Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Rootkit.0access


  • This topic is locked This topic is locked
8 replies to this topic

#1 vincent_g

vincent_g

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:24 AM

Posted 05 March 2012 - 08:47 PM

Hi,

My computer was infected recently with a Rootkit. When I open any of my browsers a few seconds later is automatically closed. I lost the audio on my computer. I use McAffe and the real time feature is disable and can't enable it. Also I ran Malwarebytes and the program detected several threats, they are in the quarantine folder but there is 1 file that can't be removed.

Here is the DDS.txt

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by Gonzalo Gerbasi at 20:37:39 on 2012-03-05
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.58.3082.18.3325.2249 [GMT -4,5:30]
.
AV: McAfee VirusScan Enterprise *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee VirusScan Enterprise Antispyware Module *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ASRock\XFast LAN\spd.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\XFastUSB\XFastUsb.exe
C:\Program Files\ASRock\XFast LAN\cfosspeed.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Windows\System32\igfxtray.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\mfevtps.exe
C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\System32\ezSP_Px.exe
C:\Program Files\Drag'n Drop CD+DVD\BinFiles\DragDrop.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\TechSmith\Snagit 10\Snagit32.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Webshots\Webshots.scr
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\viakaraokesrv.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Program Files\TechSmith\Snagit 10\TSCHelp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\TechSmith\Snagit 10\SnagPriv.exe
C:\Program Files\TechSmith\Snagit 10\snagiteditor.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.twitter.com/
uInternet Settings,ProxyOverride = *.local
BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 10\SnagitBHO.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20120122214145.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 10\SnagitIEAddin.dll
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [ASRockIES]
uRun: [zASRockInstantBoot]
uRun: [ASRockOCTuner]
uRun: [DW7] "c:\program files\the weather channel\the weather channel app\TWCApp.exe"
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
mRun: [XFastUSB] "c:\program files\xfastusb\XFastUsb.exe"
mRun: [XFast LAN] c:\program files\asrock\xfast lan\cFosSpeed.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [HDAudDeck] c:\program files\via\viaudioi\vdeck\VDeck.exe -r
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [ezShieldProtector for Px] c:\windows\system32\ezSP_Px.exe
mRun: [Drag'n Drop CD+DVD] c:\program files\drag'n drop cd+dvd\binfiles\DragDrop.exe /StartUp
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [CloneCDTray] "c:\program files\slysoft\clonecd\CloneCDTray.exe" /s
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\udaterui.exe" /StartedFromRunKey
mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [snpstd] c:\windows\vsnpstd.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
StartupFolder: c:\users\gonzal~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\recort~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\users\gonzal~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\webshots.lnk - c:\program files\webshots\Launcher.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\snagit~1.lnk - c:\program files\techsmith\snagit 10\Snagit32.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xportar a Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot\SDHelper.dll
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.135 200.11.248.12 200.44.32.12
TCP: Interfaces\{0F30FC08-9C9A-4B69-8327-B9ACA0B4F06E} : DhcpNameServer = 192.168.1.135 200.11.248.12 200.44.32.12
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2012-1-22 436728]
R0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-1-22 162928]
R1 AsrAppCharger;AsrAppCharger;c:\windows\system32\drivers\AsrAppCharger.sys [2012-1-15 13832]
R1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNETURPX.SYS [2012-1-15 14656]
R2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\common files\magix services\database\bin\FABS.exe [2011-1-14 1839616]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-3-5 652360]
R2 McAfeeFramework;Servicio de registro de McAfee;c:\program files\mcafee\common framework\FrameworkService.exe [2011-1-12 120128]
R2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2012-1-22 159320]
R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\VsTskMgr.exe [2011-1-12 209760]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-1-22 145936]
R2 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\ViakaraokeSrv.exe [2011-2-17 27760]
R3 AsrVDrive;AsrVDrive;c:\windows\system32\drivers\AsrVDrive.sys [2012-1-15 21000]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\L1C62x86.sys [2012-1-15 68208]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-3-5 20464]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2012-1-22 171296]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2012-1-22 58456]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2011-2-17 1801328]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Servicio de actualización de Google (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-1-22 136176]
S2 ikhfile;Wkscfgsrv;c:\windows\system32\svchost.exe -k netsvcs [2009-7-13 20992]
S2 mfesmfk;ZDPSp50;c:\windows\system32\svchost.exe -k netsvcs [2009-7-13 20992]
S2 naiavfilter1;NVTCP;\\.\globalroot\SystemRoot\system32\svchost.exe -k netsvcs --> \\.\globalroot\SystemRoot\system32\svchost.exe -k netsvcs [?]
S2 pavatscheduler;Spcsutilityservice;c:\windows\system32\svchost.exe -k netsvcs [2009-7-13 20992]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot\SDWinSec.exe [2012-1-22 1153368]
S2 vet-filt;Tosrfnds;c:\windows\system32\svchost.exe -k netsvcs [2009-7-13 20992]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\common files\magix services\database\bin\fbserver.exe [2008-8-7 3276800]
S3 FNETTBOH_305;FNETTBOH_305;c:\windows\system32\drivers\FNETTBOH_305.SYS [2012-1-15 29760]
S3 gupdatem;Google Update Servicio (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-1-22 136176]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-1-22 85152]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-20 52224]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
S3 WatAdminSvc;Servicio de tecnologías de activación de Windows;c:\windows\system32\wat\WatAdminSvc.exe [2012-1-15 1343400]
.
=============== Created Last 30 ================
.
2012-03-05 16:58:17 -------- d-----w- c:\users\gonzalo gerbasi\appdata\roaming\Malwarebytes
2012-03-05 16:57:57 -------- d-----w- c:\programdata\Malwarebytes
2012-03-05 16:57:53 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-05 16:57:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-03-05 16:53:57 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-04 21:18:27 -------- d-----w- C:\QUARANTINE
2012-03-04 21:18:25 0 --sha-w- c:\windows\system32\dds_log_trash.cmd
2012-02-14 22:42:07 478720 ----a-w- c:\windows\system32\timedate.cpl
2012-02-14 22:41:58 690688 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-14 22:41:56 442880 ----a-w- c:\windows\system32\ntshrui.dll
2012-02-14 22:41:54 2343424 ----a-w- c:\windows\system32\win32k.sys
.
==================== Find3M ====================
.
2012-02-01 23:41:13 29760 ----a-w- c:\windows\system32\drivers\FNETTBOH_305.SYS
2012-01-26 04:08:15 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-23 02:10:56 162928 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2012-01-23 02:10:56 145936 ----a-w- c:\windows\system32\mfevtps.exe
2012-01-23 02:10:55 85152 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2012-01-23 02:10:55 74848 ----a-w- c:\windows\system32\MfeOtlkAddin.dll
2012-01-23 02:10:54 436728 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2012-01-23 02:10:54 22816 ----a-w- c:\windows\system32\MFEOtlk.dll
2012-01-23 02:10:53 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2012-01-23 02:10:53 58456 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2012-01-23 02:10:53 171296 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2012-01-23 02:10:53 116104 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2012-01-22 16:11:19 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-01-22 16:11:19 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-01-15 23:40:11 14656 ----a-w- c:\windows\system32\drivers\FNETURPX.SYS
2011-12-14 03:04:54 1798656 ----a-w- c:\windows\system32\jscript9.dll
2011-12-14 02:57:18 1127424 ----a-w- c:\windows\system32\wininet.dll
2011-12-14 02:56:58 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-12-14 02:50:04 2382848 ----a-w- c:\windows\system32\mshtml.tlb
.
============= FINISH: 20:38:54,78 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:06:24 AM

Posted 06 March 2012 - 02:05 AM

Hello vincent_g and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. :)

I'll be addressing you by your username, if you'd like me to address you by something else, please let me know!

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:


  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
  • Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)

    • Because of this, you must reply within 3 days failure to reply will result in the topic being closed! I like chocolate chip cookies.
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system or even taking your computer into a repair shop.

    • Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data and have means of backing up your data available.

____________________________________________________

It appears you're infected with an infection known as ZeroAccess.

ZeroAccess (Max++) Rootkit (aka: Sirefef) is a sophisticated rootkit that uses advanced technology to hide its presence in a system and can infect both x86 and x64 platforms. ZeroAccess is similar to the TDSS rootkit but has more self-protection mechanisms that can be used to disable anti-virus software resulting in "Access Denied" messages whenever you run a security application. For more specific information about this infection, please refer to:


NEXT:



Posted Image One or more of the identified infections is a backdoor trojan and password stealer.

This type of infection allows hackers to access and remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.
If you do any banking or other financial transactions on the PC or if it contains any other sensitive information, then from a clean computer, change all passwords where applicable.
It would also be wise to contact those same financial institutions to appraise them of your situation.


I highly suggest you take a look at the two links provided below:
1. How Do I Handle Possible Identify Theft, Internet Fraud, and CC Fraud?
2. When should I re-format? How should I reinstall?


We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.



NEXT:



Running TDSSKiller

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure SKIP is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Note: Do not choose Cure or Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.


NEXT:



Farbar Service Scanner

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


NEXT:


Running OTL

We need to create a New FULL OTL Report
  • Please download OTL from here if you have not done so already:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Change the "Extra Registry" option to "SafeList"
  • Copy and Paste the following code into the Posted Image textbox.
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    "%WinDir%\$NtUninstallKB*$." /30
    C:\Program Files\Common Files\ComObjects\*.* /s
    %systemroot%\*. /mp /s
    %systemroot%\*. /rp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
    %SYSTEMDRIVE%\*.exe
    /md5start
    volsnap.sys
    atapi.sys
    explorer.exe
    winlogon.exe
    wininit.exe
    tdx.sys
    /md5stop
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized


NEXT:



Please make sure you include the following items in your next post:

1. Any comments or questions you may have that you'd like for me to answer in my next post to you.
2. TDSSKiller log.
3. Farbar Service Scanner log.
4. OTL.txt & Extras.txt logs.
5. An update on how your computer is currently running.

It would be helpful if you could answer each question in the order asked, as well as numbering your answers.


Please let me know how the above scans go.

Kindest Regards,
ST.

Edited by SweetTech, 06 March 2012 - 02:05 AM.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#3 vincent_g

vincent_g
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:24 AM

Posted 12 March 2012 - 08:31 AM

Hi ST, thanks for your help.

My name is Vincent. Sorry for the late post but I thought you were going to reply me 5 days after my post.

The computer is a little bit slow and is redirecting me when I want to go to any webpage. The site that is showing all the time is abnow dot com. Basically is the same as last week.

I did what you asked me and here are the logs. Let me know what else I can do. Thank you very much.


