TechSpot

5-step V/S/M preliminary removal instructions - DDS not ending

Inactive
By juako
Mar 12, 2012
  1. Hello.
    I had problems with computer starting annoying web pages on its own. I thought it was a virus, but antivirus (clamwin) did not detect anything. Spybot Search and rescue did not detect anything relevant either. I detected many network connections. I tried to update to Service Pack 3, but it failed, because acpi.sys was used by another process. I looked for this kind of error, and came to this forum.

    I followed the 5-Step guide, but DDS.src did not ended. It started, shew me the information, progress was ok, but after some "#" (many of them, I guess was near the end) it stoped. I could then do anything on the computer. After some keys, it sounded a "bit" and then the cursor did not moved any more, so I had to do a hard reboot. Tried to launch DDS several times, with the same result. Note that my computer did not recognize the .src as an executable, but as some particular autocad extension. So i renamed DDS.src to DDS.exe and it started ok, but with the result shown before.

    I can post now on my following messages the results of the other command. Please note that I ran the command twice, and as I got 2 different logs, I post both of them (sorry if it was not needed)

    Any help will be welcomed!
    Thanks in advance
  2. juako

    juako Newcomer, in training Topic Starter Posts: 34

    5-Step.... DDS not ending - LOGS

    RUN 1: MALWAREBYTES ANTI-MALWARE

    Malwarebytes Anti-Malware 1.60.1.1000
    www.malwarebytes.org

    Versión de la Base de Datos: v2012.03.12.06

    Windows XP Service Pack 2 x86 NTFS
    Internet Explorer 8.0.6001.18702
    Paula :: TOSHIBA [administrador]

    12/03/2012 22:36:10
    mbam-log-2012-03-12 (22-36-10).txt

    Tipos de Análisis: Análisis Rápido
    Opciones de análisis activado: Memoria | Inicio | Registro | Sistema de archivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM
    Opciones de análisis desactivados: P2P
    Objetos examinados: 215152
    Tiempo transcurrido: 11 minuto(s), 37 segundo(s)

    Procesos en Memoria Detectados: 1
    C:\WINDOWS\system32\nM5OdFGKA.com (Backdoor.Bot) -> 3732 -> Se eliminarán al reiniciar.

    Módulos de Memoria Detectados: 1
    C:\WINDOWS\system32\ql10wnt.dll (RootKit.0Access.H) -> Se eliminarán al reiniciar.

    Claves del Registro Detectados: 0
    (No se han detectado elementos maliciosos)

    Valores del Registro Detectados: 0
    (No se han detectado elementos maliciosos)

    Elementos de Datos del Registro Detectados: 2
    HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Malo: (1) Bueno: (0) -> En cuarentena y reparado con éxito.
    HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Malo: (1) Bueno: (0) -> En cuarentena y reparado con éxito.

    Carpetas Detectadas: 0
    (No se han detectado elementos maliciosos)

    Archivos Detectados: 7
    C:\WINDOWS\system32\ql10wnt.dll (RootKit.0Access.H) -> Se eliminarán al reiniciar.
    C:\WINDOWS\system32\nM5OdFGKA.com (Backdoor.Bot) -> Se eliminarán al reiniciar.
    C:\WINDOWS\system32\nM5OdFGKA.com_ (Backdoor.Bot) -> Se eliminarán al reiniciar.
    C:\WINDOWS\system32\pepifilter.dll (RootKit.0Access.H) -> En cuarentena y eliminado con éxito.
    C:\WINDOWS\system32\com0com.dll (RootKit.0Access.H) -> En cuarentena y eliminado con éxito.
    C:\WINDOWS\system32\SRS_SSCFilter.dll (RootKit.0Access.H) -> En cuarentena y eliminado con éxito.
    C:\WINDOWS\flash.exe (Trojan.Agent) -> En cuarentena y eliminado con éxito.

    fin)


    RUN 1 - GMER.LOG

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2012-03-12 23:10:46
    Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 IC25N060ATMR04-0 rev.MO3OAD4A
    Running: 1y04sjdo.exe; Driver: C:\DOCUME~1\Paula\CONFIG~1\Temp\pwrdipow.sys


    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 mouclass.sys (Controlador del tipo de Mouse/Microsoft Corporation)
    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

    ---- Threads - GMER 1.0.15 ----

    Thread System [4:676] 89A7B39F
    Thread System [4:956] 872560F4

    ---- Processes - GMER 1.0.15 ----

    Process C:\WINDOWS\system32\ping.exe (*** hidden *** ) 3136

    ---- EOF - GMER 1.0.15 ----


    RUN 2: MALWAREBYTES ANTI-MALWARE

    Malwarebytes Anti-Malware 1.60.1.1000
    www.malwarebytes.org

    Versión de la Base de Datos: v2012.03.12.06

    Windows XP Service Pack 2 x86 NTFS
    Internet Explorer 8.0.6001.18702
    Paula :: TOSHIBA [administrador]

    12/03/2012 23:48:42
    mbam-log-2012-03-12 (23-48-42).txt

    Tipos de Análisis: Análisis Rápido
    Opciones de análisis activado: Memoria | Inicio | Registro | Sistema de archivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM
    Opciones de análisis desactivados: P2P
    Objetos examinados: 213010
    Tiempo transcurrido: 5 minuto(s), 14 segundo(s)

    Procesos en Memoria Detectados: 0
    (No se han detectado elementos maliciosos)

    Módulos de Memoria Detectados: 1
    C:\WINDOWS\system32\symidsco.dll (RootKit.0Access.H) -> Se eliminarán al reiniciar.

    Claves del Registro Detectados: 0
    (No se han detectado elementos maliciosos)

    Valores del Registro Detectados: 0
    (No se han detectado elementos maliciosos)

    Elementos de Datos del Registro Detectados: 0
    (No se han detectado elementos maliciosos)

    Carpetas Detectadas: 0
    (No se han detectado elementos maliciosos)

    Archivos Detectados: 1
    C:\WINDOWS\system32\symidsco.dll (RootKit.0Access.H) -> Se eliminarán al reiniciar.

    fin)


    RUN 2 - GMER.LOG

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2012-03-13 00:02:14
    Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 IC25N060ATMR04-0 rev.MO3OAD4A
    Running: 8epj3zhe.exe; Driver: C:\DOCUME~1\Paula\CONFIG~1\Temp\pwrdipow.sys


    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 mouclass.sys (Controlador del tipo de Mouse/Microsoft Corporation)
    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

    ---- Threads - GMER 1.0.15 ----

    Thread System [4:640] 89A7A39F
    Thread System [4:784] 897A70F4

    ---- EOF - GMER 1.0.15 ----
  3. Broni

    Broni Malware Annihilator Posts: 46,474   +252

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ===============================================================

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
  4. juako

    juako Newcomer, in training Topic Starter Posts: 34

    5-Step.... DDS not ending - TDSSKiller Log

    Thank you for you help.
    This is the output of the TDSSKiller:

    23:01:34.0602 3456 TDSS rootkit removing tool 2.7.20.0 Mar 9 2012 17:10:43
    23:01:34.0942 3456 ============================================================
    23:01:34.0942 3456 Current date / time: 2012/03/13 23:01:34.0942
    23:01:34.0942 3456 SystemInfo:
    23:01:34.0942 3456
    23:01:34.0942 3456 OS Version: 5.1.2600 ServicePack: 2.0
    23:01:34.0942 3456 Product type: Workstation
    23:01:34.0942 3456 ComputerName: TOSHIBA
    23:01:34.0942 3456 UserName: Pala
    23:01:34.0942 3456 Windows directory: C:\WINDOWS
    23:01:34.0942 3456 System windows directory: C:\WINDOWS
    23:01:34.0942 3456 Processor architecture: Intel x86
    23:01:34.0942 3456 Number of processors: 1
    23:01:34.0942 3456 Page size: 0x1000
    23:01:34.0942 3456 Boot type: Normal boot
    23:01:34.0942 3456 ============================================================
    23:01:37.0546 3456 Drive \Device\Harddisk0\DR0 - Size: 0xDF8F90000 (55.89 Gb), SectorSize: 0x200, Cylinders: 0x1C80, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
    23:01:37.0556 3456 \Device\Harddisk0\DR0:
    23:01:37.0556 3456 MBR used
    23:01:37.0556 3456 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x6FC7C41
    23:01:37.0606 3456 Initialize success
    23:01:37.0606 3456 ============================================================
    23:02:20.0908 0792 ============================================================
    23:02:20.0908 0792 Scan started
    23:02:20.0908 0792 Mode: Manual;
    23:02:20.0908 0792 ============================================================
    23:02:21.0449 0792 Abiosdsk - ok
    23:02:21.0469 0792 abp480n5 - ok
    23:02:21.0529 0792 ACPI (3269ca612f83212661f59fe867deef10) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    23:02:21.0529 0792 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\ACPI.sys. Real md5: 3269ca612f83212661f59fe867deef10, Fake md5: 33d1373ee875ce8b063777f7e77815b7
    23:02:21.0529 0792 ACPI ( Virus.Win32.Rloader.a ) - infected
    23:02:21.0529 0792 ACPI - detected Virus.Win32.Rloader.a (0)
    23:02:21.0579 0792 ACPIEC (1c905333c0b9f3d7c68ddf25e54b00f9) C:\WINDOWS\system32\drivers\ACPIEC.sys
    23:02:21.0579 0792 ACPIEC - ok
    23:02:21.0599 0792 adpu160m - ok
    23:02:21.0659 0792 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
    23:02:21.0659 0792 aec - ok
    23:02:22.0120 0792 Afc (fe3ea6e9afc1a78e6edca121e006afb7) C:\WINDOWS\system32\drivers\Afc.sys
    23:02:22.0120 0792 Afc - ok
    23:02:22.0180 0792 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
    23:02:22.0180 0792 AFD - ok
    23:02:22.0240 0792 agp440 (2c428fa0c3e3a01ed93c9b2a27d8d4bb) C:\WINDOWS\system32\DRIVERS\agp440.sys
    23:02:22.0240 0792 agp440 - ok
    23:02:22.0270 0792 Aha154x - ok
    23:02:22.0290 0792 aic78u2 - ok
    23:02:22.0320 0792 aic78xx - ok
    23:02:22.0350 0792 AliIde - ok
    23:02:22.0371 0792 amsint - ok
    23:02:22.0431 0792 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
    23:02:22.0431 0792 Arp1394 - ok
    23:02:22.0831 0792 asc - ok
    23:02:22.0851 0792 asc3350p - ok
    23:02:22.0871 0792 asc3550 - ok
    23:02:22.0931 0792 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    23:02:22.0931 0792 AsyncMac - ok
    23:02:22.0981 0792 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
    23:02:22.0991 0792 atapi - ok
    23:02:23.0011 0792 Atdisk - ok
    23:02:23.0051 0792 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    23:02:23.0051 0792 Atmarpc - ok
    23:02:23.0122 0792 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    23:02:23.0122 0792 audstub - ok
    23:02:23.0592 0792 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    23:02:23.0592 0792 Beep - ok
    23:02:23.0662 0792 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    23:02:23.0662 0792 cbidf2k - ok
    23:02:23.0712 0792 cd20xrnt - ok
    23:02:23.0752 0792 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    23:02:23.0752 0792 Cdaudio - ok
    23:02:23.0793 0792 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
    23:02:23.0793 0792 Cdfs - ok
    23:02:24.0203 0792 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    23:02:24.0203 0792 Cdrom - ok
    23:02:24.0233 0792 Changer - ok
    23:02:24.0273 0792 CmBatt (4266be808f85826aedf3c64c1e240203) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
    23:02:24.0283 0792 CmBatt - ok
    23:02:24.0303 0792 CmdIde - ok
    23:02:24.0363 0792 Compbatt (df1b1a24bf52d0ebc01ed4ece8979f50) C:\WINDOWS\system32\DRIVERS\compbatt.sys
    23:02:24.0363 0792 Compbatt - ok
    23:02:24.0393 0792 Cpqarray - ok
    23:02:24.0433 0792 dac2w2k - ok
    23:02:24.0453 0792 dac960nt - ok
    23:02:24.0494 0792 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
    23:02:24.0504 0792 Disk - ok
    23:02:24.0584 0792 dmboot (9fb634a0ed429aa64de57c53dd10ccf9) C:\WINDOWS\system32\drivers\dmboot.sys
    23:02:24.0604 0792 dmboot - ok
    23:02:25.0024 0792 dmio (67decfaf3b6cdb34b3fa77d965281bb5) C:\WINDOWS\system32\drivers\dmio.sys
    23:02:25.0024 0792 dmio - ok
    23:02:25.0064 0792 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    23:02:25.0064 0792 dmload - ok
    23:02:25.0104 0792 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
    23:02:25.0104 0792 DMusic - ok
    23:02:25.0144 0792 dpti2o - ok
    23:02:25.0185 0792 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
    23:02:25.0185 0792 drmkaud - ok
    23:02:25.0255 0792 E100B (ac9cf17ee2ae003c98eb4f5336c38058) C:\WINDOWS\system32\DRIVERS\e100b325.sys
    23:02:25.0255 0792 E100B - ok
    23:02:25.0325 0792 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
    23:02:25.0325 0792 Fastfat - ok
    23:02:25.0735 0792 FD (1cb1d6fa1290fc4f14c04fae321bcc6c) C:\WINDOWS\system32\drivers\FD.sys
    23:02:25.0745 0792 FD - ok
    23:02:25.0795 0792 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\drivers\Fdc.sys
    23:02:25.0795 0792 Fdc - ok
    23:02:25.0856 0792 Fips (6e9d149cfae2af4783f85dbd6cedf7a1) C:\WINDOWS\system32\drivers\Fips.sys
    23:02:25.0856 0792 Fips - ok
    23:02:25.0896 0792 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\drivers\Flpydisk.sys
    23:02:25.0896 0792 Flpydisk - ok
    23:02:25.0946 0792 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\drivers\fltmgr.sys
    23:02:25.0956 0792 FltMgr - ok
    23:02:26.0426 0792 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    23:02:26.0426 0792 Fs_Rec - ok
    23:02:26.0496 0792 Ftdisk (cc5f3af5711a1c7c8fa1d43bb16b401a) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    23:02:26.0496 0792 Ftdisk - ok
    23:02:26.0557 0792 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
    23:02:26.0557 0792 GEARAspiWDM - ok
    23:02:26.0677 0792 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    23:02:26.0677 0792 Gpc - ok
    23:02:27.0037 0792 gv3 (597a70495932e7930f3329f5beb451ac) C:\WINDOWS\system32\DRIVERS\gv3.sys
    23:02:27.0037 0792 gv3 - ok
    23:02:27.0107 0792 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
    23:02:27.0117 0792 HidUsb - ok
    23:02:27.0167 0792 HPFECP14 (c47353fd62daa7d13438d5448a6285b1) C:\WINDOWS\System32\drivers\HPFECP14.SYS
    23:02:27.0167 0792 HPFECP14 - ok
    23:02:27.0258 0792 hpn - ok
    23:02:27.0318 0792 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys
    23:02:27.0318 0792 HTTP - ok
    23:02:27.0638 0792 Huawei - ok
    23:02:27.0668 0792 hwdatacard - ok
    23:02:27.0708 0792 i2omgmt - ok
    23:02:27.0728 0792 i2omp - ok
    23:02:27.0788 0792 i8042prt (0cab3ee361cfeab260b3906c8b6fb2be) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    23:02:27.0788 0792 i8042prt - ok
    23:02:27.0848 0792 imagedrv (0a7c49b48c772591a2d362daa00246c8) C:\WINDOWS\system32\Drivers\imagedrv.sys
    23:02:27.0858 0792 imagedrv - ok
    23:02:27.0898 0792 imagesrv (549ba4f539e7b8d8129500b96dd7b27a) C:\WINDOWS\system32\DRIVERS\imagesrv.sys
    23:02:27.0898 0792 imagesrv - ok
    23:02:27.0999 0792 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
    23:02:27.0999 0792 Imapi - ok
    23:02:28.0319 0792 ini910u - ok
    23:02:28.0389 0792 IntelIde (161b54c8200663ada2c145d87e8d4340) C:\WINDOWS\system32\DRIVERS\intelide.sys
    23:02:28.0389 0792 IntelIde - ok
    23:02:28.0429 0792 intelppm (98bbc0e8efa90fff1ec9456ee7b0b1f1) C:\WINDOWS\system32\DRIVERS\intelppm.sys
    23:02:28.0429 0792 intelppm - ok
    23:02:28.0469 0792 ip6fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\drivers\ip6fw.sys
    23:02:28.0469 0792 ip6fw - ok
    23:02:28.0519 0792 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    23:02:28.0529 0792 IpFilterDriver - ok
    23:02:28.0619 0792 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    23:02:28.0619 0792 IpInIp - ok
    23:02:28.0680 0792 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    23:02:28.0690 0792 IpNat - ok
    23:02:29.0050 0792 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    23:02:29.0050 0792 IPSec - ok
    23:02:29.0090 0792 irda (86c204836feec22510d434982d4221b8) C:\WINDOWS\system32\DRIVERS\irda.sys
    23:02:29.0090 0792 irda - ok
    23:02:29.0120 0792 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
    23:02:29.0120 0792 IRENUM - ok
    23:02:29.0250 0792 isapnp (90bc6118193b4e8a76f0fc0d4a3572de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    23:02:29.0250 0792 isapnp - ok
    23:02:29.0300 0792 Kbdclass (71bfdda7b3006b45b18d8bac92bc9993) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    23:02:29.0300 0792 Kbdclass - ok
    23:02:29.0481 0792 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys
    23:02:29.0481 0792 kmixer - ok
    23:02:29.0741 0792 KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys
    23:02:29.0741 0792 KSecDD - ok
    23:02:29.0771 0792 lbrtfdc - ok
    23:02:29.0831 0792 MDC8021X (0f528e44cdc78365be693ae723e3801c) C:\WINDOWS\system32\DRIVERS\mdc8021x.sys
    23:02:29.0841 0792 MDC8021X - ok
    23:02:29.0961 0792 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    23:02:29.0961 0792 mnmdd - ok
    23:02:30.0122 0792 Modem (b65f57d37e8d43089b701ed16e22d0e9) C:\WINDOWS\system32\drivers\Modem.sys
    23:02:30.0122 0792 Modem - ok
    23:02:30.0402 0792 Mouclass (05e9c75c6797145a4983e9d0a4778bc3) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    23:02:30.0402 0792 Mouclass - ok
    23:02:30.0512 0792 mouhid (8ee532e516b2d23d686cfc1cc0a15c25) C:\WINDOWS\system32\DRIVERS\mouhid.sys
    23:02:30.0522 0792 mouhid - ok
    23:02:30.0672 0792 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
    23:02:30.0672 0792 MountMgr - ok
    23:02:30.0702 0792 mraid35x - ok
    23:02:30.0763 0792 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    23:02:30.0763 0792 MRxDAV - ok
    23:02:31.0003 0792 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    23:02:31.0013 0792 MRxSmb - ok
    23:02:31.0173 0792 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
    23:02:31.0183 0792 Msfs - ok
    23:02:31.0323 0792 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    23:02:31.0323 0792 MSKSSRV - ok
    23:02:31.0544 0792 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    23:02:31.0544 0792 MSPCLOCK - ok
    23:02:31.0574 0792 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
    23:02:31.0574 0792 MSPQM - ok
    23:02:31.0614 0792 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    23:02:31.0614 0792 mssmbios - ok
    23:02:31.0664 0792 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
    23:02:31.0674 0792 Mup - ok
    23:02:31.0824 0792 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
    23:02:31.0824 0792 NDIS - ok
    23:02:32.0145 0792 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    23:02:32.0145 0792 NdisTapi - ok
    23:02:32.0195 0792 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    23:02:32.0195 0792 Ndisuio - ok
    23:02:32.0245 0792 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    23:02:32.0245 0792 NdisWan - ok
    23:02:32.0275 0792 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
    23:02:32.0275 0792 NDProxy - ok
    23:02:32.0315 0792 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
    23:02:32.0315 0792 NetBIOS - ok
    23:02:32.0465 0792 NetBT (f6c08c5733c607d46bbd71dc9754bdbe) C:\WINDOWS\system32\DRIVERS\netbt.sys
    23:02:32.0465 0792 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\netbt.sys. Real md5: f6c08c5733c607d46bbd71dc9754bdbe, Fake md5: 0c80e410cd2f47134407ee7dd19cc86b
    23:02:32.0465 0792 NetBT ( Virus.Win32.ZAccess.aml ) - infected
    23:02:32.0465 0792 NetBT - detected Virus.Win32.ZAccess.aml (0)
    23:02:32.0836 0792 Netdevio (1265eb253ed4ebe4acb3bd5f548ff796) C:\WINDOWS\system32\DRIVERS\netdevio.sys
    23:02:32.0836 0792 Netdevio - ok
    23:02:32.0906 0792 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys
    23:02:32.0906 0792 NIC1394 - ok
    23:02:32.0976 0792 NPF (b9730495e0cf674680121e34bd95a73b) C:\WINDOWS\system32\drivers\NPF.sys
    23:02:32.0976 0792 NPF - ok
    23:02:33.0106 0792 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
    23:02:33.0106 0792 Npfs - ok
    23:02:33.0186 0792 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys
    23:02:33.0196 0792 Ntfs - ok
    23:02:33.0547 0792 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    23:02:33.0547 0792 Null - ok
    23:02:33.0757 0792 nv (15859bf8d0b2301d91796823fd62f4bc) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
    23:02:33.0777 0792 nv - ok
    23:02:34.0087 0792 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    23:02:34.0087 0792 NwlnkFlt - ok
    23:02:34.0208 0792 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    23:02:34.0208 0792 NwlnkFwd - ok
    23:02:34.0248 0792 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
    23:02:34.0258 0792 ohci1394 - ok
    23:02:34.0338 0792 Parport (0df0b83c90473ccfdc3dc882cbb6e4a9) C:\WINDOWS\system32\DRIVERS\parport.sys
    23:02:34.0338 0792 Parport - ok
    23:02:34.0388 0792 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
    23:02:34.0388 0792 PartMgr - ok
    23:02:34.0478 0792 ParVdm (fad44d704ecd7d39ad01415b8bb34204) C:\WINDOWS\system32\drivers\ParVdm.sys
    23:02:34.0478 0792 ParVdm - ok
    23:02:34.0798 0792 PCI (a566b8da5e70b3237274d418853a87e0) C:\WINDOWS\system32\DRIVERS\pci.sys
    23:02:34.0798 0792 PCI - ok
    23:02:34.0919 0792 PCIDump - ok
    23:02:34.0979 0792 PCIIde (33d63f0a9021acb4d75d83b646b93a30) C:\WINDOWS\system32\DRIVERS\pciide.sys
    23:02:34.0979 0792 PCIIde - ok
    23:02:35.0039 0792 pciSd (221068851f8fd7d8d581738123196ee3) C:\WINDOWS\system32\DRIVERS\tossdpci.sys
    23:02:35.0039 0792 pciSd - ok
    23:02:35.0099 0792 Pcmcia (6374a34b03aea7971c976982a391ad07) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
    23:02:35.0099 0792 Pcmcia - ok
    23:02:35.0459 0792 PDCOMP - ok
    23:02:35.0569 0792 PDFRAME - ok
    23:02:35.0590 0792 PDRELI - ok
    23:02:35.0620 0792 PDRFRAME - ok
    23:02:35.0640 0792 perc2 - ok
    23:02:35.0660 0792 perc2hib - ok
    23:02:35.0730 0792 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    23:02:35.0740 0792 PptpMiniport - ok
    23:02:35.0770 0792 Processor (8526ecbc5e6abc0404c3d3d0733f2c00) C:\WINDOWS\system32\DRIVERS\processr.sys
    23:02:35.0770 0792 Processor - ok
    23:02:35.0830 0792 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
    23:02:35.0840 0792 PSched - ok
    23:02:36.0120 0792 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    23:02:36.0120 0792 Ptilink - ok
    23:02:36.0230 0792 ql1080 - ok
    23:02:36.0341 0792 Ql10wnt - ok
    23:02:36.0361 0792 ql12160 - ok
    23:02:36.0381 0792 ql1240 - ok
    23:02:36.0411 0792 ql1280 - ok
    23:02:36.0461 0792 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    23:02:36.0461 0792 RasAcd - ok
    23:02:36.0521 0792 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
    23:02:36.0521 0792 Rasirda - ok
    23:02:36.0571 0792 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    23:02:36.0571 0792 Rasl2tp - ok
    23:02:36.0821 0792 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    23:02:36.0821 0792 RasPppoe - ok
    23:02:36.0941 0792 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    23:02:36.0951 0792 Raspti - ok
    23:02:37.0082 0792 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    23:02:37.0092 0792 Rdbss - ok
    23:02:37.0142 0792 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    23:02:37.0142 0792 RDPCDD - ok
    23:02:37.0202 0792 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
    23:02:37.0212 0792 RDPWD - ok
    23:02:37.0412 0792 redbook (28531a950381da67fc6412dfebcc8c5c) C:\WINDOWS\system32\DRIVERS\redbook.sys
    23:02:37.0412 0792 redbook - ok
    23:02:37.0743 0792 RTL8192cu (5b3a5bc13614fffa1be65d434688ed3f) C:\WINDOWS\system32\DRIVERS\RTL8192cu.sys
    23:02:37.0763 0792 RTL8192cu - ok
    23:02:38.0063 0792 s24trans (41cf7128424f3bdc35b05be3cc8ce7ec) C:\WINDOWS\system32\DRIVERS\s24trans.sys
    23:02:38.0063 0792 s24trans - ok
    23:02:38.0133 0792 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    23:02:38.0133 0792 Secdrv - ok
    23:02:38.0364 0792 Serial (fa9c4c4ac544301fa13c5c00a270399f) C:\WINDOWS\system32\drivers\Serial.sys
    23:02:38.0364 0792 Serial - ok
    23:02:38.0454 0792 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
    23:02:38.0454 0792 Sfloppy - ok
    23:02:38.0714 0792 Simbad - ok
    23:02:38.0784 0792 SMCIRDA (9951b523fe6820f29ef010680cb692d2) C:\WINDOWS\system32\DRIVERS\smcirda.sys
    23:02:38.0794 0792 SMCIRDA - ok
    23:02:38.0974 0792 Sparrow - ok
    23:02:39.0024 0792 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys
    23:02:39.0024 0792 splitter - ok
    23:02:39.0085 0792 sr (3c151d50cf3ae1683c6e3ec201b2ad3d) C:\WINDOWS\system32\DRIVERS\sr.sys
    23:02:39.0085 0792 sr - ok
    23:02:39.0405 0792 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
    23:02:39.0415 0792 Srv - ok
    23:02:39.0485 0792 STAC97 (a48dc73c8a26dc53d9480a108c3342b5) C:\WINDOWS\system32\drivers\stac97.sys
    23:02:39.0495 0792 STAC97 - ok
    23:02:39.0715 0792 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
    23:02:39.0715 0792 swenum - ok
    23:02:39.0966 0792 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
    23:02:39.0966 0792 swmidi - ok
    23:02:40.0006 0792 symc810 - ok
    23:02:40.0026 0792 symc8xx - ok
    23:02:40.0046 0792 sym_hi - ok
    23:02:40.0076 0792 sym_u3 - ok
    23:02:40.0146 0792 SynTP (770f9dc0ab4b87b1c8fde42802762ad6) C:\WINDOWS\system32\DRIVERS\SynTP.sys
    23:02:40.0146 0792 SynTP - ok
    23:02:40.0186 0792 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
    23:02:40.0186 0792 sysaudio - ok
    23:02:40.0657 0792 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    23:02:40.0657 0792 Tcpip - ok
    23:02:41.0338 0792 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
    23:02:41.0338 0792 TDPIPE - ok
    23:02:41.0408 0792 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
    23:02:41.0408 0792 TDTCP - ok
    23:02:41.0478 0792 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
    23:02:41.0488 0792 TermDD - ok
    23:02:41.0618 0792 TOSHIBASoftModem (bdf9ed967f81145ed058601b1c4d8fb7) C:\WINDOWS\system32\DRIVERS\LTSM.sys
    23:02:41.0638 0792 TOSHIBASoftModem - ok
    23:02:41.0989 0792 TosIde - ok
    23:02:42.0159 0792 tsdhd (f85667bb084499da23397892974c1bdc) C:\WINDOWS\system32\DRIVERS\tsdhd.sys
    23:02:42.0159 0792 tsdhd - ok
    23:02:42.0219 0792 TVALZ (9d8fcc6099d641d7c2bdc7f41193bec5) C:\WINDOWS\system32\DRIVERS\TVALZ.SYS
    23:02:42.0219 0792 TVALZ - ok
    23:02:42.0289 0792 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
    23:02:42.0289 0792 Udfs - ok
    23:02:42.0670 0792 ultra - ok
    23:02:42.0800 0792 Update (ced744117e91bdc0beb810f7d8608183) C:\WINDOWS\system32\DRIVERS\update.sys
    23:02:42.0810 0792 Update - ok
    23:02:42.0880 0792 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    23:02:42.0880 0792 usbccgp - ok
    23:02:42.0930 0792 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    23:02:42.0930 0792 usbehci - ok
    23:02:43.0321 0792 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    23:02:43.0321 0792 usbhub - ok
    23:02:43.0431 0792 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
    23:02:43.0431 0792 usbprint - ok
    23:02:43.0481 0792 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
    23:02:43.0481 0792 usbscan - ok
    23:02:43.0541 0792 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    23:02:43.0541 0792 USBSTOR - ok
    23:02:43.0581 0792 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    23:02:43.0581 0792 usbuhci - ok
    23:02:43.0962 0792 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
    23:02:43.0962 0792 VgaSave - ok
    23:02:44.0032 0792 ViaIde - ok
    23:02:44.0092 0792 VolSnap (d6ec4aff061665a10f0b1a9517d338e3) C:\WINDOWS\system32\drivers\VolSnap.sys
    23:02:44.0092 0792 VolSnap - ok
    23:02:44.0242 0792 w22n51 (4c009d4352849d79bf347846b6e03bfd) C:\WINDOWS\system32\DRIVERS\w22n51.sys
    23:02:44.0282 0792 w22n51 - ok
    23:02:44.0743 0792 w70n51 (3eccbb3689807787cd4c0fed20b1d0d8) C:\WINDOWS\system32\DRIVERS\w70n51.sys
    23:02:44.0773 0792 w70n51 - ok
    23:02:44.0883 0792 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    23:02:44.0893 0792 Wanarp - ok
    23:02:45.0063 0792 WDICA - ok
    23:02:45.0133 0792 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys
    23:02:45.0133 0792 wdmaud - ok
    23:02:45.0464 0792 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
    23:02:45.0464 0792 WpdUsb - ok
    23:02:45.0534 0792 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    23:02:45.0534 0792 WudfPf - ok
    23:02:45.0824 0792 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
    23:02:45.0824 0792 WudfRd - ok
    23:02:45.0904 0792 MBR (0x1B8) (671b81004fdd1588fa9ed1331c9ceca9) \Device\Harddisk0\DR0
    23:02:46.0055 0792 \Device\Harddisk0\DR0 - ok
    23:02:46.0065 0792 Boot (0x1200) (5b71510ec56fbb34801fdac58e35fb28) \Device\Harddisk0\DR0\Partition0
    23:02:46.0065 0792 \Device\Harddisk0\DR0\Partition0 - ok
    23:02:46.0065 0792 ============================================================
    23:02:46.0065 0792 Scan finished
    23:02:46.0065 0792 ============================================================
    23:02:46.0085 2608 Detected object count: 2
    23:02:46.0085 2608 Actual detected object count: 2
    23:03:52.0781 2608 C:\WINDOWS\system32\DRIVERS\ACPI.sys - copied to quarantine
    23:03:57.0627 2608 Backup copy found, using it..
    23:03:57.0637 2608 C:\WINDOWS\system32\DRIVERS\ACPI.sys - will be cured on reboot
    23:03:57.0637 2608 ACPI ( Virus.Win32.Rloader.a ) - User select action: Cure
    23:03:58.0138 2608 C:\WINDOWS\system32\DRIVERS\netbt.sys - copied to quarantine
    23:03:58.0359 2608 Backup copy found, using it..
    23:03:58.0359 2608 C:\WINDOWS\system32\DRIVERS\netbt.sys - will be cured on reboot
    23:04:05.0048 2608 NetBT ( Virus.Win32.ZAccess.aml ) - User select action: Cure
    23:04:20.0480 3428 Deinitialize success
  5. Broni

