: NameServer = 80.58.61.250 80.58.61.254
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{280786e7-c1eb-11e0-b63c-bcaec5139627}\Shell - "" = AutoRun
O33 - MountPoints2\{280786e7-c1eb-11e0-b63c-bcaec5139627}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{c3abe024-fc93-11e0-8f05-bcaec5139627}\Shell - "" = AutoRun
O33 - MountPoints2\{c3abe024-fc93-11e0-8f05-bcaec5139627}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{dbcedf2d-aad3-11e0-a7fc-bcaec5139627}\Shell - "" = AutoRun
O33 - MountPoints2\{dbcedf2d-aad3-11e0-a7fc-bcaec5139627}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/15 23:50:47 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/03/14 20:17:06 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ntkrnlpa.exe
[2012/03/14 20:17:03 | 003,913,584 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ntoskrnl.exe
[2012/03/14 19:52:47 | 000,337,880 | ---- | C] (AVAST Software) -- C:\windows\System32\drivers\aswSP.sys
[2012/03/14 19:52:47 | 000,020,696 | ---- | C] (AVAST Software) -- C:\windows\System32\drivers\aswFsBlk.sys
[2012/03/14 19:52:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012/03/14 19:52:43 | 000,044,376 | ---- | C] (AVAST Software) -- C:\windows\System32\drivers\aswRdr2.sys
[2012/03/14 19:52:42 | 000,053,848 | ---- | C] (AVAST Software) -- C:\windows\System32\drivers\aswTdi.sys
[2012/03/14 19:52:41 | 000,612,184 | ---- | C] (AVAST Software) -- C:\windows\System32\drivers\aswSnx.sys
[2012/03/14 19:52:40 | 000,057,688 | ---- | C] (AVAST Software) -- C:\windows\System32\drivers\aswMonFlt.sys
[2012/03/14 19:51:26 | 000,041,184 | ---- | C] (AVAST Software) -- C:\windows\avastSS.scr
[2012/03/14 19:51:24 | 000,201,352 | ---- | C] (AVAST Software) -- C:\windows\System32\aswBoot.exe
[2012/03/14 19:50:47 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012/03/14 19:50:47 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/03/14 17:40:03 | 002,343,424 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\win32k.sys
[2012/03/14 17:40:01 | 001,077,248 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\DWrite.dll
[2012/03/14 15:31:28 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\rdpcorekmts.dll
[2012/03/14 15:31:28 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\rdrmemptylst.exe
[2012/03/14 15:31:27 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\rdpwsx.dll
[2012/03/14 15:31:20 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\rdpcore.dll
[2012/03/09 02:05:16 | 000,000,000 | ---D | C] -- C:\Users\Carlota\Desktop\Limpiadores
[2012/03/09 01:47:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/03/09 01:16:32 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/03/09 01:13:27 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2012/03/08 23:27:52 | 000,000,000 | ---D | C] -- C:\Users\Carlota\AppData\Roaming\GlarySoft
[2012/03/08 23:14:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities
[2012/03/08 23:14:31 | 000,000,000 | ---D | C] -- C:\Program Files\Glary Utilities
[2012/03/08 21:46:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012/03/08 21:46:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/03/08 21:46:21 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2012/03/08 15:55:54 | 000,000,000 | ---D | C] -- C:\Users\Carlota\AppData\Roaming\Malwarebytes
[2012/03/08 15:55:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/03/08 15:55:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/03/08 15:55:30 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2012/03/08 15:55:30 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/03/07 13:09:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/03/07 12:56:44 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\System32\javaws.exe
[2012/03/07 12:56:44 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\System32\javaw.exe
[2012/03/07 12:56:44 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\System32\java.exe
[2012/03/07 12:56:07 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012/03/01 23:33:13 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieui.dll
[2012/03/01 23:33:13 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msrating.dll
