Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Scans show trojan that can't be removed

Started by thedeadlystoat , Feb 26 2011 08:12 PM

Page 3 of 8
1
2
3
4
5

This topic is locked

#31
thedeadlystoat

Posted 03 March 2011 - 02:01 AM

Member

Topic Starter
Member
73 posts

All right, I'll sign out for a moment, please stay on.

#32
thedeadlystoat

Posted 03 March 2011 - 02:09 AM

Member

Topic Starter
Member
73 posts

I'm back. I'm writing from the infected or formerly infected computer.

Here's the OTL log:

OTL logfile created on: 03/03/2011 12:55:34 a.m. - Run 3
OTL by OldTimer - Version 3.2.22.0 Folder = C:\Users\Manuel\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 0000080A | Country: México | Language: ESM | Date Format: dd/MM/yyyy

1,014.00 Mb Total Physical Memory | 485.00 Mb Available Physical Memory | 48.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 140.16 Gb Total Space | 96.73 Gb Free Space | 69.01% Space Free | Partition Type: NTFS
Drive D: | 8.89 Gb Total Space | 4.38 Gb Free Space | 49.31% Space Free | Partition Type: NTFS

Computer Name: MILAPTOP | User Name: Manuel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

========== Custom Scans ==========

< MD5 for: EXPLORER.EXE >
[2008/10/29 00:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 00:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/29 21:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\explorer.exe
[2008/10/29 21:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2007/11/14 08:20:39 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2007/11/14 08:20:38 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2008/10/27 20:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006/11/02 03:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe

< End of report >

And the ComboFix.txt (Is this what you were expecting?):

ComboFix 11-03-02.01 - Manuel 02/03/2011 22:17:47.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.52.3082.18.1014.322 [GMT -6:00]
Running from: C:\Users\Manuel\Desktop\ComboFix.exe
* Created a new restore point
.

#33
Salagubang

Posted 03 March 2011 - 02:11 AM

Trusted Helper

Malware Removal
3,891 posts

Ok. I need another OTL scan.

Run OTL again.
Click the Standard Output button at the top
Under the Custom Scan box paste this in:

/md5start
shell32.*
/md5stop
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.
When the scan completes, it will open a notepad window. Post OTL.Txt here.

#34
thedeadlystoat

Posted 03 March 2011 - 02:16 AM

Member

Topic Starter
Member
73 posts

Ah, which color is the Standard Output button? It's in Spanish and none seem to match my translation. Is it the blue one?

#35
Salagubang

Posted 03 March 2011 - 02:19 AM

Trusted Helper

Malware Removal
3,891 posts

The gray one.

#36
thedeadlystoat

Posted 03 March 2011 - 02:22 AM

Member

Topic Starter
Member
73 posts

Is it ok to leave the browser open or do I close it before the scan?

#37
Salagubang

Posted 03 March 2011 - 02:22 AM

Trusted Helper

Malware Removal
3,891 posts

Its alright to leave it open.

#38
thedeadlystoat

Posted 03 March 2011 - 02:34 AM

Member

Topic Starter
Member
73 posts

Hi I'm back

OTL logfile created on: 03/03/2011 02:24:52 a.m. - Run 3
OTL by OldTimer - Version 3.2.22.0 Folder = C:\Users\Manuel\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 0000080A | Country: México | Language: ESM | Date Format: dd/MM/yyyy

1,014.00 Mb Total Physical Memory | 468.00 Mb Available Physical Memory | 46.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 69.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 140.16 Gb Total Space | 96.72 Gb Free Space | 69.01% Space Free | Partition Type: NTFS
Drive D: | 8.89 Gb Total Space | 4.38 Gb Free Space | 49.31% Space Free | Partition Type: NTFS

Computer Name: MILAPTOP | User Name: Manuel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/02/26 00:42:02 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Manuel\Desktop\OTL.exe
PRC - [2011/02/23 09:04:19 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Archivos de programa\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/02/18 02:22:03 | 000,995,896 | ---- | M] (Google Inc.) -- C:\Archivos de programa\Google\Chrome\Application\chrome.exe
PRC - [2010/05/14 10:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) -- C:\Archivos de programa\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/08/18 10:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Archivos de programa\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2009/08/18 10:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Archivos de programa\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2006/09/29 11:38:50 | 000,081,920 | ---- | M] (Intel Corporation) -- C:\Archivos de programa\Intel\Intel Matrix Storage Manager\IAANTmon.exe