    Broni Malware Annihilator Posts: 46,474   +252

    Very good.
    Please re-run the tool one more time.

    Then...

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

    ============================================================

    Download Bootkit Remover to your desktop.

    • Unzip downloaded file to your Desktop.
    • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
    • It will show a Black screen with some data on it.
    • Right click on the screen and click Select All.
    • Press CTRL+C
    • Open a Notepad and press CTRL+V
    • Post the output back here.
  6. juako

    juako Newcomer, in training Topic Starter Posts: 34

    For the aswMBR, should I press button "fix", or just do the scan?
    Output from it:

    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-03-14 06:47:49
    -----------------------------
    06:47:49.276 OS Version: Windows 5.1.2600 Service Pack 2
    06:47:49.276 Number of processors: 1 586 0x905
    06:47:49.276 ComputerName: TOSHIBA UserName: Paula
    06:47:50.527 Initialize success
    06:49:04.253 AVAST engine defs: 12031301
    06:49:29.520 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
    06:49:29.520 Disk 0 Vendor: IC25N060ATMR04-0 MO3OAD4A Size: 57231MB BusType: 3
    06:49:29.550 Disk 0 MBR read successfully
    06:49:29.550 Disk 0 MBR scan
    06:49:29.600 Disk 0 unknown MBR code
    06:49:29.600 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 57231 MB offset 63
    06:49:29.600 Disk 0 scanning sectors +117210240
    06:49:29.890 Disk 0 scanning C:\WINDOWS\system32\drivers
    06:49:39.424 File: C:\WINDOWS\system32\drivers\netbt.sys **INFECTED** Win32:Sirefef-PL [Rtk]
    06:49:45.222 Disk 0 trace - called modules:
    06:49:45.252 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xb412efc0]<<
    06:49:45.252 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89b49ab8]
    06:49:45.252 3 CLASSPNP.SYS[f765805b] -> nt!IofCallDriver -> [0x87605d20]
    06:49:45.573 \Driver\00005255[0x881b46c8] -> IRP_MJ_CREATE -> 0xb412efc0
    06:49:46.244 AVAST engine scan C:\WINDOWS
    06:50:12.862 AVAST engine scan C:\WINDOWS\system32
    06:53:22.495 AVAST engine scan C:\WINDOWS\system32\drivers
    06:53:33.310 File: C:\WINDOWS\system32\drivers\netbt.sys **INFECTED** Win32:Sirefef-PL [Rtk]
    06:53:36.335 File: C:\WINDOWS\system32\drivers\SAP\FD.exe **INFECTED** Win32:Trojan-gen
    06:53:43.565 AVAST engine scan C:\Documents and Settings\Paula
    06:57:58.942 File: C:\Documents and Settings\Paula\Datos de programa\Sun\Java\Deployment\cache\6.0\29\ae745dd-7adfab14 **INFECTED** Win32:Malware-gen
    06:57:59.653 File: C:\Documents and Settings\Paula\Datos de programa\Sun\Java\Deployment\cache\6.0\63\1bcc4a3f-2bb9248e **INFECTED** Win32:Karagany-EW [Trj]
    06:58:29.166 AVAST engine scan C:\Documents and Settings\All Users
    06:58:49.905 Scan finished successfully
    07:16:48.607 Disk 0 MBR has been saved successfully to "C:\Nueva carpeta\MBR.dat"
    07:16:48.617 The log file has been saved successfully to "C:\Nueva carpeta\aswMBR.txt"
  7. juako

    juako Newcomer, in training Topic Starter Posts: 34

    Ok, I post logs here. I did not push "fix" button in the aswMBR, just followed your instructions:

    Output of TDSSKiller:

    06:30:13.0324 3412 TDSS rootkit removing tool 2.7.20.0 Mar 9 2012 17:10:43
    06:30:14.0395 3412 ============================================================
    06:30:14.0395 3412 Current date / time: 2012/03/14 06:30:14.0395
    06:30:14.0395 3412 SystemInfo:
    06:30:14.0395 3412
    06:30:14.0395 3412 OS Version: 5.1.2600 ServicePack: 2.0
    06:30:14.0395 3412 Product type: Workstation
    06:30:14.0395 3412 ComputerName: TOSHIBA
    06:30:14.0395 3412 UserName: Paula
    06:30:14.0395 3412 Windows directory: C:\WINDOWS
    06:30:14.0395 3412 System windows directory: C:\WINDOWS
    06:30:14.0395 3412 Processor architecture: Intel x86
    06:30:14.0395 3412 Number of processors: 1
    06:30:14.0395 3412 Page size: 0x1000
    06:30:14.0395 3412 Boot type: Normal boot
    06:30:14.0395 3412 ============================================================
    06:30:22.0066 3412 Drive \Device\Harddisk0\DR0 - Size: 0xDF8F90000 (55.89 Gb), SectorSize: 0x200, Cylinders: 0x1C80, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
    06:30:22.0116 3412 \Device\Harddisk0\DR0:
    06:30:22.0116 3412 MBR used
    06:30:22.0116 3412 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x6FC7C41
    06:30:22.0837 3412 Initialize success
    06:30:22.0837 3412 ============================================================
    06:30:28.0706 3776 ============================================================
    06:30:28.0706 3776 Scan started
    06:30:28.0706 3776 Mode: Manual;
    06:30:28.0706 3776 ============================================================
    06:30:36.0126 3776 Abiosdsk - ok
    06:30:37.0889 3776 abp480n5 - ok
    06:30:40.0322 3776 ACPI (33d1373ee875ce8b063777f7e77815b7) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    06:30:40.0443 3776 ACPI - ok
    06:30:43.0477 3776 ACPIEC (1c905333c0b9f3d7c68ddf25e54b00f9) C:\WINDOWS\system32\drivers\ACPIEC.sys
    06:30:43.0627 3776 ACPIEC - ok
    06:30:46.0141 3776 adpu160m - ok
    06:30:47.0543 3776 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
    06:30:47.0573 3776 aec - ok
    06:30:48.0654 3776 Afc (fe3ea6e9afc1a78e6edca121e006afb7) C:\WINDOWS\system32\drivers\Afc.sys
    06:30:48.0654 3776 Afc - ok
    06:30:49.0576 3776 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
    06:30:49.0626 3776 AFD - ok
    06:30:50.0827 3776 agp440 (2c428fa0c3e3a01ed93c9b2a27d8d4bb) C:\WINDOWS\system32\DRIVERS\agp440.sys
    06:30:50.0848 3776 agp440 - ok
    06:30:51.0919 3776 Aha154x - ok
    06:30:52.0870 3776 aic78u2 - ok
    06:30:53.0882 3776 aic78xx - ok
    06:30:54.0943 3776 AliIde - ok
    06:30:56.0245 3776 amsint - ok
    06:30:57.0928 3776 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
    06:30:57.0938 3776 Arp1394 - ok
    06:30:59.0720 3776 asc - ok
    06:31:01.0423 3776 asc3350p - ok
    06:31:03.0245 3776 asc3550 - ok
    06:31:05.0178 3776 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    06:31:05.0248 3776 AsyncMac - ok
    06:31:07.0381 3776 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
    06:31:07.0381 3776 atapi - ok
    06:31:09.0274 3776 Atdisk - ok
    06:31:11.0337 3776 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    06:31:11.0427 3776 Atmarpc - ok
    06:31:13.0600 3776 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    06:31:13.0630 3776 audstub - ok
    06:31:15.0693 3776 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    06:31:15.0713 3776 Beep - ok
    06:31:17.0726 3776 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    06:31:17.0756 3776 cbidf2k - ok
    06:31:19.0519 3776 cd20xrnt - ok
    06:31:21.0381 3776 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    06:31:21.0411 3776 Cdaudio - ok
    06:31:23.0104 3776 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
    06:31:23.0134 3776 Cdfs - ok
    06:31:25.0197 3776 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    06:31:25.0227 3776 Cdrom - ok
    06:31:27.0110 3776 Changer - ok
    06:31:29.0002 3776 CmBatt (4266be808f85826aedf3c64c1e240203) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
    06:31:29.0012 3776 CmBatt - ok
    06:31:33.0619 3776 CmdIde - ok
    06:31:35.0482 3776 Compbatt (df1b1a24bf52d0ebc01ed4ece8979f50) C:\WINDOWS\system32\DRIVERS\compbatt.sys
    06:31:35.0512 3776 Compbatt - ok
    06:31:37.0204 3776 Cpqarray - ok
    06:31:38.0827 3776 dac2w2k - ok
    06:31:40.0980 3776 dac960nt - ok
    06:31:43.0023 3776 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
    06:31:43.0053 3776 Disk - ok
    06:31:45.0226 3776 dmboot (9fb634a0ed429aa64de57c53dd10ccf9) C:\WINDOWS\system32\drivers\dmboot.sys
    06:31:45.0356 3776 dmboot - ok
    06:31:47.0078 3776 dmio (67decfaf3b6cdb34b3fa77d965281bb5) C:\WINDOWS\system32\drivers\dmio.sys
    06:31:47.0108 3776 dmio - ok
    06:31:48.0771 3776 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    06:31:48.0801 3776 dmload - ok
    06:31:50.0073 3776 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
    06:31:50.0093 3776 DMusic - ok
    06:31:50.0994 3776 dpti2o - ok
    06:31:52.0196 3776 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
    06:31:52.0216 3776 drmkaud - ok
    06:31:53.0438 3776 E100B (ac9cf17ee2ae003c98eb4f5336c38058) C:\WINDOWS\system32\DRIVERS\e100b325.sys
    06:31:53.0448 3776 E100B - ok
    06:31:54.0689 3776 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
    06:31:54.0699 3776 Fastfat - ok
    06:31:55.0951 3776 FD (1cb1d6fa1290fc4f14c04fae321bcc6c) C:\WINDOWS\system32\drivers\FD.sys
    06:31:55.0981 3776 FD - ok
    06:31:57.0273 3776 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\drivers\Fdc.sys
    06:31:57.0293 3776 Fdc - ok
    06:31:58.0985 3776 Fips (6e9d149cfae2af4783f85dbd6cedf7a1) C:\WINDOWS\system32\drivers\Fips.sys
    06:31:58.0985 3776 Fips - ok
    06:32:00.0127 3776 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\drivers\Flpydisk.sys
    06:32:00.0137 3776 Flpydisk - ok
    06:32:01.0349 3776 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\drivers\fltmgr.sys
    06:32:01.0369 3776 FltMgr - ok
    06:32:02.0501 3776 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    06:32:02.0541 3776 Fs_Rec - ok
    06:32:04.0043 3776 Ftdisk (cc5f3af5711a1c7c8fa1d43bb16b401a) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    06:32:04.0063 3776 Ftdisk - ok
    06:32:05.0265 3776 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
    06:32:05.0265 3776 GEARAspiWDM - ok
    06:32:06.0466 3776 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    06:32:06.0486 3776 Gpc - ok
    06:32:07.0728 3776 gv3 (597a70495932e7930f3329f5beb451ac) C:\WINDOWS\system32\DRIVERS\gv3.sys
    06:32:07.0758 3776 gv3 - ok
    06:32:09.0030 3776 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
    06:32:09.0040 3776 HidUsb - ok
    06:32:09.0891 3776 HPFECP14 (c47353fd62daa7d13438d5448a6285b1) C:\WINDOWS\System32\drivers\HPFECP14.SYS
    06:32:09.0901 3776 HPFECP14 - ok
    06:32:11.0333 3776 hpn - ok
    06:32:12.0415 3776 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys
    06:32:12.0485 3776 HTTP - ok
    06:32:13.0627 3776 Huawei - ok
    06:32:14.0808 3776 hwdatacard - ok
    06:32:15.0820 3776 i2omgmt - ok
    06:32:16.0751 3776 i2omp - ok
    06:32:17.0853 3776 i8042prt (0cab3ee361cfeab260b3906c8b6fb2be) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    06:32:17.0873 3776 i8042prt - ok
    06:32:19.0014 3776 imagedrv (0a7c49b48c772591a2d362daa00246c8) C:\WINDOWS\system32\Drivers\imagedrv.sys
    06:32:19.0024 3776 imagedrv - ok
    06:32:19.0926 3776 imagesrv (549ba4f539e7b8d8129500b96dd7b27a) C:\WINDOWS\system32\DRIVERS\imagesrv.sys
    06:32:19.0946 3776 imagesrv - ok
    06:32:21.0017 3776 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
    06:32:21.0047 3776 Imapi - ok
    06:32:21.0858 3776 ini910u - ok
    06:32:22.0860 3776 IntelIde (161b54c8200663ada2c145d87e8d4340) C:\WINDOWS\system32\DRIVERS\intelide.sys
    06:32:22.0880 3776 IntelIde - ok
    06:32:23.0931 3776 intelppm (98bbc0e8efa90fff1ec9456ee7b0b1f1) C:\WINDOWS\system32\DRIVERS\intelppm.sys
    06:32:23.0941 3776 intelppm - ok
    06:32:24.0923 3776 ip6fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\drivers\ip6fw.sys
    06:32:24.0933 3776 ip6fw - ok
    06:32:25.0884 3776 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    06:32:25.0944 3776 IpFilterDriver - ok
    06:32:27.0056 3776 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    06:32:27.0056 3776 IpInIp - ok
    06:32:28.0097 3776 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    06:32:28.0127 3776 IpNat - ok
    06:32:29.0489 3776 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    06:32:29.0499 3776 IPSec - ok
    06:32:30.0541 3776 irda (86c204836feec22510d434982d4221b8) C:\WINDOWS\system32\DRIVERS\irda.sys
    06:32:30.0551 3776 irda - ok
    06:32:31.0733 3776 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
    06:32:31.0733 3776 IRENUM - ok
    06:32:32.0964 3776 isapnp (90bc6118193b4e8a76f0fc0d4a3572de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    06:32:32.0974 3776 isapnp - ok
    06:32:34.0216 3776 Kbdclass (71bfdda7b3006b45b18d8bac92bc9993) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    06:32:34.0216 3776 Kbdclass - ok
    06:32:35.0448 3776 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys
    06:32:35.0458 3776 kmixer - ok
    06:32:36.0690 3776 KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys
    06:32:36.0690 3776 KSecDD - ok
    06:32:37.0821 3776 lbrtfdc - ok
    06:32:39.0033 3776 MDC8021X (0f528e44cdc78365be693ae723e3801c) C:\WINDOWS\system32\DRIVERS\mdc8021x.sys
    06:32:39.0033 3776 MDC8021X - ok
    06:32:42.0949 3776 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    06:32:42.0949 3776 mnmdd - ok
    06:32:44.0871 3776 Modem (b65f57d37e8d43089b701ed16e22d0e9) C:\WINDOWS\system32\drivers\Modem.sys
    06:32:44.0881 3776 Modem - ok
    06:32:45.0923 3776 Mouclass (05e9c75c6797145a4983e9d0a4778bc3) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    06:32:45.0923 3776 Mouclass - ok
    06:32:47.0145 3776 mouhid (8ee532e516b2d23d686cfc1cc0a15c25) C:\WINDOWS\system32\DRIVERS\mouhid.sys
    06:32:47.0145 3776 mouhid - ok
    06:32:48.0066 3776 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
    06:32:48.0086 3776 MountMgr - ok
    06:32:48.0216 3776 mraid35x - ok
    06:32:49.0468 3776 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    06:32:49.0468 3776 MRxDAV - ok
    06:32:49.0668 3776 MRxSmb (a2c21446c741fde74afb3efc779b9d25) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    06:32:49.0678 3776 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\mrxsmb.sys. Real md5: a2c21446c741fde74afb3efc779b9d25, Fake md5: fb6c89bb3ce282b08bdb1e3c179e1c39
    06:32:49.0678 3776 MRxSmb ( Virus.Win32.ZAccess.c ) - infected
    06:32:49.0678 3776 MRxSmb - detected Virus.Win32.ZAccess.c (0)
    06:32:50.0199 3776 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
    06:32:50.0199 3776 Msfs - ok
    06:32:50.0429 3776 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    06:32:50.0429 3776 MSKSSRV - ok
    06:32:51.0451 3776 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    06:32:51.0451 3776 MSPCLOCK - ok
    06:32:52.0673 3776 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
    06:32:52.0673 3776 MSPQM - ok
    06:32:53.0985 3776 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    06:32:53.0985 3776 mssmbios - ok
    06:32:57.0690 3776 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
    06:32:57.0770 3776 Mup - ok
    06:33:00.0504 3776 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
    06:33:00.0604 3776 NDIS - ok
    06:33:01.0886 3776 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    06:33:01.0896 3776 NdisTapi - ok
    06:33:02.0787 3776 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    06:33:02.0807 3776 Ndisuio - ok
    06:33:03.0618 3776 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    06:33:03.0679 3776 NdisWan - ok
    06:33:04.0349 3776 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
    06:33:04.0370 3776 NDProxy - ok
    06:33:04.0710 3776 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
    06:33:04.0710 3776 NetBIOS - ok
    06:33:05.0061 3776 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
    06:33:05.0061 3776 NetBT - ok
    06:33:06.0352 3776 Netdevio (1265eb253ed4ebe4acb3bd5f548ff796) C:\WINDOWS\system32\DRIVERS\netdevio.sys
    06:33:06.0352 3776 Netdevio - ok
    06:33:06.0863 3776 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys
    06:33:06.0873 3776 NIC1394 - ok
    06:33:07.0374 3776 NPF (b9730495e0cf674680121e34bd95a73b) C:\WINDOWS\system32\drivers\NPF.sys
    06:33:07.0374 3776 NPF - ok
    06:33:08.0105 3776 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
    06:33:08.0125 3776 Npfs - ok
    06:33:09.0587 3776 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys
    06:33:09.0757 3776 Ntfs - ok
    06:33:10.0809 3776 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    06:33:10.0809 3776 Null - ok
    06:33:12.0241 3776 nv (15859bf8d0b2301d91796823fd62f4bc) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
    06:33:12.0261 3776 nv - ok
    06:33:12.0942 3776 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    06:33:12.0972 3776 NwlnkFlt - ok
    06:33:14.0204 3776 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    06:33:14.0214 3776 NwlnkFwd - ok
    06:33:15.0185 3776 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
    06:33:15.0185 3776 ohci1394 - ok
    06:33:15.0756 3776 Parport (0df0b83c90473ccfdc3dc882cbb6e4a9) C:\WINDOWS\system32\DRIVERS\parport.sys
    06:33:15.0796 3776 Parport - ok
    06:33:16.0247 3776 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
    06:33:16.0277 3776 PartMgr - ok
    06:33:18.0340 3776 ParVdm (fad44d704ecd7d39ad01415b8bb34204) C:\WINDOWS\system32\drivers\ParVdm.sys
    06:33:18.0360 3776 ParVdm - ok
    06:33:19.0381 3776 PCI (a566b8da5e70b3237274d418853a87e0) C:\WINDOWS\system32\DRIVERS\pci.sys
    06:33:19.0421 3776 PCI - ok
    06:33:20.0423 3776 PCIDump - ok
    06:33:21.0324 3776 PCIIde (33d63f0a9021acb4d75d83b646b93a30) C:\WINDOWS\system32\DRIVERS\pciide.sys
    06:33:21.0354 3776 PCIIde - ok
    06:33:22.0606 3776 pciSd (221068851f8fd7d8d581738123196ee3) C:\WINDOWS\system32\DRIVERS\tossdpci.sys
    06:33:22.0636 3776 pciSd - ok
    06:33:23.0717 3776 Pcmcia (6374a34b03aea7971c976982a391ad07) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
    06:33:23.0747 3776 Pcmcia - ok
    06:33:24.0909 3776 PDCOMP - ok
    06:33:26.0031 3776 PDFRAME - ok
    06:33:27.0413 3776 PDRELI - ok
    06:33:28.0424 3776 PDRFRAME - ok
    06:33:28.0935 3776 perc2 - ok
    06:33:30.0006 3776 perc2hib - ok
    06:33:30.0968 3776 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    06:33:30.0988 3776 PptpMiniport - ok
    06:33:32.0310 3776 Processor (8526ecbc5e6abc0404c3d3d0733f2c00) C:\WINDOWS\system32\DRIVERS\processr.sys
    06:33:32.0330 3776 Processor - ok
    06:33:33.0481 3776 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
    06:33:33.0521 3776 PSched - ok
    06:33:34.0743 3776 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    06:33:34.0743 3776 Ptilink - ok
    06:33:35.0805 3776 ql1080 - ok
    06:33:37.0006 3776 Ql10wnt - ok
    06:33:38.0188 3776 ql12160 - ok
    06:33:39.0320 3776 ql1240 - ok
    06:33:40.0161 3776 ql1280 - ok
    06:33:41.0403 3776 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    06:33:41.0403 3776 RasAcd - ok
    06:33:42.0464 3776 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
    06:33:42.0504 3776 Rasirda - ok
    06:33:43.0676 3776 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    06:33:43.0686 3776 Rasl2tp - ok
    06:33:44.0818 3776 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    06:33:44.0818 3776 RasPppoe - ok
    06:33:46.0029 3776 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    06:33:46.0049 3776 Raspti - ok
    06:33:47.0091 3776 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    06:33:47.0111 3776 Rdbss - ok
    06:33:48.0403 3776 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    06:33:48.0413 3776 RDPCDD - ok
    06:33:50.0195 3776 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
    06:33:50.0215 3776 RDPWD - ok
    06:33:51.0387 3776 redbook (28531a950381da67fc6412dfebcc8c5c) C:\WINDOWS\system32\DRIVERS\redbook.sys
    06:33:51.0387 3776 redbook - ok
    06:33:52.0509 3776 RTL8192cu (5b3a5bc13614fffa1be65d434688ed3f) C:\WINDOWS\system32\DRIVERS\RTL8192cu.sys
    06:33:52.0719 3776 RTL8192cu - ok
    06:33:53.0430 3776 s24trans (41cf7128424f3bdc35b05be3cc8ce7ec) C:\WINDOWS\system32\DRIVERS\s24trans.sys
    06:33:53.0430 3776 s24trans - ok
    06:33:53.0781 3776 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    06:33:53.0811 3776 Secdrv - ok
    06:33:54.0472 3776 Serial (fa9c4c4ac544301fa13c5c00a270399f) C:\WINDOWS\system32\drivers\Serial.sys
    06:33:54.0482 3776 Serial - ok
    06:33:55.0713 3776 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
    06:33:55.0713 3776 Sfloppy - ok
    06:33:56.0464 3776 Simbad - ok
    06:33:57.0286 3776 SMCIRDA (9951b523fe6820f29ef010680cb692d2) C:\WINDOWS\system32\DRIVERS\smcirda.sys
    06:33:57.0286 3776 SMCIRDA - ok
    06:33:58.0597 3776 Sparrow - ok
    06:33:59.0979 3776 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys
    06:33:59.0979 3776 splitter - ok
    06:34:00.0751 3776 sr (3c151d50cf3ae1683c6e3ec201b2ad3d) C:\WINDOWS\system32\DRIVERS\sr.sys
    06:34:00.0761 3776 sr - ok
    06:34:01.0001 3776 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
    06:34:01.0001 3776 Srv - ok
    06:34:01.0101 3776 STAC97 (a48dc73c8a26dc53d9480a108c3342b5) C:\WINDOWS\system32\drivers\stac97.sys
    06:34:01.0111 3776 STAC97 - ok
    06:34:01.0402 3776 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
    06:34:01.0402 3776 swenum - ok
    06:34:01.0602 3776 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
    06:34:01.0602 3776 swmidi - ok
    06:34:01.0652 3776 symc810 - ok
    06:34:01.0672 3776 symc8xx - ok
    06:34:01.0702 3776 sym_hi - ok
    06:34:01.0712 3776 sym_u3 - ok
    06:34:01.0802 3776 SynTP (770f9dc0ab4b87b1c8fde42802762ad6) C:\WINDOWS\system32\DRIVERS\SynTP.sys
    06:34:01.0812 3776 SynTP - ok
    06:34:02.0072 3776 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
    06:34:02.0072 3776 sysaudio - ok
    06:34:02.0373 3776 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    06:34:02.0373 3776 Tcpip - ok
    06:34:02.0463 3776 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
    06:34:02.0463 3776 TDPIPE - ok
    06:34:03.0024 3776 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
    06:34:03.0024 3776 TDTCP - ok
    06:34:04.0135 3776 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
    06:34:04.0176 3776 TermDD - ok
    06:34:06.0929 3776 TOSHIBASoftModem (bdf9ed967f81145ed058601b1c4d8fb7) C:\WINDOWS\system32\DRIVERS\LTSM.sys
    06:34:06.0950 3776 TOSHIBASoftModem - ok
    06:34:07.0791 3776 TosIde - ok
    06:34:08.0892 3776 tsdhd (f85667bb084499da23397892974c1bdc) C:\WINDOWS\system32\DRIVERS\tsdhd.sys
    06:34:08.0892 3776 tsdhd - ok
    06:34:10.0074 3776 TVALZ (9d8fcc6099d641d7c2bdc7f41193bec5) C:\WINDOWS\system32\DRIVERS\TVALZ.SYS
    06:34:10.0074 3776 TVALZ - ok
    06:34:11.0336 3776 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
    06:34:11.0346 3776 Udfs - ok
    06:34:12.0568 3776 ultra - ok
    06:34:14.0170 3776 Update (ced744117e91bdc0beb810f7d8608183) C:\WINDOWS\system32\DRIVERS\update.sys
    06:34:14.0390 3776 Update - ok
    06:34:15.0892 3776 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    06:34:15.0902 3776 usbccgp - ok
    06:34:16.0063 3776 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    06:34:16.0073 3776 usbehci - ok
    06:34:17.0194 3776 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    06:34:17.0204 3776 usbhub - ok
    06:34:18.0546 3776 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
    06:34:18.0546 3776 usbprint - ok
    06:34:20.0038 3776 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
    06:34:20.0068 3776 usbscan - ok
    06:34:21.0370 3776 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    06:34:21.0370 3776 USBSTOR - ok
    06:34:21.0500 3776 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    06:34:21.0500 3776 usbuhci - ok
    06:34:21.0540 3776 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
    06:34:21.0540 3776 VgaSave - ok
    06:34:21.0561 3776 ViaIde - ok
    06:34:21.0611 3776 VolSnap (d6ec4aff061665a10f0b1a9517d338e3) C:\WINDOWS\system32\drivers\VolSnap.sys
    06:34:21.0611 3776 VolSnap - ok
    06:34:21.0791 3776 w22n51 (4c009d4352849d79bf347846b6e03bfd) C:\WINDOWS\system32\DRIVERS\w22n51.sys
    06:34:21.0831 3776 w22n51 - ok
    06:34:22.0732 3776 w70n51 (3eccbb3689807787cd4c0fed20b1d0d8) C:\WINDOWS\system32\DRIVERS\w70n51.sys
    06:34:22.0812 3776 w70n51 - ok
    06:34:24.0405 3776 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    06:34:24.0405 3776 Wanarp - ok
    06:34:25.0847 3776 WDICA - ok
    06:34:29.0903 3776 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys
    06:34:29.0933 3776 wdmaud - ok
    06:34:31.0515 3776 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
    06:34:31.0555 3776 WpdUsb - ok
    06:34:33.0107 3776 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    06:34:33.0137 3776 WudfPf - ok
    06:34:35.0020 3776 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
    06:34:35.0050 3776 WudfRd - ok
    06:34:35.0120 3776 MBR (0x1B8) (671b81004fdd1588fa9ed1331c9ceca9) \Device\Harddisk0\DR0
    06:34:39.0336 3776 \Device\Harddisk0\DR0 - ok
    06:34:39.0436 3776 Boot (0x1200) (5b71510ec56fbb34801fdac58e35fb28) \Device\Harddisk0\DR0\Partition0
    06:34:39.0436 3776 \Device\Harddisk0\DR0\Partition0 - ok
    06:34:39.0436 3776 ============================================================
    06:34:39.0436 3776 Scan finished
    06:34:39.0436 3776 ============================================================
    06:34:39.0466 3768 Detected object count: 1
    06:34:39.0466 3768 Actual detected object count: 1
    06:37:34.0007 3768 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys - copied to quarantine
    06:37:40.0336 3768 Backup copy found, using it..
    06:37:40.0567 3768 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys - will be cured on reboot
    06:38:23.0669 3768 MRxSmb ( Virus.Win32.ZAccess.c ) - User select action: Cure
    06:38:36.0247 3328 Deinitialize success