[2012/03/01 23:33:13 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msls31.dll
[2012/03/01 23:33:13 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieakeng.dll
[2012/03/01 23:33:13 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\IEAdvpack.dll
[2012/03/01 23:33:13 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iesysprep.dll
[2012/03/01 23:33:13 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\SetIEInstalledDate.exe
[2012/03/01 23:33:13 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\RegisterIEPKEYs.exe
[2012/03/01 23:33:13 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jsproxy.dll
[2012/03/01 23:33:13 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mshtmler.dll
[2012/03/01 23:33:13 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeedsbs.dll
[2012/03/01 23:33:13 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeedssync.exe
[2012/03/01 23:33:12 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieapfltr.dat
[2012/03/01 23:33:12 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieapfltr.dll
[2012/03/01 23:33:12 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\html.iec
[2012/03/01 23:33:12 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dxtmsft.dll
[2012/03/01 23:33:12 | 000,353,584 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iedkcs32.dll
[2012/03/01 23:33:12 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\url.dll
[2012/03/01 23:33:12 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dxtrans.dll
[2012/03/01 23:33:12 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iesetup.dll
[2012/03/01 23:33:12 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ie4uinit.exe
[2012/03/01 23:33:12 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iernonce.dll
[2012/03/01 23:33:11 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\inetcpl.cpl
[2012/03/01 23:33:11 | 000,580,608 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeeds.dll
[2012/03/01 23:33:11 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wextract.exe
[2012/03/01 23:33:11 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iexpress.exe
[2012/03/01 23:33:11 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\inseng.dll
[2012/03/01 23:33:11 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\licmgr10.dll
[2012/03/01 23:33:09 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mshtml.tlb
[2012/03/01 23:33:09 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieaksie.dll
[2012/03/01 23:33:09 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieUnatt.exe
[2012/03/01 23:33:09 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\admparse.dll
[2012/03/01 23:33:09 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\pngfilt.dll
[2012/03/01 23:33:08 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieakui.dll
[2012/03/01 23:33:05 | 001,798,656 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jscript9.dll
[2012/03/01 23:33:05 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iepeers.dll
[2012/03/01 23:33:05 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\imgutil.dll
[2012/02/25 17:24:39 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\timedate.cpl
[2012/02/25 10:39:17 | 000,000,000 | R--D | C] -- C:\Users\Carlota\Saved Games
[2012/02/20 22:49:38 | 000,000,000 | ---D | C] -- C:\windows\System32\SPReview
[2012/02/20 22:47:26 | 000,000,000 | ---D | C] -- C:\Users\Carlota\Documents\Bluetooth Exchange Folder
[2 C:\Users\Carlota\AppData\Roaming\*.tmp files -> C:\Users\Carlota\AppData\Roaming\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/03/16 00:02:22 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/16 00:02:22 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/16 00:00:43 | 000,703,840 | ---- | M] () -- C:\windows\System32\perfh00A.dat
[2012/03/16 00:00:43 | 000,616,008 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2012/03/16 00:00:43 | 000,137,806 | ---- | M] () -- C:\windows\System32\perfc00A.dat
[2012/03/16 00:00:43 | 000,106,388 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2012/03/15 23:55:50 | 000,001,086 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/15 23:55:49 | 000,000,316 | ---- | M] () -- C:\windows\tasks\GlaryInitialize.job
