Inactive 5-step V/S/M preliminary removal instructions - DDS not ending

juako

Posts: 33   +0
Hello.
I had problems with computer starting annoying web pages on its own. I thought it was a virus, but antivirus (clamwin) did not detect anything. Spybot Search and rescue did not detect anything relevant either. I detected many network connections. I tried to update to Service Pack 3, but it failed, because acpi.sys was used by another process. I looked for this kind of error, and came to this forum.

I followed the 5-Step guide, but DDS.src did not ended. It started, shew me the information, progress was ok, but after some "#" (many of them, I guess was near the end) it stoped. I could then do anything on the computer. After some keys, it sounded a "bit" and then the cursor did not moved any more, so I had to do a hard reboot. Tried to launch DDS several times, with the same result. Note that my computer did not recognize the .src as an executable, but as some particular autocad extension. So i renamed DDS.src to DDS.exe and it started ok, but with the result shown before.

I can post now on my following messages the results of the other command. Please note that I ran the command twice, and as I got 2 different logs, I post both of them (sorry if it was not needed)

Any help will be welcomed!
Thanks in advance
 
5-Step.... DDS not ending - LOGS

RUN 1: MALWAREBYTES ANTI-MALWARE

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Versión de la Base de Datos: v2012.03.12.06

Windows XP Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.18702
Paula :: TOSHIBA [administrador]

12/03/2012 22:36:10
mbam-log-2012-03-12 (22-36-10).txt

Tipos de Análisis: Análisis Rápido
Opciones de análisis activado: Memoria | Inicio | Registro | Sistema de archivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM
Opciones de análisis desactivados: P2P
Objetos examinados: 215152
Tiempo transcurrido: 11 minuto(s), 37 segundo(s)

Procesos en Memoria Detectados: 1
C:\WINDOWS\system32\nM5OdFGKA.com (Backdoor.Bot) -> 3732 -> Se eliminarán al reiniciar.

Módulos de Memoria Detectados: 1
C:\WINDOWS\system32\ql10wnt.dll (RootKit.0Access.H) -> Se eliminarán al reiniciar.

Claves del Registro Detectados: 0
(No se han detectado elementos maliciosos)

Valores del Registro Detectados: 0
(No se han detectado elementos maliciosos)

Elementos de Datos del Registro Detectados: 2
HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Malo: (1) Bueno: (0) -> En cuarentena y reparado con éxito.
HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Malo: (1) Bueno: (0) -> En cuarentena y reparado con éxito.

Carpetas Detectadas: 0
(No se han detectado elementos maliciosos)

Archivos Detectados: 7
C:\WINDOWS\system32\ql10wnt.dll (RootKit.0Access.H) -> Se eliminarán al reiniciar.
C:\WINDOWS\system32\nM5OdFGKA.com (Backdoor.Bot) -> Se eliminarán al reiniciar.
C:\WINDOWS\system32\nM5OdFGKA.com_ (Backdoor.Bot) -> Se eliminarán al reiniciar.
C:\WINDOWS\system32\pepifilter.dll (RootKit.0Access.H) -> En cuarentena y eliminado con éxito.
C:\WINDOWS\system32\com0com.dll (RootKit.0Access.H) -> En cuarentena y eliminado con éxito.
C:\WINDOWS\system32\SRS_SSCFilter.dll (RootKit.0Access.H) -> En cuarentena y eliminado con éxito.
C:\WINDOWS\flash.exe (Trojan.Agent) -> En cuarentena y eliminado con éxito.

fin)


RUN 1 - GMER.LOG

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-03-12 23:10:46
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 IC25N060ATMR04-0 rev.MO3OAD4A
Running: 1y04sjdo.exe; Driver: C:\DOCUME~1\Paula\CONFIG~1\Temp\pwrdipow.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 mouclass.sys (Controlador del tipo de Mouse/Microsoft Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

---- Threads - GMER 1.0.15 ----

Thread System [4:676] 89A7B39F
Thread System [4:956] 872560F4

---- Processes - GMER 1.0.15 ----

Process C:\WINDOWS\system32\ping.exe (*** hidden *** ) 3136

---- EOF - GMER 1.0.15 ----


RUN 2: MALWAREBYTES ANTI-MALWARE

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Versión de la Base de Datos: v2012.03.12.06

Windows XP Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.18702
Paula :: TOSHIBA [administrador]

12/03/2012 23:48:42
mbam-log-2012-03-12 (23-48-42).txt

Tipos de Análisis: Análisis Rápido
Opciones de análisis activado: Memoria | Inicio | Registro | Sistema de archivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM
Opciones de análisis desactivados: P2P
Objetos examinados: 213010
Tiempo transcurrido: 5 minuto(s), 14 segundo(s)

Procesos en Memoria Detectados: 0
(No se han detectado elementos maliciosos)

Módulos de Memoria Detectados: 1
C:\WINDOWS\system32\symidsco.dll (RootKit.0Access.H) -> Se eliminarán al reiniciar.

Claves del Registro Detectados: 0
(No se han detectado elementos maliciosos)

Valores del Registro Detectados: 0
(No se han detectado elementos maliciosos)

Elementos de Datos del Registro Detectados: 0
(No se han detectado elementos maliciosos)

Carpetas Detectadas: 0
(No se han detectado elementos maliciosos)

Archivos Detectados: 1
C:\WINDOWS\system32\symidsco.dll (RootKit.0Access.H) -> Se eliminarán al reiniciar.

fin)


RUN 2 - GMER.LOG

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-03-13 00:02:14
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 IC25N060ATMR04-0 rev.MO3OAD4A
Running: 8epj3zhe.exe; Driver: C:\DOCUME~1\Paula\CONFIG~1\Temp\pwrdipow.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 mouclass.sys (Controlador del tipo de Mouse/Microsoft Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

---- Threads - GMER 1.0.15 ----

Thread System [4:640] 89A7A39F
Thread System [4:784] 897A70F4

---- EOF - GMER 1.0.15 ----
 
Welcome aboard
yahooo.gif


Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

===============================================================

Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
 
5-Step.... DDS not ending - TDSSKiller Log

Thank you for you help.
This is the output of the TDSSKiller:

23:01:34.0602 3456 TDSS rootkit removing tool 2.7.20.0 Mar 9 2012 17:10:43
23:01:34.0942 3456 ============================================================
23:01:34.0942 3456 Current date / time: 2012/03/13 23:01:34.0942
23:01:34.0942 3456 SystemInfo:
23:01:34.0942 3456
23:01:34.0942 3456 OS Version: 5.1.2600 ServicePack: 2.0
23:01:34.0942 3456 Product type: Workstation
23:01:34.0942 3456 ComputerName: TOSHIBA
23:01:34.0942 3456 UserName: Pala
23:01:34.0942 3456 Windows directory: C:\WINDOWS
23:01:34.0942 3456 System windows directory: C:\WINDOWS
23:01:34.0942 3456 Processor architecture: Intel x86
23:01:34.0942 3456 Number of processors: 1
23:01:34.0942 3456 Page size: 0x1000
23:01:34.0942 3456 Boot type: Normal boot
23:01:34.0942 3456 ============================================================
23:01:37.0546 3456 Drive \Device\Harddisk0\DR0 - Size: 0xDF8F90000 (55.89 Gb), SectorSize: 0x200, Cylinders: 0x1C80, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
23:01:37.0556 3456 \Device\Harddisk0\DR0:
23:01:37.0556 3456 MBR used
23:01:37.0556 3456 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x6FC7C41
23:01:37.0606 3456 Initialize success
23:01:37.0606 3456 ============================================================
23:02:20.0908 0792 ============================================================
23:02:20.0908 0792 Scan started
23:02:20.0908 0792 Mode: Manual;
23:02:20.0908 0792 ============================================================
23:02:21.0449 0792 Abiosdsk - ok
23:02:21.0469 0792 abp480n5 - ok
23:02:21.0529 0792 ACPI (3269ca612f83212661f59fe867deef10) C:\WINDOWS\system32\DRIVERS\ACPI.sys
23:02:21.0529 0792 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\ACPI.sys. Real md5: 3269ca612f83212661f59fe867deef10, Fake md5: 33d1373ee875ce8b063777f7e77815b7
23:02:21.0529 0792 ACPI ( Virus.Win32.Rloader.a ) - infected
23:02:21.0529 0792 ACPI - detected Virus.Win32.Rloader.a (0)
23:02:21.0579 0792 ACPIEC (1c905333c0b9f3d7c68ddf25e54b00f9) C:\WINDOWS\system32\drivers\ACPIEC.sys
23:02:21.0579 0792 ACPIEC - ok
23:02:21.0599 0792 adpu160m - ok
23:02:21.0659 0792 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
23:02:21.0659 0792 aec - ok
23:02:22.0120 0792 Afc (fe3ea6e9afc1a78e6edca121e006afb7) C:\WINDOWS\system32\drivers\Afc.sys
23:02:22.0120 0792 Afc - ok
23:02:22.0180 0792 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
23:02:22.0180 0792 AFD - ok
23:02:22.0240 0792 agp440 (2c428fa0c3e3a01ed93c9b2a27d8d4bb) C:\WINDOWS\system32\DRIVERS\agp440.sys
23:02:22.0240 0792 agp440 - ok
23:02:22.0270 0792 Aha154x - ok
23:02:22.0290 0792 aic78u2 - ok
23:02:22.0320 0792 aic78xx - ok
23:02:22.0350 0792 AliIde - ok
23:02:22.0371 0792 amsint - ok
23:02:22.0431 0792 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
23:02:22.0431 0792 Arp1394 - ok
23:02:22.0831 0792 asc - ok
23:02:22.0851 0792 asc3350p - ok
23:02:22.0871 0792 asc3550 - ok
23:02:22.0931 0792 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
23:02:22.0931 0792 AsyncMac - ok
23:02:22.0981 0792 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
23:02:22.0991 0792 atapi - ok
23:02:23.0011 0792 Atdisk - ok
23:02:23.0051 0792 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
23:02:23.0051 0792 Atmarpc - ok
23:02:23.0122 0792 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
23:02:23.0122 0792 audstub - ok
23:02:23.0592 0792 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
23:02:23.0592 0792 Beep - ok
23:02:23.0662 0792 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
23:02:23.0662 0792 cbidf2k - ok
23:02:23.0712 0792 cd20xrnt - ok
23:02:23.0752 0792 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
23:02:23.0752 0792 Cdaudio - ok
23:02:23.0793 0792 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
23:02:23.0793 0792 Cdfs - ok
23:02:24.0203 0792 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
23:02:24.0203 0792 Cdrom - ok
23:02:24.0233 0792 Changer - ok
23:02:24.0273 0792 CmBatt (4266be808f85826aedf3c64c1e240203) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
23:02:24.0283 0792 CmBatt - ok
23:02:24.0303 0792 CmdIde - ok
23:02:24.0363 0792 Compbatt (df1b1a24bf52d0ebc01ed4ece8979f50) C:\WINDOWS\system32\DRIVERS\compbatt.sys
23:02:24.0363 0792 Compbatt - ok
23:02:24.0393 0792 Cpqarray - ok
23:02:24.0433 0792 dac2w2k - ok
23:02:24.0453 0792 dac960nt - ok
23:02:24.0494 0792 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
23:02:24.0504 0792 Disk - ok
23:02:24.0584 0792 dmboot (9fb634a0ed429aa64de57c53dd10ccf9) C:\WINDOWS\system32\drivers\dmboot.sys
23:02:24.0604 0792 dmboot - ok
23:02:25.0024 0792 dmio (67decfaf3b6cdb34b3fa77d965281bb5) C:\WINDOWS\system32\drivers\dmio.sys
23:02:25.0024 0792 dmio - ok
23:02:25.0064 0792 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
23:02:25.0064 0792 dmload - ok
23:02:25.0104 0792 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
23:02:25.0104 0792 DMusic - ok
23:02:25.0144 0792 dpti2o - ok
23:02:25.0185 0792 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
23:02:25.0185 0792 drmkaud - ok
23:02:25.0255 0792 E100B (ac9cf17ee2ae003c98eb4f5336c38058) C:\WINDOWS\system32\DRIVERS\e100b325.sys
23:02:25.0255 0792 E100B - ok
23:02:25.0325 0792 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
23:02:25.0325 0792 Fastfat - ok
23:02:25.0735 0792 FD (1cb1d6fa1290fc4f14c04fae321bcc6c) C:\WINDOWS\system32\drivers\FD.sys
23:02:25.0745 0792 FD - ok
23:02:25.0795 0792 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\drivers\Fdc.sys
23:02:25.0795 0792 Fdc - ok
23:02:25.0856 0792 Fips (6e9d149cfae2af4783f85dbd6cedf7a1) C:\WINDOWS\system32\drivers\Fips.sys
23:02:25.0856 0792 Fips - ok
23:02:25.0896 0792 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\drivers\Flpydisk.sys
23:02:25.0896 0792 Flpydisk - ok
23:02:25.0946 0792 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\drivers\fltmgr.sys
23:02:25.0956 0792 FltMgr - ok
23:02:26.0426 0792 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
23:02:26.0426 0792 Fs_Rec - ok
23:02:26.0496 0792 Ftdisk (cc5f3af5711a1c7c8fa1d43bb16b401a) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
23:02:26.0496 0792 Ftdisk - ok
23:02:26.0557 0792 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
23:02:26.0557 0792 GEARAspiWDM - ok
23:02:26.0677 0792 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
23:02:26.0677 0792 Gpc - ok
23:02:27.0037 0792 gv3 (597a70495932e7930f3329f5beb451ac) C:\WINDOWS\system32\DRIVERS\gv3.sys
23:02:27.0037 0792 gv3 - ok
23:02:27.0107 0792 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
23:02:27.0117 0792 HidUsb - ok
23:02:27.0167 0792 HPFECP14 (c47353fd62daa7d13438d5448a6285b1) C:\WINDOWS\System32\drivers\HPFECP14.SYS
23:02:27.0167 0792 HPFECP14 - ok
23:02:27.0258 0792 hpn - ok
23:02:27.0318 0792 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys
23:02:27.0318 0792 HTTP - ok
23:02:27.0638 0792 Huawei - ok
23:02:27.0668 0792 hwdatacard - ok
23:02:27.0708 0792 i2omgmt - ok
23:02:27.0728 0792 i2omp - ok
23:02:27.0788 0792 i8042prt (0cab3ee361cfeab260b3906c8b6fb2be) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
23:02:27.0788 0792 i8042prt - ok
23:02:27.0848 0792 imagedrv (0a7c49b48c772591a2d362daa00246c8) C:\WINDOWS\system32\Drivers\imagedrv.sys
23:02:27.0858 0792 imagedrv - ok
23:02:27.0898 0792 imagesrv (549ba4f539e7b8d8129500b96dd7b27a) C:\WINDOWS\system32\DRIVERS\imagesrv.sys
23:02:27.0898 0792 imagesrv - ok
23:02:27.0999 0792 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
23:02:27.0999 0792 Imapi - ok
23:02:28.0319 0792 ini910u - ok
23:02:28.0389 0792 IntelIde (161b54c8200663ada2c145d87e8d4340) C:\WINDOWS\system32\DRIVERS\intelide.sys
23:02:28.0389 0792 IntelIde - ok
23:02:28.0429 0792 intelppm (98bbc0e8efa90fff1ec9456ee7b0b1f1) C:\WINDOWS\system32\DRIVERS\intelppm.sys
23:02:28.0429 0792 intelppm - ok
23:02:28.0469 0792 ip6fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\drivers\ip6fw.sys
23:02:28.0469 0792 ip6fw - ok
23:02:28.0519 0792 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
23:02:28.0529 0792 IpFilterDriver - ok
23:02:28.0619 0792 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
23:02:28.0619 0792 IpInIp - ok
23:02:28.0680 0792 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
23:02:28.0690 0792 IpNat - ok
23:02:29.0050 0792 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
23:02:29.0050 0792 IPSec - ok
23:02:29.0090 0792 irda (86c204836feec22510d434982d4221b8) C:\WINDOWS\system32\DRIVERS\irda.sys
23:02:29.0090 0792 irda - ok
23:02:29.0120 0792 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
23:02:29.0120 0792 IRENUM - ok
23:02:29.0250 0792 isapnp (90bc6118193b4e8a76f0fc0d4a3572de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
23:02:29.0250 0792 isapnp - ok
23:02:29.0300 0792 Kbdclass (71bfdda7b3006b45b18d8bac92bc9993) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
23:02:29.0300 0792 Kbdclass - ok
23:02:29.0481 0792 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys
23:02:29.0481 0792 kmixer - ok
23:02:29.0741 0792 KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys
23:02:29.0741 0792 KSecDD - ok
23:02:29.0771 0792 lbrtfdc - ok
23:02:29.0831 0792 MDC8021X (0f528e44cdc78365be693ae723e3801c) C:\WINDOWS\system32\DRIVERS\mdc8021x.sys
23:02:29.0841 0792 MDC8021X - ok
23:02:29.0961 0792 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
23:02:29.0961 0792 mnmdd - ok
23:02:30.0122 0792 Modem (b65f57d37e8d43089b701ed16e22d0e9) C:\WINDOWS\system32\drivers\Modem.sys
23:02:30.0122 0792 Modem - ok
23:02:30.0402 0792 Mouclass (05e9c75c6797145a4983e9d0a4778bc3) C:\WINDOWS\system32\DRIVERS\mouclass.sys
23:02:30.0402 0792 Mouclass - ok
23:02:30.0512 0792 mouhid (8ee532e516b2d23d686cfc1cc0a15c25) C:\WINDOWS\system32\DRIVERS\mouhid.sys
23:02:30.0522 0792 mouhid - ok
23:02:30.0672 0792 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
23:02:30.0672 0792 MountMgr - ok
23:02:30.0702 0792 mraid35x - ok
23:02:30.0763 0792 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
23:02:30.0763 0792 MRxDAV - ok
23:02:31.0003 0792 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
23:02:31.0013 0792 MRxSmb - ok
23:02:31.0173 0792 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
23:02:31.0183 0792 Msfs - ok
23:02:31.0323 0792 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
23:02:31.0323 0792 MSKSSRV - ok
23:02:31.0544 0792 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
23:02:31.0544 0792 MSPCLOCK - ok
23:02:31.0574 0792 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
23:02:31.0574 0792 MSPQM - ok
23:02:31.0614 0792 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
23:02:31.0614 0792 mssmbios - ok
23:02:31.0664 0792 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
23:02:31.0674 0792 Mup - ok
23:02:31.0824 0792 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