    Output of aswMBR:

    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-03-14 06:47:49
    -----------------------------
    06:47:49.276 OS Version: Windows 5.1.2600 Service Pack 2
    06:47:49.276 Number of processors: 1 586 0x905
    06:47:49.276 ComputerName: TOSHIBA UserName: Paula
    06:47:50.527 Initialize success
    06:49:04.253 AVAST engine defs: 12031301
    06:49:29.520 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
    06:49:29.520 Disk 0 Vendor: IC25N060ATMR04-0 MO3OAD4A Size: 57231MB BusType: 3
    06:49:29.550 Disk 0 MBR read successfully
    06:49:29.550 Disk 0 MBR scan
    06:49:29.600 Disk 0 unknown MBR code
    06:49:29.600 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 57231 MB offset 63
    06:49:29.600 Disk 0 scanning sectors +117210240
    06:49:29.890 Disk 0 scanning C:\WINDOWS\system32\drivers
    06:49:39.424 File: C:\WINDOWS\system32\drivers\netbt.sys **INFECTED** Win32:Sirefef-PL [Rtk]
    06:49:45.222 Disk 0 trace - called modules:
    06:49:45.252 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xb412efc0]<<
    06:49:45.252 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89b49ab8]
    06:49:45.252 3 CLASSPNP.SYS[f765805b] -> nt!IofCallDriver -> [0x87605d20]
    06:49:45.573 \Driver\00005255[0x881b46c8] -> IRP_MJ_CREATE -> 0xb412efc0
    06:49:46.244 AVAST engine scan C:\WINDOWS
    06:50:12.862 AVAST engine scan C:\WINDOWS\system32
    06:53:22.495 AVAST engine scan C:\WINDOWS\system32\drivers
    06:53:33.310 File: C:\WINDOWS\system32\drivers\netbt.sys **INFECTED** Win32:Sirefef-PL [Rtk]
    06:53:36.335 File: C:\WINDOWS\system32\drivers\SAP\FD.exe **INFECTED** Win32:Trojan-gen
    06:53:43.565 AVAST engine scan C:\Documents and Settings\Paula
    06:57:58.942 File: C:\Documents and Settings\Paula\Datos de programa\Sun\Java\Deployment\cache\6.0\29\ae745dd-7adfab14 **INFECTED** Win32:Malware-gen
    06:57:59.653 File: C:\Documents and Settings\Paula\Datos de programa\Sun\Java\Deployment\cache\6.0\63\1bcc4a3f-2bb9248e **INFECTED** Win32:Karagany-EW [Trj]
    06:58:29.166 AVAST engine scan C:\Documents and Settings\All Users
    06:58:49.905 Scan finished successfully
    07:16:48.607 Disk 0 MBR has been saved successfully to "C:\Nueva carpeta\MBR.dat"
    07:16:48.617 The log file has been saved successfully to "C:\Nueva carpeta\aswMBR.txt"


    Output of boot_cleaner:

    Bootkit Remover
    (c) 2009 Esage Lab
    www.esagelab.com

    Program version: 1.2.0.1
    OS Version: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)

    System volume is \\.\C:
    \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00
    Boot sector MD5 is: 99ed1954602173ef14b43a708afaa354

    Size Device Name MBR Status
    --------------------------------------------
    55 GB \\.\PhysicalDrive0 Unknown boot code

    Unknown boot code has been found on some of your physical disks.
    To inspect the boot code manually, dump the master boot sector:
    remover.exe dump <device_name> [output_file]
    To disinfect the master boot sector, use the following command:
    remover.exe fix <device_name>


    Done;
    Press any key to quit...
  8. Broni

    Broni Malware Annihilator Posts: 46,474   +252

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
    There are 4 different versions. If one of them won't run then download and try to run the other one.
    Vista and Win7 users need to right click Rkill and choose Run as Administrator
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    * Rkill.com
    * Rkill.scr
    * Rkill.exe
    • Double-click on the Rkill icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.
    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
  9. juako

    juako Newcomer, in training Topic Starter Posts: 34

    Hello again.

    It did not work properly: I did the first way, following your instructions. Combofix created the recovery point properly, and ran for a while. Then it showed a message saying that it had detected a RootKit.ZeroAccess in the TCP/IP stack. I pressed ok, and everything hang: no activity in HD, nothing. Waited for a very long time (30m at least), but nothing, no HD activity. After I pressed some keys and tried to to something, a beep sounded and I could do anything else, the system has hang. Forced reset with power button.

    After restart, I did ran the program again. This time kept working for a while after the RootKit.ZeroAccess message, it showed another simple message" Rootkit Detected", pressed again ok, and the system hang the same way as before, same behaviour.

    After forced reboot, Windows decided to perform a chkdsk (I did not asked to the question on time and it started on its own before system initialization). The chkdsk command detected some wronw links in some files (ndis.sys or something like that being one of them) It fixed that, and system started. No network was available, and I could do nothing to came it back. The same with the mouse (keypad of the keyboard, since it is a laptop), but I managed to recover the mouse movements disabling mouse and enabling it again.

    Tryied again, but same result as the first one.

    Tryind doing it again from Safe Mod, but failed it in the same point as second trial.

    Now it does not connect to lan (nor lan neither wlan), and mouse cursor is again missing.

    I did not tryied RKill, since you said I had to do one of the two options, and as I understand, RKill permits ComboFix running. But my problems is that it runs, but a certain point, halts.

    I ran the Combofix as an administrator user, disabling the protectiong agains viruses (run as... option), and disabling anti-virus and any other protection tool.
    No log was obtained from ComboFix.

    What else can I do now? It´s being hard this rootkit nest.

    Thanks Broni for you help!
  10. Broni

    Broni Malware Annihilator Posts: 46,474   +252

    Please re-run TDSSKiller one more time.
  11. juako

    juako Newcomer, in training Topic Starter Posts: 34

    I re-ran again TDSSKiller, here is the output. After that I ran again the Combofix tool, with the same result, the system hang after a while (it also detected the same RootKit.ZeroAccess in the TCP/IP stack). Keypad does not work, neither the wireless connection or LAN connection.

    TDSSKiller output:

    07:31:44.0985 2508 TDSS rootkit removing tool 2.7.20.0 Mar 9 2012 17:10:43
    07:31:45.0385 2508 ============================================================
    07:31:45.0385 2508 Current date / time: 2012/03/16 07:31:45.0385
    07:31:45.0385 2508 SystemInfo:
    07:31:45.0385 2508
    07:31:45.0385 2508 OS Version: 5.1.2600 ServicePack: 2.0
    07:31:45.0385 2508 Product type: Workstation
    07:31:45.0385 2508 ComputerName: TOSHIBA
    07:31:45.0385 2508 UserName: Paula
    07:31:45.0385 2508 Windows directory: C:\WINDOWS
    07:31:45.0385 2508 System windows directory: C:\WINDOWS
    07:31:45.0385 2508 Processor architecture: Intel x86
    07:31:45.0395 2508 Number of processors: 1
    07:31:45.0395 2508 Page size: 0x1000
    07:31:45.0395 2508 Boot type: Normal boot
    07:31:45.0395 2508 ============================================================
    07:31:51.0073 2508 Drive \Device\Harddisk0\DR0 - Size: 0xDF8F90000 (55.89 Gb), SectorSize: 0x200, Cylinders: 0x1C80, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
    07:31:51.0073 2508 \Device\Harddisk0\DR0:
    07:31:51.0073 2508 MBR used
    07:31:51.0073 2508 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x6FC7C41
    07:31:51.0144 2508 Initialize success
    07:31:51.0144 2508 ============================================================
    07:33:36.0415 2748 ============================================================
    07:33:36.0415 2748 Scan started
    07:33:36.0415 2748 Mode: Manual;
    07:33:36.0415 2748 ============================================================
    07:33:39.0389 2748 Abiosdsk - ok
    07:33:39.0529 2748 abp480n5 - ok
    07:33:39.0599 2748 ACPI (33d1373ee875ce8b063777f7e77815b7) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    07:33:39.0599 2748 ACPI - ok
    07:33:39.0760 2748 ACPIEC (1c905333c0b9f3d7c68ddf25e54b00f9) C:\WINDOWS\system32\drivers\ACPIEC.sys
    07:33:39.0760 2748 ACPIEC - ok
    07:33:39.0780 2748 adpu160m - ok
    07:33:39.0860 2748 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
    07:33:39.0860 2748 aec - ok
    07:33:40.0080 2748 Afc (fe3ea6e9afc1a78e6edca121e006afb7) C:\WINDOWS\system32\drivers\Afc.sys
    07:33:40.0080 2748 Afc - ok
    07:33:40.0280 2748 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
    07:33:40.0280 2748 AFD - ok
    07:33:40.0451 2748 agp440 (2c428fa0c3e3a01ed93c9b2a27d8d4bb) C:\WINDOWS\system32\DRIVERS\agp440.sys
    07:33:40.0451 2748 agp440 - ok
    07:33:40.0471 2748 Aha154x - ok
    07:33:40.0491 2748 aic78u2 - ok
    07:33:40.0511 2748 aic78xx - ok
    07:33:40.0541 2748 AliIde - ok
    07:33:40.0561 2748 amsint - ok
    07:33:40.0641 2748 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
    07:33:40.0641 2748 Arp1394 - ok
    07:33:40.0821 2748 asc - ok
    07:33:40.0851 2748 asc3350p - ok
    07:33:40.0871 2748 asc3550 - ok
    07:33:41.0082 2748 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    07:33:41.0082 2748 AsyncMac - ok
    07:33:41.0282 2748 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
    07:33:41.0282 2748 atapi - ok
    07:33:41.0302 2748 Atdisk - ok
    07:33:41.0352 2748 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    07:33:41.0352 2748 Atmarpc - ok
    07:33:41.0402 2748 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    07:33:41.0402 2748 audstub - ok
    07:33:41.0632 2748 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    07:33:41.0632 2748 Beep - ok
    07:33:41.0963 2748 catchme - ok
    07:33:42.0403 2748 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    07:33:42.0403 2748 cbidf2k - ok
    07:33:42.0424 2748 cd20xrnt - ok
    07:33:42.0474 2748 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    07:33:42.0474 2748 Cdaudio - ok
    07:33:42.0514 2748 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
    07:33:42.0514 2748 Cdfs - ok
    07:33:42.0554 2748 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    07:33:42.0554 2748 Cdrom - ok
    07:33:42.0584 2748 Changer - ok
    07:33:42.0634 2748 CmBatt (4266be808f85826aedf3c64c1e240203) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
    07:33:42.0634 2748 CmBatt - ok
    07:33:42.0714 2748 CmdIde - ok
    07:33:43.0084 2748 Compbatt (df1b1a24bf52d0ebc01ed4ece8979f50) C:\WINDOWS\system32\DRIVERS\compbatt.sys
    07:33:43.0084 2748 Compbatt - ok
    07:33:43.0115 2748 Cpqarray - ok
    07:33:43.0145 2748 dac2w2k - ok
    07:33:43.0165 2748 dac960nt - ok
    07:33:43.0205 2748 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
    07:33:43.0205 2748 Disk - ok
    07:33:43.0335 2748 dmboot (9fb634a0ed429aa64de57c53dd10ccf9) C:\WINDOWS\system32\drivers\dmboot.sys
    07:33:43.0355 2748 dmboot - ok
    07:33:43.0775 2748 dmio (67decfaf3b6cdb34b3fa77d965281bb5) C:\WINDOWS\system32\drivers\dmio.sys
    07:33:43.0775 2748 dmio - ok
    07:33:43.0826 2748 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    07:33:43.0826 2748 dmload - ok
    07:33:43.0896 2748 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
    07:33:43.0906 2748 DMusic - ok
    07:33:43.0926 2748 dpti2o - ok
    07:33:43.0966 2748 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
    07:33:43.0966 2748 drmkaud - ok
    07:33:44.0026 2748 E100B (ac9cf17ee2ae003c98eb4f5336c38058) C:\WINDOWS\system32\DRIVERS\e100b325.sys
    07:33:44.0026 2748 E100B - ok
    07:33:45.0177 2748 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
    07:33:45.0187 2748 Fastfat - ok
    07:33:45.0228 2748 FD - ok
    07:33:45.0278 2748 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\drivers\Fdc.sys
    07:33:45.0288 2748 Fdc - ok
    07:33:45.0328 2748 Fips (6e9d149cfae2af4783f85dbd6cedf7a1) C:\WINDOWS\system32\drivers\Fips.sys
    07:33:45.0328 2748 Fips - ok
    07:33:45.0378 2748 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\drivers\Flpydisk.sys
    07:33:45.0378 2748 Flpydisk - ok
    07:33:45.0768 2748 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\drivers\fltmgr.sys
    07:33:45.0768 2748 FltMgr - ok
    07:33:45.0828 2748 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    07:33:45.0828 2748 Fs_Rec - ok
    07:33:45.0899 2748 Ftdisk (cc5f3af5711a1c7c8fa1d43bb16b401a) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    07:33:45.0899 2748 Ftdisk - ok
    07:33:45.0959 2748 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
    07:33:45.0959 2748 GEARAspiWDM - ok
    07:33:46.0409 2748 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    07:33:46.0409 2748 Gpc - ok
    07:33:46.0539 2748 gv3 (597a70495932e7930f3329f5beb451ac) C:\WINDOWS\system32\DRIVERS\gv3.sys
    07:33:46.0539 2748 gv3 - ok
    07:33:46.0600 2748 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
    07:33:46.0600 2748 HidUsb - ok
    07:33:46.0900 2748 HPFECP14 (c47353fd62daa7d13438d5448a6285b1) C:\WINDOWS\System32\drivers\HPFECP14.SYS
    07:33:46.0900 2748 HPFECP14 - ok
    07:33:47.0030 2748 hpn - ok
    07:33:47.0090 2748 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys
    07:33:47.0100 2748 HTTP - ok
    07:33:47.0160 2748 Huawei - ok
    07:33:47.0180 2748 hwdatacard - ok
    07:33:47.0210 2748 i2omgmt - ok
    07:33:47.0230 2748 i2omp - ok
    07:33:47.0291 2748 i8042prt (b4504a6b6934c45cf89b963d1008bb0a) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    07:33:47.0291 2748 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\i8042prt.sys. Real md5: b4504a6b6934c45cf89b963d1008bb0a, Fake md5: 0cab3ee361cfeab260b3906c8b6fb2be
    07:33:47.0301 2748 i8042prt ( Virus.Win32.ZAccess.c ) - infected
    07:33:47.0301 2748 i8042prt - detected Virus.Win32.ZAccess.c (0)
    07:33:47.0631 2748 imagedrv (0a7c49b48c772591a2d362daa00246c8) C:\WINDOWS\system32\Drivers\imagedrv.sys
    07:33:47.0631 2748 imagedrv - ok
    07:33:47.0761 2748 imagesrv (549ba4f539e7b8d8129500b96dd7b27a) C:\WINDOWS\system32\DRIVERS\imagesrv.sys
    07:33:47.0761 2748 imagesrv - ok
    07:33:47.0831 2748 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
    07:33:47.0831 2748 Imapi - ok
    07:33:47.0881 2748 ini910u - ok
    07:33:47.0931 2748 IntelIde (161b54c8200663ada2c145d87e8d4340) C:\WINDOWS\system32\DRIVERS\intelide.sys
    07:33:47.0941 2748 IntelIde - ok
    07:33:47.0982 2748 intelppm (98bbc0e8efa90fff1ec9456ee7b0b1f1) C:\WINDOWS\system32\DRIVERS\intelppm.sys
    07:33:47.0982 2748 intelppm - ok
    07:33:48.0442 2748 ip6fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\drivers\ip6fw.sys
    07:33:48.0442 2748 ip6fw - ok
    07:33:48.0482 2748 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    07:33:48.0482 2748 IpFilterDriver - ok
    07:33:48.0562 2748 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    07:33:48.0562 2748 IpInIp - ok
    07:33:48.0642 2748 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    07:33:48.0652 2748 IpNat - ok
    07:33:48.0863 2748 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    07:33:48.0863 2748 IPSec - ok
    07:33:49.0133 2748 irda (86c204836feec22510d434982d4221b8) C:\WINDOWS\system32\DRIVERS\irda.sys
    07:33:49.0143 2748 irda - ok
    07:33:49.0223 2748 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
    07:33:49.0223 2748 IRENUM - ok
    07:33:49.0283 2748 isapnp (90bc6118193b4e8a76f0fc0d4a3572de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    07:33:49.0283 2748 isapnp - ok
    07:33:49.0494 2748 Kbdclass (71bfdda7b3006b45b18d8bac92bc9993) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    07:33:49.0494 2748 Kbdclass - ok
    07:33:49.0754 2748 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys
    07:33:49.0754 2748 kmixer - ok
    07:33:49.0854 2748 KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys
    07:33:49.0854 2748 KSecDD - ok
    07:33:49.0944 2748 lbrtfdc - ok
    07:33:49.0974 2748 MDC8021X - ok
    07:33:50.0034 2748 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    07:33:50.0034 2748 mnmdd - ok
    07:33:50.0495 2748 Modem (b65f57d37e8d43089b701ed16e22d0e9) C:\WINDOWS\system32\drivers\Modem.sys
    07:33:50.0495 2748 Modem - ok
    07:33:50.0565 2748 Mouclass (05e9c75c6797145a4983e9d0a4778bc3) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    07:33:50.0565 2748 Mouclass - ok
    07:33:50.0665 2748 mouhid (8ee532e516b2d23d686cfc1cc0a15c25) C:\WINDOWS\system32\DRIVERS\mouhid.sys
    07:33:50.0665 2748 mouhid - ok
    07:33:50.0926 2748 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
    07:33:50.0926 2748 MountMgr - ok
    07:33:51.0046 2748 mraid35x - ok
    07:33:51.0106 2748 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    07:33:51.0106 2748 MRxDAV - ok
    07:33:51.0226 2748 MRxSmb (a2c21446c741fde74afb3efc779b9d25) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    07:33:51.0236 2748 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\mrxsmb.sys. Real md5: a2c21446c741fde74afb3efc779b9d25, Fake md5: 9e18e8b1a68c3f5e7098d0e6356648c1
    07:33:51.0236 2748 MRxSmb ( Virus.Win32.ZAccess.c ) - infected
    07:33:51.0236 2748 MRxSmb - detected Virus.Win32.ZAccess.c (0)
    07:33:51.0667 2748 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
    07:33:51.0667 2748 Msfs - ok
    07:33:51.0707 2748 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    07:33:51.0707 2748 MSKSSRV - ok
    07:33:51.0727 2748 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    07:33:51.0727 2748 MSPCLOCK - ok
    07:33:51.0757 2748 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
    07:33:51.0757 2748 MSPQM - ok
    07:33:51.0877 2748 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    07:33:51.0877 2748 mssmbios - ok
    07:33:51.0927 2748 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
    07:33:51.0927 2748 Mup - ok
    07:33:51.0967 2748 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
    07:33:51.0977 2748 NDIS - ok
    07:33:52.0388 2748 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    07:33:52.0388 2748 NdisTapi - ok
    07:33:52.0438 2748 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    07:33:52.0438 2748 Ndisuio - ok
    07:33:52.0518 2748 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    07:33:52.0528 2748 NdisWan - ok
    07:33:52.0548 2748 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
    07:33:52.0548 2748 NDProxy - ok
    07:33:52.0578 2748 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
    07:33:52.0578 2748 NetBIOS - ok
    07:33:52.0648 2748 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
    07:33:52.0648 2748 NetBT - ok
    07:33:53.0109 2748 Netdevio (1265eb253ed4ebe4acb3bd5f548ff796) C:\WINDOWS\system32\DRIVERS\netdevio.sys
    07:33:53.0109 2748 Netdevio - ok
    07:33:53.0209 2748 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys
    07:33:53.0209 2748 NIC1394 - ok
    07:33:53.0289 2748 NPF (b9730495e0cf674680121e34bd95a73b) C:\WINDOWS\system32\drivers\NPF.sys
    07:33:53.0289 2748 NPF - ok
    07:33:53.0329 2748 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
    07:33:53.0329 2748 Npfs - ok
    07:33:53.0399 2748 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys
    07:33:53.0409 2748 Ntfs - ok
    07:33:53.0840 2748 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    07:33:53.0840 2748 Null - ok
    07:33:53.0980 2748 nv (15859bf8d0b2301d91796823fd62f4bc) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
    07:33:53.0990 2748 nv - ok
    07:33:54.0721 2748 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    07:33:54.0721 2748 NwlnkFlt - ok
    07:33:55.0202 2748 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    07:33:55.0202 2748 NwlnkFwd - ok
    07:33:55.0282 2748 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
    07:33:55.0282 2748 ohci1394 - ok
    07:33:55.0412 2748 Parport (0df0b83c90473ccfdc3dc882cbb6e4a9) C:\WINDOWS\system32\DRIVERS\parport.sys
    07:33:55.0412 2748 Parport - ok
    07:33:55.0472 2748 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
    07:33:55.0472 2748 PartMgr - ok
    07:33:55.0592 2748 ParVdm (fad44d704ecd7d39ad01415b8bb34204) C:\WINDOWS\system32\drivers\ParVdm.sys
    07:33:55.0592 2748 ParVdm - ok
    07:33:55.0923 2748 PCI (a566b8da5e70b3237274d418853a87e0) C:\WINDOWS\system32\DRIVERS\pci.sys
    07:33:55.0923 2748 PCI - ok
    07:33:56.0003 2748 PCIDump - ok
    07:33:56.0063 2748 PCIIde (33d63f0a9021acb4d75d83b646b93a30) C:\WINDOWS\system32\DRIVERS\pciide.sys
    07:33:56.0063 2748 PCIIde - ok
    07:33:56.0083 2748 pciSd - ok
    07:33:56.0153 2748 Pcmcia (6374a34b03aea7971c976982a391ad07) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
    07:33:56.0153 2748 Pcmcia - ok
    07:33:56.0233 2748 PDCOMP - ok
    07:33:56.0263 2748 PDFRAME - ok
    07:33:56.0283 2748 PDRELI - ok
    07:33:56.0303 2748 PDRFRAME - ok
    07:33:56.0324 2748 perc2 - ok
    07:33:56.0344 2748 perc2hib - ok
    07:33:56.0404 2748 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    07:33:56.0414 2748 PptpMiniport - ok
    07:33:56.0684 2748 Processor (8526ecbc5e6abc0404c3d3d0733f2c00) C:\WINDOWS\system32\DRIVERS\processr.sys
    07:33:56.0684 2748 Processor - ok
    07:33:56.0734 2748 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
    07:33:56.0734 2748 PSched - ok
    07:33:56.0824 2748 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    07:33:56.0824 2748 Ptilink - ok
    07:33:56.0844 2748 ql1080 - ok
    07:33:56.0864 2748 Ql10wnt - ok
    07:33:56.0884 2748 ql12160 - ok
    07:33:56.0914 2748 ql1240 - ok
    07:33:56.0934 2748 ql1280 - ok
    07:33:56.0974 2748 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    07:33:56.0974 2748 RasAcd - ok
    07:33:57.0014 2748 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
    07:33:57.0014 2748 Rasirda - ok
    07:33:57.0525 2748 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    07:33:57.0525 2748 Rasl2tp - ok
    07:33:57.0615 2748 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    07:33:57.0615 2748 RasPppoe - ok
    07:33:57.0665 2748 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    07:33:57.0665 2748 Raspti - ok
    07:33:57.0716 2748 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    07:33:57.0716 2748 Rdbss - ok
    07:33:58.0066 2748 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    07:33:58.0066 2748 RDPCDD - ok
    07:33:58.0216 2748 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
    07:33:58.0226 2748 RDPWD - ok
    07:33:58.0316 2748 redbook (28531a950381da67fc6412dfebcc8c5c) C:\WINDOWS\system32\DRIVERS\redbook.sys
    07:33:58.0316 2748 redbook - ok
    07:33:58.0447 2748 RTL8192cu (5b3a5bc13614fffa1be65d434688ed3f) C:\WINDOWS\system32\DRIVERS\RTL8192cu.sys
    07:33:58.0467 2748 RTL8192cu - ok
    07:33:58.0847 2748 s24trans - ok
    07:33:58.0917 2748 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    07:33:58.0917 2748 Secdrv - ok
    07:33:59.0027 2748 Serial (fa9c4c4ac544301fa13c5c00a270399f) C:\WINDOWS\system32\drivers\Serial.sys
    07:33:59.0027 2748 Serial - ok
    07:33:59.0077 2748 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
    07:33:59.0077 2748 Sfloppy - ok
    07:33:59.0108 2748 Simbad - ok
    07:33:59.0168 2748 SMCIRDA (9951b523fe6820f29ef010680cb692d2) C:\WINDOWS\system32\DRIVERS\smcirda.sys
    07:33:59.0168 2748 SMCIRDA - ok
    07:33:59.0188 2748 Sparrow - ok
    07:33:59.0238 2748 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys
    07:33:59.0238 2748 splitter - ok
    07:33:59.0708 2748 sr (3c151d50cf3ae1683c6e3ec201b2ad3d) C:\WINDOWS\system32\DRIVERS\sr.sys
    07:33:59.0718 2748 sr - ok
    07:33:59.0798 2748 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
    07:33:59.0809 2748 Srv - ok
    07:33:59.0879 2748 STAC97 (a48dc73c8a26dc53d9480a108c3342b5) C:\WINDOWS\system32\drivers\stac97.sys
    07:33:59.0879 2748 STAC97 - ok
    07:34:00.0339 2748 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
    07:34:00.0339 2748 swenum - ok
    07:34:00.0429 2748 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
    07:34:00.0429 2748 swmidi - ok
    07:34:00.0489 2748 symc810 - ok
    07:34:00.0510 2748 symc8xx - ok
    07:34:00.0530 2748 sym_hi - ok
    07:34:00.0550 2748 sym_u3 - ok
    07:34:00.0570 2748 SynTP - ok
    07:34:00.0620 2748 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
    07:34:00.0620 2748 sysaudio - ok
    07:34:00.0720 2748 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    07:34:00.0720 2748 Tcpip - ok
    07:34:01.0130 2748 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
    07:34:01.0130 2748 TDPIPE - ok
    07:34:01.0201 2748 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
    07:34:01.0201 2748 TDTCP - ok
    07:34:01.0231 2748 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
    07:34:01.0231 2748 TermDD - ok
    07:34:01.0451 2748 TOSHIBASoftModem (bdf9ed967f81145ed058601b1c4d8fb7) C:\WINDOWS\system32\DRIVERS\LTSM.sys
    07:34:01.0461 2748 TOSHIBASoftModem - ok
    07:34:01.0841 2748 TosIde - ok
    07:34:01.0902 2748 tsdhd (f85667bb084499da23397892974c1bdc) C:\WINDOWS\system32\DRIVERS\tsdhd.sys
    07:34:01.0902 2748 tsdhd - ok
    07:34:01.0982 2748 TVALZ (9d8fcc6099d641d7c2bdc7f41193bec5) C:\WINDOWS\system32\DRIVERS\TVALZ.SYS
    07:34:01.0982 2748 TVALZ - ok
    07:34:02.0032 2748 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
    07:34:02.0042 2748 Udfs - ok
    07:34:02.0052 2748 ultra - ok
    07:34:02.0122 2748 Update (ced744117e91bdc0beb810f7d8608183) C:\WINDOWS\system32\DRIVERS\update.sys
    07:34:02.0132 2748 Update - ok
    07:34:02.0583 2748 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    07:34:02.0583 2748 usbccgp - ok
    07:34:02.0633 2748 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    07:34:02.0633 2748 usbehci - ok
    07:34:02.0703 2748 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    07:34:02.0703 2748 usbhub - ok
    07:34:02.0733 2748 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
    07:34:02.0733 2748 usbprint - ok
    07:34:02.0793 2748 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
    07:34:02.0793 2748 usbscan - ok
    07:34:03.0414 2748 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    07:34:03.0414 2748 USBSTOR - ok
    07:34:03.0474 2748 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    07:34:03.0474 2748 usbuhci - ok
    07:34:03.0524 2748 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
    07:34:03.0524 2748 VgaSave - ok
    07:34:03.0604 2748 ViaIde - ok
    07:34:03.0744 2748 VolSnap (d6ec4aff061665a10f0b1a9517d338e3) C:\WINDOWS\system32\drivers\VolSnap.sys
    07:34:03.0744 2748 VolSnap - ok
    07:34:03.0995 2748 w22n51 (4c009d4352849d79bf347846b6e03bfd) C:\WINDOWS\system32\DRIVERS\w22n51.sys
    07:34:04.0025 2748 w22n51 - ok
    07:34:04.0265 2748 w70n51 (3eccbb3689807787cd4c0fed20b1d0d8) C:\WINDOWS\system32\DRIVERS\w70n51.sys
    07:34:04.0285 2748 w70n51 - ok
    07:34:04.0625 2748 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    07:34:04.0625 2748 Wanarp - ok
    07:34:04.0686 2748 WDICA - ok
    07:34:04.0746 2748 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys
    07:34:04.0746 2748 wdmaud - ok
    07:34:04.0926 2748 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
    07:34:04.0926 2748 WpdUsb - ok
    07:34:04.0996 2748 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
    07:34:04.0996 2748 WS2IFSL - ok
    07:34:05.0306 2748 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    07:34:05.0316 2748 WudfPf - ok
    07:34:05.0417 2748 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
    07:34:05.0417 2748 WudfRd - ok
    07:34:05.0497 2748 MBR (0x1B8) (671b81004fdd1588fa9ed1331c9ceca9) \Device\Harddisk0\DR0
    07:34:05.0617 2748 \Device\Harddisk0\DR0 - ok
    07:34:05.0627 2748 Boot (0x1200) (5b71510ec56fbb34801fdac58e35fb28) \Device\Harddisk0\DR0\Partition0
    07:34:05.0627 2748 \Device\Harddisk0\DR0\Partition0 - ok
    07:34:05.0637 2748 ============================================================
    07:34:05.0637 2748 Scan finished
    07:34:05.0637 2748 ============================================================
    07:34:05.0657 2740 Detected object count: 2
    07:34:05.0657 2740 Actual detected object count: 2
    07:34:16.0072 2740 C:\WINDOWS\system32\DRIVERS\i8042prt.sys - copied to quarantine
    07:34:16.0322 2740 Backup copy found, using it..
    07:34:16.0322 2740 C:\WINDOWS\system32\DRIVERS\i8042prt.sys - will be cured on reboot
    07:34:22.0141 2740 i8042prt ( Virus.Win32.ZAccess.c ) - User select action: Cure
    07:34:22.0491 2740 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys - copied to quarantine
    07:34:22.0661 2740 Backup copy found, using it..
    07:34:22.0671 2740 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys - will be cured on reboot
    07:34:29.0291 2740 MRxSmb ( Virus.Win32.ZAccess.c ) - User select action: Cure
    07:34:39.0225 2500 Deinitialize success
     
  12. Broni

    Broni Malware Annihilator Posts: 46,474   +252

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\tasks\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    netbt.sys
    i8042prt.sys
    mrxsmb.sys
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
  13. juako

    juako Newcomer, in training Topic Starter Posts: 34

    Ok, there it is:

    OTL.txt

    OTL logfile created on: 20/03/2012 23:14:20 - Run 1
    OTL by OldTimer - Version 3.2.39.1 Folder = C:\Nueva carpeta
    Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000C0A | Country: España | Language: ESN | Date Format: dd/MM/yyyy

    2,00 Gb Total Physical Memory | 1,59 Gb Available Physical Memory | 79,66% Memory free
    2,60 Gb Paging File | 2,38 Gb Available in Paging File | 91,35% Paging File free
    Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Archivos de programa
    Drive C: | 55,89 Gb Total Space | 19,67 Gb Free Space | 35,19% Space Free | Partition Type: NTFS
    Drive E: | 1,83 Gb Total Space | 1,83 Gb Free Space | 100,00% Space Free | Partition Type: FAT

    Computer Name: TOSHIBA | User Name: Paula | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/03/20 23:00:28 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Nueva carpeta\OTL.exe
    PRC - [2011/10/23 01:15:52 | 000,086,016 | ---- | M] (alch) -- C:\Archivos de programa\ClamWin\bin\ClamTray.exe
    PRC - [2011/05/25 13:06:20 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Archivos de programa\Spybot - Search & Destroy\TeaTimer.exe
    PRC - [2009/02/25 20:02:54 | 000,072,704 | ---- | M] (Autodesk) -- C:\Archivos de programa\Archivos comunes\Autodesk Shared\Service\AdskScSrv.exe
    PRC - [2007/06/13 14:22:28 | 001,035,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2006/09/29 12:48:06 | 000,065,536 | ---- | M] () -- C:\Archivos de programa\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
    PRC - [2003/12/16 16:41:40 | 000,122,880 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\RegSrvc.exe
    PRC - [2003/12/02 17:05:54 | 000,028,672 | ---- | M] (TOSHIBA CORPORATION) -- C:\Archivos de programa\Toshiba\ConfigFree\CFSvcs.exe
    PRC - [2003/10/02 13:09:36 | 000,266,240 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSMain.exe
    PRC - [2003/10/02 13:09:22 | 000,040,960 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSBattM.exe
    PRC - [2003/09/15 15:33:22 | 000,065,536 | ---- | M] (TOSHIBA) -- C:\Archivos de programa\Toshiba\TOSCDSPD\TOSCDSPD.exe
    PRC - [2001/04/06 23:24:54 | 000,032,256 | ---- | M] (C-Dilla Ltd) -- C:\WINDOWS\system32\drivers\CDANTSRV.EXE


    ========== Modules (No Company Name) ==========

    MOD - [2009/02/27 18:35:50 | 000,311,296 | ---- | M] () -- C:\Archivos de programa\Archivos comunes\Adobe\Acrobat\ActiveX\pdfshell.ESP
    MOD - [2008/06/20 18:41:07 | 000,248,320 | ---- | M] () -- \\?\globalroot\systemroot\system32\mswsock.dll
    MOD - [2008/06/20 18:41:07 | 000,248,320 | ---- | M] () -- \\.\globalroot\systemroot\system32\mswsock.dll
    MOD - [2008/04/19 17:35:02 | 000,081,920 | ---- | M] () -- C:\Archivos de programa\ClamWin\bin\ExpShell.dll
    MOD - [2006/09/29 12:48:06 | 000,065,536 | ---- | M] () -- C:\Archivos de programa\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
    MOD - [2005/02/08 17:23:10 | 000,979,005 | ---- | M] () -- C:\Archivos de programa\ClamWin\bin\python23.dll
    MOD - [2004/11/20 03:27:54 | 000,106,496 | ---- | M] () -- C:\Archivos de programa\ClamWin\lib\shell.pyd
    MOD - [2004/11/20 03:27:54 | 000,086,016 | ---- | M] () -- C:\Archivos de programa\ClamWin\lib\win32gui.pyd
    MOD - [2004/11/20 03:27:54 | 000,077,824 | ---- | M] () -- C:\Archivos de programa\ClamWin\lib\win32file.pyd
    MOD - [2004/11/20 03:27:54 | 000,069,632 | ---- | M] () -- C:\Archivos de programa\ClamWin\lib\win32api.pyd
    MOD - [2004/11/20 03:27:54 | 000,065,536 | ---- | M] () -- C:\Archivos de programa\ClamWin\lib\win32security.pyd
    MOD - [2004/11/20 03:27:54 | 000,036,864 | ---- | M] () -- C:\Archivos de programa\ClamWin\lib\win32process.pyd
    MOD - [2004/11/20 03:27:54 | 000,024,576 | ---- | M] () -- C:\Archivos de programa\ClamWin\lib\win32pipe.pyd
    MOD - [2004/11/20 03:27:54 | 000,024,576 | ---- | M] () -- C:\Archivos de programa\ClamWin\lib\win32event.pyd
    MOD - [2004/10/11 20:22:18 | 000,315,392 | ---- | M] () -- C:\Archivos de programa\ClamWin\lib\pythoncom23.dll
    MOD - [2004/10/11 20:21:26 | 000,094,208 | ---- | M] () -- C:\Archivos de programa\ClamWin\lib\pywintypes23.dll
    MOD - [2004/05/25 21:20:30 | 000,036,864 | ---- | M] () -- C:\Archivos de programa\ClamWin\lib\_winreg.pyd
    MOD - [2004/05/25 21:19:32 | 000,045,117 | ---- | M] () -- C:\Archivos de programa\ClamWin\lib\datetime.pyd
    MOD - [2004/05/25 21:18:42 | 000,495,616 | ---- | M] () -- C:\Archivos de programa\ClamWin\lib\_ssl.pyd
    MOD - [2004/05/25 21:18:28 | 000,057,401 | ---- | M] () -- C:\Archivos de programa\ClamWin\lib\_sre.pyd
    MOD - [2004/05/25 21:18:20 | 000,049,212 | ---- | M] () -- C:\Archivos de programa\ClamWin\lib\_socket.pyd
    MOD - [2004/05/25 21:17:14 | 000,622,651 | ---- | M] () -- C:\Archivos de programa\ClamWin\lib\_bsddb.pyd
    MOD - [2004/01/15 14:45:22 | 000,061,440 | ---- | M] () -- C:\Archivos de programa\ClamWin\lib\_ctypes.pyd
    MOD - [2003/10/01 13:40:00 | 002,240,512 | ---- | M] () -- C:\Archivos de programa\ClamWin\lib\wxc.pyd
    MOD - [2003/10/01 11:43:02 | 003,239,936 | ---- | M] () -- C:\Archivos de programa\ClamWin\lib\wxmsw24h.dll
    MOD - [2003/08/10 09:14:40 | 000,061,440 | ---- | M] () -- C:\Archivos de programa\ClamWin\lib\mxDateTime.pyd
    MOD - [2003/05/15 14:43:24 | 000,119,808 | ---- | M] () -- C:\Archivos de programa\WinRAR\RarExt.dll
    MOD - [1998/09/25 09:56:00 | 000,033,384 | ---- | M] () -- C:\WINDOWS\system32\HPFiop14.dll
    MOD - [1998/09/25 09:55:42 | 000,137,232 | ---- | M] () -- C:\WINDOWS\system32\HPFmlc14.dll
    MOD - [1998/09/25 09:55:36 | 000,057,240 | ---- | M] () -- C:\WINDOWS\system32\HPFmem14.dll
    MOD - [1998/09/25 09:55:30 | 000,048,292 | ---- | M] () -- C:\WINDOWS\system32\HPFlpm14.dll
    MOD - [1998/09/25 09:55:20 | 000,072,368 | ---- | M] () -- C:\WINDOWS\system32\HPFcom14.dll