[2012/03/15 23:54:32 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/03/15 23:54:24 | 797,581,312 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/15 23:23:02 | 000,001,090 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/14 21:18:42 | 000,428,752 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2012/03/14 19:52:48 | 000,001,998 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/03/14 19:52:40 | 000,002,577 | ---- | M] () -- C:\windows\System32\config.nt
[2012/03/14 19:48:02 | 074,761,776 | ---- | M] () -- C:\Users\Carlota\Desktop\avast_free_antivirus_setup.exe
[2012/03/14 15:10:41 | 000,312,065 | ---- | M] () -- C:\Users\Carlota\Desktop\bolsas investigación.pdf
[2012/03/08 21:36:45 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerCPLApp.cpl
[2012/03/07 12:56:12 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\System32\deployJava1.dll
[2012/03/07 12:56:12 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\System32\javaws.exe
[2012/03/07 12:56:12 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\System32\javaw.exe
[2012/03/07 12:56:12 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\System32\java.exe
[2012/03/07 01:15:19 | 000,041,184 | ---- | M] (AVAST Software) -- C:\windows\avastSS.scr
[2012/03/07 01:15:14 | 000,201,352 | ---- | M] (AVAST Software) -- C:\windows\System32\aswBoot.exe
[2012/03/07 01:03:51 | 000,612,184 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswSnx.sys
[2012/03/07 01:03:38 | 000,337,880 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswSP.sys
[2012/03/07 01:02:14 | 000,044,376 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswRdr2.sys
[2012/03/07 01:01:53 | 000,053,848 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswTdi.sys
[2012/03/07 01:01:48 | 000,057,688 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswMonFlt.sys
[2012/03/07 01:01:30 | 000,020,696 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswFsBlk.sys
[2012/03/04 15:11:51 | 000,000,073 | ---- | M] () -- C:\Users\Carlota\Desktop\VNU Servicio Voluntariado en Línea - Inicio.url
[2012/03/01 23:33:13 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\ieui.dll
[2012/03/01 23:33:13 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\msrating.dll
[2012/03/01 23:33:13 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\msls31.dll
[2012/03/01 23:33:13 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\ieakeng.dll
[2012/03/01 23:33:13 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\IEAdvpack.dll
[2012/03/01 23:33:13 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\iesysprep.dll
[2012/03/01 23:33:13 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\SetIEInstalledDate.exe
[2012/03/01 23:33:13 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\RegisterIEPKEYs.exe
[2012/03/01 23:33:13 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\jsproxy.dll
[2012/03/01 23:33:13 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\mshtmler.dll
[2012/03/01 23:33:13 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\msfeedsbs.dll
[2012/03/01 23:33:13 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\msfeedssync.exe
[2012/03/01 23:33:12 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\ieapfltr.dat
[2012/03/01 23:33:12 | 001,427,456 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\inetcpl.cpl
[2012/03/01 23:33:12 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\ieapfltr.dll
[2012/03/01 23:33:12 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\html.iec
[2012/03/01 23:33:12 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dxtmsft.dll
[2012/03/01 23:33:12 | 000,353,584 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\iedkcs32.dll
[2012/03/01 23:33:12 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\url.dll
[2012/03/01 23:33:12 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dxtrans.dll
[2012/03/01 23:33:12 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\iesetup.dll
[2012/03/01 23:33:12 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\ie4uinit.exe
