Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Every video take so long to load and computer is slow


  • This topic is locked This topic is locked
29 replies to this topic

#1 astugo

astugo

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:24 AM

Posted 20 October 2012 - 01:12 PM

DDS log:

DDS (Ver_2012-10-19.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.9.2
Run by Amrio at 9:37:45 on 2012-10-20
Microsoft Windows XP Professional 5.1.2600.3.1252.52.3082.18.3579.2550 [GMT -4:00]
.
AV: Lavasoft Ad-Aware *Disabled/Updated* {964FCE60-0B18-4D30-ADD6-EB178909041C}
FW: Lavasoft Ad-Aware *Disabled*
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\Archivos de programa\Google\Update\1.3.21.123\GoogleCrashHandler.exe
C:\WINDOWS\Explorer.EXE
C:\Archivos de programa\Analog Devices\Core\smax4pnp.exe
C:\Archivos de programa\Analog Devices\SoundMAX\Smax4.exe
C:\Archivos de programa\Yuna Software\Messenger Plus!\PlusService.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Documents and Settings\All Users\Datos de programa\Ad-Aware Browsing Protection\adawarebp.exe
C:\Archivos de programa\Archivos comunes\Java\Java Update\jusched.exe
C:\Archivos de programa\iTunes\iTunesHelper.exe
C:\Documents and Settings\Amrio\Configuración local\Datos de programa\Akamai\netsession_win.exe
C:\Archivos de programa\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Amrio\Configuración local\Datos de programa\Akamai\netsession_win.exe
C:\Archivos de programa\SUPERAntiSpyware\SASCORE.EXE
C:\Archivos de programa\Ad-Aware Antivirus\AdAwareService.exe
C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Archivos de programa\Bonjour\mDNSResponder.exe
C:\Archivos de programa\Java\jre7\bin\jqs.exe
C:\Archivos de programa\Nero\Update\NASvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Archivos de programa\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Archivos de programa\iPod\bin\iPodService.exe
C:\Archivos de programa\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\alg.exe
C:\Documents and Settings\Amrio\Configuración local\Datos de programa\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Amrio\Configuración local\Datos de programa\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Amrio\Configuración local\Datos de programa\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Amrio\Configuración local\Datos de programa\Google\Chrome\Application\chrome.exe
C:\Archivos de programa\Internet Explorer\IEXPLORE.EXE
C:\Archivos de programa\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Amrio\Configuración local\Datos de programa\Google\Chrome\Application\chrome.exe
C:\Archivos de programa\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
C:\Documents and Settings\Amrio\Configuración local\Datos de programa\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k Akamai
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mStart Page = about:blank
uProxyOverride = <local>;*.local
mSearchAssistant = about:blank
mWinlogon: SFCDisable = dword:-99
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\archivos de programa\archivos comunes\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: FGCatchUrl: {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - c:\archivos de programa\flashget\jccatch.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - c:\archivos de programa\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\archivos de programa\spybot - search & destroy\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\archivos de programa\microsoft office\office12\GrooveShellExtensions.dll
BHO: {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} - <orphaned>
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\archivos de programa\java\jre7\bin\ssv.dll
BHO: Windows Live Aplicación auxiliar de inicio de sesión: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\archivos de programa\archivos comunes\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\archivos de programa\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\archivos de programa\java\jre7\bin\jp2ssv.dll
BHO: FlashGet GetFlash Class: {F156768E-81EF-470C-9057-481BA8380DBA} - c:\archivos de programa\flashget\getflash.dll
uRun: [SpybotSD TeaTimer] c:\archivos de programa\spybot - search & destroy\TeaTimer.exe
uRun: [Akamai NetSession Interface] "c:\documents and settings\amrio\configuración local\datos de programa\akamai\netsession_win.exe"
uRun: [SUPERAntiSpyware] c:\archivos de programa\superantispyware\SUPERAntiSpyware.exe
uRun: [Skype] "c:\archivos de programa\skype\phone\Skype.exe" /minimized /regrun
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SoundMAXPnP] c:\archivos de programa\analog devices\core\smax4pnp.exe
mRun: [SoundMAX] "c:\archivos de programa\analog devices\soundmax\Smax4.exe" /tray
mRun: [NUSB3MON] "c:\archivos de programa\nec electronics\usb 3.0 host controller driver\application\nusb3mon.exe"
mRun: [GrooveMonitor] "c:\archivos de programa\microsoft office\office12\GrooveMonitor.exe"
mRun: [PlusService] c:\archivos de programa\yuna software\messenger plus!\PlusService.exe
mRun: [LayoutM] KLayMgr.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
mRun: [nwiz] c:\archivos de programa\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [MessengerPlusForSkypeService] "c:\archivos de programa\yuna software\messenger plus! for skype\MsgPlusForSkypeService.exe"
mRun: [Ad-Aware Antivirus] "c:\archivos de programa\ad-aware antivirus\AdAwareLauncher" --windows-run
mRun: [Ad-Aware Browsing Protection] "c:\documents and settings\all users\datos de programa\ad-aware browsing protection\adawarebp.exe"
mRun: [SunJavaUpdateSched] "c:\archivos de programa\archivos comunes\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\archivos de programa\quicktime\QTTask.exe" -atboottime
mRun: [APSDaemon] "c:\archivos de programa\archivos comunes\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\archivos de programa\itunes\iTunesHelper.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: ForceClassicControlPanel = dword:1
uPolicies-Explorer: NoSMConfigurePrograms = dword:1
uPolicies-Explorer: NoResolveTrack = dword:1
mPolicies-Explorer: MaxRecentDocs = dword:30
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: ForceClassicControlPanel = dword:1
mPolicies-Explorer: NoSMConfigurePrograms = dword:1
mPolicies-Explorer: NoResolveTrack = dword:1
IE: &Download All with FlashGet - c:\archivos de programa\flashget\jc_all.htm
IE: &Download with FlashGet - c:\archivos de programa\flashget\jc_link.htm
IE: E&xportar a Microsoft Excel - c:\archiv~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\archivos de programa\microsoft office\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\archivos de programa\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - c:\archivos de programa\flashget\FlashGet.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\archivos de programa\spybot - search & destroy\SDHelper.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\archivos de programa\messenger\msmsgs.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: NameServer = 190.160.0.11 190.160.0.14 200.74.121.11
TCP: Interfaces\{38A19928-CC48-41ED-9D20-03E6BE536900} : DHCPNameServer = 190.160.0.11 190.160.0.14 200.74.121.11
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\archivos de programa\microsoft office\office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\archivos de programa\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\archivos de programa\archivos comunes\skype\Skype4COM.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\archivos de programa\microsoft office\office12\GrooveShellExtensions.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\archivos de programa\superantispyware\SASSEH.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\archivos de programa\archivos comunes\lightscribe\LSRunOnce.exe"
Hosts: 127.0.0.1 counter.kaspersky.com
Hosts: 127.0.0.1 directads.mcafee.com
Hosts: 127.0.0.1 stats.f-secure.com
Hosts: 127.0.0.1 ads.mcafee.com
Hosts: 127.0.0.1 www.spywareinfo.com
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
============= SERVICES / DRIVERS ===============
.
R0 iastor8;iastor8;c:\windows\system32\drivers\iastor8.sys [2011-2-10 354840]
R0 mv61xxmm;mv61xxmm;c:\windows\system32\drivers\mv61xxmm.sys [2011-2-10 13616]
R0 mv64xxmm;mv64xxmm;c:\windows\system32\drivers\mv64xxmm.sys [2011-2-10 5632]
R0 mvxxmm;mvxxmm;c:\windows\system32\drivers\mvxxmm.sys [2011-2-10 13616]
R0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\drivers\NBVol.sys [2012-6-6 56496]
R0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\drivers\NBVolUp.sys [2012-6-6 12464]
R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [2008-3-28 24064]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2012-5-19 242240]
R1 SASDIFSV;SASDIFSV;c:\archivos de programa\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\archivos de programa\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [2012-6-1 21240]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2012-6-1 335224]
R1 sbtis;sbtis;c:\windows\system32\drivers\sbtis.sys [2012-6-1 217976]
R2 !SASCORE;SAS Core Service;c:\archivos de programa\superantispyware\SASCORE.EXE [2011-8-11 116608]
R2 Ad-Aware Service;Ad-Aware Service;c:\archivos de programa\ad-aware antivirus\AdAwareService.exe [2012-5-3 1226096]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2008-4-14 14336]
R2 NAUpdate;Nero Update;c:\archivos de programa\nero\update\NASvc.exe [2011-11-25 687400]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-1-26 50704]
R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2012-6-1 77816]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\archivos de programa\tuneup utilities 2012\TuneUpUtilitiesService32.exe [2012-1-6 1514304]
R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k5132.sys [2011-10-15 168616]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2011-10-15 44800]
R3 SBFWIMCLMP;GFI Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [2012-6-1 94584]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\archivos de programa\tuneup utilities 2012\TuneUpUtilitiesDriver32.sys [2011-10-31 10064]
S1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2011-10-26 101112]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Servicio (gupdate);c:\archivos de programa\google\update\GoogleUpdate.exe [2012-8-30 116648]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\archivos de programa\nvidia corporation\nvidia update core\daemonu.exe [2012-2-22 2348352]
S2 SBAMSvc;Ad-Aware;c:\archivos de programa\ad-aware antivirus\SBAMSvc.exe [2011-12-19 3289032]
S2 SkypeUpdate;Skype Updater;c:\archivos de programa\skype\updater\Updater.exe [2012-7-3 160944]
S3 1394hub;1394 Enabled Hub;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-6 250808]
S3 apf001;apf001;\??\c:\archivos de programa\rakionls\bin\apf001.sys --> c:\archivos de programa\rakionls\bin\apf001.sys [?]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\eaglexnt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 gupdatem;Google Update Servicio (gupdatem);c:\archivos de programa\google\update\GoogleUpdate.exe [2012-8-30 116648]
S3 HPKBCCID;HP Keyboard Smart Card Driver;c:\windows\system32\drivers\HPKBCCID.sys [2009-8-5 48256]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 SBFWIMCL;GFI Software Firewall NDIS IM Filter Service;c:\windows\system32\drivers\SbFwIm.sys [2012-6-1 94584]
S3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [2012-6-1 93816]
S3 SRS_PremiumSound_Service;SRS Labs Premium Sound;c:\windows\system32\drivers\SRS_PremiumSound_i386.sys [2011-10-16 246000]
S3 STCFUx32;STC DFU Driver;c:\windows\system32\drivers\STCFUx32.sys [2007-1-24 7680]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2008-4-14 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 XDva391;XDva391;\??\c:\windows\system32\xdva391.sys --> c:\windows\system32\XDva391.sys [?]
S3 XDva397;XDva397;\??\c:\windows\system32\xdva397.sys --> c:\windows\system32\XDva397.sys [?]
S4 MsgPlusService;Messenger Plus! Service;c:\archivos de programa\yuna software\messenger plus! for skype\MsgPlusForSkypeService.exe [2012-2-12 124832]
S4 Skype C2C Service;Skype C2C Service;c:\documents and settings\all users\datos de programa\skype\toolbars\skype c2c service\c2c_service.exe [2012-6-19 3048136]
.
=============== Created Last 30 ================
.
2012-10-20 13:27:19 -------- d-----w- c:\archivos de programa\ESET
2012-10-20 00:49:46 -------- d-----w- c:\archivos de programa\iPod
2012-10-20 00:49:43 -------- d-----w- c:\documents and settings\all users\datos de programa\188F1432-103A-4ffb-80F1-36B633C5C9E1
2012-10-20 00:49:43 -------- d-----w- c:\archivos de programa\iTunes
2012-10-20 00:46:18 -------- d-----w- c:\archivos de programa\Bonjour
2012-10-20 00:43:46 159744 ----a-w- c:\archivos de programa\internet explorer\módulos\npqtplugin7.dll
2012-10-20 00:43:46 159744 ----a-w- c:\archivos de programa\internet explorer\módulos\npqtplugin6.dll
2012-10-20 00:43:46 159744 ----a-w- c:\archivos de programa\internet explorer\módulos\npqtplugin5.dll
2012-10-20 00:43:46 159744 ----a-w- c:\archivos de programa\internet explorer\módulos\npqtplugin4.dll
2012-10-20 00:43:46 159744 ----a-w- c:\archivos de programa\internet explorer\módulos\npqtplugin3.dll
2012-10-20 00:43:46 159744 ----a-w- c:\archivos de programa\internet explorer\módulos\npqtplugin2.dll
2012-10-20 00:43:46 159744 ----a-w- c:\archivos de programa\internet explorer\módulos\npqtplugin.dll
2012-10-19 04:23:04 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-10-19 02:25:32 447752 ----a-r- c:\windows\system32\vp6vfw.dll
2012-10-19 02:25:31 -------- d-----w- c:\archivos de programa\Microsoft WSE
2012-10-13 20:17:03 87608 ----a-w- c:\documents and settings\amrio\datos de programa\inst.exe
2012-10-13 20:17:03 47360 ----a-w- c:\documents and settings\amrio\datos de programa\pcouffin.sys
2012-10-13 19:08:22 -------- d-----w- c:\documents and settings\amrio\datos de programa\MegaCloud
2012-10-13 19:08:08 -------- d-----w- c:\documents and settings\all users\datos de programa\Web Installer
2012-10-09 05:14:08 10220472 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2012-10-08 02:11:58 -------- d-----w- c:\archivos de programa\LOLReplay
2012-09-26 16:02:32 -------- d-----w- c:\archivos de programa\VTR
.
==================== Find3M ====================
.
2012-10-16 18:46:49 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-16 18:46:49 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-05 20:26:40 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-09-05 20:26:40 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-21 17:01:22 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-08-21 17:01:22 106928 ----a-w- c:\windows\system32\GEARAspi.dll
2012-08-04 03:23:07 140072 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2012-08-04 03:23:01 283312 ----a-w- c:\windows\system32\PnkBstrB.xtr
2012-08-04 03:23:01 283312 ----a-w- c:\windows\system32\PnkBstrB.exe
2012-08-04 03:19:57 283312 ----a-w- c:\windows\system32\PnkBstrB.ex0
2012-08-04 01:38:10 138904 ----a-w- c:\documents and settings\amrio\datos de programa\PnkBstrK.sys
2012-08-04 01:37:47 76888 ----a-w- c:\windows\system32\PnkBstrA.exe
.
============= FINISH: 9:38:17.32 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:24 AM

Posted 22 October 2012 - 12:02 PM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.




These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.