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ql10wnt.dll -- (oraclesnmppeerencapsulator)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\symidsco.dll -- (dwusbdnt)
    SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
    SRV - [2011/05/25 13:06:20 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
    SRV - [2009/02/25 20:02:54 | 000,072,704 | ---- | M] (Autodesk) [Auto | Running] -- C:\Archivos de programa\Archivos comunes\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
    SRV - [2006/09/29 12:48:06 | 000,065,536 | ---- | M] () [Auto | Running] -- C:\Archivos de programa\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe -- (mi-raysat_3dsmax9_32) mental ray 3.5 Satellite (32-bit)
    SRV - [2004/08/19 23:43:11 | 000,005,632 | ---- | M] (Oak Technology Inc.) [Auto | Running] -- C:\WINDOWS\system32\vgasave.dll -- (btwdins)
    SRV - [2004/08/11 00:46:56 | 000,483,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Archivos de programa\Windows Media Connect\mswmccds.exe -- (WmcCds) Windows Media Connect (WMC)
    SRV - [2004/08/10 21:50:42 | 000,028,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Archivos de programa\Windows Media Connect\mswmcls.exe -- (WmcCdsLs) Aplicación auxiliar de Windows Media Connect (WMC)
    SRV - [2003/12/16 16:42:32 | 000,311,363 | ---- | M] (Intel Corporation ) [Auto | Stopped] -- C:\WINDOWS\system32\S24EvMon.exe -- (S24EventMonitor)
    SRV - [2003/12/16 16:41:40 | 000,122,880 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\WINDOWS\system32\RegSrvc.exe -- (RegSrvc)
    SRV - [2003/12/02 17:05:54 | 000,028,672 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Archivos de programa\Toshiba\ConfigFree\CFSvcs.exe -- (CFSvcs)
    SRV - [2003/07/28 20:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Archivos de programa\Archivos comunes\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
    SRV - [2001/04/06 23:24:54 | 000,032,256 | ---- | M] (C-Dilla Ltd) [Auto | Running] -- C:\WINDOWS\system32\drivers\CDANTSRV.EXE -- (C-DillaSrv)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
    DRV - File not found [Kernel | On_Demand | Stopped] -- System32\DRIVERS\SynTP.sys -- (SynTP)
    DRV - File not found [Kernel | Auto | Stopped] -- System32\DRIVERS\s24trans.sys -- (s24trans)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
    DRV - File not found [Kernel | On_Demand | Stopped] -- System32\DRIVERS\tossdpci.sys -- (pciSd)
    DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
    DRV - File not found [Kernel | Auto | Stopped] -- System32\DRIVERS\mdc8021x.sys -- (MDC8021X) AEGIS Protocol (IEEE 802.1x)
    DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
    DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbmdm.sys -- (hwdatacard)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewdcsc.sys -- (Huawei)
    DRV - File not found [Kernel | System | Stopped] -- -- (FD)
    DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Paula\CONFIG~1\Temp\catchme.sys -- (catchme)
    DRV - [2012/03/05 08:59:02 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF) WinPcap Packet Driver (NPF)
    DRV - [2011/02/11 01:34:28 | 000,987,904 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8192cu.sys -- (RTL8192cu)
    DRV - [2006/11/10 14:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
    DRV - [2004/03/02 17:37:50 | 000,125,184 | ---- | M] (Ahead Software AG) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\imagesrv.sys -- (imagesrv)
    DRV - [2004/03/02 17:37:48 | 000,005,504 | ---- | M] (Ahead Software AG) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\imagedrv.sys -- (imagedrv)
    DRV - [2004/01/02 02:52:34 | 001,646,720 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w22n51.sys -- (w22n51) Controlador Intel(R)
    DRV - [2003/12/05 02:50:28 | 000,979,840 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w70n51.sys -- (w70n51) Controlador Intel(R)
    DRV - [2003/08/07 14:52:00 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\TVALZ.SYS -- (TVALZ)
    DRV - [2003/07/17 17:19:32 | 000,230,416 | R--- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\stac97.sys -- (STAC97) Audio Driver (WDM)
    DRV - [2003/05/14 16:38:32 | 000,025,888 | R--- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tsdhd.sys -- (tsdhd)
    DRV - [2003/01/29 14:35:00 | 000,012,032 | ---- | M] (TOSHIBA Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Netdevio.sys -- (Netdevio)
    DRV - [2002/11/20 13:53:14 | 000,033,664 | R--- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gv3.sys -- (gv3)
    DRV - [2002/09/17 15:12:38 | 000,809,872 | R--- | M] (LT) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LTSM.sys -- (TOSHIBASoftModem)
    DRV - [2001/09/11 10:54:32 | 000,038,425 | R--- | M] (SMC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)
    DRV - [1998/09/25 09:54:28 | 000,052,800 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HPFecp14.sys -- (HPFECP14)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
    IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
    IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7


    IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKU\.DEFAULT\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
    IE - HKU\.DEFAULT\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKU\S-1-5-18\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
    IE - HKU\S-1-5-18\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-21-3417961138-2405943823-3877995022-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
    IE - HKU\S-1-5-21-3417961138-2405943823-3877995022-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
    IE - HKU\S-1-5-21-3417961138-2405943823-3877995022-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.es/
    IE - HKU\S-1-5-21-3417961138-2405943823-3877995022-1006\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
    IE - HKU\S-1-5-21-3417961138-2405943823-3877995022-1006\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKU\S-1-5-21-3417961138-2405943823-3877995022-1006\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GPEA_esES339
    IE - HKU\S-1-5-21-3417961138-2405943823-3877995022-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-3417961138-2405943823-3877995022-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


    ========== FireFox ==========

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Archivos de programa\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Archivos de programa\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Archivos de programa\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Archivos de programa\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Archivos de programa\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Archivos de programa\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Archivos de programa\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)



    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Archivos de programa\Google\Chrome\Application\16.0.912.75\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Archivos de programa\Google\Chrome\Application\16.0.912.75\pdf.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Archivos de programa\Google\Chrome\Application\16.0.912.75\gcswf32.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Archivos de programa\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Java Deployment Toolkit 6.0.200.2 (Enabled) = C:\Archivos de programa\Java\jre6\bin\new_plugin\npdeployJava1.dll
    CHR - plugin: Java(TM) Platform SE 6 U20 (Enabled) = C:\Archivos de programa\Java\jre6\bin\new_plugin\npjp2.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Archivos de programa\QuickTime\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Archivos de programa\QuickTime\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Archivos de programa\QuickTime\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Archivos de programa\QuickTime\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Archivos de programa\QuickTime\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Archivos de programa\QuickTime\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Archivos de programa\QuickTime\plugins\npqtplugin7.dll
    CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Archivos de programa\Windows Media Player\npdrmv2.dll
    CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Archivos de programa\Windows Media Player\npwmsdrm.dll
    CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Archivos de programa\Windows Media Player\npdsplay.dll
    CHR - plugin: Google Updater (Enabled) = C:\Archivos de programa\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
    CHR - plugin: Google Update (Enabled) = C:\Archivos de programa\Google\Update\1.3.21.79\npGoogleUpdate3.dll
    CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Archivos de programa\Viewpoint\Viewpoint Media Player\npViewpoint.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Archivos de programa\iTunes\Mozilla Plugins\npitunes.dll
    CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
    CHR - plugin: Default Plug-in (Enabled) = default_plugin

    O1 HOSTS File: ([2012/03/05 09:00:00 | 000,000,761 | RHS- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O2 - BHO: (Aplicación auxiliar de vínculos de Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Archivos comunes\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Archivos de programa\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Archivos de programa\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
    O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Archivos de programa\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
    O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Archivos de programa\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
    O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Archivos de programa\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKU\S-1-5-21-3417961138-2405943823-3877995022-1006\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    O3 - HKU\S-1-5-21-3417961138-2405943823-3877995022-1006\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKU\S-1-5-21-3417961138-2405943823-3877995022-1006\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Archivos de programa\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
    O3 - HKU\S-1-5-21-3417961138-2405943823-3877995022-1006\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Archivos de programa\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
    O4 - HKLM..\Run: [ClamWin] C:\Archivos de programa\ClamWin\bin\ClamTray.exe (alch)
    O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [nwiz] nwiziiiiiiiiiiiii.exe /installquiet File not found
    O4 - HKLM..\Run: [PRONoMgr.exe] c:\Archivos de programa\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe (Intel(R) Corporation)
    O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Archivos de programa\Java\jre6\bin\jusched.exe" File not found
    O4 - HKLM..\Run: [SynTPLpr] C:\Archivos de programa\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
    O4 - HKLM..\Run: [TFncKy] TFncKyiiiiii.exe File not found
    O4 - HKLM..\Run: [TFNF5] TFNF5iiiiiiiiii.exe File not found
    O4 - HKLM..\Run: [TouchED] C:\Archivos de programa\TOSHIBA\TouchED\TouchEDiiiiiii.Exe File not found
    O4 - HKLM..\Run: [TPSMain] C:\WINDOWS\System32\TPSMain.exe (TOSHIBA Corporation)
    O4 - HKU\S-1-5-21-3417961138-2405943823-3877995022-1006..\Run: [SpybotSD TeaTimer] C:\Archivos de programa\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
    O4 - HKU\S-1-5-21-3417961138-2405943823-3877995022-1006..\Run: [TOSCDSPD] C:\Archivos de programa\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
    O4 - HKU\.DEFAULT..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil11e_ActiveX.exe (Adobe Systems, Inc.)
    O4 - HKU\S-1-5-18..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil11e_ActiveX.exe (Adobe Systems, Inc.)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-3417961138-2405943823-3877995022-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-21-3417961138-2405943823-3877995022-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Archivos de programa\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Archivos de programa\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Archivos de programa\Bonjour\mdnsNSP.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Archivos de programa\Bonjour\mdnsNSP.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Archivos de programa\Bonjour\mdnsNSP.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Archivos de programa\Bonjour\mdnsNSP.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Archivos de programa\Bonjour\mdnsNSP.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Archivos de programa\Bonjour\mdnsNSP.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Archivos de programa\Bonjour\mdnsNSP.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Archivos de programa\Bonjour\mdnsNSP.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Archivos de programa\Bonjour\mdnsNSP.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Archivos de programa\Bonjour\mdnsNSP.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Archivos de programa\Bonjour\mdnsNSP.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Archivos de programa\Bonjour\mdnsNSP.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Archivos de programa\Bonjour\mdnsNSP.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Archivos de programa\Bonjour\mdnsNSP.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Archivos de programa\Bonjour\mdnsNSP.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Archivos de programa\Bonjour\mdnsNSP.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Archivos de programa\Bonjour\mdnsNSP.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Archivos de programa\Bonjour\mdnsNSP.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Archivos de programa\Bonjour\mdnsNSP.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Archivos de programa\Bonjour\mdnsNSP.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Archivos de programa\Bonjour\mdnsNSP.dll File not found
    O15 - HKU\S-1-5-21-3417961138-2405943823-3877995022-1006\..Trusted Domains: ([]msn in My Computer)
    O15 - HKU\S-1-5-21-3417961138-2405943823-3877995022-1006\..Trusted Domains: gob.es ([agenciatributaria] https in Trusted sites)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{133FA5E4-7B7B-486E-A4F7-361C7D6D6924}: DhcpNameServer = 192.168.1.1
    O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
    O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\Sebring: DllName - (c:\WINDOWS\System32\LgNotify.dll) - C:\WINDOWS\system32\LgNotify.dll (Intel Corporation)
    O24 - Desktop Components:0 (Mi página de inicio actual) - About:Home
    O24 - Desktop WallPaper: C:\Documents and Settings\Paula\Configuración local\Datos de programa\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Paula\Configuración local\Datos de programa\Microsoft\Wallpaper1.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2003/10/13 08:34:10 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O33 - MountPoints2\{67bc6ff0-5e3b-11dd-9b67-000e355fbfa7}\Shell - "" = AutoRun
    O33 - MountPoints2\{67bc6ff0-5e3b-11dd-9b67-000e355fbfa7}\Shell\AutoRun\command - "" = E:\AutoRun.exe
    O33 - MountPoints2\{9edca040-50b5-11e1-9f50-000e355fbfa7}\Shell - "" = AutoRun
    O33 - MountPoints2\{9edca040-50b5-11e1-9f50-000e355fbfa7}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Toshiba Places.html
    O33 - MountPoints2\{c19fe0f0-d3a2-11db-9ae4-000e355fbfa7}\Shell\AutoRun\command - "" = E:\setupSNK.exe
    O33 - MountPoints2\{c79b5ca0-60a8-11dd-9b6c-000e355fbfa7}\Shell - "" = AutoRun
    O33 - MountPoints2\{c79b5ca0-60a8-11dd-9b6c-000e355fbfa7}\Shell\AutoRun\command - "" = E:\AutoRun.exe
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: 6to4 - File not found
    NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: ROB_A - File not found
    NetSvcs: CE3 - File not found
    NetSvcs: btwdins - C:\WINDOWS\system32\vgasave.dll (Oak Technology Inc.)
    NetSvcs: dwusbdnt - %systemroot%\system32\symidsco.dll File not found
    NetSvcs: sr_watchdog - File not found
    NetSvcs: oraclesnmppeerencapsulator - %systemroot%\system32\ql10wnt.dll File not found
    NetSvcs: WmdmPmSp - File not found

    Drivers32: msacm.iac2 - C:\WINDOWS\System32\iac25_32.ax (Intel Corporation)
    Drivers32: msacm.l3acm - C:\WINDOWS\System32\l3codeca.acm (Kristal Studio)
    Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
    Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
    Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
    Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/03/16 07:46:47 | 000,000,000 | --SD | C] -- C:\ComboFix
    [2012/03/15 07:32:24 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2012/03/15 07:29:31 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2012/03/15 07:29:31 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2012/03/15 07:29:31 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2012/03/15 07:29:31 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2012/03/15 07:29:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2012/03/15 07:29:07 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/03/15 07:28:13 | 004,436,007 | R--- | C] (Swearware) -- C:\Documents and Settings\Paula\Escritorio\ComboFix.exe
    [2012/03/13 23:03:52 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
    [2012/03/13 23:01:17 | 002,063,920 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Paula\Escritorio\TDSSKiller.exe
    [2012/03/12 23:32:27 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Paula\Menú Inicio\Programas\Herramientas administrativas
    [2012/03/12 22:51:07 | 000,000,000 | ---D | C] -- C:\Nueva carpeta (2)
    [2012/03/12 22:33:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paula\Datos de programa\Malwarebytes
    [2012/03/12 22:32:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menú Inicio\Programas\Malwarebytes' Anti-Malware
    [2012/03/12 22:32:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Datos de programa\Malwarebytes
    [2012/03/12 22:32:42 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2012/03/12 22:32:42 | 000,000,000 | ---D | C] -- C:\Archivos de programa\Malwarebytes' Anti-Malware
    [2012/03/10 11:06:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menú Inicio\Programas\Spybot - Search & Destroy
    [2012/03/10 11:06:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Datos de programa\Spybot - Search & Destroy
    [2012/03/10 11:06:09 | 000,000,000 | ---D | C] -- C:\Archivos de programa\Spybot - Search & Destroy
    [2012/03/10 10:46:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Datos de programa\Windows Genuine Advantage
    [2012/03/09 20:09:27 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0
    [2012/03/05 09:13:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Datos de programa\Google
    [2012/03/05 08:59:02 | 000,281,104 | ---- | C] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\wpcap.dll
    [2012/03/05 08:59:02 | 000,100,880 | ---- | C] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\Packet.dll
    [2012/03/05 08:59:02 | 000,050,704 | ---- | C] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\drivers\npf.sys
    [2012/03/03 20:49:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Datos de programa\Macromedia
    [2012/03/03 20:49:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Datos de programa\Adobe
    [2012/03/03 20:39:59 | 000,000,000 | ---D | C] -- C:\Program Files
    [2012/03/02 12:04:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menú Inicio\Programas\Microsoft Silverlight
    [2012/03/02 12:04:42 | 000,000,000 | ---D | C] -- C:\Archivos de programa\Microsoft Silverlight
    [7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/03/20 22:47:40 | 000,001,098 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2012/03/20 22:47:10 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2012/03/19 23:04:37 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2012/03/16 08:39:13 | 000,001,102 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2012/03/16 08:23:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
    [2012/03/16 08:23:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
    [2012/03/15 23:35:37 | 000,504,656 | ---- | M] () -- C:\WINDOWS\System32\perfh00A.dat
    [2012/03/15 23:35:37 | 000,090,396 | ---- | M] () -- C:\WINDOWS\System32\perfc00A.dat
    [2012/03/15 23:35:36 | 000,441,124 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2012/03/15 23:35:36 | 000,071,060 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2012/03/15 07:32:33 | 000,000,327 | RHS- | M] () -- C:\boot.ini
    [2012/03/15 07:23:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
    [2012/03/15 07:23:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
    [2012/03/15 07:19:01 | 004,436,007 | R--- | M] (Swearware) -- C:\Documents and Settings\Paula\Escritorio\ComboFix.exe
    [2012/03/15 07:13:13 | 000,000,000 | -HS- | M] () -- C:\WINDOWS\System32\dds_trash_log.cmd
    [2012/03/14 07:26:14 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2012/03/14 00:23:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
    [2012/03/14 00:23:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
    [2012/03/13 23:23:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At48.job
    [2012/03/13 23:23:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At47.job
    [2012/03/12 22:46:10 | 000,001,876 | ---- | M] () -- C:\Documents and Settings\All Users\Escritorio\Google Chrome.lnk
    [2012/03/12 22:43:34 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At46.job
    [2012/03/12 22:43:34 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At45.job
    [2012/03/12 22:32:44 | 000,000,833 | ---- | M] () -- C:\Documents and Settings\All Users\Escritorio\Malwarebytes Anti-Malware.lnk
    [2012/03/10 11:24:59 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
    [2012/03/10 11:24:59 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
    [2012/03/10 11:06:18 | 000,000,982 | ---- | M] () -- C:\Documents and Settings\Paula\Escritorio\Spybot - Search & Destroy.lnk
    [2012/03/10 10:26:34 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
    [2012/03/10 10:26:30 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
    [2012/03/10 09:26:32 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
    [2012/03/10 09:26:29 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
    [2012/03/09 17:12:06 | 002,063,920 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Paula\Escritorio\TDSSKiller.exe
    [2012/03/05 09:08:19 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At44.job
    [2012/03/05 09:08:19 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At42.job
    [2012/03/05 09:08:19 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At40.job
    [2012/03/05 09:08:19 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At38.job
    [2012/03/05 09:08:19 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At36.job
    [2012/03/05 09:08:19 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At34.job
    [2012/03/05 09:08:19 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At32.job
    [2012/03/05 09:08:19 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At30.job
    [2012/03/05 09:08:19 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At28.job
    [2012/03/05 09:08:19 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At26.job
    [2012/03/05 09:08:19 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At43.job
    [2012/03/05 09:08:19 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At41.job
    [2012/03/05 09:08:19 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At39.job
    [2012/03/05 09:08:19 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At37.job
    [2012/03/05 09:08:19 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At35.job
    [2012/03/05 09:08:19 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At33.job
    [2012/03/05 09:08:19 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At31.job
    [2012/03/05 09:08:19 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At29.job
    [2012/03/05 09:08:19 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At27.job
    [2012/03/05 09:08:19 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At25.job
    [2012/03/05 09:08:18 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
    [2012/03/05 09:08:18 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
    [2012/03/05 09:08:18 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
    [2012/03/05 09:08:18 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
    [2012/03/05 09:08:18 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
    [2012/03/05 09:08:18 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
    [2012/03/05 09:08:18 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
    [2012/03/05 09:08:18 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
    [2012/03/05 09:08:18 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
    [2012/03/05 09:08:18 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
    [2012/03/05 09:08:18 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
    [2012/03/05 09:08:18 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
    [2012/03/05 08:59:02 | 000,281,104 | ---- | M] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\wpcap.dll
    [2012/03/05 08:59:02 | 000,100,880 | ---- | M] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\Packet.dll
    [2012/03/05 08:59:02 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\drivers\npf.sys
    [2012/02/28 12:01:01 | 000,000,298 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2012/02/22 20:18:13 | 000,062,976 | ---- | M] () -- C:\Documents and Settings\Paula\Configuración local\Datos de programa\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/03/15 07:32:33 | 000,000,211 | ---- | C] () -- C:\Boot.bak
    [2012/03/15 07:32:28 | 000,260,272 | RHS- | C] () -- C:\cmldr
    [2012/03/15 07:29:31 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2012/03/15 07:29:31 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2012/03/15 07:29:31 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2012/03/15 07:29:31 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2012/03/15 07:29:31 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2012/03/12 22:32:44 | 000,000,833 | ---- | C] () -- C:\Documents and Settings\All Users\Escritorio\Malwarebytes Anti-Malware.lnk
    [2012/03/10 11:06:18 | 000,000,982 | ---- | C] () -- C:\Documents and Settings\Paula\Escritorio\Spybot - Search & Destroy.lnk
    [2012/03/05 09:08:19 | 000,000,354 | ---- | C] () -- C:\WINDOWS\tasks\At48.job
    [2012/03/05 09:08:19 | 000,000,354 | ---- | C] () -- C:\WINDOWS\tasks\At46.job
    [2012/03/05 09:08:19 | 000,000,354 | ---- | C] () -- C:\WINDOWS\tasks\At44.job
    [2012/03/05 09:08:19 | 000,000,354 | ---- | C] () -- C:\WINDOWS\tasks\At42.job
    [2012/03/05 09:08:19 | 000,000,354 | ---- | C] () -- C:\WINDOWS\tasks\At40.job
    [2012/03/05 09:08:19 | 000,000,354 | ---- | C] () -- C:\WINDOWS\tasks\At38.job
    [2012/03/05 09:08:19 | 000,000,354 | ---- | C] () -- C:\WINDOWS\tasks\At36.job
    [2012/03/05 09:08:19 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At47.job
    [2012/03/05 09:08:19 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At45.job
    [2012/03/05 09:08:19 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At43.job
    [2012/03/05 09:08:19 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At41.job
    [2012/03/05 09:08:19 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At39.job
    [2012/03/05 09:08:19 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At37.job
    [2012/03/05 09:08:19 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At35.job
    [2012/03/05 09:08:18 | 000,000,354 | ---- | C] () -- C:\WINDOWS\tasks\At8.job
    [2012/03/05 09:08:18 | 000,000,354 | ---- | C] () -- C:\WINDOWS\tasks\At6.job
    [2012/03/05 09:08:18 | 000,000,354 | ---- | C] () -- C:\WINDOWS\tasks\At34.job
    [2012/03/05 09:08:18 | 000,000,354 | ---- | C] () -- C:\WINDOWS\tasks\At32.job
    [2012/03/05 09:08:18 | 000,000,354 | ---- | C] () -- C:\WINDOWS\tasks\At30.job
    [2012/03/05 09:08:18 | 000,000,354 | ---- | C] () -- C:\WINDOWS\tasks\At28.job
    [2012/03/05 09:08:18 | 000,000,354 | ---- | C] () -- C:\WINDOWS\tasks\At26.job
    [2012/03/05 09:08:18 | 000,000,354 | ---- | C] () -- C:\WINDOWS\tasks\At24.job
    [2012/03/05 09:08:18 | 000,000,354 | ---- | C] () -- C:\WINDOWS\tasks\At22.job
    [2012/03/05 09:08:18 | 000,000,354 | ---- | C] () -- C:\WINDOWS\tasks\At20.job
    [2012/03/05 09:08:18 | 000,000,354 | ---- | C] () -- C:\WINDOWS\tasks\At18.job
    [2012/03/05 09:08:18 | 000,000,354 | ---- | C] () -- C:\WINDOWS\tasks\At16.job
    [2012/03/05 09:08:18 | 000,000,354 | ---- | C] () -- C:\WINDOWS\tasks\At14.job
    [2012/03/05 09:08:18 | 000,000,354 | ---- | C] () -- C:\WINDOWS\tasks\At12.job
    [2012/03/05 09:08:18 | 000,000,354 | ---- | C] () -- C:\WINDOWS\tasks\At10.job
    [2012/03/05 09:08:18 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At9.job
    [2012/03/05 09:08:18 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At7.job
    [2012/03/05 09:08:18 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At5.job
    [2012/03/05 09:08:18 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At33.job
    [2012/03/05 09:08:18 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At31.job
    [2012/03/05 09:08:18 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At29.job
    [2012/03/05 09:08:18 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At27.job
    [2012/03/05 09:08:18 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At25.job
    [2012/03/05 09:08:18 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At23.job
    [2012/03/05 09:08:18 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At21.job
    [2012/03/05 09:08:18 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At19.job
    [2012/03/05 09:08:18 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At17.job
    [2012/03/05 09:08:18 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At15.job
    [2012/03/05 09:08:18 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At13.job
    [2012/03/05 09:08:18 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At11.job
    [2012/03/05 09:08:17 | 000,000,354 | ---- | C] () -- C:\WINDOWS\tasks\At4.job
    [2012/03/05 09:08:17 | 000,000,354 | ---- | C] () -- C:\WINDOWS\tasks\At2.job
    [2012/03/05 09:08:17 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At3.job
    [2012/03/05 09:08:17 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
    [2012/03/03 20:49:27 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2012/03/03 20:33:04 | 000,000,000 | -HS- | C] () -- C:\WINDOWS\System32\dds_trash_log.cmd
    [2012/01/26 20:36:38 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
    [2011/12/21 20:05:06 | 000,038,668 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
    [2011/05/22 11:36:44 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\adedinet.dll
    [2010/06/27 10:13:11 | 000,010,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS

    (continues)
  14. juako

    juako Newcomer, in training Topic Starter Posts: 34

    (OTL.txt continues)

    ========== LOP Check ==========

    [2009/02/25 19:59:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\Autodesk
    [2009/06/06 12:01:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\EPSON
    [2009/06/06 12:08:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\UDL
    [2004/12/23 21:31:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\Viewpoint
    [2011/08/27 18:57:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [2009/02/02 11:49:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paula\Datos de programa\Autodesk
    [2010/12/17 20:26:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paula\Datos de programa\EPSON
    [2008/10/31 10:26:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paula\Datos de programa\ICAClient
    [2009/02/08 17:59:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paula\Datos de programa\InterVideo
    [2008/07/30 14:31:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paula\Datos de programa\Telefónica Móviles
    [2012/03/14 00:23:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job
    [2012/03/05 09:08:18 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\At10.job
    [2012/03/05 09:08:18 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At11.job
    [2012/03/05 09:08:18 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\At12.job
    [2012/03/05 09:08:18 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At13.job
    [2012/03/05 09:08:18 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\At14.job
    [2012/03/15 07:23:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At15.job
    [2012/03/15 07:23:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\At16.job
    [2012/03/16 08:23:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At17.job
    [2012/03/16 08:23:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\At18.job
    [2012/03/10 09:26:29 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At19.job
    [2012/03/14 00:23:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\At2.job
    [2012/03/10 09:26:32 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\At20.job
    [2012/03/10 10:26:34 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At21.job
    [2012/03/10 10:26:30 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\At22.job
    [2012/03/10 11:24:59 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At23.job
    [2012/03/10 11:24:59 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\At24.job
    [2012/03/05 09:08:19 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At25.job
    [2012/03/05 09:08:19 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\At26.job
    [2012/03/05 09:08:19 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At27.job
    [2012/03/05 09:08:19 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\At28.job
    [2012/03/05 09:08:19 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At29.job
    [2012/03/05 09:08:18 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At3.job
    [2012/03/05 09:08:19 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\At30.job
    [2012/03/05 09:08:19 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At31.job
    [2012/03/05 09:08:19 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\At32.job
    [2012/03/05 09:08:19 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At33.job
    [2012/03/05 09:08:19 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\At34.job
    [2012/03/05 09:08:19 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At35.job
    [2012/03/05 09:08:19 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\At36.job
    [2012/03/05 09:08:19 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At37.job
    [2012/03/05 09:08:19 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\At38.job
    [2012/03/05 09:08:19 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At39.job
    [2012/03/05 09:08:18 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\At4.job
    [2012/03/05 09:08:19 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\At40.job
    [2012/03/05 09:08:19 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At41.job
    [2012/03/05 09:08:19 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\At42.job
    [2012/03/05 09:08:19 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At43.job
    [2012/03/05 09:08:19 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\At44.job
    [2012/03/12 22:43:34 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At45.job
    [2012/03/12 22:43:34 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\At46.job
    [2012/03/13 23:23:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At47.job
    [2012/03/13 23:23:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\At48.job
    [2012/03/05 09:08:18 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At5.job
    [2012/03/05 09:08:18 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\At6.job
    [2012/03/05 09:08:18 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At7.job
    [2012/03/05 09:08:18 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\At8.job
    [2012/03/05 09:08:18 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At9.job