07:56:36.0449 2428 TDSS rootkit removing tool 2.7.20.0 Mar 9 2012 17:10:43
07:56:38.0192 2428 ============================================================
07:56:38.0192 2428 Current date / time: 2012/03/12 07:56:38.0192
07:56:38.0192 2428 SystemInfo:
07:56:38.0192 2428
07:56:38.0192 2428 OS Version: 6.1.7601 ServicePack: 1.0
07:56:38.0192 2428 Product type: Workstation
07:56:38.0192 2428 ComputerName: GONZALOGERBASI
07:56:38.0192 2428 UserName: Gonzalo Gerbasi
07:56:38.0192 2428 Windows directory: C:\Windows
07:56:38.0192 2428 System windows directory: C:\Windows
07:56:38.0192 2428 Processor architecture: Intel x86
07:56:38.0192 2428 Number of processors: 2
07:56:38.0193 2428 Page size: 0x1000
07:56:38.0193 2428 Boot type: Normal boot
07:56:38.0193 2428 ============================================================
07:56:39.0144 2428 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
07:56:39.0156 2428 Drive \Device\Harddisk5\DR6 - Size: 0xF48D1A00 (3.82 Gb), SectorSize: 0x200, Cylinders: 0x1F2, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
07:56:39.0157 2428 \Device\Harddisk0\DR0:
07:56:39.0157 2428 MBR used
07:56:39.0157 2428 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
07:56:39.0157 2428 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A353000
07:56:39.0157 2428 \Device\Harddisk5\DR6:
07:56:39.0158 2428 MBR used
07:56:39.0158 2428 \Device\Harddisk5\DR6\Partition0: MBR, Type 0xB, StartLBA 0x22, BlocksNum 0x79D48F
07:56:39.0178 2428 Initialize success
07:56:39.0178 2428 ============================================================
07:57:07.0149 2656 ============================================================
07:57:07.0149 2656 Scan started
07:57:07.0149 2656 Mode: Manual; SigCheck; TDLFS;
07:57:07.0149 2656 ============================================================
07:57:07.0597 2656 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
07:57:07.0787 2656 1394ohci - ok
07:57:07.0824 2656 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
07:57:07.0844 2656 ACPI - ok
07:57:07.0865 2656 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
07:57:07.0963 2656 AcpiPmi - ok
07:57:07.0993 2656 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\drivers\adp94xx.sys
07:57:08.0029 2656 adp94xx - ok
07:57:08.0049 2656 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\drivers\adpahci.sys
07:57:08.0075 2656 adpahci - ok
07:57:08.0094 2656 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\drivers\adpu320.sys
07:57:08.0120 2656 adpu320 - ok
07:57:08.0170 2656 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
07:57:08.0210 2656 AFD - ok
07:57:08.0222 2656 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
07:57:08.0246 2656 agp440 - ok
07:57:08.0268 2656 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\drivers\djsvs.sys
07:57:08.0289 2656 aic78xx - ok
07:57:08.0318 2656 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
07:57:08.0340 2656 aliide - ok
07:57:08.0350 2656 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
07:57:08.0374 2656 amdagp - ok
07:57:08.0384 2656 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
07:57:08.0405 2656 amdide - ok
07:57:08.0421 2656 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\drivers\amdk8.sys
07:57:08.0457 2656 AmdK8 - ok
07:57:08.0464 2656 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\drivers\amdppm.sys
07:57:08.0498 2656 AmdPPM - ok
07:57:08.0526 2656 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
07:57:08.0689 2656 amdsata - ok
07:57:08.0709 2656 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\drivers\amdsbs.sys
07:57:08.0731 2656 amdsbs - ok
07:57:08.0746 2656 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
07:57:08.0761 2656 amdxata - ok
07:57:08.0784 2656 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
07:57:08.0951 2656 AppID - ok
07:57:08.0988 2656 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\drivers\arc.sys
07:57:09.0007 2656 arc - ok
07:57:09.0015 2656 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\drivers\arcsas.sys
07:57:09.0041 2656 arcsas - ok
07:57:09.0103 2656 AsrAppCharger (46658ee12f6924e832697581fdd0e659) C:\Windows\system32\DRIVERS\AsrAppCharger.sys
07:57:09.0333 2656 AsrAppCharger - ok
07:57:09.0364 2656 AsrVDrive (e41ef835878d5a39ec8d7367bc8b6bdf) C:\Windows\system32\DRIVERS\AsrVDrive.sys
07:57:09.0511 2656 AsrVDrive - ok
07:57:09.0528 2656 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
07:57:09.0590 2656 AsyncMac - ok
07:57:09.0611 2656 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
07:57:09.0627 2656 atapi - ok
07:57:09.0670 2656 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\drivers\bxvbdx.sys
07:57:09.0713 2656 b06bdrv - ok
07:57:09.0729 2656 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
07:57:09.0769 2656 b57nd60x - ok
07:57:09.0801 2656 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
07:57:09.0856 2656 Beep - ok
07:57:09.0875 2656 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
07:57:09.0914 2656 blbdrive - ok
07:57:09.0951 2656 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
07:57:09.0990 2656 bowser - ok
07:57:10.0001 2656 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\BrFiltLo.sys
07:57:10.0042 2656 BrFiltLo - ok
07:57:10.0049 2656 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\BrFiltUp.sys
07:57:10.0085 2656 BrFiltUp - ok
07:57:10.0105 2656 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
07:57:10.0140 2656 Brserid - ok
07:57:10.0156 2656 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
07:57:10.0190 2656 BrSerWdm - ok
07:57:10.0197 2656 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
07:57:10.0232 2656 BrUsbMdm - ok
07:57:10.0242 2656 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
07:57:10.0275 2656 BrUsbSer - ok
07:57:10.0287 2656 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\drivers\bthmodem.sys
07:57:10.0324 2656 BTHMODEM - ok
07:57:10.0349 2656 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
07:57:10.0391 2656 cdfs - ok
07:57:10.0434 2656 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
07:57:10.0467 2656 cdrom - ok
07:57:10.0527 2656 cFosSpeed (077cdbba37bb67d47cc53647d3217239) C:\Windows\system32\DRIVERS\cfosspeed6.sys
07:57:10.0625 2656 cFosSpeed - ok
07:57:10.0645 2656 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\drivers\circlass.sys
07:57:10.0692 2656 circlass - ok
07:57:10.0719 2656 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
07:57:10.0740 2656 CLFS - ok
07:57:10.0761 2656 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\drivers\CmBatt.sys
07:57:10.0791 2656 CmBatt - ok
07:57:10.0803 2656 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
07:57:10.0821 2656 cmdide - ok
07:57:10.0847 2656 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
07:57:10.0876 2656 CNG - ok
07:57:10.0890 2656 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\drivers\compbatt.sys
07:57:10.0911 2656 Compbatt - ok
07:57:10.0938 2656 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\DRIVERS\CompositeBus.sys
07:57:11.0030 2656 CompositeBus - ok
07:57:11.0050 2656 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\drivers\crcdisk.sys
07:57:11.0072 2656 crcdisk - ok
07:57:11.0236 2656 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
07:57:11.0280 2656 DfsC - ok
07:57:11.0309 2656 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
07:57:11.0355 2656 discache - ok
07:57:11.0384 2656 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\drivers\disk.sys
07:57:11.0403 2656 Disk - ok
07:57:11.0462 2656 Dot4 (b5e479eb83707dd698f66953e922042c) C:\Windows\system32\DRIVERS\Dot4.sys
07:57:11.0496 2656 Dot4 - ok
07:57:11.0516 2656 Dot4Print (caefd09b6a6249c53a67d55a9a9fcabf) C:\Windows\system32\DRIVERS\Dot4Prt.sys
07:57:11.0545 2656 Dot4Print - ok
07:57:11.0562 2656 dot4usb (cf491ff38d62143203c065260567e2f7) C:\Windows\system32\DRIVERS\dot4usb.sys
07:57:11.0594 2656 dot4usb - ok
07:57:11.0622 2656 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
07:57:11.0647 2656 drmkaud - ok
07:57:11.0678 2656 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
07:57:11.0708 2656 DXGKrnl - ok
07:57:11.0772 2656 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\drivers\evbdx.sys
07:57:11.0858 2656 ebdrv - ok
07:57:11.0909 2656 ElbyCDFL (ce37e3d51912e59c80c6d84337c0b4cd) C:\Windows\system32\Drivers\ElbyCDFL.sys
07:57:11.0996 2656 ElbyCDFL - ok
07:57:12.0016 2656 ElbyCDIO (178cc9403816c082d22a1d47fa1f9c85) C:\Windows\system32\Drivers\ElbyCDIO.sys
07:57:12.0093 2656 ElbyCDIO - ok
07:57:12.0131 2656 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\drivers\elxstor.sys
07:57:12.0165 2656 elxstor - ok
07:57:12.0183 2656 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
07:57:12.0208 2656 ErrDev - ok
07:57:12.0244 2656 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
07:57:12.0292 2656 exfat - ok
07:57:12.0317 2656 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
07:57:12.0355 2656 fastfat - ok
07:57:12.0369 2656 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\drivers\fdc.sys
07:57:12.0399 2656 fdc - ok
07:57:12.0426 2656 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
07:57:12.0443 2656 FileInfo - ok
07:57:12.0462 2656 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
07:57:12.0515 2656 Filetrace - ok
07:57:12.0536 2656 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\drivers\flpydisk.sys
07:57:12.0568 2656 flpydisk - ok
07:57:12.0588 2656 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
07:57:12.0607 2656 FltMgr - ok
07:57:12.0639 2656 FNETTBOH_305 (4bd9964632325802f8dc971f6987cd1b) C:\Windows\system32\drivers\FNETTBOH_305.SYS
07:57:12.0652 2656 FNETTBOH_305 - ok
07:57:12.0666 2656 FNETURPX (47bda10316324cfa540f25ab7021f0d8) C:\Windows\system32\drivers\FNETURPX.SYS
07:57:12.0679 2656 FNETURPX - ok
07:57:12.0700 2656 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
07:57:12.0719 2656 FsDepends - ok
07:57:12.0731 2656 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
07:57:12.0750 2656 Fs_Rec - ok
07:57:12.0778 2656 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
07:57:12.0799 2656 fvevol - ok
07:57:12.0826 2656 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\drivers\gagp30kx.sys
07:57:12.0848 2656 gagp30kx - ok
07:57:12.0888 2656 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
07:57:12.0968 2656 GEARAspiWDM - ok
07:57:13.0013 2656 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
07:57:13.0050 2656 hcw85cir - ok
07:57:13.0092 2656 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
07:57:14.0371 2656 HdAudAddService - ok
07:57:14.0386 2656 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\DRIVERS\HDAudBus.sys
07:57:14.0418 2656 HDAudBus - ok
07:57:14.0426 2656 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\drivers\HidBatt.sys
07:57:14.0455 2656 HidBatt - ok
07:57:14.0465 2656 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\drivers\hidbth.sys
07:57:14.0498 2656 HidBth - ok
07:57:14.0516 2656 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\drivers\hidir.sys
07:57:14.0549 2656 HidIr - ok
07:57:14.0584 2656 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
07:57:14.0740 2656 HidUsb - ok
07:57:14.0779 2656 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
07:57:14.0799 2656 HpSAMD - ok
07:57:14.0833 2656 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
07:57:14.0889 2656 HTTP - ok
07:57:14.0901 2656 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
07:57:14.0917 2656 hwpolicy - ok
07:57:14.0937 2656 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
07:57:14.0960 2656 i8042prt - ok
07:57:15.0002 2656 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
07:57:15.0163 2656 iaStorV - ok
07:57:15.0336 2656 igfx (dce0b53570703cce580d066f89ef58cd) C:\Windows\system32\DRIVERS\igdkmd32.sys
07:57:15.0575 2656 igfx - ok
07:57:15.0604 2656 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\drivers\iirsp.sys
07:57:15.0625 2656 iirsp - ok
07:57:15.0658 2656 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
07:57:15.0675 2656 intelide - ok
07:57:15.0690 2656 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
07:57:15.0713 2656 intelppm - ok
07:57:15.0730 2656 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
07:57:15.0780 2656 IpFilterDriver - ok
07:57:15.0789 2656 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
07:57:15.0875 2656 IPMIDRV - ok
07:57:15.0883 2656 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
07:57:15.0924 2656 IPNAT - ok
07:57:15.0971 2656 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
07:57:16.0000 2656 IRENUM - ok
07:57:16.0009 2656 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
07:57:16.0032 2656 isapnp - ok
07:57:16.0045 2656 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
07:57:16.0145 2656 iScsiPrt - ok
07:57:16.0173 2656 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
07:57:16.0191 2656 kbdclass - ok
07:57:16.0205 2656 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
07:57:16.0410 2656 kbdhid - ok
07:57:16.0446 2656 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
07:57:16.0462 2656 KSecDD - ok
07:57:16.0481 2656 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
07:57:16.0500 2656 KSecPkg - ok
07:57:16.0537 2656 L1C (1a91eaad2d73758140b3b7b6ad736573) C:\Windows\system32\DRIVERS\L1C62x86.sys
07:57:16.0677 2656 L1C - ok
07:57:16.0719 2656 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
07:57:16.0767 2656 lltdio - ok
07:57:16.0800 2656 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\drivers\lsi_fc.sys
07:57:16.0824 2656 LSI_FC - ok
07:57:16.0833 2656 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\drivers\lsi_sas.sys
07:57:16.0860 2656 LSI_SAS - ok
07:57:16.0875 2656 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\drivers\lsi_sas2.sys
07:57:16.0898 2656 LSI_SAS2 - ok
07:57:16.0908 2656 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\drivers\lsi_scsi.sys
07:57:16.0928 2656 LSI_SCSI - ok
07:57:16.0956 2656 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
07:57:16.0994 2656 luafv - ok
07:57:17.0033 2656 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys
07:57:17.0047 2656 MBAMProtector - ok
07:57:17.0092 2656 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\drivers\megasas.sys
07:57:17.0113 2656 megasas - ok
07:57:17.0131 2656 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\drivers\MegaSR.sys
07:57:17.0158 2656 MegaSR - ok
07:57:17.0189 2656 mfeapfk (c0d975d64c1af8057f2d75b1297a6979) C:\Windows\system32\drivers\mfeapfk.sys
07:57:17.0204 2656 mfeapfk - ok
07:57:17.0228 2656 mfeavfk (c169326049a8a03d5f905b34f5a65f8c) C:\Windows\system32\drivers\mfeavfk.sys
07:57:17.0245 2656 mfeavfk - ok
07:57:17.0259 2656 mfeavfk01 - ok
07:57:17.0278 2656 mfebopk (50b0253b2484a306a20d8695c5ae5858) C:\Windows\system32\drivers\mfebopk.sys
07:57:17.0291 2656 mfebopk - ok
07:57:17.0311 2656 mfehidk (188b40866db2ab8ef262febc65291687) C:\Windows\system32\drivers\mfehidk.sys
07:57:17.0332 2656 mfehidk - ok
07:57:17.0346 2656 mferkdet (c1b30af2e18e69bf8ceb39b33f32d3c1) C:\Windows\system32\drivers\mferkdet.sys
07:57:17.0435 2656 mferkdet - ok
07:57:17.0459 2656 mfewfpk (451b49f0e10d6058ced5b56852d82c8b) C:\Windows\system32\drivers\mfewfpk.sys
07:57:17.0475 2656 mfewfpk - ok
07:57:17.0504 2656 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
07:57:17.0554 2656 Modem - ok
07:57:17.0580 2656 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
07:57:17.0613 2656 monitor - ok
07:57:17.0637 2656 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
07:57:17.0655 2656 mouclass - ok
07:57:17.0680 2656 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
07:57:17.0714 2656 mouhid - ok
07:57:17.0729 2656 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
07:57:17.0746 2656 mountmgr - ok
07:57:17.0765 2656 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
07:57:17.0917 2656 mpio - ok
07:57:17.0938 2656 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
07:57:17.0988 2656 mpsdrv - ok
07:57:18.0007 2656 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
07:57:18.0038 2656 MRxDAV - ok
07:57:18.0078 2656 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
07:57:18.0118 2656 mrxsmb - ok
07:57:18.0146 2656 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
07:57:18.0175 2656 mrxsmb10 - ok
07:57:18.0190 2656 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
07:57:18.0209 2656 mrxsmb20 - ok
07:57:18.0229 2656 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
07:57:18.0373 2656 msahci - ok
07:57:18.0381 2656 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
07:57:18.0527 2656 msdsm - ok
07:57:18.0554 2656 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
07:57:18.0595 2656 Msfs - ok
07:57:18.0615 2656 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
07:57:18.0655 2656 mshidkmdf - ok
07:57:18.0672 2656 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
07:57:18.0689 2656 msisadrv - ok
07:57:18.0723 2656 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
07:57:18.0780 2656 MSKSSRV - ok
07:57:18.0792 2656 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
07:57:18.0837 2656 MSPCLOCK - ok
07:57:18.0852 2656 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
07:57:18.0902 2656 MSPQM - ok
07:57:18.0916 2656 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
07:57:18.0936 2656 MsRPC - ok
07:57:18.0958 2656 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
07:57:18.0974 2656 mssmbios - ok
07:57:18.0994 2656 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
07:57:19.0040 2656 MSTEE - ok
07:57:19.0054 2656 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\drivers\MTConfig.sys
07:57:19.0085 2656 MTConfig - ok
07:57:19.0100 2656 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
07:57:19.0117 2656 Mup - ok
07:57:19.0156 2656 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
07:57:19.0204 2656 NativeWifiP - ok
07:57:19.0230 2656 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
07:57:19.0260 2656 NDIS - ok
07:57:19.0280 2656 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
07:57:19.0332 2656 NdisCap - ok
07:57:19.0357 2656 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
07:57:19.0392 2656 NdisTapi - ok
07:57:19.0402 2656 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
07:57:19.0514 2656 Ndisuio - ok
07:57:19.0528 2656 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
07:57:19.0573 2656 NdisWan - ok
07:57:19.0588 2656 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
07:57:19.0690 2656 NDProxy - ok
07:57:19.0716 2656 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
07:57:19.0773 2656 NetBIOS - ok
07:57:19.0791 2656 NetBT (60050a1e0357361aa68e8d6153a51877) C:\Windows\system32\DRIVERS\netbt.sys
07:57:19.0792 2656 Suspicious file (Forged): C:\Windows\system32\DRIVERS\netbt.sys. Real md5: 60050a1e0357361aa68e8d6153a51877, Fake md5: 280122ddcf04b378edd1ad54d71c1e54
07:57:19.0793 2656 NetBT ( Virus.Win32.ZAccess.g ) - infected
07:57:19.0793 2656 NetBT - detected Virus.Win32.ZAccess.g (0)
07:57:19.0843 2656 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\drivers\nfrd960.sys
07:57:19.0866 2656 nfrd960 - ok
07:57:19.0909 2656 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
07:57:19.0949 2656 Npfs - ok
07:57:19.0970 2656 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
07:57:20.0011 2656 nsiproxy - ok
07:57:20.0066 2656 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
07:57:20.0109 2656 Ntfs - ok
07:57:20.0125 2656 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
07:57:20.0173 2656 Null - ok
07:57:20.0208 2656 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
07:57:20.0297 2656 nvraid - ok
07:57:20.0329 2656 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
07:57:20.0484 2656 nvstor - ok
07:57:20.0503 2656 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
07:57:20.0523 2656 nv_agp - ok
07:57:20.0551 2656 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
07:57:20.0589 2656 ohci1394 - ok
07:57:20.0626 2656 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
07:57:20.0654 2656 Parport - ok
07:57:20.0666 2656 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
07:57:20.0685 2656 partmgr - ok
07:57:20.0701 2656 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
07:57:20.0733 2656 Parvdm - ok
07:57:20.0759 2656 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
07:57:20.0779 2656 pci - ok
07:57:20.0792 2656 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
07:57:20.0814 2656 pciide - ok
07:57:20.0837 2656 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\drivers\pcmcia.sys
07:57:20.0865 2656 pcmcia - ok
07:57:20.0882 2656 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
07:57:20.0900 2656 pcw - ok
07:57:20.0921 2656 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
07:57:20.0972 2656 PEAUTH - ok
07:57:21.0063 2656 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
07:57:21.0109 2656 PptpMiniport - ok
07:57:21.0131 2656 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\drivers\processr.sys
07:57:21.0167 2656 Processor - ok
07:57:21.0203 2656 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
07:57:21.0250 2656 Psched - ok
07:57:21.0291 2656 PxHelp20 (352cf968df88760fef225c3fbe7184a7) C:\Windows\system32\DRIVERS\PxHelp20.sys
07:57:21.0296 2656 PxHelp20 ( UnsignedFile.Multi.Generic ) - warning
07:57:21.0296 2656 PxHelp20 - detected UnsignedFile.Multi.Generic (1)
07:57:21.0333 2656 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\drivers\ql2300.sys
07:57:21.0389 2656 ql2300 - ok
07:57:21.0410 2656 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\drivers\ql40xx.sys
07:57:21.0432 2656 ql40xx - ok
07:57:21.0499 2656 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
07:57:21.0578 2656 QWAVEdrv - ok
07:57:21.0598 2656 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
07:57:21.0640 2656 RasAcd - ok
07:57:21.0672 2656 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
07:57:21.0708 2656 RasAgileVpn - ok
07:57:21.0725 2656 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
07:57:21.0776 2656 Rasl2tp - ok
07:57:21.0798 2656 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
07:57:21.0843 2656 RasPppoe - ok
07:57:21.0859 2656 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
07:57:21.0905 2656 RasSstp - ok
07:57:21.0927 2656 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
07:57:21.0973 2656 rdbss - ok
07:57:21.0986 2656 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\drivers\rdpbus.sys
07:57:22.0010 2656 rdpbus - ok
07:57:22.0031 2656 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
07:57:22.0075 2656 RDPCDD - ok
07:57:22.0097 2656 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
07:57:22.0136 2656 RDPENCDD - ok
07:57:22.0155 2656 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
07:57:22.0201 2656 RDPREFMP - ok
07:57:22.0211 2656 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
07:57:22.0378 2656 RDPWD - ok
07:57:22.0413 2656 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
07:57:22.0433 2656 rdyboost - ok
07:57:22.0499 2656 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
07:57:22.0536 2656 rspndr - ok
07:57:22.0560 2656 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
07:57:22.0706 2656 sbp2port - ok
07:57:22.0729 2656 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
07:57:22.0830 2656 scfilter - ok
07:57:22.0909 2656 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
07:57:22.0961 2656 secdrv - ok
07:57:23.0025 2656 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
07:57:23.0058 2656 Serenum - ok
07:57:23.0083 2656 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
07:57:23.0119 2656 Serial - ok
07:57:23.0148 2656 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\drivers\sermouse.sys
07:57:23.0177 2656 sermouse - ok
07:57:23.0223 2656 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
07:57:23.0257 2656 sffdisk - ok
07:57:23.0275 2656 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
07:57:23.0317 2656 sffp_mmc - ok
07:57:23.0334 2656 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
07:57:23.0439 2656 sffp_sd - ok
07:57:23.0456 2656 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\drivers\sfloppy.sys
07:57:23.0492 2656 sfloppy - ok
07:57:23.0538 2656 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
07:57:23.0559 2656 sisagp - ok
07:57:23.0583 2656 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\drivers\SiSRaid2.sys
07:57:23.0603 2656 SiSRaid2 - ok
07:57:23.0630 2656 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\drivers\sisraid4.sys
07:57:23.0653 2656 SiSRaid4 - ok
07:57:23.0672 2656 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
07:57:23.0713 2656 Smb - ok
07:57:23.0781 2656 snpstd (d08d19ee68cb88ab1bc5da3081505847) C:\Windows\system32\DRIVERS\snpstd.sys
07:57:23.0875 2656 snpstd - ok
07:57:23.0885 2656 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
07:57:23.0902 2656 spldr - ok
07:57:23.0966 2656 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
07:57:24.0006 2656 srv - ok
07:57:24.0031 2656 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
07:57:24.0055 2656 srv2 - ok
07:57:24.0068 2656 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
07:57:24.0099 2656 srvnet - ok
07:57:24.0120 2656 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\drivers\stexstor.sys
07:57:24.0141 2656 stexstor - ok
07:57:24.0170 2656 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
07:57:24.0190 2656 swenum - ok
07:57:24.0270 2656 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
07:57:24.0314 2656 Tcpip - ok
07:57:24.0349 2656 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
07:57:24.0389 2656 TCPIP6 - ok
07:57:24.0413 2656 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
07:57:24.0453 2656 tcpipreg - ok
07:57:24.0474 2656 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
07:57:24.0649 2656 TDPIPE - ok
07:57:24.0659 2656 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
07:57:24.0835 2656 TDTCP - ok
07:57:24.0865 2656 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
07:57:25.0025 2656 tdx - ok
07:57:25.0051 2656 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\DRIVERS\termdd.sys
07:57:25.0172 2656 TermDD - ok
07:57:25.0235 2656 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
07:57:25.0409 2656 tssecsrv - ok
07:57:25.0431 2656 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
07:57:25.0545 2656 TsUsbFlt - ok
07:57:25.0561 2656 TsUsbGD (01246f0baad7b68ec0f472aa41e33282) C:\Windows\system32\drivers\TsUsbGD.sys
07:57:25.0640 2656 TsUsbGD - ok
07:57:25.0668 2656 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
07:57:25.0769 2656 tunnel - ok
07:57:25.0784 2656 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\drivers\uagp35.sys
07:57:25.0804 2656 uagp35 - ok
07:57:25.0830 2656 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
07:57:25.0946 2656 udfs - ok
07:57:25.0972 2656 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
07:57:25.0996 2656 uliagpkx - ok
07:57:26.0019 2656 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\DRIVERS\umbus.sys
07:57:26.0105 2656 umbus - ok
07:57:26.0125 2656 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\drivers\umpass.sys
07:57:26.0156 2656 UmPass - ok
07:57:26.0198 2656 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
07:57:26.0294 2656 usbccgp - ok
07:57:26.0316 2656 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
07:57:26.0341 2656 usbcir - ok
07:57:26.0357 2656 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\drivers\usbehci.sys
07:57:26.0519 2656 usbehci - ok
07:57:26.0539 2656 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
07:57:26.0698 2656 usbhub - ok
07:57:26.0714 2656 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
07:57:26.0866 2656 usbohci - ok
07:57:26.0895 2656 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
07:57:26.0929 2656 usbprint - ok
07:57:26.0972 2656 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
07:57:27.0002 2656 usbscan - ok
07:57:27.0030 2656 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
07:57:27.0179 2656 USBSTOR - ok
07:57:27.0196 2656 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\drivers\usbuhci.sys
07:57:27.0355 2656 usbuhci - ok
07:57:27.0388 2656 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
07:57:27.0405 2656 vdrvroot - ok
07:57:27.0429 2656 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
07:57:27.0466 2656 vga - ok
07:57:27.0483 2656 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
07:57:27.0519 2656 VgaSave - ok
07:57:27.0533 2656 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
07:57:27.0625 2656 vhdmp - ok
07:57:27.0653 2656 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
07:57:27.0677 2656 viaagp - ok
07:57:27.0698 2656 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\drivers\viac7.sys
07:57:27.0725 2656 ViaC7 - ok
07:57:27.0797 2656 VIAHdAudAddService (f2abb8bc8a9f807eddb639672695a9bc) C:\Windows\system32\drivers\viahduaa.sys
07:57:27.0895 2656 VIAHdAudAddService - ok
07:57:27.0916 2656 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
07:57:27.0935 2656 viaide - ok
07:57:27.0964 2656 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
07:57:27.0981 2656 volmgr - ok
07:57:27.0999 2656 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
07:57:28.0020 2656 volmgrx - ok
07:57:28.0042 2656 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
07:57:28.0063 2656 volsnap - ok
07:57:28.0092 2656 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\drivers\vsmraid.sys
07:57:28.0115 2656 vsmraid - ok
07:57:28.0143 2656 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
07:57:28.0172 2656 vwifibus - ok
07:57:28.0208 2656 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\drivers\wacompen.sys
07:57:28.0239 2656 WacomPen - ok
07:57:28.0267 2656 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
07:57:28.0314 2656 WANARP - ok
07:57:28.0320 2656 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
07:57:28.0355 2656 Wanarpv6 - ok
07:57:28.0397 2656 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\drivers\wd.sys
07:57:28.0416 2656 Wd - ok
07:57:28.0440 2656 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
07:57:28.0467 2656 Wdf01000 - ok
07:57:28.0521 2656 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
07:57:28.0566 2656 WfpLwf - ok
07:57:28.0584 2656 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
07:57:28.0603 2656 WIMMount - ok
07:57:28.0647 2656 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
07:57:28.0682 2656 WmiAcpi - ok
07:57:28.0721 2656 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
07:57:28.0763 2656 ws2ifsl - ok
07:57:28.0799 2656 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
07:57:28.0842 2656 WudfPf - ok
07:57:28.0865 2656 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
07:57:28.0912 2656 WUDFRd - ok
07:57:28.0960 2656 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
07:57:29.0043 2656 \Device\Harddisk0\DR0 - ok
07:57:29.0049 2656 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk5\DR6
07:57:29.0138 2656 \Device\Harddisk5\DR6 - ok
07:57:29.0143 2656 Boot (0x1200) (148563c28774a5b43eaa193d63338c13) \Device\Harddisk0\DR0\Partition0
07:57:29.0144 2656 \Device\Harddisk0\DR0\Partition0 - ok
07:57:29.0169 2656 Boot (0x1200) (0774afb3c65815b7f58e797eb8862b8c) \Device\Harddisk0\DR0\Partition107:57:29.0170 2656 \Device\Harddisk0\DR0\Partition1 - ok
07:57:29.0175 2656 Boot (0x1200) (9bcf43deabe9cfe0ef28eebacdafe2fc) \Device\Harddisk5\DR6\Partition0
07:57:29.0176 2656 \Device\Harddisk5\DR6\Partition0 - ok
07:57:29.0177 2656 ============================================================
07:57:29.0177 2656 Scan finished
07:57:29.0177 2656 ============================================================
07:57:29.0194 3548 Detected object count: 2
07:57:29.0194 3548 Actual detected object count: 2
07:57:56.0059 3548 NetBT ( Virus.Win32.ZAccess.g ) - skipped by user
07:57:56.0059 3548 NetBT ( Virus.Win32.ZAccess.g ) - User select action: Skip
07:57:56.0061 3548 PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user
07:57:56.0061 3548 PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:02:06.0965 1264 Deinitialize success


Farbar Service Scanner Version: 01-03-2012
Ran by Gonzalo Gerbasi (administrator) on 12-03-2012 at 08:04:37
Running from "C:\Users\Gonzalo Gerbasi\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open MpsSvc registry key. The service key does not exist.

bfe Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open bfe registry key. The service key does not exist.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open wscsvc registry key. The service key does not exist.


Windows Update:
============

File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****

OTL logfile created on: 12/03/2012 08:10:59 a.m. - Run 1
OTL by OldTimer - Version 3.2.36.3 Folder = C:\Users\Gonzalo Gerbasi\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 0000200a | Country: Republica Bolivariana de Venezuela | Language: ESV | Date Format: dd/MM/yyyy

3,25 Gb Total Physical Memory | 2,17 Gb Available Physical Memory | 66,82% Memory free
6,49 Gb Paging File | 5,27 Gb Available in Paging File | 81,23% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465,66 Gb Total Space | 422,53 Gb Free Space | 90,74% Space Free | Partition Type: NTFS
Drive E: | 5,46 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive J: | 3,81 Gb Total Space | 0,68 Gb Free Space | 17,85% Space Free | Partition Type: FAT32

Computer Name: GONZALOGERBASI | User Name: Gonzalo Gerbasi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/12 08:31:50 | 000,594,944 | ---- | M] (OldTimer Tools) -- C:\Users\Gonzalo Gerbasi\Desktop\OTL.exe
PRC - [2012/01/22 21:40:56 | 000,145,936 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe
PRC - [2012/01/22 21:40:52 | 000,159,320 | ---- | M] (McAfee, Inc.) -- C:\Archivos de programa\Common Files\McAfee\SystemCore\mcshield.exe
PRC - [2012/01/22 11:41:16 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Archivos de programa\Common Files\Real\Update_OB\realsched.exe
PRC - [2012/01/15 19:10:10 | 005,019,360 | ---- | M] (FNet Co., Ltd.) -- C:\Archivos de programa\XFastUSB\XFastUsb.exe
PRC - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Archivos de programa\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/01/13 14:53:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Archivos de programa\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/10/19 16:19:22 | 000,359,808 | R--- | M] (cFos Software GmbH) -- C:\Archivos de programa\ASRock\XFast LAN\spd.exe
PRC - [2011/10/19 16:19:20 | 001,202,560 | R--- | M] (cFos Software GmbH) -- C:\Archivos de programa\ASRock\XFast LAN\cfosspeed.exe
PRC - [2011/08/03 18:18:02 | 012,997,488 | ---- | M] (Microsoft Corporation) -- C:\Archivos de programa\Microsoft Office\Office12\OUTLOOK.EXE
PRC - [2011/02/25 01:00:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/02/22 14:02:52 | 002,145,904 | ---- | M] (VIA) -- C:\Archivos de programa\VIA\VIAudioi\VDeck\VDeck.exe
PRC - [2011/02/17 22:50:50 | 000,027,760 | ---- | M] (VIA Technologies, Inc.) -- C:\Windows\System32\ViakaraokeSrv.exe
PRC - [2011/01/14 15:41:58 | 001,839,616 | ---- | M] (MAGIX AG) -- C:\Archivos de programa\Common Files\MAGIX Services\Database\bin\FABS.exe
PRC - [2011/01/12 20:52:12 | 000,215,360 | ---- | M] (McAfee, Inc.) -- C:\Archivos de programa\McAfee\VirusScan Enterprise\shstat.exe
PRC - [2011/01/12 20:46:36 | 000,209,760 | ---- | M] (McAfee, Inc.) -- C:\Archivos de programa\McAfee\VirusScan Enterprise\VsTskMgr.exe
PRC - [2011/01/12 16:05:00 | 000,185,664 | ---- | M] (McAfee, Inc.) -- C:\Archivos de programa\McAfee\Common Framework\naPrdMgr.exe
PRC - [2011/01/12 16:05:00 | 000,161,088 | ---- | M] (McAfee, Inc.) -- C:\Archivos de programa\McAfee\Common Framework\UdaterUI.exe
PRC - [2011/01/12 16:05:00 | 000,120,128 | ---- | M] (McAfee, Inc.) -- C:\Archivos de programa\McAfee\Common Framework\FrameworkService.exe
PRC - [2011/01/12 16:05:00 | 000,075,072 | ---- | M] (McAfee, Inc.) -- C:\Archivos de programa\McAfee\Common Framework\McTray.exe
PRC - [2010/11/20 16:59:41 | 001,174,016 | ---- | M] (Microsoft Corporation) -- C:\Archivos de programa\Windows Sidebar\sidebar.exe
PRC - [2010/11/20 16:59:19 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/04/13 19:01:58 | 000,094,024 | ---- | M] (TechSmith Corporation) -- C:\Archivos de programa\TechSmith\Snagit 10\TscHelp.exe
PRC - [2010/04/13 19:01:56 | 000,079,688 | ---- | M] (TechSmith Corporation) -- C:\Archivos de programa\TechSmith\Snagit 10\SnagPriv.exe
PRC - [2010/04/13 19:01:52 | 007,384,904 | ---- | M] (TechSmith Corporation) -- C:\Archivos de programa\TechSmith\Snagit 10\SnagitEditor.exe
PRC - [2010/04/13 19:01:52 | 007,046,984 | ---- | M] (TechSmith Corporation) -- C:\Archivos de programa\TechSmith\Snagit 10\Snagit32.exe
PRC - [2009/02/26 18:36:46 | 000,030,040 | ---- | M] (Microsoft Corporation) -- C:\Archivos de programa\Microsoft Office\Office12\GrooveMonitor.exe
PRC - [2009/02/26 15:24:50 | 000,097,680 | ---- | M] (Microsoft Corporation) -- C:\Archivos de programa\Microsoft Office\Office12\ONENOTEM.EXE
PRC - [2009/01/29 17:50:49 | 000,057,344 | ---- | M] (SlySoft, Inc.) -- C:\Archivos de programa\SlySoft\CloneCD\CloneCDTray.exe
PRC - [2008/03/24 17:48:52 | 003,310,928 | ---- | M] (Webshots.com) -- C:\Archivos de programa\Webshots\Webshots.scr
PRC - [2006/10/26 13:40:34 | 000,335,872 | ---- | M] (Microsoft Corporation) -- C:\Archivos de programa\Common Files\microsoft shared\VS7DEBUG\mdm.exe
PRC - [2003/08/08 18:54:54 | 001,175,552 | ---- | M] () -- C:\Archivos de programa\Drag'n Drop CD+DVD\BinFiles\DragDrop.exe
PRC - [2002/08/20 10:29:26 | 000,040,960 | ---- | M] (Easy Systems Japan Ltd.) -- C:\Windows\System32\ezSP_Px.exe


========== Modules (No Company Name) ==========

MOD - [2012/01/22 11:41:33 | 000,008,704 | ---- | M] () -- C:\Archivos de programa\Real\RealPlayer\rpchromebrowserrecordhelper.dll
MOD - [2011/10/05 03:52:30 | 000,756,048 | ---- | M] () -- C:\Archivos de programa\Common Files\microsoft shared\OFFICE12\MSPTLS.DLL
MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Archivos de programa\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Archivos de programa\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/06/22 11:46:12 | 000,434,016 | ---- | M] () -- C:\Archivos de programa\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll
MOD - [2011/02/22 14:02:34 | 000,623,216 | ---- | M] () -- C:\Archivos de programa\VIA\VIAudioi\VDeck\skin.dll
MOD - [2011/02/22 14:02:32 | 000,080,496 | ---- | M] () -- C:\Archivos de programa\VIA\VIAudioi\VDeck\QsApoApi.dll
MOD - [2011/02/22 14:02:26 | 000,113,264 | ---- | M] () -- C:\Archivos de programa\VIA\VIAudioi\VDeck\Dts2ApoApi.dll
MOD - [2010/11/20 16:59:12 | 000,232,448 | ---- | M] () -- \\?\globalroot\systemroot\system32\mswsock.DLL
MOD - [2009/02/26 13:46:56 | 000,064,344 | ---- | M] () -- C:\Archivos de programa\Microsoft Office\Office12\ADDINS\ColleagueImport.dll
MOD - [2007/04/18 19:30:46 | 000,471,040 | ---- | M] () -- C:\Archivos de programa\McAfee\Common Framework\ccme_base.dll
MOD - [2007/04/18 19:30:46 | 000,393,216 | ---- | M] () -- C:\Archivos de programa\McAfee\Common Framework\cryptocme2.dll
MOD - [2003/09/05 06:46:16 | 000,516,096 | ---- | M] () -- C:\Archivos de programa\Drag'n Drop CD+DVD\BinFiles\DDCDRES.dll
MOD - [2003/08/08 18:54:54 | 001,175,552 | ---- | M] () -- C:\Archivos de programa\Drag'n Drop CD+DVD\BinFiles\DragDrop.exe
MOD - [2002/02/26 18:54:56 | 000,069,632 | ---- | M] () -- C:\Archivos de programa\Drag'n Drop CD+DVD\BinFiles\ezID3.dll
MOD - [2001/06/26 00:15:44 | 000,081,920 | ---- | M] () -- C:\Archivos de programa\Drag'n Drop CD+DVD\BinFiles\ezLICEN1.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (XAudio)
SRV - File not found [Auto | Stopped] -- -- (wlancfg)
SRV - File not found [Auto | Stopped] -- -- (w800mgmt)
SRV - File not found [Auto | Stopped] -- -- (vxd)
SRV - File not found [Auto | Stopped] -- -- (VICESYS)
SRV - File not found [Auto | Stopped] -- -- (vet-filt)
SRV - File not found [Auto | Stopped] -- -- (ups)
SRV - File not found [Auto | Stopped] -- -- (tvtpktfilter)
SRV - File not found [Auto | Stopped] -- -- (TPECioCtl)
SRV - File not found [Auto | Stopped] -- -- (tossmbnt)
SRV - File not found [Auto | Stopped] -- -- (tosrfsnd)
SRV - File not found [Auto | Stopped] -- -- (toshidpt)
SRV - File not found [Auto | Stopped] -- -- (tga)
SRV - File not found [Auto | Stopped] -- -- (teefer)
SRV - File not found [Auto | Stopped] -- -- (Tablet2k)
SRV - File not found [Auto | Stopped] -- -- (ssisvr32)
SRV - File not found [Auto | Stopped] -- -- (sqlagent$pinnaclesys)
SRV - File not found [Auto | Stopped] -- -- (SQLAgent$LG_LP2)
SRV - File not found [Auto | Stopped] -- -- (sprtsvc_smartagent)
SRV - File not found [Auto | Stopped] -- -- (SilverLink)
SRV - File not found [Auto | Stopped] -- -- (sfman)
SRV - File not found [Auto | Stopped] -- -- (senfilt)
SRV - File not found [Auto | Stopped] -- -- (SeaPort)
SRV - File not found [Auto | Stopped] -- -- (SE2Dmgmt)
SRV - File not found [Auto | Stopped] -- -- (SE2Cmdfl)
SRV - File not found [Auto | Stopped] -- -- (s616mdm)
SRV - File not found [Auto | Stopped] -- -- (rollbackclientservice)
SRV - File not found [Auto | Stopped] -- -- (RivaTuner32)
SRV - File not found [Auto | Stopped] -- -- (RIOXDRV)
SRV - File not found [Auto | Stopped] -- -- (purgeieservice)
SRV - File not found [Auto | Stopped] -- -- (PTproct)
SRV - File not found [Auto | Stopped] -- -- (pgfilter)
SRV - File not found [Auto | Stopped] -- -- (personalsecuredriveservice)
SRV - File not found [Auto | Stopped] -- -- (pavatscheduler)
SRV - File not found [Auto | Stopped] -- -- (ossrv)
SRV - File not found [Auto | Stopped] -- -- (OEM02Afx)
SRV - File not found [Auto | Stopped] -- -- (nwlnkfwd)
SRV - File not found [Auto | Stopped] -- -- (NWFILTER)
SRV - File not found [Auto | Stopped] -- -- (NSNDIS5)
SRV - File not found [Auto | Stopped] -- -- (nm)
SRV - File not found [Auto | Stopped] -- -- (nimcdldu)
SRV - File not found [Auto | Stopped] -- -- (nidomainservice)
SRV - File not found [Auto | Stopped] -- -- (netrcacm)
SRV - File not found [Auto | Stopped] -- -- (naiavfilter1)
SRV - File not found [Auto | Stopped] -- -- (MSW_USB)
SRV - File not found [Auto | Stopped] -- -- (mozyFilter)
SRV - File not found [Auto | Stopped] -- -- (mmc_2K)
SRV - File not found [Auto | Stopped] -- -- (mfesmfk)
SRV - File not found [Auto | Stopped] -- -- (merakcontrol)
SRV - File not found [Auto | Stopped] -- -- (livesrv)
SRV - File not found [Auto | Stopped] -- -- (inort)
SRV - File not found [Auto | Stopped] -- -- (ikhfile)
SRV - File not found [Auto | Stopped] -- -- (ifp800)
SRV - File not found [Auto | Stopped] -- -- (icraplus)
SRV - File not found [Auto | Stopped] -- -- (ibmsmbus)
SRV - File not found [Auto | Stopped] -- -- (gdihook5)
SRV - File not found [Auto | Stopped] -- -- (enxpsvr)
SRV - File not found [Auto | Stopped] -- -- (dlbx_device)
SRV - File not found [Auto | Stopped] -- -- (dklogger)
SRV - File not found [Auto | Stopped] -- -- (DFUBTUSB)
SRV - File not found [Auto | Stopped] -- -- (Dfs)
SRV - File not found [Auto | Stopped] -- -- (db2das00)
SRV - File not found [Auto | Stopped] -- -- (cwcwdm)
SRV - File not found [Auto | Stopped] -- -- (Bcim)
SRV - File not found [Auto | Stopped] -- -- (BASFND)
SRV - File not found [Auto | Stopped] -- -- (ativraxx)
SRV - File not found [Auto | Stopped] -- -- (array_utility_service4,0,1,3)
SRV - File not found [Auto | Stopped] -- -- (alerter)
SRV - File not found [Auto | Stopped] -- -- (adihdaudaddservice)
SRV - File not found [Auto | Stopped] -- -- (acmservice)
SRV - File not found [Auto | Stopped] -- -- (3compxe)
SRV - [2012/01/22 21:40:56 | 000,145,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\System32\mfevtps.exe -- (mfevtp)
SRV - [2012/01/22 21:40:52 | 000,159,320 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2012/01/15 19:53:25 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/10/19 16:19:22 | 000,359,808 | R--- | M] (cFos Software GmbH) [Auto | Running] -- C:\Program Files\ASRock\XFast LAN\spd.exe -- (cFosSpeedS)
SRV - [2011/02/17 22:50:50 | 000,027,760 | ---- | M] (VIA Technologies, Inc.) [Auto | Running] -- C:\Windows\System32\ViakaraokeSrv.exe -- (VIAKaraokeService)
SRV - [2011/01/14 15:41:58 | 001,839,616 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2011/01/12 20:46:36 | 000,209,760 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Archivos de programa\McAfee\VirusScan Enterprise\VsTskMgr.exe -- (McTaskManager)
SRV - [2011/01/12 16:05:00 | 000,120,128 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - [2009/07/13 20:46:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 20:44:41 | 000,005,120 | ---- | M] () [Auto | Running] -- C:\Windows\System32\udfs.dll -- (AlteraByteBlaster)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Stopped] -- C:\Archivos de programa\Spybot\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/08/07 10:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Unknown] -- -- (mfeavfk01)
DRV - [2012/03/12 07:54:59 | 000,029,760 | ---- | M] (FNet Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FNETTBOH_305.SYS -- (FNETTBOH_305)
DRV - [2012/01/22 21:40:56 | 000,162,928 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\mfewfpk.sys -- (mfewfpk)
DRV - [2012/01/22 21:40:55 | 000,085,152 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2012/01/22 21:40:54 | 000,436,728 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2012/01/22 21:40:53 | 000,171,296 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2012/01/22 21:40:53 | 000,116,104 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2012/01/22 21:40:53 | 000,058,456 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2012/01/15 19:10:11 | 000,014,656 | ---- | M] (FNet Co., Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\FNETURPX.SYS -- (FNETURPX)
DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/07/04 15:19:02 | 001,180,032 | ---- | M] (cFos Software GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\cfosspeed6.sys -- (cFosSpeed) cFosSpeed for faster Internet connections (NDIS 6)
DRV - [2011/02/17 22:50:46 | 001,801,328 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV - [2011/01/26 17:25:24 | 000,021,000 | ---- | M] (ASRock Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AsrVDrive.sys -- (AsrVDrive)
DRV - [2010/11/20 16:59:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 16:59:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2010/08/24 17:55:52 | 000,068,208 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C)
DRV - [2010/06/11 14:37:04 | 000,013,832 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | System | Running] -- C:\Windows\System32\drivers\AsrAppCharger.sys -- (AsrAppCharger)
DRV - [2007/02/15 20:27:04 | 000,034,760 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV - [2006/05/03 22:40:42 | 000,390,784 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snpstd.sys -- (snpstd)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-100977683-2305412043-1248968919-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.twitter.com/
IE - HKU\S-1-5-21-100977683-2305412043-1248968919-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://latam.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-100977683-2305412043-1248968919-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = es-VE
IE - HKU\S-1-5-21-100977683-2305412043-1248968919-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B4 4C B2 BA D9 DB CC 01 [binary data]
IE - HKU\S-1-5-21-100977683-2305412043-1248968919-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-100977683-2305412043-1248968919-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-100977683-2305412043-1248968919-1000\..\SearchScopes\{677F0EE6-643E-456C-92A9-01F50A44CE9F}: "URL" = http://ve.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=992732&p={searchTerms}
IE - HKU\S-1-5-21-100977683-2305412043-1248968919-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-100977683-2305412043-1248968919-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.69: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2012/01/22 11:41:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/01/25 22:41:15 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/01/25 22:41:15 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.77\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.77\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.77\gcswf32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Gonzalo Gerbasi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: B\u00FAsqueda de Google = C:\Users\Gonzalo Gerbasi\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: Gmail = C:\Users\Gonzalo Gerbasi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\

O1 HOSTS File: ([2012/01/22 21:38:43 | 000,440,287 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 15136 more lines...
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Archivos de programa\TechSmith\Snagit 10\SnagitBHO.dll (TechSmith Corporation)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Archivos de programa\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Archivos de programa\Spybot\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Archivos de programa\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Archivos de programa\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Archivos de programa\Common Files\McAfee\SystemCore\ScriptSn.20120122214145.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Archivos de programa\TechSmith\Snagit 10\SnagitIEAddin.dll (TechSmith Corporation)
O3 - HKU\S-1-5-21-100977683-2305412043-1248968919-1000\..\Toolbar\WebBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [CloneCDTray] C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe (SlySoft, Inc.)
O4 - HKLM..\Run: [Drag'n Drop CD+DVD] C:\Program Files\Drag'n Drop CD+DVD\BinFiles\DragDrop.exe ()
O4 - HKLM..\Run: [ezShieldProtector for Px] C:\Windows\System32\ezSP_Px.exe (Easy Systems Japan Ltd.)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKLM..\Run: [snpstd] C:\Windows\vsnpstd.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [XFast LAN] C:\Archivos de programa\ASRock\XFast LAN\cfosspeed.exe (cFos Software GmbH)
O4 - HKLM..\Run: [XFastUSB] C:\Program Files\XFastUSB\XFastUsb.exe (FNet Co., Ltd.)
O4 - HKU\S-1-5-21-100977683-2305412043-1248968919-1000..\Run: [ASRockIES] File not found
O4 - HKU\S-1-5-21-100977683-2305412043-1248968919-1000..\Run: [ASRockOCTuner] File not found
O4 - HKU\S-1-5-21-100977683-2305412043-1248968919-1000..\Run: [DW7] "C:\Program Files\The Weather Channel\The Weather Channel App\TWCApp.exe" File not found
O4 - HKU\S-1-5-21-100977683-2305412043-1248968919-1000..\Run: [zASRockInstantBoot] File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Gonzalo Gerbasi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Recorte de pantalla e Inicio rápido de OneNote 2007.lnk = C:\Archivos de programa\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O4 - Startup: C:\Users\Gonzalo Gerbasi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Webshots.lnk = C:\Archivos de programa\Webshots\Launcher.exe (Webshots.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8 - Extra context menu item: E&xportar a Microsoft Excel - C:\Archivos de programa\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Archivos de programa\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Archivos de programa\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Archivos de programa\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Archivos de programa\Spybot\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Archivos de programa\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.135 200.11.248.12 200.44.32.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0F30FC08-9C9A-4B69-8327-B9ACA0B4F06E}: DhcpNameServer = 192.168.1.135 200.11.248.12 200.44.32.12
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Archivos de programa\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Archivos de programa\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Archivos de programa\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Archivos de programa\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:12:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2007/02/12 15:23:42 | 000,000,277 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2003/08/25 08:43:48 | 000,024,576 | ---- | M] () - J:\Autorización.doc -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CE4BC71D-A88B-4943-BB3D-AF9C0E7D4387} - .NET Framework
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: senfilt - File not found
NetSvcs: w800mgmt - File not found
NetSvcs: VICESYS - File not found
NetSvcs: AlteraByteBlaster - File not found
NetSvcs: mozyFilter - File not found
NetSvcs: naiavfilter1 - File not found
NetSvcs: NWFILTER - File not found
NetSvcs: enxpsvr - File not found
NetSvcs: Bcim - File not found
NetSvcs: s616mdm - File not found
NetSvcs: merakcontrol - File not found
NetSvcs: nm - File not found
NetSvcs: teefer - File not found
NetSvcs: cwcwdm - File not found
NetSvcs: mfesmfk - File not found
NetSvcs: rollbackclientservice - File not found
NetSvcs: nimcdldu - File not found
NetSvcs: RIOXDRV - File not found
NetSvcs: acmservice - File not found
NetSvcs: wlancfg - File not found
NetSvcs: Tablet2k - File not found
NetSvcs: sprtsvc_smartagent - File not found
NetSvcs: toshidpt - File not found
NetSvcs: dlbx_device - File not found
NetSvcs: SE2Cmdfl - File not found
NetSvcs: SilverLink - File not found
NetSvcs: vaiomediaplatform-musicserver-appserver - File not found
NetSvcs: wpdusb - File not found
NetSvcs: BASFND - File not found
NetSvcs: vxd - File not found
NetSvcs: nwlnkfwd - File not found
NetSvcs: smstsmgr - File not found
NetSvcs: wampmysqld - C:\Windows\System32\wampmysqld.dll File not found
NetSvcs: agentsrv - File not found
NetSvcs: pavatscheduler - File not found
NetSvcs: vcdsecs - File not found
NetSvcs: dlartl_n - File not found
NetSvcs: avgtdi - File not found
NetSvcs: rpsupdaterr - File not found
NetSvcs: SE27mdm - File not found
NetSvcs: cvsnt - File not found
NetSvcs: p17 - File not found
NetSvcs: openldap-slapd - File not found
NetSvcs: icraplus - File not found
NetSvcs: JiaoCap - File not found
NetSvcs: tossmbnt - File not found
NetSvcs: 3compxe - File not found
NetSvcs: db2das00 - File not found
NetSvcs: Dfs - File not found
NetSvcs: dklogger - File not found
NetSvcs: TPECioCtl - File not found
NetSvcs: FreeTdi - File not found
NetSvcs: MSW_USB - File not found
NetSvcs: adihdaudaddservice - File not found
NetSvcs: DCamUSBGrandTek - File not found
NetSvcs: slee_81_service - File not found
NetSvcs: elnkupdateservice - File not found
NetSvcs: sfng32 - File not found
NetSvcs: ibmsmbus - File not found
NetSvcs: avinitnt - File not found
NetSvcs: bcserver - File not found
NetSvcs: ifp800 - File not found
NetSvcs: ossrv - File not found
NetSvcs: inort - File not found
NetSvcs: tbiosdrv - C:\Windows\System32\tbiosdrv.dll File not found
NetSvcs: wap3gx - File not found
NetSvcs: personalsecuredriveservice - File not found
NetSvcs: ssisvr32 - File not found
NetSvcs: array_utility_service4 - File not found
NetSvcs: 0 - File not found
NetSvcs: 1 - File not found
NetSvcs: 3 - File not found
NetSvcs: purgeieservice - File not found
NetSvcs: XAudio - File not found
NetSvcs: SeaPort - File not found
NetSvcs: sqlagent$pinnaclesys - File not found
NetSvcs: ups - File not found
NetSvcs: livesrv - File not found
NetSvcs: alerter - File not found
NetSvcs: tosrfsnd - File not found
NetSvcs: gdihook5 - File not found
NetSvcs: SE2Dmgmt - File not found
NetSvcs: OEM02Afx - File not found
NetSvcs: PTproct - File not found
NetSvcs: vet-filt - File not found
NetSvcs: pgfilter - File not found
NetSvcs: netrcacm - File not found
NetSvcs: RivaTuner32 - File not found
NetSvcs: tga - File not found
NetSvcs: SQLAgent$LG_LP2 - File not found
NetSvcs: mvdcodec - File not found
NetSvcs: ativraxx - File not found
NetSvcs: mmc_2K - File not found
NetSvcs: sfman - File not found
NetSvcs: NSNDIS5 - File not found
NetSvcs: tvtpktfilter - File not found
NetSvcs: DFUBTUSB - File not found
NetSvcs: nidomainservice - File not found
NetSvcs: ikhfile - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

========== Files/Folders - Created Within 30 Days ==========

[2012/03/12 08:31:35 | 000,594,944 | ---- | C] (OldTimer Tools) -- C:\Users\Gonzalo Gerbasi\Desktop\OTL.exe
[2012/03/12 08:21:45 | 002,063,920 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Gonzalo Gerbasi\Desktop\tdsskiller.exe
[2012/03/05 19:07:16 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012/03/05 12:28:17 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo Gerbasi\AppData\Roaming\Malwarebytes
[2012/03/05 12:28:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/03/05 12:27:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/03/05 12:27:53 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/03/05 12:27:52 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/03/05 12:24:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2012/03/05 12:23:57 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2012/03/05 12:23:57 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2012/03/05 12:23:57 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2012/03/05 12:23:57 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2012/03/04 16:48:27 | 000,000,000 | ---D | C] -- C:\QUARANTINE
[2012/02/15 23:27:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012/02/14 22:57:55 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
[2012/02/14 22:57:31 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/02/14 22:57:29 | 001,798,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/02/14 22:57:29 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/02/14 22:57:28 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/02/14 22:57:28 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/02/14 22:57:25 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/02/14 18:12:07 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl
[2012/02/14 18:11:54 | 002,343,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/02/13 17:26:08 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo Gerbasi\Documents\plantillas cuadros

========== Files - Modified Within 30 Days ==========

[2012/03/12 08:31:50 | 000,594,944 | ---- | M] (OldTimer Tools) -- C:\Users\Gonzalo Gerbasi\Desktop\OTL.exe
[2012/03/12 08:31:22 | 000,337,137 | ---- | M] () -- C:\Users\Gonzalo Gerbasi\Desktop\FSS.exe
[2012/03/12 08:23:12 | 002,063,920 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Gonzalo Gerbasi\Desktop\tdsskiller.exe
[2012/03/12 08:22:02 | 000,001,042 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/12 08:13:06 | 000,000,000 | ---- | M] () -- C:\Windows\System32\udfs.dll
[2012/03/12 07:55:58 | 000,703,602 | ---- | M] () -- C:\Windows\System32\perfh00A.dat
[2012/03/12 07:55:58 | 000,137,600 | ---- | M] () -- C:\Windows\System32\perfc00A.dat
[2012/03/12 07:55:57 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/03/12 07:55:57 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/03/12 07:54:59 | 000,029,760 | ---- | M] (FNet Co., Ltd.) -- C:\Windows\System32\drivers\FNETTBOH_305.SYS
[2012/03/12 07:53:44 | 000,021,472 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/12 07:53:44 | 000,021,472 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/12 07:46:30 | 000,001,038 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/12 07:46:21 | 000,000,000 | -HS- | M] () -- C:\Windows\System32\dds_log_ad13.cmd
[2012/03/12 07:46:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/12 07:46:16 | 2614,951,936 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/09 08:04:37 | 000,000,000 | -HS- | M] () -- C:\Windows\System32\dds_log_trash.cmd
[2012/03/06 09:38:13 | 205,228,941 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/03/05 12:23:23 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2012/03/05 12:23:23 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2012/03/05 12:23:23 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2012/03/05 12:23:22 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2012/02/15 20:05:36 | 001,647,466 | ---- | M] () -- C:\Users\Gonzalo Gerbasi\Documents\IMG-20120215-00946.jpg
[2012/02/15 07:31:02 | 000,485,760 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

========== Files Created - No Company Name ==========

File not found -- C:\Windows\System32\z525mgmt.dll
File not found -- C:\Windows\System32\v2imount.dll
File not found -- C:\Windows\System32\tvtpktfilter.dll
File not found -- C:\Windows\System32\trlokom_rmhsvc.dll
File not found -- C:\Windows\System32\TIEHDUSB.dll
File not found -- C:\Windows\System32\schedule.dll
File not found -- C:\Windows\System32\s116mdfl.dll
File not found -- C:\Windows\System32\pdlndqll.dll
File not found -- C:\Windows\System32\olapserver.dll
File not found -- C:\Windows\System32\nvlddmkm.dll
File not found -- C:\Windows\System32\ntgrip.dll
File not found -- C:\Windows\System32\nfsds.dll
File not found -- C:\Windows\System32\IPFilter.dll
File not found -- C:\Windows\System32\dvpapi.dll
File not found -- C:\Windows\System32\DCamUSBSQTECH.dll
File not found -- C:\Windows\System32\cmudau.dll
File not found -- C:\Windows\System32\BootScreen.dll
File not found -- C:\Windows\System32\avgntflt.dll
File not found -- C:\Windows\System32\AmeLanPc.dll
File not found -- C:\Windows\System32\abp480n5.dll
File not found -- C:\Windows\System32\abiosdsk.dll
[2012/03/12 08:31:14 | 000,337,137 | ---- | C] () -- C:\Users\Gonzalo Gerbasi\Desktop\FSS.exe
[2012/03/09 18:31:47 | 000,000,000 | -HS- | C] () -- C:\Windows\System32\dds_log_ad13.cmd
[2012/03/05 19:07:13 | 205,228,941 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/03/04 16:48:25 | 000,000,000 | -HS- | C] () -- C:\Windows\System32\dds_log_trash.cmd
[2012/02/15 20:03:44 | 001,647,466 | ---- | C] () -- C:\Users\Gonzalo Gerbasi\Documents\IMG-20120215-00946.jpg
[2012/01/25 22:28:11 | 000,225,641 | ---- | C] () -- C:\Windows\hpoins18.dat
[2012/01/25 22:28:11 | 000,005,355 | ---- | C] () -- C:\Windows\hpomdl18.dat
[2012/01/25 21:16:50 | 000,038,422 | ---- | C] () -- C:\Users\Gonzalo Gerbasi\AppData\Roaming\Valores separados por comas (Windows).ADR
[2012/01/25 21:16:09 | 000,009,343 | ---- | C] () -- C:\Users\Gonzalo Gerbasi\AppData\Roaming\Valores separados por comas (Windows).EML
[2012/01/23 02:23:13 | 000,485,760 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/01/22 11:40:45 | 000,000,908 | ---- | C] () -- C:\Windows\System32\Px.ini
[2012/01/22 11:40:33 | 000,053,248 | ---- | C] () -- C:\Windows\System32\pxhpinst.exe
[2012/01/15 19:12:41 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2012/01/15 19:09:58 | 000,000,003 | ---- | C] () -- C:\Users\Gonzalo Gerbasi\AppData\Local\user_data.ini
[2012/01/15 18:58:57 | 000,134,592 | ---- | C] () -- C:\Windows\System32\igfcg500.bin
[2011/02/11 19:10:52 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2011/02/11 19:10:50 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2011/02/11 19:10:50 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2011/02/11 18:40:40 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2011/02/11 18:38:44 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2010/11/20 20:00:05 | 000,703,602 | ---- | C] () -- C:\Windows\System32\perfh00A.dat
[2010/11/20 20:00:05 | 000,341,432 | ---- | C] () -- C:\Windows\System32\perfi00A.dat
[2010/11/20 20:00:05 | 000,137,600 | ---- | C] () -- C:\Windows\System32\perfc00A.dat
[2010/11/20 20:00:05 | 000,041,390 | ---- | C] () -- C:\Windows\System32\perfd00A.dat

========== Custom Scans ==========


< "%WinDir%\$NtUninstallKB*$." /30 >

< C:\Program Files\Common Files\ComObjects\*.* /s >

< %systemroot%\*. /mp /s >

< %systemroot%\*. /rp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2012/03/12 08:13:06 | 000,000,000 | ---- | M] () Unable to obtain MD5 -- C:\Windows\system32\udfs.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\drivers\*.sys /90 >
[2012/03/12 07:54:59 | 000,029,760 | ---- | M] (FNet Co., Ltd.) -- C:\Windows\system32\drivers\FNETTBOH_305.SYS
[2012/01/15 19:10:11 | 000,014,656 | ---- | M] (FNet Co., Ltd.) -- C:\Windows\system32\drivers\FNETURPX.SYS
[2012/01/22 21:40:53 | 000,116,104 | ---- | M] (McAfee, Inc.) -- C:\Windows\system32\drivers\mfeapfk.sys
[2012/01/22 21:40:53 | 000,171,296 | ---- | M] (McAfee, Inc.) -- C:\Windows\system32\drivers\mfeavfk.sys
[2012/01/22 21:40:53 | 000,058,456 | ---- | M] (McAfee, Inc.) -- C:\Windows\system32\drivers\mfebopk.sys
[2012/01/22 21:40:53 | 000,009,344 | ---- | M] (McAfee, Inc.) -- C:\Windows\system32\drivers\mfeclnk.sys
[2012/01/22 21:40:54 | 000,436,728 | ---- | M] (McAfee, Inc.) -- C:\Windows\system32\drivers\mfehidk.sys
[2012/01/22 21:40:55 | 000,085,152 | ---- | M] (McAfee, Inc.) -- C:\Windows\system32\drivers\mferkdet.sys
[2012/01/22 21:40:56 | 000,162,928 | ---- | M] (McAfee, Inc.) -- C:\Windows\system32\drivers\mfewfpk.sys

< %SYSTEMDRIVE%\*.exe >


< MD5 for: ATAPI.SYS >
[2009/07/13 20:56:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009/07/13 20:56:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009/07/13 20:56:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys

< MD5 for: EXPLORER.EXE >
[2011/02/26 00:49:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2010/11/20 16:59:20 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011/02/25 01:00:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011/02/25 01:00:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe

< MD5 for: TDX.SYS >
[2010/11/20 16:59:07 | 000,074,752 | ---- | M] (Microsoft Corporation) MD5=B459575348C20E8121D6039DA063C704 -- C:\Windows\System32\drivers\tdx.sys
[2010/11/20 16:59:07 | 000,074,752 | ---- | M] (Microsoft Corporation) MD5=B459575348C20E8121D6039DA063C704 -- C:\Windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7601.17514_none_ec4532373a57c1c2\tdx.sys

< MD5 for: VOLSNAP.SYS >
[2010/11/20 16:59:03 | 000,245,632 | ---- | M] (Microsoft Corporation) MD5=F497F67932C6FA693D7DE2780631CFE7 -- C:\Windows\System32\drivers\volsnap.sys
[2010/11/20 16:59:03 | 000,245,632 | ---- | M] (Microsoft Corporation) MD5=F497F67932C6FA693D7DE2780631CFE7 -- C:\Windows\System32\DriverStore\FileRepository\volume.inf_x86_neutral_6dee0205881d1a1d\volsnap.sys
[2010/11/20 16:59:03 | 000,245,632 | ---- | M] (Microsoft Corporation) MD5=F497F67932C6FA693D7DE2780631CFE7 -- C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.1.7601.17514_none_17be216c5a5713d8\volsnap.sys

< MD5 for: WININIT.EXE >
[2009/07/13 20:44:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009/07/13 20:44:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

< MD5 for: WINLOGON.EXE >
[2012/01/13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010/11/20 16:59:06 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010/11/20 16:59:06 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2012/03/08 09:58:54 | 001,049,072 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2012/03/08 09:58:54 | 001,049,072 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/03/08 09:58:54 | 001,049,072 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2012/03/08 09:58:54 | 001,049,072 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2012/01/25 21:24:23 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2012/01/25 21:24:23 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2012/01/25 21:24:23 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2012/01/25 21:24:23 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2012/01/25 21:24:23 | 000,748,336 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2012/03/08 09:58:54 | 001,049,072 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2012/03/08 09:58:54 | 001,049,072 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/03/08 09:58:54 | 001,049,072 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2012/03/08 09:58:54 | 001,049,072 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2012/01/25 21:24:23 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2012/01/25 21:24:23 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2012/01/25 21:24:23 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2012/01/25 21:24:23 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2012/01/25 21:24:23 | 000,748,336 | ---- | M] (Microsoft Corporation)

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\$NtUninstallKB14150$] -> Error: Cannot create file handle -> Unknown point type

< End of report >


OTL Extras logfile created on: 12/03/2012 08:10:59 a.m. - Run 1
OTL by OldTimer - Version 3.2.36.3 Folder = C:\Users\Gonzalo Gerbasi\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 0000200a | Country: Republica Bolivariana de Venezuela | Language: ESV | Date Format: dd/MM/yyyy

3,25 Gb Total Physical Memory | 2,17 Gb Available Physical Memory | 66,82% Memory free
6,49 Gb Paging File | 5,27 Gb Available in Paging File | 81,23% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465,66 Gb Total Space | 422,53 Gb Free Space | 90,74% Space Free | Partition Type: NTFS
Drive E: | 5,46 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive J: | 3,81 Gb Total Space | 0,68 Gb Free Space | 17,85% Space Free | Partition Type: FAT32

Computer Name: GONZALOGERBASI | User Name: Gonzalo Gerbasi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03840E8D-A75E-4C49-ADFC-09A867C7F943}" = Readon TV Movie Radio Player 7.5.0.0
"{0E1FE502-7536-4155-BBC6-7BE8E465DE08}" = Firebird SQL Server - MAGIX Edition
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{17016DA1-F040-4032-BD36-34DD317BC9D5}" = HP Photosmart All-In-One Driver Software 13.0 Rel. A
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{1AE3E621-E0C0-4aa1-B10B-B3E353A8D110}" = c3100_Help
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{1FE89496-456F-4689-9FFE-41AA127B70B3}" = MAGIX Music Maker Silver
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java™ 6 Update 31
"{2A7EF808-14F3-4E93-BE3A-1675EE5332A4}" = AIO_CDA_ProductContext
"{2AAB21C2-4CDA-4189-A0EC-5ED666113F84}" = McAfee Agent
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{354038F6-0A35-4C55-A80B-F86C4C1A6D38}" = C3100
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{5BCC634A-58AD-42F9-B3C6-2EA52F81CF85}" = Snagit 10
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6DEB9C77-8E16-4CA7-AF0B-ECF537F1D9F8}" = mufin player 2.0
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{75247E38-5C9B-45D6-ADF8-E11CB56B4990}" = Network
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7D6A437E-FA5B-49DD-890C-E8AB751FDC8F}" = MAGIX Video easy SE
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0015-0C0A-0000-0000000FF1CE}" = Microsoft Office Access MUI (Spanish) 2007
"{90120000-0015-0C0A-0000-0000000FF1CE}_ENTERPRISE_{D79E9128-A250-4155-BE90-2BE81DE0406A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0C0A-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Spanish) 2007
"{90120000-0016-0C0A-0000-0000000FF1CE}_ENTERPRISE_{D79E9128-A250-4155-BE90-2BE81DE0406A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0C0A-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Spanish) 2007
"{90120000-0018-0C0A-0000-0000000FF1CE}_ENTERPRISE_{D79E9128-A250-4155-BE90-2BE81DE0406A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0C0A-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Spanish) 2007
"{90120000-0019-0C0A-0000-0000000FF1CE}_ENTERPRISE_{D79E9128-A250-4155-BE90-2BE81DE0406A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0C0A-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Spanish) 2007
"{90120000-001A-0C0A-0000-0000000FF1CE}_ENTERPRISE_{D79E9128-A250-4155-BE90-2BE81DE0406A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0C0A-0000-0000000FF1CE}" = Microsoft Office Word MUI (Spanish) 2007
"{90120000-001B-0C0A-0000-0000000FF1CE}_ENTERPRISE_{D79E9128-A250-4155-BE90-2BE81DE0406A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0403-0000-0000000FF1CE}" = Microsoft Office Proof (Catalan) 2007
"{90120000-001F-0403-0000-0000000FF1CE}_ENTERPRISE_{BEADB115-DB47-4BD0-A9EC-AE585AFAB2D8}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0416-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Brazil)) 2007
"{90120000-001F-0416-0000-0000000FF1CE}_ENTERPRISE_{8A524694-0CA4-476A-9301-B1E9D70FC952}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-042D-0000-0000000FF1CE}" = Microsoft Office Proof (Basque) 2007
"{90120000-001F-042D-0000-0000000FF1CE}_ENTERPRISE_{017A6981-5E03-4A97-830A-35FE0927BB7F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0456-0000-0000000FF1CE}" = Microsoft Office Proof (Galician) 2007
"{90120000-001F-0456-0000-0000000FF1CE}_ENTERPRISE_{A3A03B41-14EA-4E50-97D8-FCF429AE0CCB}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0C0A-0000-0000000FF1CE}" = Microsoft Office Proofing (Spanish) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0C0A-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Spanish) 2007
"{90120000-0044-0C0A-0000-0000000FF1CE}_ENTERPRISE_{D79E9128-A250-4155-BE90-2BE81DE0406A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0C0A-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Spanish) 2007
"{90120000-006E-0C0A-0000-0000000FF1CE}_ENTERPRISE_{430AE3E6-E982-4958-90FC-1C062BC74E22}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0C0A-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Spanish) 2007
"{90120000-00A1-0C0A-0000-0000000FF1CE}_ENTERPRISE_{D79E9128-A250-4155-BE90-2BE81DE0406A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0C0A-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Spanish) 2007
"{90120000-00BA-0C0A-0000-0000000FF1CE}_ENTERPRISE_{D79E9128-A250-4155-BE90-2BE81DE0406A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{95B012AD-3A4A-31D7-9167-5D07D2A71F47}" = Microsoft .NET Framework 4 Client Profile ESN Language Pack
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A7AEE29F-839E-46B5-B347-6D430618129F}" = AIO_CDA_Software
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1034-7B44-A90000000001}" = Adobe Reader 9 - Español
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7B3E9B3-FB14-4927-894B-E9124509AF5A}" = Adobe Flash Player 10 ActiveX
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BE}" = WinZip 15.0
"{CE15D1B6-19B6-4D4D-8F43-CF5D2C3356FF}" = McAfee VirusScan Enterprise
"{D366D527-EE72-42C2-80BC-531BB30D924A}" = MAGIX Photo Manager 10
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{D86B0E2E-DF9A-441C-AF77-8D1A0FF00FA6}" = AIO_Scan
"{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting
"{DDC146FA-73E0-4FA1-A353-841EA14BF600}" = Drag'n Drop CD+DVD
"{F6D6B258-E3CA-4AAC-965A-68D3E3140A8C}" = iTunes
"{F7538994-FA9A-41AC-A390-808A6E26B971}" = MAGIX Screenshare
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"ASRock 3TB+ Unlocker_is1" = ASRock 3TB+ Unlocker v1.0
"ASRock App Charger_is1" = ASRock App Charger v1.0.4
"ASRock IES_is1" = ASRock IES v2.1.12
"ASRock InstantBoot_is1" = ASRock InstantBoot v1.23
"ASRock OC DNA_is1" = ASRock OC DNA v1.5
"ASRock OC Tuner_is1" = ASRock OC Tuner v2.4.31
"CCleaner" = CCleaner
"CloneCD" = CloneCD
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Google Chrome" = Google Chrome
"HDMI" = Intel® Graphics Media Accelerator Driver
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing 4.51
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Administrador de dispositivos de plataforma
"MAGIX_MSI_Foto_Manager_10" = MAGIX Photo Manager 10
"MAGIX_MSI_mm17_silver" = MAGIX Music Maker Silver
"MAGIX_MSI_mufin_player_2" = mufin player 2.0
"MAGIX_MSI_Video_easy_SE" = MAGIX Video easy SE
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile ESN Language Pack" = Paquete de idioma de Microsoft .NET Framework 4 Client Profile ESN
"P2PFilter" = P2PFilter 3.0.5
"RealPlayer 6.0" = RealPlayer
"Recuva" = Recuva
"Shop for HP Supplies" = Shop for HP Supplies
"TVWiz" = Intel® TV Wizard
"Webshots Desktop_is1" = Webshots Desktop
"XFast LAN" = XFast LAN v6.61
"XFastUSB" = XFastUSB
"XYplorer" = XYplorer 9.60

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-100977683-2305412043-1248968919-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/03/2012 12:12:56 p.m. | Computer Name = GonzaloGerbasi | Source = Application Error | ID = 1000
Description = Nombre de la aplicación con errores: mfeann.exe, versión: 14.3.0.464,
marca de tiempo: 0x4d2ce40e Nombre del módulo con errores: VsEvntUI.dll_unloaded,
versión: 0.0.0.0, marca de tiempo: 0x4d2e0477 Código de excepción: 0xc0000005 Desplazamiento
de errores: 0x6f2ee746 Id. del proceso con errores: 0x900 Hora de inicio de la aplicación
con errores: 0x01ccfed8a154ecda Ruta de acceso de la aplicación con errores: C:\Program
Files\McAfee\VirusScan Enterprise\mfeann.exe Ruta de acceso del módulo con errores:
VsEvntUI.dll Id. del informe: e4e90b98-6acb-11e1-abba-bc5ff407156e

Error - 10/03/2012 12:14:10 p.m. | Computer Name = GonzaloGerbasi | Source = WinMgmt | ID = 10
Description =

Error - 10/03/2012 01:27:25 p.m. | Computer Name = GonzaloGerbasi | Source = SideBySide | ID = 16842815
Description = Error al generar el contexto de activación para "c:\program files\Spybot\DelZip179.dll".
Error en el archivo de manifiesto o directiva "c:\program files\Spybot\DelZip179.dll"
en la línea 8. El valor "*" del atributo "language" del elemento "assemblyIdentity"
no es válido.

Error - 10/03/2012 05:55:04 p.m. | Computer Name = GonzaloGerbasi | Source = Application Error | ID = 1000
Description = Nombre de la aplicación con errores: MCUPDATE.EXE, versión: 8.8.0.777,
marca de tiempo: 0x4d2e0500 Nombre del módulo con errores: ntdll.dll, versión: 6.1.7601.17725,
marca de tiempo: 0x4ec49b60 Código de excepción: 0xc0000005 Desplazamiento de errores:
0x00064aaf Id. del proceso con errores: 0x159c Hora de inicio de la aplicación con
errores: 0x01ccff0871cdca94 Ruta de acceso de la aplicación con errores: C:\Program
Files\McAfee\VirusScan Enterprise\MCUPDATE.EXE Ruta de acceso del módulo con errores:
C:\Windows\SYSTEM32\ntdll.dll Id. del informe: b0e84f65-6afb-11e1-abba-bc5ff407156e

Error - 11/03/2012 10:25:03 a.m. | Computer Name = GonzaloGerbasi | Source = Application Error | ID = 1000
Description = Nombre de la aplicación con errores: mfeann.exe, versión: 14.3.0.464,
marca de tiempo: 0x4d2ce40e Nombre del módulo con errores: VsEvntUI.dll_unloaded,
versión: 0.0.0.0, marca de tiempo: 0x4d2e0477 Código de excepción: 0xc0000005 Desplazamiento
de errores: 0x73c2e746 Id. del proceso con errores: 0x870 Hora de inicio de la aplicación
con errores: 0x01ccff92b9da7874 Ruta de acceso de la aplicación con errores: C:\Program
Files\McAfee\VirusScan Enterprise\mfeann.exe Ruta de acceso del módulo con errores:
VsEvntUI.dll Id. del informe: fd39b105-6b85-11e1-b006-bc5ff407156e

Error - 11/03/2012 10:26:25 a.m. | Computer Name = GonzaloGerbasi | Source = WinMgmt | ID = 10
Description =

Error - 11/03/2012 11:23:58 a.m. | Computer Name = GonzaloGerbasi | Source = SideBySide | ID = 16842815
Description = Error al generar el contexto de activación para "c:\program files\Spybot\DelZip179.dll".
Error en el archivo de manifiesto o directiva "c:\program files\Spybot\DelZip179.dll"
en la línea 8. El valor "*" del atributo "language" del elemento "assemblyIdentity"
no es válido.

Error - 11/03/2012 05:53:11 p.m. | Computer Name = GonzaloGerbasi | Source = Application Error | ID = 1000
Description = Nombre de la aplicación con errores: MCUPDATE.EXE, versión: 8.8.0.777,
marca de tiempo: 0x4d2e0500 Nombre del módulo con errores: ntdll.dll, versión: 6.1.7601.17725,
marca de tiempo: 0x4ec49b60 Código de excepción: 0xc0000005 Desplazamiento de errores:
0x00064a91 Id. del proceso con errores: 0xa3c Hora de inicio de la aplicación con
errores: 0x01ccffd159e8e230 Ruta de acceso de la aplicación con errores: C:\Program
Files\McAfee\VirusScan Enterprise\MCUPDATE.EXE Ruta de acceso del módulo con errores:
C:\Windows\SYSTEM32\ntdll.dll Id. del informe: 97e015ac-6bc4-11e1-b006-bc5ff407156e

Error - 12/03/2012 08:16:41 a.m. | Computer Name = GonzaloGerbasi | Source = Application Error | ID = 1000
Description = Nombre de la aplicación con errores: mfeann.exe, versión: 14.3.0.464,
marca de tiempo: 0x4d2ce40e Nombre del módulo con errores: VsEvntUI.dll_unloaded,
versión: 0.0.0.0, marca de tiempo: 0x4d2e0477 Código de excepción: 0xc0000005 Desplazamiento
de errores: 0x6f2ae746 Id. del proceso con errores: 0x928 Hora de inicio de la aplicación
con errores: 0x01cd0049f5b8bd30 Ruta de acceso de la aplicación con errores: C:\Program
Files\McAfee\VirusScan Enterprise\mfeann.exe Ruta de acceso del módulo con errores:
VsEvntUI.dll Id. del informe: 3947a4c9-6c3d-11e1-86e0-bc5ff407156e

Error - 12/03/2012 08:17:59 a.m. | Computer Name = GonzaloGerbasi | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 12/03/2012 08:16:48 a.m. | Computer Name = GonzaloGerbasi | Source = Service Control Manager | ID = 7003
Description = El servicio Dispositivo host de UPnP depende del siguiente servicio:
SSDPSRV. Este servicio podría no estar instalado.

Error - 12/03/2012 08:16:50 a.m. | Computer Name = GonzaloGerbasi | Source = WMPNetworkSvc | ID = 866300
Description =

Error - 12/03/2012 08:16:53 a.m. | Computer Name = GonzaloGerbasi | Source = Service Control Manager | ID = 7003
Description = El servicio Dispositivo host de UPnP depende del siguiente servicio:
SSDPSRV. Este servicio podría no estar instalado.

Error - 12/03/2012 08:16:53 a.m. | Computer Name = GonzaloGerbasi | Source = Service Control Manager | ID = 7003
Description = El servicio Dispositivo host de UPnP depende del siguiente servicio:
SSDPSRV. Este servicio podría no estar instalado.

Error - 12/03/2012 08:17:04 a.m. | Computer Name = GonzaloGerbasi | Source = WMPNetworkSvc | ID = 866300
Description =

Error - 12/03/2012 08:17:04 a.m. | Computer Name = GonzaloGerbasi | Source = Service Control Manager | ID = 7003
Description = El servicio Dispositivo host de UPnP depende del siguiente servicio:
SSDPSRV. Este servicio podría no estar instalado.

Error - 12/03/2012 08:17:04 a.m. | Computer Name = GonzaloGerbasi | Source = Service Control Manager | ID = 7003
Description = El servicio Dispositivo host de UPnP depende del siguiente servicio:
SSDPSRV. Este servicio podría no estar instalado.

Error - 12/03/2012 08:18:42 a.m. | Computer Name = GonzaloGerbasi | Source = WMPNetworkSvc | ID = 866300
Description =

Error - 12/03/2012 08:18:43 a.m. | Computer Name = GonzaloGerbasi | Source = Service Control Manager | ID = 7003
Description = El servicio Dispositivo host de UPnP depende del siguiente servicio:
SSDPSRV. Este servicio podría no estar instalado.

Error - 12/03/2012 08:18:43 a.m. | Computer Name = GonzaloGerbasi | Source = Service Control Manager | ID = 7003
Description = El servicio Dispositivo host de UPnP depende del siguiente servicio:
SSDPSRV. Este servicio podría no estar instalado.


< End of report >

#4 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:06:24 AM

Posted 13 March 2012 - 12:05 AM

Hi Vincent,

Sorry for the late post but I thought you were going to reply me 5 days after my post.

That's not a problem at all! :)

The computer is a little bit slow and is redirecting me when I want to go to any webpage. The site that is showing all the time is abnow dot com. Basically is the same as last week.

Okay, thanks for that information.

It looks like TDSSKiller found a file (netbt.sys) to be infected by ZeroAccess. We'll need to address that.

07:57:56.0059 3548 NetBT ( Virus.Win32.ZAccess.g ) - skipped by user
07:57:56.0059 3548 NetBT ( Virus.Win32.ZAccess.g ) - User select action: Skip

It also looks like this infection has corrupted the values in a few registry keys. We'll need to address this a little bit later.


OTL Fix

We need to run an OTL Fix

Note: If you have MalwareBytes Anti-Malware 1.6 or higher installed and are using the Pro version or trial version, please temporarily disable it for the duration of this fix as it may interfere with the successfully execution of the script below.

  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Services
    :Processes
    KILLALLPROCESSES
    :OTL
    O3 - HKU\S-1-5-21-100977683-2305412043-1248968919-1000\..\Toolbar\WebBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No CLSID value found.
    O4 - HKU\S-1-5-21-100977683-2305412043-1248968919-1000..\Run: [ASRockIES] File not found
    O4 - HKU\S-1-5-21-100977683-2305412043-1248968919-1000..\Run: [ASRockOCTuner] File not found
    O4 - HKU\S-1-5-21-100977683-2305412043-1248968919-1000..\Run: [DW7] "C:\Program Files\The Weather Channel\The Weather Channel App\TWCApp.exe" File not found
    O4 - HKU\S-1-5-21-100977683-2305412043-1248968919-1000..\Run: [zASRockInstantBoot] File not found
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
    O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    [2012/03/12 07:46:21 | 000,000,000 | -HS- | M] () -- C:\Windows\System32\dds_log_ad13.cmd
    [2012/03/09 08:04:37 | 000,000,000 | -HS- | M] () -- C:\Windows\System32\dds_log_trash.cmd
    [2012/03/09 18:31:47 | 000,000,000 | -HS- | C] () -- C:\Windows\System32\dds_log_ad13.cmd
    [2012/03/04 16:48:25 | 000,000,000 | -HS- | C] () -- C:\Windows\System32\dds_log_trash.cmd
    
    :Reg
    
    :Files
    echo,Y|cacls "%WinDir%\system32\drivers\etc\hosts" /G everyone:f /c
    ipconfig /flushdns /c
    :Commands
    [purity]
    [resethosts]
    [CreateRestorePoint]
    [emptytemp]
    [EMPTYFLASH]
    [EMPTYJAVA]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


NEXT:



Running ComboFix
Download Combofix from either of the links below, and save it to your desktop.

Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Note: If AVG or CA Internet Security Suite is installed, you must remove these programs before using Combofix. If for some reason these applications will not uninstall, try uninstalling with AppRemover by Opswat.
--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt for further review.
  • If you get an error message saying: "Illegal operation attempted on a registry key that was marked for deletion." please reboot your computer, and that should take care of that error message.


NEXT:



Please make sure you include the following items in your next post:

1. Any comments or questions you may have that you'd like for me to answer in my next post to you.
2. OTL Fix log.
3. ComboFix.txt log.
4. An update on how your computer is currently running.

It would be helpful if you could answer each question in the order asked, as well as numbering your answers.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#5 vincent_g

vincent_g
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:24 AM

Posted 13 March 2012 - 09:44 AM

Hi ST,

Thanks again for your help. After I did what you told me the computer got faster, I can surf the net without problems and the Mcaffe is now enable. Audio is the only thing missing. I tried to open the sound on the control panel but it doesn't open, I also tried to play a song but there is no audio.

Here are the logs.

OTL logfile created on: 13/03/2012 09:06:15 a.m. - Run 2
OTL by OldTimer - Version 3.2.36.3 Folder = C:\Users\Gonzalo Gerbasi\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 0000200a | Country: Republica Bolivariana de Venezuela | Language: ESV | Date Format: dd/MM/yyyy

3,25 Gb Total Physical Memory | 2,22 Gb Available Physical Memory | 68,31% Memory free
6,49 Gb Paging File | 5,36 Gb Available in Paging File | 82,51% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465,66 Gb Total Space | 425,46 Gb Free Space | 91,37% Space Free | Partition Type: NTFS

Computer Name: GONZALOGERBASI | User Name: Gonzalo Gerbasi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/12 08:31:50 | 000,594,944 | ---- | M] (OldTimer Tools) -- C:\Users\Gonzalo Gerbasi\Desktop\OTL.exe
PRC - [2012/01/22 21:40:56 | 000,145,936 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe
PRC - [2012/01/22 21:40:52 | 000,159,320 | ---- | M] (McAfee, Inc.) -- C:\Archivos de programa\Common Files\McAfee\SystemCore\mcshield.exe
PRC - [2012/01/22 11:41:16 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Archivos de programa\Common Files\Real\Update_OB\realsched.exe
PRC - [2012/01/15 19:10:10 | 005,019,360 | ---- | M] (FNet Co., Ltd.) -- C:\Archivos de programa\XFastUSB\XFastUsb.exe
PRC - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Archivos de programa\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/10/19 16:19:22 | 000,359,808 | R--- | M] (cFos Software GmbH) -- C:\Archivos de programa\ASRock\XFast LAN\spd.exe
PRC - [2011/10/19 16:19:20 | 001,202,560 | R--- | M] (cFos Software GmbH) -- C:\Archivos de programa\ASRock\XFast LAN\cfosspeed.exe
PRC - [2011/02/25 01:00:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/02/22 14:02:52 | 002,145,904 | ---- | M] (VIA) -- C:\Archivos de programa\VIA\VIAudioi\VDeck\VDeck.exe
PRC - [2011/02/17 22:50:50 | 000,027,760 | ---- | M] (VIA Technologies, Inc.) -- C:\Windows\System32\ViakaraokeSrv.exe
PRC - [2011/01/14 15:41:58 | 001,839,616 | ---- | M] (MAGIX AG) -- C:\Archivos de programa\Common Files\MAGIX Services\Database\bin\FABS.exe
PRC - [2011/01/12 20:52:12 | 000,215,360 | ---- | M] (McAfee, Inc.) -- C:\Archivos de programa\McAfee\VirusScan Enterprise\shstat.exe
PRC - [2011/01/12 20:46:36 | 000,209,760 | ---- | M] (McAfee, Inc.) -- C:\Archivos de programa\McAfee\VirusScan Enterprise\VsTskMgr.exe
PRC - [2011/01/12 16:05:00 | 000,185,664 | ---- | M] (McAfee, Inc.) -- C:\Archivos de programa\McAfee\Common Framework\naPrdMgr.exe
PRC - [2011/01/12 16:05:00 | 000,161,088 | ---- | M] (McAfee, Inc.) -- C:\Archivos de programa\McAfee\Common Framework\UdaterUI.exe
PRC - [2011/01/12 16:05:00 | 000,120,128 | ---- | M] (McAfee, Inc.) -- C:\Archivos de programa\McAfee\Common Framework\FrameworkService.exe
PRC - [2011/01/12 16:05:00 | 000,075,072 | ---- | M] (McAfee, Inc.) -- C:\Archivos de programa\McAfee\Common Framework\McTray.exe
PRC - [2010/11/20 16:59:41 | 001,174,016 | ---- | M] (Microsoft Corporation) -- C:\Archivos de programa\Windows Sidebar\sidebar.exe
PRC - [2010/11/20 16:59:19 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/04/13 19:01:58 | 000,094,024 | ---- | M] (TechSmith Corporation) -- C:\Archivos de programa\TechSmith\Snagit 10\TscHelp.exe
PRC - [2010/04/13 19:01:56 | 000,079,688 | ---- | M] (TechSmith Corporation) -- C:\Archivos de programa\TechSmith\Snagit 10\SnagPriv.exe
PRC - [2010/04/13 19:01:52 | 007,384,904 | ---- | M] (TechSmith Corporation) -- C:\Archivos de programa\TechSmith\Snagit 10\SnagitEditor.exe
PRC - [2010/04/13 19:01:52 | 007,046,984 | ---- | M] (TechSmith Corporation) -- C:\Archivos de programa\TechSmith\Snagit 10\Snagit32.exe
PRC - [2009/07/13 20:44:41 | 000,020,992 | ---- | M] () -- \\.\globalroot\SystemRoot\system32\svchost.exe
PRC - [2009/02/26 18:36:46 | 000,030,040 | ---- | M] (Microsoft Corporation) -- C:\Archivos de programa\Microsoft Office\Office12\GrooveMonitor.exe
PRC - [2009/02/26 15:24:50 | 000,097,680 | ---- | M] (Microsoft Corporation) -- C:\Archivos de programa\Microsoft Office\Office12\ONENOTEM.EXE
PRC - [2009/01/29 17:50:49 | 000,057,344 | ---- | M] (SlySoft, Inc.) -- C:\Archivos de programa\SlySoft\CloneCD\CloneCDTray.exe
PRC - [2008/03/24 17:48:52 | 003,310,928 | ---- | M] (Webshots.com) -- C:\Archivos de programa\Webshots\Webshots.scr
PRC - [2006/10/26 13:40:34 | 000,335,872 | ---- | M] (Microsoft Corporation) -- C:\Archivos de programa\Common Files\microsoft shared\VS7DEBUG\mdm.exe
PRC - [2003/08/08 18:54:54 | 001,175,552 | ---- | M] () -- C:\Archivos de programa\Drag'n Drop CD+DVD\BinFiles\DragDrop.exe
PRC - [2002/08/20 10:29:26 | 000,040,960 | ---- | M] (Easy Systems Japan Ltd.) -- C:\Windows\System32\ezSP_Px.exe


========== Modules (No Company Name) ==========

MOD - [2012/01/22 11:41:33 | 000,008,704 | ---- | M] () -- C:\Archivos de programa\Real\RealPlayer\rpchromebrowserrecordhelper.dll
MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Archivos de programa\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Archivos de programa\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/02/22 14:02:34 | 000,623,216 | ---- | M] () -- C:\Archivos de programa\VIA\VIAudioi\VDeck\skin.dll
MOD - [2011/02/22 14:02:32 | 000,080,496 | ---- | M] () -- C:\Archivos de programa\VIA\VIAudioi\VDeck\QsApoApi.dll
MOD - [2011/02/22 14:02:26 | 000,113,264 | ---- | M] () -- C:\Archivos de programa\VIA\VIAudioi\VDeck\Dts2ApoApi.dll
MOD - [2010/11/20 16:59:12 | 000,232,448 | ---- | M] () -- \\?\globalroot\systemroot\system32\mswsock.DLL
MOD - [2007/04/18 19:30:46 | 000,471,040 | ---- | M] () -- C:\Archivos de programa\McAfee\Common Framework\ccme_base.dll
MOD - [2007/04/18 19:30:46 | 000,393,216 | ---- | M] () -- C:\Archivos de programa\McAfee\Common Framework\cryptocme2.dll
MOD - [2003/09/05 06:46:16 | 000,516,096 | ---- | M] () -- C:\Archivos de programa\Drag'n Drop CD+DVD\BinFiles\DDCDRES.dll
MOD - [2003/08/08 18:54:54 | 001,175,552 | ---- | M] () -- C:\Archivos de programa\Drag'n Drop CD+DVD\BinFiles\DragDrop.exe
MOD - [2002/02/26 18:54:56 | 000,069,632 | ---- | M] () -- C:\Archivos de programa\Drag'n Drop CD+DVD\BinFiles\ezID3.dll
MOD - [2001/06/26 00:15:44 | 000,081,920 | ---- | M] () -- C:\Archivos de programa\Drag'n Drop CD+DVD\BinFiles\ezLICEN1.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (XAudio)
SRV - File not found [Auto | Stopped] -- -- (wlancfg)
SRV - File not found [Auto | Stopped] -- -- (w800mgmt)
SRV - File not found [Auto | Stopped] -- -- (vxd)
SRV - File not found [Auto | Stopped] -- -- (VICESYS)
SRV - File not found [Auto | Stopped] -- -- (vet-filt)
SRV - File not found [Auto | Stopped] -- -- (ups)
SRV - File not found [Auto | Stopped] -- -- (tvtpktfilter)
SRV - File not found [Auto | Stopped] -- -- (TPECioCtl)
SRV - File not found [Auto | Stopped] -- -- (tossmbnt)
SRV - File not found [Auto | Stopped] -- -- (tosrfsnd)
SRV - File not found [Auto | Stopped] -- -- (toshidpt)
SRV - File not found [Auto | Stopped] -- -- (tga)
SRV - File not found [Auto | Stopped] -- -- (teefer)
SRV - File not found [Auto | Stopped] -- -- (Tablet2k)
SRV - File not found [Auto | Stopped] -- -- (ssisvr32)
SRV - File not found [Auto | Stopped] -- -- (sqlagent$pinnaclesys)
SRV - File not found [Auto | Stopped] -- -- (SQLAgent$LG_LP2)
SRV - File not found [Auto | Stopped] -- -- (sprtsvc_smartagent)
SRV - File not found [Auto | Stopped] -- -- (SilverLink)
SRV - File not found [Auto | Stopped] -- -- (sfman)
SRV - File not found [Auto | Stopped] -- -- (senfilt)
SRV - File not found [Auto | Stopped] -- -- (SeaPort)
SRV - File not found [Auto | Stopped] -- -- (SE2Dmgmt)
SRV - File not found [Auto | Stopped] -- -- (SE2Cmdfl)
SRV - File not found [Auto | Stopped] -- -- (s616mdm)
SRV - File not found [Auto | Stopped] -- -- (rollbackclientservice)
SRV - File not found [Auto | Stopped] -- -- (RivaTuner32)
SRV - File not found [Auto | Stopped] -- -- (RIOXDRV)
SRV - File not found [Auto | Stopped] -- -- (purgeieservice)
SRV - File not found [Auto | Stopped] -- -- (PTproct)
SRV - File not found [Auto | Stopped] -- -- (pgfilter)
SRV - File not found [Auto | Stopped] -- -- (personalsecuredriveservice)
SRV - File not found [Auto | Stopped] -- -- (pavatscheduler)
SRV - File not found [Auto | Stopped] -- -- (ossrv)
SRV - File not found [Auto | Stopped] -- -- (OEM02Afx)
SRV - File not found [Auto | Stopped] -- -- (nwlnkfwd)
SRV - File not found [Auto | Stopped] -- -- (NWFILTER)
SRV - File not found [Auto | Stopped] -- -- (NSNDIS5)
SRV - File not found [Auto | Stopped] -- -- (nm)
SRV - File not found [Auto | Stopped] -- -- (nimcdldu)
SRV - File not found [Auto | Stopped] -- -- (nidomainservice)
SRV - File not found [Auto | Stopped] -- -- (netrcacm)
SRV - File not found [Auto | Stopped] -- -- (naiavfilter1)
SRV - File not found [Auto | Stopped] -- -- (MSW_USB)
SRV - File not found [Auto | Stopped] -- -- (mozyFilter)
SRV - File not found [Auto | Stopped] -- -- (mmc_2K)
SRV - File not found [Auto | Stopped] -- -- (mfesmfk)
SRV - File not found [Auto | Stopped] -- -- (merakcontrol)
SRV - File not found [Auto | Stopped] -- -- (livesrv)
SRV - File not found [Auto | Stopped] -- -- (inort)
SRV - File not found [Auto | Stopped] -- -- (ikhfile)
SRV - File not found [Auto | Stopped] -- -- (ifp800)
SRV - File not found [Auto | Stopped] -- -- (icraplus)
SRV - File not found [Auto | Stopped] -- -- (ibmsmbus)
SRV - File not found [Auto | Stopped] -- -- (gdihook5)
SRV - File not found [Auto | Stopped] -- -- (enxpsvr)
SRV - File not found [Auto | Stopped] -- -- (dlbx_device)
SRV - File not found [Auto | Stopped] -- -- (dklogger)
SRV - File not found [Auto | Stopped] -- -- (DFUBTUSB)
SRV - File not found [Auto | Stopped] -- -- (Dfs)
SRV - File not found [Auto | Stopped] -- -- (db2das00)
SRV - File not found [Auto | Stopped] -- -- (cwcwdm)
SRV - File not found [Auto | Stopped] -- -- (Bcim)
SRV - File not found [Auto | Stopped] -- -- (BASFND)
SRV - File not found [Auto | Stopped] -- -- (ativraxx)
SRV - File not found [Auto | Stopped] -- -- (array_utility_service4,0,1,3)
SRV - File not found [Auto | Stopped] -- -- (alerter)
SRV - File not found [Auto | Stopped] -- -- (adihdaudaddservice)
SRV - File not found [Auto | Stopped] -- -- (acmservice)
SRV - File not found [Auto | Stopped] -- -- (3compxe)
SRV - [2012/01/22 21:40:56 | 000,145,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\System32\mfevtps.exe -- (mfevtp)
SRV - [2012/01/22 21:40:52 | 000,159,320 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2012/01/15 19:53:25 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/10/19 16:19:22 | 000,359,808 | R--- | M] (cFos Software GmbH) [Auto | Running] -- C:\Program Files\ASRock\XFast LAN\spd.exe -- (cFosSpeedS)
SRV - [2011/02/17 22:50:50 | 000,027,760 | ---- | M] (VIA Technologies, Inc.) [Auto | Running] -- C:\Windows\System32\ViakaraokeSrv.exe -- (VIAKaraokeService)
SRV - [2011/01/14 15:41:58 | 001,839,616 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2011/01/12 20:46:36 | 000,209,760 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Archivos de programa\McAfee\VirusScan Enterprise\VsTskMgr.exe -- (McTaskManager)
SRV - [2011/01/12 16:05:00 | 000,120,128 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - [2009/07/13 20:46:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 20:44:41 | 000,005,120 | ---- | M] () [Auto | Running] -- C:\Windows\System32\zpsc.dll -- (oracle_load_balancer_60_client-forms6i)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Stopped] -- C:\Archivos de programa\Spybot\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/08/07 10:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Unknown] -- -- (mfeavfk01)
DRV - [2012/03/12 07:54:59 | 000,029,760 | ---- | M] (FNet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\FNETTBOH_305.SYS -- (FNETTBOH_305)
DRV - [2012/01/22 21:40:56 | 000,162,928 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\mfewfpk.sys -- (mfewfpk)
DRV - [2012/01/22 21:40:55 | 000,085,152 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2012/01/22 21:40:54 | 000,436,728 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2012/01/22 21:40:53 | 000,171,296 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2012/01/22 21:40:53 | 000,116,104 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2012/01/22 21:40:53 | 000,058,456 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2012/01/15 19:10:11 | 000,014,656 | ---- | M] (FNet Co., Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\FNETURPX.SYS -- (FNETURPX)
DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/07/04 15:19:02 | 001,180,032 | ---- | M] (cFos Software GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\cfosspeed6.sys -- (cFosSpeed) cFosSpeed for faster Internet connections (NDIS 6)
DRV - [2011/02/17 22:50:46 | 001,801,328 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV - [2011/01/26 17:25:24 | 000,021,000 | ---- | M] (ASRock Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AsrVDrive.sys -- (AsrVDrive)
DRV - [2010/11/20 16:59:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 16:59:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2010/08/24 17:55:52 | 000,068,208 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C)
DRV - [2010/06/11 14:37:04 | 000,013,832 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | System | Running] -- C:\Windows\System32\drivers\AsrAppCharger.sys -- (AsrAppCharger)
DRV - [2007/02/15 20:27:04 | 000,034,760 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV - [2006/05/03 22:40:42 | 000,390,784 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snpstd.sys -- (snpstd)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-100977683-2305412043-1248968919-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.twitter.com/
IE - HKU\S-1-5-21-100977683-2305412043-1248968919-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://latam.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-100977683-2305412043-1248968919-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = es-VE
IE - HKU\S-1-5-21-100977683-2305412043-1248968919-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B4 4C B2 BA D9 DB CC 01 [binary data]
IE - HKU\S-1-5-21-100977683-2305412043-1248968919-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-100977683-2305412043-1248968919-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-100977683-2305412043-1248968919-1000\..\SearchScopes\{677F0EE6-643E-456C-92A9-01F50A44CE9F}: "URL" = http://ve.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=992732&p={searchTerms}
IE - HKU\S-1-5-21-100977683-2305412043-1248968919-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-100977683-2305412043-1248968919-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.69: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2012/01/22 11:41:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/01/25 22:41:15 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/01/25 22:41:15 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.77\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.77\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.77\gcswf32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Gonzalo Gerbasi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: B\u00FAsqueda de Google = C:\Users\Gonzalo Gerbasi\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: Gmail = C:\Users\Gonzalo Gerbasi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\

O1 HOSTS File: ([2012/01/22 21:38:43 | 000,440,287 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 15136 more lines...
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Archivos de programa\TechSmith\Snagit 10\SnagitBHO.dll (TechSmith Corporation)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Archivos de programa\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Archivos de programa\Spybot\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Archivos de programa\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Archivos de programa\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Archivos de programa\Common Files\McAfee\SystemCore\ScriptSn.20120122214145.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Archivos de programa\TechSmith\Snagit 10\SnagitIEAddin.dll (TechSmith Corporation)
O3 - HKU\S-1-5-21-100977683-2305412043-1248968919-1000\..\Toolbar\WebBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [CloneCDTray] C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe (SlySoft, Inc.)
O4 - HKLM..\Run: [Drag'n Drop CD+DVD] C:\Program Files\Drag'n Drop CD+DVD\BinFiles\DragDrop.exe ()
O4 - HKLM..\Run: [ezShieldProtector for Px] C:\Windows\System32\ezSP_Px.exe (Easy Systems Japan Ltd.)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKLM..\Run: [snpstd] C:\Windows\vsnpstd.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [XFast LAN] C:\Archivos de programa\ASRock\XFast LAN\cfosspeed.exe (cFos Software GmbH)
O4 - HKLM..\Run: [XFastUSB] C:\Program Files\XFastUSB\XFastUsb.exe (FNet Co., Ltd.)
O4 - HKU\S-1-5-21-100977683-2305412043-1248968919-1000..\Run: [ASRockIES] File not found
O4 - HKU\S-1-5-21-100977683-2305412043-1248968919-1000..\Run: [ASRockOCTuner] File not found
O4 - HKU\S-1-5-21-100977683-2305412043-1248968919-1000..\Run: [DW7] "C:\Program Files\The Weather Channel\The Weather Channel App\TWCApp.exe" File not found
O4 - HKU\S-1-5-21-100977683-2305412043-1248968919-1000..\Run: [zASRockInstantBoot] File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Gonzalo Gerbasi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Recorte de pantalla e Inicio rápido de OneNote 2007.lnk = C:\Archivos de programa\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O4 - Startup: C:\Users\Gonzalo Gerbasi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Webshots.lnk = C:\Archivos de programa\Webshots\Launcher.exe (Webshots.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8 - Extra context menu item: E&xportar a Microsoft Excel - C:\Archivos de programa\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Archivos de programa\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Archivos de programa\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Archivos de programa\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Archivos de programa\Spybot\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Archivos de programa\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.135 200.11.248.12 200.44.32.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0F30FC08-9C9A-4B69-8327-B9ACA0B4F06E}: DhcpNameServer = 192.168.1.135 200.11.248.12 200.44.32.12
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Archivos de programa\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Archivos de programa\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Archivos de programa\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Archivos de programa\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:12:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

[CREATERESTOREPOINT]
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/03/13 09:37:35 | 004,435,063 | ---- | C] (Swearware) -- C:\Users\Gonzalo Gerbasi\Desktop\ComboFix.exe
[2012/03/12 08:31:35 | 000,594,944 | ---- | C] (OldTimer Tools) -- C:\Users\Gonzalo Gerbasi\Desktop\OTL.exe
[2012/03/12 08:21:45 | 002,063,920 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Gonzalo Gerbasi\Desktop\tdsskiller.exe
[2012/03/05 19:07:16 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012/03/05 12:28:17 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo Gerbasi\AppData\Roaming\Malwarebytes
[2012/03/05 12:28:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/03/05 12:27:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/03/05 12:27:53 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/03/05 12:27:52 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/03/05 12:24:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2012/03/05 12:23:57 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2012/03/05 12:23:57 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2012/03/05 12:23:57 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2012/03/05 12:23:57 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2012/03/04 16:48:27 | 000,000,000 | ---D | C] -- C:\QUARANTINE
[2012/02/15 23:27:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012/02/14 22:57:55 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
[2012/02/14 22:57:31 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/02/14 22:57:29 | 001,798,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/02/14 22:57:29 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/02/14 22:57:28 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/02/14 22:57:28 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/02/14 22:57:25 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/02/14 18:12:07 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl
[2012/02/14 18:11:54 | 002,343,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/02/13 17:26:08 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo Gerbasi\Documents\plantillas cuadros

========== Files - Modified Within 30 Days ==========

[2012/03/13 09:38:16 | 004,435,063 | ---- | M] (Swearware) -- C:\Users\Gonzalo Gerbasi\Desktop\ComboFix.exe
[2012/03/13 09:08:06 | 000,000,000 | ---- | M] () -- C:\Windows\System32\zpsc.dll
[2012/03/13 08:22:01 | 000,001,042 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/13 07:56:12 | 000,021,472 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/13 07:56:12 | 000,021,472 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/13 07:53:27 | 000,703,602 | ---- | M] () -- C:\Windows\System32\perfh00A.dat
[2012/03/13 07:53:27 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/03/13 07:53:27 | 000,137,600 | ---- | M] () -- C:\Windows\System32\perfc00A.dat
[2012/03/13 07:53:27 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/03/13 07:48:49 | 000,001,038 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/13 07:48:48 | 000,000,000 | -HS- | M] () -- C:\Windows\System32\dds_log_ad13.cmd
[2012/03/13 07:48:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/13 07:48:37 | 2614,951,936 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/12 08:31:50 | 000,594,944 | ---- | M] (OldTimer Tools) -- C:\Users\Gonzalo Gerbasi\Desktop\OTL.exe
[2012/03/12 08:31:22 | 000,337,137 | ---- | M] () -- C:\Users\Gonzalo Gerbasi\Desktop\FSS.exe
[2012/03/12 08:23:12 | 002,063,920 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Gonzalo Gerbasi\Desktop\tdsskiller.exe
[2012/03/12 07:54:59 | 000,029,760 | ---- | M] (FNet Co., Ltd.) -- C:\Windows\System32\drivers\FNETTBOH_305.SYS
[2012/03/09 08:04:37 | 000,000,000 | -HS- | M] () -- C:\Windows\System32\dds_log_trash.cmd
[2012/03/06 09:38:13 | 205,228,941 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/03/05 12:23:23 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2012/03/05 12:23:23 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2012/03/05 12:23:23 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2012/03/05 12:23:22 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2012/02/15 20:05:36 | 001,647,466 | ---- | M] () -- C:\Users\Gonzalo Gerbasi\Documents\IMG-20120215-00946.jpg
[2012/02/15 07:31:02 | 000,485,760 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2012/03/12 08:31:14 | 000,337,137 | ---- | C] () -- C:\Users\Gonzalo Gerbasi\Desktop\FSS.exe
[2012/03/09 18:31:47 | 000,000,000 | -HS- | C] () -- C:\Windows\System32\dds_log_ad13.cmd
[2012/03/05 19:07:13 | 205,228,941 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/03/04 16:48:25 | 000,000,000 | -HS- | C] () -- C:\Windows\System32\dds_log_trash.cmd
[2012/02/15 20:03:44 | 001,647,466 | ---- | C] () -- C:\Users\Gonzalo Gerbasi\Documents\IMG-20120215-00946.jpg
[2012/01/25 22:28:11 | 000,225,641 | ---- | C] () -- C:\Windows\hpoins18.dat
[2012/01/25 22:28:11 | 000,005,355 | ---- | C] () -- C:\Windows\hpomdl18.dat
[2012/01/25 21:16:50 | 000,038,422 | ---- | C] () -- C:\Users\Gonzalo Gerbasi\AppData\Roaming\Valores separados por comas (Windows).ADR
[2012/01/25 21:16:09 | 000,009,343 | ---- | C] () -- C:\Users\Gonzalo Gerbasi\AppData\Roaming\Valores separados por comas (Windows).EML
[2012/01/23 02:23:13 | 000,485,760 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/01/22 11:40:45 | 000,000,908 | ---- | C] () -- C:\Windows\System32\Px.ini
[2012/01/22 11:40:33 | 000,053,248 | ---- | C] () -- C:\Windows\System32\pxhpinst.exe
[2012/01/15 19:12:41 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2012/01/15 19:09:58 | 000,000,003 | ---- | C] () -- C:\Users\Gonzalo Gerbasi\AppData\Local\user_data.ini
[2012/01/15 18:58:57 | 000,134,592 | ---- | C] () -- C:\Windows\System32\igfcg500.bin
[2011/02/11 19:10:52 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2011/02/11 19:10:50 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2011/02/11 19:10:50 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2011/02/11 18:40:40 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2011/02/11 18:38:44 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2010/11/20 20:00:05 | 000,703,602 | ---- | C] () -- C:\Windows\System32\perfh00A.dat
[2010/11/20 20:00:05 | 000,341,432 | ---- | C] () -- C:\Windows\System32\perfi00A.dat
[2010/11/20 20:00:05 | 000,137,600 | ---- | C] () -- C:\Windows\System32\perfc00A.dat
[2010/11/20 20:00:05 | 000,041,390 | ---- | C] () -- C:\Windows\System32\perfd00A.dat

========== Custom Scans ==========


< :Services >

< :Processes >

< KILLALLPROCESSES >

< :OTL >

< O3 - HKU\S-1-5-21-100977683-2305412043-1248968919-1000\..\Toolbar\WebBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No CLSID value found. >

< O4 - HKU\S-1-5-21-100977683-2305412043-1248968919-1000..\Run: [ASRockIES] File not found >

< O4 - HKU\S-1-5-21-100977683-2305412043-1248968919-1000..\Run: [ASRockOCTuner] File not found >

< O4 - HKU\S-1-5-21-100977683-2305412043-1248968919-1000..\Run: [DW7] "C:\Program Files\The Weather Channel\The Weather Channel App\TWCApp.exe" File not found >

< O4 - HKU\S-1-5-21-100977683-2305412043-1248968919-1000..\Run: [zASRockInstantBoot] File not found >

< O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) >
Invalid Switch: jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)


< O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03) >
Invalid Switch: jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)


< O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) >
Invalid Switch: jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)


< O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) >
Invalid Switch: jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)


< [2012/03/12 07:46:21 | 000,000,000 | -HS- | M] () -- C:\Windows\System32\dds_log_ad13.cmd >
Invalid Switch: 12 07:46:21 | 000,000,000 | -HS- | M] () -- C:\Windows\System32\dds_log_ad13.cmd


< [2012/03/09 08:04:37 | 000,000,000 | -HS- | M] () -- C:\Windows\System32\dds_log_trash.cmd >
Invalid Switch: 09 08:04:37 | 000,000,000 | -HS- | M] () -- C:\Windows\System32\dds_log_trash.cmd


< [2012/03/09 18:31:47 | 000,000,000 | -HS- | C] () -- C:\Windows\System32\dds_log_ad13.cmd >
Invalid Switch: 09 18:31:47 | 000,000,000 | -HS- | C] () -- C:\Windows\System32\dds_log_ad13.cmd


< [2012/03/04 16:48:25 | 000,000,000 | -HS- | C] () -- C:\Windows\System32\dds_log_trash.cmd >
Invalid Switch: 04 16:48:25 | 000,000,000 | -HS- | C] () -- C:\Windows\System32\dds_log_trash.cmd


< >

< :Reg >

< >

< :Files >

< echo,Y|cacls "%WinDir%\system32\drivers\etc\hosts" /G everyone:f /c >

< ipconfig /flushdns /c >
Configuraci¢n IP de Windows
Se vaci¢ correctamente la cach‚ de resoluci¢n de DNS.

< :Commands >

< [purity] >

< [resethosts] >

< [emptytemp] >

< [EMPTYFLASH] >

< [EMPTYJAVA] >

< End of report >



OTL Extras logfile created on: 13/03/2012 09:06:15 a.m. - Run 2
OTL by OldTimer - Version 3.2.36.3 Folder = C:\Users\Gonzalo Gerbasi\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 0000200a | Country: Republica Bolivariana de Venezuela | Language: ESV | Date Format: dd/MM/yyyy

3,25 Gb Total Physical Memory | 2,22 Gb Available Physical Memory | 68,31% Memory free
6,49 Gb Paging File | 5,36 Gb Available in Paging File | 82,51% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465,66 Gb Total Space | 425,46 Gb Free Space | 91,37% Space Free | Partition Type: NTFS

Computer Name: GONZALOGERBASI | User Name: Gonzalo Gerbasi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03840E8D-A75E-4C49-ADFC-09A867C7F943}" = Readon TV Movie Radio Player 7.5.0.0
"{0E1FE502-7536-4155-BBC6-7BE8E465DE08}" = Firebird SQL Server - MAGIX Edition
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{17016DA1-F040-4032-BD36-34DD317BC9D5}" = HP Photosmart All-In-One Driver Software 13.0 Rel. A
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{1AE3E621-E0C0-4aa1-B10B-B3E353A8D110}" = c3100_Help
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{1FE89496-456F-4689-9FFE-41AA127B70B3}" = MAGIX Music Maker Silver
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java™ 6 Update 31
"{2A7EF808-14F3-4E93-BE3A-1675EE5332A4}" = AIO_CDA_ProductContext
"{2AAB21C2-4CDA-4189-A0EC-5ED666113F84}" = McAfee Agent
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{354038F6-0A35-4C55-A80B-F86C4C1A6D38}" = C3100
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{5BCC634A-58AD-42F9-B3C6-2EA52F81CF85}" = Snagit 10
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6DEB9C77-8E16-4CA7-AF0B-ECF537F1D9F8}" = mufin player 2.0
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{75247E38-5C9B-45D6-ADF8-E11CB56B4990}" = Network
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7D6A437E-FA5B-49DD-890C-E8AB751FDC8F}" = MAGIX Video easy SE
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0015-0C0A-0000-0000000FF1CE}" = Microsoft Office Access MUI (Spanish) 2007
"{90120000-0015-0C0A-0000-0000000FF1CE}_ENTERPRISE_{D79E9128-A250-4155-BE90-2BE81DE0406A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0C0A-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Spanish) 2007
"{90120000-0016-0C0A-0000-0000000FF1CE}_ENTERPRISE_{D79E9128-A250-4155-BE90-2BE81DE0406A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0C0A-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Spanish) 2007
"{90120000-0018-0C0A-0000-0000000FF1CE}_ENTERPRISE_{D79E9128-A250-4155-BE90-2BE81DE0406A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0C0A-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Spanish) 2007
"{90120000-0019-0C0A-0000-0000000FF1CE}_ENTERPRISE_{D79E9128-A250-4155-BE90-2BE81DE0406A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0C0A-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Spanish) 2007
"{90120000-001A-0C0A-0000-0000000FF1CE}_ENTERPRISE_{D79E9128-A250-4155-BE90-2BE81DE0406A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0C0A-0000-0000000FF1CE}" = Microsoft Office Word MUI (Spanish) 2007
"{90120000-001B-0C0A-0000-0000000FF1CE}_ENTERPRISE_{D79E9128-A250-4155-BE90-2BE81DE0406A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0403-0000-0000000FF1CE}" = Microsoft Office Proof (Catalan) 2007
"{90120000-001F-0403-0000-0000000FF1CE}_ENTERPRISE_{BEADB115-DB47-4BD0-A9EC-AE585AFAB2D8}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0416-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Brazil)) 2007
"{90120000-001F-0416-0000-0000000FF1CE}_ENTERPRISE_{8A524694-0CA4-476A-9301-B1E9D70FC952}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-042D-0000-0000000FF1CE}" = Microsoft Office Proof (Basque) 2007
"{90120000-001F-042D-0000-0000000FF1CE}_ENTERPRISE_{017A6981-5E03-4A97-830A-35FE0927BB7F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0456-0000-0000000FF1CE}" = Microsoft Office Proof (Galician) 2007
"{90120000-001F-0456-0000-0000000FF1CE}_ENTERPRISE_{A3A03B41-14EA-4E50-97D8-FCF429AE0CCB}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0C0A-0000-0000000FF1CE}" = Microsoft Office Proofing (Spanish) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0C0A-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Spanish) 2007
"{90120000-0044-0C0A-0000-0000000FF1CE}_ENTERPRISE_{D79E9128-A250-4155-BE90-2BE81DE0406A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0C0A-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Spanish) 2007
"{90120000-006E-0C0A-0000-0000000FF1CE}_ENTERPRISE_{430AE3E6-E982-4958-90FC-1C062BC74E22}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0C0A-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Spanish) 2007
"{90120000-00A1-0C0A-0000-0000000FF1CE}_ENTERPRISE_{D79E9128-A250-4155-BE90-2BE81DE0406A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0C0A-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Spanish) 2007
"{90120000-00BA-0C0A-0000-0000000FF1CE}_ENTERPRISE_{D79E9128-A250-4155-BE90-2BE81DE0406A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{95B012AD-3A4A-31D7-9167-5D07D2A71F47}" = Microsoft .NET Framework 4 Client Profile ESN Language Pack
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A7AEE29F-839E-46B5-B347-6D430618129F}" = AIO_CDA_Software
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1034-7B44-A90000000001}" = Adobe Reader 9 - Español
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7B3E9B3-FB14-4927-894B-E9124509AF5A}" = Adobe Flash Player 10 ActiveX
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BE}" = WinZip 15.0
"{CE15D1B6-19B6-4D4D-8F43-CF5D2C3356FF}" = McAfee VirusScan Enterprise
"{D366D527-EE72-42C2-80BC-531BB30D924A}" = MAGIX Photo Manager 10
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{D86B0E2E-DF9A-441C-AF77-8D1A0FF00FA6}" = AIO_Scan
"{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting
"{DDC146FA-73E0-4FA1-A353-841EA14BF600}" = Drag'n Drop CD+DVD
"{F6D6B258-E3CA-4AAC-965A-68D3E3140A8C}" = iTunes
"{F7538994-FA9A-41AC-A390-808A6E26B971}" = MAGIX Screenshare
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"ASRock 3TB+ Unlocker_is1" = ASRock 3TB+ Unlocker v1.0
"ASRock App Charger_is1" = ASRock App Charger v1.0.4
"ASRock IES_is1" = ASRock IES v2.1.12
"ASRock InstantBoot_is1" = ASRock InstantBoot v1.23
"ASRock OC DNA_is1" = ASRock OC DNA v1.5
"ASRock OC Tuner_is1" = ASRock OC Tuner v2.4.31
"CCleaner" = CCleaner
"CloneCD" = CloneCD
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Google Chrome" = Google Chrome
"HDMI" = Intel® Graphics Media Accelerator Driver
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing 4.51
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Administrador de dispositivos de plataforma
"MAGIX_MSI_Foto_Manager_10" = MAGIX Photo Manager 10
"MAGIX_MSI_mm17_silver" = MAGIX Music Maker Silver
"MAGIX_MSI_mufin_player_2" = mufin player 2.0
"MAGIX_MSI_Video_easy_SE" = MAGIX Video easy SE
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile ESN Language Pack" = Paquete de idioma de Microsoft .NET Framework 4 Client Profile ESN
"P2PFilter" = P2PFilter 3.0.5
"RealPlayer 6.0" = RealPlayer
"Recuva" = Recuva
"Shop for HP Supplies" = Shop for HP Supplies
"TVWiz" = Intel® TV Wizard
"Webshots Desktop_is1" = Webshots Desktop
"XFast LAN" = XFast LAN v6.61
"XFastUSB" = XFastUSB
"XYplorer" = XYplorer 9.60

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-100977683-2305412043-1248968919-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/03/2012 11:23:58 a.m. | Computer Name = GonzaloGerbasi | Source = SideBySide | ID = 16842815
Description = Error al generar el contexto de activación para "c:\program files\Spybot\DelZip179.dll".
Error en el archivo de manifiesto o directiva "c:\program files\Spybot\DelZip179.dll"
en la línea 8. El valor "*" del atributo "language" del elemento "assemblyIdentity"
no es válido.

Error - 11/03/2012 05:53:11 p.m. | Computer Name = GonzaloGerbasi | Source = Application Error | ID = 1000
Description = Nombre de la aplicación con errores: MCUPDATE.EXE, versión: 8.8.0.777,
marca de tiempo: 0x4d2e0500 Nombre del módulo con errores: ntdll.dll, versión: 6.1.7601.17725,
marca de tiempo: 0x4ec49b60 Código de excepción: 0xc0000005 Desplazamiento de errores:
0x00064a91 Id. del proceso con errores: 0xa3c Hora de inicio de la aplicación con
errores: 0x01ccffd159e8e230 Ruta de acceso de la aplicación con errores: C:\Program
Files\McAfee\VirusScan Enterprise\MCUPDATE.EXE Ruta de acceso del módulo con errores:
C:\Windows\SYSTEM32\ntdll.dll Id. del informe: 97e015ac-6bc4-11e1-b006-bc5ff407156e

Error - 12/03/2012 08:16:41 a.m. | Computer Name = GonzaloGerbasi | Source = Application Error | ID = 1000
Description = Nombre de la aplicación con errores: mfeann.exe, versión: 14.3.0.464,
marca de tiempo: 0x4d2ce40e Nombre del módulo con errores: VsEvntUI.dll_unloaded,
versión: 0.0.0.0, marca de tiempo: 0x4d2e0477 Código de excepción: 0xc0000005 Desplazamiento
de errores: 0x6f2ae746 Id. del proceso con errores: 0x928 Hora de inicio de la aplicación
con errores: 0x01cd0049f5b8bd30 Ruta de acceso de la aplicación con errores: C:\Program
Files\McAfee\VirusScan Enterprise\mfeann.exe Ruta de acceso del módulo con errores:
VsEvntUI.dll Id. del informe: 3947a4c9-6c3d-11e1-86e0-bc5ff407156e

Error - 12/03/2012 08:17:59 a.m. | Computer Name = GonzaloGerbasi | Source = WinMgmt | ID = 10
Description =

Error - 12/03/2012 09:40:51 a.m. | Computer Name = GonzaloGerbasi | Source = SideBySide | ID = 16842815
Description = Error al generar el contexto de activación para "c:\program files\Spybot\DelZip179.dll".
Error en el archivo de manifiesto o directiva "c:\program files\Spybot\DelZip179.dll"
en la línea 8. El valor "*" del atributo "language" del elemento "assemblyIdentity"
no es válido.

Error - 12/03/2012 05:35:05 p.m. | Computer Name = GonzaloGerbasi | Source = Application Error | ID = 1000
Description = Nombre de la aplicación con errores: MCUPDATE.EXE, versión: 8.8.0.777,
marca de tiempo: 0x4d2e0500 Nombre del módulo con errores: ntdll.dll, versión: 6.1.7601.17725,
marca de tiempo: 0x4ec49b60 Código de excepción: 0xc0000005 Desplazamiento de errores:
0x00064aaf Id. del proceso con errores: 0x16ec Hora de inicio de la aplicación con
errores: 0x01cd0097fc93fa84 Ruta de acceso de la aplicación con errores: C:\Program
Files\McAfee\VirusScan Enterprise\MCUPDATE.EXE Ruta de acceso del módulo con errores:
C:\Windows\SYSTEM32\ntdll.dll Id. del informe: 3b4d0b37-6c8b-11e1-86e0-bc5ff407156e

Error - 12/03/2012 10:02:59 p.m. | Computer Name = GonzaloGerbasi | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Error en Servicios de cifrado mientras se procesaba el objeto "System
Writer" de la llamada OnIdentity(). Details: AddWin32ServiceFiles: Unable to back
up image of service IAimFP5 since QueryServiceConfig API failed System Error: El
sistema no puede encontrar el archivo especificado. .

Error - 13/03/2012 08:19:10 a.m. | Computer Name = GonzaloGerbasi | Source = Application Error | ID = 1000
Description = Nombre de la aplicación con errores: mfeann.exe, versión: 14.3.0.464,
marca de tiempo: 0x4d2ce40e Nombre del módulo con errores: VsEvntUI.dll_unloaded,
versión: 0.0.0.0, marca de tiempo: 0x4d2e0477 Código de excepción: 0xc0000005 Desplazamiento
de errores: 0x7246e746 Id. del proceso con errores: 0xa80 Hora de inicio de la aplicación
con errores: 0x01cd011376ef660b Ruta de acceso de la aplicación con errores: C:\Program
Files\McAfee\VirusScan Enterprise\mfeann.exe Ruta de acceso del módulo con errores:
VsEvntUI.dll Id. del informe: bc1e7e23-6d06-11e1-8718-bc5ff407156e

Error - 13/03/2012 08:20:28 a.m. | Computer Name = GonzaloGerbasi | Source = WinMgmt | ID = 10
Description =

Error - 13/03/2012 09:39:19 a.m. | Computer Name = GonzaloGerbasi | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Error en Servicios de cifrado mientras se procesaba el objeto "System
Writer" de la llamada OnIdentity(). Details: AddWin32ServiceFiles: Unable to back
up image of service Nsysaudm since QueryServiceConfig API failed System Error: El
sistema no puede encontrar el archivo especificado. .

[ System Events ]
Error - 13/03/2012 08:19:31 a.m. | Computer Name = GonzaloGerbasi | Source = DCOM | ID = 10005
Description =

Error - 13/03/2012 08:19:31 a.m. | Computer Name = GonzaloGerbasi | Source = Service Control Manager | ID = 7003
Description = El servicio Dispositivo host de UPnP depende del siguiente servicio:
SSDPSRV. Este servicio podría no estar instalado.

Error - 13/03/2012 08:19:31 a.m. | Computer Name = GonzaloGerbasi | Source = Service Control Manager | ID = 7003
Description = El servicio Dispositivo host de UPnP depende del siguiente servicio:
SSDPSRV. Este servicio podría no estar instalado.

Error - 13/03/2012 08:19:31 a.m. | Computer Name = GonzaloGerbasi | Source = Service Control Manager | ID = 7003
Description = El servicio Dispositivo host de UPnP depende del siguiente servicio:
SSDPSRV. Este servicio podría no estar instalado.

Error - 13/03/2012 08:19:31 a.m. | Computer Name = GonzaloGerbasi | Source = Service Control Manager | ID = 7024
Description = El servicio Escucha de Grupo Hogar se cerró con el error específico
de servicio %%-2147023143.

Error - 13/03/2012 08:21:09 a.m. | Computer Name = GonzaloGerbasi | Source = WMPNetworkSvc | ID = 866300
Description =

Error - 13/03/2012 08:21:09 a.m. | Computer Name = GonzaloGerbasi | Source = Service Control Manager | ID = 7003
Description = El servicio Dispositivo host de UPnP depende del siguiente servicio:
SSDPSRV. Este servicio podría no estar instalado.

Error - 13/03/2012 08:21:09 a.m. | Computer Name = GonzaloGerbasi | Source = Service Control Manager | ID = 7003
Description = El servicio Dispositivo host de UPnP depende del siguiente servicio:
SSDPSRV. Este servicio podría no estar instalado.

Error - 13/03/2012 08:28:42 a.m. | Computer Name = GonzaloGerbasi | Source = Service Control Manager | ID = 7009
Description = Se agotó el tiempo de espera (30000 ms) para la conexión con el servicio
Servicio de uso compartido de red del Reproductor de Windows Media.

Error - 13/03/2012 08:28:42 a.m. | Computer Name = GonzaloGerbasi | Source = Service Control Manager | ID = 7000
Description = El servicio Servicio de uso compartido de red del Reproductor de Windows
Media no pudo iniciarse debido al siguiente error: %%1053


< End of report >



ComboFix 12-03-12.03 - Gonzalo Gerbasi 13/03/2012 9:25.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.58.3082.18.3325.2300 [GMT -4,5:30]
Running from: c:\users\Gonzalo Gerbasi\Desktop\ComboFix.exe
AV: McAfee VirusScan Enterprise *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: McAfee VirusScan Enterprise Antispyware Module *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Resident AV is active
.
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Gonzalo Gerbasi\AppData\Local\assembly\tmp
c:\windows\$NtUninstallKB14150$
c:\windows\$NtUninstallKB14150$\2810210630
c:\windows\$NtUninstallKB14150$\3732870854\@
c:\windows\$NtUninstallKB14150$\3732870854\L\xadqgnnk
c:\windows\$NtUninstallKB14150$\3732870854\loader.tlb
c:\windows\$NtUninstallKB14150$\3732870854\U\@00000001
c:\windows\$NtUninstallKB14150$\3732870854\U\@000000c0
c:\windows\$NtUninstallKB14150$\3732870854\U\@000000cb
c:\windows\$NtUninstallKB14150$\3732870854\U\@000000cf
c:\windows\$NtUninstallKB14150$\3732870854\U\@80000000
c:\windows\$NtUninstallKB14150$\3732870854\U\@800000c0
c:\windows\$NtUninstallKB14150$\3732870854\U\@800000cb
c:\windows\$NtUninstallKB14150$\3732870854\U\@800000cf
c:\windows\system32\dds_log_trash.cmd
.
Infected copy of c:\windows\system32\drivers\netbt.sys was found and disinfected
Restored copy from - The cat found it :)
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_nm
.
.
((((((((((((((((((((((((( Files Created from 2012-02-13 to 2012-03-13 )))))))))))))))))))))))))))))))
.
.
2012-03-13 14:05 . 2012-03-13 14:07 -------- d-----w- c:\users\Gonzalo Gerbasi\AppData\Local\temp
2012-03-13 14:05 . 2012-03-13 14:05 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-13 13:52 . 2010-11-20 21:29 187904 ----a-w- c:\windows\system32\drivers\netbt.sys
2012-03-09 23:01 . 2012-03-13 12:18 0 --sha-w- c:\windows\system32\dds_log_ad13.cmd
2012-03-05 16:58 . 2012-03-05 16:58 -------- d-----w- c:\users\Gonzalo Gerbasi\AppData\Roaming\Malwarebytes
2012-03-05 16:57 . 2012-03-05 16:57 -------- d-----w- c:\programdata\Malwarebytes
2012-03-05 16:57 . 2011-12-10 19:54 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-05 16:57 . 2012-03-05 16:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-03-05 16:53 . 2012-03-05 16:53 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-04 21:18 . 2012-03-13 13:55 -------- d-----w- C:\QUARANTINE
2012-02-14 22:42 . 2011-12-30 05:27 478720 ----a-w- c:\windows\system32\timedate.cpl
2012-02-14 22:41 . 2011-12-16 07:52 690688 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-14 22:41 . 2012-01-04 08:58 442880 ----a-w- c:\windows\system32\ntshrui.dll
2012-02-14 22:41 . 2012-01-14 03:35 2343424 ----a-w- c:\windows\system32\win32k.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-12 12:24 . 2012-01-15 23:40 29760 ----a-w- c:\windows\system32\drivers\FNETTBOH_305.SYS
2012-01-26 04:08 . 2012-01-26 04:08 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-26 01:54 . 2012-01-26 01:54 86528 ----a-w- c:\windows\system32\iesysprep.dll
2012-01-26 01:54 . 2012-01-26 01:54 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-01-26 01:54 . 2012-01-26 01:54 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-01-26 01:54 . 2012-01-26 01:54 74752 ----a-w- c:\windows\system32\iesetup.dll
2012-01-26 01:54 . 2012-01-26 01:54 63488 ----a-w- c:\windows\system32\tdc.ocx
2012-01-26 01:54 . 2012-01-26 01:54 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-01-26 01:54 . 2012-01-26 01:54 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-01-26 01:54 . 2012-01-26 01:54 367104 ----a-w- c:\windows\system32\html.iec
2012-01-26 01:54 . 2012-01-26 01:54 35840 ----a-w- c:\windows\system32\imgutil.dll
2012-01-26 01:54 . 2012-01-26 01:54 23552 ----a-w- c:\windows\system32\licmgr10.dll
2012-01-26 01:54 . 2012-01-26 01:54 161792 ----a-w- c:\windows\system32\msls31.dll
2012-01-26 01:54 . 2012-01-26 01:54 152064 ----a-w- c:\windows\system32\wextract.exe
2012-01-26 01:54 . 2012-01-26 01:54 150528 ----a-w- c:\windows\system32\iexpress.exe
2012-01-26 01:54 . 2012-01-26 01:54 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-01-26 01:54 . 2012-01-26 01:54 11776 ----a-w- c:\windows\system32\mshta.exe
2012-01-26 01:54 . 2012-01-26 01:54 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-01-26 01:54 . 2012-01-26 01:54 101888 ----a-w- c:\windows\system32\admparse.dll
2012-01-23 02:10 . 2012-01-23 02:11 162928 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2012-01-23 02:10 . 2012-01-23 02:11 145936 ----a-w- c:\windows\system32\mfevtps.exe
2012-01-23 02:10 . 2012-01-23 02:11 74848 ----a-w- c:\windows\system32\MfeOtlkAddin.dll
2012-01-23 02:10 . 2012-01-23 02:11 85152 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2012-01-23 02:10 . 2012-01-23 02:11 22816 ----a-w- c:\windows\system32\MFEOtlk.dll
2012-01-23 02:10 . 2012-01-23 02:11 436728 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2012-01-23 02:10 . 2012-01-23 02:11 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2012-01-23 02:10 . 2012-01-23 02:11 58456 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2012-01-23 02:10 . 2012-01-23 02:11 171296 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2012-01-23 02:10 . 2012-01-23 02:11 116104 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2012-01-22 16:11 . 2012-01-22 16:11 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-01-22 16:11 . 2012-01-22 16:11 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-01-15 23:40 . 2012-01-15 23:40 14656 ----a-w- c:\windows\system32\drivers\FNETURPX.SYS
2012-01-06 04:19 . 2012-01-20 07:22 6557240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E071D7DB-BBBF-4BA9-BEAC-C89DF9B74FD2}\mpengine.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"XFastUSB"="c:\program files\XFastUSB\XFastUsb.exe" [2012-01-15 5019360]
"XFast LAN"="c:\program files\ASRock\XFast LAN\cFosSpeed.exe" [2011-10-19 1202560]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 172568]
"HDAudDeck"="c:\program files\VIA\VIAudioi\VDeck\VDeck.exe" [2011-02-22 2145904]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"ezShieldProtector for Px"="c:\windows\system32\ezSP_Px.exe" [2002-08-20 40960]
"Drag'n Drop CD+DVD"="c:\program files\Drag'n Drop CD+DVD\BinFiles\DragDrop.exe" [2003-08-08 1175552]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2012-01-22 198160]
"CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" [2009-01-29 57344]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2011-01-12 161088]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2011-01-13 215360]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-01-16 421736]
"snpstd"="c:\windows\vsnpstd.exe" [2005-10-12 339968]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
c:\users\Gonzalo Gerbasi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Recorte de pantalla e Inicio rápido de OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
Webshots.lnk - c:\program files\Webshots\Launcher.exe [2012-1-22 157008]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
Snagit 10.lnk - c:\program files\TechSmith\Snagit 10\Snagit32.exe [2010-4-13 7046984]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Servicio de actualización de Google (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2012-01-22 136176]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]
R3 gupdatem;Google Update Servicio (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2012-01-22 136176]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-01-23 85152]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
R3 WatAdminSvc;Servicio de tecnologías de activación de Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2012-01-16 1343400]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-01-23 162928]
S1 AsrAppCharger;AsrAppCharger;c:\windows\system32\DRIVERS\AsrAppCharger.sys [2010-06-11 13832]
S1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNETURPX.SYS [2012-01-15 14656]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [2011-01-14 1839616]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-01-23 145936]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot\SDWinSec.exe [2009-01-26 1153368]
S2 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\viakaraokesrv.exe [2011-02-18 27760]
S3 AsrVDrive;AsrVDrive;c:\windows\system32\DRIVERS\AsrVDrive.sys [2011-01-26 21000]
S3 FNETTBOH_305;FNETTBOH_305;c:\windows\system32\drivers\FNETTBOH_305.SYS [2012-03-12 29760]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [2010-08-24 68208]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-10 20464]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2011-02-18 1801328]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
NETSVCS REQUIRES REPAIRS - current entries shown
AeLookupSvc
CertPropSvc
SCPolicySvc
lanmanserver
gpsvc
IKEEXT
AudioSrv
FastUserSwitchingCompatibility
Ias
Irmon
Nla
Ntmssvc
NWCWorkstation
Nwsapagent
Rasauto
Rasman
Remoteaccess
SENS
Sharedaccess
SRService
Tapisrv
Wmi
WmdmPmSp
senfilt
w800mgmt
VICESYS
AlteraByteBlaster
mozyFilter
naiavfilter1
NWFILTER
enxpsvr
Bcim
s616mdm
merakcontrol
teefer
cwcwdm
mfesmfk
rollbackclientservice
nimcdldu
RIOXDRV
acmservice
wlancfg
Tablet2k
sprtsvc_smartagent
toshidpt
dlbx_device
SE2Cmdfl
SilverLink
vaiomediaplatform-musicserver-appserver
wpdusb
BASFND
vxd
nwlnkfwd
smstsmgr
wampmysqld
agentsrv
pavatscheduler
vcdsecs
dlartl_n
avgtdi
rpsupdaterr
SE27mdm
cvsnt
p17
openldap-slapd
icraplus
JiaoCap
tossmbnt
3compxe
db2das00
oracle_load_balancer_60_client-forms6i
acs
pavagente
pptchpad
USB28xxOEM
Dfs
dklogger
TPECioCtl
FreeTdi
MSW_USB
adihdaudaddservice
DCamUSBGrandTek
slee_81_service
elnkupdateservice
wscsvc
sfng32
ibmsmbus
avinitnt
bcserver
ifp800
ossrv
inort
tbiosdrv
wap3gx
personalsecuredriveservice
ssisvr32
array_utility_service4,0,1,3
purgeieservice
XAudio
SeaPort
sqlagent$pinnaclesys
ups
livesrv
alerter
tosrfsnd
gdihook5
SE2Dmgmt
OEM02Afx
PTproct
vet-filt
pgfilter
netrcacm
RivaTuner32
tga
SQLAgent$LG_LP2
mvdcodec
ativraxx
mmc_2K
sfman
NSNDIS5
tvtpktfilter
DFUBTUSB
nidomainservice
ikhfile
TermService
wuauserv
BITS
ShellHWDetection
LogonHours
PCAudit
helpsvc
uploadmgr
iphlpsvc
seclogon
AppInfo
msiscsi
MMCSS
wercplsupport
EapHost
ProfSvc
schedule
hkmsvc
SessionEnv
winmgmt
browser
Themes
BDESVC
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-22 04:32]
.
2012-03-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-22 04:32]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.twitter.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xportar a Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.135 200.11.248.12 200.44.32.12
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
HKCU-Run-ASRockIES - (no file)
HKCU-Run-zASRockInstantBoot - (no file)
HKCU-Run-ASRockOCTuner - (no file)
HKCU-Run-DW7 - c:\program files\The Weather Channel\The Weather Channel App\TWCApp.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.alb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="PhotoManager10Deluxe.8.alb"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\ASRock\XFast LAN\spd.exe
c:\program files\McAfee\Common Framework\FrameworkService.exe
c:\program files\McAfee\VirusScan Enterprise\VsTskMgr.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files\McAfee\VirusScan Enterprise\mfeann.exe
c:\windows\system32\conhost.exe
c:\program files\McAfee\Common Framework\naPrdMgr.exe
c:\program files\Common Files\McAfee\SystemCore\mcshield.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\conhost.exe
c:\windows\system32\sppsvc.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Completion time: 2012-03-13 09:41:36 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-13 14:11
.
Pre-Run: 456.516.710.400 bytes libres
Post-Run: 456.232.615.936 bytes libres
.
- - End Of File - - 99FF3F6AA27E4DCA6CC324B90EF0E252

#6 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:06:24 AM

Posted 14 March 2012 - 08:50 AM

Hi Vincent,

Thanks again for your help. After I did what you told me the computer got faster, I can surf the net without problems and the Mcaffe is now enable. Audio is the only thing missing. I tried to open the sound on the control panel but it doesn't open, I also tried to play a song but there is no audio.

Okay, well lets see if these fixes change the issue with the audio.

Please press the Windows key + R.

This should display the Run Dialog box.

Type in regedit

You'll see a User Account Control warning pop-up asking for Administrator Rights. Please select Yes, when it prompts you.


In the Registry Editor, navigate to the following key (the small folder icons) - use the "+" symbols in the left panel to expand the tree entries:

HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost

In the right panel under Name, locate the following:

NETSVCS

Right click on that, and select Modify. When that display opens you will see a long list of names.

Please Copy the contents of the code box below and then in the Edit Multi-String window right click and choose Select All followed by Ctrl + V which should paste the contents below into the Edit Multi-String window for us. After you do that please click on OK to close out of the Multi-String window.

AeLookupSvc
CertPropSvc
SCPolicySvc
lanmanserver
gpsvc
IKEEXT
AudioSrv
FastUserSwitchingCompatibility
Ias
Irmon
Nla
Ntmssvc
NWCWorkstation
Nwsapagent
Rasauto
Rasman
Remoteaccess
SENS
Sharedaccess
SRService
Tapisrv
Wmi
WmdmPmSp
TermService
wuauserv
BITS
ShellHWDetection
LogonHours
PCAudit
helpsvc
uploadmgr
iphlpsvc
seclogon
AppInfo
msiscsi
MMCSS
wercplsupport
EapHost
ProfSvc
schedule
hkmsvc
SessionEnv
winmgmt
browser
Themes
BDESVC
AppMgmt
Reboot your computer.



NEXT:



ComboFix Script
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

KillAll::
File::
C:\Windows\System32\dds_log_trash.cmd
c:\windows\system32\dds_log_ad13.cmd
ClearJavaCache::

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. If ComboFix prompts you to update to the newest version, please allow it to do so. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Kindest Regards,
ST.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#7 vincent_g

vincent_g
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:24 AM

Posted 14 March 2012 - 04:33 PM

Hey ST,

The computer is fine but after what we did the audio is still missing.

Here is the Combofix log.

Thanks again and let me know if we can do something else.

ComboFix 12-03-12.03 - Gonzalo Gerbasi 14/03/2012 16:38:46.2.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.58.3082.18.3325.2259 [GMT -4,5:30]
Running from: c:\users\Gonzalo Gerbasi\Desktop\ComboFix.exe
Command switches used :: c:\users\Gonzalo Gerbasi\Desktop\CFScript.txt
AV: McAfee VirusScan Enterprise *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: McAfee VirusScan Enterprise Antispyware Module *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\system32\dds_log_ad13.cmd"
"c:\windows\System32\dds_log_trash.cmd"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\dds_log_ad13.cmd
.
.
((((((((((((((((((((((((( Files Created from 2012-02-14 to 2012-03-14 )))))))))))))))))))))))))))))))
.
.
2012-03-14 21:14 . 2012-03-14 21:14 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-14 20:56 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-14 20:56 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-14 13:10 . 2012-02-03 03:54 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 13:10 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 13:04 . 2012-01-25 05:27 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-14 13:04 . 2012-01-25 05:32 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-14 13:04 . 2012-01-25 05:32 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-14 13:04 . 2012-02-17 05:34 826880 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-14 13:04 . 2012-02-17 04:13 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-14 13:04 . 2012-02-17 04:14 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-13 14:05 . 2012-03-14 21:16 -------- d-----w- c:\users\Gonzalo Gerbasi\AppData\Local\temp
2012-03-13 13:52 . 2010-11-20 21:29 187904 ----a-w- c:\windows\system32\drivers\netbt.sys
2012-03-05 16:58 . 2012-03-05 16:58 -------- d-----w- c:\users\Gonzalo Gerbasi\AppData\Roaming\Malwarebytes
2012-03-05 16:57 . 2012-03-05 16:57 -------- d-----w- c:\programdata\Malwarebytes
2012-03-05 16:57 . 2011-12-10 19:54 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-05 16:57 . 2012-03-05 16:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-03-05 16:53 . 2012-03-05 16:53 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-04 21:18 . 2012-03-13 13:55 -------- d-----w- C:\QUARANTINE
2012-02-14 22:42 . 2011-12-30 05:27 478720 ----a-w- c:\windows\system32\timedate.cpl
2012-02-14 22:41 . 2011-12-16 07:52 690688 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-14 22:41 . 2012-01-04 08:58 442880 ----a-w- c:\windows\system32\ntshrui.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-12 12:24 . 2012-01-15 23:40 29760 ----a-w- c:\windows\system32\drivers\FNETTBOH_305.SYS
2012-01-26 04:08 . 2012-01-26 04:08 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-26 01:54 . 2012-01-26 01:54 86528 ----a-w- c:\windows\system32\iesysprep.dll
2012-01-26 01:54 . 2012-01-26 01:54 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-01-26 01:54 . 2012-01-26 01:54 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-01-26 01:54 . 2012-01-26 01:54 74752 ----a-w- c:\windows\system32\iesetup.dll
2012-01-26 01:54 . 2012-01-26 01:54 63488 ----a-w- c:\windows\system32\tdc.ocx
2012-01-26 01:54 . 2012-01-26 01:54 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-01-26 01:54 . 2012-01-26 01:54 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-01-26 01:54 . 2012-01-26 01:54 367104 ----a-w- c:\windows\system32\html.iec
2012-01-26 01:54 . 2012-01-26 01:54 35840 ----a-w- c:\windows\system32\imgutil.dll
2012-01-26 01:54 . 2012-01-26 01:54 23552 ----a-w- c:\windows\system32\licmgr10.dll
2012-01-26 01:54 . 2012-01-26 01:54 161792 ----a-w- c:\windows\system32\msls31.dll
2012-01-26 01:54 . 2012-01-26 01:54 152064 ----a-w- c:\windows\system32\wextract.exe
2012-01-26 01:54 . 2012-01-26 01:54 150528 ----a-w- c:\windows\system32\iexpress.exe
2012-01-26 01:54 . 2012-01-26 01:54 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-01-26 01:54 . 2012-01-26 01:54 11776 ----a-w- c:\windows\system32\mshta.exe
2012-01-26 01:54 . 2012-01-26 01:54 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-01-26 01:54 . 2012-01-26 01:54 101888 ----a-w- c:\windows\system32\admparse.dll
2012-01-23 02:10 . 2012-01-23 02:11 162928 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2012-01-23 02:10 . 2012-01-23 02:11 145936 ----a-w- c:\windows\system32\mfevtps.exe
2012-01-23 02:10 . 2012-01-23 02:11 74848 ----a-w- c:\windows\system32\MfeOtlkAddin.dll
2012-01-23 02:10 . 2012-01-23 02:11 85152 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2012-01-23 02:10 . 2012-01-23 02:11 22816 ----a-w- c:\windows\system32\MFEOtlk.dll
2012-01-23 02:10 . 2012-01-23 02:11 436728 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2012-01-23 02:10 . 2012-01-23 02:11 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2012-01-23 02:10 . 2012-01-23 02:11 58456 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2012-01-23 02:10 . 2012-01-23 02:11 171296 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2012-01-23 02:10 . 2012-01-23 02:11 116104 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2012-01-22 16:11 . 2012-01-22 16:11 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-01-22 16:11 . 2012-01-22 16:11 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-01-15 23:40 . 2012-01-15 23:40 14656 ----a-w- c:\windows\system32\drivers\FNETURPX.SYS
2012-01-06 04:19 . 2012-01-20 07:22 6557240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E071D7DB-BBBF-4BA9-BEAC-C89DF9B74FD2}\mpengine.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"XFastUSB"="c:\program files\XFastUSB\XFastUsb.exe" [2012-01-15 5019360]
"XFast LAN"="c:\program files\ASRock\XFast LAN\cFosSpeed.exe" [2011-10-19 1202560]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 172568]
"HDAudDeck"="c:\program files\VIA\VIAudioi\VDeck\VDeck.exe" [2011-02-22 2145904]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"ezShieldProtector for Px"="c:\windows\system32\ezSP_Px.exe" [2002-08-20 40960]
"Drag'n Drop CD+DVD"="c:\program files\Drag'n Drop CD+DVD\BinFiles\DragDrop.exe" [2003-08-08 1175552]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2012-01-22 198160]
"CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" [2009-01-29 57344]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2011-01-12 161088]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2011-01-13 215360]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-01-16 421736]
"snpstd"="c:\windows\vsnpstd.exe" [2005-10-12 339968]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
c:\users\Gonzalo Gerbasi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Recorte de pantalla e Inicio rápido de OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
Webshots.lnk - c:\program files\Webshots\Launcher.exe [2012-1-22 157008]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
Snagit 10.lnk - c:\program files\TechSmith\Snagit 10\Snagit32.exe [2010-4-13 7046984]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [2011-01-14 1839616]
R2 gupdate;Servicio de actualización de Google (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2012-01-22 136176]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]
R3 FNETTBOH_305;FNETTBOH_305;c:\windows\system32\drivers\FNETTBOH_305.SYS [2012-03-12 29760]
R3 gupdatem;Google Update Servicio (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2012-01-22 136176]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-10 20464]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-01-23 85152]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
R3 WatAdminSvc;Servicio de tecnologías de activación de Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2012-01-16 1343400]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-01-23 162928]
S1 AsrAppCharger;AsrAppCharger;c:\windows\system32\DRIVERS\AsrAppCharger.sys [2010-06-11 13832]
S1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNETURPX.SYS [2012-01-15 14656]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-01-23 145936]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot\SDWinSec.exe [2009-01-26 1153368]
S2 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\viakaraokesrv.exe [2011-02-18 27760]
S3 AsrVDrive;AsrVDrive;c:\windows\system32\DRIVERS\AsrVDrive.sys [2011-01-26 21000]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [2010-08-24 68208]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2011-02-18 1801328]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
AAeLookupSvc
AppMgmt
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-22 04:32]
.
2012-03-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-22 04:32]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.twitter.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xportar a Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.135 200.11.248.12 200.44.32.12
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.alb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="PhotoManager10Deluxe.8.alb"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\ASRock\XFast LAN\spd.exe
c:\program files\McAfee\Common Framework\FrameworkService.exe
c:\program files\McAfee\VirusScan Enterprise\VsTskMgr.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files\McAfee\Common Framework\naPrdMgr.exe
c:\program files\McAfee\VirusScan Enterprise\mfeann.exe
c:\windows\system32\conhost.exe
c:\program files\Common Files\McAfee\SystemCore\mcshield.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\conhost.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Completion time: 2012-03-14 16:49:13 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-14 21:19
.
Pre-Run: 457.668.345.856 bytes libres
Post-Run: 457.184.550.912 bytes libres
.
- - End Of File - - 892D9905863772CEE17220868AB3BD31

#8 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:06:24 AM

Posted 15 March 2012 - 12:48 AM

Good Evening Vincent!

Sorry to hear you're still experiencing issues with the audio.

I'm going to ask that you please take a look at this link here: http://support.microsoft.com/gp/no_audio_playback_windows

and follow the steps outlined there. Lets see if that can restore your audio.

Lets see what these scans find, and see where we stand then.

Malwarebytes' Anti-Malware

I see that you have Malwarebytes' Anti-Malware installed on your computer could you please do a scan using these settings:

  • Open Malwarebytes' Anti-Malware
  • Select the Update tab
  • Click Check for Updates
  • After the update have been completed, Select the Scanner tab.
  • Select Perform quick scan, then click on Scan
  • Leave the default options as it is and click on Start Scan
  • When done, you will be prompted. Click OK, then click on Show Results
  • Checked (ticked) all items and click on Remove Selected
  • After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT:



ESET Online Scanner
I'd like us to scan your machine with ESET Online Scan

Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.



  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Make sure that the option "Remove found threats" is Unchecked
  • When the Computer scan settings display shows, click the Advanced option, the place a check next to the following (if it is not already checked):
    • Enable Anti-Stealth technology
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin
    scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as
    ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NEXT:



Security Check
Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#9 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:06:24 AM

Posted 22 March 2012 - 01:35 AM

Due to lack of feedback this thread will now be closed. If you still require assistance, and would like to have your thread re-opened, please feel free to send me a Private Message (PM) being sure to include a link to your topic, and I'd be happy to re-open it.


Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users