[2012/03/01 23:33:12 | 000,072,822 | ---- | M] () -- C:\windows\System32\ieuinit.inf
[2012/03/01 23:33:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\iernonce.dll
[2012/03/01 23:33:11 | 000,580,608 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\msfeeds.dll
[2012/03/01 23:33:11 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\wextract.exe
[2012/03/01 23:33:11 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\iexpress.exe
[2012/03/01 23:33:11 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\inseng.dll
[2012/03/01 23:33:11 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\licmgr10.dll
[2012/03/01 23:33:10 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\mshtml.tlb
[2012/03/01 23:33:09 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\ieaksie.dll
[2012/03/01 23:33:09 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\ieakui.dll
[2012/03/01 23:33:09 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\ieUnatt.exe
[2012/03/01 23:33:09 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\admparse.dll
[2012/03/01 23:33:09 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\pngfilt.dll
[2012/03/01 23:33:08 | 001,798,656 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\jscript9.dll
[2012/03/01 23:33:05 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\iepeers.dll
[2012/03/01 23:33:05 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\imgutil.dll
[2012/03/01 00:48:15 | 000,000,123 | ---- | M] () -- C:\Users\Carlota\Desktop\Webinar Internet, herramienta útil para encontrar trabajo.url
[2012/02/29 23:06:12 | 000,045,601 | ---- | M] () -- C:\Users\Carlota\Desktop\comercio_internacional.pdf
[2012/02/23 09:18:36 | 000,237,072 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\MpSigStub.exe
[2012/02/20 23:33:31 | 000,152,576 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\msclmd.dll
[2012/02/17 06:34:22 | 000,826,880 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\rdpcore.dll
[2 C:\Users\Carlota\AppData\Roaming\*.tmp files -> C:\Users\Carlota\AppData\Roaming\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/03/14 19:52:48 | 000,001,998 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/03/14 19:47:07 | 074,761,776 | ---- | C] () -- C:\Users\Carlota\Desktop\avast_free_antivirus_setup.exe
[2012/03/14 15:10:27 | 000,312,065 | ---- | C] () -- C:\Users\Carlota\Desktop\bolsas investigación.pdf
[2012/03/09 01:13:44 | 000,001,090 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/09 01:13:42 | 000,001,086 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/08 23:14:48 | 000,000,316 | ---- | C] () -- C:\windows\tasks\GlaryInitialize.job
[2012/03/04 15:11:51 | 000,000,073 | ---- | C] () -- C:\Users\Carlota\Desktop\VNU Servicio Voluntariado en Línea - Inicio.url
[2012/03/01 23:33:12 | 000,072,822 | ---- | C] () -- C:\windows\System32\ieuinit.inf
[2012/03/01 00:48:15 | 000,000,123 | ---- | C] () -- C:\Users\Carlota\Desktop\Webinar Internet, herramienta útil para encontrar trabajo.url
[2012/02/29 23:06:28 | 000,045,601 | ---- | C] () -- C:\Users\Carlota\Desktop\comercio_internacional.pdf
[2011/03/09 13:29:42 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/03/09 13:16:36 | 000,000,117 | ---- | C] () -- C:\windows\TmPfw.ini
[2011/03/09 13:14:58 | 000,006,144 | ---- | C] () -- C:\windows\System32\drivers\ASUSHWIO.SYS
[2011/03/09 12:58:32 | 000,004,692 | ---- | C] () -- C:\windows\System32\drivers\SamSfPa.dat
[2011/03/09 12:58:32 | 000,000,008 | ---- | C] () -- C:\windows\System32\drivers\rtkhdaud.dat
[2010/06/24 21:36:05 | 000,129,472 | ---- | C] () -- C:\windows\TISReg.exe
[2010/06/24 21:16:02 | 000,219,136 | ---- | C] () -- C:\windows\System32\AsusService.exe
[2010/06/24 21:16:02 | 000,025,616 | ---- | C] () -- C:\windows\AsAcpiSvrLang.ini
[2010/06/24 21:14:21 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe
[2010/06/24 21:12:36 | 000,011,520 | ---- | C] () -- C:\windows\System32\drivers\AsUpIO.sys
[2010/06/24 21:07:33 | 000,013,931 | ---- | C] () -- C:\windows\System32\RaCoInst.dat
[2010/04/13 03:36:12 | 000,013,880 | ---- | C] ( ) -- C:\windows\System32\drivers\kbfiltr.sys