-Security Check-

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 astugo

astugo
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:24 AM

Posted 22 October 2012 - 04:19 PM

Hello, thanks for helping through :)





1) Security Check (checkup):



Results of screen317's Security Check version 0.99.53
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Lavasoft Ad-Aware
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Ad-Aware
MVPS Hosts File
Spybot - Search & Destroy
SUPERAntiSpyware
TuneUp Utilities 2012
TuneUp Utilities Language Pack (es-ES)
JavaFX 2.1.1
Java™ 6 Update 31
Java 7 Update 9
Adobe Flash Player 11.4.402.287
Adobe Reader X 10.1.1 Adobe Reader out of Date!
````````Process Check: objlist.exe by Laurent````````
Ad-Aware AAWService.exe is disabled!
Ad-Aware AAWTray.exe is disabled!
Ad-Aware Antivirus AdAwareService.exe
Ad-Aware Antivirus SBAMSvc.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 4%
````````````````````End of Log``````````````````````






2)AdwCleaner (it's in Spanish... tell me if you need help with it D:)




# AdwCleaner v2.005 - Fichero creado el 22/10/2012 a 18:11:37
# Actualizado el 14/10/2012 por Xplode
# Sistema operativo : Microsoft Windows XP Service Pack 3 (32 bits)
# Usuario : Amrio - C62F3C91C97846A
# Modo de inicio : Normal
# Ejecutado desde : C:\Documents and Settings\Amrio\Escritorio\adwcleaner.exe
# Opción [Supresión]


***** [Servicios] *****


***** [Ficheros / Carpetas] *****


***** [Registro] *****

Clave Supprimida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}

***** [Navegadores] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] El registro no contiene ninguna entrada ilegítima.

*************************

AdwCleaner[S1].txt - [7149 octets] - [20/10/2012 09:19:09]
AdwCleaner[R1].txt - [917 octets] - [20/10/2012 09:21:14]
AdwCleaner[S2].txt - [830 octets] - [22/10/2012 18:11:37]

########## EOF - C:\AdwCleaner[S2].txt - [889 octets] ##########





3)RogueKiller:




RogueKiller V8.1.1 [10/01/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Amrio [Admin rights]
Mode : Remove -- Date : 10/22/2012 18:18:07

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> REPLACED (1)
[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
SSDT[97] : NtLoadDriver @ 0x80584160 -> HOOKED (\SystemRoot\system32\drivers\sbhips.sys @ 0xA5E33FF4)
SSDT[108] : NtMapViewOfSection @ 0x805B2066 -> HOOKED (\SystemRoot\system32\drivers\sbhips.sys @ 0xA5E341AA)

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost
127.0.0.1 localhost.localdomain
255.255.255.255 broadcasthost
::1 localhost
127.0.0.1 local
127.0.0.1 3dns-2.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 activate.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
127.0.0.1 adobeereg.com
127.0.0.1 ereg.adobe.com
127.0.0.1 ereg.wip3.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 wip3.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
[...]


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST3500418AS +++++
--- User ---
[MBR] d674d474f90009165c365047c23e2cc5
[BSP] f5e1b831b684ea918adb448322c99e8d : Windows XP MBR Code
Partition table:
0 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 16065 | Size: 460543 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 943210496 | Size: 16385 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt



Thank you :)

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:24 AM

Posted 22 October 2012 - 04:30 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 astugo

astugo
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:24 AM

Posted 22 October 2012 - 05:05 PM

log:

ComboFix 12-10-22.02 - Amrio 22/10/2012 18:51:11.1.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.52.3082.18.3579.2953 [GMT -4:00]
Running from: c:\documents and settings\Amrio\Escritorio\ComboFix.exe
AV: Lavasoft Ad-Aware *Disabled/Updated* {964FCE60-0B18-4D30-ADD6-EB178909041C}
FW: Lavasoft Ad-Aware *Disabled* {FF1CD5B7-1553-4625-A258-1775385CED33}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Amrio\Datos de programa\inst.exe
c:\documents and settings\Amrio\Datos de programa\vso_ts_preview.xml
c:\documents and settings\Amrio\WINDOWS
C:\prefs.js
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\FlashPlayerInstaller.exe
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
D:\Autorun.inf
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NVSVC
-------\Service_NVSvc
.
.
((((((((((((((((((((((((( Files Created from 2012-09-22 to 2012-10-22 )))))))))))))))))))))))))))))))
.
.
2012-10-20 13:27 . 2012-10-20 13:27 -------- d-----w- c:\archivos de programa\ESET
2012-10-20 00:49 . 2012-10-20 00:49 -------- d-----w- c:\archivos de programa\iPod
2012-10-20 00:49 . 2012-10-20 00:50 -------- d-----w- c:\documents and settings\All Users\Datos de programa\188F1432-103A-4ffb-80F1-36B633C5C9E1
2012-10-20 00:49 . 2012-10-20 00:50 -------- d-----w- c:\archivos de programa\iTunes
2012-10-20 00:46 . 2012-10-20 00:46 -------- d-----w- c:\archivos de programa\Bonjour
2012-10-20 00:43 . 2012-10-20 00:43 159744 ----a-w- c:\archivos de programa\Internet Explorer\Módulos\npqtplugin7.dll
2012-10-20 00:43 . 2012-10-20 00:43 159744 ----a-w- c:\archivos de programa\Internet Explorer\Módulos\npqtplugin6.dll
2012-10-20 00:43 . 2012-10-20 00:43 159744 ----a-w- c:\archivos de programa\Internet Explorer\Módulos\npqtplugin5.dll
2012-10-20 00:43 . 2012-10-20 00:43 159744 ----a-w- c:\archivos de programa\Internet Explorer\Módulos\npqtplugin4.dll
2012-10-20 00:43 . 2012-10-20 00:43 159744 ----a-w- c:\archivos de programa\Internet Explorer\Módulos\npqtplugin3.dll
2012-10-20 00:43 . 2012-10-20 00:43 159744 ----a-w- c:\archivos de programa\Internet Explorer\Módulos\npqtplugin2.dll
2012-10-20 00:43 . 2012-10-20 00:43 159744 ----a-w- c:\archivos de programa\Internet Explorer\Módulos\npqtplugin.dll
2012-10-20 00:43 . 2012-10-20 00:43 -------- d-----w- c:\archivos de programa\QuickTime
2012-10-19 04:23 . 2012-09-25 03:16 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-10-19 02:25 . 2008-09-05 00:22 447752 ----a-r- c:\windows\system32\vp6vfw.dll
2012-10-19 02:25 . 2012-10-19 02:25 -------- d-----w- c:\archivos de programa\Microsoft WSE
2012-10-19 02:17 . 2012-10-19 02:17 -------- d-----w- c:\archivos de programa\Electronic Arts
2012-10-13 20:17 . 2012-10-13 20:17 47360 ----a-w- c:\documents and settings\Amrio\Datos de programa\pcouffin.sys
2012-10-13 19:08 . 2012-10-13 20:25 -------- d-----w- c:\documents and settings\Amrio\Datos de programa\MegaCloud
2012-10-13 19:08 . 2012-10-13 19:08 -------- d-----w- c:\documents and settings\All Users\Datos de programa\Web Installer
2012-10-10 09:33 . 2012-10-10 09:33 -------- d-----w- c:\documents and settings\Amrio\Configuración local\Datos de programa\SplitMediaLabs
2012-10-08 02:11 . 2012-10-08 03:07 -------- d-----w- c:\archivos de programa\LOLReplay
2012-09-26 16:02 . 2012-09-26 16:02 -------- d-----w- c:\archivos de programa\VTR
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-16 18:46 . 2012-04-06 16:51 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-16 18:46 . 2011-10-16 05:24 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-05 20:26 . 2012-06-16 16:59 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-09-05 20:26 . 2011-10-16 06:28 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-21 17:01 . 2012-08-17 02:44 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-08-21 17:01 . 2012-08-17 02:44 106928 ----a-w- c:\windows\system32\GEARAspi.dll
2012-08-04 03:23 . 2012-08-04 01:38 140072 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2012-08-04 03:23 . 2012-08-04 02:04 283312 ----a-w- c:\windows\system32\PnkBstrB.xtr
2012-08-04 03:23 . 2012-08-04 01:37 283312 ----a-w- c:\windows\system32\PnkBstrB.exe
2012-08-04 03:19 . 2012-08-04 01:37 283312 ----a-w- c:\windows\system32\PnkBstrB.ex0
2012-08-04 01:38 . 2012-08-04 01:38 138904 ----a-w- c:\documents and settings\Amrio\Datos de programa\PnkBstrK.sys
2012-08-04 01:37 . 2012-08-04 01:37 76888 ----a-w- c:\windows\system32\PnkBstrA.exe
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . A5BC817BB84DCB9E71719FF868144124 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-04-14 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\documents and settings\Amrio\Datos de programa\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\documents and settings\Amrio\Datos de programa\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\documents and settings\Amrio\Datos de programa\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\documents and settings\Amrio\Datos de programa\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\archivos de programa\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Akamai NetSession Interface"="c:\documents and settings\Amrio\Configuración local\Datos de programa\Akamai\netsession_win.exe" [2012-08-10 4440896]
"SUPERAntiSpyware"="c:\archivos de programa\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-10-16 4762496]
"Skype"="c:\archivos de programa\Skype\Phone\Skype.exe" [2012-07-13 17418928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LayoutM"="KLayMgr.exe " [X]
"Ad-Aware Antivirus"="c:\archivos de programa\Ad-Aware Antivirus\AdAwareLauncher --windows-run" [X]
"SoundMAXPnP"="c:\archivos de programa\Analog Devices\Core\smax4pnp.exe" [2008-12-11 1044480]
"NUSB3MON"="c:\archivos de programa\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-01-22 106496]
"GrooveMonitor"="c:\archivos de programa\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"PlusService"="c:\archivos de programa\Yuna Software\Messenger Plus!\PlusService.exe" [2012-07-24 801792]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2012-02-29 15494464]
"NvMediaCenter"="NvMCTray.dll" [2012-02-29 108352]
"nwiz"="c:\archivos de programa\NVIDIA Corporation\nview\nwiz.exe" [2012-02-29 1634112]
"MessengerPlusForSkypeService"="c:\archivos de programa\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe" [2012-01-22 124832]
"Ad-Aware Browsing Protection"="c:\documents and settings\All Users\Datos de programa\Ad-Aware Browsing Protection\adawarebp.exe" [2011-10-21 198032]
"SunJavaUpdateSched"="c:\archivos de programa\Archivos comunes\Java\Java Update\jusched.exe" [2012-07-03 252848]
"APSDaemon"="c:\archivos de programa\Archivos comunes\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_3"="advpack.dll" [2011-03-08 128512]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"MaxRecentDocs"= 30 (0x1e)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\archivos de programa\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]
@="Ad-Aware Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Google Update"="c:\documents and settings\Amrio\Configuración local\Datos de programa\Google\Update\GoogleUpdate.exe" /c
"LightScribe Control Panel"=c:\archivos de programa\Archivos comunes\LightScribe\LightScribeControlPanel.exe -hidden
"CTFMON.EXE"=c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"MessengerPlusForSkypeService"="c:\archivos de programa\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe"
"iTunesHelper"="c:\archivos de programa\iTunes\iTunesHelper.exe"
"APSDaemon"="c:\archivos de programa\Archivos comunes\Apple\Apple Application Support\APSDaemon.exe"
"NBAgent"="c:\archivos de programa\Nero\Nero 11\Nero BackItUp\NBAgent.exe" /WinStart
"Adobe ARM"="c:\archivos de programa\Archivos comunes\Adobe\ARM\1.0\AdobeARM.exe"
"DivXUpdate"="c:\archivos de programa\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"QuickTime Task"="c:\archivos de programa\QuickTime\QTTask.exe" -atboottime
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Archivos de programa\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Archivos de programa\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Archivos de programa\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Archivos de programa\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Archivos de programa\\uTorrent\\uTorrent.exe"=
"c:\\Archivos de programa\\Ventrilo\\Ventrilo.exe"=
"c:\\Archivos de programa\\FlashGet\\flashget.exe"=
"c:\\Archivos de programa\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Documents and Settings\\Amrio\\Configuración local\\Datos de programa\\Akamai\\netsession_win.exe"=
"c:\\Archivos de programa\\Steam\\Steam.exe"=
"c:\\Archivos de programa\\Allods Online EU\\bin\\Launcher.exe"=
"c:\\Documents and Settings\\Amrio\\Mis documentos\\Downloads\\StarTrekOnline_EN_17.20111218a.12.exe"=
"c:\\Archivos de programa\\Microsoft Silverlight\\sllauncher.exe"=
"c:\\Archivos de programa\\Pando Networks\\Media Booster\\uninst.exe"=
"c:\\Archivos de programa\\Pando Networks\\Media Booster\\BsSndRpt.exe"=
"c:\\Archivos de programa\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=
"c:\\BrawlBustersDownloader\\BBDownLoader.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Archivos de programa\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Archivos de programa\\Skype\\Phone\\Skype.exe"=
"c:\\Documents and Settings\\Amrio\\Datos de programa\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Archivos de programa\\Archivos comunes\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Archivos de programa\\Bonjour\\mDNSResponder.exe"=
"c:\\Archivos de programa\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Administración remota de Windows
"57794:TCP"= 57794:TCP:Pando Media Booster
"57794:UDP"= 57794:UDP:Pando Media Booster
"57527:TCP"= 57527:TCP:Pando Media Booster
"57527:UDP"= 57527:UDP:Pando Media Booster
"58834:TCP"= 58834:TCP:Pando Media Booster
"58834:UDP"= 58834:UDP:Pando Media Booster
"563:TCP"= 563:TCP:pando
"563:UDP"= 563:UDP:pando
"443:UDP"= 443:UDP:pando
"57003:TCP"= 57003:TCP:Pando Media Booster
"57003:UDP"= 57003:UDP:Pando Media Booster
"58420:TCP"= 58420:TCP:Pando Media Booster
"58420:UDP"= 58420:UDP:Pando Media Booster
"1054:TCP"= 1054:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
.
R0 iastor8;iastor8;c:\windows\system32\drivers\iastor8.sys [10/02/2011 02:36 a.m. 354840]
R0 mv61xxmm;mv61xxmm;c:\windows\system32\drivers\mv61xxmm.sys [10/02/2011 02:37 a.m. 13616]
R0 mv64xxmm;mv64xxmm;c:\windows\system32\drivers\mv64xxmm.sys [10/02/2011 02:37 a.m. 5632]
R0 mvxxmm;mvxxmm;c:\windows\system32\drivers\mvxxmm.sys [10/02/2011 02:37 a.m. 13616]
R0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\drivers\NBVol.sys [06/06/2012 02:33 p.m. 56496]
R0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\drivers\NBVolUp.sys [06/06/2012 02:33 p.m. 12464]
R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [28/03/2008 10:14 a.m. 24064]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [19/05/2012 02:22 p.m. 242240]
R1 SASDIFSV;SASDIFSV;c:\archivos de programa\SUPERAntiSpyware\sasdifsv.sys [22/07/2011 12:27 p.m. 12880]
R1 SASKUTIL;SASKUTIL;c:\archivos de programa\SUPERAntiSpyware\SASKUTIL.SYS [12/07/2011 05:55 p.m. 67664]
R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [01/06/2012 08:20 p.m. 21240]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [01/06/2012 08:19 p.m. 335224]
R1 sbtis;sbtis;c:\windows\system32\drivers\sbtis.sys [01/06/2012 08:20 p.m. 217976]
R2 !SASCORE;SAS Core Service;c:\archivos de programa\SUPERAntiSpyware\SASCORE.EXE [11/08/2011 07:38 p.m. 116608]
R2 Ad-Aware Service;Ad-Aware Service;c:\archivos de programa\Ad-Aware Antivirus\AdAwareService.exe [03/05/2012 06:37 p.m. 1226096]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [14/04/2008 07:00 a.m. 14336]
R2 NAUpdate;Nero Update;c:\archivos de programa\Nero\Update\NASvc.exe [25/11/2011 04:32 p.m. 687400]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [26/01/2010 10:09 p.m. 50704]
R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [01/06/2012 08:20 p.m. 77816]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\archivos de programa\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe [06/01/2012 07:46 a.m. 1514304]
R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k5132.sys [15/10/2011 08:17 p.m. 168616]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [15/10/2011 08:17 p.m. 44800]
R3 SBFWIMCLMP;GFI Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [01/06/2012 08:19 p.m. 94584]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\archivos de programa\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys [31/10/2011 03:22 p.m. 10064]
S1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [26/10/2011 02:23 p.m. 101112]
S2 gupdate;Google Update Servicio (gupdate);c:\archivos de programa\Google\Update\GoogleUpdate.exe [30/08/2012 01:44 a.m. 116648]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\archivos de programa\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [22/02/2012 02:31 a.m. 2348352]
S2 SBAMSvc;Ad-Aware;c:\archivos de programa\Ad-Aware Antivirus\SBAMSvc.exe [19/12/2011 01:20 p.m. 3289032]
S2 SkypeUpdate;Skype Updater;c:\archivos de programa\Skype\Updater\Updater.exe [03/07/2012 01:19 p.m. 160944]
S3 1394hub;1394 Enabled Hub;c:\windows\system32\svchost.exe -k netsvcs [14/04/2008 07:00 a.m. 14336]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [06/04/2012 12:51 p.m. 250808]
S3 apf001;apf001;\??\c:\archivos de programa\RakionLS\Bin\apf001.sys --> c:\archivos de programa\RakionLS\Bin\apf001.sys [?]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 gupdatem;Google Update Servicio (gupdatem);c:\archivos de programa\Google\Update\GoogleUpdate.exe [30/08/2012 01:44 a.m. 116648]
S3 HPKBCCID;HP Keyboard Smart Card Driver;c:\windows\system32\drivers\HPKBCCID.sys [05/08/2009 05:56 a.m. 48256]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 SBFWIMCL;GFI Software Firewall NDIS IM Filter Service;c:\windows\system32\drivers\SbFwIm.sys [01/06/2012 08:19 p.m. 94584]
S3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [01/06/2012 08:20 p.m. 93816]
S3 SRS_PremiumSound_Service;SRS Labs Premium Sound;c:\windows\system32\drivers\SRS_PremiumSound_i386.sys [16/10/2011 12:45 a.m. 246000]
S3 STCFUx32;STC DFU Driver;c:\windows\system32\drivers\STCFUx32.sys [24/01/2007 01:01 a.m. 7680]
S3 XDva391;XDva391;\??\c:\windows\system32\XDva391.sys --> c:\windows\system32\XDva391.sys [?]
S3 XDva397;XDva397;\??\c:\windows\system32\XDva397.sys --> c:\windows\system32\XDva397.sys [?]
S4 MsgPlusService;Messenger Plus! Service;c:\archivos de programa\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe [12/02/2012 06:02 p.m. 124832]
S4 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Datos de programa\Skype\Toolbars\Skype C2C Service\c2c_service.exe [19/06/2012 05:32 p.m. 3048136]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2011-03-04 16:29 451872 ----a-w- c:\archivos de programa\Archivos comunes\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-21 c:\windows\Tasks\Ad-Aware Antivirus Scheduled Scan.job
- c:\archiv~1\AD-AWA~1\AdAwareLauncher.exe [2012-05-03 22:37]
.
2012-10-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 18:46]
.
2012-10-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\archivos de programa\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
2012-10-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\archivos de programa\Google\Update\GoogleUpdate.exe [2012-08-30 05:36]
.
2012-10-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\archivos de programa\Google\Update\GoogleUpdate.exe [2012-08-30 05:36]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = about:blank
uInternet Settings,ProxyOverride = <local>;*.local
IE: &Download All with FlashGet - c:\archivos de programa\FlashGet\jc_all.htm
IE: &Download with FlashGet - c:\archivos de programa\FlashGet\jc_link.htm
IE: E&xportar a Microsoft Excel - c:\archiv~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 190.160.0.11 190.160.0.14 200.74.121.11
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-AP Guitar Tuner - c:\archivos de programa\Audio Phonics
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-10-22 18:56
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Akamai]
"ServiceDll"="c:\archivos de programa\archivos comunes\akamai/netsession_win_5891ae0.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3872)
c:\windows\system32\WININET.dll
c:\documents and settings\All Users\Datos de programa\Ad-Aware Browsing Protection\adawarebp.dll
c:\documents and settings\Amrio\Datos de programa\Dropbox\bin\DropboxExt.14.dll
c:\archivos de programa\Windows Media Player\wmpband.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\SCardSvr.exe
c:\archivos de programa\Google\Update\1.3.21.123\GoogleCrashHandler.exe
c:\archivos de programa\Archivos comunes\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\archivos de programa\Bonjour\mDNSResponder.exe
c:\archivos de programa\Java\jre7\bin\jqs.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\RunDLL32.exe
c:\archivos de programa\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Completion time: 2012-10-22 18:58:48 - machine was rebooted
ComboFix-quarantined-files.txt 2012-10-22 22:58
.
Pre-Run: 221,968,097,280 bytes libres
Post-Run: 221,974,216,704 bytes libres
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional SP3" /noexecute=optin /fastdetect
.
- - End Of File - - EC1671A96C26E319E999A6182FF6045B