    ========== Purity Check ==========



    ========== Custom Scans ==========

    < %SYSTEMDRIVE%\*.* >
    [2003/10/13 08:34:10 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
    [2004/12/22 20:47:10 | 000,000,211 | ---- | M] () -- C:\Boot.bak
    [2012/03/15 07:32:33 | 000,000,327 | RHS- | M] () -- C:\boot.ini
    [2002/09/10 21:00:00 | 000,004,952 | RHS- | M] () -- C:\Bootfont.bin
    [2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
    [2003/10/13 08:34:10 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
    [2003/10/13 08:34:10 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2003/10/13 08:34:10 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2004/12/22 20:40:38 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
    [2004/12/22 20:40:38 | 000,250,640 | RHS- | M] () -- C:\ntldr
    [2012/03/20 22:46:59 | 805,306,368 | -HS- | M] () -- C:\pagefile.sys
    [2004/03/17 10:53:44 | 000,000,183 | -H-- | M] () -- C:\SWSTAMP.TXT
    [2012/03/16 07:34:39 | 000,050,636 | ---- | M] () -- C:\TDSSKiller.2.7.20.0_16.03.2012_07.31.44_log.txt
    [2012/03/10 11:03:37 | 323,586,088 | ---- | M] (Microsoft Corporation) -- C:\WindowsXP-KB936929-SP3-x86-ESN.exe

    < %systemroot%\Fonts\*.com >
    [2006/04/18 14:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
    [2006/06/29 13:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
    [2006/04/18 14:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
    [2006/06/29 13:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2003/10/13 08:33:36 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2008/07/06 13:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
    [2007/04/09 13:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
    [2008/07/06 11:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >
    [2003/10/23 15:17:52 | 000,053,248 | ---- | M] (TOSHIBA) -- C:\WINDOWS\cfdemo.scr
    [2003/09/19 00:15:54 | 000,053,248 | ---- | M] (TOSHIBA) -- C:\WINDOWS\cfscr.scr
    [7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >
    [2010/05/08 10:56:02 | 000,001,530 | -H-- | M] () -- C:\Documents and Settings\Paula\Datos de programa\Microsoft\LastFlashConfig.WFC

    < %PROGRAMFILES%\*.* >

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2003/10/13 10:24:30 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
    [2003/10/13 10:24:30 | 000,610,304 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
    [2003/10/13 10:24:29 | 000,397,312 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2004/12/22 20:54:51 | 000,000,198 | -HS- | M] () -- C:\Documents and Settings\Paula\Datos de programa\Microsoft\Internet Explorer\Quick Launch\desktop.ini
    [2004/12/22 18:15:33 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Paula\Datos de programa\Microsoft\Internet Explorer\Quick Launch\Mostrar escritorio.scf

    < %USERPROFILE%\Desktop\*.exe >

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\tasks\*.* >
    [2012/02/28 12:01:01 | 000,000,298 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2012/03/14 00:23:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
    [2012/03/05 09:08:18 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
    [2012/03/05 09:08:18 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
    [2012/03/05 09:08:18 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
    [2012/03/05 09:08:18 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
    [2012/03/05 09:08:18 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
    [2012/03/15 07:23:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
    [2012/03/15 07:23:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
    [2012/03/16 08:23:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
    [2012/03/16 08:23:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
    [2012/03/10 09:26:29 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
    [2012/03/14 00:23:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
    [2012/03/10 09:26:32 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
    [2012/03/10 10:26:34 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
    [2012/03/10 10:26:30 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
    [2012/03/10 11:24:59 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
    [2012/03/10 11:24:59 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
    [2012/03/05 09:08:19 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At25.job
    [2012/03/05 09:08:19 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At26.job
    [2012/03/05 09:08:19 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At27.job
    [2012/03/05 09:08:19 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At28.job
    [2012/03/05 09:08:19 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At29.job
    [2012/03/05 09:08:18 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
    [2012/03/05 09:08:19 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At30.job
    [2012/03/05 09:08:19 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At31.job
    [2012/03/05 09:08:19 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At32.job
    [2012/03/05 09:08:19 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At33.job
    [2012/03/05 09:08:19 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At34.job
    [2012/03/05 09:08:19 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At35.job
    [2012/03/05 09:08:19 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At36.job
    [2012/03/05 09:08:19 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At37.job
    [2012/03/05 09:08:19 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At38.job
    [2012/03/05 09:08:19 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At39.job
    [2012/03/05 09:08:18 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
    [2012/03/05 09:08:19 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At40.job
    [2012/03/05 09:08:19 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At41.job
    [2012/03/05 09:08:19 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At42.job
    [2012/03/05 09:08:19 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At43.job
    [2012/03/05 09:08:19 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At44.job
    [2012/03/12 22:43:34 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At45.job
    [2012/03/12 22:43:34 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At46.job
    [2012/03/13 23:23:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At47.job
    [2012/03/13 23:23:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At48.job
    [2012/03/05 09:08:18 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
    [2012/03/05 09:08:18 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
    [2012/03/05 09:08:18 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
    [2012/03/05 09:08:18 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
    [2012/03/05 09:08:18 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
    [2002/09/10 21:00:00 | 000,000,065 | RH-- | M] () -- C:\WINDOWS\tasks\desktop.ini
    [2012/03/20 22:47:40 | 000,001,098 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2012/03/16 08:39:13 | 000,001,102 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2012/03/20 22:47:30 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >
    [2011/05/22 11:35:48 | 005,838,848 | ---- | M] (AEAT) -- C:\Documents and Settings\Paula\Actualizacion_Renta2010_windows_1_20.exe

    < %systemroot%\ADDINS\*.* >

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >
    [2012/03/20 22:47:36 | 000,917,504 | ---- | M] () -- C:\Documents and Settings\Paula\Cookies\index.dat

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >
    [2004/08/11 21:24:40 | 000,192,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >
    [2004/08/19 23:41:57 | 000,028,672 | ---- | M] (Microsoft Corporation) -- C:\Archivos de programa\Messenger\custsat.dll
    [2002/08/20 11:32:18 | 000,004,821 | ---- | M] () -- C:\Archivos de programa\Messenger\logowin.gif
    [2002/08/20 11:32:18 | 000,007,047 | ---- | M] () -- C:\Archivos de programa\Messenger\lvback.gif
    [2002/04/11 10:57:58 | 000,000,985 | ---- | M] () -- C:\Archivos de programa\Messenger\mailtmpl.txt
    [2008/05/02 15:24:23 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Archivos de programa\Messenger\msgsc.dll
    [2004/08/19 23:39:26 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Archivos de programa\Messenger\msgslang.dll
    [2004/10/13 17:24:37 | 001,694,208 | ---- | M] (Microsoft Corporation) -- C:\Archivos de programa\Messenger\msmsgs.exe
    [2002/08/20 14:08:38 | 000,069,663 | ---- | M] (Microsoft Corporation) -- C:\Archivos de programa\Messenger\msmsgsin.exe
    [2002/09/10 21:00:00 | 000,002,882 | ---- | M] () -- C:\Archivos de programa\Messenger\newalert.wav
    [2002/09/10 21:00:00 | 000,006,156 | ---- | M] () -- C:\Archivos de programa\Messenger\newemail.wav
    [2002/09/10 21:00:00 | 000,006,160 | ---- | M] () -- C:\Archivos de programa\Messenger\online.wav
    [2002/08/20 11:32:20 | 000,004,454 | ---- | M] () -- C:\Archivos de programa\Messenger\type.wav
    [2004/07/17 19:35:15 | 000,126,477 | ---- | M] () -- C:\Archivos de programa\Messenger\xpmsgr.chm

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

    < MD5 for: I8042PRT.SYS >
    [2002/09/10 21:00:00 | 010,180,710 | ---- | M] () .cab file -- C:\I386\sp1.cab:i8042prt.sys
    [2002/09/10 21:00:00 | 010,180,710 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:i8042prt.sys
    [2004/12/22 20:37:30 | 022,285,982 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:i8042prt.sys
    [2004/12/22 20:37:30 | 022,285,982 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:i8042prt.sys
    [2004/08/19 23:23:40 | 000,053,760 | ---- | M] (Microsoft Corporation) MD5=0CAB3EE361CFEAB260B3906C8B6FB2BE -- C:\WINDOWS\ServicePackFiles\i386\i8042prt.sys
    [2012/03/16 07:36:07 | 000,053,760 | ---- | M] (Microsoft Corporation) MD5=0CAB3EE361CFEAB260B3906C8B6FB2BE -- C:\WINDOWS\system32\drivers\i8042prt.sys
    [2002/09/10 21:00:00 | 000,052,096 | ---- | M] (Microsoft Corporation) MD5=16466F7DF4DA68EF8687EA4AE4699FFD -- C:\WINDOWS\$NtServicePackUninstall$\i8042prt.sys
    [2002/09/10 21:00:00 | 000,052,096 | ---- | M] (Microsoft Corporation) MD5=16466F7DF4DA68EF8687EA4AE4699FFD -- C:\WINDOWS\system32\ReinstallBackups\0008\DriverFiles\i386\i8042prt.sys
    [2008/04/14 02:52:35 | 000,053,504 | ---- | M] (Microsoft Corporation) MD5=4A2490A66E8271901E89DD5FB79748AE -- C:\WINDOWS\SoftwareDistribution\Download\2aeaf54e7e4b5f583622470fe7c5fdef\i8042prt.sys

    < MD5 for: MRXSMB.SYS >
    [2002/09/10 21:00:00 | 010,180,710 | ---- | M] () .cab file -- C:\I386\sp1.cab:mrxsmb.sys
    [2002/09/10 21:00:00 | 010,180,710 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:mrxsmb.sys
    [2004/12/22 20:37:30 | 022,285,982 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:mrxsmb.sys
    [2004/12/22 20:37:30 | 022,285,982 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:mrxsmb.sys
    [2006/05/05 10:41:45 | 000,453,120 | ---- | M] (Microsoft Corporation) MD5=025AF03CE51645C62F3B6907A7E2BE5E -- C:\WINDOWS\$NtUninstallKB957097$\mrxsmb.sys
    [2004/08/04 07:15:16 | 000,451,456 | ---- | M] (Microsoft Corporation) MD5=1FD607FC67F7F7C633C3DA65BFC53D18 -- C:\WINDOWS\$NtUninstallKB885835$\mrxsmb.sys
    [2004/08/04 07:15:16 | 000,451,456 | ---- | M] (Microsoft Corporation) MD5=1FD607FC67F7F7C633C3DA65BFC53D18 -- C:\WINDOWS\ServicePackFiles\i386\mrxsmb.sys
    [2009/12/04 14:37:07 | 000,456,832 | ---- | M] (Microsoft Corporation) MD5=31422F271B5F3E257339541E76569A00 -- C:\WINDOWS\$hf_mig$\KB978251\SP2QFE\mrxsmb.sys
    [2010/02/24 13:48:23 | 000,457,216 | ---- | M] (Microsoft Corporation) MD5=3500E756812E716351F2D341AE1D5623 -- C:\WINDOWS\$hf_mig$\KB980232\SP2QFE\mrxsmb.sys
    [2009/12/04 19:22:22 | 000,455,424 | ---- | M] (Microsoft Corporation) MD5=421F7B922CEC5A5F340E7574A98F7B7C -- C:\WINDOWS\$hf_mig$\KB978251\SP3GDR\mrxsmb.sys
    [2005/01/19 05:26:52 | 000,451,584 | ---- | M] (Microsoft Corporation) MD5=5DDC9A1B2EB5A4BF010CE8C019A18C1F -- C:\WINDOWS\$NtUninstallKB914389$\mrxsmb.sys
    [2009/12/04 18:25:56 | 000,456,832 | ---- | M] (Microsoft Corporation) MD5=602549D1E8A622E5746991F6C56B21CA -- C:\WINDOWS\$hf_mig$\KB978251\SP3QFE\mrxsmb.sys
    [2008/10/24 12:21:09 | 000,455,296 | ---- | M] (Microsoft Corporation) MD5=60AE98742484E7AB80C3C1450E708148 -- C:\WINDOWS\$hf_mig$\KB957097\SP3GDR\mrxsmb.sys
    [2008/04/13 20:17:01 | 000,456,576 | ---- | M] (Microsoft Corporation) MD5=68755F0FF16070178B54674FE5B847B0 -- C:\WINDOWS\SoftwareDistribution\Download\2aeaf54e7e4b5f583622470fe7c5fdef\mrxsmb.sys
    [2008/10/24 12:10:42 | 000,453,632 | ---- | M] (Microsoft Corporation) MD5=6F2D483B97B395544E59749C47963C6A -- C:\WINDOWS\$NtUninstallKB978251$\mrxsmb.sys
    [2008/10/24 12:41:11 | 000,455,936 | ---- | M] (Microsoft Corporation) MD5=7170AB42B51954DEF2781A4D1CCE65F4 -- C:\WINDOWS\$hf_mig$\KB957097\SP3QFE\mrxsmb.sys
    [2006/05/05 11:16:39 | 000,454,400 | ---- | M] (Microsoft Corporation) MD5=7412CE77C6FD823F8889B4DF420C680B -- C:\WINDOWS\$hf_mig$\KB914389\SP2QFE\mrxsmb.sys
    [2002/09/10 21:00:00 | 000,407,552 | ---- | M] (Microsoft Corporation) MD5=7A3A2BE44E12E2ABDE1AF891E83AC130 -- C:\WINDOWS\$NtUninstallQ810577$\mrxsmb.sys
    [2005/01/19 04:51:57 | 000,451,584 | ---- | M] (Microsoft Corporation) MD5=7B195060FF456FA65954C72C5C1640FF -- C:\WINDOWS\$hf_mig$\KB885250\SP2QFE\mrxsmb.sys
    [2004/10/28 02:15:16 | 000,448,128 | ---- | M] (Microsoft Corporation) MD5=A1BE3CB080DCC0A8270D21E3CA3B7005 -- C:\WINDOWS\$hf_mig$\KB885835\SP2QFE\mrxsmb.sys
    [2004/10/28 02:14:18 | 000,448,128 | ---- | M] (Microsoft Corporation) MD5=C9D17DAA82B917CF2FD6E4F595974934 -- C:\WINDOWS\$hf_mig$\KB885835\SP2GDR\mrxsmb.sys
    [2004/10/28 02:14:18 | 000,448,128 | ---- | M] (Microsoft Corporation) MD5=C9D17DAA82B917CF2FD6E4F595974934 -- C:\WINDOWS\$NtUninstallKB885250$\mrxsmb.sys
    [2008/10/24 12:25:29 | 000,455,936 | ---- | M] (Microsoft Corporation) MD5=D07DA410091143336DAE419A921AAE2B -- C:\WINDOWS\$hf_mig$\KB957097\SP2QFE\mrxsmb.sys
    [2010/02/24 12:57:57 | 000,457,216 | ---- | M] (Microsoft Corporation) MD5=D09B9F0B9960DD41E73127B7814C115F -- C:\WINDOWS\$hf_mig$\KB980232\SP3QFE\mrxsmb.sys
    [2002/11/18 10:27:40 | 000,392,576 | ---- | M] (Microsoft Corporation) MD5=D4BD5EF775AD4FB0B8E3786F674DABDD -- C:\WINDOWS\$NtUninstallKB885835_0$\mrxsmb.sys
    [2004/10/12 17:22:52 | 000,436,608 | ---- | M] (Microsoft Corporation) MD5=E5D956E9839C75CCABDDEDC07E17670C -- C:\WINDOWS\$NtServicePackUninstall$\mrxsmb.sys
    [2010/02/24 14:11:07 | 000,455,680 | ---- | M] (Microsoft Corporation) MD5=F3AEFB11ABC521122B67095044169E98 -- C:\WINDOWS\$hf_mig$\KB980232\SP3GDR\mrxsmb.sys
    [2009/12/04 15:41:55 | 000,453,760 | ---- | M] (Microsoft Corporation) MD5=F9692BE777822AB3F1A91C34728786DA -- C:\WINDOWS\$NtUninstallKB980232$\mrxsmb.sys
    [2010/02/24 13:31:30 | 000,454,016 | ---- | M] (Microsoft Corporation) MD5=FB6C89BB3CE282B08BDB1E3C179E1C39 -- C:\WINDOWS\Driver Cache\i386\mrxsmb.sys
    [2010/02/24 13:31:30 | 000,454,016 | ---- | M] (Microsoft Corporation) MD5=FB6C89BB3CE282B08BDB1E3C179E1C39 -- C:\WINDOWS\system32\dllcache\mrxsmb.sys
    [2012/03/14 06:39:05 | 000,454,016 | ---- | M] (Microsoft Corporation) MD5=FB6C89BB3CE282B08BDB1E3C179E1C39 -- C:\WINDOWS\system32\drivers\mrxsmb.sys

    < MD5 for: NETBT.SYS >
    [2004/08/04 07:14:37 | 000,162,816 | ---- | M] (Microsoft Corporation) MD5=0C80E410CD2F47134407EE7DD19CC86B -- C:\WINDOWS\ServicePackFiles\i386\netbt.sys
    [2004/08/04 07:14:37 | 000,162,816 | ---- | M] (Microsoft Corporation) MD5=0C80E410CD2F47134407EE7DD19CC86B -- C:\WINDOWS\system32\dllcache\netbt.sys
    [2004/08/04 07:14:37 | 000,162,816 | ---- | M] (Microsoft Corporation) MD5=0C80E410CD2F47134407EE7DD19CC86B -- C:\WINDOWS\system32\drivers\netbt.sys
    [2008/04/13 20:21:00 | 000,162,816 | ---- | M] (Microsoft Corporation) MD5=74B2B2F5BEA5E9A3DC021D685551BD3D -- C:\WINDOWS\SoftwareDistribution\Download\2aeaf54e7e4b5f583622470fe7c5fdef\netbt.sys
    [2002/09/10 21:00:00 | 000,157,056 | ---- | M] (Microsoft Corporation) MD5=D96F3BC5A6E7452B0E3275B560DC8528 -- C:\WINDOWS\$NtServicePackUninstall$\netbt.sys

    < >

    ========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
    [C:\WINDOWS\$NtUninstallKB10188$] -> Error: Cannot create file handle -> Unknown point type

    < End of report >
  15. juako

    juako Newcomer, in training Topic Starter Posts: 34

    Extras.txt

    OTL Extras logfile created on: 20/03/2012 23:14:20 - Run 1
    OTL by OldTimer - Version 3.2.39.1 Folder = C:\Nueva carpeta
    Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000C0A | Country: España | Language: ESN | Date Format: dd/MM/yyyy

    2,00 Gb Total Physical Memory | 1,59 Gb Available Physical Memory | 79,66% Memory free
    2,60 Gb Paging File | 2,38 Gb Available in Paging File | 91,35% Paging File free
    Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Archivos de programa
    Drive C: | 55,89 Gb Total Space | 19,67 Gb Free Space | 35,19% Space Free | Partition Type: NTFS
    Drive E: | 1,83 Gb Total Space | 1,83 Gb Free Space | 100,00% Space Free | Partition Type: FAT

    Computer Name: TOSHIBA | User Name: Paula | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

    [HKEY_USERS\S-1-5-21-3417961138-2405943823-3877995022-1006\SOFTWARE\Classes\<extension>]
    .html [@ = htmlfile] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 0
    "DoNotAllowExceptions" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Archivos de programa\Google\Google Talk\googletalk.exe" = C:\Archivos de programa\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk -- (Google)
    "C:\Archivos de programa\Autodesk\3ds Max 9\3dsmax.exe" = C:\Archivos de programa\Autodesk\3ds Max 9\3dsmax.exe:*:Enabled:Autodesk 3ds Max 9 32-bit -- (Autodesk, Inc.)
    "C:\Archivos de programa\Autodesk\Backburner\monitor.exe" = C:\Archivos de programa\Autodesk\Backburner\monitor.exe:*:Enabled:backburner 2.3 monitor -- (Autodesk, Inc.)
    "C:\Archivos de programa\Autodesk\Backburner\manager.exe" = C:\Archivos de programa\Autodesk\Backburner\manager.exe:*:Enabled:backburner 2.3 manager -- (Autodesk, Inc.)
    "C:\Archivos de programa\Autodesk\Backburner\server.exe" = C:\Archivos de programa\Autodesk\Backburner\server.exe:*:Enabled:backburner 2.3 server -- (Autodesk, Inc.)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{188BA1CC-F3A1-49B0-A34D-8C861C64E1AE}" = Manuales de TOSHIBA
    "{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
    "{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
    "{26A24AE4-039D-4CA4-87B4-2F83216013F0}" = Java(TM) 6 Update 13
    "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
    "{350C9C0A-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{3CF0858D-1AC5-4308-9DE7-AD15288A8BDC}" = Consola de Toshiba
    "{3D347E6D-5A03-4342-B5BA-6A771885F379}" = Backburner
    "{405C32CF-9C6F-49B3-9436-3F5FDBE7B3CE}" = Microsoft .NET Framework 2.0 Language Pack - ESN
    "{4815AD3B-EFF3-4515-9A57-9FA13A547B6E}" = Autoliquidación Plusvalía
    "{48CF9A66-5F03-4025-ABD0-B3A3FA095A59}" = Formato de tarjeta de memoria SD de TOSHIBA
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{5339885F-4597-4343-BD3B-74280CC79424}" = VideoImpression
    "{5380063E-2909-4d72-BFA3-625881F2E78B}" = Intel(R) PROSet for Wireless
    "{5783F2D7-0134-040A-0002-0060B0CE6BBA}" = Autodesk Architectural Desktop 3.3 - Español
    "{5783F2D7-0301-040A-0002-0060B0CE6BBA}" = AutoCAD 2005 - Español
    "{69995C7A-062A-4A90-A4DF-8C22895DF522}" = iTunes
    "{7148F0A8-6813-11D6-A77B-00B0D0142000}" = Java 2 Runtime Environment, SE v1.4.2
    "{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
    "{7148F0A8-6813-11D6-A77B-00B0D0142040}" = Java 2 Runtime Environment, SE v1.4.2_04
    "{7148F0A8-6813-11D6-A77B-00B0D0142060}" = Java 2 Runtime Environment, SE v1.4.2_06
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{7959721D-8268-4565-9E0E-C41A9F4848A9}" = Controladores de sonido SigmaTel AC97
    "{7C8B5E63-821A-4DFB-BDFA-19854D88EC5C}" = 3dsmax ancillary install
    "{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page
    "{83169D43-4660-4347-BC95-E9D6E6BE65CE}" = Microsoft .NET Framework 1.1 Spanish Language Pack
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{90110C0A-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
    "{91A10C0A-6000-11D3-8CFE-0150048383C9}" = Microsoft Office OneNote 2003
    "{98E8A2EF-4EAE-43B8-A172-74842B764777}" = InterVideo WinDVD 4
    "{9A346205-EA92-4406-B1AB-50379DA3F057}" = Autodesk DWF Viewer 7
    "{9E1DDBE7-BF44-4AC8-87CA-3D25FC63C6E1}" = Windows Live installer
    "{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = Silenciador de unidad de CD/DVD
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A6690C0E-B96E-4F0F-A8EB-D5B332454AC6}" = TOSHIBA Controls
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AC76BA86-0000-0000-0000-6028747ADE01}" = Adobe Acrobat - Reader 6.0.2 Update
    "{AC76BA86-1033-0000-7760-000000000001}" = Adobe Acrobat 6.0.1 Professional
    "{AC76BA86-7AD7-1034-7B44-A95000000001}" = Adobe Reader 9.5.0 - Español
    "{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
    "{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
    "{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}" = TOSHIBA ConfigFree
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
    "{C49067A8-8212-4A82-A4D9-1519701644F0}" = Cliente Citrix Presentation Server - Web solamente
    "{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D03482C5-9AD8-496D-B388-692AE04C93AF}" = Bonjour
    "{DEDB47A3-C988-4A43-A645-E2CEA571E680}" = Epson Easy Photo Print 2
    "{E96D4088-AAC5-437F-9E39-EC0E387897B4}" = Autodesk 3ds Max 9 32-bit
    "{ED703EEA-0E02-4A77-ABD0-F0986C4AF2E6}" = WinZip 9.0
    "{F6869CD2-3DB4-476D-A4C7-B3AE7C3ACF7B}" = Windows Media Connect
    "{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = Extensión de HighMAT para el Asistente para grabación de CD de Microsoft Windows XP
    "2359-2070-3006-7938" = Renta2010 1.20
    "3971-4815-1971-1205" = Renta2009 1.10
    "Adobe Atmosphere Player" = Adobe Atmosphere Player for Acrobat and Adobe Reader
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "AnswerWorks 3.0" = AnswerWorks Runtime
    "BSPlayer1" = BSPlayer
    "ClamWin Free Antivirus_is1" = ClamWin Free Antivirus 0.97.3
    "EPSON Scanner" = EPSON Scan
    "EPSON Stylus SX100_TX100 Manual de usuario" = EPSON Stylus SX100_TX100 Manual
    "EPSON SX100 Series" = EPSON SX100 Series Printer Uninstall
    "FBX Plugin 2006.08 for Max 9.0" = FBX Plugin 2006.08 for Max 9.0
    "Google Chrome" = Google Chrome
    "Google Updater" = Google Updater
    "HP DeskJet 720C Series" = HP DeskJet Serie 720C (Quitar sólo)
    "ie8" = Windows Internet Explorer 8
    "LMS" = C-Dilla Licence Management System
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware versión 1.60.1.1000
    "Menfis 5.6" = Menfis 5.6
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 2.0 Language Pack - ESN" = Paquete de idioma de Microsoft .NET Framework 2.0 - ESN
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Nero - Burning Rom!UninstallKey" = Nero 6
    "NVIDIA" = NVIDIA Windows 2000/XP Display Drivers
    "Power Saver" = Ahorro de energía de TOSHIBA
    "PROSet" = Intel(R) Network Connections Drivers
    "RENT2005" = RENTA 2005
    "RENT2008" = RENTA 2008
    "RRK32.EXE" = El Conejo Lector - Kinder
    "Shockwave" = Shockwave
    "SynTPDeinstKey" = Synaptics Pointing Device Driver
    "TDspBtn" = Utilidad de cambio de dispositivo de visualización de TOSHIBA
    "TFNF5" = Utilidad de tecla directa TOSHIBA para dispositivos de pantalla
    "TOSHIBA Software Modem" = TOSHIBA Software Modem
    "TOSHIBA Utilities" = TOSHIBA Utilities
    "TouchED" = Utilidad de activación/desactivación de panel táctil de TOSHIBA V2.05.00
    "Volo View Express" = Volo View Express
    "WIC" = Windows Imaging Component
    "Windows Media Connect" = Windows Media Connect
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows Media Player" = Reproductor de Windows Media 10
    "Windows XP Service Pack" = Windows XP Service Pack 2
    "WinRAR archiver" = WinRAR archiver
    "WMFDist11" = Windows Media Format 11 runtime
    "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 16/03/2012 2:30:11 | Computer Name = TOSHIBA | Source = PerfNet | ID = 2002
    Description = No se puede abrir el servicio Redirector. No se devolverán datos de
    rendimiento
    del redirector. El código de error devuelto está en los datos DWORD 0.