< End of report >
  • 0

#8
KatyRego
Posted 15 March 2012 - 07:17 PM

KatyRego

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Combofix log:


ComboFix 12-03-15.03 - Carlota 16/03/2012 1:23.1.2 - x86
Microsoft Windows 7 Starter 6.1.7601.1.1252.34.3082.18.1014.292 [GMT 1:00]
Running from: c:\users\Carlota\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Trend Micro Internet Security *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
FW: Trend Micro Personal Firewall *Disabled* {70A91CD9-303D-A217-A80E-6DEE136EDB2B}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Trend Micro Internet Security *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\FullRemove.exe
c:\users\Carlota\AppData\Roaming\9686.tmp
c:\users\Carlota\AppData\Roaming\F38E.tmp
c:\windows\system32\service
c:\windows\system32\service\09032012_TIS17_SfFniAU.log
c:\windows\system32\service\18042011_TIS17_SfFniAU.log
c:\windows\system32\service\22032011_TIS17_PccScan.log
c:\windows\system32\service\28032011_TIS17_PccScan.log
c:\windows\system32\Thumbs.db
.
.
((((((((((((((((((((((((( Files Created from 2012-02-16 to 2012-03-16 )))))))))))))))))))))))))))))))
.
.
2012-03-16 01:02 . 2012-03-16 01:03 -------- d-----w- c:\users\Carlota\AppData\Local\temp
2012-03-16 01:02 . 2012-03-16 01:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-15 23:34 . 2012-03-15 23:34 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DB217D68-ED5E-445D-AD4D-5A9734B06B32}\offreg.dll
2012-03-15 22:50 . 2012-03-15 22:50 -------- d-----w- C:\_OTL
2012-03-14 19:17 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-14 19:17 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-14 18:52 . 2012-03-07 00:03 337880 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-03-14 18:52 . 2012-03-07 00:01 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-03-14 18:52 . 2012-03-07 00:02 44376 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-03-14 18:52 . 2012-03-07 00:01 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-03-14 18:52 . 2012-03-07 00:03 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-03-14 18:52 . 2012-03-07 00:01 57688 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-03-14 18:51 . 2012-03-07 00:15 41184 ----a-w- c:\windows\avastSS.scr
2012-03-14 18:51 . 2012-03-07 00:15 201352 ----a-w- c:\windows\system32\aswBoot.exe
2012-03-14 18:50 . 2012-03-14 18:50 -------- d-----w- c:\programdata\AVAST Software
2012-03-14 18:50 . 2012-03-14 18:50 -------- d-----w- c:\program files\AVAST Software
2012-03-14 16:40 . 2012-02-03 03:54 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 16:40 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 14:31 . 2012-01-25 05:32 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-14 14:31 . 2012-01-25 05:27 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-14 14:31 . 2012-01-25 05:32 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-14 14:31 . 2012-02-17 05:34 826880 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-14 14:31 . 2012-02-17 04:14 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-14 14:31 . 2012-02-17 04:13 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-13 14:18 . 2012-02-08 06:03 6552120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DB217D68-ED5E-445D-AD4D-5A9734B06B32}\mpengine.dll
2012-03-09 00:16 . 2012-03-09 00:16 -------- d-----w- c:\program files\CCleaner
2012-03-09 00:13 . 2012-03-09 00:47 -------- d-----w- c:\program files\Google
2012-03-08 22:27 . 2012-03-08 22:27 -------- d-----w- c:\users\Carlota\AppData\Roaming\GlarySoft
2012-03-08 22:14 . 2012-03-08 22:14 -------- d-----w- c:\program files\Glary Utilities
2012-03-08 20:46 . 2012-03-08 21:50 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-03-08 20:46 . 2012-03-08 20:46 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-03-08 14:55 . 2012-03-08 14:55 -------- d-----w- c:\users\Carlota\AppData\Roaming\Malwarebytes
2012-03-08 14:55 . 2012-03-08 14:55 -------- d-----w- c:\programdata\Malwarebytes
2012-03-08 14:55 . 2012-03-08 14:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-03-08 14:55 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-07 12:09 . 2012-03-07 12:09 -------- d-----w- c:\program files\Common Files\Java
2012-03-07 11:56 . 2012-03-07 11:56 -------- d-----w- c:\program files\Java
2012-03-02 02:01 . 2012-03-02 02:01 -------- d-----w- c:\windows\system32\wbem\en-US
2012-02-25 16:24 . 2011-12-30 05:27 478720 ----a-w- c:\windows\system32\timedate.cpl
2012-02-25 16:23 . 2011-12-16 07:52 690688 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-25 16:22 . 2012-01-04 08:58 442880 ----a-w- c:\windows\system32\ntshrui.dll
2012-02-20 21:49 . 2012-02-20 21:49 -------- d-----w- c:\windows\system32\SPReview
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-08 20:36 . 2011-12-20 23:45 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-07 11:56 . 2011-03-09 23:19 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-02-23 08:18 . 2011-03-09 19:31 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-02-20 22:33 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-04-14 16:43 . 2011-06-06 18:02 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-07 00:15 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 94208 ----a-w- c:\users\Carlota\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 94208 ----a-w- c:\users\Carlota\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 94208 ----a-w- c:\users\Carlota\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"HotkeyMon"="AsusSender.exe" [2010-03-03 29184]