I had to install the Recovery Console and it went fine. Everything is running OK and doesn't look lagged or anything... even at restarting (once needed), it went smooth and with normal speed, starting programs like my protection programs and Skype were normal as well. I think that maybe everything is better now :)

It's just my first impression though. I'll be waiting for your response, thanks.

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:24 AM

Posted 22 October 2012 - 11:37 PM

Greetings astugo

I like to give things a good looking over so I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 astugo

astugo
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:24 AM

Posted 23 October 2012 - 11:24 AM

Hello,

TDSSKiller:



12:32:08.0921 1796 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
12:32:09.0390 1796 ============================================================
12:32:09.0390 1796 Current date / time: 2012/10/23 12:32:09.0390
12:32:09.0390 1796 SystemInfo:
12:32:09.0390 1796
12:32:09.0390 1796 OS Version: 5.1.2600 ServicePack: 3.0
12:32:09.0390 1796 Product type: Workstation
12:32:09.0390 1796 ComputerName: C62F3C91C97846A
12:32:09.0390 1796 UserName: Amrio
12:32:09.0390 1796 Windows directory: C:\WINDOWS
12:32:09.0390 1796 System windows directory: C:\WINDOWS
12:32:09.0390 1796 Processor architecture: Intel x86
12:32:09.0390 1796 Number of processors: 4
12:32:09.0390 1796 Page size: 0x1000
12:32:09.0390 1796 Boot type: Normal boot
12:32:09.0390 1796 ============================================================
12:32:09.0703 1796 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
12:32:09.0703 1796 ============================================================
12:32:09.0703 1796 \Device\Harddisk0\DR0:
12:32:09.0703 1796 MBR partitions:
12:32:09.0703 1796 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F00, BlocksNum 0x3837F858
12:32:09.0703 1796 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x38384000, BlocksNum 0x2000800
12:32:09.0703 1796 ============================================================
12:32:09.0765 1796 D: <-> \Device\Harddisk0\DR0\Partition2
12:32:09.0796 1796 C: <-> \Device\Harddisk0\DR0\Partition1
12:32:09.0796 1796 ============================================================
12:32:09.0796 1796 Initialize success
12:32:09.0796 1796 ============================================================
12:45:56.0500 3060 ============================================================
12:45:56.0500 3060 Scan started
12:45:56.0500 3060 Mode: Manual;
12:45:56.0500 3060 ============================================================
12:45:56.0687 3060 ================ Scan system memory ========================
12:45:56.0687 3060 System memory - ok
12:45:56.0687 3060 ================ Scan services =============================
12:45:56.0750 3060 [ 01E81C84AD1D0ACC61CF3CFD06632210 ] !SASCORE C:\Archivos de programa\SUPERAntiSpyware\SASCORE.EXE
12:45:56.0765 3060 !SASCORE - ok
12:45:56.0875 3060 1394hub - ok
12:45:56.0890 3060 Abiosdsk - ok
12:45:56.0890 3060 abp480n5 - ok
12:45:56.0921 3060 [ CF2A07E1751A2D612D7E13AA431AB057 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
12:45:56.0921 3060 ACPI - ok
12:45:56.0937 3060 [ 1C905333C0B9F3D7C68DDF25E54B00F9 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
12:45:56.0937 3060 ACPIEC - ok
12:45:56.0984 3060 [ 09E61047B0CEF21559CFCEDF4F14D216 ] Ad-Aware Service C:\Archivos de programa\Ad-Aware Antivirus\AdAwareService.exe
12:45:57.0000 3060 Ad-Aware Service - ok
12:45:57.0031 3060 [ 2DC6FF5DA4EA7CA1D4128A7541734B9F ] ADIHdAudAddService C:\WINDOWS\system32\drivers\ADIHdAud.sys
12:45:57.0031 3060 ADIHdAudAddService - ok
12:45:57.0062 3060 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
12:45:57.0062 3060 AdobeFlashPlayerUpdateSvc - ok
12:45:57.0078 3060 adpu160m - ok
12:45:57.0078 3060 [ 3BC9C8BAF983B583E14088E6FF74A8A1 ] AEAudio C:\WINDOWS\system32\drivers\AEAudio.sys
12:45:57.0078 3060 AEAudio - ok
12:45:57.0093 3060 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
12:45:57.0093 3060 aec - ok
12:45:57.0125 3060 [ F6B7B1ECD7B41736BDB6FF4B092BCB79 ] AFD C:\WINDOWS\System32\drivers\afd.sys
12:45:57.0125 3060 AFD - ok
12:45:57.0125 3060 Aha154x - ok
12:45:57.0125 3060 aic78u2 - ok
12:45:57.0125 3060 aic78xx - ok
12:45:57.0250 3060 [ 0923671CF87CD511E46D4668B53F5E76 ] Akamai c:\archivos de programa\archivos comunes\akamai/netsession_win_5891ae0.dll
12:45:57.0250 3060 Suspicious file (Hidden): c:\archivos de programa\archivos comunes\akamai/netsession_win_5891ae0.dll. md5: 0923671CF87CD511E46D4668B53F5E76
12:45:57.0250 3060 Akamai ( HiddenFile.Multi.Generic ) - warning
12:45:57.0250 3060 Akamai - detected HiddenFile.Multi.Generic (1)
12:45:57.0281 3060 [ FEDCA791A089D4E15084DA10F38BCE45 ] Alerter C:\WINDOWS\system32\alrsvc.dll
12:45:57.0296 3060 Alerter - ok
12:45:57.0296 3060 [ 764B7A1E6AE2D70416A7932F3B97AC99 ] ALG C:\WINDOWS\System32\alg.exe
12:45:57.0296 3060 ALG - ok
12:45:57.0296 3060 AliIde - ok
12:45:57.0296 3060 amsint - ok
12:45:57.0328 3060 apf001 - ok
12:45:57.0375 3060 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\AppleMobileDeviceService.exe
12:45:57.0375 3060 Apple Mobile Device - ok
12:45:57.0390 3060 [ 30CD42BFCDAFEFE8567B9E527DD3AE08 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
12:45:57.0390 3060 AppMgmt - ok
12:45:57.0390 3060 asc - ok
12:45:57.0390 3060 asc3350p - ok
12:45:57.0406 3060 asc3550 - ok
12:45:57.0468 3060 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
12:45:57.0484 3060 aspnet_state - ok
12:45:57.0500 3060 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
12:45:57.0500 3060 AsyncMac - ok
12:45:57.0515 3060 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
12:45:57.0515 3060 atapi - ok
12:45:57.0515 3060 Atdisk - ok
12:45:57.0531 3060 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
12:45:57.0531 3060 Atmarpc - ok
12:45:57.0546 3060 [ A37F6480B06C37DB69BBFF045CF9F55B ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
12:45:57.0546 3060 AudioSrv - ok
12:45:57.0562 3060 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
12:45:57.0578 3060 audstub - ok
12:45:57.0578 3060 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
12:45:57.0593 3060 Beep - ok
12:45:57.0609 3060 [ 8EE9639C01B92490E09638CAA1B16C3C ] BITS C:\WINDOWS\system32\qmgr.dll
12:45:57.0625 3060 BITS - ok
12:45:57.0656 3060 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Archivos de programa\Bonjour\mDNSResponder.exe
12:45:57.0671 3060 Bonjour Service - ok
12:45:57.0687 3060 [ F934D1B230F84E1D19DD00AC5A7A83ED ] Bridge C:\WINDOWS\system32\DRIVERS\bridge.sys
12:45:57.0687 3060 Bridge - ok
12:45:57.0687 3060 [ F934D1B230F84E1D19DD00AC5A7A83ED ] BridgeMP C:\WINDOWS\system32\DRIVERS\bridge.sys
12:45:57.0687 3060 BridgeMP - ok
12:45:57.0703 3060 [ E28818BD591F8AF8FBE9897472B9665E ] Browser C:\WINDOWS\System32\browser.dll
12:45:57.0703 3060 Browser - ok
12:45:57.0718 3060 catchme - ok
12:45:57.0718 3060 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
12:45:57.0718 3060 cbidf2k - ok
12:45:57.0734 3060 cd20xrnt - ok
12:45:57.0734 3060 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
12:45:57.0734 3060 Cdaudio - ok
12:45:57.0750 3060 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
12:45:57.0750 3060 Cdfs - ok
12:45:57.0765 3060 [ 4B0A100EAF5C49EF3CCA8C641431EACC ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
12:45:57.0765 3060 Cdrom - ok
12:45:57.0765 3060 Changer - ok
12:45:57.0765 3060 [ B0E3FEC4EE7B935A7387FD6EF31EA780 ] CiSvc C:\WINDOWS\system32\cisvc.exe
12:45:57.0781 3060 CiSvc - ok
12:45:57.0781 3060 [ 0C3BF68AB94CEFD64B333B326F84510E ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
12:45:57.0781 3060 ClipSrv - ok
12:45:57.0812 3060 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:45:57.0828 3060 clr_optimization_v2.0.50727_32 - ok
12:45:57.0843 3060 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:45:57.0890 3060 clr_optimization_v4.0.30319_32 - ok
12:45:57.0890 3060 CmdIde - ok
12:45:57.0890 3060 COMSysApp - ok
12:45:57.0890 3060 Cpqarray - ok
12:45:57.0906 3060 [ E423C9C1946C656E0E4840210A0A8681 ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
12:45:57.0921 3060 CryptSvc - ok
12:45:57.0921 3060 dac2w2k - ok
12:45:57.0921 3060 dac960nt - ok
12:45:57.0937 3060 [ AEF41FC6F108CC4F94F9B4E96AFA9C70 ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
12:45:57.0953 3060 DcomLaunch - ok
12:45:57.0953 3060 [ 2DDFB3A5679FA02366686ECB1AF622F0 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
12:45:57.0953 3060 Dhcp - ok
12:45:57.0968 3060 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
12:45:57.0968 3060 Disk - ok
12:45:57.0968 3060 dmadmin - ok
12:45:58.0000 3060 [ C252A99C0A78B39FAA2E2D1D048B1050 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
12:45:58.0000 3060 dmboot - ok
12:45:58.0015 3060 [ 33B4D4039CD2CB25351A7BF13B2988D9 ] dmio C:\WINDOWS\system32\drivers\dmio.sys
12:45:58.0015 3060 dmio - ok
12:45:58.0046 3060 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
12:45:58.0046 3060 dmload - ok
12:45:58.0046 3060 [ 40D0520DDAA9312C5DDDD8C7C99D8325 ] dmserver C:\WINDOWS\System32\dmserver.dll
12:45:58.0046 3060 dmserver - ok
12:45:58.0078 3060 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
12:45:58.0078 3060 DMusic - ok
12:45:58.0078 3060 [ 5068F136A53EF607909BDA7BF2D3498C ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
12:45:58.0078 3060 Dnscache - ok
12:45:58.0093 3060 [ 412134C50E2063D882EF1634676E2B25 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
12:45:58.0093 3060 Dot3svc - ok
12:45:58.0093 3060 dpti2o - ok
12:45:58.0109 3060 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
12:45:58.0109 3060 drmkaud - ok
12:45:58.0140 3060 [ 687AF6BB383885FF6A64071B189A7F3E ] dtsoftbus01 C:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys
12:45:58.0140 3060 dtsoftbus01 - ok
12:45:58.0156 3060 [ 8BED3DBBB13D2C8E1C1C9DECEC309826 ] e1kexpress C:\WINDOWS\system32\DRIVERS\e1k5132.sys
12:45:58.0156 3060 e1kexpress - ok
12:45:58.0156 3060 EagleXNt - ok
12:45:58.0171 3060 [ FC3FE3654588E597FFF395C305062C46 ] EapHost C:\WINDOWS\System32\eapsvc.dll
12:45:58.0171 3060 EapHost - ok
12:45:58.0171 3060 ERSvc - ok
12:45:58.0187 3060 [ AA6E1769469F9D15603A619FC1FB9E18 ] Eventlog C:\WINDOWS\system32\services.exe
12:45:58.0187 3060 Eventlog - ok
12:45:58.0203 3060 [ 6EC3C2A5CEA41B78BB55B30444292CB8 ] EventSystem C:\WINDOWS\system32\es.dll
12:45:58.0203 3060 EventSystem - ok
12:45:58.0234 3060 [ 4D893323DAE445E34A4C9038B0551BC9 ] exFat C:\WINDOWS\system32\drivers\exFat.sys
12:45:58.0234 3060 exFat - ok
12:45:58.0250 3060 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
12:45:58.0250 3060 Fastfat - ok
12:45:58.0265 3060 [ 8A34F9730A2206726B1BE4DC4209CAB9 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
12:45:58.0265 3060 FastUserSwitchingCompatibility - ok
12:45:58.0281 3060 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
12:45:58.0281 3060 Fdc - ok
12:45:58.0281 3060 [ E5E61F2C07344E91DBFB7EAFDE549AB4 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
12:45:58.0281 3060 Fips - ok
12:45:58.0296 3060 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
12:45:58.0296 3060 Flpydisk - ok
12:45:58.0312 3060 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
12:45:58.0328 3060 FltMgr - ok
12:45:58.0359 3060 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
12:45:58.0359 3060 FontCache3.0.0.0 - ok
12:45:58.0375 3060 [ 30D42943A54704EF13E2562911DBFCEA ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
12:45:58.0375 3060 Fs_Rec - ok
12:45:58.0390 3060 [ CC5F3AF5711A1C7C8FA1D43BB16B401A ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
12:45:58.0390 3060 Ftdisk - ok
12:45:58.0421 3060 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
12:45:58.0421 3060 GEARAspiWDM - ok
12:45:58.0453 3060 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
12:45:58.0453 3060 Gpc - ok
12:45:58.0468 3060 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Archivos de programa\Google\Update\GoogleUpdate.exe
12:45:58.0468 3060 gupdate - ok
12:45:58.0484 3060 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Archivos de programa\Google\Update\GoogleUpdate.exe
12:45:58.0484 3060 gupdatem - ok
12:45:58.0500 3060 [ 833051C6C6C42117191935F734CFBD97 ] hamachi C:\WINDOWS\system32\DRIVERS\hamachi.sys
12:45:58.0500 3060 hamachi - ok
12:45:58.0515 3060 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
12:45:58.0515 3060 HDAudBus - ok
12:45:58.0546 3060 [ 88A67C34E37186665E916FD347B50D19 ] HECI C:\WINDOWS\system32\DRIVERS\HECI.sys
12:45:58.0546 3060 HECI - ok
12:45:58.0578 3060 [ 6B5E1788ABF15177A20C6C76C11382BB ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
12:45:58.0578 3060 helpsvc - ok
12:45:58.0593 3060 HidServ - ok
12:45:58.0593 3060 [ 8F80B5FB68E1E767D872CB9A8CAD5B5D ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
12:45:58.0609 3060 hkmsvc - ok
12:45:58.0625 3060 [ D63FAD26328BE60C23B435270CF013A0 ] HPKBCCID C:\WINDOWS\system32\DRIVERS\HPKBCCID.sys
12:45:58.0625 3060 HPKBCCID - ok
12:45:58.0625 3060 hpn - ok
12:45:58.0640 3060 [ 937031C085718C1C04A9C0864625EC6B ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
12:45:58.0640 3060 HTTP - ok
