Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

possible rootkit - ipconfig says: "internal error" -- TCP/IP not working


  • This topic is locked This topic is locked
64 replies to this topic

#1 yermanicus

yermanicus

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:02:58 AM

Posted 15 October 2011 - 10:31 PM

Hi guys, a few warnings first:
this is my first post
I'm using another computer than my own
I speak spanish as mother tongue (& of course my OS is in spanish)

Now the problem:
I was obviously infected with some sort of virus/malware, and lost my internet connection after I got redirected from google searches, etc. After I lost my connection, I tried everything I could find as an answer, I even installed a new ethernet card into my motherboard, but nothing. Then I figured I have rootkit.zero access, from different sources, such as ComboFix. I have run this, and now everything is still the same. I need to work, so I am desperate, since I cannot wate any more time.
Should I format my PC? This will take me like one whole day, and I honestly don't have such time.
When I do an ipconfig, it says (in spanish, so I'll translate):
Internal error: request not compatible
Contact tech support services of Microsoft to get help
Additional info: unable to find host name
I lay myself to your feet, at your orders.

Thank you in advance!

Here I paste the DDS, and attach the ComboFix, and "attach.txt" from DDS also.

DDS:
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_15
Run by ahmad at 0:15:23 on 2011-10-16
Microsoft Windows XP Professional 5.1.2600.3.1252.34.3082.18.3071.2406 [GMT -3:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Avira Desktop *Enabled/Outdated* {11638345-E4FC-4BEE-BB73-EC754659C5F6}
FW: FireWall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Archivos de programa\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Archivos de programa\VIA\VIAudioi\HDADeck\HDeck.exe
C:\WINDOWS\vVX1000.exe
C:\Archivos de programa\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Archivos de programa\Windows Desktop Search\WindowsSearch.exe
C:\Archivos de programa\Avira\AntiVir Desktop\avfwsvc.exe
C:\Archivos de programa\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\ctfmon.exe
C:\Archivos de programa\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\explorer.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.visitantes.tk/
uInternet Settings,ProxyOverride = *.local;192.168.*.*
mWinlogon: UIHost=c:\documents and settings\all users\datos de programa\tuneup software\tuneup utilities\winstyler\tu_logonui.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\archivos de programa\archivos comunes\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: WormRadar.com IESiteBlocker.NavFilter: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - AVG Safe Search
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\archivos de programa\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\archivos de programa\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\archivos de programa\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [HDAudDeck] c:\archivos de programa\via\viaudioi\hdadeck\HDeck.exe 1
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [VX1000] c:\windows\vVX1000.exe
mRun: [LifeCam] "c:\archivos de programa\microsoft lifecam\LifeExp.exe"
mRun: [Adobe ARM] "c:\archivos de programa\archivos comunes\adobe\arm\1.0\AdobeARM.exe"
mRun: [avgnt] "c:\archivos de programa\avira\antivir desktop\avgnt.exe" /min
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\menini~1\progra~1\inicio\window~1.lnk - c:\archivos de programa\windows desktop search\WindowsSearch.exe
uPolicies-explorer: MaxRecentDocs = 20 (0x14)
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - c:\archivos de programa\archivos comunes\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xportar a Microsoft Excel - c:\archiv~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\archivos de programa\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\archiv~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\archiv~1\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} - hxxp://multilab.com.ar/sitio/ImageUploader4.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\archivos de programa\microsoft office\office12\GrooveSystemServices.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\archivos de programa\microsoft office\office12\GrooveShellExtensions.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\archivos de programa\windows desktop search\MSNLNamespaceMgr.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\ahmad\datos de programa\mozilla\firefox\profiles\hhc6muld.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.sufilive.com/
.
---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 32592]
R1 avfwot;avfwot;c:\windows\system32\drivers\avfwot.sys [2011-10-11 111160]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-12-8 248656]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34896]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2011-10-11 36000]
R2 AntiVirFirewallService;Avira FireWall;c:\archivos de programa\avira\antivir desktop\avfwsvc.exe [2011-10-11 616400]
R2 AntiVirSchedulerService;Avira Scheduler;c:\archivos de programa\avira\antivir desktop\sched.exe [2011-10-11 86224]
R2 AntiVirService;Avira Realtime Protection;c:\archivos de programa\avira\antivir desktop\avguard.exe [2011-10-11 110032]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-10-11 74640]
R2 LANPkt;Realtek LANPkt Protocol Driver;c:\windows\system32\drivers\LANPkt.sys [2011-10-12 8960]
R3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\drivers\avfwim.sys [2011-10-11 91096]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 27216]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-12-25 222976]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-12 297168]
S2 AntiVirMailService;Avira Mail Protection;c:\archivos de programa\avira\antivir desktop\avmailc.exe [2011-10-11 342480]
S2 AntiVirWebService;Avira Web Protection;c:\archivos de programa\avira\antivir desktop\avwebgrd.exe [2011-10-11 463824]
S2 AVGIDSAgent;AVGIDSAgent;"c:\archivos de programa\avg\avg10\identity protection\agent\bin\avgidsagent.exe" --> c:\archivos de programa\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [?]
S2 avgwd;WatchDog de AVG;"c:\archivos de programa\avg\avg10\avgwdsvc.exe" --> c:\archivos de programa\avg\avg10\avgwdsvc.exe [?]
S2 EsetNod32Fix;Nod32 AV;%WINDIR%\regedit.exe /s %Windir%\Fix.reg --> %WINDIR%\regedit.exe [?]
S2 gupdate1cb0a5985c4cd90;Servicio Google Update (gupdate1cb0a5985c4cd90);c:\archivos de programa\google\update\GoogleUpdate.exe [2010-6-12 133104]
S2 Iprip;Escucha de RIP;c:\windows\system32\svchost.exe -k netsvcs [2004-8-19 14336]
S2 StarWindServiceAE;StarWind AE Service;c:\archivos de programa\alcohol soft\alcohol 120\starwind\StarWindServiceAE.exe [2007-5-28 275968]
S2 TeamViewer6;TeamViewer 6;c:\archivos de programa\teamviewer\version6\teamviewer_service.exe --> c:\archivos de programa\teamviewer\version6\TeamViewer_Service.exe [?]
S3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\drivers\motfilt.sys --> c:\windows\system32\drivers\motfilt.sys [?]
S3 Diag69xp;Diag69xp;c:\windows\system32\drivers\diag69xp.sys [2011-10-12 11264]
S3 gupdatem;Servicio de Google Update (gupdatem);c:\archivos de programa\google\update\GoogleUpdate.exe [2010-6-12 133104]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\41.tmp --> c:\windows\system32\41.tmp [?]
S3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\drivers\motoandroid.sys --> c:\windows\system32\drivers\motoandroid.sys [?]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys --> c:\windows\system32\drivers\motccgp.sys [?]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys --> c:\windows\system32\drivers\motccgpfl.sys [?]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys --> c:\windows\system32\drivers\motodrv.sys [?]
S3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\drivers\motousbnet.sys --> c:\windows\system32\drivers\Motousbnet.sys [?]
S3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\drivers\motusbdevice.sys --> c:\windows\system32\drivers\motusbdevice.sys [?]
S3 PciCon;PciCon;\??\e:\pcicon.sys --> e:\PciCon.sys [?]
S3 RTLVLAN;Realtek VLAN Intermediate Driver;c:\windows\system32\drivers\RTLVLAN.SYS [2011-10-12 16640]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [2011-1-11 25088]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\archivos de programa\tuneup utilities 2010\TuneUpUtilitiesDriver32.sys [2009-10-14 10064]
.
=============== Created Last 30 ================
.
2011-10-15 03:04:15 98816 ----a-w- c:\windows\sed.exe
2011-10-15 03:04:15 518144 ----a-w- c:\windows\SWREG.exe
2011-10-15 03:04:15 256000 ----a-w- c:\windows\PEV.exe
2011-10-15 03:04:15 208896 ----a-w- c:\windows\MBR.exe
2011-10-15 02:57:07 388096 ----a-r- c:\documents and settings\ahmad\datos de programa\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-10-15 02:57:06 -------- d-----w- c:\archivos de programa\Trend Micro
2011-10-15 00:02:53 -------- d-----w- c:\windows\NV3642660.TMP
2011-10-14 21:24:11 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2011-10-14 21:24:11 116736 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2011-10-14 21:24:10 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe
2011-10-14 21:24:10 18944 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
2011-10-14 21:24:09 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe
2011-10-14 21:24:09 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe
2011-10-14 21:24:08 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys
2011-10-14 21:24:07 19455 -c--a-w- c:\windows\system32\dllcache\wvchntxx.sys
2011-10-14 21:24:06 12063 -c--a-w- c:\windows\system32\dllcache\wsiintxx.sys
2011-10-14 21:24:04 8192 -c--a-w- c:\windows\system32\dllcache\wshirda.dll
2011-10-14 21:22:57 58368 -c--a-w- c:\windows\system32\dllcache\smiminib.sys
2011-10-14 21:21:59 27296 -c--a-w- c:\windows\system32\dllcache\perc2.sys
2011-10-14 21:20:58 6528 -c--a-w- c:\windows\system32\dllcache\miniqic.sys
2011-10-14 21:19:59 59136 -c--a-w- c:\windows\system32\dllcache\gckernel.sys
2011-10-14 21:18:59 74240 -c--a-w- c:\windows\system32\dllcache\camexo20.dll
2011-10-14 21:15:53 5632 -c--a-w- c:\windows\system32\dllcache\iisrstap.dll
2011-10-14 21:15:46 14848 -c--a-w- c:\windows\system32\dllcache\iisreset.exe
2011-10-13 16:09:52 70144 ----a-w- c:\windows\system32\drivers\Rtlnic.sys
2011-10-13 15:47:09 20992 -c--a-w- c:\windows\system32\dllcache\rtl8139.sys
2011-10-13 15:47:09 20992 ----a-w- c:\windows\system32\drivers\RTL8139.sys
2011-10-12 14:58:50 -------- d-----r- c:\windows\AsDmiHtm
2011-10-12 14:58:11 11264 ----a-w- c:\windows\system32\drivers\diag69xp.sys
2011-10-12 14:58:08 8960 ----a-w- c:\windows\system32\drivers\LANPkt.sys
2011-10-12 14:58:08 59392 ------w- c:\windows\system32\RTLVLAN_NB.DLL
2011-10-12 14:58:08 16640 ----a-w- c:\windows\system32\drivers\RTLVLAN.SYS
2011-10-11 22:07:15 -------- d-----w- c:\windows\system32\NtmsData
2011-10-11 21:59:56 -------- d-----w- c:\documents and settings\ahmad\datos de programa\Avira
2011-10-11 21:59:11 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2011-10-11 21:59:10 91096 ----a-w- c:\windows\system32\drivers\avfwim.sys
2011-10-11 21:59:10 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-10-11 21:59:10 111160 ----a-w- c:\windows\system32\drivers\avfwot.sys
2011-10-11 21:59:10 -------- d-----w- c:\documents and settings\all users\datos de programa\Avira
2011-10-11 21:59:10 -------- d-----w- c:\archivos de programa\Avira
2011-10-11 21:32:16 -------- d-----w- C:\TDSSKiller_Quarantine
2011-10-11 20:52:12 1152 ----a-w- c:\windows\system32\windrv.sys
2011-10-11 20:26:07 3584 ----a-r- c:\documents and settings\ahmad\datos de programa\microsoft\installer\{121634b0-2f4b-11d3-ada3-00c04f52dd52}\Icon386ED4E3.exe
2011-10-11 20:26:07 -------- d-----w- c:\archivos de programa\Windows Installer Clean Up
2011-10-11 20:25:09 -------- d-----w- c:\archivos de programa\MSECACHE
2011-10-11 05:00:25 -------- d-sh--w- c:\documents and settings\ahmad\configuración local\datos de programa\b6ec26c3
2011-10-08 18:29:39 -------- d-----w- c:\documents and settings\ahmad\.spamassassin
2011-10-08 18:29:39 -------- d-----w- c:\documents and settings\ahmad\.razor
2011-10-07 02:30:27 -------- d-----w- c:\archivos de programa\DS Development
2011-10-06 23:43:53 -------- d-----w- c:\documents and settings\ahmad\datos de programa\DS Development
2011-10-06 23:40:43 -------- d-----w- c:\documents and settings\all users\datos de programa\DS Development
2011-10-06 23:06:00 -------- d-----w- c:\documents and settings\all users\datos de programa\Lencom
2011-10-06 23:05:30 -------- d-----w- c:\documents and settings\ahmad\datos de programa\Lencom
2011-10-06 23:05:30 -------- d-----w- c:\archivos de programa\archivos comunes\LencomShare
2011-10-06 22:58:04 -------- d-----w- c:\documents and settings\ahmad\configuración local\datos de programa\Emex3
2011-10-06 22:43:55 -------- d-----w- c:\documents and settings\ahmad\datos de programa\SendBlaster2
2011-10-06 22:40:17 -------- d-----w- c:\windows\system32\drivers\etc\Nueva carpeta
2011-10-06 19:29:50 65536 ----a-r- c:\documents and settings\ahmad\datos de programa\microsoft\installer\{0a311c1b-7571-40cf-a560-8c6810fd991e}\NewShortcut2_87081C521AB9485382449D7B131ECAFC.exe
2011-10-06 19:29:50 65536 ----a-r- c:\documents and settings\ahmad\datos de programa\microsoft\installer\{0a311c1b-7571-40cf-a560-8c6810fd991e}\NewShortcut1_87081C521AB9485382449D7B131ECAFC.exe
2011-10-06 19:29:39 -------- d-----w- c:\archivos de programa\SendBlaster
2011-10-05 19:02:55 -------- d-----w- c:\documents and settings\ahmad\.CGR_PE_FREE
2011-10-05 19:02:45 -------- d-----w- c:\archivos de programa\one-click-easy
2011-09-21 00:38:20 -------- d-----w- c:\documents and settings\ahmad\.thumbnails
2011-09-21 00:32:40 -------- d-----w- c:\documents and settings\ahmad\.gimp-2.6
.
==================== Find3M ====================
.
2011-09-23 12:55:01 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-09 09:11:55 605184 ----a-w- c:\windows\system32\crypt32.dll
.
============= FINISH: 0:15:49,03 ===============

Attached Files


Edited by yermanicus, 16 October 2011 - 10:24 AM.


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,699 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:58 AM

Posted 20 October 2011 - 10:35 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/423702 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 yermanicus

yermanicus
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:02:58 AM

Posted 21 October 2011 - 09:55 PM

Ok, bot, here you are. Thanks a lot to anyone looking at my logs for help.
The files are attached,is this OK?

Attached Files



#4 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:58 AM

Posted 23 October 2011 - 05:50 AM

Hello, yermanicus.
My name is etavares and I will be helping you with this log.

Here are some guidelines to ensure we are able to get your machine back under your control.

  • Please do not run any unsupervised scans, fixes, etc. We can work against each other and end up in a worse place.
  • Please subscribe to this topic if you have not already done so. Please check back just in case, as the email system can fail at times.
  • Just because your machine is running better does not mean it is completely cleaned. Please wait for the 'all clear' from me to say when we are done.
  • Please reply within 3 days to be fair to other people asking for help.
  • When in doubt, please stop and ask first. There's no harm in asking questions!



Step 1


The good news is that it does look like the rootkit is gone, however there are some remaining issues that are pretty common. You'll need to use a flash drive to move these programs over since you don't have internet.

We need to scan the system with this special tool:

* Please download and save:

Junction.zip

* Unzip it and place Junction.exe in the Windows directory (C:\Windows).
* Go to Start => Run... => Copy and paste the following command in the Run box and click OK:

cmd /c junction -s c:\ >log.txt&log.txt& del log.txt

A command window opens starting to scan the system. Wait until a log file opens. Copy and paste the log in your next reply.



Step 2

Download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

If you have a 64-bit system, please download the 64 bit version from here:
SystemLook (64-bit)

  • Double-click SystemLook.exe to run it.
  • A blank Windows shall open with the title "SystemLook v1.0-by Jpshortstuff".
  • Copy and Paste the content of the following codebox into the main textfield under "File":
    netbt.sys
    afd.sys
    
  • Please Confirm everything is copied and Pasted as I have provided above
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan.
  • Please post this log in your next reply.


Note: The log can also be found on your Desktop entitled SystemLook.txt
2nd Note: The scan may take a while from several seconds to a minute or more depending on the number of files you have and how fast your computer can perform the task




Step 3

We need to create an OTL report,
  • Please download OTL from this link.
  • (If that link doesn't work, try this alternate link
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Select "Use Safelist" under "Extra Registry"
  • Under the Custom Scan box paste this in:

    netsvcs
    msconfig
    %SYSTEMDRIVE%\*.*
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.sys /90
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\system32\*.exe /lockedfiles
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\*
    %USERPROFILE%\..|smtmp;true;true;true /FP
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    CREATERESTOREPOINT


  • Click the Quick Scan button.
  • The scan should take a few minutes.
  • Please copy and paste both logs in your reply. If they are too big to paste in one reply, please split them into separate posts.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#5 yermanicus

yermanicus
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:02:58 AM

Posted 23 October 2011 - 10:55 AM

Great, I've downloaded everything and now I'm working on the "broken" computer.
I'll be doing this today, so I'm pretty much online.

Thanks so much!

#6 yermanicus

yermanicus
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:02:58 AM

Posted 23 October 2011 - 11:33 AM

Junction is taking like 10 minutes already, and still running. I hope this is normal.

#7 yermanicus

yermanicus
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:02:58 AM

Posted 23 October 2011 - 12:08 PM

Junction is taking like 10 minutes already, and still running. I hope this is normal.

Half an hour later, still running junction... what shall I do?

#8 yermanicus

yermanicus
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:02:58 AM

Posted 23 October 2011 - 12:30 PM

OK, almost done now.
I will paste the three logs into my next reply, but I must tell you that the SystemLook gave a strange result, so I wonder if I did something wrong. As I said before, the Junction scan took like 45 minutes.

Right now I'm waiting for OTL to finish. On this particular program, I'd like to point that it came on in spanish, so I hope I followed the steps correctly. Please take this into account.

Thanks so much again.

#9 yermanicus

yermanicus
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:02:58 AM

Posted 23 October 2011 - 01:17 PM

Junction log


Junction v1.06 - Windows junction creator and reparse point viewer
Copyright © 2000-2010 Mark Russinovich
Sysinternals - www.sysinternals.com


Failed to open \\?\c:\\pagefile.sys: El proceso no tiene acceso al archivo porque está siendo utilizado por otro proceso.
...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

..
Failed to open \\?\c:\\Documents and Settings\ahmad\Configuración local\Datos de programa\Microsoft\CardSpace\CardSpaceSP2.db: Acceso denegado.

Failed to open \\?\c:\\Documents and Settings\ahmad\Configuración local\Datos de programa\Microsoft\CardSpace\CardSpaceSP2.db.shadow: Acceso denegado.
.

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

.
Failed to open \\?\c:\\Qoobox\BackEnv: Acceso denegado.
..

...

...

...\\?\c:\\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a: JUNCTION
Print Name : C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790
Substitute Name: C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790

\\?\c:\\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a: JUNCTION
Print Name : C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e
Substitute Name: C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e



...

...

...

...

...

...


Failed to open \\?\c:\\WINDOWS\system32\searchindexer.exe: Acceso denegado.
...

...

...

..

SystemLook log

SystemLook 30.07.11 by jpshortstuff
Log created at 14:21 on 23/10/2011 by ahmad
Administrator - Elevation successful

No Context: netbt.sys

No Context: afd.sys

-= EOF =-

OTL log

OTL logfile created on: 23/10/2011 14:24:17 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\ahmad\Escritorio
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000C0A | Country: España | Language: ESN | Date Format: dd/MM/yyyy

3,00 Gb Total Physical Memory | 2,24 Gb Available Physical Memory | 74,60% Memory free
4,85 Gb Paging File | 4,22 Gb Available in Paging File | 87,17% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Archivos de programa
Drive C: | 298,08 Gb Total Space | 90,35 Gb Free Space | 30,31% Space Free | Partition Type: NTFS
Drive D: | 298,09 Gb Total Space | 76,24 Gb Free Space | 25,57% Space Free | Partition Type: NTFS

Computer Name: AHMAD | User Name: ahmad | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/23 12:53:14 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ahmad\Escritorio\OTL.exe
PRC - [2011/10/05 10:12:05 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Archivos de programa\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011/10/05 10:11:56 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Archivos de programa\Avira\AntiVir Desktop\sched.exe
PRC - [2011/10/05 10:11:43 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Archivos de programa\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011/10/05 10:11:43 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Archivos de programa\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/10/05 10:11:42 | 000,616,400 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Archivos de programa\Avira\AntiVir Desktop\avfwsvc.exe
PRC - [2010/05/20 15:27:24 | 000,762,736 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\vVX1000.exe
PRC - [2008/04/13 23:18:57 | 001,036,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/05 10:11:59 | 000,398,288 | ---- | M] () -- C:\Archivos de programa\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2011/06/06 12:55:32 | 000,301,056 | ---- | M] () -- C:\Archivos de programa\Archivos comunes\Adobe\Acrobat\ActiveX\PDFShell.ESP
MOD - [2010/03/08 23:55:56 | 000,010,752 | ---- | M] () -- C:\Archivos de programa\Unlocker\UnlockerCOM.dll
MOD - [2008/10/24 22:26:04 | 000,757,064 | ---- | M] () -- C:\Archivos de programa\Archivos comunes\Microsoft Shared\OFFICE12\MSPTLS.DLL
MOD - [2008/07/20 21:11:32 | 000,247,808 | ---- | M] () -- C:\WINDOWS\system32\FFSJ\FFSJSHL.dll
MOD - [2005/10/07 15:05:32 | 000,125,440 | ---- | M] () -- C:\Archivos de programa\WinRAR\RarExt.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (TeamViewer6)
SRV - File not found [Auto | Stopped] -- -- (Bonjour Service)
SRV - File not found [Auto | Stopped] -- -- (avgwd)
SRV - File not found [Auto | Stopped] -- -- (AVGIDSAgent)
SRV - [2011/10/05 10:11:56 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Archivos de programa\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/10/05 10:11:45 | 000,463,824 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Archivos de programa\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2011/10/05 10:11:43 | 000,342,480 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Archivos de programa\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)
SRV - [2011/10/05 10:11:43 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Archivos de programa\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/10/05 10:11:42 | 000,616,400 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Archivos de programa\Avira\AntiVir Desktop\avfwsvc.exe -- (AntiVirFirewallService)
SRV - [2010/08/27 21:23:12 | 000,435,016 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Archivos de programa\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2010/05/07 11:53:10 | 000,030,024 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)
SRV - [2009/12/25 13:27:26 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Archivos de programa\Archivos comunes\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/11/04 01:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Archivos de programa\Archivos comunes\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008/05/26 22:18:44 | 000,439,808 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\System32\SearchIndexer.exe -- (WSearch)
SRV - [2008/04/13 23:18:33 | 000,105,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\p2pgasvc.dll -- (p2pgasvc)
SRV - [2008/04/13 23:18:23 | 000,036,352 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\iprip.dll -- (Iprip)
SRV - [2007/05/28 13:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Stopped] -- C:\Archivos de programa\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2006/10/26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Archivos de programa\Archivos comunes\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


========== Driver Services (SafeList) ==========

DRV - [2011/09/18 08:39:27 | 000,134,344 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/09/16 15:55:39 | 000,111,160 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avfwot.sys -- (avfwot)
DRV - [2011/09/16 15:55:39 | 000,091,096 | ---- | M] (Avira GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avfwim.sys -- (avfwim)
DRV - [2011/09/15 23:55:04 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011/09/15 23:55:03 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/05/27 19:05:44 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/04/05 00:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/03/16 16:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/03/01 14:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/02/22 08:13:02 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/02/10 07:53:54 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/02/10 07:53:52 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/01/07 06:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/11/30 13:07:06 | 000,025,088 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\teamviewervpn.sys -- (teamviewervpn)
DRV - [2010/11/23 00:11:57 | 000,070,144 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnic.sys -- (RTL8023)
DRV - [2010/07/06 11:13:10 | 000,234,392 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2010/06/17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/05/20 15:27:26 | 001,961,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VX1000.sys -- (VX1000)
DRV - [2010/02/11 09:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2009/10/14 07:24:44 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Stopped] -- C:\Archivos de programa\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2008/02/26 14:07:54 | 000,073,728 | ---- | M] (EZB Systems, Inc.) [File_System | System | Running] -- C:\Archivos de programa\UltraISO\drivers\ISODrive.sys -- (ISODrive)
DRV - [2008/02/14 03:12:02 | 001,389,056 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\monfilt.sys -- (monfilt)
DRV - [2008/02/14 00:36:34 | 000,222,976 | R--- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV - [2007/12/17 06:14:06 | 000,012,400 | R--- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AsIO.sys -- (AsIO)
DRV - [2007/12/03 11:13:48 | 000,011,264 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\diag69xp.sys -- (Diag69xp)
DRV - [2007/11/20 01:14:08 | 000,016,640 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTLVLAN.SYS -- (RTLVLAN)
DRV - [2007/11/20 01:04:50 | 000,008,960 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LANPkt.sys -- (LANPkt)
DRV - [2004/08/13 07:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2004/08/03 22:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Controlador de Windows NT del adaptador Fast Ethernet PCI basado en Realtek RTL8139(A/B/C)
DRV - [2004/06/09 20:42:38 | 000,015,429 | R--- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Sacm2A.sys -- (USBCM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1078081533-1085031214-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.visitantes.tk/
IE - HKU\S-1-5-21-1078081533-1085031214-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1078081533-1085031214-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;192.168.*.*

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.sufilive.com/"
FF - prefs.js..extensions.enabledItems: {dd3d7613-0246-469d-bc65-2a3cc1668adc}:0.7.1.1
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.8.5
FF - prefs.js..extensions.enabledItems: {3e0e7d2a-070f-4a47-b019-91fe5385ba79}:3.1.1
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.10
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.5
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1209


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Archivos de programa\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Archivos de programa\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Archivos de programa\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Archivos de programa\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Archivos de programa\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Archivos de programa\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Archivos de programa\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Archivos de programa\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.4: C:\Archivos de programa\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Archivos de programa\AVG\AVG10\Firefox4\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Archivos de programa\Mozilla Firefox\components [2011/09/30 22:51:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Archivos de programa\Mozilla Firefox\plugins [2011/10/11 17:25:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Archivos de programa\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eacontb@emailaddressmanager.com: C:\Archivos de programa\DS Development\Email Address Collector\ThunderbirdExtension\ [2011/10/06 23:30:27 | 000,000,000 | ---D | M]

[2009/12/25 20:11:01 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\ahmad\Datos de programa\Mozilla\Extensions
[2011/10/01 02:13:56 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\ahmad\Datos de programa\Mozilla\Firefox\Profiles\hhc6muld.default\extensions
[2011/06/05 22:04:05 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\ahmad\Datos de programa\Mozilla\Firefox\Profiles\hhc6muld.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011/08/30 00:42:10 | 000,000,000 | ---D | M] (AddThis) -- C:\Documents and Settings\ahmad\Datos de programa\Mozilla\Firefox\Profiles\hhc6muld.default\extensions\{3e0e7d2a-070f-4a47-b019-91fe5385ba79}
[2010/03/14 22:57:18 | 000,000,000 | ---D | M] (Mega Manager Integration) -- C:\Documents and Settings\ahmad\Datos de programa\Mozilla\Firefox\Profiles\hhc6muld.default\extensions\{40a1f5d7-afc2-498f-b264-02668d616ff6}
[2010/03/28 22:29:25 | 000,000,000 | ---D | M] (BlockSite) -- C:\Documents and Settings\ahmad\Datos de programa\Mozilla\Firefox\Profiles\hhc6muld.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}
[2011/09/23 01:04:03 | 000,000,000 | ---D | M] (Evernote Web Clipper) -- C:\Documents and Settings\ahmad\Datos de programa\Mozilla\Firefox\Profiles\hhc6muld.default\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}
[2011/06/22 18:23:38 | 000,000,000 | ---D | M] (No name found) -- C:\Archivos de programa\Mozilla Firefox\extensions
[2011/06/22 18:23:38 | 000,000,000 | ---D | M] (Skype extension) -- C:\Archivos de programa\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
File not found (No name found) -- C:\ARCHIVOS DE PROGRAMA\AVG\AVG10\FIREFOX4
[2010/01/01 16:36:45 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\ARCHIVOS DE PROGRAMA\JAVA\JRE6\LIB\DEPLOY\JQS\FF
() (No name found) -- C:\DOCUMENTS AND SETTINGS\AHMAD\DATOS DE PROGRAMA\MOZILLA\FIREFOX\PROFILES\HHC6MULD.DEFAULT\EXTENSIONS\{19503E42-CA3C-4C27-B1E2-9CDB2170EE34}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\AHMAD\DATOS DE PROGRAMA\MOZILLA\FIREFOX\PROFILES\HHC6MULD.DEFAULT\EXTENSIONS\{79C50F9A-2FFE-4EE0-8A37-FAE4F5DACD4F}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\AHMAD\DATOS DE PROGRAMA\MOZILLA\FIREFOX\PROFILES\HHC6MULD.DEFAULT\EXTENSIONS\{7FD52B87-AB55-46EC-BFE4-030FA7D9550B}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\AHMAD\DATOS DE PROGRAMA\MOZILLA\FIREFOX\PROFILES\HHC6MULD.DEFAULT\EXTENSIONS\{A3A5C777-F583-4FEF-9380-AB4ADD1BC2A8}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\AHMAD\DATOS DE PROGRAMA\MOZILLA\FIREFOX\PROFILES\HHC6MULD.DEFAULT\EXTENSIONS\{A7C6CF7F-112C-4500-A7EA-39801A327E5F}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\AHMAD\DATOS DE PROGRAMA\MOZILLA\FIREFOX\PROFILES\HHC6MULD.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011/09/30 22:51:53 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Archivos de programa\mozilla firefox\components\browsercomps.dll
[2011/07/11 18:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Archivos de programa\mozilla firefox\plugins\npwachk.dll
[2011/09/07 20:06:08 | 000,002,252 | ---- | M] () -- C:\Archivos de programa\mozilla firefox\searchplugins\bing.xml
[2011/09/07 20:06:08 | 000,003,996 | ---- | M] () -- C:\Archivos de programa\mozilla firefox\searchplugins\drae.xml
[2011/09/07 20:06:08 | 000,001,143 | ---- | M] () -- C:\Archivos de programa\mozilla firefox\searchplugins\eBay-es.xml
[2011/09/07 20:06:08 | 000,001,178 | ---- | M] () -- C:\Archivos de programa\mozilla firefox\searchplugins\wikipedia-es.xml
[2011/09/07 20:06:08 | 000,001,102 | ---- | M] () -- C:\Archivos de programa\mozilla firefox\searchplugins\yahoo-es.xml

O1 HOSTS File: ([2011/10/21 23:56:39 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Archivos de programa\Archivos comunes\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O3 - HKU\S-1-5-21-1078081533-1085031214-725345543-1003\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O4 - HKLM..\Run: [Adobe ARM] C:\Archivos de programa\Archivos comunes\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Archivos de programa\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [LifeCam] C:\Archivos de programa\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [VX1000] C:\WINDOWS\vVX1000.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1078081533-1085031214-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1078081533-1085031214-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1078081533-1085031214-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MaxRecentDocs = 20
O7 - HKU\S-1-5-21-1078081533-1085031214-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 1
O7 - HKU\S-1-5-21-1078081533-1085031214-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1078081533-1085031214-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Archivos de programa\Archivos comunes\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} http://multilab.com.ar/sitio/ImageUploader4.cab (Image Uploader Control)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (C:\Documents and Settings\All Users\Datos de programa\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe) -C:\Documents and Settings\All Users\Datos de programa\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Mi página de inicio actual) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\ahmad\Configuración local\Datos de programa\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\ahmad\Configuración local\Datos de programa\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Archivos de programa\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/12/24 21:36:59 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\ARCHIV~1\AVG\AVG10\avgchsvx.exe /sync)
O34 - HKLM BootExecute: (C:\ARCHIV~1\AVG\AVG10\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: Ias - File not found
NetSvcs: Iprip - C:\WINDOWS\system32\iprip.dll (Microsoft Corporation)
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: UxTuneUp - C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software)
NetSvcs: WmdmPmSp - File not found

MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/10/23 13:02:06 | 000,150,392 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\WINDOWS\junction.exe
[2011/10/23 13:02:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ahmad\Escritorio\Junction
[2011/10/23 13:01:08 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\ahmad\Escritorio\OTL.exe
[2011/10/22 00:05:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/10/21 23:49:40 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/10/21 23:49:40 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/10/21 23:49:40 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/10/21 23:49:40 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/10/21 23:49:25 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/10/21 23:48:40 | 004,266,378 | R--- | C] (Swearware) -- C:\Documents and Settings\ahmad\Escritorio\ComboFix.exe
[2011/10/21 23:43:05 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\ahmad\Recent
[2011/10/21 23:33:06 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\ahmad\Escritorio\dds.scr
[2011/10/21 19:55:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ahmad\Escritorio\gmer
[2011/10/15 00:04:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/10/15 00:01:13 | 000,000,000 | R--D | C] -- C:\Documents and Settings\ahmad\Menú Inicio\Programas\Herramientas administrativas
[2011/10/14 23:57:06 | 000,000,000 | ---D | C] -- C:\Archivos de programa\Trend Micro
[2011/10/14 23:57:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ahmad\Menú Inicio\Programas\HiJackThis
[2011/10/14 18:24:11 | 000,116,736 | ---- | C] (Xerox) -- C:\WINDOWS\System32\dllcache\xrxwiadr.dll
[2011/10/14 18:24:11 | 000,023,040 | ---- | C] (Xerox Corporation) -- C:\WINDOWS\System32\dllcache\xrxwbtmp.dll
[2011/10/14 18:24:09 | 000,099,865 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\xlog.exe
[2011/10/14 18:24:08 | 000,016,970 | ---- | C] (US Robotics MCD (Megahertz)) -- C:\WINDOWS\System32\dllcache\xem336n5.sys
[2011/10/14 18:23:56 | 000,154,624 | ---- | C] (Lucent Technologies) -- C:\WINDOWS\System32\dllcache\wlluc48.sys
[2011/10/14 18:23:55 | 000,035,402 | ---- | C] (Raytheon Corp.) -- C:\WINDOWS\System32\dllcache\wlandrv2.sys
[2011/10/14 18:23:53 | 000,771,581 | ---- | C] (Rockwell) -- C:\WINDOWS\System32\dllcache\winacisa.sys
[2011/10/14 18:23:49 | 000,035,871 | ---- | C] (Winbond Electronics Corp.) -- C:\WINDOWS\System32\dllcache\wbfirdma.sys
[2011/10/14 18:23:42 | 000,016,925 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w940nd.sys
[2011/10/14 18:23:41 | 000,019,528 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w840nd.sys
[2011/10/14 18:23:41 | 000,019,016 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w926nd.sys
[2011/10/14 18:23:39 | 000,064,605 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\vvoice.sys
[2011/10/14 18:23:38 | 000,604,253 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\vmodem.sys
[2011/10/14 18:23:38 | 000,397,502 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\vpctcom.sys
[2011/10/14 18:23:38 | 000,249,402 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\vinwm.sys
[2011/10/14 18:23:35 | 000,765,884 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usrti.sys
[2011/10/14 18:23:33 | 000,794,654 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1801.sys
[2011/10/14 18:23:33 | 000,794,399 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1806v.sys
[2011/10/14 18:23:33 | 000,793,598 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1806.sys
[2011/10/14 18:23:30 | 000,032,384 | ---- | C] (KLSI USA, Inc.) -- C:\WINDOWS\System32\dllcache\usb101et.sys
[2011/10/14 18:23:28 | 000,050,688 | ---- | C] (UMAX DATA SYSTEMS INC.) -- C:\WINDOWS\System32\dllcache\umaxscan.dll
[2011/10/14 18:23:27 | 000,216,576 | ---- | C] (UMAX DATA SYSTEMS INC.) -- C:\WINDOWS\System32\dllcache\um34scan.dll
[2011/10/14 18:23:27 | 000,212,480 | ---- | C] (UMAX DATA SYSTEMS INC.) -- C:\WINDOWS\System32\dllcache\um54scan.dll
[2011/10/14 18:23:24 | 000,525,568 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridxp.dll
[2011/10/14 18:23:24 | 000,440,576 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridkb.dll
[2011/10/14 18:23:24 | 000,166,784 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridxpm.sys
[2011/10/14 18:23:24 | 000,159,232 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridkbm.sys
[2011/10/14 18:23:23 | 000,315,520 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\trid3d.dll
[2011/10/14 18:23:23 | 000,222,336 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\trid3dm.sys
[2011/10/14 18:23:19 | 000,123,995 | ---- | C] (Tiger Jet Network) -- C:\WINDOWS\System32\dllcache\tjisdn.sys
[2011/10/14 18:23:18 | 000,138,528 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tgiulnt5.sys
[2011/10/14 18:23:18 | 000,081,408 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tgiul50.dll
[2011/10/14 18:23:17 | 000,149,376 | ---- | C] (M-Systems) -- C:\WINDOWS\System32\dllcache\tffsport.sys
[2011/10/14 18:23:16 | 000,037,961 | ---- | C] (TDK Corporation) -- C:\WINDOWS\System32\dllcache\tdk100b.sys
[2011/10/14 18:23:16 | 000,017,129 | ---- | C] (TDK Corporation) -- C:\WINDOWS\System32\dllcache\tdkcd31.sys
[2011/10/14 18:23:14 | 000,036,640 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\t2r4mini.sys
[2011/10/14 18:23:13 | 000,172,768 | ---- | C] (Number Nine Visual Technology) -- C:\WINDOWS\System32\dllcache\t2r4disp.dll
[2011/10/14 18:23:08 | 000,286,848 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlnata.sys
[2011/10/14 18:23:08 | 000,155,648 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlnprop.dll
[2011/10/14 18:23:08 | 000,053,248 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlncoin.dll
[2011/10/14 18:23:07 | 000,017,024 | ---- | C] (SCM Microsystems, Inc.) -- C:\WINDOWS\System32\dllcache\stcusb.sys
[2011/10/14 18:23:06 | 000,048,736 | ---- | C] (3Com) -- C:\WINDOWS\System32\dllcache\srwlnd5.sys
[2011/10/14 18:23:02 | 000,019,072 | ---- | C] (Adaptec, Inc.) -- C:\WINDOWS\System32\dllcache\sparrow.sys
[2011/10/14 18:22:57 | 000,058,368 | ---- | C] (Silicon Motion Inc.) -- C:\WINDOWS\System32\dllcache\smiminib.sys
[2011/10/14 18:22:56 | 000,147,200 | ---- | C] (Silicon Motion Inc.) -- C:\WINDOWS\System32\dllcache\smidispb.dll
[2011/10/14 18:22:56 | 000,036,937 | ---- | C] (SMC) -- C:\WINDOWS\System32\dllcache\smcirda.sys
[2011/10/14 18:22:56 | 000,025,034 | ---- | C] (SMC Networks, Inc.) -- C:\WINDOWS\System32\dllcache\smcpwr2n.sys
[2011/10/14 18:22:56 | 000,024,576 | ---- | C] (SMC Networks, Inc.) -- C:\WINDOWS\System32\dllcache\smc8000n.sys
[2011/10/14 18:22:46 | 000,095,242 | ---- | C] (SysKonnect GmbH.) -- C:\WINDOWS\System32\dllcache\sk98xwin.sys
[2011/10/14 18:22:46 | 000,091,294 | ---- | C] (SysKonnect, a business unit of Schneider & Koch & Co. Datensysteme GmbH.) -- C:\WINDOWS\System32\dllcache\skfpwin.sys
[2011/10/14 18:22:46 | 000,063,547 | ---- | C] (Symbol Technologies) -- C:\WINDOWS\System32\dllcache\sla30nd5.sys
[2011/10/14 18:22:45 | 000,032,768 | ---- | C] (SiS Corporation) -- C:\WINDOWS\System32\dllcache\sisnic.sys
[2011/10/14 18:22:41 | 000,161,696 | ---- | C] (Micro Systemation) -- C:\WINDOWS\System32\dllcache\sgsmusb.sys
[2011/10/14 18:22:41 | 000,098,080 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\sgiulnt5.sys
[2011/10/14 18:22:41 | 000,018,400 | ---- | C] (Micro Systemation) -- C:\WINDOWS\System32\dllcache\sgsmld.sys
[2011/10/14 18:22:40 | 000,386,560 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\sgiul50.dll
[2011/10/14 18:22:35 | 000,017,536 | ---- | C] (SCM Microsystems) -- C:\WINDOWS\System32\dllcache\scr111.sys
[2011/10/14 18:22:34 | 000,024,064 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\sccmn50m.sys
[2011/10/14 18:22:34 | 000,023,936 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\sccmusbm.sys
[2011/10/14 18:22:31 | 000,210,496 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mvirge.dll
[2011/10/14 18:22:31 | 000,198,400 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav4.dll
[2011/10/14 18:22:31 | 000,179,264 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav3d.dll
[2011/10/14 18:22:31 | 000,077,824 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav4m.sys
[2011/10/14 18:22:31 | 000,061,504 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav3dm.sys
[2011/10/14 18:22:30 | 000,182,272 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mt3d.dll
[2011/10/14 18:22:30 | 000,166,720 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3m.sys
[2011/10/14 18:22:30 | 000,062,496 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mtrio.dll
[2011/10/14 18:22:30 | 000,041,216 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mt3d.sys
[2011/10/14 18:22:29 | 000,083,456 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia450.dll
[2011/10/14 18:22:29 | 000,080,896 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia430.dll
[2011/10/14 18:22:27 | 000,029,696 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw450ext.dll
[2011/10/14 18:22:27 | 000,028,160 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw430ext.dll
[2011/10/14 18:22:24 | 000,010,240 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\rsmgrstr.dll
[2011/10/14 18:22:23 | 000,079,360 | ---- | C] (Comtrol Corporation) -- C:\WINDOWS\System32\dllcache\rocket.sys
[2011/10/14 18:22:22 | 000,086,097 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\reslog32.dll
[2011/10/14 18:22:22 | 000,037,563 | ---- | C] (RadioLAN) -- C:\WINDOWS\System32\dllcache\rlnet5.sys
[2011/10/14 18:22:17 | 000,899,754 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\r2mdkxga.sys
[2011/10/14 18:22:17 | 000,715,370 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\r2mdmkxx.sys
[2011/10/14 18:22:13 | 000,130,942 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserlv.sys
[2011/10/14 18:22:13 | 000,112,574 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserlp.sys
[2011/10/14 18:22:12 | 000,128,286 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserli.sys
[2011/10/14 18:22:09 | 000,016,512 | ---- | C] (SCM Microsystems, Inc.) -- C:\WINDOWS\System32\dllcache\pscr.sys
[2011/10/14 18:21:58 | 000,086,016 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\pctspk.exe
[2011/10/14 18:21:57 | 000,026,153 | ---- | C] (Linksys) -- C:\WINDOWS\System32\dllcache\pcmlm56.sys
[2011/10/14 18:21:56 | 000,030,495 | ---- | C] (Linksys) -- C:\WINDOWS\System32\dllcache\pc100nds.sys
[2011/10/14 18:21:56 | 000,029,502 | ---- | C] (Marconi Communications, Inc.) -- C:\WINDOWS\System32\dllcache\pca200e.sys
[2011/10/14 18:21:50 | 000,054,826 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otcsercb.sys
[2011/10/14 18:21:50 | 000,027,209 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otc06x5.sys
[2011/10/14 18:21:49 | 000,054,528 | ---- | C] (Yamaha Corp.) -- C:\WINDOWS\System32\dllcache\opl3sax.sys
[2011/10/14 18:21:39 | 000,051,552 | ---- | C] (Kensington Technology Group) -- C:\WINDOWS\System32\dllcache\ntgrip.sys
[2011/10/14 18:21:35 | 000,126,080 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\nm5a2wdm.sys
[2011/10/14 18:21:35 | 000,087,040 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\nm6wdm.sys
[2011/10/14 18:21:33 | 000,132,695 | ---- | C] (802.11b) -- C:\WINDOWS\System32\dllcache\netwlan5.sys
[2011/10/14 18:21:31 | 000,039,264 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\neo20xx.sys
[2011/10/14 18:21:30 | 000,060,480 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\neo20xx.dll
[2011/10/14 18:21:29 | 000,091,488 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i3disp.dll
[2011/10/14 18:21:28 | 000,059,104 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128v2.dll
[2011/10/14 18:21:28 | 000,033,088 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128v2.sys
[2011/10/14 18:21:28 | 000,027,936 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i3d.sys
[2011/10/14 18:21:28 | 000,013,664 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128.sys
[2011/10/14 18:21:27 | 000,035,392 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128.dll
[2011/10/14 18:21:26 | 000,076,672 | ---- | C] (Moxa Technologies Co., Ltd.) -- C:\WINDOWS\System32\dllcache\mxport.sys
[2011/10/14 18:21:26 | 000,022,016 | ---- | C] (Moxa Technologies Co., Ltd.) -- C:\WINDOWS\System32\dllcache\mxcard.sys
[2011/10/14 18:21:26 | 000,019,968 | ---- | C] (Moxa Technologies Co., Ltd) -- C:\WINDOWS\System32\dllcache\mxicfg.dll
[2011/10/14 18:21:26 | 000,019,968 | ---- | C] (Macronix International Co., Ltd. ) -- C:\WINDOWS\System32\dllcache\mxnic.sys
[2011/10/14 18:21:26 | 000,007,168 | ---- | C] (Moxa Technologies Co., Ltd) -- C:\WINDOWS\System32\dllcache\mxport.dll
[2011/10/14 18:21:06 | 000,017,280 | ---- | C] (American Megatrends Inc.) -- C:\WINDOWS\System32\dllcache\mraid35x.sys
[2011/10/14 18:20:54 | 000,165,898 | ---- | C] (Madge Networks Ltd) -- C:\WINDOWS\System32\dllcache\mdgndis5.sys
[2011/10/14 18:20:51 | 000,797,500 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltsmt.sys
[2011/10/14 18:20:50 | 000,802,683 | ---- | C] (Lucent Technologies) -- C:\WINDOWS\System32\dllcache\ltsm.sys
[2011/10/14 18:20:50 | 000,577,354 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmntl.sys
[2011/10/14 18:20:50 | 000,422,272 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmntt.sys
[2011/10/14 18:20:49 | 000,728,394 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ltck000c.sys
[2011/10/14 18:20:49 | 000,607,292 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmnt.sys
[2011/10/14 18:20:47 | 000,070,730 | ---- | C] (Linksys Group, Inc.) -- C:\WINDOWS\System32\dllcache\lne100tx.sys
[2011/10/14 18:20:47 | 000,025,065 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\lmndis3.sys
[2011/10/14 18:20:47 | 000,020,573 | ---- | C] (The Linksts Group ) -- C:\WINDOWS\System32\dllcache\lne100.sys
[2011/10/14 18:20:46 | 000,026,922 | ---- | C] (SMSC) -- C:\WINDOWS\System32\dllcache\lanepic5.sys
[2011/10/14 18:20:46 | 000,016,128 | ---- | C] (Litronic Industries) -- C:\WINDOWS\System32\dllcache\lit220p.sys
[2011/10/14 18:20:45 | 000,019,016 | ---- | C] (Kingston Technology Company ) -- C:\WINDOWS\System32\dllcache\ktc111.sys
[2011/10/14 18:20:29 | 000,023,552 | ---- | C] (MKNet Corporation) -- C:\WINDOWS\System32\dllcache\irmk7.sys
[2011/10/14 18:20:18 | 000,372,824 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\iconf32.dll
[2011/10/14 18:20:06 | 000,068,608 | ---- | C] (Avisioin) -- C:\WINDOWS\System32\dllcache\hpgt53tk.dll
[2011/10/14 18:20:05 | 000,126,976 | ---- | C] (Hewlett Packard) -- C:\WINDOWS\System32\dllcache\hpgt34tk.dll
[2011/10/14 18:20:01 | 000,082,432 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\grclass.sys
[2011/10/14 18:20:01 | 000,028,672 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\grserial.sys
[2011/10/14 18:20:00 | 000,017,664 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\gpr400.sys
[2011/10/14 18:19:58 | 000,454,912 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fxusbase.sys
[2011/10/14 18:19:56 | 000,455,680 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fus2base.sys
[2011/10/14 18:19:56 | 000,455,296 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fusbbase.sys
[2011/10/14 18:19:54 | 000,444,416 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpcibase.sys
[2011/10/14 18:19:54 | 000,442,240 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpnpbase.sys
[2011/10/14 18:19:54 | 000,441,728 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpcmbase.sys
[2011/10/14 18:19:53 | 000,034,173 | ---- | C] (Marconi Communications, Inc.) -- C:\WINDOWS\System32\dllcache\forehe.sys
[2011/10/14 18:19:50 | 000,024,618 | ---- | C] (NETGEAR) -- C:\WINDOWS\System32\dllcache\fa410nd5.sys
[2011/10/14 18:19:49 | 000,012,362 | ---- | C] (FUJITSU LIMITED) -- C:\WINDOWS\System32\dllcache\f3ab18xi.sys
[2011/10/14 18:19:49 | 000,011,850 | ---- | C] (FUJITSU LIMITED) -- C:\WINDOWS\System32\dllcache\f3ab18xj.sys
[2011/10/14 18:19:33 | 000,334,208 | ---- | C] (Yamaha Corp.) -- C:\WINDOWS\System32\dllcache\ds1wdm.sys
[2011/10/14 18:19:32 | 000,028,062 | ---- | C] (National Semiconductor Coproration) -- C:\WINDOWS\System32\dllcache\dp83820.sys
[2011/10/14 18:19:29 | 000,952,007 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\diwan.sys
[2011/10/14 18:19:29 | 000,029,696 | ---- | C] (CNet Technology, Inc. ) -- C:\WINDOWS\System32\dllcache\dm9pci5.sys
[2011/10/14 18:19:29 | 000,026,698 | ---- | C] (D-Link Corporation) -- C:\WINDOWS\System32\dllcache\dlh5xnd5.sys
[2011/10/14 18:19:28 | 000,236,060 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\ditrace.exe
[2011/10/14 18:19:28 | 000,038,985 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvsu.dll
[2011/10/14 18:19:27 | 000,091,305 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\dimaint.sys
[2011/10/14 18:19:27 | 000,006,729 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvci.dll
[2011/10/14 18:19:23 | 000,024,649 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\dfe650d.sys
[2011/10/14 18:19:23 | 000,024,648 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\dfe650.sys
[2011/10/14 18:19:22 | 000,020,928 | ---- | C] (Digital Networks, LLC) -- C:\WINDOWS\System32\dllcache\defpa.sys
[2011/10/14 18:19:17 | 000,048,640 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwrwdm.sys
[2011/10/14 18:19:16 | 000,111,872 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcspud.sys
[2011/10/14 18:19:16 | 000,093,952 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcwdm.sys
[2011/10/14 18:19:16 | 000,072,832 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbwdm.sys
[2011/10/14 18:19:16 | 000,003,584 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcosnt5.sys
[2011/10/14 18:19:16 | 000,003,072 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbmidi.sys
[2011/10/14 18:19:15 | 000,252,416 | ---- | C] (Comtrol® Corporation) -- C:\WINDOWS\System32\dllcache\ctmasetp.dll
[2011/10/14 18:19:15 | 000,003,072 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbase.sys
[2011/10/14 18:19:13 | 000,216,576 | ---- | C] (COMPAQ Inc.) -- C:\WINDOWS\System32\dllcache\cpscan.dll
[2011/10/14 18:19:08 | 000,020,864 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\cmbp0wdm.sys
[2011/10/14 18:19:06 | 000,980,034 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\cicap.sys
[2011/10/14 18:19:03 | 000,049,182 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem56n5.sys
[2011/10/14 18:19:03 | 000,027,164 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ce3n5.sys
[2011/10/14 18:19:03 | 000,022,044 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem33n5.sys
[2011/10/14 18:19:03 | 000,022,044 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem28n5.sys
[2011/10/14 18:19:02 | 000,021,530 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ce2n5.sys
[2011/10/14 18:19:01 | 000,715,306 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cbmdmkxx.sys
[2011/10/14 18:19:01 | 000,046,108 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cben5.sys
[2011/10/14 18:19:01 | 000,039,680 | ---- | C] (Silicom Ltd.) -- C:\WINDOWS\System32\dllcache\cb325.sys
[2011/10/14 18:19:01 | 000,037,916 | ---- | C] (Fast Ethernet Controller Provider) -- C:\WINDOWS\System32\dllcache\cb102.sys
[2011/10/14 18:19:00 | 000,164,923 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\diapi2.sys
[2011/10/14 18:19:00 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2011/10/14 18:19:00 | 000,032,256 | ---- | C] (Eicon Technology Corporation) -- C:\WINDOWS\System32\dllcache\diapi2NT.dll
[2011/10/14 18:18:45 | 000,031,529 | ---- | C] (BreezeCOM) -- C:\WINDOWS\System32\dllcache\brzwlan.sys
[2011/10/14 18:18:45 | 000,011,008 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbmdm.sys
[2011/10/14 18:18:45 | 000,010,368 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbscn.sys
[2011/10/14 18:18:44 | 000,060,416 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brserwdm.sys
[2011/10/14 18:18:44 | 000,039,680 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparwdm.sys
[2011/10/14 18:18:44 | 000,009,728 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brserif.dll
[2011/10/14 18:18:44 | 000,005,120 | ---- | C] (Brother Industries,Ltd.) -- C:\WINDOWS\System32\dllcache\brscnrsm.dll
[2011/10/14 18:18:43 | 000,003,168 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparimg.sys
[2011/10/14 18:18:42 | 000,041,472 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfusb.dll
[2011/10/14 18:18:42 | 000,032,256 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfrsmg.exe
[2011/10/14 18:18:42 | 000,029,696 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmflpt.dll
[2011/10/14 18:18:42 | 000,015,360 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfbidi.dll
[2011/10/14 18:18:41 | 000,012,800 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brevif.dll
[2011/10/14 18:18:41 | 000,012,160 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltlo.sys
[2011/10/14 18:18:41 | 000,009,728 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brcoinst.dll
[2011/10/14 18:18:41 | 000,003,968 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltup.sys
[2011/10/14 18:18:41 | 000,002,944 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brfilt.sys
[2011/10/14 18:18:40 | 000,019,456 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brbidiif.dll
[2011/10/14 18:18:39 | 000,871,388 | ---- | C] (BCM) -- C:\WINDOWS\System32\dllcache\bcmdm.sys
[2011/10/14 18:18:38 | 000,342,336 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.dll
[2011/10/14 18:18:38 | 000,036,128 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.sys
[2011/10/14 18:18:37 | 000,144,384 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmenum.dll
[2011/10/14 18:18:37 | 000,089,952 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\b1cbase.sys
[2011/10/14 18:18:37 | 000,037,568 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmwan.sys
[2011/10/14 18:18:37 | 000,036,992 | ---- | C] (Aztech Systems Ltd) -- C:\WINDOWS\System32\dllcache\aztw2320.sys
[2011/10/14 18:18:36 | 000,087,552 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmcoxp.dll
[2011/10/14 18:18:28 | 000,097,354 | ---- | C] (Bay Networks, Inc.) -- C:\WINDOWS\System32\dllcache\aspndis3.sys
[2011/10/14 18:18:25 | 000,016,969 | ---- | C] (AmbiCom, Inc.) -- C:\WINDOWS\System32\dllcache\amb8002.sys
[2011/10/14 18:18:20 | 000,046,112 | ---- | C] (Adaptec, Inc ) -- C:\WINDOWS\System32\dllcache\adptsf50.sys
[2011/10/14 18:18:20 | 000,010,880 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\admjoy.sys
[2011/10/14 18:18:19 | 000,747,392 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8830.sys
[2011/10/14 18:18:19 | 000,584,448 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8810.sys
[2011/10/14 18:18:19 | 000,553,984 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8820.sys
[2011/10/14 18:18:18 | 000,061,952 | ---- | C] (Escáner plano a colores) -- C:\WINDOWS\System32\dllcache\acerscad.dll
[2011/10/14 18:18:17 | 000,462,848 | ---- | C] (Aureal Inc.) -- C:\WINDOWS\System32\dllcache\a3dapi.dll
[2011/10/14 18:18:17 | 000,098,304 | ---- | C] (Aureal Semiconductor) -- C:\WINDOWS\System32\dllcache\a3d.dll
[2011/10/14 18:18:16 | 000,762,780 | ---- | C] (3Com, Inc.) -- C:\WINDOWS\System32\dllcache\3cwmcru.sys
[2011/10/14 18:18:16 | 000,689,216 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvs.dll
[2011/10/14 18:18:16 | 000,148,352 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvsm.sys
[2011/10/13 13:08:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ahmad\Mis documentos\Drivers
[2011/10/12 11:58:50 | 000,000,000 | R--D | C] -- C:\WINDOWS\AsDmiHtm
[2011/10/11 22:09:38 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2011/10/11 20:35:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Configuración local\Datos de programa\Mozilla
[2011/10/11 20:35:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Datos de programa\Mozilla
[2011/10/11 19:07:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2011/10/11 18:59:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ahmad\Datos de programa\Avira
[2011/10/11 18:59:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menú Inicio\Programas\Avira
[2011/10/11 18:59:13 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2011/10/11 18:59:11 | 000,134,344 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2011/10/11 18:59:11 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avkmgr.sys
[2011/10/11 18:59:10 | 000,111,160 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avfwot.sys
[2011/10/11 18:59:10 | 000,091,096 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avfwim.sys
[2011/10/11 18:59:10 | 000,074,640 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2011/10/11 18:59:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Datos de programa\Avira
[2011/10/11 18:59:10 | 000,000,000 | ---D | C] -- C:\Archivos de programa\Avira
[2011/10/11 18:32:16 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2011/10/11 17:26:07 | 000,000,000 | ---D | C] -- C:\Archivos de programa\Windows Installer Clean Up
[2011/10/11 17:25:09 | 000,000,000 | ---D | C] -- C:\Archivos de programa\MSECACHE
[2011/10/11 02:00:25 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\ahmad\Configuración local\Datos de programa\b6ec26c3
[2011/10/08 15:29:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ahmad\.spamassassin
[2011/10/08 15:29:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ahmad\.razor
[2011/10/06 23:30:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menú Inicio\Programas\DS Development
[2011/10/06 23:30:27 | 000,000,000 | ---D | C] -- C:\Archivos de programa\DS Development
[2011/10/06 20:43:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ahmad\Datos de programa\DS Development
[2011/10/06 20:40:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Datos de programa\DS Development
[2011/10/06 20:06:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Datos de programa\Lencom
[2011/10/06 20:05:30 | 000,000,000 | ---D | C] -- C:\Archivos de programa\Archivos comunes\LencomShare
[2011/10/06 20:05:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ahmad\Datos de programa\Lencom
[2011/10/06 19:58:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ahmad\Configuración local\Datos de programa\Emex3
[2011/10/06 19:43:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ahmad\Datos de programa\SendBlaster2
[2011/10/06 19:43:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ahmad\Mis documentos\SendBlaster2
[2011/10/06 19:36:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menú Inicio\Programas\SendBlaster 2
[2011/10/06 16:29:39 | 000,000,000 | ---D | C] -- C:\Archivos de programa\SendBlaster
[2011/10/05 16:02:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ahmad\.CGR_PE_FREE
[2011/10/05 16:02:45 | 000,000,000 | ---D | C] -- C:\Archivos de programa\one-click-easy
[2010/08/27 15:36:00 | 000,015,429 | R--- | C] ( ) -- C:\WINDOWS\System32\drivers\Sacm2A.sys
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/10/23 14:39:00 | 000,000,382 | ---- | M] () -- C:\WINDOWS\tasks\MotoHelper Routing.job
[2011/10/23 13:46:09 | 000,001,102 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/10/23 12:53:14 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ahmad\Escritorio\OTL.exe
[2011/10/23 12:51:58 | 000,139,264 | ---- | M] () -- C:\Documents and Settings\ahmad\Escritorio\SystemLook.exe
[2011/10/23 12:49:20 | 000,079,623 | ---- | M] () -- C:\Documents and Settings\ahmad\Escritorio\Junction.zip
[2011/10/23 12:42:14 | 000,001,098 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/10/23 12:41:31 | 000,002,262 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/10/23 12:41:29 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/10/21 23:56:39 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/10/21 23:48:08 | 004,266,378 | R--- | M] (Swearware) -- C:\Documents and Settings\ahmad\Escritorio\ComboFix.exe
[2011/10/21 16:15:02 | 000,000,532 | ---- | M] () -- C:\WINDOWS\tasks\Mantenimiento automático.job
[2011/10/21 15:31:48 | 000,294,216 | ---- | M] () -- C:\Documents and Settings\ahmad\Escritorio\gmer.zip
[2011/10/16 00:11:34 | 000,000,184 | ---- | M] () -- C:\Documents and Settings\ahmad\defogger_reenable
[2011/10/16 00:06:02 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\ahmad\Escritorio\dds.scr
[2011/10/14 23:57:06 | 000,002,000 | ---- | M] () -- C:\Documents and Settings\ahmad\Escritorio\HiJackThis.lnk
[2011/10/14 21:04:11 | 000,164,579 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/10/13 15:37:50 | 000,126,464 | ---- | M] () -- C:\Documents and Settings\ahmad\Configuración local\Datos de programa\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/13 00:09:26 | 002,178,536 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/10/12 23:57:34 | 000,087,972 | ---- | M] () -- C:\Documents and Settings\ahmad\Mis documentos\restablecer las conexiones de red.reg
[2011/10/12 23:31:51 | 000,525,044 | ---- | M] () -- C:\WINDOWS\System32\perfh00A.dat
[2011/10/12 23:31:51 | 000,437,228 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/10/12 23:31:51 | 000,097,662 | ---- | M] () -- C:\WINDOWS\System32\perfc00A.dat
[2011/10/12 23:31:51 | 000,069,454 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/10/12 12:53:13 | 000,011,641 | ---- | M] () -- C:\WINDOWS\Ascd_tmp.ini
[2011/10/12 12:01:43 | 000,010,049 | ---- | M] () -- C:\WINDOWS\Ascd_log.ini
[2011/10/12 11:29:51 | 000,002,307 | ---- | M] () -- C:\Documents and Settings\All Users\Escritorio\Skype.lnk
[2011/10/12 00:41:45 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/10/11 20:54:39 | 000,000,000 | ---- | M] () -- C:\WINDOWS\3274108086
[2011/10/11 18:59:48 | 000,001,770 | ---- | M] () -- C:\Documents and Settings\All Users\Escritorio\Avira Control Center.lnk
[2011/10/11 17:52:12 | 000,001,152 | ---- | M] () -- C:\WINDOWS\System32\windrv.sys
[2011/10/11 14:39:05 | 000,000,398 | ---- | M] () -- C:\WINDOWS\tasks\MotoHelper Update.job
[2011/10/11 14:39:04 | 000,000,386 | ---- | M] () -- C:\WINDOWS\tasks\MotoHelper MUM.job
[2011/10/07 17:31:59 | 000,121,248 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2011/10/07 10:22:43 | 134,352,362 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/10/06 21:29:50 | 000,000,050 | ---- | M] () -- C:\WINDOWS\MegaManager.INI
[2011/10/06 19:39:52 | 000,435,574 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20111011-163304.backup
[2011/09/29 09:50:57 | 000,206,848 | ---- | M] () -- C:\Documents and Settings\ahmad\Mis documentos\contactos Nextel Lola.mdb
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/10/23 13:01:08 | 000,139,264 | ---- | C] () -- C:\Documents and Settings\ahmad\Escritorio\SystemLook.exe
[2011/10/23 13:01:08 | 000,079,623 | ---- | C] () -- C:\Documents and Settings\ahmad\Escritorio\Junction.zip
[2011/10/21 23:49:40 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/10/21 23:49:40 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/10/21 23:49:40 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/10/21 23:49:40 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/10/21 23:49:40 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/10/21 19:51:52 | 000,294,216 | ---- | C] () -- C:\Documents and Settings\ahmad\Escritorio\gmer.zip
[2011/10/16 00:11:32 | 000,000,184 | ---- | C] () -- C:\Documents and Settings\ahmad\defogger_reenable
[2011/10/14 23:57:06 | 000,002,000 | ---- | C] () -- C:\Documents and Settings\ahmad\Escritorio\HiJackThis.lnk
[2011/10/14 21:04:01 | 000,159,956 | ---- | C] () -- C:\WINDOWS\System32\nvapps.nvb
[2011/10/14 18:24:10 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xrxftplt.exe
[2011/10/14 18:24:10 | 000,018,944 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xrxscnui.dll
[2011/10/14 18:22:11 | 000,033,280 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisrndr.ax
[2011/10/14 18:22:10 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisdecd.dll
[2011/10/14 18:21:50 | 000,044,201 | ---- | C] () -- C:\WINDOWS\System32\dllcache\otceth5.sys
[2011/10/14 18:21:09 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msdvbnp.ax
[2011/10/14 18:20:06 | 000,165,888 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt53.dll
[2011/10/14 18:20:05 | 000,101,376 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt34.dll
[2011/10/14 18:20:05 | 000,093,696 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt42.dll
[2011/10/14 18:20:04 | 000,089,088 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt33.dll
[2011/10/14 18:20:04 | 000,083,968 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt21.dll
[2011/10/14 18:19:28 | 000,037,962 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divaprop.dll
[2011/10/14 18:19:28 | 000,029,768 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divasu.dll
[2011/10/14 18:19:28 | 000,006,216 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divaci.dll
[2011/10/14 18:19:27 | 000,031,817 | ---- | C] () -- C:\WINDOWS\System32\dllcache\disrvpp.dll
[2011/10/14 18:18:34 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativxbar.sys
[2011/10/14 18:18:34 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atixbar.sys
[2011/10/14 18:18:33 | 000,049,920 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtcap.sys
[2011/10/14 18:18:33 | 000,026,880 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtsnd.sys
[2011/10/14 18:18:33 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativttxx.sys
[2011/10/14 18:18:33 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitvsnd.sys
[2011/10/14 18:18:33 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitunep.sys
[2011/10/14 18:18:33 | 000,009,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativmdcd.sys
[2011/10/14 18:18:32 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atipcxxx.sys
[2011/10/14 18:18:30 | 000,046,464 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atibt829.sys
[2011/10/12 23:57:34 | 000,087,972 | ---- | C] () -- C:\Documents and Settings\ahmad\Mis documentos\restablecer las conexiones de red.reg
[2011/10/11 18:59:48 | 000,001,770 | ---- | C] () -- C:\Documents and Settings\All Users\Escritorio\Avira Control Center.lnk
[2011/10/11 17:52:12 | 000,001,152 | ---- | C] () -- C:\WINDOWS\System32\windrv.sys
[2011/10/11 17:26:07 | 000,002,357 | ---- | C] () -- C:\Documents and Settings\ahmad\Menú Inicio\Programas\Windows Install Clean Up.lnk
[2011/10/11 17:13:27 | 000,000,158 | ---- | C] () -- C:\Documents and Settings\ahmad\Mis documentos\fiber.bat
[2011/10/11 15:16:26 | 000,000,532 | ---- | C] () -- C:\WINDOWS\tasks\Mantenimiento automático.job
[2011/10/11 02:00:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\3274108086
[2011/05/04 00:56:40 | 000,538,032 | ---- | C] () -- C:\Documents and Settings\LocalService\Configuración local\Datos de programa\FontCache3.0.0.0.dat
[2011/02/11 19:02:17 | 000,038,503 | ---- | C] () -- C:\Documents and Settings\ahmad\Datos de programa\Valores separados por comas (Windows).ADR
[2010/08/27 15:51:56 | 000,080,416 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2010/08/27 15:36:01 | 000,135,168 | R--- | C] () -- C:\WINDOWS\UNDPX2A.exe
[2010/08/27 15:36:01 | 000,053,693 | R--- | C] () -- C:\WINDOWS\UNDPX2A.sys
[2010/06/12 18:37:59 | 000,000,221 | ---- | C] () -- C:\Documents and Settings\ahmad\Datos de programa\default.rss
[2010/06/12 18:37:03 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/04/08 13:42:05 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/03/14 22:51:04 | 000,000,050 | ---- | C] () -- C:\WINDOWS\MegaManager.INI
[2010/03/09 11:17:52 | 000,794,906 | ---- | C] () -- C:\WINDOWS\unins000.exe
[2010/03/09 11:17:52 | 000,004,039 | ---- | C] () -- C:\WINDOWS\unins000.dat
[2010/02/21 00:10:23 | 000,060,440 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/02/10 17:20:33 | 000,000,655 | ---- | C] () -- C:\WINDOWS\fdircon.INI
[2010/02/09 09:40:36 | 000,004,767 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2010/01/18 01:06:17 | 000,126,464 | ---- | C] () -- C:\Documents and Settings\ahmad\Configuración local\Datos de programa\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/02 22:05:48 | 000,009,383 | ---- | C] () -- C:\Documents and Settings\ahmad\Datos de programa\Microsoft Access 97-2003.EML
[2010/01/02 22:05:38 | 000,000,028 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/12/25 20:10:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/12/25 14:02:39 | 000,003,656 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2009/12/25 11:38:23 | 000,024,576 | R--- | C] () -- C:\WINDOWS\System32\AsIO.dll
[2009/12/25 11:38:23 | 000,012,400 | R--- | C] () -- C:\WINDOWS\System32\drivers\AsIO.sys
[2009/12/25 11:38:20 | 000,011,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp64.sys
[2009/12/25 11:38:20 | 000,010,216 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp32.sys
[2009/12/25 11:37:02 | 000,011,641 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2009/12/25 11:25:41 | 000,010,049 | ---- | C] () -- C:\WINDOWS\Ascd_log.ini
[2009/12/25 11:24:20 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2009/12/25 11:24:07 | 000,012,536 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2009/12/24 21:38:37 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/12/24 21:34:17 | 000,021,900 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/12/24 17:28:22 | 000,004,205 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/12/24 17:25:36 | 002,178,536 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/06/26 17:21:02 | 000,015,498 | ---- | C] () -- C:\WINDOWS\VX1000.ini
[2008/05/26 22:23:18 | 000,016,892 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2008/05/26 22:23:16 | 000,023,640 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2008/05/26 22:23:14 | 000,016,164 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2008/05/26 22:18:44 | 000,439,808 | ---- | C] () -- C:\WINDOWS\System32\searchindexer.exe
[2008/05/26 21:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 21:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2007/12/07 02:51:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007/12/07 02:51:00 | 001,626,112 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2007/12/07 02:51:00 | 001,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007/12/07 02:51:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2007/12/07 02:51:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007/12/07 02:51:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007/12/07 02:51:00 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2007/12/07 02:51:00 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2007/12/07 02:51:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2004/11/18 10:16:42 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\nktwab.dll
[2004/08/19 10:58:52 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/02 09:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2002/10/15 19:54:04 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2001/10/06 08:58:36 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/10/06 08:58:34 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/24 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/24 07:00:00 | 000,525,044 | ---- | C] () -- C:\WINDOWS\System32\perfh00A.dat
[2001/08/24 07:00:00 | 000,437,228 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/24 07:00:00 | 000,317,534 | ---- | C] () -- C:\WINDOWS\System32\perfi00A.dat
[2001/08/24 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/24 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/24 07:00:00 | 000,097,662 | ---- | C] () -- C:\WINDOWS\System32\perfc00A.dat
[2001/08/24 07:00:00 | 000,069,454 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/24 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/24 07:00:00 | 000,036,284 | ---- | C] () -- C:\WINDOWS\System32\perfd00A.dat
[2001/08/24 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/24 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2011/10/12 00:17:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador.AHMAD\Datos de programa\TuneUp Software
[2011/01/19 16:19:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ahmad\Datos de programa\AVG10
[2011/10/06 20:43:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ahmad\Datos de programa\DS Development
[2010/03/13 23:30:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ahmad\Datos de programa\FreeVideoConverter
[2011/09/20 21:45:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ahmad\Datos de programa\gtk-2.0
[2011/10/06 21:23:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ahmad\Datos de programa\Lencom
[2011/02/03 01:21:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ahmad\Datos de programa\motorola
[2010/09/23 00:52:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ahmad\Datos de programa\onOne Software
[2011/10/06 19:52:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ahmad\Datos de programa\SendBlaster2
[2011/01/21 08:53:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ahmad\Datos de programa\TeamViewer
[2010/11/19 18:02:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ahmad\Datos de programa\Thinstall
[2009/12/26 22:46:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ahmad\Datos de programa\TuneUp Software
[2010/09/21 12:05:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ahmad\Datos de programa\Windows Desktop Search
[2010/09/21 12:11:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ahmad\Datos de programa\Windows Search
[2011/01/19 16:13:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\AVG10
[2011/04/28 11:19:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\BVRP Software
[2011/01/19 16:12:55 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Datos de programa\Common Files
[2011/10/06 20:40:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\DS Development
[2009/12/26 01:33:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\EPSON
[2009/12/25 12:45:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\ESET
[2011/09/11 13:43:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\FileServe Limited
[2011/10/06 20:06:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\Lencom
[2011/10/11 17:45:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\MFAData
[2011/02/03 01:13:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\Motorola
[2009/12/28 18:21:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\ODIR
[2010/08/27 21:00:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\TuneUp Software
[2011/09/11 13:42:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\Web Installer
[2009/12/26 22:45:48 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Datos de programa\{55A29068-F2CE-456C-9148-C869879E2357}
[2010/03/09 21:24:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/08/27 21:20:11 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Datos de programa\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
[2011/01/19 17:07:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\amina\Datos de programa\AVG10
[2011/10/07 10:25:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\amina\Datos de programa\DS Development
[2011/04/30 12:11:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\amina\Datos de programa\MioNet
[2011/07/04 17:51:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\amina\Datos de programa\TeamViewer
[2010/08/27 22:00:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\amina\Datos de programa\TuneUp Software
[2010/09/21 17:18:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\amina\Datos de programa\Windows Desktop Search
[2011/08/31 14:09:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\amina\Datos de programa\Windows Search
[2011/10/21 16:15:02 | 000,000,532 | ---- | M] () -- C:\WINDOWS\Tasks\Mantenimiento automático.job
[2011/10/11 14:39:04 | 000,000,386 | ---- | M] () -- C:\WINDOWS\Tasks\MotoHelper MUM.job
[2011/10/23 14:39:00 | 000,000,382 | ---- | M] () -- C:\WINDOWS\Tasks\MotoHelper Routing.job
[2011/10/11 14:39:05 | 000,000,398 | ---- | M] () -- C:\WINDOWS\Tasks\MotoHelper Update.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2009/12/24 21:36:59 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/09/24 13:17:20 | 000,000,389 | RHS- | M] () -- C:\boot.ini
[2001/08/24 07:00:00 | 000,004,952 | RHS- | M] () -- C:\Bootfont.bin
[2011/10/22 00:04:55 | 000,021,704 | ---- | M] () -- C:\ComboFix.txt
[2009/12/24 21:36:59 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/03/17 12:09:32 | 000,025,088 | ---- | M] () -- C:\Envio.doc
[2010/03/17 11:36:44 | 000,001,675 | ---- | M] () -- C:\Envio.Txt
[2010/03/17 12:08:08 | 000,023,040 | ---- | M] () -- C:\Envio.xls
[2010/01/05 00:22:31 | 000,000,180 | ---- | M] () -- C:\fiber.bat
[2011/07/03 21:33:10 | 006,416,410 | ---- | M] () -- C:\immudebug.log
[2009/12/24 21:36:59 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/12/24 21:36:59 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/03 17:38:34 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2009/12/27 21:24:45 | 000,251,168 | RHS- | M] () -- C:\ntldr
[2011/10/23 12:41:26 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2011/10/11 18:32:43 | 000,107,776 | ---- | M] () -- C:\TDSSKiller.2.6.7.0_11.10.2011_18.30.44_log.txt
[2011/10/11 18:33:29 | 000,055,868 | ---- | M] () -- C:\TDSSKiller.2.6.7.0_11.10.2011_18.32.51_log.txt
[2011/10/11 21:10:09 | 000,057,510 | ---- | M] () -- C:\TDSSKiller.2.6.7.0_11.10.2011_21.09.27_log.txt
[2011/10/12 00:26:55 | 000,107,108 | ---- | M] () -- C:\TDSSKiller.2.6.7.0_12.10.2011_00.26.14_log.txt
[2011/10/15 18:14:08 | 000,055,440 | ---- | M] () -- C:\TDSSKiller.2.6.7.0_15.10.2011_18.13.28_log.txt

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2008/07/06 09:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2006/10/26 19:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\Spool\prtprocs\w32x86\msonpppr.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.sys /90 >
[2011/10/11 17:52:12 | 000,001,152 | ---- | M] () -- C:\WINDOWS\system32\windrv.sys
[4 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\*.dll /lockedfiles >
[4 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[1 C:\WINDOWS\system32\drivers\*.tmp files -> C:\WINDOWS\system32\drivers\*.tmp -> ]

< %systemroot%\system32\*.exe /lockedfiles >
[2008/05/26 22:18:44 | 000,439,808 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\searchindexer.exe
[4 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\System32\config\*.sav >
[2009/12/24 18:24:01 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2009/12/24 18:24:01 | 000,667,648 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2009/12/24 18:24:01 | 000,499,712 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %PROGRAMFILES%\* >

< %USERPROFILE%\..|smtmp;true;true;true /FP >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
"NoAutoUpdate" = 0

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Archivos de programa\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/09/30 22:51:51 | 000,714,208 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Archivos de programa\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/09/30 22:51:51 | 000,714,208 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Archivos de programa\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/09/30 22:51:51 | 000,714,208 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Archivos de programa\Mozilla Firefox\firefox.exe [2011/09/30 22:51:53 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Archivos de programa\Mozilla Firefox\firefox.exe" -preferences [2011/09/30 22:51:53 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Archivos de programa\Mozilla Firefox\firefox.exe" -safe-mode [2011/09/30 22:51:53 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: %systemroot%\system32\shmgrate.exe OCInstallReinstallIE [2008/04/13 23:19:11 | 000,045,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallHideIE [2008/04/13 23:19:11 | 000,045,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallShowIE [2008/04/13 23:19:11 | 000,045,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Archivos de programa\Internet Explorer\iexplore.exe" [2008/04/13 23:18:59 | 000,093,184 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Archivos de programa\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/09/30 22:51:51 | 000,714,208 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Archivos de programa\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/09/30 22:51:51 | 000,714,208 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Archivos de programa\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/09/30 22:51:51 | 000,714,208 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Archivos de programa\Mozilla Firefox\firefox.exe [2011/09/30 22:51:53 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Archivos de programa\Mozilla Firefox\firefox.exe" -preferences [2011/09/30 22:51:53 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Archivos de programa\Mozilla Firefox\firefox.exe" -safe-mode [2011/09/30 22:51:53 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: %systemroot%\system32\shmgrate.exe OCInstallReinstallIE [2008/04/13 23:19:11 | 000,045,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallHideIE [2008/04/13 23:19:11 | 000,045,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallShowIE [2008/04/13 23:19:11 | 000,045,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Archivos de programa\Internet Explorer\iexplore.exe" [2008/04/13 23:18:59 | 000,093,184 | ---- | M] (Microsoft Corporation)

< End of report >

#10 yermanicus

yermanicus
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:02:58 AM

Posted 23 October 2011 - 01:20 PM

Extras log


OTL Extras logfile created on: 23/10/2011 14:24:17 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\ahmad\Escritorio
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000C0A | Country: España | Language: ESN | Date Format: dd/MM/yyyy

3,00 Gb Total Physical Memory | 2,24 Gb Available Physical Memory | 74,60% Memory free
4,85 Gb Paging File | 4,22 Gb Available in Paging File | 87,17% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Archivos de programa
Drive C: | 298,08 Gb Total Space | 90,35 Gb Free Space | 30,31% Space Free | Partition Type: NTFS
Drive D: | 298,09 Gb Total Space | 76,24 Gb Free Space | 25,57% Space Free | Partition Type: NTFS

Computer Name: AHMAD | User Name: ahmad | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-1078081533-1085031214-725345543-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Archivos de programa\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Archivos de programa\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Archivos de programa\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Archivos de programa\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Archivos de programa\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Archivos de programa\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"3587:TCP" = 3587:TCP:*:Enabled:Agrupación de igual a igual de Windows
"3540:UDP" = 3540:UDP:*:Enabled:Protocolo de resolución de nombres de mismo nivel (PNRP)
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"5353:TCP" = 5353:TCP:*:Enabled:Adobe CSI CS4
"3587:TCP" = 3587:TCP:*:Enabled:Agrupación de igual a igual de Windows
"3540:UDP" = 3540:UDP:*:Enabled:Protocolo de resolución de nombres de mismo nivel (PNRP)
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1700:TCP" = 1700:TCP:*:Disabled:MioNet Remote Drive Access 0
"1641:TCP" = 1641:TCP:*:Disabled:MioNet Remote Drive Verification
"1647:TCP" = 1647:TCP:*:Disabled:MioNet Storage Device Configuration
"5432:UDP" = 5432:UDP:*:Disabled:MioNet Storage Device Discovery
"1701:TCP" = 1701:TCP:*:Disabled:MioNet Remote Drive Access 1
"1702:TCP" = 1702:TCP:*:Disabled:MioNet Remote Drive Access 2
"1703:TCP" = 1703:TCP:*:Disabled:MioNet Remote Drive Access 3
"1704:TCP" = 1704:TCP:*:Disabled:MioNet Remote Drive Access 4
"1705:TCP" = 1705:TCP:*:Disabled:MioNet Remote Drive Access 5
"1706:TCP" = 1706:TCP:*:Disabled:MioNet Remote Drive Access 6
"1707:TCP" = 1707:TCP:*:Disabled:MioNet Remote Drive Access 7
"1708:TCP" = 1708:TCP:*:Disabled:MioNet Remote Drive Access 8
"1709:TCP" = 1709:TCP:*:Disabled:MioNet Remote Drive Access 9

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Archivos de programa\Archivos comunes\Adobe\CS4ServiceManager\CS4ServiceManager.exe" = C:\Archivos de programa\Archivos comunes\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4 -- (Adobe Systems Incorporated)
"C:\Archivos de programa\Java\jre6\bin\javaw.exe" = C:\Archivos de programa\Java\jre6\bin\javaw.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Archivos de programa\JDownloader\JDownloader.exe" = C:\Archivos de programa\JDownloader\JDownloader.exe:*:Enabled:JDownloader -- (AppWork UG (haftungsbeschränkt))
"C:\Archivos de programa\Mozilla Firefox\firefox.exe" = C:\Archivos de programa\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Archivos de programa\Google\Google Earth\plugin\geplugin.exe" = C:\Archivos de programa\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth -- (Google)
"C:\Archivos de programa\TeamViewer\Version6\TeamViewer.exe" = C:\Archivos de programa\TeamViewer\Version6\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"C:\Archivos de programa\Microsoft LifeCam\LifeCam.exe" = C:\Archivos de programa\Microsoft LifeCam\LifeCam.exe:*:Enabled:LifeCam.exe -- (Microsoft Corporation)
"C:\Archivos de programa\Microsoft LifeCam\LifeEnC2.exe" = C:\Archivos de programa\Microsoft LifeCam\LifeEnC2.exe:*:Enabled:LifeEnC2.exe -- (Microsoft Corporation)
"C:\Archivos de programa\Microsoft LifeCam\LifeExp.exe" = C:\Archivos de programa\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe -- (Microsoft Corporation)
"C:\Archivos de programa\Microsoft LifeCam\LifeTray.exe" = C:\Archivos de programa\Microsoft LifeCam\LifeTray.exe:*:Enabled:LifeTray.exe -- (Microsoft Corporation)
"C:\Archivos de programa\Motorola Media Link\MML.exe" = C:\Archivos de programa\Motorola Media Link\MML.exe:*:Enabled:Motorola Media Link -- (Nero corporation)
"C:\Archivos de programa\Motorola\Software Update\msu.exe" = C:\Archivos de programa\Motorola\Software Update\msu.exe:*:Enabled:msu -- (Motorola)
"C:\Archivos de programa\VLC\vlc.exe" = C:\Archivos de programa\VLC\vlc.exe:*:Enabled:VLC media player -- ()
"C:\Archivos de programa\SendBlaster\sendblaster2.exe" = C:\Archivos de programa\SendBlaster\sendblaster2.exe:*:Enabled:SendBlaster 2 -- (eDisplay srl)
"C:\Documents and Settings\ahmad\Mis documentos\descargas\esetsmartinstaller_esn.exe" = C:\Documents and Settings\ahmad\Mis documentos\descargas\esetsmartinstaller_esn.exe:*:Enabled:ESET Smart Installer -- (ESET)
"C:\Documents and Settings\All Users\Datos de programa\MFAData\SelfUpd\avgmfapx.exe" = C:\Documents and Settings\All Users\Datos de programa\MFAData\SelfUpd\avgmfapx.exe:*:Enabled:AVG Installer Application -- (AVG Technologies CZ, s.r.o.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{0711500B-9912-4D60-9A49-C577B4503D42}" = Nero Recode Help
"{07FF7593-9DEA-40B5-9F87-F557E65BBF60}" = Nero Recode
"{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{1122AAC4-AAAA-43BF-B2D4-3C8C12378952}" = Nero InfoTool
"{11A84FCA-C3C7-4AFD-A797-111DB8569DBC}" = Nero BurningROM
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{12345674-DE9A-677A-CCEE-666356D89777}" = Nero BurnRights
"{1432436d-1b49-4abd-bda0-aa36261e7673}" = Nero 9
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16987E99-C95C-4513-9239-7B44A0A71DB5}" = Nero SoundTrax 10 Help (CHM)
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{1B040683-C390-4711-ABC7-DA8D85E470E7}" = NeroBurningROM
"{1D76A52C-87A6-4AB0-A7B0-08C8D5DF1D75}" = Motorola Mobile Drivers Installation 5.2.0
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}" = Nero MediaHub 10
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback 10
"{23DD8A17-65DB-4D49-A2E0-164C6F460E3F}" = Adobe Photoshop Lightroom 3
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java™ 6 Update 15
"{277C1559-4CF7-44FF-8D07-98AA9C13AABD}" = Nero Multimedia Suite 10
"{2D3455A8-3B15-41A8-99F8-0D4215746463}" = Nero StartSmart
"{30120000-0044-0C0A-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Spanish) 2007 (Beta)
"{3097B151-1F61-4211-A4CC-D70127B226AE}" = SoundTrax
"{329411A0-19F3-4740-874F-17400B126F27}" = Nero Vision 10 Help (CHM)
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10
"{350C9C0A-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3F30CC51-0788-487B-AA83-7214A239C0C0}" = Nero Disc Copy Gadget Help
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4D42353B-533F-4306-AD0B-7FEF292ADE04}" = Nero CoverDesigner Help
"{4E8C27C2-D727-4C00-A90E-C3F6376EEE70}" = Nero ControlCenter
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{548F99E0-14CC-4D53-A7D6-4A62A5F2C748}" = Nero PhotoSnap
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{56BE5CC9-95E6-4128-ABEA-968414CA9C80}" = DolbyFiles
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate
"{5A62A775-A29A-4CE1-BBC2-4A9CD0B211EF}" = Nero Live Help
"{5AE12194-3EAA-40DF-B2BF-FE1D6B78BBF4}" = Nero Vision
"{5C2E8A0F-80E2-4C68-8CC0-D8D16E7196BF}" = Nero RescueAgent Help
"{5C42EAB8-54F9-423A-948C-1CBEF25F8DB4}" = Nero PhotoSnap Help
"{5C9BB0B3-E830-4814-BBA4-D93535E1C7B9}" = Nero Live
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FC7AB5C-61FC-42DF-A923-5139BCF10D42}" = Microsoft LifeCam
"{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{68AB6930-5BFF-4FF6-923B-516A91984FE6}" = Nero BackItUp 10
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{75321954-2589-11DC-DDCC-E98356D81493}" = Nero DriveSpeed
"{753973C4-B961-43BF-B2D4-3C8C92F7216E}" = Nero DriveSpeed
"{78523651-D8B1-11DC-CCEE-741589645873}" = Nero DiscSpeed
"{7A295D8F-484B-4FFB-89AB-C1FD497591FE}" = Nero WaveEditor 10 Help (CHM)
"{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{88253B77-33C9-4A9D-9E4C-4579E39D9158}" = Diagnostics Utility
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C654BD0-1949-43DE-84F2-EC2A1ABB0CB4}" = Nero ShowTime
"{8CE08C3C-8FF4-45D9-925E-4F3CE2D7FA7D}" = Adobe Setup
"{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}" = Nero Recode 10
"{90120000-0010-0C0A-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (Spanish) 12
"{90120000-0015-0C0A-0000-0000000FF1CE}" = Microsoft Office Access MUI (Spanish) 2007
"{90120000-0015-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2CC8520D-6A74-4CCA-9539-8E774E2B50D1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0C0A-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Spanish) 2007
"{90120000-0016-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2CC8520D-6A74-4CCA-9539-8E774E2B50D1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0C0A-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Spanish) 2007
"{90120000-0018-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2CC8520D-6A74-4CCA-9539-8E774E2B50D1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0C0A-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Spanish) 2007
"{90120000-0019-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2CC8520D-6A74-4CCA-9539-8E774E2B50D1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0C0A-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Spanish) 2007
"{90120000-001A-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2CC8520D-6A74-4CCA-9539-8E774E2B50D1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0C0A-0000-0000000FF1CE}" = Microsoft Office Word MUI (Spanish) 2007
"{90120000-001B-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2CC8520D-6A74-4CCA-9539-8E774E2B50D1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0403-0000-0000000FF1CE}" = Microsoft Office Proof (Catalan) 2007
"{90120000-001F-0403-0000-0000000FF1CE}_ENTERPRISE_{A5B6B786-2D6F-4B75-940F-42B32D01D146}" = Microsoft Office Visio 2007 Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{DFA3D010-7486-49A4-B926-DE6D5CCCD7BA}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{2017B6D6-D85A-4492-83D8-86ADAD606350}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0416-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Brazil)) 2007
"{90120000-001F-0416-0000-0000000FF1CE}_ENTERPRISE_{669EB263-0AFE-4FCB-A068-DB082CA6273C}" = Microsoft Office Visio 2007 Service Pack 1 (SP1)
"{90120000-001F-042D-0000-0000000FF1CE}" = Microsoft Office Proof (Basque) 2007
"{90120000-001F-042D-0000-0000000FF1CE}_ENTERPRISE_{042190ED-F17C-4A8D-95D8-87A37B4095BD}" = Microsoft Office Visio 2007 Service Pack 1 (SP1)
"{90120000-001F-0456-0000-0000000FF1CE}" = Microsoft Office Proof (Galician) 2007
"{90120000-001F-0456-0000-0000000FF1CE}_ENTERPRISE_{D3064ADE-5D4C-4AA4-8F71-C63D87D4A263}" = Microsoft Office Visio 2007 Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{E4638990-BE6C-4DFF-A855-8E1B0DEA8E4C}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002C-0C0A-0000-0000000FF1CE}" = Microsoft Office Proofing (Spanish) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{E8178AD9-8146-4752-A006-A972CB9EDB8E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-006E-0C0A-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Spanish) 2007
"{90120000-006E-0C0A-0000-0000000FF1CE}_ENTERPRISE_{35B14BD6-6042-4A55-B326-58309DC8C72A}" = Microsoft Office Visio 2007 Service Pack 1 (SP1)
"{90120000-00A1-0C0A-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Spanish) 2007
"{90120000-00A1-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2CC8520D-6A74-4CCA-9539-8E774E2B50D1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00BA-0C0A-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Spanish) 2007
"{90120000-00BA-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2CC8520D-6A74-4CCA-9539-8E774E2B50D1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{92361733-730D-4775-BCBA-619A9129ADB8}" = Mapa Inteligente ACA v2.0
"{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{943CC0C0-2253-4FE0-9493-DD386F7857FD}" = Nero Express
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{948FFAAE-C57F-447B-9B07-3721E950BFDC}" = Nero ShowTime
"{94CAC2F1-C856-47F4-AF24-65A1E75AEDB9}" = MotoHelper MergeModules
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{961D53EA-40DC-4156-AD74-25684CE05F81}" = Nero Installer
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}" = Nero Vision 10
"{9A875B56-A35C-46BA-A3AA-DF8D03EE9F2F}" = Nero ControlCenter
"{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F3523F8-DAD7-AE52-6DA7-45CDDDF33726}" = Advertising Center
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A73BEC3C-40A0-480E-87EF-EFCD33629088}" = NeroExpress
"{A8399F58-234A-48C6-BA55-30C15738BF3C}" = Nero CoverDesigner
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9F6CFB0-806D-11E0-8EA1-B8AC6F97B88E}" = Google Earth Plug-in
"{AAA12554-2589-11DC-92EF-E98356D81493}" = Nero InfoTool
"{AABBCC54-D8B1-11DC-92EF-E98356D81493}" = Nero DiscSpeed
"{AC76BA86-7AD7-1034-7B44-AA1000000001}" = Adobe Reader X (10.1.0) - Español
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B2C12C8D-65DC-40BD-B309-5ADB0C6C8D8F}" = Nero WaveEditor
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{B96C2601-52F5-4D5D-816A-63469EA311EF}" = "Nero SoundTrax Help
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BCD82AB5-670D-4242-90FA-1F97103C16CD}" = Movie Templates - Starter Kit
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)
"{C3273C55-E1E4-41FF-8D69-0158090DB8D8}" = Nero CoverDesigner 10 Help (CHM)
"{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Dolby Files 10
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C99C89A3-119A-45E6-B26E-DD5643CAA0C5}" = Menu Templates - Starter Kit
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CD1826A5-CFCC-4C6E-9F9D-E181876162EA}" = Nero Rescue Agent
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF950023-9C75-4843-8B68-FD8A5D641B4B}" = SendBlaster 2
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
"{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3
"{D7C206B6-1A63-4389-A8B1-8F607D0BFF1F}" = Nero StartSmart Help
"{D9DC70B6-BE13-41DD-9053-9E617E72D085}" = MOTOROLA MEDIA LINK
"{DB7C1D4A-08BA-4C7E-A8AA-B7F9BB372DCF}" = Nero Recode 10 Help (CHM)
"{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}" = Nero SoundTrax 10
"{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10
"{E38DA569-3CC2-4E9A-BAE2-77D9295DE734}" = Motorola Software Update
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{E4A8DD87-A746-4443-BF25-CAF99CED6767}" = Nero Disc Copy Gadget
"{E86156E5-9859-440D-8876-26CED1349802}" = Nero WaveEditor Help
"{EA9FFE54-D8B1-11DC-92EF-E98356D81493}" = Nero BurnRights
"{EDCDFAD5-DF80-4600-A493-E9DAD6810230}" = Nero WaveEditor 10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10
"{F439D7AF-03F3-4F8E-AEC4-571BFE977C61}" = iTunes
"{F467862A-D9CA-47ED-8D81-B4B3C9399272}" = Nero MediaHub 10 Help (CHM)
"{F4B06B98-A170-496F-9278-5F2371F54A47}" = Email Address Collector
"{F53F6769-AC46-49E3-ABE3-2C8AFD39D0DD}" = Nero Vision
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F60B8CC3-561F-47BE-B1F9-8F208617B830}" = ENLTV/ENLTV-FM Driver Setup
"{F60BCCC3-561F-47BE-B1F9-8F208617B830}" = ENLTV-FM3 Driver Setup
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{F7338FA3-DAB5-49B2-900D-0AFB5760C166}" = PC Probe II
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FB3EFCD7-4E08-4197-89B9-7CCD794F91B6}" = TuneUp Utilities Language Pack (es-ES)
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FCF00A6E-FB58-477A-ABE9-232907105521}" = Nero CoverDesigner 10
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"AC3Filter_is1" = AC3Filter 1.63b
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_2a31ae7a5c43ff52d8577782dd34e04" = Adobe Illustrator CS4
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"Avira AntiVir Desktop" = Avira Internet Security 2012
"BSPlayerf" = BS.Player FREE
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = Instalación de DivX
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EPSON Printer and Utilities" = Software de impresora EPSON
"File Splitter and Joiner_is1" = File Splitter and Joiner (FFSJ v3.3)
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Administrador de dispositivos de plataforma
"JDownloader" = JDownloader
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Monkey's Audio_is1" = Monkey's Audio
"MotoHelper" = MotoHelper 2.0.53 Driver 5.2.0
"Mozilla Firefox 7.0.1 (x86 es-ES)" = Mozilla Firefox 7.0.1 (x86 es-ES)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Natura Sound Therapy v2.0" = Natura Sound Therapy v2.0
"NVIDIA Drivers" = NVIDIA Drivers
"Picasa 3" = Picasa 3
"TeamViewer 6" = TeamViewer 6
"TuneUp Utilities" = TuneUp Utilities
"UltraISO_is1" = UltraISO Premium V9.0
"Unlocker" = Unlocker 1.8.9
"Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions
"Virtual DJ Pro Full - Atomix Productions" = Virtual DJ Pro Full - Atomix Productions
"VLC media player" = VLC media player 1.1.4
"VobSub" = VobSub v2.23 (Remove Only)
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"WebSTAR DPC2100 Uninstall" = Scientific-Atlanta WebSTAR 2000 series Cable Modem
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Reproductor de Windows Media 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1078081533-1085031214-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Aplicación para detectar Winamp

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 14/10/2011 16:52:33 | Computer Name = AHMAD | Source = Outlook | ID = 34
Description = No se pudo obtener el administrador de ámbito de rastreo. Error =
0x80070005.

Error - 14/10/2011 16:52:33 | Computer Name = AHMAD | Source = Outlook | ID = 35
Description = Error al determinar si el almacén está en el ámbito de rastreo (error=0x80070005).

Error - 16/10/2011 11:52:04 | Computer Name = AHMAD | Source = Outlook | ID = 34
Description = No se pudo obtener el administrador de ámbito de rastreo. Error =
0x80070005.

Error - 16/10/2011 11:52:04 | Computer Name = AHMAD | Source = Outlook | ID = 35
Description = Error al determinar si el almacén está en el ámbito de rastreo (error=0x80070005).

Error - 16/10/2011 11:52:07 | Computer Name = AHMAD | Source = Outlook | ID = 34
Description = No se pudo obtener el administrador de ámbito de rastreo. Error =
0x80070005.

Error - 16/10/2011 11:52:07 | Computer Name = AHMAD | Source = Outlook | ID = 35
Description = Error al determinar si el almacén está en el ámbito de rastreo (error=0x80070005).

Error - 17/10/2011 9:08:55 | Computer Name = AHMAD | Source = Outlook | ID = 34
Description = No se pudo obtener el administrador de ámbito de rastreo. Error =
0x80070005.

Error - 17/10/2011 9:08:55 | Computer Name = AHMAD | Source = Outlook | ID = 35
Description = Error al determinar si el almacén está en el ámbito de rastreo (error=0x80070005).

Error - 17/10/2011 9:09:11 | Computer Name = AHMAD | Source = Outlook | ID = 34
Description = No se pudo obtener el administrador de ámbito de rastreo. Error =
0x80070005.

Error - 17/10/2011 9:09:11 | Computer Name = AHMAD | Source = Outlook | ID = 35
Description = Error al determinar si el almacén está en el ámbito de rastreo (error=0x80070005).

[ OSession Events ]
Error - 14/03/2010 18:59:44 | Computer Name = AHMAD-9B5BA4ABC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6416.1000, Microsoft Office Version: 12.0.6416.1000. This session lasted 123
seconds with 60 seconds of active time. This session ended with a crash.

Error - 19/01/2011 16:22:17 | Computer Name = AHMAD | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6416.1000, Microsoft Office Version: 12.0.6416.1000. This session lasted 21
seconds with 0 seconds of active time. This session ended with a crash.

Error - 19/01/2011 16:23:45 | Computer Name = AHMAD | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6416.1000, Microsoft Office Version: 12.0.6416.1000. This session lasted 80
seconds with 0 seconds of active time. This session ended with a crash.

Error - 18/08/2011 12:05:24 | Computer Name = AHMAD | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6416.1000, Microsoft Office Version: 12.0.6416.1000. This session lasted 459
seconds with 360 seconds of active time. This session ended with a crash.

Error - 06/09/2011 13:16:07 | Computer Name = AHMAD | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6416.1000, Microsoft Office Version: 12.0.6416.1000. This session lasted 212
seconds with 180 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 23/10/2011 11:43:50 | Computer Name = AHMAD | Source = Service Control Manager | ID = 7000
Description = El servicio Windows Search no pudo iniciarse debido al siguiente error:
%%5

Error - 23/10/2011 11:43:50 | Computer Name = AHMAD | Source = Service Control Manager | ID = 7023
Description = El servicio Firewall de Windows/Conexión compartida a Internet (ICS)
terminó con el error: %%2

Error - 23/10/2011 11:43:57 | Computer Name = AHMAD | Source = Service Control Manager | ID = 7024
Description = El servicio Avira Mail Protection terminó con el error específico
de servicio 1 (0x1).

Error - 23/10/2011 11:45:18 | Computer Name = AHMAD | Source = Service Control Manager | ID = 7022
Description = El servicio Servicio de ayuda de IPv6 permanece en inicio.

Error - 23/10/2011 11:45:18 | Computer Name = AHMAD | Source = Service Control Manager | ID = 7026
Description = El controlador de inicialización siguiente no se cargó correctamente:
Avgtdix i8042prt IPSec Tcpip

Error - 23/10/2011 11:45:18 | Computer Name = AHMAD | Source = DCOM | ID = 10005
Description = DCOM ha obtenido un error "%5" al intentar iniciar el servicio WSearch
con argumentos "" para ejecutar el servidor: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error - 23/10/2011 11:45:18 | Computer Name = AHMAD | Source = Service Control Manager | ID = 7000
Description = El servicio Windows Search no pudo iniciarse debido al siguiente error:
%%5

Error - 23/10/2011 11:45:18 | Computer Name = AHMAD | Source = Service Control Manager | ID = 7000
Description = El servicio Controlador IPSEC no pudo iniciarse debido al siguiente
error: %%2

Error - 23/10/2011 11:45:18 | Computer Name = AHMAD | Source = Service Control Manager | ID = 7001
Description = El servicio Controlador de protocolo TCP/IP depende del servicio Controlador
IPSEC, el cual no pudo iniciarse debido al siguiente error: %%2

Error - 23/10/2011 11:45:18 | Computer Name = AHMAD | Source = Service Control Manager | ID = 7001
Description = El servicio NLA (Network Location Awareness) depende del servicio
Controlador de protocolo TCP/IP, el cual no pudo iniciarse debido al siguiente error:
%%1068

[ TuneUp Events ]
Error - 20/03/2010 19:07:58 | Computer Name = AHMAD-9B5BA4ABC | Source = TuneUp Program Statistics | ID = 131840
Description =


< End of report >

#11 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:58 AM

Posted 24 October 2011 - 05:01 AM

Hello, yermanicus.

That's because I didn't copy the first line of the SystemLook script. Please re-run it with this script. Sorry!

The good news is that this rootkit usually locks you out of many programs, but it didn't appear to in your case.



Step 1

Download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

If you have a 64-bit system, please download the 64 bit version from here:
SystemLook (64-bit)

  • Double-click SystemLook.exe to run it.
  • A blank Windows shall open with the title "SystemLook v1.0-by Jpshortstuff".
  • Copy and Paste the content of the following codebox into the main textfield under "File":
    :filefind
    netbt.sys
    afd.sys
    
  • Please Confirm everything is copied and Pasted as I have provided above
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan.
  • Please post this log in your next reply.


Note: The log can also be found on your Desktop entitled SystemLook.txt
2nd Note: The scan may take a while from several seconds to a minute or more depending on the number of files you have and how fast your computer can perform the task




Step 2

For x86 bit systems please download GrantPerms.zip and save it to your desktop.
For x64 bit systems please download GrantPerms64.zip and save it to your desktop.
Unzip the file and depending on the system run GrantPerms.exe or GrantPerms64.exe
Copy and paste the following in the edit box:

c:\WINDOWS\system32\searchindexer.exe

Click Unlock. When it is done click "OK".
Click List Permissions and post the result (Perms.txt) that pops up. A copy of Perms.txt will be saved in the same directory the tool is run.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#12 yermanicus

yermanicus
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:02:58 AM

Posted 24 October 2011 - 05:56 AM

I'm on it... please stay with me if you can.
Tanks a lot!

#13 yermanicus

yermanicus
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:02:58 AM

Posted 24 October 2011 - 06:11 AM

SystemLook

SystemLook 30.07.11 by jpshortstuff
Log created at 07:55 on 24/10/2011 by ahmad
Administrator - Elevation successful

========== filefind ==========

Searching for "netbt.sys"
C:\WINDOWS\$NtServicePackUninstall$\netbt.sys -----c- 162816 bytes [00:21 28/12/2009] [21:14 03/08/2004] 0C80E410CD2F47134407EE7DD19CC86B
C:\WINDOWS\ServicePackFiles\i386\netbt.sys ------- 162816 bytes [19:21 13/04/2008] [19:21 13/04/2008] 74B2B2F5BEA5E9A3DC021D685551BD3D
C:\WINDOWS\system32\dllcache\netbt.sys --a--c- 162816 bytes [21:14 03/08/2004] [19:21 13/04/2008] 74B2B2F5BEA5E9A3DC021D685551BD3D
C:\WINDOWS\system32\drivers\netbt.sys --a---- 162816 bytes [21:14 03/08/2004] [19:21 13/04/2008] 74B2B2F5BEA5E9A3DC021D685551BD3D

Searching for "afd.sys"
C:\WINDOWS\$hf_mig$\KB2503665\SP3QFE\afd.sys --a---- 138496 bytes [11:54 16/06/2011] [13:25 16/02/2011] 8D499B1276012EB907E7A9E0F4D8FDA4
C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\afd.sys --a---- 138496 bytes [15:07 16/10/2008] [15:07 16/10/2008] 38D7B715504DA4741DF35E3594FE2099
C:\WINDOWS\$NtServicePackUninstall$\afd.sys -----c- 138496 bytes [00:21 28/12/2009] [21:14 03/08/2004] 5AC495F4CB807B2B98AD2AD591E6D92E
C:\WINDOWS\$NtUninstallKB2503665$\afd.sys -----c- 138496 bytes [12:24 16/06/2011] [14:43 16/10/2008] 7618D5218F2A614672EC61A80D854A37
C:\WINDOWS\$NtUninstallKB2509553$\afd.sys -----c- 138112 bytes [20:30 13/04/2011] [19:19 13/04/2008] 322D0E36693D6E24A2398BEE62A268CD
C:\WINDOWS\ServicePackFiles\i386\afd.sys ------- 138112 bytes [19:19 13/04/2008] [19:19 13/04/2008] 322D0E36693D6E24A2398BEE62A268CD
C:\WINDOWS\system32\dllcache\afd.sys --a--c- 138496 bytes [21:14 03/08/2004] [13:22 16/02/2011] 355556D9E580915118CD7EF736653A89
C:\WINDOWS\system32\drivers\afd.sys --a---- 138496 bytes [21:14 03/08/2004] [13:22 16/02/2011] 355556D9E580915118CD7EF736653A89

-= EOF =-

GrantPerms by Farbar
Ran by ahmad at 2011-10-24 08:05:24

===============================================
\\?\c:\WINDOWS\system32\searchindexer.exe

Owner: BUILTIN\Administradores

DACL(P)(AI):
BUILTIN\Administradores FULL ALLOW (NI)
NT AUTHORITY\SYSTEM FULL ALLOW (NI)
BUILTIN\Usuarios READ/EXECUTE ALLOW (NI)

#14 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:58 AM

Posted 25 October 2011 - 05:02 AM

OK, let's try to fix your internet.

First, download and save WinsockXPFix and transfer it over to your computer via a flash drive. Double-click to run it and select Fix. REboot when done. Do you have internet access after that?


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#15 yermanicus

yermanicus
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:02:58 AM

Posted 25 October 2011 - 11:02 AM

Well......... No!
I don't have internet access.
I had bought another LAN card at the beggining of this, just in case it was a HW problem, so I tried to connect to one, and then to the other, but it's the same.
When I try to open a website, it's like the cable is disconnected.
When I go to "network connections" and I open the connectios which is active (it appears to be active and connected in the icons), it shows no activity, and then I right click it,and try "repair". The dialog shown says "cannot consult the TCP/IP configuration. Cannot continue"
When I run CMD,and try to get info from ipconfig, it says exactly the same as always... "internal error" and so on.

What do you think? Are we looking at a possible formatting situation here? OMG!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users