========== Modules (SafeList) ==========

MOD - [2011/02/26 00:42:02 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Manuel\Desktop\OTL.exe
MOD - [2011/02/23 09:04:17 | 000,197,208 | ---- | M] (AVAST Software) -- C:\Archivos de programa\AVAST Software\Avast\snxhk.dll
MOD - [2006/11/02 03:38:57 | 001,648,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - [2011/02/23 09:04:19 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2007/08/02 10:41:19 | 000,265,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Archivos de programa\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2006/09/29 11:38:50 | 000,081,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Archivos de programa\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®

========== Driver Services (SafeList) ==========

DRV - [2011/02/23 08:56:55 | 000,371,544 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/02/23 08:56:45 | 000,301,528 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/02/23 08:55:49 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/02/23 08:55:10 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/02/23 08:55:03 | 000,053,592 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011/02/23 08:54:55 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009/12/30 11:21:16 | 000,027,192 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\revoflt.sys -- (Revoflt)
DRV - [2007/01/17 00:38:52 | 000,983,936 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2007/01/02 02:44:30 | 000,649,216 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2006/12/18 19:12:22 | 001,786,880 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Controlador del adaptador Intel®
DRV - [2006/11/02 01:30:56 | 002,589,184 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw2v32.sys -- (NETw2v32) Controlador de conexión de red Intel®
DRV - [2006/07/06 00:44:00 | 000,168,448 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tifm21.sys -- (tifm21)
DRV - [2005/02/24 13:16:30 | 000,015,781 | R--- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\mdc8021x.sys -- (MDC8021X) AEGIS Protocol (IEEE 802.1x)
DRV - [2003/10/28 15:56:56 | 000,029,744 | ---- | M] (Service & Quality Technology.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SQCaptur.sys -- (DCamUSBSQTECH) Dual-Mode DSC(2770)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.live.com/ [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.live.com/ [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://prodigy.msn.com/
IE - HKLM\..\URLSearchHook: {9a6be539-96ea-454d-898b-61891e0844d5} - C:\Archivos de programa\Online_Radio_America\tbOnli.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.bing.com/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>

[2011/02/22 19:24:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Manuel\AppData\Roaming\mozilla\Extensions
[2009/06/05 19:52:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Manuel\AppData\Roaming\mozilla\Extensions\[email protected]
[2011/02/25 05:51:10 | 000,000,000 | ---D | M] (No name found) -- C:\Archivos de programa\Mozilla Firefox\extensions