12:45:58.0656 3060 [ 0406B351908A8C143B6B6BB8834D4920 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
12:45:58.0671 3060 HTTPFilter - ok
12:45:58.0671 3060 i2omgmt - ok
12:45:58.0671 3060 i2omp - ok
12:45:58.0687 3060 [ 4A2490A66E8271901E89DD5FB79748AE ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
12:45:58.0687 3060 i8042prt - ok
12:45:58.0718 3060 [ F4037A3FEDB92DD97C95F320766EA5C9 ] iaStor C:\WINDOWS\system32\DRIVERS\iaStor.sys
12:45:58.0718 3060 iaStor - ok
12:45:58.0718 3060 [ F4037A3FEDB92DD97C95F320766EA5C9 ] iastor8 C:\WINDOWS\system32\drivers\iastor8.sys
12:45:58.0734 3060 iastor8 - ok
12:45:58.0765 3060 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
12:45:58.0781 3060 idsvc - ok
12:45:58.0781 3060 [ 91C5E9F49F32110CED27E2F902FAD607 ] IFXTPM C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS
12:45:58.0781 3060 IFXTPM - ok
12:45:58.0781 3060 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
12:45:58.0796 3060 Imapi - ok
12:45:58.0812 3060 [ E50ABD04CA0C015017722014D1D9251E ] ImapiService C:\WINDOWS\system32\imapi.exe
12:45:58.0812 3060 ImapiService - ok
12:45:58.0812 3060 ini910u - ok
12:45:58.0812 3060 IntelIde - ok
12:45:58.0828 3060 [ 49A060498C09DB18C3EA9939789005AB ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
12:45:58.0828 3060 intelppm - ok
12:45:58.0828 3060 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
12:45:58.0843 3060 Ip6Fw - ok
12:45:58.0859 3060 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
12:45:58.0875 3060 IpFilterDriver - ok
12:45:58.0875 3060 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
12:45:58.0875 3060 IpInIp - ok
12:45:58.0875 3060 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
12:45:58.0890 3060 IpNat - ok
12:45:58.0921 3060 [ BC0EA61246F8D940FBC5F652D337D6BD ] iPod Service C:\Archivos de programa\iPod\bin\iPodService.exe
12:45:58.0921 3060 iPod Service - ok
12:45:58.0937 3060 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
12:45:58.0937 3060 IPSec - ok
12:45:58.0953 3060 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
12:45:58.0968 3060 IRENUM - ok
12:45:58.0968 3060 [ 0F3D281B0410FE5D482AADA37D20524B ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
12:45:58.0968 3060 isapnp - ok
12:45:59.0031 3060 [ B591E761161D1EF547D76EF236EAA6A5 ] JavaQuickStarterService C:\Archivos de programa\Java\jre7\bin\jqs.exe
12:45:59.0031 3060 JavaQuickStarterService - ok
12:45:59.0062 3060 [ 188DDD286BC0DAEA6984858C6A4D7BBF ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
12:45:59.0062 3060 Kbdclass - ok
12:45:59.0062 3060 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
12:45:59.0062 3060 kmixer - ok
12:45:59.0078 3060 [ C6EBF1D6AD71DF30DB49B8D3287E1368 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
12:45:59.0078 3060 KSecDD - ok
12:45:59.0093 3060 [ 725C385B043966149B98BD38A64C1C41 ] LanmanServer C:\WINDOWS\System32\srvsvc.dll
12:45:59.0093 3060 LanmanServer - ok
12:45:59.0109 3060 [ 6EA0EA1A2C9022A3B887048C40C8360B ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
12:45:59.0125 3060 lanmanworkstation - ok
12:45:59.0125 3060 lbrtfdc - ok
12:45:59.0140 3060 [ C34411A244029F1C08687F7C752C4563 ] LightScribeService C:\Archivos de programa\Archivos comunes\LightScribe\LSSrvc.exe
12:45:59.0156 3060 LightScribeService - ok
12:45:59.0171 3060 [ 01AF2112FF79AA613B6621A75C4E9277 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
12:45:59.0171 3060 LmHosts - ok
12:45:59.0187 3060 [ 047E70B04B288439245DDC8DD1A31982 ] Messenger C:\WINDOWS\System32\msgsvc.dll
12:45:59.0187 3060 Messenger - ok
12:45:59.0250 3060 [ 7C4C76B39D5525C4A465E0BE32528E19 ] Microsoft Office Groove Audit Service C:\Archivos de programa\Microsoft Office\Office12\GrooveAuditService.exe
12:45:59.0250 3060 Microsoft Office Groove Audit Service - ok
12:45:59.0265 3060 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
12:45:59.0281 3060 mnmdd - ok
12:45:59.0296 3060 [ 85ADA209695A677C9D60962CDE10696B ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
12:45:59.0296 3060 mnmsrvc - ok
12:45:59.0312 3060 [ 9024556E739B8469D2B8F5F0E4C9BC9F ] Modem C:\WINDOWS\system32\drivers\Modem.sys
12:45:59.0328 3060 Modem - ok
12:45:59.0328 3060 [ 6FD36B4994A2363659A65C9F970CFDB7 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
12:45:59.0328 3060 Mouclass - ok
12:45:59.0343 3060 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
12:45:59.0343 3060 MountMgr - ok
12:45:59.0343 3060 mraid35x - ok
12:45:59.0359 3060 [ 4FEFD389D71126EE581B9F9CB2918BE4 ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
12:45:59.0359 3060 MRxDAV - ok
12:45:59.0390 3060 [ FB2FCCC70F7174C7BF64F48E96D3ADF4 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
12:45:59.0390 3060 MRxSmb - ok
12:45:59.0421 3060 [ 975BD2762BF355A572597CC54D97BA93 ] MSDTC C:\WINDOWS\system32\msdtc.exe
12:45:59.0421 3060 MSDTC - ok
12:45:59.0421 3060 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
12:45:59.0437 3060 Msfs - ok
12:45:59.0468 3060 [ 3F3D6E8BD31B3C017D0AB24CD5EC0D05 ] MsgPlusService C:\Archivos de programa\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe
12:45:59.0468 3060 MsgPlusService - ok
12:45:59.0468 3060 MSIServer - ok
12:45:59.0484 3060 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
12:45:59.0484 3060 MSKSSRV - ok
12:45:59.0500 3060 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
12:45:59.0500 3060 MSPCLOCK - ok
12:45:59.0515 3060 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
12:45:59.0515 3060 MSPQM - ok
12:45:59.0531 3060 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
12:45:59.0531 3060 mssmbios - ok
12:45:59.0531 3060 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
12:45:59.0546 3060 Mup - ok
12:45:59.0546 3060 [ 4578F2D91309BC360B4F67C8A513BC77 ] mv61xxmm C:\WINDOWS\system32\drivers\mv61xxmm.sys
12:45:59.0546 3060 mv61xxmm - ok
12:45:59.0562 3060 [ 6090786DAA545A3EC7D34A46A8CD1661 ] mv64xxmm C:\WINDOWS\system32\drivers\mv64xxmm.sys
12:45:59.0562 3060 mv64xxmm - ok
12:45:59.0562 3060 [ F3376EFEC7D3FD00F577067AD2A0B194 ] mvxxmm C:\WINDOWS\system32\drivers\mvxxmm.sys
12:45:59.0562 3060 mvxxmm - ok
12:45:59.0578 3060 [ FD578FCC03BBD76AF1E62202E6670D29 ] napagent C:\WINDOWS\System32\qagentrt.dll
12:45:59.0578 3060 napagent - ok
12:45:59.0625 3060 [ 934BB0D23A25C8C136570800A5A149B6 ] NAUpdate C:\Archivos de programa\Nero\Update\NASvc.exe
12:45:59.0640 3060 NAUpdate - ok
12:45:59.0640 3060 [ 0AE25530894A934C6CA600865C6E9D7C ] NBVol C:\WINDOWS\system32\DRIVERS\NBVol.sys
12:45:59.0640 3060 NBVol - ok
12:45:59.0640 3060 [ 1DDCEF3039C9D90AF3529DEE6699967D ] NBVolUp C:\WINDOWS\system32\DRIVERS\NBVolUp.sys
12:45:59.0656 3060 NBVolUp - ok
12:45:59.0656 3060 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
12:45:59.0656 3060 NDIS - ok
12:45:59.0687 3060 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
12:45:59.0687 3060 NdisTapi - ok
12:45:59.0687 3060 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
12:45:59.0703 3060 Ndisuio - ok
12:45:59.0703 3060 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
12:45:59.0718 3060 NdisWan - ok
12:45:59.0718 3060 [ 816460BD4B4ACD27937D1D0813E2E9E9 ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
12:45:59.0718 3060 NDProxy - ok
12:45:59.0718 3060 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
12:45:59.0718 3060 NetBIOS - ok
12:45:59.0734 3060 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
12:45:59.0750 3060 NetBT - ok
12:45:59.0750 3060 [ 96B009E5B163850CF94DC333ED2BEE93 ] NetDDE C:\WINDOWS\system32\netdde.exe
12:45:59.0765 3060 NetDDE - ok
12:45:59.0765 3060 [ 96B009E5B163850CF94DC333ED2BEE93 ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
12:45:59.0765 3060 NetDDEdsdm - ok
12:45:59.0781 3060 [ 671ACA589DA3733FAC878A751C5BF0ED ] Netlogon C:\WINDOWS\system32\lsass.exe
12:45:59.0781 3060 Netlogon - ok
12:45:59.0796 3060 [ A48884C9359EE9F1FC8F3F0D93FB1D95 ] Netman C:\WINDOWS\System32\netman.dll
12:45:59.0796 3060 Netman - ok
12:45:59.0828 3060 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
12:45:59.0843 3060 NetTcpPortSharing - ok
12:45:59.0859 3060 [ DC10B07F256C8EDF6642015E380C741E ] Nla C:\WINDOWS\System32\mswsock.dll
12:45:59.0859 3060 Nla - ok
12:45:59.0890 3060 [ B9730495E0CF674680121E34BD95A73B ] npf C:\WINDOWS\system32\drivers\npf.sys
12:45:59.0890 3060 npf - ok
12:45:59.0921 3060 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
12:45:59.0921 3060 Npfs - ok
12:45:59.0921 3060 npggsvc - ok
12:45:59.0937 3060 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
12:45:59.0953 3060 Ntfs - ok
12:45:59.0953 3060 [ 671ACA589DA3733FAC878A751C5BF0ED ] NtLmSsp C:\WINDOWS\system32\lsass.exe
12:45:59.0953 3060 NtLmSsp - ok
12:45:59.0968 3060 [ D60C40D71A4D874C903255E4827AFA0C ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
12:45:59.0984 3060 NtmsSvc - ok
12:46:00.0000 3060 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
12:46:00.0015 3060 Null - ok
12:46:00.0187 3060 [ 062C16F3364C7706713282163586988E ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
12:46:00.0375 3060 nv - ok
12:46:00.0437 3060 [ 844A25C9E3076EDEF2B12E0BEDED755D ] nvUpdatusService C:\Archivos de programa\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
12:46:00.0453 3060 nvUpdatusService - ok
12:46:00.0484 3060 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
12:46:00.0484 3060 NwlnkFlt - ok
12:46:00.0484 3060 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
12:46:00.0484 3060 NwlnkFwd - ok
12:46:00.0562 3060 [ 1F0E05DFF4F5A833168E49BE1256F002 ] odserv C:\Archivos de programa\Archivos comunes\Microsoft Shared\OFFICE12\ODSERV.EXE
12:46:00.0562 3060 odserv - ok
12:46:00.0593 3060 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Archivos de programa\Archivos comunes\Microsoft Shared\Source Engine\OSE.EXE
12:46:00.0593 3060 ose - ok
12:46:00.0625 3060 [ E7855CBD8BD1FDA085A3F92CFF7906E2 ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
12:46:00.0625 3060 Parport - ok
12:46:00.0640 3060 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
12:46:00.0640 3060 PartMgr - ok
12:46:00.0656 3060 [ FAD44D704ECD7D39AD01415B8BB34204 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
12:46:00.0656 3060 ParVdm - ok
12:46:00.0671 3060 [ F11BC84AE6C7B003B5E0C8EEB4A1F444 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
12:46:00.0671 3060 PCI - ok
12:46:00.0671 3060 PCIDump - ok
12:46:00.0687 3060 [ 33D63F0A9021ACB4D75D83B646B93A30 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
12:46:00.0687 3060 PCIIde - ok
12:46:00.0703 3060 [ F50C27CCA56DC97B3A45E7F0059BD2BA ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
12:46:00.0703 3060 Pcmcia - ok
12:46:00.0703 3060 PDCOMP - ok
12:46:00.0703 3060 PDFRAME - ok
12:46:00.0703 3060 PDRELI - ok
12:46:00.0718 3060 PDRFRAME - ok
12:46:00.0718 3060 perc2 - ok
12:46:00.0718 3060 perc2hib - ok
12:46:00.0734 3060 [ AA6E1769469F9D15603A619FC1FB9E18 ] PlugPlay C:\WINDOWS\system32\services.exe
12:46:00.0750 3060 PlugPlay - ok
12:46:00.0765 3060 [ 3A2E85F7D90D15460C337CE80C2E3B29 ] PnkBstrA C:\WINDOWS\system32\PnkBstrA.exe
12:46:00.0765 3060 PnkBstrA - ok
12:46:00.0765 3060 [ 671ACA589DA3733FAC878A751C5BF0ED ] PolicyAgent C:\WINDOWS\system32\lsass.exe
12:46:00.0765 3060 PolicyAgent - ok
12:46:00.0781 3060 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
12:46:00.0781 3060 PptpMiniport - ok
12:46:00.0796 3060 [ 671ACA589DA3733FAC878A751C5BF0ED ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
12:46:00.0796 3060 ProtectedStorage - ok
12:46:00.0796 3060 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
12:46:00.0796 3060 PSched - ok
12:46:00.0796 3060 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
12:46:00.0812 3060 Ptilink - ok
12:46:00.0812 3060 [ E42E3433DBB4CFFE8FDD91EAB29AEA8E ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
12:46:00.0828 3060 PxHelp20 - ok
12:46:00.0828 3060 ql1080 - ok
12:46:00.0828 3060 Ql10wnt - ok
12:46:00.0828 3060 ql12160 - ok
12:46:00.0828 3060 ql1240 - ok
12:46:00.0828 3060 ql1280 - ok
12:46:00.0859 3060 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
12:46:00.0859 3060 RasAcd - ok
12:46:00.0859 3060 [ 8345C6F52F38A95B950B9B3D064AE3EE ] RasAuto C:\WINDOWS\System32\rasauto.dll
12:46:00.0875 3060 RasAuto - ok
12:46:00.0875 3060 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
12:46:00.0890 3060 Rasl2tp - ok
12:46:00.0890 3060 [ B279F6A9EA3ACB5844C103ED2DB65B44 ] RasMan C:\WINDOWS\System32\rasmans.dll
12:46:00.0906 3060 RasMan - ok
12:46:00.0906 3060 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
12:46:00.0906 3060 RasPppoe - ok
12:46:00.0921 3060 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
12:46:00.0921 3060 Raspti - ok
12:46:00.0937 3060 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
12:46:00.0937 3060 Rdbss - ok
12:46:00.0953 3060 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
12:46:00.0953 3060 RDPCDD - ok
12:46:00.0968 3060 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
12:46:00.0968 3060 rdpdr - ok
12:46:01.0000 3060 [ FC105DD312ED64EB66BFF111E8EC6EAC ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
12:46:01.0000 3060 RDPWD - ok
12:46:01.0015 3060 [ 6193E6B05336C277EA4DB39AFA46BC23 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
12:46:01.0015 3060 RDSessMgr - ok