    Error - 16/03/2012 3:06:12 | Computer Name = TOSHIBA | Source = PerfNet | ID = 2002
    Description = No se puede abrir el servicio Redirector. No se devolverán datos de
    rendimiento
    del redirector. El código de error devuelto está en los datos DWORD 0.

    Error - 19/03/2012 18:05:41 | Computer Name = TOSHIBA | Source = PerfNet | ID = 2002
    Description = No se puede abrir el servicio Redirector. No se devolverán datos de
    rendimiento
    del redirector. El código de error devuelto está en los datos DWORD 0.

    Error - 20/03/2012 17:48:08 | Computer Name = TOSHIBA | Source = PerfNet | ID = 2002
    Description = No se puede abrir el servicio Redirector. No se devolverán datos de
    rendimiento
    del redirector. El código de error devuelto está en los datos DWORD 0.

    [ System Events ]
    Error - 20/03/2012 17:48:38 | Computer Name = TOSHIBA | Source = Service Control Manager | ID = 7023
    Description = El servicio NLA (Network Location Awareness) terminó con el error:
    %%127

    Error - 20/03/2012 17:48:38 | Computer Name = TOSHIBA | Source = Service Control Manager | ID = 7023
    Description = El servicio NLA (Network Location Awareness) terminó con el error:
    %%127

    Error - 20/03/2012 17:48:38 | Computer Name = TOSHIBA | Source = Service Control Manager | ID = 7023
    Description = El servicio NLA (Network Location Awareness) terminó con el error:
    %%127

    Error - 20/03/2012 17:48:39 | Computer Name = TOSHIBA | Source = Workstation | ID = 5727
    Description = No se puede cargar el controlador de dispositivo MRxSmb.

    Error - 20/03/2012 17:48:39 | Computer Name = TOSHIBA | Source = Workstation | ID = 5727
    Description = No se puede cargar el controlador de dispositivo RDR.

    Error - 20/03/2012 17:48:39 | Computer Name = TOSHIBA | Source = Service Control Manager | ID = 7024
    Description = El servicio Estación de trabajo terminó con el error específico de
    servicio 2250 (0x8CA).

    Error - 20/03/2012 17:48:39 | Computer Name = TOSHIBA | Source = Service Control Manager | ID = 7001
    Description = El servicio Examinador de equipos depende del servicio Estación de
    trabajo, el cual no pudo iniciarse debido al siguiente error: %%1066

    Error - 20/03/2012 17:48:40 | Computer Name = TOSHIBA | Source = Service Control Manager | ID = 7023
    Description = El servicio NLA (Network Location Awareness) terminó con el error:
    %%127

    Error - 20/03/2012 18:23:00 | Computer Name = TOSHIBA | Source = Schedule | ID = 7901
    Description = No se puede ejecutar el comando At47.job debido al siguiente error:
    %%2147942402

    Error - 20/03/2012 18:23:00 | Computer Name = TOSHIBA | Source = Schedule | ID = 7901
    Description = No se puede ejecutar el comando At48.job debido al siguiente error:
    %%2147942402


    < End of report >
  16. Broni

    Broni Malware Annihilator Posts: 46,474   +252

    For 32-bit systems please download GrantPerms.zip and save it to your desktop.
    For 64-bit systems please download GrantPerms64.zip and save it to your desktop.
    Unzip the file and depending on the system run GrantPerms.exe or GrantPerms64.exe
    Copy and paste the following in the edit box:

    Code:
    C:\WINDOWS\$NtUninstallKB10188$
    
    Click Unlock. When it is done click "OK".
    Click List Permissions and post the result of Perms.txt file that pops up.
    A copy of Perms.txt will be saved in the same directory the tool is run.

    =====================================================================

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ql10wnt.dll -- (oraclesnmppeerencapsulator)
      SRV - File not found [Auto | Stopped] -- %systemroot%\system32\symidsco.dll -- (dwusbdnt)
      SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
      O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
      O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
      O3 - HKU\S-1-5-21-3417961138-2405943823-3877995022-1006\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
      O3 - HKU\S-1-5-21-3417961138-2405943823-3877995022-1006\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
      O4 - HKLM..\Run: [nwiz] nwiziiiiiiiiiiiii.exe /installquiet File not found
      O4 - HKLM..\Run: [TFncKy] TFncKyiiiiii.exe File not found
      O4 - HKLM..\Run: [TFNF5] TFNF5iiiiiiiiii.exe File not found
      O4 - HKLM..\Run: [TouchED] C:\Archivos de programa\TOSHIBA\TouchED\TouchEDiiiiiii.Exe File not found
      O15 - HKU\S-1-5-21-3417961138-2405943823-3877995022-1006\..Trusted Domains: ([]msn in My Computer)
      O15 - HKU\S-1-5-21-3417961138-2405943823-3877995022-1006\..Trusted Domains: gob.es ([agenciatributaria] https in Trusted sites)
      O33 - MountPoints2\{67bc6ff0-5e3b-11dd-9b67-000e355fbfa7}\Shell - "" = AutoRun
      O33 - MountPoints2\{67bc6ff0-5e3b-11dd-9b67-000e355fbfa7}\Shell\AutoRun\command - "" = E:\AutoRun.exe
      O33 - MountPoints2\{9edca040-50b5-11e1-9f50-000e355fbfa7}\Shell - "" = AutoRun
      O33 - MountPoints2\{9edca040-50b5-11e1-9f50-000e355fbfa7}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Toshiba Places.html
      O33 - MountPoints2\{c19fe0f0-d3a2-11db-9ae4-000e355fbfa7}\Shell\AutoRun\command - "" = E:\setupSNK.exe
      O33 - MountPoints2\{c79b5ca0-60a8-11dd-9b6c-000e355fbfa7}\Shell - "" = AutoRun
      O33 - MountPoints2\{c79b5ca0-60a8-11dd-9b6c-000e355fbfa7}\Shell\AutoRun\command - "" = E:\AutoRun.exe
      [2012/03/15 07:13:13 | 000,000,000 | -HS- | M] () -- C:\WINDOWS\System32\dds_trash_log.cmd
      
      :Files
      C:\WINDOWS\tasks\At*.job
      
      :Commands
      [purity]
      [emptytemp]
      [emptyjava]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.
    • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply. Only one log will be created.
  17. juako

    juako Newcomer, in training Topic Starter Posts: 34

    Here it comes:

    GrantPerms output:

    GrantPerms by Farbar
    Ran by Paula (administrator) at 2012-03-21 06:58:36

    ===============================================
    \\?\C:\WINDOWS\$NtUninstallKB10188$

    Owner: BUILTIN\Administradores

    DACL(P)(AI):
    BUILTIN\Administradores FULL ALLOW (CI)(OI)
    NT AUTHORITY\SYSTEM FULL ALLOW (CI)(OI)
    BUILTIN\Usuarios READ/EXECUTE ALLOW (CI)(OI)



    OTL fix output:


    All processes killed
    ========== OTL ==========
    Service oraclesnmppeerencapsulator stopped successfully!
    Service oraclesnmppeerencapsulator deleted successfully!
    File %systemroot%\system32\ql10wnt.dll not found.
    Service dwusbdnt stopped successfully!
    Service dwusbdnt deleted successfully!
    File %systemroot%\system32\symidsco.dll not found.
    Service AppMgmt stopped successfully!
    Service AppMgmt deleted successfully!
    File %SystemRoot%\System32\appmgmts.dll not found.
    Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
    Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
    Registry value HKEY_USERS\S-1-5-21-3417961138-2405943823-3877995022-1006\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
    Registry value HKEY_USERS\S-1-5-21-3417961138-2405943823-3877995022-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\nwiz deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\TFncKy deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\TFNF5 deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\TouchED deleted successfully.
    Registry value HKEY_USERS\S-1-5-21-3417961138-2405943823-3877995022-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-3417961138-2405943823-3877995022-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\gob.es\agenciatributaria\ deleted successfully.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{67bc6ff0-5e3b-11dd-9b67-000e355fbfa7}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67bc6ff0-5e3b-11dd-9b67-000e355fbfa7}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{67bc6ff0-5e3b-11dd-9b67-000e355fbfa7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67bc6ff0-5e3b-11dd-9b67-000e355fbfa7}\ not found.
    File E:\AutoRun.exe not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9edca040-50b5-11e1-9f50-000e355fbfa7}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9edca040-50b5-11e1-9f50-000e355fbfa7}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9edca040-50b5-11e1-9f50-000e355fbfa7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9edca040-50b5-11e1-9f50-000e355fbfa7}\ not found.
    File C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Toshiba Places.html not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c19fe0f0-d3a2-11db-9ae4-000e355fbfa7}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c19fe0f0-d3a2-11db-9ae4-000e355fbfa7}\ not found.
    File E:\setupSNK.exe not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c79b5ca0-60a8-11dd-9b6c-000e355fbfa7}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c79b5ca0-60a8-11dd-9b6c-000e355fbfa7}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c79b5ca0-60a8-11dd-9b6c-000e355fbfa7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c79b5ca0-60a8-11dd-9b6c-000e355fbfa7}\ not found.
    File E:\AutoRun.exe not found.
    C:\WINDOWS\system32\dds_trash_log.cmd moved successfully.
    ========== FILES ==========
    C:\WINDOWS\tasks\At1.job moved successfully.
    C:\WINDOWS\tasks\At10.job moved successfully.
    C:\WINDOWS\tasks\At11.job moved successfully.
    C:\WINDOWS\tasks\At12.job moved successfully.
    C:\WINDOWS\tasks\At13.job moved successfully.
    C:\WINDOWS\tasks\At14.job moved successfully.
    C:\WINDOWS\tasks\At15.job moved successfully.
    C:\WINDOWS\tasks\At16.job moved successfully.
    C:\WINDOWS\tasks\At17.job moved successfully.
    C:\WINDOWS\tasks\At18.job moved successfully.
    C:\WINDOWS\tasks\At19.job moved successfully.
    C:\WINDOWS\tasks\At2.job moved successfully.
    C:\WINDOWS\tasks\At20.job moved successfully.
    C:\WINDOWS\tasks\At21.job moved successfully.
    C:\WINDOWS\tasks\At22.job moved successfully.
    C:\WINDOWS\tasks\At23.job moved successfully.
    C:\WINDOWS\tasks\At24.job moved successfully.
    C:\WINDOWS\tasks\At25.job moved successfully.
    C:\WINDOWS\tasks\At26.job moved successfully.
    C:\WINDOWS\tasks\At27.job moved successfully.
    C:\WINDOWS\tasks\At28.job moved successfully.
    C:\WINDOWS\tasks\At29.job moved successfully.
    C:\WINDOWS\tasks\At3.job moved successfully.
    C:\WINDOWS\tasks\At30.job moved successfully.
    C:\WINDOWS\tasks\At31.job moved successfully.
    C:\WINDOWS\tasks\At32.job moved successfully.
    C:\WINDOWS\tasks\At33.job moved successfully.
    C:\WINDOWS\tasks\At34.job moved successfully.
    C:\WINDOWS\tasks\At35.job moved successfully.
    C:\WINDOWS\tasks\At36.job moved successfully.
    C:\WINDOWS\tasks\At37.job moved successfully.
    C:\WINDOWS\tasks\At38.job moved successfully.
    C:\WINDOWS\tasks\At39.job moved successfully.
    C:\WINDOWS\tasks\At4.job moved successfully.
    C:\WINDOWS\tasks\At40.job moved successfully.
    C:\WINDOWS\tasks\At41.job moved successfully.
    C:\WINDOWS\tasks\At42.job moved successfully.
    C:\WINDOWS\tasks\At43.job moved successfully.
    C:\WINDOWS\tasks\At44.job moved successfully.
    C:\WINDOWS\tasks\At45.job moved successfully.
    C:\WINDOWS\tasks\At46.job moved successfully.
    C:\WINDOWS\tasks\At47.job moved successfully.
    C:\WINDOWS\tasks\At48.job moved successfully.
    C:\WINDOWS\tasks\At5.job moved successfully.
    C:\WINDOWS\tasks\At6.job moved successfully.
    C:\WINDOWS\tasks\At7.job moved successfully.
    C:\WINDOWS\tasks\At8.job moved successfully.
    C:\WINDOWS\tasks\At9.job moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrador
    ->Temp folder emptied: 21723 bytes
    ->Temporary Internet Files folder emptied: 370939 bytes

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 11027078 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 146133227 bytes
    ->Flash cache emptied: 5700 bytes

    User: Paula
    ->Temp folder emptied: 64467174 bytes
    ->Temporary Internet Files folder emptied: 26389522 bytes
    ->Java cache emptied: 521077 bytes
    ->Google Chrome cache emptied: 6587289 bytes
    ->Flash cache emptied: 2110810 bytes

    User: Propietario

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 560200 bytes
    %systemroot%\System32 .tmp files removed: 2909 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 822894 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 247,00 mb


    [EMPTYJAVA]

    User: Administrador

    User: All Users

    User: Default User

    User: LocalService

    User: NetworkService

    User: Paula
    ->Java cache emptied: 0 bytes

    User: Propietario

    Total Java Files Cleaned = 0,00 mb


    [EMPTYFLASH]

    User: Administrador

    User: All Users

    User: Default User

    User: LocalService

    User: NetworkService
    ->Flash cache emptied: 0 bytes

    User: Paula
    ->Flash cache emptied: 0 bytes

    User: Propietario

    Total Flash Files Cleaned = 0,00 mb


    OTL by OldTimer - Version 3.2.39.1 log created on 03212012_070103

    Files\Folders moved on Reboot...

    Registry entries deleted on Reboot...
  18. juako

    juako Newcomer, in training Topic Starter Posts: 34

    OTL Scan output:

    OTL logfile created on: 21/03/2012 7:31:32 - Run 2
    OTL by OldTimer - Version 3.2.39.1 Folder = C:\Nueva carpeta
    Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000C0A | Country: España | Language: ESN | Date Format: dd/MM/yyyy

    2,00 Gb Total Physical Memory | 1,51 Gb Available Physical Memory | 75,57% Memory free
    2,60 Gb Paging File | 2,29 Gb Available in Paging File | 88,01% Paging File free
    Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Archivos de programa
    Drive C: | 55,89 Gb Total Space | 19,96 Gb Free Space | 35,71% Space Free | Partition Type: NTFS
    Drive E: | 1,83 Gb Total Space | 1,83 Gb Free Space | 100,00% Space Free | Partition Type: FAT

    Computer Name: TOSHIBA | User Name: Paula | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/03/20 23:00:28 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Nueva carpeta\OTL.exe
    PRC - [2011/10/23 01:15:52 | 000,086,016 | ---- | M] (alch) -- C:\Archivos de programa\ClamWin\bin\ClamTray.exe
    PRC - [2011/05/25 13:06:20 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Archivos de programa\Spybot - Search & Destroy\TeaTimer.exe
    PRC - [2009/02/25 20:02:54 | 000,072,704 | ---- | M] (Autodesk) -- C:\Archivos de programa\Archivos comunes\Autodesk Shared\Service\AdskScSrv.exe
    PRC - [2007/06/13 14:22:28 | 001,035,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2006/09/29 12:48:06 | 000,065,536 | ---- | M] () -- C:\Archivos de programa\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
    PRC - [2003/12/16 16:41:40 | 000,122,880 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\RegSrvc.exe
    PRC - [2003/12/02 17:05:54 | 000,028,672 | ---- | M] (TOSHIBA CORPORATION) -- C:\Archivos de programa\Toshiba\ConfigFree\CFSvcs.exe
    PRC - [2003/10/02 13:09:36 | 000,266,240 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSMain.exe
    PRC - [2003/10/02 13:09:22 | 000,040,960 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSBattM.exe
    PRC - [2003/09/15 15:33:22 | 000,065,536 | ---- | M] (TOSHIBA) -- C:\Archivos de programa\Toshiba\TOSCDSPD\TOSCDSPD.exe
    PRC - [2001/04/06 23:24:54 | 000,032,256 | ---- | M] (C-Dilla Ltd) -- C:\WINDOWS\system32\drivers\CDANTSRV.EXE


    ========== Modules (No Company Name) ==========

    MOD - [2009/02/27 18:35:50 | 000,311,296 | ---- | M] () -- C:\Archivos de programa\Archivos comunes\Adobe\Acrobat\ActiveX\pdfshell.ESP
    MOD - [2008/06/20 18:41:07 | 000,248,320 | ---- | M] () -- \\?\globalroot\systemroot\system32\mswsock.dll
    MOD - [2008/06/20 18:41:07 | 000,248,320 | ---- | M] () -- \\.\globalroot\systemroot\system32\mswsock.dll
    MOD - [2008/04/19 17:35:02 | 000,081,920 | ---- | M] () -- C:\Archivos de programa\ClamWin\bin\ExpShell.dll
    MOD - [2006/09/29 12:48:06 | 000,065,536 | ---- | M] () -- C:\Archivos de programa\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
    MOD - [2005/02/08 17:23:10 | 000,979,005 | ---- | M] () -- C:\Archivos de programa\ClamWin\bin\python23.dll
    MOD - [2004/11/20 03:27:54 | 000,106,496 | ---- | M] () -- C:\Archivos de programa\ClamWin\lib\shell.pyd
    MOD - [2004/11/20 03:27:54 | 000,086,016 | ---- | M] () -- C:\Archivos de programa\ClamWin\lib\win32gui.pyd
    MOD - [2004/11/20 03:27:54 | 000,077,824 | ---- | M] () -- C:\Archivos de programa\ClamWin\lib\win32file.pyd
    MOD - [2004/11/20 03:27:54 | 000,069,632 | ---- | M] () -- C:\Archivos de programa\ClamWin\lib\win32api.pyd
    MOD - [2004/11/20 03:27:54 | 000,065,536 | ---- | M] () -- C:\Archivos de programa\ClamWin\lib\win32security.pyd
    MOD - [2004/11/20 03:27:54 | 000,036,864 | ---- | M] () -- C:\Archivos de programa\ClamWin\lib\win32process.pyd
    MOD - [2004/11/20 03:27:54 | 000,024,576 | ---- | M] () -- C:\Archivos de programa\ClamWin\lib\win32pipe.pyd
    MOD - [2004/11/20 03:27:54 | 000,024,576 | ---- | M] () -- C:\Archivos de programa\ClamWin\lib\win32event.pyd
    MOD - [2004/10/11 20:22:18 | 000,315,392 | ---- | M] () -- C:\Archivos de programa\ClamWin\lib\pythoncom23.dll
    MOD - [2004/10/11 20:21:26 | 000,094,208 | ---- | M] () -- C:\Archivos de programa\ClamWin\lib\pywintypes23.dll
    MOD - [2004/05/25 21:20:30 | 000,036,864 | ---- | M] () -- C:\Archivos de programa\ClamWin\lib\_winreg.pyd
    MOD - [2004/05/25 21:19:32 | 000,045,117 | ---- | M] () -- C:\Archivos de programa\ClamWin\lib\datetime.pyd
    MOD - [2004/05/25 21:18:42 | 000,495,616 | ---- | M] () -- C:\Archivos de programa\ClamWin\lib\_ssl.pyd
    MOD - [2004/05/25 21:18:28 | 000,057,401 | ---- | M] () -- C:\Archivos de programa\ClamWin\lib\_sre.pyd
    MOD - [2004/05/25 21:18:20 | 000,049,212 | ---- | M] () -- C:\Archivos de programa\ClamWin\lib\_socket.pyd
    MOD - [2004/05/25 21:17:14 | 000,622,651 | ---- | M] () -- C:\Archivos de programa\ClamWin\lib\_bsddb.pyd
    MOD - [2004/01/15 14:45:22 | 000,061,440 | ---- | M] () -- C:\Archivos de programa\ClamWin\lib\_ctypes.pyd
    MOD - [2003/10/01 13:40:00 | 002,240,512 | ---- | M] () -- C:\Archivos de programa\ClamWin\lib\wxc.pyd
    MOD - [2003/10/01 11:43:02 | 003,239,936 | ---- | M] () -- C:\Archivos de programa\ClamWin\lib\wxmsw24h.dll
    MOD - [2003/08/10 09:14:40 | 000,061,440 | ---- | M] () -- C:\Archivos de programa\ClamWin\lib\mxDateTime.pyd
    MOD - [2003/05/15 14:43:24 | 000,119,808 | ---- | M] () -- C:\Archivos de programa\WinRAR\RarExt.dll
    MOD - [1998/09/25 09:56:00 | 000,033,384 | ---- | M] () -- C:\WINDOWS\system32\HPFiop14.dll
    MOD - [1998/09/25 09:55:42 | 000,137,232 | ---- | M] () -- C:\WINDOWS\system32\HPFmlc14.dll
    MOD - [1998/09/25 09:55:36 | 000,057,240 | ---- | M] () -- C:\WINDOWS\system32\HPFmem14.dll
    MOD - [1998/09/25 09:55:30 | 000,048,292 | ---- | M] () -- C:\WINDOWS\system32\HPFlpm14.dll
    MOD - [1998/09/25 09:55:20 | 000,072,368 | ---- | M] () -- C:\WINDOWS\system32\HPFcom14.dll


    ========== Win32 Services (SafeList) ==========

    SRV - [2011/05/25 13:06:20 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
    SRV - [2009/02/25 20:02:54 | 000,072,704 | ---- | M] (Autodesk) [Auto | Running] -- C:\Archivos de programa\Archivos comunes\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
    SRV - [2006/09/29 12:48:06 | 000,065,536 | ---- | M] () [Auto | Running] -- C:\Archivos de programa\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe -- (mi-raysat_3dsmax9_32) mental ray 3.5 Satellite (32-bit)
    SRV - [2004/08/19 23:43:11 | 000,005,632 | ---- | M] (Oak Technology Inc.) [Auto | Running] -- C:\WINDOWS\system32\vgasave.dll -- (btwdins)
    SRV - [2004/08/11 00:46:56 | 000,483,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Archivos de programa\Windows Media Connect\mswmccds.exe -- (WmcCds) Windows Media Connect (WMC)
    SRV - [2004/08/10 21:50:42 | 000,028,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Archivos de programa\Windows Media Connect\mswmcls.exe -- (WmcCdsLs) Aplicación auxiliar de Windows Media Connect (WMC)
    SRV - [2003/12/16 16:42:32 | 000,311,363 | ---- | M] (Intel Corporation ) [Auto | Stopped] -- C:\WINDOWS\system32\S24EvMon.exe -- (S24EventMonitor)
    SRV - [2003/12/16 16:41:40 | 000,122,880 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\WINDOWS\system32\RegSrvc.exe -- (RegSrvc)
    SRV - [2003/12/02 17:05:54 | 000,028,672 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Archivos de programa\Toshiba\ConfigFree\CFSvcs.exe -- (CFSvcs)
    SRV - [2003/07/28 20:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Archivos de programa\Archivos comunes\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
    SRV - [2001/04/06 23:24:54 | 000,032,256 | ---- | M] (C-Dilla Ltd) [Auto | Running] -- C:\WINDOWS\system32\drivers\CDANTSRV.EXE -- (C-DillaSrv)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
    DRV - File not found [Kernel | On_Demand | Stopped] -- System32\DRIVERS\SynTP.sys -- (SynTP)
    DRV - File not found [Kernel | Auto | Stopped] -- System32\DRIVERS\s24trans.sys -- (s24trans)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
    DRV - File not found [Kernel | On_Demand | Stopped] -- System32\DRIVERS\tossdpci.sys -- (pciSd)
    DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
    DRV - File not found [Kernel | Auto | Stopped] -- System32\DRIVERS\mdc8021x.sys -- (MDC8021X) AEGIS Protocol (IEEE 802.1x)
    DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
    DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbmdm.sys -- (hwdatacard)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewdcsc.sys -- (Huawei)
    DRV - File not found [Kernel | System | Stopped] -- -- (FD)
    DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Paula\CONFIG~1\Temp\catchme.sys -- (catchme)
    DRV - [2012/03/05 08:59:02 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF) WinPcap Packet Driver (NPF)
    DRV - [2011/02/11 01:34:28 | 000,987,904 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8192cu.sys -- (RTL8192cu)
    DRV - [2006/11/10 14:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
    DRV - [2004/03/02 17:37:50 | 000,125,184 | ---- | M] (Ahead Software AG) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\imagesrv.sys -- (imagesrv)
    DRV - [2004/03/02 17:37:48 | 000,005,504 | ---- | M] (Ahead Software AG) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\imagedrv.sys -- (imagedrv)
    DRV - [2004/01/02 02:52:34 | 001,646,720 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w22n51.sys -- (w22n51) Controlador Intel(R)
    DRV - [2003/12/05 02:50:28 | 000,979,840 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w70n51.sys -- (w70n51) Controlador Intel(R)
    DRV - [2003/08/07 14:52:00 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\TVALZ.SYS -- (TVALZ)
    DRV - [2003/07/17 17:19:32 | 000,230,416 | R--- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\stac97.sys -- (STAC97) Audio Driver (WDM)
    DRV - [2003/05/14 16:38:32 | 000,025,888 | R--- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tsdhd.sys -- (tsdhd)
    DRV - [2003/01/29 14:35:00 | 000,012,032 | ---- | M] (TOSHIBA Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Netdevio.sys -- (Netdevio)
    DRV - [2002/11/20 13:53:14 | 000,033,664 | R--- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gv3.sys -- (gv3)
    DRV - [2002/09/17 15:12:38 | 000,809,872 | R--- | M] (LT) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LTSM.sys -- (TOSHIBASoftModem)
    DRV - [2001/09/11 10:54:32 | 000,038,425 | R--- | M] (SMC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)
    DRV - [1998/09/25 09:54:28 | 000,052,800 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HPFecp14.sys -- (HPFECP14)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
    IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
    IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.es/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
    IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GPEA_esES339
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


    ========== FireFox ==========

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Archivos de programa\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Archivos de programa\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Archivos de programa\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Archivos de programa\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Archivos de programa\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Archivos de programa\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Archivos de programa\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)



    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Archivos de programa\Google\Chrome\Application\16.0.912.75\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Archivos de programa\Google\Chrome\Application\16.0.912.75\pdf.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Archivos de programa\Google\Chrome\Application\16.0.912.75\gcswf32.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Archivos de programa\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Java Deployment Toolkit 6.0.200.2 (Enabled) = C:\Archivos de programa\Java\jre6\bin\new_plugin\npdeployJava1.dll
    CHR - plugin: Java(TM) Platform SE 6 U20 (Enabled) = C:\Archivos de programa\Java\jre6\bin\new_plugin\npjp2.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Archivos de programa\QuickTime\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Archivos de programa\QuickTime\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Archivos de programa\QuickTime\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Archivos de programa\QuickTime\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Archivos de programa\QuickTime\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Archivos de programa\QuickTime\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Archivos de programa\QuickTime\plugins\npqtplugin7.dll
    CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Archivos de programa\Windows Media Player\npdrmv2.dll
    CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Archivos de programa\Windows Media Player\npwmsdrm.dll
    CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Archivos de programa\Windows Media Player\npdsplay.dll
    CHR - plugin: Google Updater (Enabled) = C:\Archivos de programa\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
    CHR - plugin: Google Update (Enabled) = C:\Archivos de programa\Google\Update\1.3.21.79\npGoogleUpdate3.dll
    CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Archivos de programa\Viewpoint\Viewpoint Media Player\npViewpoint.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Archivos de programa\iTunes\Mozilla Plugins\npitunes.dll
    CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
    CHR - plugin: Default Plug-in (Enabled) = default_plugin

    O1 HOSTS File: ([2012/03/05 09:00:00 | 000,000,761 | RHS- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O2 - BHO: (Aplicación auxiliar de vínculos de Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Archivos comunes\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Archivos de programa\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Archivos de programa\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
    O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Archivos de programa\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
    O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Archivos de programa\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
    O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Archivos de programa\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
    O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Archivos de programa\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
    O3 - HKCU\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Archivos de programa\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
    O4 - HKLM..\Run: [ClamWin] C:\Archivos de programa\ClamWin\bin\ClamTray.exe (alch)
    O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [PRONoMgr.exe] c:\Archivos de programa\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe (Intel(R) Corporation)
    O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Archivos de programa\Java\jre6\bin\jusched.exe" File not found
    O4 - HKLM..\Run: [SynTPLpr] C:\Archivos de programa\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
    O4 - HKLM..\Run: [TPSMain] C:\WINDOWS\System32\TPSMain.exe (TOSHIBA Corporation)
    O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Archivos de programa\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
    O4 - HKCU..\Run: [TOSCDSPD] C:\Archivos de programa\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Archivos de programa\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Archivos de programa\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Archivos de programa\Bonjour\mdnsNSP.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Archivos de programa\Bonjour\mdnsNSP.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Archivos de programa\Bonjour\mdnsNSP.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Archivos de programa\Bonjour\mdnsNSP.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Archivos de programa\Bonjour\mdnsNSP.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Archivos de programa\Bonjour\mdnsNSP.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Archivos de programa\Bonjour\mdnsNSP.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Archivos de programa\Bonjour\mdnsNSP.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Archivos de programa\Bonjour\mdnsNSP.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Archivos de programa\Bonjour\mdnsNSP.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Archivos de programa\Bonjour\mdnsNSP.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Archivos de programa\Bonjour\mdnsNSP.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Archivos de programa\Bonjour\mdnsNSP.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Archivos de programa\Bonjour\mdnsNSP.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Archivos de programa\Bonjour\mdnsNSP.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Archivos de programa\Bonjour\mdnsNSP.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Archivos de programa\Bonjour\mdnsNSP.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Archivos de programa\Bonjour\mdnsNSP.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Archivos de programa\Bonjour\mdnsNSP.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Archivos de programa\Bonjour\mdnsNSP.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Archivos de programa\Bonjour\mdnsNSP.dll File not found
    O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{133FA5E4-7B7B-486E-A4F7-361C7D6D6924}: DhcpNameServer = 192.168.1.1
    O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
    O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\Sebring: DllName - (c:\WINDOWS\System32\LgNotify.dll) - C:\WINDOWS\system32\LgNotify.dll (Intel Corporation)
    O24 - Desktop Components:0 (Mi página de inicio actual) - About:Home
    O24 - Desktop WallPaper: C:\Documents and Settings\Paula\Configuración local\Datos de programa\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Paula\Configuración local\Datos de programa\Microsoft\Wallpaper1.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2003/10/13 08:34:10 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/03/21 07:01:04 | 000,000,000 | ---D | C] -- C:\_OTL
    [2012/03/16 07:46:47 | 000,000,000 | --SD | C] -- C:\ComboFix
    [2012/03/15 07:32:24 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2012/03/15 07:29:31 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2012/03/15 07:29:31 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2012/03/15 07:29:31 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2012/03/15 07:29:31 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2012/03/15 07:29:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2012/03/15 07:29:07 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/03/15 07:28:13 | 004,436,007 | R--- | C] (Swearware) -- C:\Documents and Settings\Paula\Escritorio\ComboFix.exe
    [2012/03/13 23:03:52 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
    [2012/03/13 23:01:17 | 002,063,920 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Paula\Escritorio\TDSSKiller.exe
    [2012/03/12 23:32:27 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Paula\Menú Inicio\Programas\Herramientas administrativas
    [2012/03/12 22:51:07 | 000,000,000 | ---D | C] -- C:\Nueva carpeta (2)
    [2012/03/12 22:33:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paula\Datos de programa\Malwarebytes
    [2012/03/12 22:32:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menú Inicio\Programas\Malwarebytes' Anti-Malware
    [2012/03/12 22:32:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Datos de programa\Malwarebytes
    [2012/03/12 22:32:42 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2012/03/12 22:32:42 | 000,000,000 | ---D | C] -- C:\Archivos de programa\Malwarebytes' Anti-Malware
    [2012/03/10 11:06:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menú Inicio\Programas\Spybot - Search & Destroy
    [2012/03/10 11:06:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Datos de programa\Spybot - Search & Destroy
    [2012/03/10 11:06:09 | 000,000,000 | ---D | C] -- C:\Archivos de programa\Spybot - Search & Destroy
    [2012/03/10 10:46:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Datos de programa\Windows Genuine Advantage
    [2012/03/09 20:09:27 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0
    [2012/03/05 09:13:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Datos de programa\Google
    [2012/03/05 08:59:02 | 000,281,104 | ---- | C] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\wpcap.dll
    [2012/03/05 08:59:02 | 000,100,880 | ---- | C] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\Packet.dll
    [2012/03/05 08:59:02 | 000,050,704 | ---- | C] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\drivers\npf.sys
    [2012/03/03 20:49:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Datos de programa\Macromedia
    [2012/03/03 20:49:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Datos de programa\Adobe
    [2012/03/03 20:39:59 | 000,000,000 | ---D | C] -- C:\Program Files
    [2012/03/02 12:04:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menú Inicio\Programas\Microsoft Silverlight
    [2012/03/02 12:04:42 | 000,000,000 | ---D | C] -- C:\Archivos de programa\Microsoft Silverlight

    ========== Files - Modified Within 30 Days ==========

    [2012/03/21 07:25:31 | 000,001,098 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2012/03/21 07:25:06 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2012/03/21 07:01:12 | 000,505,254 | ---- | M] () -- C:\WINDOWS\System32\perfh00A.dat
    [2012/03/21 07:01:12 | 000,441,458 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2012/03/21 07:01:12 | 000,090,812 | ---- | M] () -- C:\WINDOWS\System32\perfc00A.dat
    [2012/03/21 07:01:11 | 000,071,394 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2012/03/19 23:04:37 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2012/03/16 08:39:13 | 000,001,102 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2012/03/15 07:32:33 | 000,000,327 | RHS- | M] () -- C:\boot.ini
    [2012/03/15 07:19:01 | 004,436,007 | R--- | M] (Swearware) -- C:\Documents and Settings\Paula\Escritorio\ComboFix.exe
    [2012/03/14 07:26:14 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2012/03/12 22:46:10 | 000,001,876 | ---- | M] () -- C:\Documents and Settings\All Users\Escritorio\Google Chrome.lnk
    [2012/03/12 22:32:44 | 000,000,833 | ---- | M] () -- C:\Documents and Settings\All Users\Escritorio\Malwarebytes Anti-Malware.lnk
    [2012/03/10 11:06:18 | 000,000,982 | ---- | M] () -- C:\Documents and Settings\Paula\Escritorio\Spybot - Search & Destroy.lnk
    [2012/03/09 17:12:06 | 002,063,920 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Paula\Escritorio\TDSSKiller.exe
    [2012/03/05 08:59:02 | 000,281,104 | ---- | M] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\wpcap.dll
    [2012/03/05 08:59:02 | 000,100,880 | ---- | M] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\Packet.dll
    [2012/03/05 08:59:02 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\drivers\npf.sys
    [2012/02/28 12:01:01 | 000,000,298 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2012/02/22 20:18:13 | 000,062,976 | ---- | M] () -- C:\Documents and Settings\Paula\Configuración local\Datos de programa\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

    ========== Files Created - No Company Name ==========

    [2012/03/15 07:32:33 | 000,000,211 | ---- | C] () -- C:\Boot.bak
    [2012/03/15 07:32:28 | 000,260,272 | RHS- | C] () -- C:\cmldr
    [2012/03/15 07:29:31 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2012/03/15 07:29:31 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2012/03/15 07:29:31 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2012/03/15 07:29:31 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2012/03/15 07:29:31 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2012/03/12 22:32:44 | 000,000,833 | ---- | C] () -- C:\Documents and Settings\All Users\Escritorio\Malwarebytes Anti-Malware.lnk
    [2012/03/10 11:06:18 | 000,000,982 | ---- | C] () -- C:\Documents and Settings\Paula\Escritorio\Spybot - Search & Destroy.lnk
    [2012/03/03 20:49:27 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2012/01/26 20:36:38 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
    [2011/12/21 20:05:06 | 000,038,668 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
    [2011/05/22 11:36:44 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\adedinet.dll
    [2010/06/27 10:13:11 | 000,010,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS

    ========== LOP Check ==========

    [2009/02/25 19:59:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\Autodesk
    [2009/06/06 12:01:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\EPSON
    [2009/06/06 12:08:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\UDL
    [2004/12/23 21:31:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\Viewpoint
    [2011/08/27 18:57:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [2009/02/02 11:49:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paula\Datos de programa\Autodesk
    [2010/12/17 20:26:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paula\Datos de programa\EPSON
    [2008/10/31 10:26:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paula\Datos de programa\ICAClient
    [2009/02/08 17:59:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paula\Datos de programa\InterVideo
    [2008/07/30 14:31:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paula\Datos de programa\Telefónica Móviles

    ========== Purity Check ==========



    < End of report >
  19. juako

    juako Newcomer, in training Topic Starter Posts: 34

    Regarding some entries in the Registry from previous logs (not these ones), some of them ending in "iiiiii", or such names, I did those changes, before talking to you on this thread. I was trying to remove useless processs at the Run section of the registry, and before removing lines, I renamed them to check that the change was not important to the system. I forgot to remove afterwards the lines, so they have been kept in the registry till now. Just for you to know.

    I will be out till Sunday evening, so i will not be able to do any more tries to the computer. Broni, if you do not mind, the next steps you tell me, I will apply them on Sunday, so you will get the logs on that day.

    Broni, thank you very much for your help!!
  20. juako

    juako Newcomer, in training Topic Starter Posts: 34

    by the way, the computer will not be used till I come back, so no changes will be made on it.
  21. Broni

    Broni Malware Annihilator Posts: 46,474   +252

    Very well.
    When you have a chance see if Combofix will run now.
  22. Broni

    Broni Malware Annihilator Posts: 46,474   +252

    Reopened....
  23. juako

    juako Newcomer, in training Topic Starter Posts: 34

    OK, thank you. Copy back it here.

    You suggested me to retry ComboFix again.

    It did not work properly, as the previous one: I did the first way, following your instructions. Combofix created the recovery point properly, and ran for a while. Then it showed a message saying that it had detected a RootKit.ZeroAccess in the TCP/IP stack. I pressed ok, and everything hang: no activity in HD, nothing. Waited for a very long time (30m at least), but nothing, no HD activity.

    After restart, I did ran the program again, but in safe mode. This time kept working for a while after the RootKit.ZeroAccess message, it showed another simple message" Rootkit Detected", pressed again ok, and the system hang the same way as before, same behaviour.

    I did not tryied RKill, since you said I had to do one of the two options, and as I understand, RKill permits ComboFix running. But my problems is that it runs, but a certain point, halts.
  24. Broni

    Broni Malware Annihilator Posts: 46,474   +252

    Re-run OTL.

    Use the following settings:

    • Click the NONE button
    • Under Custom Scans/Fixes paste:
    Code:
    /md5start
    mrxsmb.sys
    netbt.sys
    /md5stop
    • Finally hit Run Scan and wait for the log to open.
    • Please post the content of the log into your next reply.
  25. juako

    juako Newcomer, in training Topic Starter Posts: 34

    Output from OTL:

    OTL logfile created on: 29/03/2012 23:10:53 - Run 3
    OTL by OldTimer - Version 3.2.39.1 Folder = C:\Nueva carpeta
    Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000C0A | Country: España | Language: ESN | Date Format: dd/MM/yyyy

    2,00 Gb Total Physical Memory | 1,59 Gb Available Physical Memory | 79,61% Memory free
    2,60 Gb Paging File | 2,37 Gb Available in Paging File | 91,08% Paging File free
    Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Archivos de programa
    Drive C: | 55,89 Gb Total Space | 19,91 Gb Free Space | 35,62% Space Free | Partition Type: NTFS

    Computer Name: TOSHIBA | User Name: Paula | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

    ========== Custom Scans ==========

    < MD5 for: MRXSMB.SYS >
    [2002/09/10 22:00:00 | 010,180,710 | ---- | M] () .cab file -- C:\I386\sp1.cab:mrxsmb.sys
    [2002/09/10 22:00:00 | 010,180,710 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:mrxsmb.sys
    [2004/12/22 21:37:30 | 022,285,982 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:mrxsmb.sys
    [2004/12/22 21:37:30 | 022,285,982 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:mrxsmb.sys
    [2006/05/05 11:41:45 | 000,453,120 | ---- | M] (Microsoft Corporation) MD5=025AF03CE51645C62F3B6907A7E2BE5E -- C:\WINDOWS\$NtUninstallKB957097$\mrxsmb.sys
    [2004/08/04 08:15:16 | 000,451,456 | ---- | M] (Microsoft Corporation) MD5=1FD607FC67F7F7C633C3DA65BFC53D18 -- C:\WINDOWS\$NtUninstallKB885835$\mrxsmb.sys
    [2004/08/04 08:15:16 | 000,451,456 | ---- | M] (Microsoft Corporation) MD5=1FD607FC67F7F7C633C3DA65BFC53D18 -- C:\WINDOWS\ServicePackFiles\i386\mrxsmb.sys
    [2009/12/04 15:37:07 | 000,456,832 | ---- | M] (Microsoft Corporation) MD5=31422F271B5F3E257339541E76569A00 -- C:\WINDOWS\$hf_mig$\KB978251\SP2QFE\mrxsmb.sys
    [2010/02/24 14:48:23 | 000,457,216 | ---- | M] (Microsoft Corporation) MD5=3500E756812E716351F2D341AE1D5623 -- C:\WINDOWS\$hf_mig$\KB980232\SP2QFE\mrxsmb.sys
    [2009/12/04 20:22:22 | 000,455,424 | ---- | M] (Microsoft Corporation) MD5=421F7B922CEC5A5F340E7574A98F7B7C -- C:\WINDOWS\$hf_mig$\KB978251\SP3GDR\mrxsmb.sys
    [2005/01/19 06:26:52 | 000,451,584 | ---- | M] (Microsoft Corporation) MD5=5DDC9A1B2EB5A4BF010CE8C019A18C1F -- C:\WINDOWS\$NtUninstallKB914389$\mrxsmb.sys
    [2009/12/04 19:25:56 | 000,456,832 | ---- | M] (Microsoft Corporation) MD5=602549D1E8A622E5746991F6C56B21CA -- C:\WINDOWS\$hf_mig$\KB978251\SP3QFE\mrxsmb.sys
    [2008/10/24 13:21:09 | 000,455,296 | ---- | M] (Microsoft Corporation) MD5=60AE98742484E7AB80C3C1450E708148 -- C:\WINDOWS\$hf_mig$\KB957097\SP3GDR\mrxsmb.sys
    [2008/04/13 21:17:01 | 000,456,576 | ---- | M] (Microsoft Corporation) MD5=68755F0FF16070178B54674FE5B847B0 -- C:\WINDOWS\SoftwareDistribution\Download\2aeaf54e7e4b5f583622470fe7c5fdef\mrxsmb.sys
    [2008/10/24 13:10:42 | 000,453,632 | ---- | M] (Microsoft Corporation) MD5=6F2D483B97B395544E59749C47963C6A -- C:\WINDOWS\$NtUninstallKB978251$\mrxsmb.sys
    [2008/10/24 13:41:11 | 000,455,936 | ---- | M] (Microsoft Corporation) MD5=7170AB42B51954DEF2781A4D1CCE65F4 -- C:\WINDOWS\$hf_mig$\KB957097\SP3QFE\mrxsmb.sys
    [2006/05/05 12:16:39 | 000,454,400 | ---- | M] (Microsoft Corporation) MD5=7412CE77C6FD823F8889B4DF420C680B -- C:\WINDOWS\$hf_mig$\KB914389\SP2QFE\mrxsmb.sys
    [2002/09/10 22:00:00 | 000,407,552 | ---- | M] (Microsoft Corporation) MD5=7A3A2BE44E12E2ABDE1AF891E83AC130 -- C:\WINDOWS\$NtUninstallQ810577$\mrxsmb.sys
    [2005/01/19 05:51:57 | 000,451,584 | ---- | M] (Microsoft Corporation) MD5=7B195060FF456FA65954C72C5C1640FF -- C:\WINDOWS\$hf_mig$\KB885250\SP2QFE\mrxsmb.sys
    [2004/10/28 03:15:16 | 000,448,128 | ---- | M] (Microsoft Corporation) MD5=A1BE3CB080DCC0A8270D21E3CA3B7005 -- C:\WINDOWS\$hf_mig$\KB885835\SP2QFE\mrxsmb.sys
    [2004/10/28 03:14:18 | 000,448,128 | ---- | M] (Microsoft Corporation) MD5=C9D17DAA82B917CF2FD6E4F595974934 -- C:\WINDOWS\$hf_mig$\KB885835\SP2GDR\mrxsmb.sys
    [2004/10/28 03:14:18 | 000,448,128 | ---- | M] (Microsoft Corporation) MD5=C9D17DAA82B917CF2FD6E4F595974934 -- C:\WINDOWS\$NtUninstallKB885250$\mrxsmb.sys
    [2008/10/24 13:25:29 | 000,455,936 | ---- | M] (Microsoft Corporation) MD5=D07DA410091143336DAE419A921AAE2B -- C:\WINDOWS\$hf_mig$\KB957097\SP2QFE\mrxsmb.sys
    [2010/02/24 13:57:57 | 000,457,216 | ---- | M] (Microsoft Corporation) MD5=D09B9F0B9960DD41E73127B7814C115F -- C:\WINDOWS\$hf_mig$\KB980232\SP3QFE\mrxsmb.sys
    [2002/11/18 11:27:40 | 000,392,576 | ---- | M] (Microsoft Corporation) MD5=D4BD5EF775AD4FB0B8E3786F674DABDD -- C:\WINDOWS\$NtUninstallKB885835_0$\mrxsmb.sys
    [2004/10/12 18:22:52 | 000,436,608 | ---- | M] (Microsoft Corporation) MD5=E5D956E9839C75CCABDDEDC07E17670C -- C:\WINDOWS\$NtServicePackUninstall$\mrxsmb.sys
    [2010/02/24 15:11:07 | 000,455,680 | ---- | M] (Microsoft Corporation) MD5=F3AEFB11ABC521122B67095044169E98 -- C:\WINDOWS\$hf_mig$\KB980232\SP3GDR\mrxsmb.sys
    [2009/12/04 16:41:55 | 000,453,760 | ---- | M] (Microsoft Corporation) MD5=F9692BE777822AB3F1A91C34728786DA -- C:\WINDOWS\$NtUninstallKB980232$\mrxsmb.sys
    [2010/02/24 14:31:30 | 000,454,016 | ---- | M] (Microsoft Corporation) MD5=FB6C89BB3CE282B08BDB1E3C179E1C39 -- C:\WINDOWS\Driver Cache\i386\mrxsmb.sys
    [2010/02/24 14:31:30 | 000,454,016 | ---- | M] (Microsoft Corporation) MD5=FB6C89BB3CE282B08BDB1E3C179E1C39 -- C:\WINDOWS\system32\dllcache\mrxsmb.sys
    [2012/03/14 07:39:05 | 000,454,016 | ---- | M] (Microsoft Corporation) MD5=FB6C89BB3CE282B08BDB1E3C179E1C39 -- C:\WINDOWS\system32\drivers\mrxsmb.sys

    < MD5 for: NETBT.SYS >
    [2004/08/04 08:14:37 | 000,162,816 | ---- | M] (Microsoft Corporation) MD5=0C80E410CD2F47134407EE7DD19CC86B -- C:\WINDOWS\ServicePackFiles\i386\netbt.sys
    [2004/08/04 08:14:37 | 000,162,816 | ---- | M] (Microsoft Corporation) MD5=0C80E410CD2F47134407EE7DD19CC86B -- C:\WINDOWS\system32\dllcache\netbt.sys
    [2004/08/04 08:14:37 | 000,162,816 | ---- | M] (Microsoft Corporation) MD5=0C80E410CD2F47134407EE7DD19CC86B -- C:\WINDOWS\system32\drivers\netbt.sys
    [2008/04/13 21:21:00 | 000,162,816 | ---- | M] (Microsoft Corporation) MD5=74B2B2F5BEA5E9A3DC021D685551BD3D -- C:\WINDOWS\SoftwareDistribution\Download\2aeaf54e7e4b5f583622470fe7c5fdef\netbt.sys
    [2002/09/10 22:00:00 | 000,157,056 | ---- | M] (Microsoft Corporation) MD5=D96F3BC5A6E7452B0E3275B560DC8528 -- C:\WINDOWS\$NtServicePackUninstall$\netbt.sys

    < End of report >


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.