23:02:31.0824 0792 NDIS - ok
23:02:32.0145 0792 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
23:02:32.0145 0792 NdisTapi - ok
23:02:32.0195 0792 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
23:02:32.0195 0792 Ndisuio - ok
23:02:32.0245 0792 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
23:02:32.0245 0792 NdisWan - ok
23:02:32.0275 0792 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
23:02:32.0275 0792 NDProxy - ok
23:02:32.0315 0792 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
23:02:32.0315 0792 NetBIOS - ok
23:02:32.0465 0792 NetBT (f6c08c5733c607d46bbd71dc9754bdbe) C:\WINDOWS\system32\DRIVERS\netbt.sys
23:02:32.0465 0792 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\netbt.sys. Real md5: f6c08c5733c607d46bbd71dc9754bdbe, Fake md5: 0c80e410cd2f47134407ee7dd19cc86b
23:02:32.0465 0792 NetBT ( Virus.Win32.ZAccess.aml ) - infected
23:02:32.0465 0792 NetBT - detected Virus.Win32.ZAccess.aml (0)
23:02:32.0836 0792 Netdevio (1265eb253ed4ebe4acb3bd5f548ff796) C:\WINDOWS\system32\DRIVERS\netdevio.sys
23:02:32.0836 0792 Netdevio - ok
23:02:32.0906 0792 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys
23:02:32.0906 0792 NIC1394 - ok
23:02:32.0976 0792 NPF (b9730495e0cf674680121e34bd95a73b) C:\WINDOWS\system32\drivers\NPF.sys
23:02:32.0976 0792 NPF - ok
23:02:33.0106 0792 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
23:02:33.0106 0792 Npfs - ok
23:02:33.0186 0792 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys
23:02:33.0196 0792 Ntfs - ok
23:02:33.0547 0792 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
23:02:33.0547 0792 Null - ok
23:02:33.0757 0792 nv (15859bf8d0b2301d91796823fd62f4bc) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
23:02:33.0777 0792 nv - ok
23:02:34.0087 0792 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
23:02:34.0087 0792 NwlnkFlt - ok
23:02:34.0208 0792 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
23:02:34.0208 0792 NwlnkFwd - ok
23:02:34.0248 0792 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
23:02:34.0258 0792 ohci1394 - ok
23:02:34.0338 0792 Parport (0df0b83c90473ccfdc3dc882cbb6e4a9) C:\WINDOWS\system32\DRIVERS\parport.sys
23:02:34.0338 0792 Parport - ok
23:02:34.0388 0792 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
23:02:34.0388 0792 PartMgr - ok
23:02:34.0478 0792 ParVdm (fad44d704ecd7d39ad01415b8bb34204) C:\WINDOWS\system32\drivers\ParVdm.sys
23:02:34.0478 0792 ParVdm - ok
23:02:34.0798 0792 PCI (a566b8da5e70b3237274d418853a87e0) C:\WINDOWS\system32\DRIVERS\pci.sys
23:02:34.0798 0792 PCI - ok
23:02:34.0919 0792 PCIDump - ok
23:02:34.0979 0792 PCIIde (33d63f0a9021acb4d75d83b646b93a30) C:\WINDOWS\system32\DRIVERS\pciide.sys
23:02:34.0979 0792 PCIIde - ok
23:02:35.0039 0792 pciSd (221068851f8fd7d8d581738123196ee3) C:\WINDOWS\system32\DRIVERS\tossdpci.sys
23:02:35.0039 0792 pciSd - ok
23:02:35.0099 0792 Pcmcia (6374a34b03aea7971c976982a391ad07) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
23:02:35.0099 0792 Pcmcia - ok
23:02:35.0459 0792 PDCOMP - ok
23:02:35.0569 0792 PDFRAME - ok
23:02:35.0590 0792 PDRELI - ok
23:02:35.0620 0792 PDRFRAME - ok
23:02:35.0640 0792 perc2 - ok
23:02:35.0660 0792 perc2hib - ok
23:02:35.0730 0792 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
23:02:35.0740 0792 PptpMiniport - ok
23:02:35.0770 0792 Processor (8526ecbc5e6abc0404c3d3d0733f2c00) C:\WINDOWS\system32\DRIVERS\processr.sys
23:02:35.0770 0792 Processor - ok
23:02:35.0830 0792 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
23:02:35.0840 0792 PSched - ok
23:02:36.0120 0792 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
23:02:36.0120 0792 Ptilink - ok
23:02:36.0230 0792 ql1080 - ok
23:02:36.0341 0792 Ql10wnt - ok
23:02:36.0361 0792 ql12160 - ok
23:02:36.0381 0792 ql1240 - ok
23:02:36.0411 0792 ql1280 - ok
23:02:36.0461 0792 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
23:02:36.0461 0792 RasAcd - ok
23:02:36.0521 0792 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
23:02:36.0521 0792 Rasirda - ok
23:02:36.0571 0792 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
23:02:36.0571 0792 Rasl2tp - ok
23:02:36.0821 0792 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
23:02:36.0821 0792 RasPppoe - ok
23:02:36.0941 0792 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
23:02:36.0951 0792 Raspti - ok
23:02:37.0082 0792 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys
23:02:37.0092 0792 Rdbss - ok
23:02:37.0142 0792 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
23:02:37.0142 0792 RDPCDD - ok
23:02:37.0202 0792 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
23:02:37.0212 0792 RDPWD - ok
23:02:37.0412 0792 redbook (28531a950381da67fc6412dfebcc8c5c) C:\WINDOWS\system32\DRIVERS\redbook.sys
23:02:37.0412 0792 redbook - ok
23:02:37.0743 0792 RTL8192cu (5b3a5bc13614fffa1be65d434688ed3f) C:\WINDOWS\system32\DRIVERS\RTL8192cu.sys
23:02:37.0763 0792 RTL8192cu - ok
23:02:38.0063 0792 s24trans (41cf7128424f3bdc35b05be3cc8ce7ec) C:\WINDOWS\system32\DRIVERS\s24trans.sys
23:02:38.0063 0792 s24trans - ok
23:02:38.0133 0792 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
23:02:38.0133 0792 Secdrv - ok
23:02:38.0364 0792 Serial (fa9c4c4ac544301fa13c5c00a270399f) C:\WINDOWS\system32\drivers\Serial.sys
23:02:38.0364 0792 Serial - ok
23:02:38.0454 0792 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
23:02:38.0454 0792 Sfloppy - ok
23:02:38.0714 0792 Simbad - ok
23:02:38.0784 0792 SMCIRDA (9951b523fe6820f29ef010680cb692d2) C:\WINDOWS\system32\DRIVERS\smcirda.sys
23:02:38.0794 0792 SMCIRDA - ok
23:02:38.0974 0792 Sparrow - ok
23:02:39.0024 0792 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys
23:02:39.0024 0792 splitter - ok
23:02:39.0085 0792 sr (3c151d50cf3ae1683c6e3ec201b2ad3d) C:\WINDOWS\system32\DRIVERS\sr.sys
23:02:39.0085 0792 sr - ok
23:02:39.0405 0792 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
23:02:39.0415 0792 Srv - ok
23:02:39.0485 0792 STAC97 (a48dc73c8a26dc53d9480a108c3342b5) C:\WINDOWS\system32\drivers\stac97.sys
23:02:39.0495 0792 STAC97 - ok
23:02:39.0715 0792 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
23:02:39.0715 0792 swenum - ok
23:02:39.0966 0792 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
23:02:39.0966 0792 swmidi - ok
23:02:40.0006 0792 symc810 - ok
23:02:40.0026 0792 symc8xx - ok
23:02:40.0046 0792 sym_hi - ok
23:02:40.0076 0792 sym_u3 - ok
23:02:40.0146 0792 SynTP (770f9dc0ab4b87b1c8fde42802762ad6) C:\WINDOWS\system32\DRIVERS\SynTP.sys
23:02:40.0146 0792 SynTP - ok
23:02:40.0186 0792 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
23:02:40.0186 0792 sysaudio - ok
23:02:40.0657 0792 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
23:02:40.0657 0792 Tcpip - ok
23:02:41.0338 0792 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
23:02:41.0338 0792 TDPIPE - ok
23:02:41.0408 0792 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
23:02:41.0408 0792 TDTCP - ok
23:02:41.0478 0792 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
23:02:41.0488 0792 TermDD - ok
23:02:41.0618 0792 TOSHIBASoftModem (bdf9ed967f81145ed058601b1c4d8fb7) C:\WINDOWS\system32\DRIVERS\LTSM.sys
23:02:41.0638 0792 TOSHIBASoftModem - ok
23:02:41.0989 0792 TosIde - ok
23:02:42.0159 0792 tsdhd (f85667bb084499da23397892974c1bdc) C:\WINDOWS\system32\DRIVERS\tsdhd.sys
23:02:42.0159 0792 tsdhd - ok
23:02:42.0219 0792 TVALZ (9d8fcc6099d641d7c2bdc7f41193bec5) C:\WINDOWS\system32\DRIVERS\TVALZ.SYS
23:02:42.0219 0792 TVALZ - ok
23:02:42.0289 0792 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
23:02:42.0289 0792 Udfs - ok
23:02:42.0670 0792 ultra - ok
23:02:42.0800 0792 Update (ced744117e91bdc0beb810f7d8608183) C:\WINDOWS\system32\DRIVERS\update.sys
23:02:42.0810 0792 Update - ok
23:02:42.0880 0792 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
23:02:42.0880 0792 usbccgp - ok
23:02:42.0930 0792 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
23:02:42.0930 0792 usbehci - ok
23:02:43.0321 0792 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
23:02:43.0321 0792 usbhub - ok
23:02:43.0431 0792 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
23:02:43.0431 0792 usbprint - ok
23:02:43.0481 0792 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
23:02:43.0481 0792 usbscan - ok
23:02:43.0541 0792 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
23:02:43.0541 0792 USBSTOR - ok
23:02:43.0581 0792 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
23:02:43.0581 0792 usbuhci - ok
23:02:43.0962 0792 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
23:02:43.0962 0792 VgaSave - ok
23:02:44.0032 0792 ViaIde - ok
23:02:44.0092 0792 VolSnap (d6ec4aff061665a10f0b1a9517d338e3) C:\WINDOWS\system32\drivers\VolSnap.sys
23:02:44.0092 0792 VolSnap - ok
23:02:44.0242 0792 w22n51 (4c009d4352849d79bf347846b6e03bfd) C:\WINDOWS\system32\DRIVERS\w22n51.sys
23:02:44.0282 0792 w22n51 - ok
23:02:44.0743 0792 w70n51 (3eccbb3689807787cd4c0fed20b1d0d8) C:\WINDOWS\system32\DRIVERS\w70n51.sys
23:02:44.0773 0792 w70n51 - ok
23:02:44.0883 0792 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
23:02:44.0893 0792 Wanarp - ok
23:02:45.0063 0792 WDICA - ok
23:02:45.0133 0792 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys
23:02:45.0133 0792 wdmaud - ok
23:02:45.0464 0792 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
23:02:45.0464 0792 WpdUsb - ok
23:02:45.0534 0792 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
23:02:45.0534 0792 WudfPf - ok
23:02:45.0824 0792 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
23:02:45.0824 0792 WudfRd - ok
23:02:45.0904 0792 MBR (0x1B8) (671b81004fdd1588fa9ed1331c9ceca9) \Device\Harddisk0\DR0
23:02:46.0055 0792 \Device\Harddisk0\DR0 - ok
23:02:46.0065 0792 Boot (0x1200) (5b71510ec56fbb34801fdac58e35fb28) \Device\Harddisk0\DR0\Partition0
23:02:46.0065 0792 \Device\Harddisk0\DR0\Partition0 - ok
23:02:46.0065 0792 ============================================================
23:02:46.0065 0792 Scan finished
23:02:46.0065 0792 ============================================================
23:02:46.0085 2608 Detected object count: 2
23:02:46.0085 2608 Actual detected object count: 2
23:03:52.0781 2608 C:\WINDOWS\system32\DRIVERS\ACPI.sys - copied to quarantine
23:03:57.0627 2608 Backup copy found, using it..
23:03:57.0637 2608 C:\WINDOWS\system32\DRIVERS\ACPI.sys - will be cured on reboot
23:03:57.0637 2608 ACPI ( Virus.Win32.Rloader.a ) - User select action: Cure
23:03:58.0138 2608 C:\WINDOWS\system32\DRIVERS\netbt.sys - copied to quarantine
23:03:58.0359 2608 Backup copy found, using it..
23:03:58.0359 2608 C:\WINDOWS\system32\DRIVERS\netbt.sys - will be cured on reboot
23:04:05.0048 2608 NetBT ( Virus.Win32.ZAccess.aml ) - User select action: Cure
23:04:20.0480 3428 Deinitialize success
 
Very good.
Please re-run the tool one more time.

Then...

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

============================================================

Download Bootkit Remover to your desktop.

  • Unzip downloaded file to your Desktop.
  • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
  • It will show a Black screen with some data on it.
  • Right click on the screen and click Select All.
  • Press CTRL+C
  • Open a Notepad and press CTRL+V
  • Post the output back here.
 
For the aswMBR, should I press button "fix", or just do the scan?
Output from it:

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-03-14 06:47:49
-----------------------------
06:47:49.276 OS Version: Windows 5.1.2600 Service Pack 2
06:47:49.276 Number of processors: 1 586 0x905
06:47:49.276 ComputerName: TOSHIBA UserName: Paula
06:47:50.527 Initialize success
06:49:04.253 AVAST engine defs: 12031301
06:49:29.520 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
06:49:29.520 Disk 0 Vendor: IC25N060ATMR04-0 MO3OAD4A Size: 57231MB BusType: 3
06:49:29.550 Disk 0 MBR read successfully
06:49:29.550 Disk 0 MBR scan
06:49:29.600 Disk 0 unknown MBR code
06:49:29.600 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 57231 MB offset 63
06:49:29.600 Disk 0 scanning sectors +117210240
06:49:29.890 Disk 0 scanning C:\WINDOWS\system32\drivers
06:49:39.424 File: C:\WINDOWS\system32\drivers\netbt.sys **INFECTED** Win32:Sirefef-PL [Rtk]
06:49:45.222 Disk 0 trace - called modules:
06:49:45.252 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xb412efc0]<<
06:49:45.252 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89b49ab8]
06:49:45.252 3 CLASSPNP.SYS[f765805b] -> nt!IofCallDriver -> [0x87605d20]
06:49:45.573 \Driver\00005255[0x881b46c8] -> IRP_MJ_CREATE -> 0xb412efc0
06:49:46.244 AVAST engine scan C:\WINDOWS
06:50:12.862 AVAST engine scan C:\WINDOWS\system32
06:53:22.495 AVAST engine scan C:\WINDOWS\system32\drivers
06:53:33.310 File: C:\WINDOWS\system32\drivers\netbt.sys **INFECTED** Win32:Sirefef-PL [Rtk]
06:53:36.335 File: C:\WINDOWS\system32\drivers\SAP\FD.exe **INFECTED** Win32:Trojan-gen
06:53:43.565 AVAST engine scan C:\Documents and Settings\Paula
06:57:58.942 File: C:\Documents and Settings\Paula\Datos de programa\Sun\Java\Deployment\cache\6.0\29\ae745dd-7adfab14 **INFECTED** Win32:Malware-gen
06:57:59.653 File: C:\Documents and Settings\Paula\Datos de programa\Sun\Java\Deployment\cache\6.0\63\1bcc4a3f-2bb9248e **INFECTED** Win32:Karagany-EW [Trj]
06:58:29.166 AVAST engine scan C:\Documents and Settings\All Users
06:58:49.905 Scan finished successfully
07:16:48.607 Disk 0 MBR has been saved successfully to "C:\Nueva carpeta\MBR.dat"
07:16:48.617 The log file has been saved successfully to "C:\Nueva carpeta\aswMBR.txt"
 
Ok, I post logs here. I did not push "fix" button in the aswMBR, just followed your instructions:

Output of TDSSKiller:

06:30:13.0324 3412 TDSS rootkit removing tool 2.7.20.0 Mar 9 2012 17:10:43
06:30:14.0395 3412 ============================================================
06:30:14.0395 3412 Current date / time: 2012/03/14 06:30:14.0395
06:30:14.0395 3412 SystemInfo:
06:30:14.0395 3412
06:30:14.0395 3412 OS Version: 5.1.2600 ServicePack: 2.0
06:30:14.0395 3412 Product type: Workstation
06:30:14.0395 3412 ComputerName: TOSHIBA
06:30:14.0395 3412 UserName: Paula
06:30:14.0395 3412 Windows directory: C:\WINDOWS
06:30:14.0395 3412 System windows directory: C:\WINDOWS
06:30:14.0395 3412 Processor architecture: Intel x86
06:30:14.0395 3412 Number of processors: 1
06:30:14.0395 3412 Page size: 0x1000
06:30:14.0395 3412 Boot type: Normal boot
06:30:14.0395 3412 ============================================================
06:30:22.0066 3412 Drive \Device\Harddisk0\DR0 - Size: 0xDF8F90000 (55.89 Gb), SectorSize: 0x200, Cylinders: 0x1C80, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
06:30:22.0116 3412 \Device\Harddisk0\DR0:
06:30:22.0116 3412 MBR used
06:30:22.0116 3412 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x6FC7C41
06:30:22.0837 3412 Initialize success
06:30:22.0837 3412 ============================================================
06:30:28.0706 3776 ============================================================
06:30:28.0706 3776 Scan started
06:30:28.0706 3776 Mode: Manual;
06:30:28.0706 3776 ============================================================
06:30:36.0126 3776 Abiosdsk - ok
06:30:37.0889 3776 abp480n5 - ok
06:30:40.0322 3776 ACPI (33d1373ee875ce8b063777f7e77815b7) C:\WINDOWS\system32\DRIVERS\ACPI.sys
06:30:40.0443 3776 ACPI - ok
06:30:43.0477 3776 ACPIEC (1c905333c0b9f3d7c68ddf25e54b00f9) C:\WINDOWS\system32\drivers\ACPIEC.sys
06:30:43.0627 3776 ACPIEC - ok
06:30:46.0141 3776 adpu160m - ok
06:30:47.0543 3776 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
06:30:47.0573 3776 aec - ok
06:30:48.0654 3776 Afc (fe3ea6e9afc1a78e6edca121e006afb7) C:\WINDOWS\system32\drivers\Afc.sys
06:30:48.0654 3776 Afc - ok
06:30:49.0576 3776 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
06:30:49.0626 3776 AFD - ok
06:30:50.0827 3776 agp440 (2c428fa0c3e3a01ed93c9b2a27d8d4bb) C:\WINDOWS\system32\DRIVERS\agp440.sys
06:30:50.0848 3776 agp440 - ok
06:30:51.0919 3776 Aha154x - ok
06:30:52.0870 3776 aic78u2 - ok
06:30:53.0882 3776 aic78xx - ok
06:30:54.0943 3776 AliIde - ok
06:30:56.0245 3776 amsint - ok
06:30:57.0928 3776 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
06:30:57.0938 3776 Arp1394 - ok
06:30:59.0720 3776 asc - ok
06:31:01.0423 3776 asc3350p - ok
06:31:03.0245 3776 asc3550 - ok
06:31:05.0178 3776 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
06:31:05.0248 3776 AsyncMac - ok
06:31:07.0381 3776 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
06:31:07.0381 3776 atapi - ok
06:31:09.0274 3776 Atdisk - ok
06:31:11.0337 3776 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
06:31:11.0427 3776 Atmarpc - ok
06:31:13.0600 3776 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
06:31:13.0630 3776 audstub - ok
06:31:15.0693 3776 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
06:31:15.0713 3776 Beep - ok
06:31:17.0726 3776 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
06:31:17.0756 3776 cbidf2k - ok
06:31:19.0519 3776 cd20xrnt - ok
06:31:21.0381 3776 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
06:31:21.0411 3776 Cdaudio - ok
06:31:23.0104 3776 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
06:31:23.0134 3776 Cdfs - ok
06:31:25.0197 3776 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
06:31:25.0227 3776 Cdrom - ok
06:31:27.0110 3776 Changer - ok
06:31:29.0002 3776 CmBatt (4266be808f85826aedf3c64c1e240203) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
06:31:29.0012 3776 CmBatt - ok
06:31:33.0619 3776 CmdIde - ok
06:31:35.0482 3776 Compbatt (df1b1a24bf52d0ebc01ed4ece8979f50) C:\WINDOWS\system32\DRIVERS\compbatt.sys
06:31:35.0512 3776 Compbatt - ok
06:31:37.0204 3776 Cpqarray - ok
06:31:38.0827 3776 dac2w2k - ok
06:31:40.0980 3776 dac960nt - ok
06:31:43.0023 3776 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
06:31:43.0053 3776 Disk - ok
06:31:45.0226 3776 dmboot (9fb634a0ed429aa64de57c53dd10ccf9) C:\WINDOWS\system32\drivers\dmboot.sys
06:31:45.0356 3776 dmboot - ok
06:31:47.0078 3776 dmio (67decfaf3b6cdb34b3fa77d965281bb5) C:\WINDOWS\system32\drivers\dmio.sys
06:31:47.0108 3776 dmio - ok
06:31:48.0771 3776 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
06:31:48.0801 3776 dmload - ok
06:31:50.0073 3776 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
06:31:50.0093 3776 DMusic - ok
06:31:50.0994 3776 dpti2o - ok
06:31:52.0196 3776 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
06:31:52.0216 3776 drmkaud - ok
06:31:53.0438 3776 E100B (ac9cf17ee2ae003c98eb4f5336c38058) C:\WINDOWS\system32\DRIVERS\e100b325.sys
06:31:53.0448 3776 E100B - ok
06:31:54.0689 3776 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
06:31:54.0699 3776 Fastfat - ok
06:31:55.0951 3776 FD (1cb1d6fa1290fc4f14c04fae321bcc6c) C:\WINDOWS\system32\drivers\FD.sys
06:31:55.0981 3776 FD - ok
06:31:57.0273 3776 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\drivers\Fdc.sys
06:31:57.0293 3776 Fdc - ok
06:31:58.0985 3776 Fips (6e9d149cfae2af4783f85dbd6cedf7a1) C:\WINDOWS\system32\drivers\Fips.sys
06:31:58.0985 3776 Fips - ok
06:32:00.0127 3776 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\drivers\Flpydisk.sys
06:32:00.0137 3776 Flpydisk - ok
06:32:01.0349 3776 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\drivers\fltmgr.sys
06:32:01.0369 3776 FltMgr - ok
06:32:02.0501 3776 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
06:32:02.0541 3776 Fs_Rec - ok
06:32:04.0043 3776 Ftdisk (cc5f3af5711a1c7c8fa1d43bb16b401a) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
06:32:04.0063 3776 Ftdisk - ok
06:32:05.0265 3776 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
06:32:05.0265 3776 GEARAspiWDM - ok
06:32:06.0466 3776 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
06:32:06.0486 3776 Gpc - ok
06:32:07.0728 3776 gv3 (597a70495932e7930f3329f5beb451ac) C:\WINDOWS\system32\DRIVERS\gv3.sys
06:32:07.0758 3776 gv3 - ok
06:32:09.0030 3776 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
06:32:09.0040 3776 HidUsb - ok
06:32:09.0891 3776 HPFECP14 (c47353fd62daa7d13438d5448a6285b1) C:\WINDOWS\System32\drivers\HPFECP14.SYS
06:32:09.0901 3776 HPFECP14 - ok
06:32:11.0333 3776 hpn - ok
06:32:12.0415 3776 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys
06:32:12.0485 3776 HTTP - ok
06:32:13.0627 3776 Huawei - ok
06:32:14.0808 3776 hwdatacard - ok
06:32:15.0820 3776 i2omgmt - ok
06:32:16.0751 3776 i2omp - ok
06:32:17.0853 3776 i8042prt (0cab3ee361cfeab260b3906c8b6fb2be) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
06:32:17.0873 3776 i8042prt - ok
06:32:19.0014 3776 imagedrv (0a7c49b48c772591a2d362daa00246c8) C:\WINDOWS\system32\Drivers\imagedrv.sys
06:32:19.0024 3776 imagedrv - ok
06:32:19.0926 3776 imagesrv (549ba4f539e7b8d8129500b96dd7b27a) C:\WINDOWS\system32\DRIVERS\imagesrv.sys
06:32:19.0946 3776 imagesrv - ok
06:32:21.0017 3776 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
06:32:21.0047 3776 Imapi - ok
06:32:21.0858 3776 ini910u - ok
06:32:22.0860 3776 IntelIde (161b54c8200663ada2c145d87e8d4340) C:\WINDOWS\system32\DRIVERS\intelide.sys
06:32:22.0880 3776 IntelIde - ok
06:32:23.0931 3776 intelppm (98bbc0e8efa90fff1ec9456ee7b0b1f1) C:\WINDOWS\system32\DRIVERS\intelppm.sys
06:32:23.0941 3776 intelppm - ok
06:32:24.0923 3776 ip6fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\drivers\ip6fw.sys
06:32:24.0933 3776 ip6fw - ok
06:32:25.0884 3776 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
06:32:25.0944 3776 IpFilterDriver - ok
06:32:27.0056 3776 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
06:32:27.0056 3776 IpInIp - ok
06:32:28.0097 3776 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
06:32:28.0127 3776 IpNat - ok
06:32:29.0489 3776 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
06:32:29.0499 3776 IPSec - ok
06:32:30.0541 3776 irda (86c204836feec22510d434982d4221b8) C:\WINDOWS\system32\DRIVERS\irda.sys
06:32:30.0551 3776 irda - ok
06:32:31.0733 3776 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
06:32:31.0733 3776 IRENUM - ok
06:32:32.0964 3776 isapnp (90bc6118193b4e8a76f0fc0d4a3572de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
06:32:32.0974 3776 isapnp - ok
06:32:34.0216 3776 Kbdclass (71bfdda7b3006b45b18d8bac92bc9993) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
06:32:34.0216 3776 Kbdclass - ok
06:32:35.0448 3776 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys
06:32:35.0458 3776 kmixer - ok
06:32:36.0690 3776 KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys
06:32:36.0690 3776 KSecDD - ok
06:32:37.0821 3776 lbrtfdc - ok
06:32:39.0033 3776 MDC8021X (0f528e44cdc78365be693ae723e3801c) C:\WINDOWS\system32\DRIVERS\mdc8021x.sys
06:32:39.0033 3776 MDC8021X - ok
06:32:42.0949 3776 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
06:32:42.0949 3776 mnmdd - ok
06:32:44.0871 3776 Modem (b65f57d37e8d43089b701ed16e22d0e9) C:\WINDOWS\system32\drivers\Modem.sys
06:32:44.0881 3776 Modem - ok
06:32:45.0923 3776 Mouclass (05e9c75c6797145a4983e9d0a4778bc3) C:\WINDOWS\system32\DRIVERS\mouclass.sys
06:32:45.0923 3776 Mouclass - ok
06:32:47.0145 3776 mouhid (8ee532e516b2d23d686cfc1cc0a15c25) C:\WINDOWS\system32\DRIVERS\mouhid.sys
06:32:47.0145 3776 mouhid - ok
06:32:48.0066 3776 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
06:32:48.0086 3776 MountMgr - ok
06:32:48.0216 3776 mraid35x - ok
06:32:49.0468 3776 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
06:32:49.0468 3776 MRxDAV - ok
06:32:49.0668 3776 MRxSmb (a2c21446c741fde74afb3efc779b9d25) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
06:32:49.0678 3776 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\mrxsmb.sys. Real md5: a2c21446c741fde74afb3efc779b9d25, Fake md5: fb6c89bb3ce282b08bdb1e3c179e1c39
06:32:49.0678 3776 MRxSmb ( Virus.Win32.ZAccess.c ) - infected
06:32:49.0678 3776 MRxSmb - detected Virus.Win32.ZAccess.c (0)
06:32:50.0199 3776 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
06:32:50.0199 3776 Msfs - ok
06:32:50.0429 3776 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
06:32:50.0429 3776 MSKSSRV - ok
06:32:51.0451 3776 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
06:32:51.0451 3776 MSPCLOCK - ok
06:32:52.0673 3776 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