O1 HOSTS File: ([2011/03/02 22:28:16 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Aplicación auxiliar de vínculos de Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Archivos de programa\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Archivos de programa\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Archivos de programa\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Archivos de programa\AVAST Software\Avast\aswWebRepIE.dll ()
O2 - BHO: (Aplicación auxiliar de inicio de sesión de Windows Live ID) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Archivos de programa\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Online Radio America Toolbar) - {9a6be539-96ea-454d-898b-61891e0844d5} - C:\Archivos de programa\Online_Radio_America\tbOnli.dll (Conduit Ltd.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\google\BAE.dll (Gateway Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Archivos de programa\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Archivos de programa\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Archivos de programa\AVAST Software\Avast\aswWebRepIE.dll ()
O3 - HKLM\..\Toolbar: (Online Radio America Toolbar) - {9a6be539-96ea-454d-898b-61891e0844d5} - C:\Archivos de programa\Online_Radio_America\tbOnli.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Archivos de programa\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Online Radio America Toolbar) - {9A6BE539-96EA-454D-898B-61891E0844D5} - C:\Archivos de programa\Online_Radio_America\tbOnli.dll (Conduit Ltd.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [combofix] File not found
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SMSERIAL] C:\Archivos de programa\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKCU..\Run: [WMPNSCFG] C:\Archivos de programa\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [combofix] File not found
O4 - HKLM..\RunOnceEx: [flags] Reg Error: Invalid data type. File not found
O4 - Startup: C:\Users\Manuel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Archivos de programa\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: E&xportar a Microsoft Excel - C:\Archivos de programa\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Agregar entrada - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Archivos de programa\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Agregar entrada en Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Archivos de programa\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Archivos de programa\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Archivos de programa\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Archivos de programa\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Archivos de programa\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} http://www.pandasecu...s/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} http://messenger.zon...wn.cab56986.cab (Solitaire Showdown Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} http://www.nullsoft....ayx_vp3_mp3.cab (NsvPlayX Control)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx2.hotmail....NPUpldes-mx.cab (Windows Live Hotmail Photo Upload Tool)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zon...er.cab56986.cab (Minesweeper Flags Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Archivos de programa\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Archivos de programa\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Archivos de programa\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Archivos de programa\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Archivos de programa\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Archivos de programa\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Manuel\AppData\Roaming\Microsoft\Windows Photo Gallery\Papel tapiz de Galería fotográfica de Windows.jpg
O24 - Desktop BackupWallPaper: C:\Users\Manuel\AppData\Roaming\Microsoft\Windows Photo Gallery\Papel tapiz de Galería fotográfica de Windows.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Archivos de programa\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 15:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/03/02 22:28:13 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/03/02 22:28:13 | 000,000,000 | ---D | C] -- C:\Users\Manuel\AppData\Local\temp
[2011/03/02 22:12:37 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011/03/02 22:12:37 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/03/02 22:12:37 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/03/02 22:12:37 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/03/02 22:12:27 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011/03/02 22:11:47 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/03/02 19:57:14 | 000,019,544 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2011/03/02 19:57:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2011/03/02 19:57:13 | 000,301,528 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2011/03/02 19:57:08 | 000,025,432 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2011/03/02 19:57:07 | 000,049,240 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2011/03/02 19:57:06 | 000,371,544 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2011/03/02 19:57:05 | 000,053,592 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2011/03/02 19:56:23 | 000,040,648 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/03/02 19:56:22 | 000,190,016 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2011/02/28 23:11:43 | 000,000,000 | ---D | C] -- C:\Users\Manuel\AppData\Roaming\ESET
[2011/02/28 23:11:43 | 000,000,000 | ---D | C] -- C:\Users\Manuel\AppData\Local\ESET
[2011/02/28 23:00:11 | 000,000,000 | ---D | C] -- C:\ProgramData\ESET
[2011/02/28 23:00:11 | 000,000,000 | ---D | C] -- C:\Archivos de programa\ESET
[2011/02/28 22:49:54 | 000,000,000 | ---D | C] -- C:\Users\Manuel\AppData\Roaming\VS Revo Group
[2011/02/26 02:31:33 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2011/02/26 02:31:33 | 000,000,000 | ---D | C] -- C:\Archivos de programa\AVAST Software
[2011/02/26 00:49:41 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Manuel\Desktop\OTL.exe
[2011/02/26 00:21:53 | 000,000,000 | ---D | C] -- C:\avrescue
[2011/02/25 22:34:32 | 000,000,000 | ---D | C] -- C:\Users\Manuel\AppData\Roaming\Avira
[2011/02/25 21:59:37 | 000,000,000 | ---D | C] -- C:\Users\Manuel\Desktop\GooredFix Backups
[2011/02/25 21:29:05 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/02/25 21:21:57 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/02/25 21:20:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2011/02/25 21:20:19 | 000,000,000 | ---D | C] -- C:\Archivos de programa\ERUNT
[2011/02/25 21:14:32 | 000,519,680 | ---- | C] (OldTimer Tools) -- C:\Users\Manuel\Desktop\OTM.exe
[2011/02/25 21:14:32 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Users\Manuel\Desktop\GooredFix.exe
[2011/02/24 14:13:02 | 000,000,000 | -H-D | C] -- C:\$AVG
[2011/02/24 14:06:16 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2011/02/24 14:01:09 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG10
[2011/02/24 13:59:23 | 000,000,000 | ---D | C] -- C:\Archivos de programa\AVG
[2011/02/23 20:57:41 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2011/02/23 19:58:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2011/02/23 19:58:12 | 000,000,000 | ---D | C] -- C:\Archivos de programa\Avira
[2011/02/23 14:50:42 | 000,000,000 | ---D | C] -- C:\Users\Manuel\AppData\Local\VS Revo Group
[2011/02/23 14:50:20 | 000,027,192 | ---- | C] (VS Revo Group) -- C:\Windows\System32\drivers\revoflt.sys
[2011/02/23 14:50:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
[2011/02/23 14:50:18 | 000,000,000 | ---D | C] -- C:\Archivos de programa\VS Revo Group
[2011/02/23 01:38:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011/02/23 01:35:26 | 000,000,000 | ---D | C] -- C:\Archivos de programa\CCleaner
[2011/02/22 22:41:55 | 000,000,000 | ---D | C] -- C:\Users\Manuel\AppData\Roaming\Malwarebytes
[2011/02/22 22:41:42 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/02/22 22:41:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/02/22 22:41:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/02/22 22:41:37 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/02/22 22:41:37 | 000,000,000 | ---D | C] -- C:\Archivos de programa\Malwarebytes' Anti-Malware
[2011/02/22 22:17:52 | 001,372,248 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Manuel\Desktop\tdsskiller.exe
[2011/02/22 00:16:57 | 000,000,000 | ---D | C] -- C:\Users\Manuel\dwhelper
[2011/02/08 22:33:12 | 000,000,000 | ---D | C] -- C:\PerfLogs
[2011/02/08 21:21:18 | 000,000,000 | ---D | C] -- C:\38e107bdc5e10e2e5e