"HotkeyService"="AsusSender.exe" [2010-03-03 29184]
"SuperHybridEngine"="AsusSender.exe" [2010-03-03 29184]
"LiveUpdate"="AsusSender.exe" [2010-03-03 29184]
"CapsHook"="AsusSender.exe" [2010-03-03 29184]
"Eee Docking"="c:\program files\ASUS\Eee Docking\Eee Docking.exe" [2010-03-29 415920]
"UfSeAgnt.exe"="c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe" [2010-02-23 1024368]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-05-25 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-05-25 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-05-25 150552]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-05-25 9177632]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-04-13 1594664]
"ASUSPRP"="c:\program files\ASUS\APRP\APRP.EXE" [2010-06-24 2018032]
"SynAsusAcpi"="c:\program files\Synaptics\SynTP\SynAsusAcpi.exe" [2010-04-13 83240]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-07 4241512]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-8-3 795936]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 AsusService;Asus Launcher Service;c:\windows\System32\AsusService.exe [2009-08-19 219136]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Servicio Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2012-03-09 136176]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-04-13 43944]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-04-13 29472]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [2010-07-27 102784]
R3 gupdatem;Servicio de Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2012-03-09 136176]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [2010-07-19 51792]
R3 tmlwf;Trend Micro NDIS 6.0 Filter Driver;c:\windows\system32\DRIVERS\tmlwf.sys [2010-04-27 146448]
R3 TmPfw;Trend Micro Personal Firewall;c:\program files\Trend Micro\Internet Security\TmPfw.exe [2010-04-27 497008]
R3 TmProxy;Trend Micro Proxy Service;c:\program files\Trend Micro\Internet Security\TmProxy.exe [2010-04-27 689416]
R3 tmwfp;Trend Micro WFP Callout Driver;c:\windows\system32\DRIVERS\tmwfp.sys [2010-04-27 283152]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
S1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [2010-06-10 11520]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-03-07 57688]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 TGCM_ImportWiFiSvc;TGCM_ImportWiFiSvc;c:\program files\Movistar\Escritorio Movistar\ImpWiFiSvc.exe [2010-09-29 200624]
S2 tmpreflt;tmpreflt;c:\windows\system32\DRIVERS\tmpreflt.sys [2010-07-30 36432]
S3 ewusbmbb;HUAWEI USB-WWAN miniport;c:\windows\system32\DRIVERS\ewusbwwan.sys [2010-12-23 353280]
S3 Huawei;HUAWEI Mobile Connect - USB Smart Card Reader;c:\windows\system32\DRIVERS\ewdcsc.sys [2010-10-08 25856]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [2011-01-13 73344]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x86.sys [2010-04-13 51712]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-10 20464]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-19 c:\windows\Tasks\DriverNavigator Scheduled Scan.job
- c:\program files\Easeware\DriverNavigator\DriverNavigator.exe [2011-03-12 10:49]
.
2012-03-16 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2012-03-08 22:31]
.
2012-03-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-03-09 00:13]
.
2012-03-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-03-09 00:13]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://homitrlz.in
IE: E&xportar a Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Carlota\AppData\Roaming\Mozilla\Firefox\Profiles\1tikthkt.default\
FF - prefs.js: browser.startup.homepage - hxxp://homitrlz.in
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-03-16 02:12:57
ComboFix-quarantined-files.txt 2012-03-16 01:12
.
Pre-Run: 70.520.647.680 bytes libres
Post-Run: 70.301.888.512 bytes libres
.
- - End Of File - - 7E4DBDED4916FCCC3A4C72C5873F8B7D


Thank you!
  • 0

#9
KatyRego
Posted 15 March 2012 - 07:25 PM

KatyRego

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
The weird box disappeared, the homitrlz.in page and the others are the same. The computer continues telling me that there are programmes working when I try to switch it off. Chrome keeps displaying the message saying that there is no disk, etc.

I guess I can reactivate the antivirus, etc. again now.

Thank you!

Carlota
  • 0

#10
Essexboy
Posted 16 March 2012 - 06:41 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK lets now remove the unknown start pages, check for orphans etc... On completion of this can you let me know what problems remain

You may need to uninstall and then reinstall chrome

I see that you also have Trend Micro, it is not a good policy to have two antivirus progrsammes, I would recommend you uninstall one of them

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

If you have Malwarebytes 1.6 or better installed please disable it for the duration of this run

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homitrlz.in
    FF - prefs.js..browser.startup.homepage: "http://homitrlz.in"
    [2010/01/01 09:00:00 | 000,003,996 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\drae.xml

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

NEXT

Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.
  • 0

#11
Essexboy
Posted 21 March 2012 - 02:14 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP