Author Topic: Trojan problem (Read 19719 times)

Haolit · « **on:** April 06, 2010, 12:21:36 AM »

Hi, I have a problem with a trojan, I need help. I have atached 3 log. I use Win XP, SP3, Avast. What is the next step??? What aditional information do you need???
Thank you.

Haolit

[recovering disk space - old attachment deleted by admin]

Dr Jay · « **Reply #1 on:** April 06, 2010, 12:36:34 AM »

Please visit this webpage for a tutorial on downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

See the area: Using ComboFix, and when done, post the log back here.

Haolit · « **Reply #2 on:** April 06, 2010, 01:13:54 AM »

Here is the log
ComboFix 10-04-05.03 - Administrador 06/04/2010 3:03.1.2 - x86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.3.1252.56.3082.18.1534.1116 [GMT -4:00]
Running from: c:\documents and settings\Administrador.CALVARADO\Mis documentos\Descargas\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100405-1] *On-access scanning enabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\recycler\S-1-5-21-0763445720-6110516455-139892046-4229
c:\recycler\S-1-5-21-3613294159-4829263743-363699857-6829
c:\recycler\S-1-5-21-3842371243-6064866226-112488581-7905
c:\recycler\S-1-5-21-3963127534-9782629057-241250117-3082
c:\recycler\S-1-5-21-4100749709-0715497217-828698057-7725
c:\recycler\S-1-5-21-4572308777-1493338079-475869265-8980
c:\recycler\S-1-5-21-5016825886-3496741119-740450265-9894
c:\recycler\S-1-5-21-5402473188-8882146294-508880580-6799
c:\recycler\S-1-5-21-5639114640-9212570161-131058221-9372
c:\recycler\S-1-5-21-57989841-602609370-839522115-500
c:\recycler\S-1-5-21-6052980381-7114198463-688817404-9925
c:\recycler\S-1-5-21-7891921027-9884477698-796941104-6749
c:\recycler\S-1-5-21-9327904052-9010180586-483362182-0231
c:\windows\system32\drivers\1028_DELL_XPS_MM061 .MRK
c:\windows\system32\drivers\DELL_XPS_MM061 .MRK
c:\windows\system32\drivers\npf.sys
c:\windows\system32\Packet.dll
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Service_NPF

((((((((((((((((((((((((( Files Created from 2010-03-06 to 2010-04-06 )))))))))))))))))))))))))))))))
.

2010-04-06 06:59 . 2009-06-30 13:37   28552   ----a-w-   c:\windows\system32\drivers\pavboot.sys
2010-04-06 06:28 . 2010-04-06 06:28   --------   d-sh--w-   c:\documents and settings\Administrador.CALVARADO\IECompatCache
2010-04-06 06:27 . 2010-04-06 06:27   --------   d-sh--w-   c:\documents and settings\Administrador.CALVARADO\PrivacIE
2010-04-06 06:08 . 2010-04-06 06:08   --------   d-----w-   c:\archivos de programa\Trend Micro
2010-04-06 05:56 . 2010-04-06 05:56   --------   d-----w-   c:\documents and settings\Administrador.CALVARADO\Datos de programa\Malwarebytes
2010-04-06 05:56 . 2010-03-30 04:46   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-06 05:56 . 2010-04-06 05:56   --------   d-----w-   c:\documents and settings\All Users.WINDOWS\Datos de programa\Malwarebytes
2010-04-06 05:56 . 2010-04-06 05:56   --------   d-----w-   c:\archivos de programa\Malwarebytes' Anti-Malware
2010-04-06 05:56 . 2010-03-30 04:45   20824   ----a-w-   c:\windows\system32\drivers\mbam.sys
2010-04-06 04:42 . 2010-04-06 04:42   --------   d-----w-   c:\documents and settings\Administrador.CALVARADO\Datos de programa\skypePM
2010-04-06 04:41 . 2010-04-06 05:33   --------   d-----w-   c:\documents and settings\Administrador.CALVARADO\Datos de programa\Skype
2010-04-06 04:32 . 2010-04-06 04:32   52224   ----a-w-   c:\documents and settings\Administrador.CALVARADO\Datos de programa\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-04-06 04:32 . 2010-04-06 04:32   117760   ----a-w-   c:\documents and settings\Administrador.CALVARADO\Datos de programa\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-04-06 04:31 . 2010-04-06 04:31   --------   d-----w-   c:\documents and settings\All Users.WINDOWS\Datos de programa\SUPERAntiSpyware.com
2010-04-06 04:31 . 2010-04-06 04:31   --------   d-----w-   c:\documents and settings\Administrador.CALVARADO\Datos de programa\SUPERAntiSpyware.com
2010-04-06 04:18 . 2010-04-06 04:18   --------   d-sh--w-   c:\documents and settings\Administrador.CALVARADO\IETldCache
2010-04-06 04:16 . 2010-04-06 04:25   --------   d-----w-   c:\archivos de programa\Archivos comunes\Wise Installation Wizard
2010-04-06 04:03 . 2010-04-06 04:03   --------   d-----w-   c:\archivos de programa\CCleaner
2010-04-06 03:25 . 2010-04-06 03:26   --------   dc-h--w-   c:\windows\ie8
2010-04-06 03:24 . 2010-04-06 03:24   --------   d-----w-   c:\windows\LastGood
2010-04-06 01:36 . 2010-04-06 01:36   --------   d-----w-   c:\archivos de programa\Panda Security
2010-04-06 01:33 . 2010-04-06 03:06   --------   d-----w-   c:\documents and settings\Christian Alvarado G\Datos de programa\QuickScan
2010-04-06 01:33 . 2010-03-30 23:35   670696   ----a-w-   c:\documents and settings\Christian Alvarado G\Datos de programa\Mozilla\Firefox\Profiles\8rxvfe3v.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
2010-04-06 01:33 . 2010-03-30 23:34   833448   ----a-w-   c:\documents and settings\Christian Alvarado G\Datos de programa\Mozilla\Firefox\Profiles\8rxvfe3v.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
2010-04-05 22:30 . 2010-04-05 22:30   --------   d-----w-   c:\archivos de programa\Archivos comunes\Java
2010-04-05 22:30 . 2010-04-05 22:30   503808   ----a-w-   c:\documents and settings\Christian Alvarado G\Datos de programa\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-4411477b-n\msvcp71.dll
2010-04-05 22:30 . 2010-04-05 22:30   499712   ----a-w-   c:\documents and settings\Christian Alvarado G\Datos de programa\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-4411477b-n\jmc.dll
2010-04-05 22:30 . 2010-04-05 22:30   348160   ----a-w-   c:\documents and settings\Christian Alvarado G\Datos de programa\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-4411477b-n\msvcr71.dll
2010-04-05 22:30 . 2010-04-05 22:30   61440   ----a-w-   c:\documents and settings\Christian Alvarado G\Datos de programa\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-1d94c426-n\decora-sse.dll
2010-04-05 22:30 . 2010-04-05 22:30   12800   ----a-w-   c:\documents and settings\Christian Alvarado G\Datos de programa\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-1d94c426-n\decora-d3d.dll
2010-03-30 19:43 . 2010-03-30 19:43   --------   d-----w-   c:\archivos de programa\Archivos comunes\Skype
2010-03-21 16:57 . 2010-03-21 16:57   --------   d-----w-   c:\archivos de programa\Garmin
2010-03-21 16:57 . 2010-03-21 16:57   --------   d-----w-   c:\documents and settings\All Users.WINDOWS\Datos de programa\GARMIN
2010-03-21 16:57 . 2010-03-21 16:57   --------   d-----w-   c:\documents and settings\All Users.WINDOWS\GARMIN
2010-03-21 16:56 . 2010-03-26 02:13   --------   d-----w-   C:\Garmin
2010-03-21 08:20 . 2010-03-21 13:01   --------   d-----w-   c:\documents and settings\Christian Alvarado G\Datos de programa\Download Manager
2010-03-21 08:12 . 2010-03-27 07:31   --------   d-----w-   c:\documents and settings\Christian Alvarado G\Datos de programa\GARMIN
2010-03-12 13:32 . 2010-03-12 13:32   --------   d-----w-   c:\archivos de programa\QuickTime
2010-03-11 02:06 . 2009-10-23 15:28   3558912   -c----w-   c:\windows\system32\dllcache\moviemk.exe
2010-03-09 00:02 . 2010-03-09 00:02   152576   ----a-w-   c:\documents and settings\Christian Alvarado G\Datos de programa\Sun\Java\jre1.6.0_17\lzma.dll
2010-03-08 02:46 . 2010-03-08 02:46   --------   d-----w-   c:\windows\system32\custom matrices
2010-03-08 02:46 . 2010-03-08 02:46   --------   d-----w-   c:\windows\system32\C2MP
2010-03-08 02:46 . 2010-03-08 02:46   --------   d-----w-   c:\windows\system32\QuickTime

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-06 06:31 . 2008-10-07 08:03   1324   ----a-w-   c:\windows\system32\d3d9caps.dat
2010-04-06 05:54 . 2002-09-24 08:00   91564   ----a-w-   c:\windows\system32\perfc00A.dat
2010-04-06 05:54 . 2002-09-24 08:00   508254   ----a-w-   c:\windows\system32\perfh00A.dat
2010-04-06 02:22 . 2009-06-13 16:51   --------   d-----w-   c:\documents and settings\Christian Alvarado G\Datos de programa\Skype
2010-04-06 02:14 . 2009-06-13 16:53   --------   d-----w-   c:\documents and settings\Christian Alvarado G\Datos de programa\skypePM
2010-04-06 01:43 . 2009-03-22 00:18   --------   d-----w-   c:\documents and settings\Christian Alvarado G\Datos de programa\Orbit
2010-04-05 22:29 . 2009-03-04 22:02   --------   d-----w-   c:\archivos de programa\Java
2010-04-02 04:04 . 2010-01-15 05:15   --------   d-----w-   c:\documents and settings\Christian Alvarado G\Datos de programa\Babylon
2010-03-09 08:28 . 2009-03-04 22:02   411368   ----a-w-   c:\windows\system32\deploytk.dll
2010-03-08 23:57 . 2009-11-11 00:00   79488   ----a-w-   c:\documents and settings\Christian Alvarado G\Datos de programa\Sun\Java\jre1.6.0_17\gtapi.dll
2010-03-07 19:02 . 2009-05-21 23:35   --------   d-----w-   c:\archivos de programa\NCH Swift Sound
2010-03-06 23:40 . 2009-06-13 16:04   --------   d-----w-   c:\documents and settings\All Users.WINDOWS\Datos de programa\Apple Computer
2010-03-01 05:06 . 2010-03-01 05:06   0   ----a-w-   c:\windows\nsreg.dat
2010-02-27 05:33 . 2010-02-27 05:33   2348   ----a-w-   c:\windows\checkip.dat
2010-02-27 05:29 . 2010-02-27 05:29   2113   ----a-w-   c:\windows\ipconfig.dat
2010-02-23 03:10 . 2010-02-23 03:10   --------   d-----w-   c:\archivos de programa\Makayama Interactive
2010-02-23 01:26 . 2010-02-23 01:26   --------   d-----w-   c:\documents and settings\Administrador\Datos de programa\Intel
2010-02-23 01:26 . 2010-02-23 01:26   --------   d-----w-   c:\documents and settings\Default User\Datos de programa\Intel
2010-02-23 01:26 . 2010-04-06 04:17   --------   d-----w-   c:\documents and settings\Administrador.CALVARADO\Datos de programa\Intel
2010-02-23 01:26 . 2010-02-23 01:26   --------   d-----w-   c:\documents and settings\LocalService.NT AUTHORITY\Datos de programa\Intel
2010-02-23 01:26 . 2010-02-23 01:26   --------   d-----w-   c:\documents and settings\Default User.WINDOWS\Datos de programa\Intel
2010-02-23 01:26 . 2010-02-23 01:26   --------   d-----w-   c:\documents and settings\NetworkService.NT AUTHORITY\Datos de programa\Intel
2010-02-23 01:25 . 2010-02-23 01:25   --------   d-----w-   c:\archivos de programa\Archivos comunes\Intel
2010-02-23 01:25 . 2008-10-07 02:16   --------   d-----w-   c:\archivos de programa\Intel
2010-02-23 01:23 . 2008-10-07 06:15   376832   ----a-w-   c:\windows\system32\AegisI5Installer.exe
2010-02-23 01:22 . 2010-02-23 01:22   --------   d-----w-   c:\documents and settings\All Users.WINDOWS\Datos de programa\Intel
2010-02-23 01:22 . 2010-02-23 01:22   --------   d-----w-   c:\documents and settings\Christian Alvarado G\Datos de programa\Intel
2010-02-23 01:16 . 2010-02-23 01:16   --------   d-----w-   c:\archivos de programa\SystemRequirementsLab
2010-02-14 04:09 . 2009-03-22 00:18   --------   d-----w-   c:\archivos de programa\Orbitdownloader
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\archivos de programa\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="c:\archivos de programa\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"SynTPEnh"="c:\archivos de programa\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"dellsupportcenter"="c:\archivos de programa\Dell Support Center\bin\sprtcmd.exe" [2008-08-26 206064]
"ATICCC"="c:\archivos de programa\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"Acrobat Assistant 7.0"="c:\archivos de programa\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 483328]
"Babylon Client"="c:\archivos de programa\Babylon\Babylon-Pro\Babylon.exe" [2010-02-17 3738856]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-03 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"IntelZeroConfig"="c:\archivos de programa\Intel\WiFi\bin\ZCfgSvc.exe" [2009-11-03 1372160]
"IntelWireless"="c:\archivos de programa\Archivos comunes\Intel\WirelessCommon\iFrmewrk.exe" [2009-11-03 1202448]
"QuickTime Task"="c:\archivos de programa\QuickTime\qttask.exe" [2010-03-12 417792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users.WINDOWS\Men£ Inicio\Programas\Inicio\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-F400-7760-000000000002}\SC_Acrobat.exe [2009-10-4 25214]
BTTray.lnk - c:\archivos de programa\WIDCOMM\Bluetooth Software\BTTray.exe [2006-5-24 622653]
VPN Client.lnk - c:\windows\Installer\{3E5562ED-69AB-4CEC-91E2-64E18EC5ACC6}\Icon3E5562ED7.ico [2009-1-6 6144]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Archivos de programa\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Archivos de programa\\Orbitdownloader\\orbitdm.exe"=
"c:\\Archivos de programa\\Orbitdownloader\\orbitnet.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Archivos de programa\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Archivos de programa\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Archivos de programa\\Skype\\Phone\\Skype.exe"=

S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [06-04-2010 2:59 28552]
S1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [26-11-2009 21:49 114768]
S1 SASDIFSV;SASDIFSV;c:\documents and settings\Administrador.CALVARADO\Escritorio\Nueva carpeta\sasdifsv.sys [17-02-2010 11:25 12872]
S1 SASKUTIL;SASKUTIL;c:\documents and settings\Administrador.CALVARADO\Escritorio\Nueva carpeta\SASKUTIL.SYS [17-02-2010 11:15 66632]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [26-11-2009 21:49 20560]
S3 SASENUM;SASENUM;c:\documents and settings\Administrador.CALVARADO\Escritorio\Nueva carpeta\SASENUM.SYS [17-02-2010 11:15 12872]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{06f74d76-0103-11de-b673-0016cffd37b6}]
\Shell\AutoRun\command - E:\p.exe
\Shell\open\Command - E:\p.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0a76e0bd-cdd0-11dd-b5ed-0016cffd37b6}]
\Shell\AutoRun\command - E:\dll32.exe
\Shell\open\command - E:\dll32.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0d2b414c-f3ee-11dd-b647-0016cffd37b6}]
\Shell\AutoRun\command - e:\recycler\S-1-6-21-2434476501-1644491937-600003330-1213\application.exe
\Shell\open\command - e:\recycler\S-1-6-21-2434476501-1644491937-600003330-1213\application.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6cd4c238-7410-11de-bbd2-0016cffd37b6}]
\Shell\AutoRun\command - E:\p.exe
\Shell\open\Command - E:\p.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8f338f1e-c283-11de-bc65-0016cffd37b6}]
\Shell\AutoRun\command - e:\usbvault\us.exe
\Shell\explore\command - E:\USBVAULT/us.exe
\Shell\open\command - E:\USBVAULT/us.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8f338f23-c283-11de-bc65-0016cffd37b6}]
\Shell\AutoRun\command - e:\usbvault\us.exe
\Shell\explore\command - E:\USBVAULT/us.exe
\Shell\open\command - E:\USBVAULT/us.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a75b6d08-f84c-11dd-b65c-0016cffd37b6}]
\Shell\AutoRun\command - e:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013\iuhx32.exe
\Shell\open\command - e:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013\iuhx32.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b5d6b049-f37f-11dd-b642-0016cffd37b6}]
\Shell\AutoRun\command - e:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013\iuhx32.exe
\Shell\open\command - e:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013\iuhx32.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c40a298a-ccf9-11dd-b5ea-0016cffd37b6}]
\Shell\AutoRun\command - E:\dll32.exe
\Shell\open\command - E:\dll32.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e16962e0-cd79-11dd-b5ec-0016cffd37b6}]
\Shell\Auto\command - fun.xls.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e785a9b5-b9ef-11de-bc5a-0016cffd37b6}]
\Shell\AutoRun\command - e:\usbvault\us.exe
\Shell\explore\command - E:\USBVAULT/us.exe
\Shell\open\command - E:\USBVAULT/us.exe
.
Contents of the 'Scheduled Tasks' folder

2010-03-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\archivos de programa\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2010-04-06 c:\windows\Tasks\User_Feed_Synchronization-{8534CEFE-172B-4663-B5AF-2D4B3D2F6C6E}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>
IE: &Download by Orbit - c:\archivos de programa\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\archivos de programa\Orbitdownloader\orbitmxt.dll/204
IE: Convert link target to Adobe PDF - c:\archivos de programa\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\archivos de programa\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\archivos de programa\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\archivos de programa\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\archivos de programa\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\archivos de programa\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\archivos de programa\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\archivos de programa\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Do&wnload selected by Orbit - c:\archivos de programa\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\archivos de programa\Orbitdownloader\orbitmxt.dll/202
IE: E&xportar a Microsoft Excel - c:\archiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Enviar a &Bluetooth - c:\archivos de programa\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Translate this web page with Babylon - c:\archivos de programa\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
IE: Translate with Babylon - c:\archivos de programa\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
IE: {{F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://c:\archivos de programa\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
IE: {{898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\archivos de programa\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.1.0/GarminAxControl.CAB
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://systemrequirementslab.com.s3.amazonaws.com/iduu/bin/srldetect_intel.cab
FF - ProfilePath - c:\documents and settings\Christian Alvarado G\Datos de programa\Mozilla\Firefox\Profiles\8rxvfe3v.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\documents and settings\Christian Alvarado G\Datos de programa\Mozilla\Firefox\Profiles\8rxvfe3v.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
FF - plugin: c:\archivos de programa\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\archivos de programa\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\documents and settings\Christian Alvarado G\Datos de programa\Mozilla\Firefox\Profiles\8rxvfe3v.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\archivos de programa\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\archivos de programa\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\archivos de programa\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\archivos de programa\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut. enabled", true);
c:\archivos de programa\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\archivos de programa\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\archivos de programa\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\archivos de programa\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\archivos de programa\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\archivos de programa\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\archivos de programa\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\archivos de programa\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\archivos de programa\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\archivos de programa\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\archivos de programa\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\archivos de programa\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\archivos de programa\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\archivos de programa\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\archivos de programa\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\archivos de programa\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\archivos de programa\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\archivos de programa\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\archivos de programa\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\archivos de programa\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\archivos de programa\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\archivos de programa\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\archivos de programa\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugi n", false);
c:\archivos de programa\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\archivos de programa\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\archivos de programa\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\archivos de programa\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\archivos de programa\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-mshghldj - c:\documents and settings\Christian Alvarado G\Configuración local\Datos de programa\pmwslvqdb\oavbxcwtssd.exe
AddRemove-HijackThis - c:\archivos de programa\Trend Micro\HijackThis\HijackThis.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-06 03:09
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-682003330-1708537768-2146786535-1004\Software\Microsoft\Driver Signing]
@Denied: (2) (Administrators)
@Allowed: (2) (Administrators)
"Policy"=dword:00000000

[HKEY_USERS\S-1-5-21-682003330-1708537768-2146786535-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{15BA95FC-C57A-D504-ED1F-F870E675ED7F}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,79,00,73,00,\

[HKEY_LOCAL_MACHINE\software\Microsoft\Driver Signing]
@Denied: (2) (Administrators)
@Allowed: (2) (Administrators)
"Policy"=hex:00,00,00,00

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*]
"A0C0110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1176)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\netprovcredman.dll

- - - - - - - > 'explorer.exe'(212)
c:\archiv~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\netprovcredman.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\mmfinfo.dll
c:\windows\system32\mkunicode.dll
c:\archivos de programa\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
.
Completion time: 2010-04-06 03:14:05 - machine was rebooted
ComboFix-quarantined-files.txt 2010-04-06 07:14

Pre-Run: 29.449.027.584 bytes libres
Post-Run: 30.080.487.424 bytes libres

- - End Of File - - 8993EC2020650CACC928B13BAAF0FA09

Dr Jay · « **Reply #3 on:** April 06, 2010, 01:07:29 PM »

Please copy and paste the logs to the forum, instead of attaching them.

Quote

AV: avast! antivirus 4.8.1368 [VPS 100405-1] *On-access scanning enabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

ComboFix did not warn you to disable your antivirus? Also, I see you have not gotten the Recovery Console installed. Do you have Internet access?

==========================

Please start Internet Explorer, and when the program is open, click on the Tools menu and then select Internet Options.

Now click on the Connections tab and then the Lan Settings button
Under the Proxy Server section, please uncheck the checkbox labeled Use a proxy server for your LAN. Then press the OK button to close this screen. Then press the Apply button and then the OK button to close the Internet Options screen. Now that you have disabled the proxy server you will be able to browse the web again with Internet Explorer.

==========================

Download OTL to your Desktop

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Under the Custom Scan box paste this in

%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\*.exe /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%SYSTEMDRIVE%\*.*
%PROGRAMFILES%\*.
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
disk.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
adp3132.sys
mv61xx.sys
usbstor.sys
/md5stop
CREATERESTOREPOINT
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) and paste (Edit->Paste) the contents of these files, one at a time

Haolit · « **Reply #4 on:** April 06, 2010, 03:59:32 PM »

Hi, Yes, I have acces to internet, but I'm working in "modo a prueba de errores" I don't know how you say in english... mistake mode?? with red access?. Here are the first files (extras), the other one is too large (The message exceeds the maximum allowed length (50000 characters)), and I have attached the file

thank.

OTL Extras logfile created on: 06-04-2010 17:41:40 - Run 1
OTL by OldTimer - Version 3.2.1.0 Folder = C:\Documents and Settings\Christian Alvarado G\Escritorio
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000340A | Country: Chile | Language: ESL | Date Format: dd-MM-yyyy

1,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 81,00% Memory free
3,00 Gb Paging File | 3,00 Gb Available in Paging File | 96,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Archivos de programa
Drive C: | 70,07 Gb Total Space | 28,04 Gb Free Space | 40,01% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CALVARADO
Current User Name: Christian Alvarado G
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Archivos de programa\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Archivos de programa\MSN Messenger\livecall.exe" = C:\Archivos de programa\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found
"C:\Archivos de programa\Windows Live\Messenger\wlcsdk.exe" = C:\Archivos de programa\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Archivos de programa\Windows Live\Messenger\wlcsdk.exe" = C:\Archivos de programa\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Archivos de programa\Orbitdownloader\orbitdm.exe" = C:\Archivos de programa\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Archivos de programa\Orbitdownloader\orbitnet.exe" = C:\Archivos de programa\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Herramienta de carga de Windows Live
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java(TM) 6 Update 19
"{350C9C0A-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{38A0481D-544D-4C01-BB32-39332391D012}" = Windows Live Call
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3E5562ED-69AB-4CEC-91E2-64E18EC5ACC6}" = Cisco Systems VPN Client 4.0.3 (C)
"{3F4EC965-28EF-45C3-B063-04B25D4E9679}" = WIDCOMM Bluetooth Software
"{405C32CF-9C6F-49B3-9436-3F5FDBE7B3CE}" = Microsoft .NET Framework 2.0 Language Pack - ESN
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{612B9183-67A9-4B44-9877-2F059E35B86A}" = Broadcom 440x 10/100 Integrated Controller
"{6869591A-7DD8-46D2-837F-57CBF7358955}" = Nokia Connectivity Cable Driver
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6E0352EE-6F0D-4FBC-B1B8-4FF032C78BE0}" = PC Connectivity Solution
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7593234B-2AEB-4FC9-B02D-C9B30D86084C}" = Windows Live Asistente para el inicio de sesión
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{82CE6B7B-9665-4E29-8CE0-DD993484B38D}" = Software Intel(R) PROSet/Wireless WiFi
"{83169D43-4660-4347-BC95-E9D6E6BE65CE}" = Microsoft .NET Framework 1.1 Spanish Language Pack
"{83EC8AE9-53A6-474D-95AF-8F5116CC9C4E}" = 3D Home Architect Design Suite Deluxe 8
"{84DDA651-FA15-4DF2-8AE8-E98FA329B1CD}" = System Requirements Lab for Intel
"{8F94D5AC-C1C6-432D-8924-2F5EEBC28446}" = Windows Live Essentials
"{90110C0A-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0C0A-0000-0000000FF1CE}" = Paquete de compatibilidad para 2007 Office system
"{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}" = Nokia PC Suite
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A02ED372-22FA-448B-AB6A-1B0FC23B7D08}" = ATI Catalyst Control Center
"{A1EFAC47-885A-4E74-AAA4-8B56B71B706A}" = Garmin City Navigator North America NT 2010.40
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2172ACA-FFA8-4808-BD20-08565C7390F9}" = OGA Notifier 1.7.0105.35.0
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{AC76BA86-1033-F400-7760-000000000002}" = Adobe Acrobat 7.0 Professional - English, Français, Deutsch
"{AC76BA86-7AD7-1034-7B44-A91000000001}" = Adobe Reader 9.1.3 - Español
"{AEB9948B-4FF2-47C9-990E-47014492A0FE}" = MSXML 6.0 Parser
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{C99C0593-3B48-41D9-B42F-6E035B320449}" = Broadcom Management Programs
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Software de asistencia)
"{E75EDE9E-77DF-4B97-A7CE-5C2C39ACC406}" = MediaHeal for Flash
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F2FFEEAA-0B48-4342-9B67-12ABB0B58F24}" = Windows Live Messenger
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"05B59228C7E1C21DFBE89260F879BD95880548D 8" = Paquete de controladores de Windows - Nokia Modem (10/05/2009 4.2)
"4569969E1360D2854474C661EF9B4D54F143EB1 6" = Paquete de controladores de Windows - Ricoh Company (rimsptsk) hdc (11/14/2006 6.00.01.04)
"504244733D18C8F63FF584AEB290E3904E79169 3" = Paquete de controladores de Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"8CDCFB95BB84DD9C0F88F22266A0CA86035E55B A" = Paquete de controladores de Windows - Nokia Modem (06/01/2009 7.01.0.4)
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Adobe Acrobat 7.0 Professional - EFG" = Adobe Acrobat 7.1.0 Professional - English, Français, Deutsch
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player
"All ATI Software" = ATI - Utilidad de desinstalación de software
"AnyToISO_is1" = AnyToISO
"ATI Display Driver" = ATI Display Driver
"avast!" = avast! Antivirus
"Babylon" = Babylon
"CCleaner" = CCleaner
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem
"Easy WiFi Radar" = Easy WiFi Radar 1.0.5
"ESET Online Scanner" = ESET Online Scanner v3
"ExpressBurn" = Express Burn
"FILERECOVERY®_Professional_3.2" = Magic Recovery Professional 3.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{83EC8AE9-53A6-474D-95AF-8F5116CC9C4E}" = 3D Home Architect Design Suite Deluxe 8
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 4.1.7
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Media Player - Codec Pack" = Media Player Codec Pack 3.9.4
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0 Language Pack - ESN" = Paquete de idioma de Microsoft .NET Framework 2.0 - ESN
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6)" = Mozilla Firefox (3.6)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Nokia PC Suite" = Nokia PC Suite
"Orbit_is1" = Orbit Downloader
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VobSub" = VobSub v2.23 (Remove Only)
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"WebEx Client Install" = WebEx Client Install
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Reproductor de Windows Media 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = Compresor WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01007" = Microsoft User-Mode Driver Framework Feature Pack 1.7

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 19-03-2010 22:58:52 | Computer Name = CALVARADO | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
E:\P3179802.JPG failed, 0000A420.

Error - 19-03-2010 22:59:03 | Computer Name = CALVARADO | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
E:\P3179830.JPG failed, 0000A420.

Error - 19-03-2010 22:59:05 | Computer Name = CALVARADO | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
E:\P3179803.JPG failed, 0000A420.

Error - 19-03-2010 22:59:24 | Computer Name = CALVARADO | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
E:\P3179829.JPG failed, 0000A420.

Error - 19-03-2010 22:59:27 | Computer Name = CALVARADO | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
E:\P3179804.JPG failed, 0000A420.

Error - 19-03-2010 22:59:45 | Computer Name = CALVARADO | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
E:\P3180001.JPG failed, 0000A420.

Error - 19-03-2010 22:59:56 | Computer Name = CALVARADO | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
E:\P3179786.JPG failed, 0000A420.

Error - 19-03-2010 23:00:00 | Computer Name = CALVARADO | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
E:\P3179818.JPG failed, 0000A420.

Error - 19-03-2010 23:00:16 | Computer Name = CALVARADO | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
E:\P3179787.JPG failed, 0000A420.

Error - 05-04-2010 23:00:48 | Computer Name = CALVARADO | Source = avast! | ID = 33554522
Description = Internal error has occurred in module aswar scan function failed!,
function 00000002.

[ Application Events ]
Error - 06-04-2010 0:16:24 | Computer Name = CALVARADO | Source = MsiInstaller | ID = 1008
Description = La instalación de C:\Archivos de programa\Archivos comunes\Wise Installation
Wizard\WISCDDCBBF1270346BC938BBCC81A1EEAAA_4_35_0_1000.MSI no está permitida debido
a un error en el proceso de directiva de restricción del software. No hay confianza
en el objeto.

Error - 06-04-2010 0:16:36 | Computer Name = CALVARADO | Source = MsiInstaller | ID = 1008
Description = La instalación de C:\Archivos de programa\Archivos comunes\Wise Installation
Wizard\WISCDDCBBF1270346BC938BBCC81A1EEAAA_4_35_0_1000.MSI no está permitida debido
a un error en el proceso de directiva de restricción del software. No hay confianza
en el objeto.

Error - 06-04-2010 0:25:14 | Computer Name = CALVARADO | Source = MsiInstaller | ID = 1008
Description = La instalación de C:\Archivos de programa\Archivos comunes\Wise Installation
Wizard\WISCDDCBBF1270346BC938BBCC81A1EEAAA_4_35_0_1002.MSI no está permitida debido
a un error en el proceso de directiva de restricción del software. No hay confianza
en el objeto.

Error - 06-04-2010 0:41:30 | Computer Name = CALVARADO | Source = WmiAdapter | ID = 4099
Description = Error al abrir el servicio.

Error - 06-04-2010 0:41:31 | Computer Name = CALVARADO | Source = WmiAdapter | ID = 4099
Description = Error al abrir el servicio.

Error - 06-04-2010 0:41:32 | Computer Name = CALVARADO | Source = WmiAdapter | ID = 4099
Description = Error al abrir el servicio.

Error - 06-04-2010 0:41:32 | Computer Name = CALVARADO | Source = WmiAdapter | ID = 4099
Description = Error al abrir el servicio.

Error - 06-04-2010 0:41:33 | Computer Name = CALVARADO | Source = WmiAdapter | ID = 4099
Description = Error al abrir el servicio.

Error - 06-04-2010 0:41:33 | Computer Name = CALVARADO | Source = WmiAdapter | ID = 4099
Description = Error al abrir el servicio.

Error - 06-04-2010 0:41:34 | Computer Name = CALVARADO | Source = WmiAdapter | ID = 4099
Description = Error al abrir el servicio.

[ System Events ]
Error - 06-04-2010 3:23:02 | Computer Name = CALVARADO | Source = DCOM | ID = 10005
Description = DCOM ha obtenido un error "%1084" al intentar iniciar el servicio
MDM con argumentos "" para ejecutar el servidor: {0C0A3666-30C9-11D0-8F20-00805F2CD064}

Error - 06-04-2010 3:24:02 | Computer Name = CALVARADO | Source = DCOM | ID = 10005
Description = DCOM ha obtenido un error "%1084" al intentar iniciar el servicio
MDM con argumentos "" para ejecutar el servidor: {0C0A3666-30C9-11D0-8F20-00805F2CD064}

Error - 06-04-2010 3:26:00 | Computer Name = CALVARADO | Source = DCOM | ID = 10005
Description = DCOM ha obtenido un error "%1084" al intentar iniciar el servicio
MDM con argumentos "" para ejecutar el servidor: {0C0A3666-30C9-11D0-8F20-00805F2CD064}

Error - 06-04-2010 3:26:26 | Computer Name = CALVARADO | Source = DCOM | ID = 10005
Description = DCOM ha obtenido un error "%1084" al intentar iniciar el servicio
MDM con argumentos "" para ejecutar el servidor: {0C0A3666-30C9-11D0-8F20-00805F2CD064}

Error - 06-04-2010 3:30:34 | Computer Name = CALVARADO | Source = DCOM | ID = 10005
Description = DCOM ha obtenido un error "%1084" al intentar iniciar el servicio
EventSystem con argumentos "" para ejecutar el servidor: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 06-04-2010 17:34:20 | Computer Name = CALVARADO | Source = Dhcp | ID = 1001
Description = A su equipo no le fue asignada una dirección de la red (por el servidor
DHCP)
para la tarjeta de red con la dirección de red 0018DE0E017E. Ocurrió el error:
%%1223. Su equipo continuará intentando obtener una dirección desde el servidor de
direcciones de red (DHCP).

Error - 06-04-2010 17:34:46 | Computer Name = CALVARADO | Source = DCOM | ID = 10005
Description = DCOM ha obtenido un error "%1084" al intentar iniciar el servicio
EventSystem con argumentos "" para ejecutar el servidor: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 06-04-2010 17:35:11 | Computer Name = CALVARADO | Source = DCOM | ID = 10005
Description = DCOM ha obtenido un error "%1084" al intentar iniciar el servicio
StiSvc con argumentos "" para ejecutar el servidor: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 06-04-2010 17:35:22 | Computer Name = CALVARADO | Source = DCOM | ID = 10005
Description = DCOM ha obtenido un error "%1084" al intentar iniciar el servicio
MDM con argumentos "" para ejecutar el servidor: {0C0A3666-30C9-11D0-8F20-00805F2CD064}

Error - 06-04-2010 17:35:50 | Computer Name = CALVARADO | Source = Service Control Manager | ID = 7026
Description = El controlador de inicialización siguiente no se cargó correctamente:
Aavmker4 APPDRV aswSP Fips intelppm pavboot SASKUTIL

< End of report >

[recovering disk space - old attachment deleted by admin]

Haolit · « **Reply #5 on:** April 06, 2010, 06:28:24 PM »

Hi again, I unistalled avast and reinstalled the last version and it's working normally, and windows is runing in a "normal mode".
Thank

Dr Jay · « **Reply #6 on:** April 06, 2010, 08:31:47 PM »

Hi...sorry, but please copy and paste the report you attached in to two or three posts. It allows me to be able to research it properly. It is just our policy.

Haolit · « **Reply #7 on:** April 06, 2010, 08:52:39 PM »

Ok, no problem, here is:
OTL logfile created on: 06-04-2010 17:41:40 - Run 1
OTL by OldTimer - Version 3.2.1.0 Folder = C:\Documents and Settings\Christian Alvarado G\Escritorio
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000340A | Country: Chile | Language: ESL | Date Format: dd-MM-yyyy

1,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 81,00% Memory free
3,00 Gb Paging File | 3,00 Gb Available in Paging File | 96,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Archivos de programa
Drive C: | 70,07 Gb Total Space | 28,04 Gb Free Space | 40,01% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CALVARADO
Current User Name: Christian Alvarado G
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010-04-06 17:40:08 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Christian Alvarado G\Escritorio\OTL.exe
PRC - [2008-04-13 22:18:57 | 001,036,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (SafeList) ==========

MOD - [2010-04-06 17:40:08 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Christian Alvarado G\Escritorio\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2009-11-24 19:51:35 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Stopped] -- C:\Archivos de programa\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009-11-24 19:51:21 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Archivos de programa\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009-11-24 19:48:48 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Archivos de programa\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009-11-24 19:43:56 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Stopped] -- C:\Archivos de programa\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2009-11-03 14:48:54 | 000,874,768 | ---- | M] (Intel(R) Corporation) [Auto | Stopped] -- C:\Archivos de programa\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel(R)
SRV - [2009-11-03 14:45:52 | 000,348,160 | ---- | M] (Intel(R) Corporation) [Auto | Stopped] -- C:\Archivos de programa\Intel\WiFi\bin\WLKEEPER.exe -- (WLANKEEPER) Intel(R)
SRV - [2009-11-03 14:42:00 | 000,909,312 | ---- | M] (Intel(R) Corporation) [Auto | Stopped] -- C:\Archivos de programa\Intel\WiFi\bin\S24EvMon.exe -- (S24EventMonitor) Intel(R)
SRV - [2009-11-03 14:33:48 | 000,473,360 | ---- | M] (Intel(R) Corporation) [Auto | Stopped] -- C:\Archivos de programa\Archivos comunes\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel(R)
SRV - [2009-10-27 08:26:36 | 000,657,408 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Archivos de programa\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2009-10-04 15:25:35 | 000,069,632 | ---- | M] (Adobe Systems) [On_Demand | Stopped] -- C:\Archivos de programa\Archivos comunes\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)
SRV - [2008-08-29 10:00:30 | 000,033,752 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Archivos de programa\NOS\bin\getPlus_HelperSvc.exe -- (getPlus(R) Helper) getPlus(R)
SRV - [2008-08-26 15:58:12 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Stopped] -- C:\Archivos de programa\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)
SRV - [2005-04-03 23:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Archivos de programa\Archivos comunes\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2003-12-02 09:27:08 | 001,417,048 | ---- | M] (Cisco Systems, Inc.) [Auto | Stopped] -- C:\Archivos de programa\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2003-07-28 20:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Archivos de programa\Archivos comunes\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2003-06-19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM)

========== Driver Services (SafeList) ==========

DRV - [2010-02-17 11:25:50 | 000,012,872 | R--- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Documents and Settings\Administrador.CALVARADO\Escritorio\Nueva carpeta\sasdifsv.sys -- (SASDIFSV)
DRV - [2010-02-17 11:15:58 | 000,066,632 | R--- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Documents and Settings\Administrador.CALVARADO\Escritorio\Nueva carpeta\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010-02-17 11:15:58 | 000,012,872 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Documents and Settings\Administrador.CALVARADO\Escritorio\Nueva carpeta\SASENUM.SYS -- (SASENUM)
DRV - [2009-11-24 19:49:07 | 000,048,560 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2009-11-24 19:48:57 | 000,023,120 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2009-11-24 19:47:54 | 000,027,408 | ---- | M] (ALWIL Software) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2009-10-26 04:47:30 | 004,221,952 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel(R)
DRV - [2009-10-06 10:52:50 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2009-10-06 10:52:34 | 000,022,016 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2009-10-06 10:52:34 | 000,017,664 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2009-10-06 10:52:34 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2009-09-15 05:56:14 | 000,094,160 | ---- | M] (ALWIL Software) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2009-09-15 05:55:30 | 000,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2009-09-15 05:55:19 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009-06-30 09:37:16 | 000,028,552 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Stopped] -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot)
DRV - [2008-08-26 08:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008-08-13 15:23:56 | 000,011,904 | ---- | M] (Intel Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2008-04-13 14:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) Controlador de audio USB (WDM)
DRV - [2008-04-13 12:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007-09-26 07:01:32 | 002,236,032 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Controlador del adaptador Intel(R)
DRV - [2007-05-10 10:24:34 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006-11-21 05:25:44 | 000,045,568 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006-11-15 00:16:24 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2006-11-14 19:42:46 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006-11-14 17:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2006-05-24 18:07:18 | 000,328,237 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2006-05-24 18:05:26 | 000,023,271 | ---- | M] (Broadcom Corporation.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\btserial.sys -- (BTSERIAL)
DRV - [2006-05-24 18:04:04 | 000,851,434 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2006-05-24 18:01:34 | 000,030,427 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2006-05-24 18:01:22 | 000,030,285 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwmodem.sys -- (btwmodem)
DRV - [2006-05-24 18:00:50 | 000,066,488 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2006-05-24 17:58:18 | 000,148,900 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2006-05-24 17:57:00 | 000,045,683 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwhid.sys -- (btwhid)
DRV - [2006-05-23 22:06:36 | 001,578,496 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006-03-08 12:35:10 | 000,191,872 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2005-08-12 17:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2005-07-22 11:02:12 | 001,035,008 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005-07-22 11:01:08 | 000,201,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2005-07-22 11:01:00 | 000,717,952 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003-12-02 09:26:22 | 000,268,872 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2003-09-02 10:44:06 | 000,139,604 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2003-05-01 12:26:34 | 000,005,220 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2002-07-07 14:39:14 | 000,185,256 | ---- | M] (OmniVision Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\om518vid.sys -- (OM518P) VGA USB Camera (2120)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.15

FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.18\extensions\\Components: E:\FirefoxPortable\App\firefox\components
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.18\extensions\\Plugins: E:\FirefoxPortable\App\firefox\plugins
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Archivos de programa\Mozilla Firefox\components [2010-03-06 19:40:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Archivos de programa\Mozilla Firefox\plugins [2010-03-08 20:03:33 | 000,000,000 | ---D | M]

[2010-03-01 01:07:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christian Alvarado G\Datos de programa\Mozilla\Extensions
[2010-04-05 22:07:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christian Alvarado G\Datos de programa\Mozilla\Firefox\Profiles\8rxvfe3v.default\extensions
[2010-03-03 09:34:08 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Christian Alvarado G\Datos de programa\Mozilla\Firefox\Profiles\8rxvfe3v.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010-04-05 21:33:47 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Christian Alvarado G\Datos de programa\Mozilla\Firefox\Profiles\8rxvfe3v.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2010-04-05 22:07:34 | 000,000,000 | ---D | M] -- C:\Archivos de programa\Mozilla Firefox\extensions
[2010-01-15 21:31:52 | 000,001,179 | ---- | M] () -- C:\Archivos de programa\Mozilla Firefox\searchplugins\wikipedia-es.xml

O1 HOSTS File: ([2010-04-06 03:09:36 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Archivos de programa\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Archivos de programa\Archivos comunes\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Archivos de programa\AVG\AVG8\avgssie.dll File not found
O2 - BHO: (Windows Live Aplicación auxiliar de inicio de sesión) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Babylon IE plugin) - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Archivos de programa\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Archivos de programa\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Archivos de programa\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Archivos de programa\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Archivos de programa\Orbitdownloader\GrabPro.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Archivos de programa\Orbitdownloader\GrabPro.dll ()
O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Archivos de programa\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [ATICCC] C:\Archivos de programa\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)
O4 - HKLM..\Run: [Babylon Client] C:\Archivos de programa\Babylon\Babylon-Pro\Babylon.exe (Babylon Ltd.)
O4 - HKLM..\Run: [dellsupportcenter] C:\Archivos de programa\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [IntelWireless] C:\Archivos de programa\Archivos comunes\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Archivos de programa\Intel\WiFi\bin\ZCfgSvc.exe (Intel(R) Corporation)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Archivos de programa\SigmaTel\C-Major Audio\WDM\stsystra.exe (SigmaTel, Inc.)
O4 - HKCU..\RunOnce: [Shockwave Updater] C:\WINDOWS\System32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1103472 -Mozilla\4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident\4.0; File not found
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Menú Inicio\Programas\Inicio\Adobe Acrobat Speed Launcher.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-F400-7760-000000000002}\SC_Acrobat.exe ()
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Menú Inicio\Programas\Inicio\BTTray.lnk = C:\Archivos de programa\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Menú Inicio\Programas\Inicio\VPN Client.lnk = C:\WINDOWS\Installer\{3E5562ED-69AB-4CEC-91E2-64E18EC5ACC6}\Icon3E5562ED7.ico ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Download by Orbit - C:\Archivos de programa\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Archivos de programa\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Archivos de programa\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Archivos de programa\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Archivos de programa\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Archivos de programa\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Archivos de programa\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Archivos de programa\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Archivos de programa\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to existing PDF - C:\Archivos de programa\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Archivos de programa\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Archivos de programa\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Enviar a &Bluetooth - C:\Archivos de programa\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Translate this web page with Babylon - C:\Archivos de programa\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O8 - Extra context menu item: Translate with Babylon - C:\Archivos de programa\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Archivos de programa\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Archivos de programa\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Archivos de programa\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Archivos de programa\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Archivos de programa\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O9 - Extra 'Tools' menuitem : Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Archivos de programa\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Plugin Control)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab (DLM Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1223364306296 (WUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos-beta/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://systemrequirementslab.com.s3.amazonaws.com/iduu/bin/srldetect_intel.cab (SysInfo Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/2.9.1.0/GarminAxControl.CAB (Reg Error: Key error.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Archivos de programa\Archivos comunes\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Archivos de programa\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Mi página de inicio actual) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Christian Alvarado G\Configuración local\Datos de programa\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Christian Alvarado G\Configuración local\Datos de programa\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008-10-05 22:51:37 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{06f74d76-0103-11de-b673-0016cffd37b6}\Shell\AutoRun\command - "" = E:\p.exe -- File not found
O33 - MountPoints2\{06f74d76-0103-11de-b673-0016cffd37b6}\Shell\open\Command - "" = E:\p.exe -- File not found
O33 - MountPoints2\{0a76e0bd-cdd0-11dd-b5ed-0016cffd37b6}\Shell\AutoRun\command - "" = E:\dll32.exe -- File not found
O33 - MountPoints2\{0a76e0bd-cdd0-11dd-b5ed-0016cffd37b6}\Shell\open\command - "" = E:\dll32.exe -- File not found
O33 - MountPoints2\{0d2b414c-f3ee-11dd-b647-0016cffd37b6}\Shell\AutoRun\command - "" = E:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\application.exe -- File not found
O33 - MountPoints2\{0d2b414c-f3ee-11dd-b647-0016cffd37b6}\Shell\open\command - "" = E:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\application.exe -- File not found
O33 - MountPoints2\{6cd4c238-7410-11de-bbd2-0016cffd37b6}\Shell\AutoRun\command - "" = E:\p.exe -- File not found
O33 - MountPoints2\{6cd4c238-7410-11de-bbd2-0016cffd37b6}\Shell\open\Command - "" = E:\p.exe -- File not found
O33 - MountPoints2\{8f338f1e-c283-11de-bc65-0016cffd37b6}\Shell\AutoRun\command - "" = E:\USBVAULT\us.exe -- File not found
O33 - MountPoints2\{8f338f1e-c283-11de-bc65-0016cffd37b6}\Shell\explore\command - "" = E:\USBVAULT\us.exe -- File not found
O33 - MountPoints2\{8f338f1e-c283-11de-bc65-0016cffd37b6}\Shell\open\command - "" = E:\USBVAULT\us.exe -- File not found
O33 - MountPoints2\{8f338f23-c283-11de-bc65-0016cffd37b6}\Shell\AutoRun\command - "" = E:\USBVAULT\us.exe -- File not found
O33 - MountPoints2\{8f338f23-c283-11de-bc65-0016cffd37b6}\Shell\explore\command - "" = E:\USBVAULT\us.exe -- File not found
O33 - MountPoints2\{8f338f23-c283-11de-bc65-0016cffd37b6}\Shell\open\command - "" = E:\USBVAULT\us.exe -- File not found
O33 - MountPoints2\{a75b6d08-f84c-11dd-b65c-0016cffd37b6}\Shell\AutoRun\command - "" = E:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\iuhx32.exe -- File not found
O33 - MountPoints2\{a75b6d08-f84c-11dd-b65c-0016cffd37b6}\Shell\open\command - "" = E:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\iuhx32.exe -- File not found
O33 - MountPoints2\{b5d6b049-f37f-11dd-b642-0016cffd37b6}\Shell\AutoRun\command - "" = E:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\iuhx32.exe -- File not found
O33 - MountPoints2\{b5d6b049-f37f-11dd-b642-0016cffd37b6}\Shell\open\command - "" = E:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\iuhx32.exe -- File not found
O33 - MountPoints2\{c40a298a-ccf9-11dd-b5ea-0016cffd37b6}\Shell\AutoRun\command - "" = E:\dll32.exe -- File not found
O33 - MountPoints2\{c40a298a-ccf9-11dd-b5ea-0016cffd37b6}\Shell\open\command - "" = E:\dll32.exe -- File not found
O33 - MountPoints2\{e16962e0-cd79-11dd-b5ec-0016cffd37b6}\Shell\Auto\command - "" = fun.xls.exe
O33 - MountPoints2\{e785a9b5-b9ef-11de-bc5a-0016cffd37b6}\Shell\AutoRun\command - "" = E:\USBVAULT\us.exe -- File not found
O33 - MountPoints2\{e785a9b5-b9ef-11de-bc5a-0016cffd37b6}\Shell\explore\command - "" = E:\USBVAULT\us.exe -- File not found
O33 - MountPoints2\{e785a9b5-b9ef-11de-bc5a-0016cffd37b6}\Shell\open\command - "" = E:\USBVAULT\us.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2010-02-27 01:12:29 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Generación de gráficos vectoriales (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.4
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Enlace dinámico de datos HTML para Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {405C32CF-9C6F-49B3-9436-3F5FDBE7B3CE} - .NET Framework
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Autoría avanzada
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4E455D12-A704-11BB-B331-05B8C14A07F6} - Actualización de versión de Internet Explorer
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - Clases Java DirectAnimation
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Carpetas Web
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {83169D43-4660-4347-BC95-E9D6E6BE65CE} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Programador de tareas
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297)
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.ac3acm - C:\WINDOWS\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.ac3filter - C:\WINDOWS\System32\ac3filter.acm ()
Drivers32: msacm.divxa32 - C:\WINDOWS\System32\DivXa32.acm (Packed With Joy !)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.ffds - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.IV45 - C:\WINDOWS\System32\ir41_qc.dll (Intel Corporation.)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Ligos Corporation)
Drivers32: vidc.vp60 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.vp61 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.vp62 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.wmv3 - C:\WINDOWS\System32\wmv9vcm.dll (Microsoft Corporation)
Drivers32: VIDC.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)

Haolit · « **Reply #8 on:** April 06, 2010, 08:53:33 PM »

Second:

CREATERESTOREPOINT
Error starting restore point: The function was called in safe mode.
Error closing restore point: The sequence number is invalid.

========== Files/Folders - Created Within 30 Days ==========

[2010-04-06 17:40:05 | 000,561,664 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Christian Alvarado G\Escritorio\OTL.exe
[2010-04-06 03:14:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010-04-06 03:02:03 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010-04-06 03:02:03 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010-04-06 03:02:03 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010-04-06 03:02:03 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010-04-06 03:01:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010-04-06 02:59:40 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010-04-06 02:59:32 | 000,028,552 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\pavboot.sys
[2010-04-06 02:08:24 | 000,000,000 | ---D | C] -- C:\Archivos de programa\Trend Micro
[2010-04-06 01:56:39 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010-04-06 01:56:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Datos de programa\Malwarebytes
[2010-04-06 01:56:37 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010-04-06 01:56:37 | 000,000,000 | ---D | C] -- C:\Archivos de programa\Malwarebytes' Anti-Malware
[2010-04-06 00:31:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Datos de programa\SUPERAntiSpyware.com
[2010-04-06 00:16:14 | 000,000,000 | ---D | C] -- C:\Archivos de programa\Archivos comunes\Wise Installation Wizard
[2010-04-06 00:13:38 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Christian Alvarado G\Recent
[2010-04-06 00:03:36 | 000,000,000 | ---D | C] -- C:\Archivos de programa\CCleaner
[2010-04-05 23:25:01 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010-04-05 23:24:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2010-04-05 21:36:42 | 000,000,000 | ---D | C] -- C:\Archivos de programa\Panda Security
[2010-04-05 21:33:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Christian Alvarado G\Datos de programa\QuickScan
[2010-04-05 21:17:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Christian Alvarado G\Configuración local\Datos de programa\pmwslvqdb
[2010-04-05 18:30:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Datos de programa\Sun
[2010-04-05 18:30:30 | 000,000,000 | ---D | C] -- C:\Archivos de programa\Archivos comunes\Java
[2010-04-05 18:29:57 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010-04-05 18:29:57 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010-04-05 18:29:57 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010-04-04 12:56:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Christian Alvarado G\Escritorio\102OLYMP
[2010-03-30 15:43:03 | 000,000,000 | ---D | C] -- C:\Archivos de programa\Archivos comunes\Skype
[2010-03-24 00:06:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Christian Alvarado G\Mis documentos\Descargas
[2010-03-21 16:30:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Christian Alvarado G\Mis documentos\Nueva carpeta
[2010-03-21 13:52:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Christian Alvarado G\Escritorio\Navchile_3.35
[2010-03-21 13:41:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Christian Alvarado G\Mis documentos\Mi Garmin
[2010-03-21 12:57:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Datos de programa\GARMIN
[2010-03-21 12:57:29 | 000,000,000 | ---D | C] -- C:\Archivos de programa\Garmin
[2010-03-21 12:57:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\GARMIN
[2010-03-21 12:56:35 | 000,000,000 | ---D | C] -- C:\Garmin
[2010-03-21 04:20:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Christian Alvarado G\Datos de programa\Download Manager
[2010-03-21 04:12:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Christian Alvarado G\Datos de programa\GARMIN
[2010-03-17 11:56:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Christian Alvarado G\Escritorio\101OLYMP
[2010-03-12 09:32:20 | 000,000,000 | ---D | C] -- C:\Archivos de programa\QuickTime
[2010-03-10 22:06:20 | 003,558,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe
[2010-03-07 22:46:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\custom matrices
[2010-03-07 22:46:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\QuickTime
[2010-03-07 22:46:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\C2MP
[2010-02-22 21:26:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Datos de programa\Intel
[2010-02-22 21:26:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Datos de programa\Intel
[2008-10-06 22:01:37 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Datos de programa\Microsoft
[2008-10-06 22:01:37 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Datos de programa\Microsoft
[2008-10-06 22:01:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Configuración local\Datos de programa\Microsoft
[2008-10-06 22:01:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Configuración local\Datos de programa\Microsoft
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[13 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010-04-06 17:40:08 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Christian Alvarado G\Escritorio\OTL.exe
[2010-04-06 17:38:38 | 001,130,798 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010-04-06 17:38:38 | 000,508,254 | ---- | M] () -- C:\WINDOWS\System32\perfh00A.dat
[2010-04-06 17:38:38 | 000,444,028 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010-04-06 17:38:38 | 000,091,564 | ---- | M] () -- C:\WINDOWS\System32\perfc00A.dat
[2010-04-06 17:38:38 | 000,071,904 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010-04-06 17:34:06 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010-04-06 03:30:36 | 008,650,752 | -H-- | M] () -- C:\Documents and Settings\Christian Alvarado G\NTUSER.DAT
[2010-04-06 03:30:36 | 000,000,304 | -HS- | M] () -- C:\Documents and Settings\Christian Alvarado G\ntuser.ini
[2010-04-06 03:30:33 | 004,240,656 | -H-- | M] () -- C:\Documents and Settings\Christian Alvarado G\Configuración local\Datos de programa\IconCache.db
[2010-04-06 03:09:45 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010-04-06 03:09:36 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010-04-06 02:34:12 | 000,000,170 | ---- | M] () -- C:\Nuevo acceso directo a Internet.url
[2010-04-06 02:31:24 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010-04-06 01:56:42 | 000,000,731 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Escritorio\Malwarebytes' Anti-Malware.lnk
[2010-04-05 23:48:22 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010-04-05 23:45:00 | 000,000,518 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{8534CEFE-172B-4663-B5AF-2D4B3D2F6C6E}.job
[2010-04-05 23:39:35 | 000,002,489 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Menú Inicio\Programas\Inicio\VPN Client.lnk
[2010-04-05 23:39:22 | 000,002,363 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Menú Inicio\Programas\Inicio\Adobe Acrobat Speed Launcher.lnk
[2010-04-05 21:46:37 | 000,013,734 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010-04-05 18:36:07 | 000,006,677 | ---- | M] () -- C:\Documents and Settings\Christian Alvarado G\intlname.ols
[2010-04-04 13:04:19 | 000,010,856 | ---- | M] () -- C:\Documents and Settings\Christian Alvarado G\Escritorio\New Microsoft Office Word Document.docx
[2010-04-04 13:03:20 | 000,021,504 | ---- | M] () -- C:\Documents and Settings\Christian Alvarado G\Mis documentos\Gasto bencina.xls
[2010-04-01 23:37:50 | 000,131,072 | ---- | M] () -- C:\Documents and Settings\Christian Alvarado G\Escritorio\Cuentas.xls
[2010-03-30 23:11:31 | 001,930,010 | ---- | M] () -- C:\Documents and Settings\Christian Alvarado G\Escritorio\Ringtones.rar
[2010-03-30 22:48:08 | 000,037,376 | ---- | M] () -- C:\Documents and Settings\Christian Alvarado G\Escritorio\Basic Language Training Application.doc
[2010-03-30 22:45:11 | 000,032,511 | ---- | M] () -- C:\Documents and Settings\Christian Alvarado G\Escritorio\Christian CV.pdf
[2010-03-30 18:10:56 | 000,013,824 | ---- | M] () -- C:\Documents and Settings\Christian Alvarado G\Mis documentos\Toefl.xls
[2010-03-30 15:39:56 | 000,023,141 | ---- | M] () -- C:\Documents and Settings\Christian Alvarado G\Mis documentos\Certificado.pdf
[2010-03-30 15:36:48 | 000,013,472 | ---- | M] () -- C:\Documents and Settings\Christian Alvarado G\Mis documentos\Certificado remuneraciones 2009.zip
[2010-03-30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010-03-30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010-03-29 23:57:10 | 000,315,763 | ---- | M] () -- C:\Documents and Settings\Christian Alvarado G\Mis documentos\Bases fulbright_bio.pdf
[2010-03-27 20:17:04 | 000,000,298 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010-03-24 01:07:54 | 000,872,449 | ---- | M] () -- C:\Documents and Settings\Christian Alvarado G\Mis documentos\Flash.pdf
[2010-03-21 05:23:44 | 031,704,595 | ---- | M] () -- C:\Documents and Settings\Christian Alvarado G\Mis documentos\Navchile_3.35.rar
[2010-03-20 13:59:27 | 000,014,848 | ---- | M] () -- C:\Documents and Settings\Christian Alvarado G\Mis documentos\Viaje Gran Cañon.xls
[2010-03-15 11:29:46 | 132,685,442 | ---- | M] () -- C:\Documents and Settings\Christian Alvarado G\Mis documentos\SAM_0469.AVI
[2010-03-14 14:04:46 | 002,841,132 | ---- | M] () -- C:\Documents and Settings\Christian Alvarado G\Mis documentos\SAM_0334.JPG
[2010-03-13 01:47:57 | 000,000,759 | ---- | M] () -- C:\WINDOWS\win.ini
[2010-03-12 20:53:29 | 071,837,017 | ---- | M] () -- C:\Documents and Settings\Christian Alvarado G\Mis documentos\wqerqwer
[2010-03-12 18:02:38 | 000,261,632 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2010-03-09 21:52:35 | 007,180,380 | ---- | M] () -- C:\Documents and Settings\Christian Alvarado G\Mis documentos\EVOLT-Manual-FINAL.pdf
[2010-03-09 04:28:28 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010-03-09 04:28:27 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010-03-09 04:28:26 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010-03-09 04:28:20 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2010-03-09 02:16:10 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[13 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010-04-06 03:02:03 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010-04-06 03:02:03 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010-04-06 03:02:03 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010-04-06 03:02:03 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010-04-06 03:02:03 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010-04-06 02:34:07 | 000,000,170 | ---- | C] () -- C:\Nuevo acceso directo a Internet.url
[2010-04-06 01:56:42 | 000,000,731 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Escritorio\Malwarebytes' Anti-Malware.lnk
[2010-04-05 23:32:40 | 000,000,518 | -H-- | C] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{8534CEFE-172B-4663-B5AF-2D4B3D2F6C6E}.job
[2010-04-04 13:04:19 | 000,010,856 | ---- | C] () -- C:\Documents and Settings\Christian Alvarado G\Escritorio\New Microsoft Office Word Document.docx
[2010-03-30 23:11:53 | 000,483,623 | ---- | C] () -- C:\Documents and Settings\Christian Alvarado G\Escritorio\a güanchu brei frii .mp3
[2010-03-30 23:11:18 | 001,930,010 | ---- | C] () -- C:\Documents and Settings\Christian Alvarado G\Escritorio\Ringtones.rar
[2010-03-30 22:45:11 | 000,032,511 | ---- | C] () -- C:\Documents and Settings\Christian Alvarado G\Escritorio\Christian CV.pdf
[2010-03-30 22:13:03 | 000,037,376 | ---- | C] () -- C:\Documents and Settings\Christian Alvarado G\Escritorio\Basic Language Training Application.doc
[2010-03-30 15:39:56 | 000,023,141 | ---- | C] () -- C:\Documents and Settings\Christian Alvarado G\Mis documentos\Certificado.pdf
[2010-03-30 15:36:47 | 000,013,472 | ---- | C] () -- C:\Documents and Settings\Christian Alvarado G\Mis documentos\Certificado remuneraciones 2009.zip
[2010-03-29 23:57:10 | 000,315,763 | ---- | C] () -- C:\Documents and Settings\Christian Alvarado G\Mis documentos\Bases fulbright_bio.pdf
[2010-03-24 01:07:54 | 000,872,449 | ---- | C] () -- C:\Documents and Settings\Christian Alvarado G\Mis documentos\Flash.pdf
[2010-03-21 16:19:00 | 002,841,132 | ---- | C] () -- C:\Documents and Settings\Christian Alvarado G\Mis documentos\SAM_0334.JPG
[2010-03-21 05:23:39 | 031,704,595 | ---- | C] () -- C:\Documents and Settings\Christian Alvarado G\Mis documentos\Navchile_3.35.rar
[2010-03-19 22:46:34 | 000,014,848 | ---- | C] () -- C:\Documents and Settings\Christian Alvarado G\Mis documentos\Viaje Gran Cañon.xls
[2010-03-15 23:27:02 | 132,685,442 | ---- | C] () -- C:\Documents and Settings\Christian Alvarado G\Mis documentos\SAM_0469.AVI
[2010-03-12 20:52:44 | 071,837,017 | ---- | C] () -- C:\Documents and Settings\Christian Alvarado G\Mis documentos\wqerqwer
[2010-03-09 21:52:35 | 007,180,380 | ---- | C] () -- C:\Documents and Settings\Christian Alvarado G\Mis documentos\EVOLT-Manual-FINAL.pdf
[2010-03-09 20:31:31 | 000,021,504 | ---- | C] () -- C:\Documents and Settings\Christian Alvarado G\Mis documentos\Gasto bencina.xls
[2010-03-02 20:00:00 | 004,555,278 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2010-03-02 20:00:00 | 001,449,935 | ---- | C] () -- C:\WINDOWS\System32\ffmpegmt.dll
[2010-03-02 20:00:00 | 000,882,688 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010-03-02 20:00:00 | 000,877,385 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2010-03-02 20:00:00 | 000,556,491 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2010-03-02 20:00:00 | 000,336,384 | ---- | C] () -- C:\WINDOWS\System32\ff_libfaad2.dll
[2010-03-02 20:00:00 | 000,324,096 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2010-03-02 20:00:00 | 000,248,320 | ---- | C] () -- C:\WINDOWS\System32\ff_kernelDeint.dll
[2010-03-02 20:00:00 | 000,216,576 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll
[2010-03-02 20:00:00 | 000,169,984 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll
[2010-03-02 20:00:00 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll
[2010-03-02 20:00:00 | 000,145,408 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2010-03-02 20:00:00 | 000,121,856 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll
[2010-03-02 20:00:00 | 000,116,736 | ---- | C] () -- C:\WINDOWS\System32\ff_tremor.dll
[2010-03-02 20:00:00 | 000,100,864 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2010-03-02 20:00:00 | 000,097,792 | ---- | C] () -- C:\WINDOWS\System32\ff_unrar.dll
[2010-03-02 20:00:00 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010-02-24 22:07:16 | 000,000,487 | ---- | C] () -- C:\WINDOWS\apdfpr.ini
[2010-01-16 16:09:59 | 000,038,504 | ---- | C] () -- C:\Documents and Settings\Christian Alvarado G\Datos de programa\Valores separados por comas (DOS).ADR
[2009-11-14 14:37:08 | 000,154,112 | ---- | C] () -- C:\WINDOWS\System32\ts.dll
[2009-11-14 14:33:38 | 000,249,856 | ---- | C] () -- C:\WINDOWS\System32\dxr.dll
[2009-11-14 14:11:50 | 000,093,184 | ---- | C] () -- C:\WINDOWS\System32\avss.dll
[2009-11-14 14:11:42 | 000,150,016 | ---- | C] () -- C:\WINDOWS\System32\mkx.dll
[2009-11-14 14:11:42 | 000,141,824 | ---- | C] () -- C:\WINDOWS\System32\mp4.dll
[2009-11-14 14:11:40 | 000,123,392 | ---- | C] () -- C:\WINDOWS\System32\ogm.dll
[2009-11-14 14:11:40 | 000,109,568 | ---- | C] () -- C:\WINDOWS\System32\avi.dll
[2009-11-14 14:11:38 | 000,097,792 | ---- | C] () -- C:\WINDOWS\System32\avs.dll
[2009-11-14 14:11:32 | 000,080,384 | ---- | C] () -- C:\WINDOWS\System32\mkzlib.dll
[2009-11-14 14:11:32 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\mkunicode.dll
[2009-06-07 12:24:04 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009-02-20 20:01:26 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2009-01-10 18:15:44 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\mmfinfo.dll
[2008-12-31 17:04:42 | 000,691,560 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2008-11-06 12:37:32 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008-10-22 23:35:25 | 000,006,677 | ---- | C] () -- C:\Documents and Settings\Christian Alvarado G\intlname.ols
[2008-10-08 23:49:35 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2008-10-08 23:49:31 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2008-10-08 23:38:40 | 000,094,208 | ---- | C] () -- C:\Documents and Settings\Christian Alvarado G\Configuración local\Datos de programa\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008-10-08 22:10:04 | 000,000,379 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008-10-07 04:02:29 | 000,000,149 | ---- | C] () -- C:\Documents and Settings\Christian Alvarado G\Configuración local\Datos de programa\fusioncache.dat
[2008-10-07 02:07:54 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2008-10-07 02:03:52 | 000,253,952 | -H-- | C] () -- C:\Documents and Settings\Christian Alvarado G\ntuser.dat.LOG
[2008-10-07 02:03:52 | 000,000,304 | -HS- | C] () -- C:\Documents and Settings\Christian Alvarado G\ntuser.ini
[2008-10-07 02:03:50 | 008,650,752 | -H-- | C] () -- C:\Documents and Settings\Christian Alvarado G\NTUSER.DAT
[2007-10-13 05:30:20 | 000,000,137 | ---- | C] () -- C:\WINDOWS\System32\Registration.ini
[2006-05-24 18:16:22 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2005-02-17 12:41:32 | 000,000,603 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2005-02-17 12:41:30 | 000,000,593 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2003-12-02 09:27:06 | 000,139,096 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2003-05-09 18:36:30 | 000,151,744 | ---- | C] () -- C:\WINDOWS\System32\ir32.dll
[2003-04-11 13:14:14 | 000,005,827 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002-10-15 18:54:04 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2001-11-14 13:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

========== Custom Scans ==========

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\*.exe /lockedfiles >
[2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2008-10-06 20:45:31 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2008-10-06 20:45:30 | 000,643,072 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2008-10-06 20:45:30 | 000,475,136 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %SYSTEMDRIVE%\*.* >
[2008-10-05 22:51:37 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2008-10-07 01:51:59 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2002-09-24 04:00:00 | 000,004,952 | RHS- | M] () -- C:\Bootfont.bin
[2010-04-06 03:14:06 | 000,026,984 | ---- | M] () -- C:\ComboFix.txt
[2008-10-05 22:51:37 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010-04-06 02:12:10 | 000,010,092 | ---- | M] () -- C:\hijackthis.log
[2008-10-05 22:51:37 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010-04-06 02:05:12 | 000,001,070 | ---- | M] () -- C:\mbam-log-2010-04-06 (02-04-50).txt
[2008-10-05 22:51:37 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004-08-03 12:38:34 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008-10-07 03:10:33 | 000,251,168 | RHS- | M] () -- C:\ntldr
[2010-04-06 02:34:12 | 000,000,170 | ---- | M] () -- C:\Nuevo acceso directo a Internet.url
[2010-04-06 17:33:57 | 1610,612,736 | -HS- | M] () -- C:\pagefile.sys
[2009-01-23 18:27:16 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
[2009-01-23 21:41:50 | 000,000,268 | -H-- | M] () -- C:\sqmdata01.sqm
[2009-01-24 12:29:18 | 000,000,268 | -H-- | M] () -- C:\sqmdata02.sqm
[2009-01-24 15:15:55 | 000,000,268 | -H-- | M] () -- C:\sqmdata03.sqm
[2009-02-22 22:23:20 | 000,000,268 | -H-- | M] () -- C:\sqmdata04.sqm
[2009-03-10 14:35:58 | 000,000,268 | -H-- | M] () -- C:\sqmdata05.sqm
[2009-01-23 18:27:16 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2009-01-23 21:41:50 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2009-01-24 12:29:18 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2009-01-24 15:15:55 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2009-02-22 22:23:20 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2009-03-10 14:35:58 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2010-04-06 01:52:59 | 000,001,150 | ---- | M] () -- C:\SUPERAntiSpyware Scan Log - 04-06-2010 - 01-46-58.log

< %PROGRAMFILES%\*. >
[2009-03-02 21:18:31 | 000,000,000 | ---D | M] -- C:\Archivos de programa\3D Home Architect
[2009-10-04 15:21:38 | 000,000,000 | ---D | M] -- C:\Archivos de programa\Adobe
[2009-11-26 21:49:08 | 000,000,000 | ---D | M] -- C:\Archivos de programa\Alwil Software
[2009-03-02 21:07:51 | 000,000,000 | ---D | M] -- C:\Archivos de programa\AnyToISO
[2009-06-13 12:03:42 | 000,000,000 | ---D | M] -- C:\Archivos de programa\Apple Software Update
[2010-04-06 03:06:26 | 000,000,000 | ---D | M] -- C:\Archivos de programa\Archivos comunes
[2008-10-07 04:21:34 | 000,000,000 | ---D | M] -- C:\Archivos de programa\ATI Technologies
[2010-01-14 23:00:41 | 000,000,000 | ---D | M] -- C:\Archivos de programa\Babylon
[2008-10-06 22:32:19 | 000,000,000 | ---D | M] -- C:\Archivos de programa\Broadcom
[2010-04-06 00:03:39 | 000,000,000 | ---D | M] -- C:\Archivos de programa\CCleaner
[2009-01-06 18:12:46 | 000,000,000 | ---D | M] -- C:\Archivos de programa\Cisco Systems
[2008-10-07 00:05:43 | 000,000,000 | ---D | M] -- C:\Archivos de programa\Complex
[2008-10-05 22:48:45 | 000,000,000 | ---D | M] -- C:\Archivos de programa\ComPlus Applications
[2008-10-07 03:42:18 | 000,000,000 | ---D | M] -- C:\Archivos de programa\CONEXANT
[2008-10-06 22:33:10 | 000,000,000 | ---D | M] -- C:\Archivos de programa\Dell
[2008-10-07 05:27:17 | 000,000,000 | ---D | M] -- C:\Archivos de programa\Dell Support Center
[2008-10-12 16:29:32 | 000,000,000 | ---D | M] -- C:\Archivos de programa\DesignSoft
[2009-12-22 18:53:00 | 000,000,000 | ---D | M] -- C:\Archivos de programa\DIFX
[2009-06-13 13:07:31 | 000,000,000 | ---D | M] -- C:\Archivos de programa\DynEd
[2009-12-21 21:38:48 | 000,000,000 | ---D | M] -- C:\Archivos de programa\eMule
[2009-10-26 21:20:22 | 000,000,000 | ---D | M] -- C:\Archivos de programa\ESET
[2008-12-09 00:20:59 | 000,000,000 | ---D | M] -- C:\Archivos de programa\Gabest
[2010-03-21 12:57:54 | 000,000,000 | ---D | M] -- C:\Archivos de programa\Garmin
[2009-06-09 23:34:58 | 000,000,000 | ---D | M] -- C:\Archivos de programa\GE
[2009-06-13 14:25:51 | 000,000,000 | ---D | M] -- C:\Archivos de programa\Google
[2009-06-09 23:34:50 | 000,000,000 | -H-D | M] -- C:\Archivos de programa\InstallShield Installation Information
[2010-02-22 21:25:24 | 000,000,000 | ---D | M] -- C:\Archivos de programa\Intel
[2010-04-05 23:30:32 | 000,000,000 | ---D | M] -- C:\Archivos de programa\Internet Explorer
[2010-04-05 18:29:25 | 000,000,000 | ---D | M] -- C:\Archivos de programa\Java
[2008-10-08 23:49:33 | 000,000,000 | ---D | M] -- C:\Archivos de programa\K-Lite Codec Pack
[2009-05-25 22:30:09 | 000,000,000 | ---D | M] -- C:\Archivos de programa\MagicRecovery Pro
[2009-05-25 22:27:57 | 000,000,000 | ---D | M] -- C:\Archivos de programa\MagicRecovery Pro DEMO
[2010-02-22 23:10:22 | 000,000,000 | ---D | M] -- C:\Archivos de programa\Makayama Interactive
[2010-04-06 01:56:43 | 000,000,000 | ---D | M] -- C:\Archivos de programa\Malwarebytes' Anti-Malware
[2008-10-07 03:35:29 | 000,000,000 | ---D | M] -- C:\Archivos de programa\Messenger
[2009-10-04 19:06:13 | 000,000,000 | ---D | M] -- C:\Archivos de programa\Microsoft
[2008-10-07 01:58:31 | 000,000,000 | ---D | M] -- C:\Archivos de programa\microsoft frontpage
[2008-10-08 23:12:10 | 000,000,000 | ---D | M] -- C:\Archivos de programa\Microsoft Office
[2008-10-08 22:08:39 | 000,000,000 | ---D | M] -- C:\Archivos de programa\Microsoft Visual Studio
[2008-10-08 22:40:57 | 000,000,000 | ---D | M] -- C:\Archivos de programa\Microsoft Works
[2008-10-08 22:07:43 | 000,000,000 | ---D | M] -- C:\Archivos de programa\Microsoft.NET
[2010-03-11 09:18:00 | 000,000,000 | ---D | M] -- C:\Archivos de programa\Movie Maker
[2010-04-06 03:15:31 | 000,000,000 | ---D | M] -- C:\Archivos de programa\Mozilla Firefox
[2009-08-08 17:08:05 | 000,000,000 | ---D | M] -- C:\Archivos de programa\MSBuild
[2008-10-08 23:12:02 | 000,000,000 | ---D | M] -- C:\Archivos de programa\MSECache
[2009-04-04 13:12:53 | 000,000,000 | ---D | M] -- C:\Archivos de programa\MSN
[2008-10-07 01:54:12 | 000,000,000 | ---D | M] -- C:\Archivos de programa\MSN Gaming Zone
[2010-01-08 23:54:20 | 000,000,000 | ---D | M] -- C:\Archivos de programa\NCH Software
[2010-03-07 15:02:51 | 000,000,000 | ---D | M] -- C:\Archivos de programa\NCH Swift Sound
[2008-10-07 03:13:56 | 000,000,000 | ---D | M] -- C:\Archivos de programa\NetMeeting
[2009-12-22 18:53:12 | 000,000,000 | ---D | M] -- C:\Archivos de programa\Nokia
[2008-10-08 22:34:28 | 000,000,000 | ---D | M] -- C:\Archivos de programa\NOS
[2009-05-25 21:54:44 | 000,000,000 | ---D | M] -- C:\Archivos de programa\OfficeRecovery
[2008-10-07 01:54:21 | 000,000,000 | ---D | M] -- C:\Archivos de programa\Online Services
[2010-02-14 00:09:21 | 000,000,000 | ---D | M] -- C:\Archivos de programa\Orbitdownloader
[2009-08-12 19:35:31 | 000,000,000 | ---D | M] -- C:\Archivos de programa\Outlook Express
[2010-04-05 21:36:42 | 000,000,000 | ---D | M] -- C:\Archivos de programa\Panda Security
[2009-12-22 18:52:53 | 000,000,000 | ---D | M] -- C:\Archivos de programa\PC Connectivity Solution
[2010-03-12 09:32:21 | 000,000,000 | ---D | M] -- C:\Archivos de programa\QuickTime
[2009-08-08 17:07:51 | 000,000,000 | ---D | M] -- C:\Archivos de programa\Reference Assemblies
[2008-10-05 22:50:22 | 000,000,000 | ---D | M] -- C:\Archivos de programa\Servicios en línea
[2008-10-06 22:19:15 | 000,000,000 | ---D | M] -- C:\Archivos de programa\SigmaTel
[2009-12-06 10:22:07 | 000,000,000 | R--D | M] -- C:\Archivos de programa\Skype
[2008-10-06 22:26:04 | 000,000,000 | ---D | M] -- C:\Archivos de programa\Synaptics
[2010-02-22 21:16:26 | 000,000,000 | ---D | M] -- C:\Archivos de programa\SystemRequirementsLab
[2010-04-06 02:08:24 | 000,000,000 | ---D | M] -- C:\Archivos de programa\Trend Micro
[2008-10-05 22:54:25 | 000,000,000 | -H-D | M] -- C:\Archivos de programa\Uninstall Information
[2008-10-07 04:51:29 | 000,000,000 | ---D | M] -- C:\Archivos de programa\WIDCOMM
[2008-10-07 04:54:42 | 000,000,000 | ---D | M] -- C:\Archivos de programa\Windows Desktop Search
[2009-03-13 18:20:24 | 000,000,000 | ---D | M] -- C:\Archivos de programa\Windows Live
[2009-07-22 11:17:37 | 000,000,000 | ---D | M] -- C:\Archivos de programa\Windows Live Safety Center
[2009-03-13 18:20:09 | 000,000,000 | ---D | M] -- C:\Archivos de programa\Windows Live SkyDrive
[2008-10-07 03:47:33 | 000,000,000 | ---D | M] -- C:\Archivos de programa\Windows Media Connect 2
[2008-10-07 03:47:31 | 000,000,000 | ---D | M] -- C:\Archivos de programa\Windows Media Player
[2008-10-07 03:13:50 | 000,000,000 | ---D | M] -- C:\Archivos de programa\Windows NT
[2008-10-05 22:50:26 | 000,000,000 | -H-D | M] -- C:\Archivos de programa\WindowsUpdate
[2008-10-07 02:24:41 | 000,000,000 | ---D | M] -- C:\Archivos de programa\WinRAR
[2008-10-07 01:58:31 | 000,000,000 | ---D | M] -- C:\Archivos de programa\xerox

< MD5 for: AGP440.SYS >
[2004-08-19 05:56:12 | 018,785,875 | ---- | M] () .cab file -- C:\Documents and Settings\Administrador\Escritorio\winxphom.sp2\I386\sp2.cab:AGP440.sys
[2008-10-07 03:06:29 | 023,895,938 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008-10-07 03:06:29 | 023,895,938 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008-04-13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008-04-13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008-04-13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2002-09-24 04:00:00 | 010,180,710 | ---- | M] () .cab file -- C:\Documents and Settings\Administrador\Escritorio\winxphom.sp2\I386\sp1.cab:atapi.sys
[2004-08-19 05:56:12 | 018,785,875 | ---- | M] () .cab file -- C:\Documents and Settings\Administrador\Escritorio\winxphom.sp2\I386\sp2.cab:atapi.sys
[2008-10-07 03:06:29 | 023,895,938 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008-10-07 03:06:29 | 023,895,938 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008-04-13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008-04-13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008-04-13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004-08-03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004-08-03 12:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0019\DriverFiles\i386\atapi.sys

< MD5 for: DISK.SYS >
[2002-09-24 04:00:00 | 010,180,710 | ---- | M] () .cab file -- C:\Documents and Settings\Administrador\Escritorio\winxphom.sp2\I386\sp1.cab:disk.sys
[2004-08-19 05:56:12 | 018,785,875 | ---- | M] () .cab file -- C:\Documents and Settings\Administrador\Escritorio\winxphom.sp2\I386\sp2.cab:disk.sys
[2008-10-07 03:06:29 | 023,895,938 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:disk.sys
[2008-10-07 03:06:29 | 023,895,938 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:disk.sys
[2004-08-03 12:59:56 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\$NtServicePackUninstall$\disk.sys
[2008-04-13 14:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\ServicePackFiles\i386\disk.sys
[2008-04-13 14:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\drivers\disk.sys

< MD5 for: EVENTLOG.DLL >
[2008-04-13 22:18:21 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2744C713F0217BD8FFD13E2EF731371C -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008-04-13 22:18:21 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2744C713F0217BD8FFD13E2EF731371C -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008-04-13 22:18:21 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2744C713F0217BD8FFD13E2EF731371C -- C:\WINDOWS\system32\eventlog.dll
[2004-08-19 05:42:08 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=5696DF4EF09C375CE42FB2DDE1E68AB7 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2004-08-19 05:42:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=7FD182B1B80117C353983565D60B1CAF -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2008-04-13 22:18:28 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=CD2BBB52DFAAB666B812A51B1E96F2A0 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008-04-13 22:18:28 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=CD2BBB52DFAAB666B812A51B1E96F2A0 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008-04-13 22:18:28 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=CD2BBB52DFAAB666B812A51B1E96F2A0 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2008-04-13 22:18:35 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=B6BE3C96CD33336A551DB3F2299A8E69 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008-04-13 22:18:35 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=B6BE3C96CD33336A551DB3F2299A8E69 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008-04-13 22:18:35 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=B6BE3C96CD33336A551DB3F2299A8E69 -- C:\WINDOWS\system32\scecli.dll
[2004-08-19 05:42:24 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=C6347748F2E9F310EA1E1915482ABFEF -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll

< MD5 for: USBSTOR.SYS >
[2002-09-24 04:00:00 | 010,180,710 | ---- | M] () .cab file -- C:\Documents and Settings\Administrador\Escritorio\winxphom.sp2\I386\sp1.cab:usbstor.sys
[2004-08-19 05:56:12 | 018,785,875 | ---- | M] () .cab file -- C:\Documents and Settings\Administrador\Escritorio\winxphom.sp2\I386\sp2.cab:usbstor.sys
[2008-10-07 03:06:29 | 023,895,938 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:usbstor.sys
[2008-10-07 03:06:29 | 023,895,938 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:usbstor.sys
[2004-08-03 23:08:48 | 000,026,496 | ---- | M] (Microsoft Corporation) MD5=6CD7B22193718F1D17A47A1CD6D37E75 -- C:\WINDOWS\$NtServicePackUninstall$\usbstor.sys
[2008-04-13 14:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\ServicePackFiles\i386\usbstor.sys
[2008-04-13 14:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\system32\drivers\usbstor.sys

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-03-31 13:30:13

========== Alternate Data Streams ==========

@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users.WINDOWS\Datos de programa\TEMP:C31F31E6
< End of report >

Dr Jay · « **Reply #9 on:** April 06, 2010, 09:30:41 PM »

Please run OTL

Under the Custom Scans/Fixes box at the bottom, copy and paste in the following:

:otl
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555
O33 - MountPoints2\{06f74d76-0103-11de-b673-0016cffd37b6}\Shell\AutoRun\command - "" = E:\p.exe -- File not found
O33 - MountPoints2\{06f74d76-0103-11de-b673-0016cffd37b6}\Shell\open\Command - "" = E:\p.exe -- File not found
O33 - MountPoints2\{0a76e0bd-cdd0-11dd-b5ed-0016cffd37b6}\Shell\AutoRun\command - "" = E:\dll32.exe -- File not found
O33 - MountPoints2\{0a76e0bd-cdd0-11dd-b5ed-0016cffd37b6}\Shell\open\command - "" = E:\dll32.exe -- File not found
O33 - MountPoints2\{0d2b414c-f3ee-11dd-b647-0016cffd37b6}\Shell\AutoRun\command - "" = E:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\application.exe -- File not found
O33 - MountPoints2\{0d2b414c-f3ee-11dd-b647-0016cffd37b6}\Shell\open\command - "" = E:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\application.exe -- File not found
O33 - MountPoints2\{6cd4c238-7410-11de-bbd2-0016cffd37b6}\Shell\AutoRun\command - "" = E:\p.exe -- File not found
O33 - MountPoints2\{6cd4c238-7410-11de-bbd2-0016cffd37b6}\Shell\open\Command - "" = E:\p.exe -- File not found
O33 - MountPoints2\{8f338f1e-c283-11de-bc65-0016cffd37b6}\Shell\AutoRun\command - "" = E:\USBVAULT\us.exe -- File not found
O33 - MountPoints2\{8f338f1e-c283-11de-bc65-0016cffd37b6}\Shell\explore\command - "" = E:\USBVAULT\us.exe -- File not found
O33 - MountPoints2\{8f338f1e-c283-11de-bc65-0016cffd37b6}\Shell\open\command - "" = E:\USBVAULT\us.exe -- File not found
O33 - MountPoints2\{8f338f23-c283-11de-bc65-0016cffd37b6}\Shell\AutoRun\command - "" = E:\USBVAULT\us.exe -- File not found
O33 - MountPoints2\{8f338f23-c283-11de-bc65-0016cffd37b6}\Shell\explore\command - "" = E:\USBVAULT\us.exe -- File not found
O33 - MountPoints2\{8f338f23-c283-11de-bc65-0016cffd37b6}\Shell\open\command - "" = E:\USBVAULT\us.exe -- File not found
O33 - MountPoints2\{a75b6d08-f84c-11dd-b65c-0016cffd37b6}\Shell\AutoRun\command - "" = E:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\iuhx32.exe -- File not found
O33 - MountPoints2\{a75b6d08-f84c-11dd-b65c-0016cffd37b6}\Shell\open\command - "" = E:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\iuhx32.exe -- File not found
O33 - MountPoints2\{b5d6b049-f37f-11dd-b642-0016cffd37b6}\Shell\AutoRun\command - "" = E:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\iuhx32.exe -- File not found
O33 - MountPoints2\{b5d6b049-f37f-11dd-b642-0016cffd37b6}\Shell\open\command - "" = E:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\iuhx32.exe -- File not found
O33 - MountPoints2\{c40a298a-ccf9-11dd-b5ea-0016cffd37b6}\Shell\AutoRun\command - "" = E:\dll32.exe -- File not found
O33 - MountPoints2\{c40a298a-ccf9-11dd-b5ea-0016cffd37b6}\Shell\open\command - "" = E:\dll32.exe -- File not found
O33 - MountPoints2\{e16962e0-cd79-11dd-b5ec-0016cffd37b6}\Shell\Auto\command - "" = fun.xls.exe
O33 - MountPoints2\{e785a9b5-b9ef-11de-bc5a-0016cffd37b6}\Shell\AutoRun\command - "" = E:\USBVAULT\us.exe -- File not found
O33 - MountPoints2\{e785a9b5-b9ef-11de-bc5a-0016cffd37b6}\Shell\explore\command - "" = E:\USBVAULT\us.exe -- File not found
O33 - MountPoints2\{e785a9b5-b9ef-11de-bc5a-0016cffd37b6}\Shell\open\command - "" = E:\USBVAULT\us.exe -- File not found

:commands
[emptytemp]
[reboot]
Then click the Run Fix button at the top.
Note: The fix for OTL automatically hides your Desktop and Start menu so the fix can be completed. Do not be alerted, this is normal.
Please do not exit the program. It might take a while to fix, but allow it to run. If it asks to reboot the computer, allow it to reboot. If the program freezes, and the computer fails to reboot - let me know.
Lastly, post the contents of the log. (Located at C:\_OTL\Moved Files)

Haolit · « **Reply #10 on:** April 06, 2010, 09:52:45 PM »

Ok, the program lastly, and here is log. (the program no freezes and no fails the reboot)

Anything more???

Thank you,

All processes killed
========== OTL ==========
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{06f74d76-0103-11de-b673-0016cffd37b6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{06f74d76-0103-11de-b673-0016cffd37b6}\ not found.
File E:\p.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{06f74d76-0103-11de-b673-0016cffd37b6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{06f74d76-0103-11de-b673-0016cffd37b6}\ not found.
File E:\p.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0a76e0bd-cdd0-11dd-b5ed-0016cffd37b6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0a76e0bd-cdd0-11dd-b5ed-0016cffd37b6}\ not found.
File E:\dll32.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0a76e0bd-cdd0-11dd-b5ed-0016cffd37b6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0a76e0bd-cdd0-11dd-b5ed-0016cffd37b6}\ not found.
File E:\dll32.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0d2b414c-f3ee-11dd-b647-0016cffd37b6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0d2b414c-f3ee-11dd-b647-0016cffd37b6}\ not found.
File E:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\application.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0d2b414c-f3ee-11dd-b647-0016cffd37b6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0d2b414c-f3ee-11dd-b647-0016cffd37b6}\ not found.
File E:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\application.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6cd4c238-7410-11de-bbd2-0016cffd37b6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6cd4c238-7410-11de-bbd2-0016cffd37b6}\ not found.
File E:\p.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6cd4c238-7410-11de-bbd2-0016cffd37b6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6cd4c238-7410-11de-bbd2-0016cffd37b6}\ not found.
File E:\p.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8f338f1e-c283-11de-bc65-0016cffd37b6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8f338f1e-c283-11de-bc65-0016cffd37b6}\ not found.
File E:\USBVAULT\us.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8f338f1e-c283-11de-bc65-0016cffd37b6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8f338f1e-c283-11de-bc65-0016cffd37b6}\ not found.
File E:\USBVAULT\us.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8f338f1e-c283-11de-bc65-0016cffd37b6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8f338f1e-c283-11de-bc65-0016cffd37b6}\ not found.
File E:\USBVAULT\us.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8f338f23-c283-11de-bc65-0016cffd37b6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8f338f23-c283-11de-bc65-0016cffd37b6}\ not found.
File E:\USBVAULT\us.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8f338f23-c283-11de-bc65-0016cffd37b6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8f338f23-c283-11de-bc65-0016cffd37b6}\ not found.
File E:\USBVAULT\us.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8f338f23-c283-11de-bc65-0016cffd37b6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8f338f23-c283-11de-bc65-0016cffd37b6}\ not found.
File E:\USBVAULT\us.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a75b6d08-f84c-11dd-b65c-0016cffd37b6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a75b6d08-f84c-11dd-b65c-0016cffd37b6}\ not found.
File E:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\iuhx32.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a75b6d08-f84c-11dd-b65c-0016cffd37b6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a75b6d08-f84c-11dd-b65c-0016cffd37b6}\ not found.
File E:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\iuhx32.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b5d6b049-f37f-11dd-b642-0016cffd37b6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b5d6b049-f37f-11dd-b642-0016cffd37b6}\ not found.
File E:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\iuhx32.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b5d6b049-f37f-11dd-b642-0016cffd37b6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b5d6b049-f37f-11dd-b642-0016cffd37b6}\ not found.
File E:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\iuhx32.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c40a298a-ccf9-11dd-b5ea-0016cffd37b6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c40a298a-ccf9-11dd-b5ea-0016cffd37b6}\ not found.
File E:\dll32.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c40a298a-ccf9-11dd-b5ea-0016cffd37b6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c40a298a-ccf9-11dd-b5ea-0016cffd37b6}\ not found.
File E:\dll32.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e16962e0-cd79-11dd-b5ec-0016cffd37b6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e16962e0-cd79-11dd-b5ec-0016cffd37b6}\ not found.
File fun.xls.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e785a9b5-b9ef-11de-bc5a-0016cffd37b6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e785a9b5-b9ef-11de-bc5a-0016cffd37b6}\ not found.
File E:\USBVAULT\us.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e785a9b5-b9ef-11de-bc5a-0016cffd37b6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e785a9b5-b9ef-11de-bc5a-0016cffd37b6}\ not found.
File E:\USBVAULT\us.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e785a9b5-b9ef-11de-bc5a-0016cffd37b6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e785a9b5-b9ef-11de-bc5a-0016cffd37b6}\ not found.
File E:\USBVAULT\us.exe not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrador
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 405 bytes

User: Administrador.CALVARADO
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 301367 bytes
->Java cache emptied: 133788 bytes
->FireFox cache emptied: 33243263 bytes
->Flash cache emptied: 1002 bytes

User: All Users

User: All Users.WINDOWS

User: Christian Alvarado G
->Temp folder emptied: 632863 bytes
->Temporary Internet Files folder emptied: 54635156 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 61253290 bytes
->Flash cache emptied: 5422 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Default User.WINDOWS
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService.NT AUTHORITY
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 402 bytes

User: NetworkService.NT AUTHORITY
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2945233 bytes
%systemroot%\System32 .tmp files removed: 2909 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 21398494 bytes

Total Files Cleaned = 167,00 mb

OTL by OldTimer - Version 3.2.1.0 log created on 04062010_234305

Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...

Dr Jay · « **Reply #11 on:** April 06, 2010, 09:54:41 PM »

Please run a free online scan with the ESET Online Scanner

Tick the box next to YES, I accept the Terms of Use
Click Start
When asked, allow the ActiveX control to install
Click Start
Make sure that the options Remove found threats and the option Scan unwanted applications is checked
Click Scan (This scan can take several hours, so please be patient)
Once the scan is completed, you may close the window
Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
Copy and paste that log as a reply to this topic

Haolit · « **Reply #12 on:** April 07, 2010, 05:51:46 AM »

Hi, here is the log, thak

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6210
# api_version=3.0.2
# EOSSerial=cf1227415330d64e8f11c9fa0584cdc9
# end=stopped
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2009-10-27 03:02:07
# local_time=2009-10-27 12:02:07 (-0400, Hora de ver. del Pacífico SA)
# country="Chile"
# lang=3082
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1024 16777215 100 0 32344697 32344697 0 0
# compatibility_mode=1797 16775125 100 100 0 32108876 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=33464
# found=0
# cleaned=0
# scan_time=4894
ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=cf1227415330d64e8f11c9fa0584cdc9
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2010-04-07 06:53:05
# local_time=2010-04-07 02:53:05 (-0400, Hora est. del Pacífico SA)
# country="Chile"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=768 16777175 100 0 0 0 0 0
# compatibility_mode=1024 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 13085421 13085421 0 0
# scanned=70015
# found=3
# cleaned=2
# scan_time=9744
C:\Archivos de programa\Babylon\Babylon-Pro\patch.exe   probably a variant of Win32/HackTool.Patcher.A application (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\Christian Alvarado G\Configuración local\Datos de programa\Identities\{9B64ECA3-DA89-4E26-BD06-B9B147DC12A9}\Microsoft\Outlook Express\Elementos eliminados.dbx   WM/CAP.A virus (unable to clean)   00000000000000000000000000000000   I
C:\Documents and Settings\Christian Alvarado G\Mis documentos\Babylon\New.Babylon.Pro.v8.0.0.r22 by.tano1221.rar   probably a variant of Win32/HackTool.Patcher.A application (deleted - quarantined)   00000000000000000000000000000000   C

Quote from: DragonMaster Jay on April 06, 2010, 09:54:41 PM

Please run a free online scan with the ESET Online Scanner
Tick the box next to YES, I accept the Terms of Use
Click Start
When asked, allow the ActiveX control to install
Click Start
Make sure that the options Remove found threats and the option Scan unwanted applications is checked
Click Scan (This scan can take several hours, so please be patient)
Once the scan is completed, you may close the window
Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
Copy and paste that log as a reply to this topic

Haolit · « **Reply #13 on:** April 07, 2010, 04:08:39 PM »

I run ESET again in "Safe mode with red access" and here the log.

Thank you.

esets_scanner_update returned -1 esets_gle=53251
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=cf1227415330d64e8f11c9fa0584cdc9
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2010-04-07 02:12:47
# local_time=2010-04-07 10:12:47 (-0400, Hora est. del Pacífico SA)
# country="Chile"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=768 16777191 100 0 0 0 0 0
# compatibility_mode=1024 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 13113634 13113634 0 0
# scanned=70777
# found=1
# cleaned=0
# scan_time=7913
C:\Documents and Settings\Christian Alvarado G\Configuración local\Datos de programa\Identities\{9B64ECA3-DA89-4E26-BD06-B9B147DC12A9}\Microsoft\Outlook Express\Elementos eliminados.dbx WM/CAP.A virus (unable to clean) 00000000000000000000000000000000 I

Quote from: DragonMaster Jay on April 06, 2010, 09:54:41 PM

Please run a free online scan with the ESET Online Scanner
Tick the box next to YES, I accept the Terms of Use
Click Start
When asked, allow the ActiveX control to install
Click Start
Make sure that the options Remove found threats and the option Scan unwanted applications is checked
Click Scan (This scan can take several hours, so please be patient)
Once the scan is completed, you may close the window
Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
Copy and paste that log as a reply to this topic

Dr Jay · « **Reply #14 on:** April 07, 2010, 07:59:04 PM »

Now to get you off to a good start we will clean your restore points so that all the bad stuff is gone for good. Then if you need to restore at some stage you will be clean. There are several ways to reset your restore points, but this is my method:

Select Start > All Programs > Accessories > System tools > System Restore.
On the dialogue box that appears select Create a Restore Point
Click NEXT
Enter a name e.g. Clean
Click CREATE

You now have a clean restore point, to get rid of the bad ones:

Select Start > All Programs > Accessories > System tools > Disk Cleanup.
In the Drop down box that appears select your main drive e.g. C
Click OK
The System will do some calculation and the display a dialogue box with TABS
Select the More Options Tab.
At the bottom will be a system restore box with a CLEANUP button click this
Accept the Warning and select OK again, the program will close and you are done

To remove all of the tools we used and the files and folders they created, please do the following:
Please download OTC.exe by OldTimer:

Save it to your Desktop.
Double click OTC.exe.
Click the CleanUp! button.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes.

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

==

Please download TFC by OldTimer to your desktop

Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
It will close all programs when run, so make sure you have saved all your work before you begin.
Click the Start
button to begin the process. Depending on how often you clean temp
files, execution time should be anywhere from a few seconds to a minute
or two. Let it run uninterrupted to completion.
Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

==

Download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.

Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Haolit · « **Reply #15 on:** April 07, 2010, 08:52:48 PM »

Hi, here the log, but I have a quetion: I must to create a clean restore point and then to get rid it? Or the second part is only an example?
Thank you

Results of screen317's Security Check version 0.99.2
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
avast! Free Antivirus
ESET Online Scanner v3
```````````````````````````````
Anti-malware/Other Utilities Check:
Java(TM) 6 Update 19
Out of date Java installed!
Adobe Flash Player 10
Adobe Reader 9.1.3 - Español
Out of date Adobe Reader installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Alwil Software Avast5 AvastSvc.exe
ALWILS~1 Avast5 avastUI.exe
````````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````

Quote from: DragonMaster Jay on April 07, 2010, 07:59:04 PM

Now to get you off to a good start we will clean your restore points so that all the bad stuff is gone for good. Then if you need to restore at some stage you will be clean. There are several ways to reset your restore points, but this is my method:Download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.
Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Dr Jay · « **Reply #16 on:** April 07, 2010, 11:30:46 PM »

You will not get rid of the new one you create. Whenever you get rid of the System Restore points, it always leaves one just in case. So, by creating a new one, then purging the old ones, you will be clean and have a fresh restore point.

===============

Please download the newest version of Adobe Acrobat Reader from Adobe.com

Before installing: it is important to remove older versions of Acrobat Reader since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs (Programs and Features in Vista/7).
Search in the list for all previous installed versions of Adobe Acrobat Reader. Uninstall/Remove each of them.

Once old versions are gone, please install the newest version.

================

Please read the following information that I have provided, which will help you prevent malicious software in the future. Please keep in mind, malware is a continuous danger on the Internet. It is highly important to stay safe while browsing, to prevent re-infection.

Software recommendations

Firewall

Tallemu Online Armor: the free version is just as good as the premium. I have linked you to the free version.
Comodo Firewall: the free version is just as good as the premium. I have linked you to the free version. The optional security suite enhances the firewall by 40% increase. If you would like to install the suite that includes antivirus, then remove your old antivirus first.
PC Tools Firewall Plus: free and excellent firewall.

AntiSpyware

SpywareBlaster
SpywareBlaster is a program that prevents spyware from installing on your computer. A tutorial on using SpywareBlaster may be found here.
Spybot - Search & Destroy.
Spybot - Search & Destroy is a spyware and adware removal program. It also has realtime protection, TeaTimer to help safeguard your computer against spyware. (The link for Spybot - Search & Destroy contains a tutorial that will help you download, install, and begin using Spybot).

NOTE: Please keep ALL of these programs up-to-date and run them whenever you suspect a problem to prevent malware problems.

Resident Protection help
A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall, and scanning anti-spyware program at a time. Passive protectors such as SpywareBlaster can be run with any of them.

Rogue programs help
There are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you can find out if it is a rogue here:
http://www.spywarewarrior.com/rogue_anti-spyware.htm

Securing your computer

Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
hpHosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. This prevents your computer from connecting to those sites by redirecting them to 127.0.0.1, which is your local computer's loopback address, meaning it will be difficult to infect your computer in the future.

Please consider using an alternate browser
Mozilla's Firefox browser is a very good alternative. In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and add-ons, like NoScript, can make it even more secure. Opera is another good option.

If you are interested:

Firefox may be downloaded from here: http://www.getfirefox.com
Opera is available here: http://www.opera.com/download/

See this page for more info about malware and prevention.

Haolit · « **Reply #17 on:** April 08, 2010, 04:15:25 PM »

Ok DragonMaster Jay, I did everything, Thank you very much,

Haolit

Dr Jay · « **Reply #18 on:** April 09, 2010, 09:13:29 AM »

You're welcome.

Since this appears to be resolved, this topic is now closed. Glad we could help!

=>CLOSED

Computer Hope Forum

News:

Author Topic: Trojan problem (Read 19719 times)

Haolit

Dr Jay

Haolit

Dr Jay

Haolit

Haolit

Dr Jay

Haolit

Haolit

Dr Jay

Haolit

Dr Jay

Haolit

Haolit

Dr Jay

Haolit

Dr Jay

Haolit

Dr Jay