========== Files - Modified Within 30 Days ==========

[2011/03/03 02:29:03 | 000,000,394 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{18D5EA73-F2B9-4043-9B23-A38431E2E374}.job
[2011/03/03 02:26:00 | 000,001,024 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/03/03 02:26:00 | 000,000,476 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{79B37A82-D378-47A7-95FE-AE69C4ADACDE}.job
[2011/03/03 01:45:56 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/03/03 01:45:56 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/03/03 00:48:58 | 000,002,007 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/03/03 00:48:30 | 000,000,998 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2011/03/03 00:46:13 | 000,001,020 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/03/03 00:45:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/03/03 00:45:46 | 1063,444,480 | -HS- | M] () -- C:\hiberfil.sys
[2011/03/02 22:28:16 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/03/02 19:57:15 | 000,001,865 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/03/02 19:57:05 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2011/03/02 19:01:46 | 004,279,013 | R--- | M] () -- C:\Users\Manuel\Desktop\ComboFix.exe
[2011/02/28 21:42:18 | 048,193,536 | ---- | M] () -- C:\Users\Manuel\Desktop\ess_nt32_esn.msi
[2011/02/26 02:23:22 | 054,078,264 | ---- | M] () -- C:\Users\Manuel\Desktop\setup_av_free_eng.exe
[2011/02/26 00:42:02 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Manuel\Desktop\OTL.exe
[2011/02/25 21:21:13 | 000,000,949 | ---- | M] () -- C:\Users\Manuel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/02/25 21:20:19 | 000,000,750 | ---- | M] () -- C:\Users\Manuel\Desktop\ERUNT.lnk
[2011/02/25 20:51:58 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Users\Manuel\Desktop\GooredFix.exe
[2011/02/25 20:51:27 | 000,519,680 | ---- | M] (OldTimer Tools) -- C:\Users\Manuel\Desktop\OTM.exe
[2011/02/23 20:44:36 | 000,052,736 | ---- | M] () -- C:\Users\Manuel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/02/23 14:50:22 | 000,001,101 | ---- | M] () -- C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
[2011/02/23 14:22:10 | 000,008,627 | ---- | M] () -- C:\Windows\System32\PAV_FOG.OPC
[2011/02/23 09:04:21 | 000,040,648 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/02/23 09:04:17 | 000,190,016 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2011/02/23 08:56:55 | 000,371,544 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2011/02/23 08:56:45 | 000,301,528 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2011/02/23 08:55:49 | 000,049,240 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2011/02/23 08:55:10 | 000,025,432 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2011/02/23 08:55:03 | 000,053,592 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2011/02/23 08:54:55 | 000,019,544 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2011/02/23 03:02:55 | 000,317,794 | ---- | M] () -- C:\Users\Manuel\Documents\cc_20110223_030234.reg
[2011/02/23 01:35:28 | 000,000,840 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/02/22 22:41:42 | 000,000,942 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/02/22 22:17:56 | 001,372,248 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Manuel\Desktop\tdsskiller.exe
[2011/02/13 09:25:43 | 000,687,582 | ---- | M] () -- C:\Windows\System32\perfh00A.dat
[2011/02/13 09:25:43 | 000,610,142 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/02/13 09:25:43 | 000,122,196 | ---- | M] () -- C:\Windows\System32\perfc00A.dat
[2011/02/13 09:25:42 | 000,103,924 | ---- | M] () -- C:\Windows\System32\perfc009.dat

========== Files Created - No Company Name ==========

[2011/03/03 00:45:46 | 1063,444,480 | -HS- | C] () -- C:\hiberfil.sys
[2011/03/02 22:12:37 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/03/02 22:12:37 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/03/02 22:12:37 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/03/02 22:12:37 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/03/02 22:12:37 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/03/02 22:07:23 | 004,279,013 | R--- | C] () -- C:\Users\Manuel\Desktop\ComboFix.exe
[2011/03/02 19:57:15 | 000,001,865 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/02/28 22:54:57 | 048,193,536 | ---- | C] () -- C:\Users\Manuel\Desktop\ess_nt32_esn.msi
[2011/02/26 02:29:32 | 054,078,264 | ---- | C] () -- C:\Users\Manuel\Desktop\setup_av_free_eng.exe
[2011/02/25 21:21:13 | 000,000,949 | ---- | C] () -- C:\Users\Manuel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/02/25 21:20:19 | 000,000,750 | ---- | C] () -- C:\Users\Manuel\Desktop\ERUNT.lnk
[2011/02/23 14:50:22 | 000,001,101 | ---- | C] () -- C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
[2011/02/23 03:02:40 | 000,317,794 | ---- | C] () -- C:\Users\Manuel\Documents\cc_20110223_030234.reg
[2011/02/23 01:38:37 | 000,002,007 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/02/23 01:35:28 | 000,000,840 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/02/22 22:41:42 | 000,000,942 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/14 02:00:24 | 000,000,680 | ---- | C] () -- C:\Users\Manuel\AppData\Local\d3d9caps.dat
[2007/12/26 20:51:22 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2007/12/21 13:20:50 | 000,015,781 | R--- | C] () -- C:\Windows\System32\drivers\mdc8021x.sys
[2007/12/13 21:13:57 | 000,000,021 | ---- | C] () -- C:\Windows\progman.ini
[2007/12/13 21:13:44 | 000,000,064 | ---- | C] () -- C:\Windows\swcmpc.ini
[2007/08/02 10:33:51 | 000,003,584 | ---- | C] () -- C:\Windows\System32\k.dll
[2007/07/19 17:36:46 | 000,052,736 | ---- | C] () -- C:\Users\Manuel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/04/19 19:05:52 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1147.dll
[2007/04/19 19:05:52 | 000,053,248 | ---- | C] () -- C:\Windows\System32\oemdspif.dll
[2007/04/19 19:05:49 | 000,077,824 | ---- | C] () -- C:\Windows\System32\hccutils.dll
[2007/04/19 19:05:48 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2006/11/22 00:00:37 | 000,352,256 | ---- | C] () -- C:\Windows\System32\HotlineClient.exe
[2006/11/02 09:46:21 | 000,687,582 | ---- | C] () -- C:\Windows\System32\perfh00A.dat
[2006/11/02 09:46:21 | 000,336,930 | ---- | C] () -- C:\Windows\System32\perfi00A.dat
[2006/11/02 09:46:21 | 000,122,196 | ---- | C] () -- C:\Windows\System32\perfc00A.dat
[2006/11/02 09:46:21 | 000,040,258 | ---- | C] () -- C:\Windows\System32\perfd00A.dat
[2006/11/02 06:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 06:47:37 | 000,380,168 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 06:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 04:33:01 | 000,610,142 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 04:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 04:33:01 | 000,103,924 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 04:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 04:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006/11/02 04:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 02:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 02:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 01:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 01:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/11/02 01:22:43 | 000,099,999 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2006/11/02 01:22:43 | 000,018,271 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin

========== Custom Scans ==========

< MD5 for: SHELL32.DLL >
[2011/01/21 09:04:53 | 011,587,584 | ---- | M] (Microsoft Corporation) MD5=028EF93B746FF370DFE35711A7569647 -- C:\Windows\SoftwareDistribution\Download\a65023643b88a4a439228510a0a9e613\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6001.22839_none_6c9b67c92b29b17c\shell32.dll
[2011/01/21 09:46:32 | 011,582,464 | ---- | M] (Microsoft Corporation) MD5=048B65EC931A39A5F42016BE04775274 -- C:\Windows\SoftwareDistribution\Download\a65023643b88a4a439228510a0a9e613\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6001.18588_none_6bdab74c123589c2\shell32.dll
[2006/11/02 03:46:13 | 011,314,688 | ---- | M] (Microsoft Corporation) MD5=0A8317FF6D77DA369C34F88693373A6C -- C:\Windows\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6000.16386_none_69f268e21510dceb\shell32.dll
[2011/01/21 10:27:57 | 011,588,096 | ---- | M] (Microsoft Corporation) MD5=221565A0217045A61D179B438BC4AC8A -- C:\Windows\SoftwareDistribution\Download\a65023643b88a4a439228510a0a9e613\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6002.22574_none_6e51988f2874f7b1\shell32.dll
[2011/01/21 10:35:22 | 011,586,048 | ---- | M] (Microsoft Corporation) MD5=33AE914C24F546AABF281BA7B138186D -- C:\Windows\SoftwareDistribution\Download\a65023643b88a4a439228510a0a9e613\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6002.18393_none_6db159bc0f68794b\shell32.dll
[2008/04/23 22:40:28 | 011,319,808 | ---- | M] (Microsoft Corporation) MD5=3D58E32AA9A5C7F408D97675C81C9AED -- C:\Windows\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6000.20822_none_6ab8eba52e01644f\shell32.dll
[2008/11/06 06:59:27 | 011,582,976 | ---- | M] (Microsoft Corporation) MD5=4A21B11997C1F14D8707C8C501CA59A7 -- C:\Windows\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6001.22303_none_6cb5cc532b16d3dc\shell32.dll
[2008/11/06 06:59:14 | 011,320,832 | ---- | M] (Microsoft Corporation) MD5=4F72C8F593AAB1B83FB5D62CBFBB51F9 -- C:\Windows\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6000.20951_none_6a977d7d2e1a9bf2\shell32.dll
[2008/11/06 07:14:25 | 011,580,928 | ---- | M] (Microsoft Corporation) MD5=5D62692EEB77E32F67A966F1BDEB551B -- C:\Windows\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6001.18167_none_6bef4f42122643ed\shell32.dll
[2008/04/23 22:58:20 | 011,580,416 | ---- | M] (Microsoft Corporation) MD5=61509AF47F663A6EA941492ED181D60C -- C:\Windows\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6001.18062_none_6bea4bea122ac813\shell32.dll
[2007/09/22 20:16:45 | 011,315,200 | ---- | M] (Microsoft Corporation) MD5=7BA541CD1EAFB4D38DBA594FCF611A62 -- C:\Windows\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6000.20628_none_6abee9952dfc020b\shell32.dll
[2008/04/23 22:45:45 | 011,581,440 | ---- | M] (Microsoft Corporation) MD5=82A0A2AB2C637C11F28C1E37F76A284E -- C:\Windows\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6001.22166_none_6c77e9dd2b44cd39\shell32.dll
[2007/09/22 20:16:38 | 011,315,200 | ---- | M] (Microsoft Corporation) MD5=AF54933386F459CEC04AC91C49423B25 -- C:\Windows\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6000.16513_none_6a3b1b4414dac79d\shell32.dll
[2008/04/23 22:51:39 | 011,315,712 | ---- | M] (Microsoft Corporation) MD5=FF37AF2D5DCAFC00BC46AF07B53699B0 -- C:\Windows\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6000.16680_none_69ec6cd815163c56\shell32.dll
[2008/11/06 06:57:06 | 011,315,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\shell32.dll
[2008/11/06 06:57:06 | 011,315,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6000.16774_none_69fb3fd2150a82e8\shell32.dll

< MD5 for: SHELL32.DLL.MUI >
[2008/04/24 00:37:56 | 000,655,360 | ---- | M] (Microsoft Corporation) MD5=6A646F124780F20359575817FBA329B6 -- C:\Windows\winsxs\x86_microsoft-windows-shell32.resources_31bf3856ad364e35_6.0.6000.20822_es-es_5804e444f5080c29\shell32.dll.mui
[2008/11/06 07:49:30 | 000,655,360 | ---- | M] (Microsoft Corporation) MD5=C9B31C39E727A6C1F572B45504AAAEE7 -- C:\Windows\winsxs\x86_microsoft-windows-shell32.resources_31bf3856ad364e35_6.0.6000.20951_es-es_57e3761cf52143cc\shell32.dll.mui
[2006/11/02 09:41:15 | 000,655,360 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\es-ES\shell32.dll.mui
[2006/11/02 09:41:15 | 000,655,360 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-shell32.resources_31bf3856ad364e35_6.0.6000.16386_es-es_573e6181dc1784c5\shell32.dll.mui

========== Alternate Data Streams ==========

@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:07BF512B

< End of report >

#39
Salagubang

Posted 03 March 2011 - 02:39 AM

Trusted Helper

Malware Removal
3,891 posts

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL


:Services

:Reg

:Files
C:\Windows\System32\shell32.dll|C:\Windows\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6000.16680_none_69ec6cd815163c56\shell32.dll /replace

:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

#40
thedeadlystoat

Posted 03 March 2011 - 02:44 AM

Member

Topic Starter
Member
73 posts

All right, the boxes that were checked when I pressed the gray button are still checked, is that ok?

#41
Salagubang

Posted 03 March 2011 - 02:46 AM

Trusted Helper

Malware Removal
3,891 posts

Yes, be sure to click on the Red Button that says Run Fix after you have copied the script inside.

#42
thedeadlystoat

Posted 03 March 2011 - 02:48 AM

Member

Topic Starter
Member
73 posts

Ok, I'll log in from the other computer.

#43
thedeadlystoat

Posted 03 March 2011 - 03:07 AM

Member

Topic Starter
Member
73 posts

Hi, I'm writing from the healthy computer.

When the ailing computer restarted after the running the fix, it went to black background and the ordinal 874 message again.
When I tried to open OTL with the Task Manager it opened instead a txt titled 03032011_024850 which is some kind of log.
Should I try to open OTL again? Do you want that log?

#44
Salagubang

Posted 03 March 2011 - 03:09 AM

Trusted Helper

Malware Removal
3,891 posts

Yes, please post the log.

#45
thedeadlystoat

Posted 03 March 2011 - 03:14 AM

Member

Topic Starter
Member
73 posts

Here it is:

All processes killed
========== OTL ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
Unable to replace file: C:\Windows\System32\shell32.dll with C:\Windows\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6000.16680_none_69ec6cd815163c56\shell32.dll without a reboot.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administracion
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: José Luis
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Manuel
->Temp folder emptied: 16896 bytes
->Temporary Internet Files folder emptied: 166623 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 10351421 bytes
->Flash cache emptied: 343 bytes

User: Marisa
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 78354 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 10.00 mb

[EMPTYFLASH]

User: Administracion
->Flash cache emptied: 0 bytes

User: All Users

User: Default

User: Default User

User: José Luis
->Flash cache emptied: 0 bytes

User: Manuel
->Flash cache emptied: 0 bytes

User: Marisa
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.22.0 log created on 03032011_024850

Files\Folders moved on Reboot...
File\Folder C:\Users\Manuel\AppData\Local\Temp\~DF278D.tmp not found!
File\Folder C:\Users\Manuel\AppData\Local\Temp\~DF279B.tmp not found!

Registry entries deleted on Reboot...

And what about OTL and the Quick Scan?