12:46:01.0031 3060 [ 20950948970A0EA329B4254052BCF093 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
12:46:01.0031 3060 redbook - ok
12:46:01.0046 3060 [ 1B7481D377BD7997452352F82F4CFFED ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
12:46:01.0046 3060 RemoteAccess - ok
12:46:01.0062 3060 [ E424F05B07AC4357DC08D06218D76C7C ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
12:46:01.0062 3060 RemoteRegistry - ok
12:46:01.0078 3060 [ 9FCCBDBAA0CF915AAC0132DE1C9566B3 ] RpcLocator C:\WINDOWS\system32\locator.exe
12:46:01.0093 3060 RpcLocator - ok
12:46:01.0093 3060 [ AEF41FC6F108CC4F94F9B4E96AFA9C70 ] RpcSs C:\WINDOWS\System32\rpcss.dll
12:46:01.0093 3060 RpcSs - ok
12:46:01.0125 3060 [ 5E38212C2C00DC342E2281D2F6BFB746 ] RSVP C:\WINDOWS\system32\rsvp.exe
12:46:01.0125 3060 RSVP - ok
12:46:01.0140 3060 [ 671ACA589DA3733FAC878A751C5BF0ED ] SamSs C:\WINDOWS\system32\lsass.exe
12:46:01.0140 3060 SamSs - ok
12:46:01.0156 3060 [ 39763504067962108505BFF25F024345 ] SASDIFSV C:\Archivos de programa\SUPERAntiSpyware\SASDIFSV.SYS
12:46:01.0156 3060 SASDIFSV - ok
12:46:01.0156 3060 [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL C:\Archivos de programa\SUPERAntiSpyware\SASKUTIL.SYS
12:46:01.0171 3060 SASKUTIL - ok
12:46:01.0218 3060 [ BCE943896289A91AD75CC5652620B1C6 ] SBAMSvc C:\Archivos de programa\Ad-Aware Antivirus\SBAMSvc.exe
12:46:01.0234 3060 SBAMSvc - ok
12:46:01.0265 3060 [ 62BA65CC0B4A4BD1EAFF5FED6E2B5069 ] sbaphd C:\WINDOWS\system32\drivers\sbaphd.sys
12:46:01.0265 3060 sbaphd - ok
12:46:01.0281 3060 [ 3FFF8CDA4D2F29CA06F1557E85163C30 ] sbapifs C:\WINDOWS\system32\drivers\sbapifs.sys
12:46:01.0281 3060 sbapifs - ok
12:46:01.0312 3060 [ DC19FF9879775AC86BAA9C9282573E87 ] SbFw C:\WINDOWS\system32\drivers\SbFw.sys
12:46:01.0312 3060 SbFw - ok
12:46:01.0328 3060 [ 1DCAD90CC9C0DDC7D060FD97854F8518 ] SBFWIMCL C:\WINDOWS\system32\DRIVERS\sbfwim.sys
12:46:01.0328 3060 SBFWIMCL - ok
12:46:01.0328 3060 [ 1DCAD90CC9C0DDC7D060FD97854F8518 ] SBFWIMCLMP C:\WINDOWS\system32\DRIVERS\SBFWIM.sys
12:46:01.0328 3060 SBFWIMCLMP - ok
12:46:01.0343 3060 [ 1AFD7178AB9C4FCE2D332DA7AA474FA6 ] sbhips C:\WINDOWS\system32\drivers\sbhips.sys
12:46:01.0359 3060 sbhips - ok
12:46:01.0375 3060 [ 1FD538C4FEB36B793D2121F20BBDC16F ] SBRE C:\WINDOWS\system32\drivers\SBREdrv.sys
12:46:01.0390 3060 SBRE - ok
12:46:01.0390 3060 [ 3CCB4C5686D23033FD01835BED868B4B ] sbtis C:\WINDOWS\system32\drivers\sbtis.sys
12:46:01.0390 3060 sbtis - ok
12:46:01.0421 3060 [ A50E4DD0E2A9DF762807C84153B4953A ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
12:46:01.0421 3060 SCardSvr - ok
12:46:01.0437 3060 [ 51BE25C404D3DD344C6079DE715E4977 ] Schedule C:\WINDOWS\system32\schedsvc.dll
12:46:01.0437 3060 Schedule - ok
12:46:01.0453 3060 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
12:46:01.0468 3060 Secdrv - ok
12:46:01.0484 3060 [ B62C489373A1E1B949FC0FAA90F3B47A ] seclogon C:\WINDOWS\System32\seclogon.dll
12:46:01.0484 3060 seclogon - ok
12:46:01.0484 3060 [ A95A27C874B0931A6F8F656924F4A14A ] SENS C:\WINDOWS\system32\sens.dll
12:46:01.0484 3060 SENS - ok
12:46:01.0500 3060 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
12:46:01.0500 3060 serenum - ok
12:46:01.0500 3060 [ F41B42B92AE9C1191858C3F80CC24A9C ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
12:46:01.0515 3060 Serial - ok
12:46:01.0531 3060 [ B6401608579B6431994425BA7653F774 ] SFAUDIO C:\WINDOWS\system32\drivers\sfaudio.sys
12:46:01.0531 3060 SFAUDIO - ok
12:46:01.0546 3060 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
12:46:01.0546 3060 Sfloppy - ok
12:46:01.0562 3060 [ 3828F3C9AD9BCA4644E49954DD6F9199 ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
12:46:01.0625 3060 SharedAccess - ok
12:46:01.0640 3060 [ 8A34F9730A2206726B1BE4DC4209CAB9 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
12:46:01.0640 3060 ShellHWDetection - ok
12:46:01.0640 3060 Simbad - ok
12:46:01.0765 3060 [ 2A99850C2A6EDD6C6602E822C716EDAF ] Skype C2C Service C:\Documents and Settings\All Users\Datos de programa\Skype\Toolbars\Skype C2C Service\c2c_service.exe
12:46:01.0812 3060 Skype C2C Service - ok
12:46:01.0843 3060 [ EA396139541706B4B433641D62EA53CE ] SkypeUpdate C:\Archivos de programa\Skype\Updater\Updater.exe
12:46:01.0859 3060 SkypeUpdate - ok
12:46:01.0859 3060 Sparrow - ok
12:46:01.0859 3060 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
12:46:01.0859 3060 splitter - ok
12:46:01.0875 3060 [ 258DD5D4283FD9F9A7166BE9AE45CE73 ] Spooler C:\WINDOWS\system32\spoolsv.exe
12:46:01.0875 3060 Spooler - ok
12:46:01.0890 3060 [ CCB3065C3EE63A4515FE84AF9E78D1DD ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
12:46:01.0906 3060 sr - ok
12:46:01.0906 3060 [ 0F30EEC6013FCF76693405EC4A7DF899 ] srservice C:\WINDOWS\system32\srsvc.dll
12:46:01.0921 3060 srservice - ok
12:46:01.0937 3060 [ 10878ECF68D2806BEBF87D1B087CFF57 ] SRS_PremiumSound_Service C:\WINDOWS\system32\drivers\srs_PremiumSound_i386.sys
12:46:01.0953 3060 SRS_PremiumSound_Service - ok
12:46:01.0968 3060 [ 9B390283569EA58D43D2586032B892F5 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
12:46:01.0984 3060 Srv - ok
12:46:02.0000 3060 [ B622A432EF02895DE4AA38AC8B85FA4C ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
12:46:02.0000 3060 SSDPSRV - ok
12:46:02.0015 3060 [ 232DDB986B6607EDB49766AD39265D68 ] STCFUx32 C:\WINDOWS\system32\DRIVERS\STCFUx32.SYS
12:46:02.0140 3060 STCFUx32 - ok
12:46:02.0156 3060 Steam Client Service - ok
12:46:02.0171 3060 [ 7226422C95FDF8AA6092EE964912B0DF ] stisvc C:\WINDOWS\system32\wiaservc.dll
12:46:02.0187 3060 stisvc - ok
12:46:02.0187 3060 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
12:46:02.0203 3060 swenum - ok
12:46:02.0203 3060 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
12:46:02.0203 3060 swmidi - ok
12:46:02.0218 3060 SwPrv - ok
12:46:02.0218 3060 symc810 - ok
12:46:02.0218 3060 symc8xx - ok
12:46:02.0234 3060 sym_hi - ok
12:46:02.0234 3060 sym_u3 - ok
12:46:02.0265 3060 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
12:46:02.0265 3060 sysaudio - ok
12:46:02.0281 3060 [ F1F6EE807F0112AAE2259B253B6DDF89 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
12:46:02.0281 3060 SysmonLog - ok
12:46:02.0296 3060 [ 04A5B8EA326951DB27DF60A14F2999FF ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
12:46:02.0296 3060 TapiSrv - ok
12:46:02.0328 3060 [ A5BC817BB84DCB9E71719FF868144124 ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
12:46:02.0328 3060 Tcpip - ok
12:46:02.0343 3060 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
12:46:02.0343 3060 TDPIPE - ok
12:46:02.0359 3060 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
12:46:02.0359 3060 TDTCP - ok
12:46:02.0359 3060 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
12:46:02.0375 3060 TermDD - ok
12:46:02.0390 3060 [ 288B20D56D5F0EC4BCC77FBFA5A81740 ] TermService C:\WINDOWS\System32\termsrv.dll
12:46:02.0390 3060 TermService - ok
12:46:02.0390 3060 [ 8A34F9730A2206726B1BE4DC4209CAB9 ] Themes C:\WINDOWS\System32\shsvcs.dll
12:46:02.0406 3060 Themes - ok
12:46:02.0406 3060 [ 65BF170815C0DF302BE038FD8891C722 ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
12:46:02.0421 3060 TlntSvr - ok
12:46:02.0421 3060 TosIde - ok
12:46:02.0421 3060 [ 321761D0D12EE5285CE79AC175CBA672 ] TrkWks C:\WINDOWS\system32\trkwks.dll
12:46:02.0437 3060 TrkWks - ok
12:46:02.0484 3060 [ 17A4AABAEB2D97AD453B8591BAB44ACB ] TuneUp.UtilitiesSvc C:\Archivos de programa\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe
12:46:02.0484 3060 TuneUp.UtilitiesSvc - ok
12:46:02.0515 3060 [ F2107C9D85EC0DF116939CCCE06AE697 ] TuneUpUtilitiesDrv C:\Archivos de programa\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys
12:46:02.0515 3060 TuneUpUtilitiesDrv - ok
12:46:02.0546 3060 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
12:46:02.0546 3060 Udfs - ok
12:46:02.0546 3060 ultra - ok
12:46:02.0562 3060 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
12:46:02.0578 3060 Update - ok
12:46:02.0593 3060 [ 325FB38C323C63C7F57885B4DFB1B91E ] UPHClean C:\Archivos de programa\UPHClean\uphclean.exe
12:46:02.0593 3060 UPHClean - ok
12:46:02.0609 3060 [ 7594203F459ABDB5FE53C08D6B1BD53B ] upnphost C:\WINDOWS\System32\upnphost.dll
12:46:02.0609 3060 upnphost - ok
12:46:02.0625 3060 [ 575BAFEB33AF057B13A10579D0DC884A ] UPS C:\WINDOWS\System32\ups.exe
12:46:02.0625 3060 UPS - ok
12:46:02.0640 3060 [ EAFE1E00739AFE6C51487A050E772E17 ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys
12:46:02.0640 3060 USBAAPL - ok
12:46:02.0671 3060 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
12:46:02.0671 3060 usbehci - ok
12:46:02.0671 3060 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
12:46:02.0671 3060 usbhub - ok
12:46:02.0703 3060 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
12:46:02.0703 3060 usbscan - ok
12:46:02.0718 3060 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
12:46:02.0734 3060 USBSTOR - ok
12:46:02.0734 3060 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
12:46:02.0750 3060 usbuhci - ok
12:46:02.0765 3060 [ E214C93EE41EB944839B0C0A6619BC1D ] UxTuneUp C:\WINDOWS\System32\uxtuneup.dll
12:46:02.0765 3060 UxTuneUp - ok
12:46:02.0781 3060 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
12:46:02.0796 3060 VgaSave - ok
12:46:02.0796 3060 ViaIde - ok
12:46:02.0796 3060 [ C41FFDC191E6C832E2E53C967EAE0A16 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
12:46:02.0812 3060 VolSnap - ok
12:46:02.0828 3060 [ 60F28DE3FAE525D026E4D66405B80DB8 ] VSS C:\WINDOWS\System32\vssvc.exe
12:46:02.0828 3060 VSS - ok
12:46:02.0828 3060 [ 732A9A6431F71414BAE0695A9AFE4BD4 ] W32Time C:\WINDOWS\system32\w32time.dll
12:46:02.0875 3060 W32Time - ok
12:46:02.0890 3060 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
12:46:02.0890 3060 Wanarp - ok
12:46:02.0906 3060 WDICA - ok
12:46:02.0906 3060 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
12:46:02.0906 3060 wdmaud - ok
12:46:02.0921 3060 [ 340A4FD9017D1EBD1F6DC435282A39DC ] WebClient C:\WINDOWS\System32\webclnt.dll
12:46:02.0921 3060 WebClient - ok
12:46:02.0968 3060 [ A5FC75CAB140CF6A78E16C3681001872 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
12:46:02.0968 3060 winmgmt - ok
12:46:03.0000 3060 [ 644D9E863192CD94A448BBC0930BC91F ] WinRM C:\WINDOWS\system32\WsmSvc.dll
12:46:03.0015 3060 WinRM - ok
12:46:03.0046 3060 [ 051B1BDECD6DEE18C771B5D5EC7F044D ] WmdmPmSN C:\WINDOWS\system32\mspmsnsv.dll
12:46:03.0046 3060 WmdmPmSN - ok
12:46:03.0078 3060 [ F60EA88987BAD0AB67E8ACEA682E09F1 ] Wmi C:\WINDOWS\System32\advapi32.dll
12:46:03.0078 3060 Wmi - ok
12:46:03.0093 3060 [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
12:46:03.0093 3060 WmiAcpi - ok
12:46:03.0093 3060 [ CA1A5270ACC0062B13F62CA5A0CD8DA8 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
12:46:03.0093 3060 WmiApSrv - ok
12:46:03.0125 3060 [ 983185DA2F7FCA19F700002EF0FD2FFE ] WMPNetworkSvc C:\Archivos de programa\Windows Media Player\wmpnetwk.exe
12:46:04.0000 3060 WMPNetworkSvc - ok
12:46:04.0062 3060 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
12:46:04.0078 3060 WPFFontCache_v0400 - ok
12:46:04.0093 3060 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
12:46:04.0093 3060 WS2IFSL - ok
12:46:04.0125 3060 [ 8CD684FD248DFE208C2F8F5052838A81 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
12:46:04.0125 3060 wscsvc - ok
12:46:04.0140 3060 [ 02E4055488047729B333F99D93877038 ] wuauserv C:\WINDOWS\system32\wuauserv.dll
12:46:04.0140 3060 wuauserv - ok
12:46:04.0156 3060 [ D2CAF9FF9DA12F0CC6398C6E331015E4 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
12:46:04.0156 3060 WZCSVC - ok
12:46:04.0156 3060 XDva391 - ok
12:46:04.0156 3060 XDva397 - ok
12:46:04.0156 3060 [ 14FDADCF05A37582399DAF1DA1DE1C7B ] xmlprov C:\WINDOWS\System32\xmlprov.dll
12:46:04.0171 3060 xmlprov - ok
12:46:04.0171 3060 ================ Scan global ===============================
12:46:04.0187 3060 [ 5E83265291342AE4B13481CA25B115A0 ] C:\WINDOWS\system32\basesrv.dll
12:46:04.0203 3060 [ 5BB1939BD76C657BD0A21BE6336DCCDE ] C:\WINDOWS\system32\winsrv.dll
12:46:04.0218 3060 [ 5BB1939BD76C657BD0A21BE6336DCCDE ] C:\WINDOWS\system32\winsrv.dll
12:46:04.0234 3060 [ AA6E1769469F9D15603A619FC1FB9E18 ] C:\WINDOWS\system32\services.exe
12:46:04.0234 3060 [Global] - ok
12:46:04.0234 3060 ================ Scan MBR ==================================
12:46:04.0234 3060 [ 792F61657FECE3D17A9122B4EE282847 ] \Device\Harddisk0\DR0
12:46:04.0375 3060 \Device\Harddisk0\DR0 - ok
12:46:04.0375 3060 ================ Scan VBR ==================================
12:46:04.0406 3060 [ EAA067883814A596301B42275E430835 ] \Device\Harddisk0\DR0\Partition1
12:46:04.0406 3060 \Device\Harddisk0\DR0\Partition1 - ok
12:46:04.0406 3060 [ 0B428017A4E13715C1A016650E5EA561 ] \Device\Harddisk0\DR0\Partition2
12:46:04.0406 3060 \Device\Harddisk0\DR0\Partition2 - ok
12:46:04.0406 3060 ============================================================
12:46:04.0406 3060 Scan finished
12:46:04.0406 3060 ============================================================
12:46:04.0406 0344 Detected object count: 1
12:46:04.0406 0344 Actual detected object count: 1
12:46:29.0437 0344 Akamai ( HiddenFile.Multi.Generic ) - skipped by user




aswMBR:




aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-10-23 12:48:49
-----------------------------
12:48:49.187 OS Version: Windows 5.1.2600 Service Pack 3
12:48:49.187 Number of processors: 4 586 0x170A
12:48:49.187 ComputerName: C62F3C91C97846A UserName: Amrio
12:48:54.828 Initialize success
12:51:56.875 AVAST engine defs: 12102300
12:55:40.156 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
12:55:40.156 Disk 0 Vendor: ST350041 HP34 Size: 476940MB BusType: 3
12:55:40.187 Disk 0 MBR read successfully
12:55:40.187 Disk 0 MBR scan
12:55:40.265 Disk 0 Windows XP default MBR code
12:55:40.281 Disk 0 Partition - 00 0F Extended LBA 460543 MB offset 16065
12:55:40.312 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 16385 MB offset 943210496
12:55:40.343 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 460543 MB offset 16128
12:55:40.343 Disk 0 scanning sectors +976766976
12:55:40.421 Disk 0 scanning C:\WINDOWS\system32\drivers
12:55:51.125 Service scanning
12:56:07.765 Modules scanning
12:56:12.015 Disk 0 trace - called modules:
12:56:12.031 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll iaStor.sys
12:56:12.031 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a80c030]
12:56:12.031 3 CLASSPNP.SYS[b80e8fd7] -> nt!IofCallDriver -> \Device\00000079[0x8a80d030]
12:56:12.031 5 ACPI.sys[b7f7e620] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x8a837028]
12:56:13.562 AVAST engine scan C:\WINDOWS
12:56:19.968 AVAST engine scan C:\WINDOWS\system32
13:01:39.250 AVAST engine scan C:\WINDOWS\system32\drivers
13:02:09.390 AVAST engine scan C:\Documents and Settings\Amrio
13:23:36.390 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Amrio\Escritorio\MBR.dat"
13:23:36.437 The log file has been saved successfully to "C:\Documents and Settings\Amrio\Escritorio\aswMBR.txt"

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:24 AM

Posted 23 October 2012 - 12:11 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 astugo

astugo
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:24 AM

Posted 23 October 2012 - 03:32 PM

ComboFix 12-10-23.01 - Amrio 23/10/2012 15:22:18.2.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.52.3082.18.3579.2895 [GMT -4:00]
Running from: c:\documents and settings\Amrio\Escritorio\ComboFix.exe
Command switches used :: c:\documents and settings\Amrio\Escritorio\CFScript.txt.txt
AV: Lavasoft Ad-Aware *Enabled/Updated* {964FCE60-0B18-4D30-ADD6-EB178909041C}
FW: Lavasoft Ad-Aware *Enabled* {FF1CD5B7-1553-4625-A258-1775385CED33}
.
.
((((((((((((((((((((((((( Files Created from 2012-09-23 to 2012-10-23 )))))))))))))))))))))))))))))))
.
.
2012-10-20 13:27 . 2012-10-20 13:27 -------- d-----w- c:\archivos de programa\ESET
2012-10-20 00:49 . 2012-10-20 00:49 -------- d-----w- c:\archivos de programa\iPod
2012-10-20 00:49 . 2012-10-20 00:50 -------- d-----w- c:\documents and settings\All Users\Datos de programa\188F1432-103A-4ffb-80F1-36B633C5C9E1
2012-10-20 00:49 . 2012-10-20 00:50 -------- d-----w- c:\archivos de programa\iTunes
2012-10-20 00:46 . 2012-10-20 00:46 -------- d-----w- c:\archivos de programa\Bonjour
2012-10-20 00:43 . 2012-10-20 00:43 159744 ----a-w- c:\archivos de programa\Internet Explorer\Módulos\npqtplugin7.dll
2012-10-20 00:43 . 2012-10-20 00:43 159744 ----a-w- c:\archivos de programa\Internet Explorer\Módulos\npqtplugin6.dll
2012-10-20 00:43 . 2012-10-20 00:43 159744 ----a-w- c:\archivos de programa\Internet Explorer\Módulos\npqtplugin5.dll
2012-10-20 00:43 . 2012-10-20 00:43 159744 ----a-w- c:\archivos de programa\Internet Explorer\Módulos\npqtplugin4.dll
2012-10-20 00:43 . 2012-10-20 00:43 159744 ----a-w- c:\archivos de programa\Internet Explorer\Módulos\npqtplugin3.dll
2012-10-20 00:43 . 2012-10-20 00:43 159744 ----a-w- c:\archivos de programa\Internet Explorer\Módulos\npqtplugin2.dll
2012-10-20 00:43 . 2012-10-20 00:43 159744 ----a-w- c:\archivos de programa\Internet Explorer\Módulos\npqtplugin.dll
2012-10-20 00:43 . 2012-10-20 00:43 -------- d-----w- c:\archivos de programa\QuickTime
2012-10-19 04:23 . 2012-09-25 03:16 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-10-19 02:25 . 2008-09-05 00:22 447752 ----a-r- c:\windows\system32\vp6vfw.dll
2012-10-19 02:25 . 2012-10-19 02:25 -------- d-----w- c:\archivos de programa\Microsoft WSE
2012-10-19 02:17 . 2012-10-19 02:17 -------- d-----w- c:\archivos de programa\Electronic Arts
2012-10-13 20:17 . 2012-10-13 20:17 47360 ----a-w- c:\documents and settings\Amrio\Datos de programa\pcouffin.sys
2012-10-13 19:08 . 2012-10-13 20:25 -------- d-----w- c:\documents and settings\Amrio\Datos de programa\MegaCloud
2012-10-13 19:08 . 2012-10-13 19:08 -------- d-----w- c:\documents and settings\All Users\Datos de programa\Web Installer
2012-10-10 09:33 . 2012-10-10 09:33 -------- d-----w- c:\documents and settings\Amrio\Configuración local\Datos de programa\SplitMediaLabs
2012-10-08 02:11 . 2012-10-08 03:07 -------- d-----w- c:\archivos de programa\LOLReplay
2012-09-26 16:02 . 2012-09-26 16:02 -------- d-----w- c:\archivos de programa\VTR
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-16 18:46 . 2012-04-06 16:51 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-16 18:46 . 2011-10-16 05:24 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-05 20:26 . 2012-06-16 16:59 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-09-05 20:26 . 2011-10-16 06:28 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-21 17:01 . 2012-08-17 02:44 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-08-21 17:01 . 2012-08-17 02:44 106928 ----a-w- c:\windows\system32\GEARAspi.dll
2012-08-04 03:23 . 2012-08-04 01:38 140072 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2012-08-04 03:23 . 2012-08-04 02:04 283312 ----a-w- c:\windows\system32\PnkBstrB.xtr
2012-08-04 03:23 . 2012-08-04 01:37 283312 ----a-w- c:\windows\system32\PnkBstrB.exe
2012-08-04 03:19 . 2012-08-04 01:37 283312 ----a-w- c:\windows\system32\PnkBstrB.ex0
2012-08-04 01:38 . 2012-08-04 01:38 138904 ----a-w- c:\documents and settings\Amrio\Datos de programa\PnkBstrK.sys
2012-08-04 01:37 . 2012-08-04 01:37 76888 ----a-w- c:\windows\system32\PnkBstrA.exe
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . A5BC817BB84DCB9E71719FF868144124 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-04-14 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\documents and settings\Amrio\Datos de programa\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\documents and settings\Amrio\Datos de programa\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\documents and settings\Amrio\Datos de programa\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\documents and settings\Amrio\Datos de programa\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\archivos de programa\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Akamai NetSession Interface"="c:\documents and settings\Amrio\Configuración local\Datos de programa\Akamai\netsession_win.exe" [2012-08-10 4440896]
"SUPERAntiSpyware"="c:\archivos de programa\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-10-16 4762496]
"Skype"="c:\archivos de programa\Skype\Phone\Skype.exe" [2012-07-13 17418928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LayoutM"="KLayMgr.exe " [X]
"Ad-Aware Antivirus"="c:\archivos de programa\Ad-Aware Antivirus\AdAwareLauncher --windows-run" [X]
"SoundMAXPnP"="c:\archivos de programa\Analog Devices\Core\smax4pnp.exe" [2008-12-11 1044480]
"NUSB3MON"="c:\archivos de programa\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-01-22 106496]
"GrooveMonitor"="c:\archivos de programa\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"PlusService"="c:\archivos de programa\Yuna Software\Messenger Plus!\PlusService.exe" [2012-07-24 801792]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2012-02-29 15494464]
"NvMediaCenter"="NvMCTray.dll" [2012-02-29 108352]
"nwiz"="c:\archivos de programa\NVIDIA Corporation\nview\nwiz.exe" [2012-02-29 1634112]
"MessengerPlusForSkypeService"="c:\archivos de programa\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe" [2012-01-22 124832]
"Ad-Aware Browsing Protection"="c:\documents and settings\All Users\Datos de programa\Ad-Aware Browsing Protection\adawarebp.exe" [2011-10-21 198032]
"SunJavaUpdateSched"="c:\archivos de programa\Archivos comunes\Java\Java Update\jusched.exe" [2012-07-03 252848]
"APSDaemon"="c:\archivos de programa\Archivos comunes\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_3"="advpack.dll" [2011-03-08 128512]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"MaxRecentDocs"= 30 (0x1e)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\archivos de programa\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]
@="Ad-Aware Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Google Update"="c:\documents and settings\Amrio\Configuración local\Datos de programa\Google\Update\GoogleUpdate.exe" /c
"LightScribe Control Panel"=c:\archivos de programa\Archivos comunes\LightScribe\LightScribeControlPanel.exe -hidden
"CTFMON.EXE"=c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"MessengerPlusForSkypeService"="c:\archivos de programa\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe"
"iTunesHelper"="c:\archivos de programa\iTunes\iTunesHelper.exe"
"APSDaemon"="c:\archivos de programa\Archivos comunes\Apple\Apple Application Support\APSDaemon.exe"
"NBAgent"="c:\archivos de programa\Nero\Nero 11\Nero BackItUp\NBAgent.exe" /WinStart
"Adobe ARM"="c:\archivos de programa\Archivos comunes\Adobe\ARM\1.0\AdobeARM.exe"
"DivXUpdate"="c:\archivos de programa\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"QuickTime Task"="c:\archivos de programa\QuickTime\QTTask.exe" -atboottime
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Archivos de programa\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Archivos de programa\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Archivos de programa\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Archivos de programa\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Archivos de programa\\uTorrent\\uTorrent.exe"=
"c:\\Archivos de programa\\Ventrilo\\Ventrilo.exe"=
"c:\\Archivos de programa\\FlashGet\\flashget.exe"=
"c:\\Archivos de programa\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Documents and Settings\\Amrio\\Configuración local\\Datos de programa\\Akamai\\netsession_win.exe"=
"c:\\Archivos de programa\\Steam\\Steam.exe"=
"c:\\Archivos de programa\\Allods Online EU\\bin\\Launcher.exe"=
"c:\\Documents and Settings\\Amrio\\Mis documentos\\Downloads\\StarTrekOnline_EN_17.20111218a.12.exe"=
"c:\\Archivos de programa\\Microsoft Silverlight\\sllauncher.exe"=
"c:\\Archivos de programa\\Pando Networks\\Media Booster\\uninst.exe"=
"c:\\Archivos de programa\\Pando Networks\\Media Booster\\BsSndRpt.exe"=
"c:\\Archivos de programa\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=
"c:\\BrawlBustersDownloader\\BBDownLoader.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Archivos de programa\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Archivos de programa\\Skype\\Phone\\Skype.exe"=
"c:\\Documents and Settings\\Amrio\\Datos de programa\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Archivos de programa\\Archivos comunes\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Archivos de programa\\Bonjour\\mDNSResponder.exe"=
"c:\\Archivos de programa\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Administración remota de Windows
"57794:TCP"= 57794:TCP:Pando Media Booster
"57794:UDP"= 57794:UDP:Pando Media Booster
"57527:TCP"= 57527:TCP:Pando Media Booster
"57527:UDP"= 57527:UDP:Pando Media Booster
"58834:TCP"= 58834:TCP:Pando Media Booster
"58834:UDP"= 58834:UDP:Pando Media Booster
"563:TCP"= 563:TCP:pando
"563:UDP"= 563:UDP:pando
"443:UDP"= 443:UDP:pando
"57003:TCP"= 57003:TCP:Pando Media Booster
"57003:UDP"= 57003:UDP:Pando Media Booster
"58420:TCP"= 58420:TCP:Pando Media Booster
"58420:UDP"= 58420:UDP:Pando Media Booster
"1042:TCP"= 1042:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
.
R0 iastor8;iastor8;c:\windows\system32\drivers\iastor8.sys [10/02/2011 02:36 a.m. 354840]
R0 mv61xxmm;mv61xxmm;c:\windows\system32\drivers\mv61xxmm.sys [10/02/2011 02:37 a.m. 13616]
R0 mv64xxmm;mv64xxmm;c:\windows\system32\drivers\mv64xxmm.sys [10/02/2011 02:37 a.m. 5632]
R0 mvxxmm;mvxxmm;c:\windows\system32\drivers\mvxxmm.sys [10/02/2011 02:37 a.m. 13616]
R0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\drivers\NBVol.sys [06/06/2012 02:33 p.m. 56496]
R0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\drivers\NBVolUp.sys [06/06/2012 02:33 p.m. 12464]
R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [28/03/2008 10:14 a.m. 24064]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [19/05/2012 02:22 p.m. 242240]
R1 SASDIFSV;SASDIFSV;c:\archivos de programa\SUPERAntiSpyware\sasdifsv.sys [22/07/2011 12:27 p.m. 12880]
R1 SASKUTIL;SASKUTIL;c:\archivos de programa\SUPERAntiSpyware\SASKUTIL.SYS [12/07/2011 05:55 p.m. 67664]
R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [01/06/2012 08:20 p.m. 21240]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [01/06/2012 08:19 p.m. 335224]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [26/10/2011 02:23 p.m. 101112]
R1 sbtis;sbtis;c:\windows\system32\drivers\sbtis.sys [01/06/2012 08:20 p.m. 217976]
R2 !SASCORE;SAS Core Service;c:\archivos de programa\SUPERAntiSpyware\SASCORE.EXE [11/08/2011 07:38 p.m. 116608]
R2 Ad-Aware Service;Ad-Aware Service;c:\archivos de programa\Ad-Aware Antivirus\AdAwareService.exe [03/05/2012 06:37 p.m. 1226096]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [14/04/2008 07:00 a.m. 14336]
R2 NAUpdate;Nero Update;c:\archivos de programa\Nero\Update\NASvc.exe [25/11/2011 04:32 p.m. 687400]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [26/01/2010 10:09 p.m. 50704]
R2 SBAMSvc;Ad-Aware;c:\archivos de programa\Ad-Aware Antivirus\SBAMSvc.exe [19/12/2011 01:20 p.m. 3289032]
R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [01/06/2012 08:20 p.m. 77816]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\archivos de programa\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe [06/01/2012 07:46 a.m. 1514304]
R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k5132.sys [15/10/2011 08:17 p.m. 168616]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [15/10/2011 08:17 p.m. 44800]
R3 SBFWIMCLMP;GFI Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [01/06/2012 08:19 p.m. 94584]
R3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [01/06/2012 08:20 p.m. 93816]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\archivos de programa\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys [31/10/2011 03:22 p.m. 10064]
S2 gupdate;Google Update Servicio (gupdate);c:\archivos de programa\Google\Update\GoogleUpdate.exe [30/08/2012 01:44 a.m. 116648]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\archivos de programa\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [22/02/2012 02:31 a.m. 2348352]
S2 SkypeUpdate;Skype Updater;c:\archivos de programa\Skype\Updater\Updater.exe [03/07/2012 01:19 p.m. 160944]
S3 1394hub;1394 Enabled Hub;c:\windows\system32\svchost.exe -k netsvcs [14/04/2008 07:00 a.m. 14336]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [06/04/2012 12:51 p.m. 250808]
S3 apf001;apf001;\??\c:\archivos de programa\RakionLS\Bin\apf001.sys --> c:\archivos de programa\RakionLS\Bin\apf001.sys [?]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 gupdatem;Google Update Servicio (gupdatem);c:\archivos de programa\Google\Update\GoogleUpdate.exe [30/08/2012 01:44 a.m. 116648]
S3 HPKBCCID;HP Keyboard Smart Card Driver;c:\windows\system32\drivers\HPKBCCID.sys [05/08/2009 05:56 a.m. 48256]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 SBFWIMCL;GFI Software Firewall NDIS IM Filter Service;c:\windows\system32\drivers\SbFwIm.sys [01/06/2012 08:19 p.m. 94584]
S3 SRS_PremiumSound_Service;SRS Labs Premium Sound;c:\windows\system32\drivers\SRS_PremiumSound_i386.sys [16/10/2011 12:45 a.m. 246000]
S3 STCFUx32;STC DFU Driver;c:\windows\system32\drivers\STCFUx32.sys [24/01/2007 01:01 a.m. 7680]
S3 XDva391;XDva391;\??\c:\windows\system32\XDva391.sys --> c:\windows\system32\XDva391.sys [?]
S3 XDva397;XDva397;\??\c:\windows\system32\XDva397.sys --> c:\windows\system32\XDva397.sys [?]
S4 MsgPlusService;Messenger Plus! Service;c:\archivos de programa\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe [12/02/2012 06:02 p.m. 124832]
S4 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Datos de programa\Skype\Toolbars\Skype C2C Service\c2c_service.exe [19/06/2012 05:32 p.m. 3048136]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2011-03-04 16:29 451872 ----a-w- c:\archivos de programa\Archivos comunes\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-21 c:\windows\Tasks\Ad-Aware Antivirus Scheduled Scan.job
- c:\archiv~1\AD-AWA~1\AdAwareLauncher.exe [2012-05-03 22:37]
.
2012-10-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 18:46]
.
2012-10-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\archivos de programa\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
2012-10-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\archivos de programa\Google\Update\GoogleUpdate.exe [2012-08-30 05:36]
.
2012-10-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\archivos de programa\Google\Update\GoogleUpdate.exe [2012-08-30 05:36]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = about:blank
uInternet Settings,ProxyOverride = <local>;*.local
IE: &Download All with FlashGet - c:\archivos de programa\FlashGet\jc_all.htm
IE: &Download with FlashGet - c:\archivos de programa\FlashGet\jc_link.htm
IE: E&xportar a Microsoft Excel - c:\archiv~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 190.160.0.11 190.160.0.14 200.74.121.11
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-10-23 15:30
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Akamai]
"ServiceDll"="c:\archivos de programa\archivos comunes\akamai/netsession_win_5891ae0.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(932)
c:\windows\system32\WININET.dll
c:\documents and settings\Amrio\Datos de programa\Dropbox\bin\DropboxExt.14.dll
c:\archivos de programa\Windows Media Player\wmpband.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
Completion time: 2012-10-23 15:33:58
ComboFix-quarantined-files.txt 2012-10-23 19:33
ComboFix2.txt 2012-10-22 22:58
.
Pre-Run: 221,678,125,056 bytes libres
Post-Run: 221,808,312,320 bytes libres
.
- - End Of File - - B0EDDFBC1285438770EF178F673ADDBA



The computer is doing great, not lagging and everything looks smooth and normal at running and at starting. I just had to update the ComboFix program but it was done automatically.

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:24 AM

Posted 23 October 2012 - 05:59 PM

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (it does allot better of a job

Programs to remove

µTorrent
Java™ 6 Update 31
JavaFX 2.1.1
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.


Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 astugo

astugo
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:24 AM

Posted 23 October 2012 - 11:35 PM

MBAM:

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Versión de la Base de Datos: v2012.10.24.01

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Amrio :: C62F3C91C97846A [administrador]

24/10/2012 01:19:01 a.m.
mbam-log-2012-10-24 (01-19-01).txt

Tipos de Análisis: Análisis Rápido
Opciones de análisis activado: Memoria | Inicio | Registro | Sistema de archivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM
Opciones de análisis desactivados: P2P
Objetos examinados: 240616
Tiempo transcurrido: 6 minuto(s), 29 segundo(s)

Procesos en Memoria Detectados: 0
(No se han detectado elementos maliciosos)

Módulos de Memoria Detectados: 0
(No se han detectado elementos maliciosos)

Claves del Registro Detectados: 0
(No se han detectado elementos maliciosos)

Valores del Registro Detectados: 0
(No se han detectado elementos maliciosos)

Elementos de Datos del Registro Detectados: 0
(No se han detectado elementos maliciosos)

Carpetas Detectadas: 0
(No se han detectado elementos maliciosos)

Archivos Detectados: 0
(No se han detectado elementos maliciosos)

fin)









hijackthis:


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 01:33:30 a.m., on 24/10/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Archivos de programa\Google\Update\1.3.21.123\GoogleCrashHandler.exe
C:\Archivos de programa\Analog Devices\Core\smax4pnp.exe
C:\Archivos de programa\Yuna Software\Messenger Plus!\PlusService.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Archivos de programa\SUPERAntiSpyware\SASCORE.EXE
C:\Archivos de programa\Ad-Aware Antivirus\AdAwareService.exe
C:\WINDOWS\System32\svchost.exe
C:\Archivos de programa\Nero\Update\NASvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Archivos de programa\Ad-Aware Antivirus\SBAMSvc.exe
C:\Archivos de programa\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe
C:\Archivos de programa\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Archivos de programa\DivX\DivX Update\DivXUpdate.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Archivos de programa\Java\jre7\bin\jqs.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Documents and Settings\Amrio\Configuración local\Datos de programa\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Amrio\Configuración local\Datos de programa\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Amrio\Configuración local\Datos de programa\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Amrio\Configuración local\Datos de programa\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Amrio\Configuración local\Datos de programa\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Amrio\Configuración local\Datos de programa\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Amrio\Configuración local\Datos de programa\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Amrio\Configuración local\Datos de programa\Google\Chrome\Application\chrome.exe
C:\Archivos de programa\Malwarebytes' Anti-Malware\mbam.exe
C:\Documents and Settings\Amrio\Configuración local\Datos de programa\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Amrio\Escritorio\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Archivos de programa\Archivos comunes\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Archivos de programa\FlashGet\jccatch.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Archivos de programa\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARCHIV~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Archivos de programa\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Archivos de programa\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live Aplicación auxiliar de inicio de sesión - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Archivos de programa\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Archivos de programa\Java\jre7\bin\jp2ssv.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Archivos de programa\FlashGet\getflash.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Archivos de programa\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [NUSB3MON] "C:\Archivos de programa\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Archivos de programa\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [PlusService] C:\Archivos de programa\Yuna Software\Messenger Plus!\PlusService.exe
O4 - HKLM\..\Run: [LayoutM] KLayMgr.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
O4 - HKLM\..\Run: [nwiz] C:\Archivos de programa\NVIDIA Corporation\nview\nwiz.exe /installquiet
O4 - HKLM\..\Run: [MessengerPlusForSkypeService] "C:\Archivos de programa\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe"
O4 - HKLM\..\Run: [Ad-Aware Antivirus] "C:\Archivos de programa\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
O4 - HKLM\..\Run: [Ad-Aware Browsing Protection] "C:\Documents and Settings\All Users\Datos de programa\Ad-Aware Browsing Protection\adawarebp.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Archivos de programa\Archivos comunes\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Archivos de programa\Archivos comunes\Java\Java Update\jusched.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Archivos de programa\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Archivos de programa\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Documents and Settings\Amrio\Configuración local\Datos de programa\Akamai\netsession_win.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Archivos de programa\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Skype] "C:\Archivos de programa\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O8 - Extra context menu item: &Download All with FlashGet - C:\Archivos de programa\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Archivos de programa\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARCHIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARCHIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Archivos de programa\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Archivos de programa\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Archivos de programa\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Archivos de programa\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARCHIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARCHIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O15 - Trusted Zone: *.clonewarsadventures.com
O15 - Trusted Zone: *.freerealms.com
O15 - Trusted Zone: *.soe.com
O15 - Trusted Zone: *.sony.com
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Archivos de programa\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Archivos de programa\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARCHIV~1\ARCHIV~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Precargador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Demonio de caché de las categorías de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Archivos de programa\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Ad-Aware Service - Lavasoft Limited - C:\Archivos de programa\Ad-Aware Antivirus\AdAwareService.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Servicio Bonjour (Bonjour Service) - Apple Inc. - C:\Archivos de programa\Bonjour\mDNSResponder.exe
O23 - Service: Servicio del administrador de discos lógicos (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Registro de sucesos (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Google Update Servicio (gupdate) (gupdate) - Unknown owner - C:\Archivos de programa\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Servicio (gupdatem) (gupdatem) - Unknown owner - C:\Archivos de programa\Google\Update\GoogleUpdate.exe
O23 - Service: Servicio COM de grabación de CD de IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: Servicio del iPod (iPod Service) - Apple Inc. - C:\Archivos de programa\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Archivos de programa\Java\jre7\bin\jqs.exe
O23 - Service: Escritorio remoto compartido de NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: Nero Update (NAUpdate) - Nero AG - C:\Archivos de programa\Nero\Update\NASvc.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Archivos de programa\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Administrador de sesión de Ayuda de escritorio remoto (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Ad-Aware (SBAMSvc) - GFI Software - C:\Archivos de programa\Ad-Aware Antivirus\SBAMSvc.exe
O23 - Service: Tarjeta inteligente (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Archivos de programa\Skype\Updater\Updater.exe
O23 - Service: Registros y alertas de rendimiento (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Telnet (TlntSvr) - Unknown owner - C:\WINDOWS\system32\tlntsvr.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Archivos de programa\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe
O23 - Service: Instantáneas de volumen (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Adaptador de rendimiento de WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
O23 - Service: Servicio de uso compartido de red del Reproductor de Windows Media (WMPNetworkSvc) - Unknown owner - C:\Archivos de programa\Windows Media Player\wmpnetwk.exe

--
End of file - 14108 bytes







No problem, and the computer is doing as good as before :)

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:24 AM

Posted 24 October 2012 - 05:30 AM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [GrooveMonitor] "C:\Archivos de programa\Microsoft Office\Office12\GrooveMonitor.exe"
      O4 - HKLM\..\Run: [PlusService] C:\Archivos de programa\Yuna Software\Messenger Plus!\PlusService.exe
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
      O4 - HKLM\..\Run: [nwiz] C:\Archivos de programa\NVIDIA Corporation\nview\nwiz.exe /installquiet
      O4 - HKLM\..\Run: [MessengerPlusForSkypeService] "C:\Archivos de programa\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe"
      O4 - HKLM\..\Run: [APSDaemon] "C:\Archivos de programa\Archivos comunes\Apple\Apple Application Support\APSDaemon.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Archivos de programa\Archivos comunes\Java\Java Update\jusched.exe"
      O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Documents and Settings\Amrio\Configuración local\Datos de programa\Akamai\netsession_win.exe"
      O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the add/on to be installed
    • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish

When the scan is complete

  • If no threats were found
  • put a checkmark in "Uninstall application on close"
  • close program
  • report to me that nothing was found

  • If threats were found
  • click on "list of threats found"
  • click on "export to text file" and save it as ESET SCAN and save to the desktop
  • Click on back
  • put a checkmark in "Uninstall application on close"
  • click on finish
  • close program
  • copy and paste the report here


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 astugo

astugo
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:24 AM

Posted 24 October 2012 - 02:18 PM

C:\Documents and Settings\Amrio\Mis documentos\Downloads\DTLite4454-0315.exe Win32/OpenCandy application
C:\Documents and Settings\Amrio\Mis documentos\Downloads\GraboidVideoSetup-3.21-Complete.exe Win32/Graboid application
C:\Documents and Settings\Amrio\Mis documentos\Downloads\OrbitDownloaderSetup.exe Win32/OpenCandy application
C:\System Volume Information\_restore{6D583E78-ACC7-4284-BDDC-2B715D53166F}\RP307\A0129403.dll Win32/Toolbar.Funmoods application
C:\System Volume Information\_restore{6D583E78-ACC7-4284-BDDC-2B715D53166F}\RP307\A0129404.dll Win32/Toolbar.Funmoods application
C:\System Volume Information\_restore{6D583E78-ACC7-4284-BDDC-2B715D53166F}\RP307\A0129405.dll Win32/Toolbar.Funmoods application
C:\System Volume Information\_restore{6D583E78-ACC7-4284-BDDC-2B715D53166F}\RP307\A0129406.dll Win32/Toolbar.Funmoods application
C:\System Volume Information\_restore{6D583E78-ACC7-4284-BDDC-2B715D53166F}\RP307\A0129407.dll Win32/Toolbar.Funmoods application
C:\System Volume Information\_restore{6D583E78-ACC7-4284-BDDC-2B715D53166F}\RP307\A0129409.exe Win32/Toolbar.Funmoods application
C:\System Volume Information\_restore{6D583E78-ACC7-4284-BDDC-2B715D53166F}\RP309\A0130497.dll Win32/Toolbar.Funmoods application

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:24 AM

Posted 24 October 2012 - 02:33 PM

Hello

There are some minor things in your online scan that should be removed.


delete files

  • Copy all text in the quote box (below)...to Notepad.

    @echo off
    del /f /s /q "C:\Documents and Settings\Amrio\Mis documentos\Downloads\DTLite4454-0315.exe"
    del /f /s /q "C:\Documents and Settings\Amrio\Mis documentos\Downloads\GraboidVideoSetup-3.21-Complete.exe"
    del /f /s /q "C:\Documents and Settings\Amrio\Mis documentos\Downloads\OrbitDownloaderSetup.exe"
    del %0

  • Save the Notepad file on your desktop...as delfile.bat... save type as "All Files"
    It should look like this: Posted Image<--XPPosted Image<--vista
  • Double click on delfile.bat to execute it.
    A black CMD window will flash, then disappear...this is normal.
  • The files and folders, if found...will have been deleted and the "delfile.bat" file will also be deleted.


The rest of the Online scan is only reporting backups created during the course of this fix C:\Qoobox\Quarantine\, and/or items located in System Restore's cache C:\System Volume Information\, Whatever is in these folders can't harm you unless you choose to perform a manual restore. the following steps will remove these backups.




Very well done!! This is my general post for when your logs show no more signs of malware - Please let me know if you still are having problems with your computer and what these problems are.


:Why we need to remove some of our tools:

Some of the tools we have used to clean your computer were made by fellow malware fighters and are very powerful and if used incorrectly or at the wronge time can make the computer an expensive paper weight.
They are updated all the time and some of them more than once a day so by the time you are ready to use them again they will already be outdated.

The following procedures will implement some cleanup procedures to remove these tools. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.
:DeFogger:

Note** Defogger only needs to be run if it was run when we first started. If you have not already run it then skip this.

  • To re-enable your Emulation drivers, double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK.
Your Emulation drivers are now re-enabled.

:Uninstall ComboFix:

  • turn off all active protection software
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box ComboFix /Uninstall and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.
  • Posted Image

:Remove the rest of our tools:

Please download OTCleanIt and save it to desktop. This tool will remove all the tools we used to clean your pc.
  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.
  • If asked to restart the computer, please do so
Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.

:The programs you can keep:

Some of the programs that we have used would be a good idea to keep and used often in helping to keep the computer clean. I use these programs on my computer.

Revo Uninstaller Free - this is the uninstaller that I had you download and works allot better than add/remove in windows and has saved me more than once from corrupted installs and uninstalls

CCleaner - This is a good program to clean out temp files, I would use this once a week or before any malware scan to remove unwanted temp files - It has a built in registry cleaner but I would leave that alone and not use any registry cleaner

Malwarebytes' Anti-Malware The Gold standerd today in antimalware scanners

:Security programs:

One of the questions I am asked all the time is "What programs do you use" I have at this time 4 computers in my home and I have this setup on all 4 of them.

  • Microsoft Security Essentials - provides real-time protection for your home PC that guards against viruses, spyware, and other malicious software.
  • WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
  • Malwarebytes' Anti-Malware Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
    totally free but for real-time protection you will have to pay a small one-time fee. We used this to help clean your computer and recomend keeping it and using often. (I have upgraded to the paid version of MBAM and I am glad I did)


    Note** If you decide to install MSE you will need to uninstall your present Antivirus

:Security awareness:

The other question I am asked all the time is "How can I prevent this from happening again." and the short answer to that is to be aware of what is out there and how to start spotting dangers.

Here are some articles that are must reads and should be read by everybody in your household that uses the internet

internetsafety

Internet Safety for Kids

Here is some more reading for you from some of my colleges

PC Safety and Security - What Do I Need? from my friends at Tech Support Forum

COMPUTER SECURITY - a short guide to staying safer online from my friends at Malware Removal

quoted from Tech Support Forum

Conclusion

There is no such thing as ‘perfect security’. This applies to many things, not just computer systems. Using the above guide you should be able to take all the reasonable steps you can to prevent infection. However, the most important part of all this is you, the user. Surf sensibly and think before you download a file or click on a link. Take a few moments to assess the possible risks and you should be able to enjoy all the internet has to offer.


I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

I Will Keep This Open For About Three Days, If Anything Comes Up - Just Come Back And Let Me Know, after that time you will have to send me a PM

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 astugo

astugo
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:24 AM

Posted 24 October 2012 - 08:25 PM

Hey, thank you! everything went good and smooth... i'm gonna try your programs as my main resource of protection. I don't know if keep Tune Up Utilities program though... i would like your opinion about it (if you don't mind :P)

I appreciate a lot your work and the web, it's a amazing community. I would like to donate some, but i don't have any credit card or something like that... :/ only my "thank you" and my recommendation about this web and your (of course) good work :)


I hope you keep doing it good... greetings


Mario.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users