06:32:52.0673 3776 MSPQM - ok
06:32:53.0985 3776 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
06:32:53.0985 3776 mssmbios - ok
06:32:57.0690 3776 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
06:32:57.0770 3776 Mup - ok
06:33:00.0504 3776 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
06:33:00.0604 3776 NDIS - ok
06:33:01.0886 3776 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
06:33:01.0896 3776 NdisTapi - ok
06:33:02.0787 3776 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
06:33:02.0807 3776 Ndisuio - ok
06:33:03.0618 3776 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
06:33:03.0679 3776 NdisWan - ok
06:33:04.0349 3776 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
06:33:04.0370 3776 NDProxy - ok
06:33:04.0710 3776 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
06:33:04.0710 3776 NetBIOS - ok
06:33:05.0061 3776 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
06:33:05.0061 3776 NetBT - ok
06:33:06.0352 3776 Netdevio (1265eb253ed4ebe4acb3bd5f548ff796) C:\WINDOWS\system32\DRIVERS\netdevio.sys
06:33:06.0352 3776 Netdevio - ok
06:33:06.0863 3776 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys
06:33:06.0873 3776 NIC1394 - ok
06:33:07.0374 3776 NPF (b9730495e0cf674680121e34bd95a73b) C:\WINDOWS\system32\drivers\NPF.sys
06:33:07.0374 3776 NPF - ok
06:33:08.0105 3776 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
06:33:08.0125 3776 Npfs - ok
06:33:09.0587 3776 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys
06:33:09.0757 3776 Ntfs - ok
06:33:10.0809 3776 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
06:33:10.0809 3776 Null - ok
06:33:12.0241 3776 nv (15859bf8d0b2301d91796823fd62f4bc) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
06:33:12.0261 3776 nv - ok
06:33:12.0942 3776 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
06:33:12.0972 3776 NwlnkFlt - ok
06:33:14.0204 3776 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
06:33:14.0214 3776 NwlnkFwd - ok
06:33:15.0185 3776 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
06:33:15.0185 3776 ohci1394 - ok
06:33:15.0756 3776 Parport (0df0b83c90473ccfdc3dc882cbb6e4a9) C:\WINDOWS\system32\DRIVERS\parport.sys
06:33:15.0796 3776 Parport - ok
06:33:16.0247 3776 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
06:33:16.0277 3776 PartMgr - ok
06:33:18.0340 3776 ParVdm (fad44d704ecd7d39ad01415b8bb34204) C:\WINDOWS\system32\drivers\ParVdm.sys
06:33:18.0360 3776 ParVdm - ok
06:33:19.0381 3776 PCI (a566b8da5e70b3237274d418853a87e0) C:\WINDOWS\system32\DRIVERS\pci.sys
06:33:19.0421 3776 PCI - ok
06:33:20.0423 3776 PCIDump - ok
06:33:21.0324 3776 PCIIde (33d63f0a9021acb4d75d83b646b93a30) C:\WINDOWS\system32\DRIVERS\pciide.sys
06:33:21.0354 3776 PCIIde - ok
06:33:22.0606 3776 pciSd (221068851f8fd7d8d581738123196ee3) C:\WINDOWS\system32\DRIVERS\tossdpci.sys
06:33:22.0636 3776 pciSd - ok
06:33:23.0717 3776 Pcmcia (6374a34b03aea7971c976982a391ad07) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
06:33:23.0747 3776 Pcmcia - ok
06:33:24.0909 3776 PDCOMP - ok
06:33:26.0031 3776 PDFRAME - ok
06:33:27.0413 3776 PDRELI - ok
06:33:28.0424 3776 PDRFRAME - ok
06:33:28.0935 3776 perc2 - ok
06:33:30.0006 3776 perc2hib - ok
06:33:30.0968 3776 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
06:33:30.0988 3776 PptpMiniport - ok
06:33:32.0310 3776 Processor (8526ecbc5e6abc0404c3d3d0733f2c00) C:\WINDOWS\system32\DRIVERS\processr.sys
06:33:32.0330 3776 Processor - ok
06:33:33.0481 3776 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
06:33:33.0521 3776 PSched - ok
06:33:34.0743 3776 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
06:33:34.0743 3776 Ptilink - ok
06:33:35.0805 3776 ql1080 - ok
06:33:37.0006 3776 Ql10wnt - ok
06:33:38.0188 3776 ql12160 - ok
06:33:39.0320 3776 ql1240 - ok
06:33:40.0161 3776 ql1280 - ok
06:33:41.0403 3776 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
06:33:41.0403 3776 RasAcd - ok
06:33:42.0464 3776 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
06:33:42.0504 3776 Rasirda - ok
06:33:43.0676 3776 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
06:33:43.0686 3776 Rasl2tp - ok
06:33:44.0818 3776 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
06:33:44.0818 3776 RasPppoe - ok
06:33:46.0029 3776 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
06:33:46.0049 3776 Raspti - ok
06:33:47.0091 3776 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys
06:33:47.0111 3776 Rdbss - ok
06:33:48.0403 3776 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
06:33:48.0413 3776 RDPCDD - ok
06:33:50.0195 3776 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
06:33:50.0215 3776 RDPWD - ok
06:33:51.0387 3776 redbook (28531a950381da67fc6412dfebcc8c5c) C:\WINDOWS\system32\DRIVERS\redbook.sys
06:33:51.0387 3776 redbook - ok
06:33:52.0509 3776 RTL8192cu (5b3a5bc13614fffa1be65d434688ed3f) C:\WINDOWS\system32\DRIVERS\RTL8192cu.sys
06:33:52.0719 3776 RTL8192cu - ok
06:33:53.0430 3776 s24trans (41cf7128424f3bdc35b05be3cc8ce7ec) C:\WINDOWS\system32\DRIVERS\s24trans.sys
06:33:53.0430 3776 s24trans - ok
06:33:53.0781 3776 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
06:33:53.0811 3776 Secdrv - ok
06:33:54.0472 3776 Serial (fa9c4c4ac544301fa13c5c00a270399f) C:\WINDOWS\system32\drivers\Serial.sys
06:33:54.0482 3776 Serial - ok
06:33:55.0713 3776 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
06:33:55.0713 3776 Sfloppy - ok
06:33:56.0464 3776 Simbad - ok
06:33:57.0286 3776 SMCIRDA (9951b523fe6820f29ef010680cb692d2) C:\WINDOWS\system32\DRIVERS\smcirda.sys
06:33:57.0286 3776 SMCIRDA - ok
06:33:58.0597 3776 Sparrow - ok
06:33:59.0979 3776 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys
06:33:59.0979 3776 splitter - ok
06:34:00.0751 3776 sr (3c151d50cf3ae1683c6e3ec201b2ad3d) C:\WINDOWS\system32\DRIVERS\sr.sys
06:34:00.0761 3776 sr - ok
06:34:01.0001 3776 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
06:34:01.0001 3776 Srv - ok
06:34:01.0101 3776 STAC97 (a48dc73c8a26dc53d9480a108c3342b5) C:\WINDOWS\system32\drivers\stac97.sys
06:34:01.0111 3776 STAC97 - ok
06:34:01.0402 3776 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
06:34:01.0402 3776 swenum - ok
06:34:01.0602 3776 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
06:34:01.0602 3776 swmidi - ok
06:34:01.0652 3776 symc810 - ok
06:34:01.0672 3776 symc8xx - ok
06:34:01.0702 3776 sym_hi - ok
06:34:01.0712 3776 sym_u3 - ok
06:34:01.0802 3776 SynTP (770f9dc0ab4b87b1c8fde42802762ad6) C:\WINDOWS\system32\DRIVERS\SynTP.sys
06:34:01.0812 3776 SynTP - ok
06:34:02.0072 3776 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
06:34:02.0072 3776 sysaudio - ok
06:34:02.0373 3776 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
06:34:02.0373 3776 Tcpip - ok
06:34:02.0463 3776 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
06:34:02.0463 3776 TDPIPE - ok
06:34:03.0024 3776 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
06:34:03.0024 3776 TDTCP - ok
06:34:04.0135 3776 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
06:34:04.0176 3776 TermDD - ok
06:34:06.0929 3776 TOSHIBASoftModem (bdf9ed967f81145ed058601b1c4d8fb7) C:\WINDOWS\system32\DRIVERS\LTSM.sys
06:34:06.0950 3776 TOSHIBASoftModem - ok
06:34:07.0791 3776 TosIde - ok
06:34:08.0892 3776 tsdhd (f85667bb084499da23397892974c1bdc) C:\WINDOWS\system32\DRIVERS\tsdhd.sys
06:34:08.0892 3776 tsdhd - ok
06:34:10.0074 3776 TVALZ (9d8fcc6099d641d7c2bdc7f41193bec5) C:\WINDOWS\system32\DRIVERS\TVALZ.SYS
06:34:10.0074 3776 TVALZ - ok
06:34:11.0336 3776 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
06:34:11.0346 3776 Udfs - ok
06:34:12.0568 3776 ultra - ok
06:34:14.0170 3776 Update (ced744117e91bdc0beb810f7d8608183) C:\WINDOWS\system32\DRIVERS\update.sys
06:34:14.0390 3776 Update - ok
06:34:15.0892 3776 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
06:34:15.0902 3776 usbccgp - ok
06:34:16.0063 3776 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
06:34:16.0073 3776 usbehci - ok
06:34:17.0194 3776 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
06:34:17.0204 3776 usbhub - ok
06:34:18.0546 3776 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
06:34:18.0546 3776 usbprint - ok
06:34:20.0038 3776 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
06:34:20.0068 3776 usbscan - ok
06:34:21.0370 3776 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
06:34:21.0370 3776 USBSTOR - ok
06:34:21.0500 3776 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
06:34:21.0500 3776 usbuhci - ok
06:34:21.0540 3776 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
06:34:21.0540 3776 VgaSave - ok
06:34:21.0561 3776 ViaIde - ok
06:34:21.0611 3776 VolSnap (d6ec4aff061665a10f0b1a9517d338e3) C:\WINDOWS\system32\drivers\VolSnap.sys
06:34:21.0611 3776 VolSnap - ok
06:34:21.0791 3776 w22n51 (4c009d4352849d79bf347846b6e03bfd) C:\WINDOWS\system32\DRIVERS\w22n51.sys
06:34:21.0831 3776 w22n51 - ok
06:34:22.0732 3776 w70n51 (3eccbb3689807787cd4c0fed20b1d0d8) C:\WINDOWS\system32\DRIVERS\w70n51.sys
06:34:22.0812 3776 w70n51 - ok
06:34:24.0405 3776 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
06:34:24.0405 3776 Wanarp - ok
06:34:25.0847 3776 WDICA - ok
06:34:29.0903 3776 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys
06:34:29.0933 3776 wdmaud - ok
06:34:31.0515 3776 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
06:34:31.0555 3776 WpdUsb - ok
06:34:33.0107 3776 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
06:34:33.0137 3776 WudfPf - ok
06:34:35.0020 3776 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
06:34:35.0050 3776 WudfRd - ok
06:34:35.0120 3776 MBR (0x1B8) (671b81004fdd1588fa9ed1331c9ceca9) \Device\Harddisk0\DR0
06:34:39.0336 3776 \Device\Harddisk0\DR0 - ok
06:34:39.0436 3776 Boot (0x1200) (5b71510ec56fbb34801fdac58e35fb28) \Device\Harddisk0\DR0\Partition0
06:34:39.0436 3776 \Device\Harddisk0\DR0\Partition0 - ok
06:34:39.0436 3776 ============================================================
06:34:39.0436 3776 Scan finished
06:34:39.0436 3776 ============================================================
06:34:39.0466 3768 Detected object count: 1
06:34:39.0466 3768 Actual detected object count: 1
06:37:34.0007 3768 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys - copied to quarantine
06:37:40.0336 3768 Backup copy found, using it..
06:37:40.0567 3768 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys - will be cured on reboot
06:38:23.0669 3768 MRxSmb ( Virus.Win32.ZAccess.c ) - User select action: Cure
06:38:36.0247 3328 Deinitialize success


Output of aswMBR:

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-03-14 06:47:49
-----------------------------
06:47:49.276 OS Version: Windows 5.1.2600 Service Pack 2
06:47:49.276 Number of processors: 1 586 0x905
06:47:49.276 ComputerName: TOSHIBA UserName: Paula
06:47:50.527 Initialize success
06:49:04.253 AVAST engine defs: 12031301
06:49:29.520 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
06:49:29.520 Disk 0 Vendor: IC25N060ATMR04-0 MO3OAD4A Size: 57231MB BusType: 3
06:49:29.550 Disk 0 MBR read successfully
06:49:29.550 Disk 0 MBR scan
06:49:29.600 Disk 0 unknown MBR code
06:49:29.600 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 57231 MB offset 63
06:49:29.600 Disk 0 scanning sectors +117210240
06:49:29.890 Disk 0 scanning C:\WINDOWS\system32\drivers
06:49:39.424 File: C:\WINDOWS\system32\drivers\netbt.sys **INFECTED** Win32:Sirefef-PL [Rtk]
06:49:45.222 Disk 0 trace - called modules:
06:49:45.252 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xb412efc0]<<
06:49:45.252 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89b49ab8]
06:49:45.252 3 CLASSPNP.SYS[f765805b] -> nt!IofCallDriver -> [0x87605d20]
06:49:45.573 \Driver\00005255[0x881b46c8] -> IRP_MJ_CREATE -> 0xb412efc0
06:49:46.244 AVAST engine scan C:\WINDOWS
06:50:12.862 AVAST engine scan C:\WINDOWS\system32
06:53:22.495 AVAST engine scan C:\WINDOWS\system32\drivers
06:53:33.310 File: C:\WINDOWS\system32\drivers\netbt.sys **INFECTED** Win32:Sirefef-PL [Rtk]
06:53:36.335 File: C:\WINDOWS\system32\drivers\SAP\FD.exe **INFECTED** Win32:Trojan-gen
06:53:43.565 AVAST engine scan C:\Documents and Settings\Paula
06:57:58.942 File: C:\Documents and Settings\Paula\Datos de programa\Sun\Java\Deployment\cache\6.0\29\ae745dd-7adfab14 **INFECTED** Win32:Malware-gen
06:57:59.653 File: C:\Documents and Settings\Paula\Datos de programa\Sun\Java\Deployment\cache\6.0\63\1bcc4a3f-2bb9248e **INFECTED** Win32:Karagany-EW [Trj]
06:58:29.166 AVAST engine scan C:\Documents and Settings\All Users
06:58:49.905 Scan finished successfully
07:16:48.607 Disk 0 MBR has been saved successfully to "C:\Nueva carpeta\MBR.dat"
07:16:48.617 The log file has been saved successfully to "C:\Nueva carpeta\aswMBR.txt"


Output of boot_cleaner:

Bootkit Remover
(c) 2009 Esage Lab
www.esagelab.com

Program version: 1.2.0.1
OS Version: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00
Boot sector MD5 is: 99ed1954602173ef14b43a708afaa354

Size Device Name MBR Status
--------------------------------------------
55 GB \\.\PhysicalDrive0 Unknown boot code

Unknown boot code has been found on some of your physical disks.
To inspect the boot code manually, dump the master boot sector:
remover.exe dump <device_name> [output_file]
To disinfect the master boot sector, use the following command:
remover.exe fix <device_name>


Done;
Press any key to quit...
 
Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click Rkill and choose Run as Administrator
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.com
* Rkill.scr
* Rkill.exe
  • Double-click on the Rkill icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.
Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
Hello again.

It did not work properly: I did the first way, following your instructions. Combofix created the recovery point properly, and ran for a while. Then it showed a message saying that it had detected a RootKit.ZeroAccess in the TCP/IP stack. I pressed ok, and everything hang: no activity in HD, nothing. Waited for a very long time (30m at least), but nothing, no HD activity. After I pressed some keys and tried to to something, a beep sounded and I could do anything else, the system has hang. Forced reset with power button.

After restart, I did ran the program again. This time kept working for a while after the RootKit.ZeroAccess message, it showed another simple message" Rootkit Detected", pressed again ok, and the system hang the same way as before, same behaviour.

After forced reboot, Windows decided to perform a chkdsk (I did not asked to the question on time and it started on its own before system initialization). The chkdsk command detected some wronw links in some files (ndis.sys or something like that being one of them) It fixed that, and system started. No network was available, and I could do nothing to came it back. The same with the mouse (keypad of the keyboard, since it is a laptop), but I managed to recover the mouse movements disabling mouse and enabling it again.

Tryied again, but same result as the first one.

Tryind doing it again from Safe Mod, but failed it in the same point as second trial.

Now it does not connect to lan (nor lan neither wlan), and mouse cursor is again missing.

I did not tryied RKill, since you said I had to do one of the two options, and as I understand, RKill permits ComboFix running. But my problems is that it runs, but a certain point, halts.

I ran the Combofix as an administrator user, disabling the protectiong agains viruses (run as... option), and disabling anti-virus and any other protection tool.
No log was obtained from ComboFix.

What else can I do now? It´s being hard this rootkit nest.

Thanks Broni for you help!
 
I re-ran again TDSSKiller, here is the output. After that I ran again the Combofix tool, with the same result, the system hang after a while (it also detected the same RootKit.ZeroAccess in the TCP/IP stack). Keypad does not work, neither the wireless connection or LAN connection.

TDSSKiller output:

07:31:44.0985 2508 TDSS rootkit removing tool 2.7.20.0 Mar 9 2012 17:10:43
07:31:45.0385 2508 ============================================================
07:31:45.0385 2508 Current date / time: 2012/03/16 07:31:45.0385
07:31:45.0385 2508 SystemInfo:
07:31:45.0385 2508
07:31:45.0385 2508 OS Version: 5.1.2600 ServicePack: 2.0
07:31:45.0385 2508 Product type: Workstation
07:31:45.0385 2508 ComputerName: TOSHIBA
07:31:45.0385 2508 UserName: Paula
07:31:45.0385 2508 Windows directory: C:\WINDOWS
07:31:45.0385 2508 System windows directory: C:\WINDOWS
07:31:45.0385 2508 Processor architecture: Intel x86
07:31:45.0395 2508 Number of processors: 1
07:31:45.0395 2508 Page size: 0x1000
07:31:45.0395 2508 Boot type: Normal boot
07:31:45.0395 2508 ============================================================
07:31:51.0073 2508 Drive \Device\Harddisk0\DR0 - Size: 0xDF8F90000 (55.89 Gb), SectorSize: 0x200, Cylinders: 0x1C80, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
07:31:51.0073 2508 \Device\Harddisk0\DR0:
07:31:51.0073 2508 MBR used
07:31:51.0073 2508 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x6FC7C41
07:31:51.0144 2508 Initialize success
07:31:51.0144 2508 ============================================================
07:33:36.0415 2748 ============================================================
07:33:36.0415 2748 Scan started
07:33:36.0415 2748 Mode: Manual;
07:33:36.0415 2748 ============================================================
07:33:39.0389 2748 Abiosdsk - ok
07:33:39.0529 2748 abp480n5 - ok
07:33:39.0599 2748 ACPI (33d1373ee875ce8b063777f7e77815b7) C:\WINDOWS\system32\DRIVERS\ACPI.sys
07:33:39.0599 2748 ACPI - ok
07:33:39.0760 2748 ACPIEC (1c905333c0b9f3d7c68ddf25e54b00f9) C:\WINDOWS\system32\drivers\ACPIEC.sys
07:33:39.0760 2748 ACPIEC - ok
07:33:39.0780 2748 adpu160m - ok
07:33:39.0860 2748 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
07:33:39.0860 2748 aec - ok
07:33:40.0080 2748 Afc (fe3ea6e9afc1a78e6edca121e006afb7) C:\WINDOWS\system32\drivers\Afc.sys
07:33:40.0080 2748 Afc - ok
07:33:40.0280 2748 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
07:33:40.0280 2748 AFD - ok
07:33:40.0451 2748 agp440 (2c428fa0c3e3a01ed93c9b2a27d8d4bb) C:\WINDOWS\system32\DRIVERS\agp440.sys
07:33:40.0451 2748 agp440 - ok
07:33:40.0471 2748 Aha154x - ok
07:33:40.0491 2748 aic78u2 - ok
07:33:40.0511 2748 aic78xx - ok
07:33:40.0541 2748 AliIde - ok
07:33:40.0561 2748 amsint - ok
07:33:40.0641 2748 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
07:33:40.0641 2748 Arp1394 - ok
07:33:40.0821 2748 asc - ok
07:33:40.0851 2748 asc3350p - ok
07:33:40.0871 2748 asc3550 - ok
07:33:41.0082 2748 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
07:33:41.0082 2748 AsyncMac - ok
07:33:41.0282 2748 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
07:33:41.0282 2748 atapi - ok
07:33:41.0302 2748 Atdisk - ok
07:33:41.0352 2748 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
07:33:41.0352 2748 Atmarpc - ok
07:33:41.0402 2748 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
07:33:41.0402 2748 audstub - ok
07:33:41.0632 2748 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
07:33:41.0632 2748 Beep - ok
07:33:41.0963 2748 catchme - ok
07:33:42.0403 2748 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
07:33:42.0403 2748 cbidf2k - ok
07:33:42.0424 2748 cd20xrnt - ok
07:33:42.0474 2748 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
07:33:42.0474 2748 Cdaudio - ok
07:33:42.0514 2748 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
07:33:42.0514 2748 Cdfs - ok
07:33:42.0554 2748 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
07:33:42.0554 2748 Cdrom - ok
07:33:42.0584 2748 Changer - ok
07:33:42.0634 2748 CmBatt (4266be808f85826aedf3c64c1e240203) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
07:33:42.0634 2748 CmBatt - ok
07:33:42.0714 2748 CmdIde - ok
07:33:43.0084 2748 Compbatt (df1b1a24bf52d0ebc01ed4ece8979f50) C:\WINDOWS\system32\DRIVERS\compbatt.sys
07:33:43.0084 2748 Compbatt - ok
07:33:43.0115 2748 Cpqarray - ok
07:33:43.0145 2748 dac2w2k - ok
07:33:43.0165 2748 dac960nt - ok
07:33:43.0205 2748 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
07:33:43.0205 2748 Disk - ok
07:33:43.0335 2748 dmboot (9fb634a0ed429aa64de57c53dd10ccf9) C:\WINDOWS\system32\drivers\dmboot.sys
07:33:43.0355 2748 dmboot - ok
07:33:43.0775 2748 dmio (67decfaf3b6cdb34b3fa77d965281bb5) C:\WINDOWS\system32\drivers\dmio.sys
07:33:43.0775 2748 dmio - ok
07:33:43.0826 2748 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
07:33:43.0826 2748 dmload - ok
07:33:43.0896 2748 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
07:33:43.0906 2748 DMusic - ok
07:33:43.0926 2748 dpti2o - ok
07:33:43.0966 2748 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
07:33:43.0966 2748 drmkaud - ok
07:33:44.0026 2748 E100B (ac9cf17ee2ae003c98eb4f5336c38058) C:\WINDOWS\system32\DRIVERS\e100b325.sys
07:33:44.0026 2748 E100B - ok
07:33:45.0177 2748 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
07:33:45.0187 2748 Fastfat - ok
07:33:45.0228 2748 FD - ok
07:33:45.0278 2748 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\drivers\Fdc.sys
07:33:45.0288 2748 Fdc - ok
07:33:45.0328 2748 Fips (6e9d149cfae2af4783f85dbd6cedf7a1) C:\WINDOWS\system32\drivers\Fips.sys
07:33:45.0328 2748 Fips - ok
07:33:45.0378 2748 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\drivers\Flpydisk.sys
07:33:45.0378 2748 Flpydisk - ok
07:33:45.0768 2748 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\drivers\fltmgr.sys
07:33:45.0768 2748 FltMgr - ok
07:33:45.0828 2748 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
07:33:45.0828 2748 Fs_Rec - ok
07:33:45.0899 2748 Ftdisk (cc5f3af5711a1c7c8fa1d43bb16b401a) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
07:33:45.0899 2748 Ftdisk - ok
07:33:45.0959 2748 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
07:33:45.0959 2748 GEARAspiWDM - ok
07:33:46.0409 2748 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
07:33:46.0409 2748 Gpc - ok
07:33:46.0539 2748 gv3 (597a70495932e7930f3329f5beb451ac) C:\WINDOWS\system32\DRIVERS\gv3.sys
07:33:46.0539 2748 gv3 - ok
07:33:46.0600 2748 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
07:33:46.0600 2748 HidUsb - ok
07:33:46.0900 2748 HPFECP14 (c47353fd62daa7d13438d5448a6285b1) C:\WINDOWS\System32\drivers\HPFECP14.SYS
07:33:46.0900 2748 HPFECP14 - ok
07:33:47.0030 2748 hpn - ok
07:33:47.0090 2748 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys
07:33:47.0100 2748 HTTP - ok
07:33:47.0160 2748 Huawei - ok
07:33:47.0180 2748 hwdatacard - ok
07:33:47.0210 2748 i2omgmt - ok
07:33:47.0230 2748 i2omp - ok
07:33:47.0291 2748 i8042prt (b4504a6b6934c45cf89b963d1008bb0a) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
07:33:47.0291 2748 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\i8042prt.sys. Real md5: b4504a6b6934c45cf89b963d1008bb0a, Fake md5: 0cab3ee361cfeab260b3906c8b6fb2be
07:33:47.0301 2748 i8042prt ( Virus.Win32.ZAccess.c ) - infected
07:33:47.0301 2748 i8042prt - detected Virus.Win32.ZAccess.c (0)
07:33:47.0631 2748 imagedrv (0a7c49b48c772591a2d362daa00246c8) C:\WINDOWS\system32\Drivers\imagedrv.sys
07:33:47.0631 2748 imagedrv - ok
07:33:47.0761 2748 imagesrv (549ba4f539e7b8d8129500b96dd7b27a) C:\WINDOWS\system32\DRIVERS\imagesrv.sys
07:33:47.0761 2748 imagesrv - ok
07:33:47.0831 2748 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
07:33:47.0831 2748 Imapi - ok
07:33:47.0881 2748 ini910u - ok
07:33:47.0931 2748 IntelIde (161b54c8200663ada2c145d87e8d4340) C:\WINDOWS\system32\DRIVERS\intelide.sys
07:33:47.0941 2748 IntelIde - ok
07:33:47.0982 2748 intelppm (98bbc0e8efa90fff1ec9456ee7b0b1f1) C:\WINDOWS\system32\DRIVERS\intelppm.sys
07:33:47.0982 2748 intelppm - ok
07:33:48.0442 2748 ip6fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\drivers\ip6fw.sys
07:33:48.0442 2748 ip6fw - ok
07:33:48.0482 2748 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
07:33:48.0482 2748 IpFilterDriver - ok
07:33:48.0562 2748 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
07:33:48.0562 2748 IpInIp - ok
07:33:48.0642 2748 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
07:33:48.0652 2748 IpNat - ok
07:33:48.0863 2748 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
07:33:48.0863 2748 IPSec - ok
07:33:49.0133 2748 irda (86c204836feec22510d434982d4221b8) C:\WINDOWS\system32\DRIVERS\irda.sys
07:33:49.0143 2748 irda - ok
07:33:49.0223 2748 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
07:33:49.0223 2748 IRENUM - ok
07:33:49.0283 2748 isapnp (90bc6118193b4e8a76f0fc0d4a3572de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
07:33:49.0283 2748 isapnp - ok
07:33:49.0494 2748 Kbdclass (71bfdda7b3006b45b18d8bac92bc9993) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
07:33:49.0494 2748 Kbdclass - ok
07:33:49.0754 2748 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys
07:33:49.0754 2748 kmixer - ok
07:33:49.0854 2748 KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys
07:33:49.0854 2748 KSecDD - ok
07:33:49.0944 2748 lbrtfdc - ok
07:33:49.0974 2748 MDC8021X - ok
07:33:50.0034 2748 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
07:33:50.0034 2748 mnmdd - ok
07:33:50.0495 2748 Modem (b65f57d37e8d43089b701ed16e22d0e9) C:\WINDOWS\system32\drivers\Modem.sys
07:33:50.0495 2748 Modem - ok
07:33:50.0565 2748 Mouclass (05e9c75c6797145a4983e9d0a4778bc3) C:\WINDOWS\system32\DRIVERS\mouclass.sys
07:33:50.0565 2748 Mouclass - ok
07:33:50.0665 2748 mouhid (8ee532e516b2d23d686cfc1cc0a15c25) C:\WINDOWS\system32\DRIVERS\mouhid.sys
07:33:50.0665 2748 mouhid - ok
07:33:50.0926 2748 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
07:33:50.0926 2748 MountMgr - ok
07:33:51.0046 2748 mraid35x - ok
07:33:51.0106 2748 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
07:33:51.0106 2748 MRxDAV - ok
07:33:51.0226 2748 MRxSmb (a2c21446c741fde74afb3efc779b9d25) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
07:33:51.0236 2748 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\mrxsmb.sys. Real md5: a2c21446c741fde74afb3efc779b9d25, Fake md5: 9e18e8b1a68c3f5e7098d0e6356648c1
07:33:51.0236 2748 MRxSmb ( Virus.Win32.ZAccess.c ) - infected
07:33:51.0236 2748 MRxSmb - detected Virus.Win32.ZAccess.c (0)
07:33:51.0667 2748 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
07:33:51.0667 2748 Msfs - ok
07:33:51.0707 2748 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
07:33:51.0707 2748 MSKSSRV - ok
07:33:51.0727 2748 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
07:33:51.0727 2748 MSPCLOCK - ok
07:33:51.0757 2748 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
07:33:51.0757 2748 MSPQM - ok
07:33:51.0877 2748 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
07:33:51.0877 2748 mssmbios - ok
07:33:51.0927 2748 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
07:33:51.0927 2748 Mup - ok
07:33:51.0967 2748 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
07:33:51.0977 2748 NDIS - ok
07:33:52.0388 2748 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
07:33:52.0388 2748 NdisTapi - ok
07:33:52.0438 2748 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
07:33:52.0438 2748 Ndisuio - ok
07:33:52.0518 2748 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
07:33:52.0528 2748 NdisWan - ok
07:33:52.0548 2748 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
07:33:52.0548 2748 NDProxy - ok
07:33:52.0578 2748 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
07:33:52.0578 2748 NetBIOS - ok
07:33:52.0648 2748 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
07:33:52.0648 2748 NetBT - ok
07:33:53.0109 2748 Netdevio (1265eb253ed4ebe4acb3bd5f548ff796) C:\WINDOWS\system32\DRIVERS\netdevio.sys
07:33:53.0109 2748 Netdevio - ok
07:33:53.0209 2748 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys
07:33:53.0209 2748 NIC1394 - ok
07:33:53.0289 2748 NPF (b9730495e0cf674680121e34bd95a73b) C:\WINDOWS\system32\drivers\NPF.sys
07:33:53.0289 2748 NPF - ok
07:33:53.0329 2748 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
07:33:53.0329 2748 Npfs - ok
07:33:53.0399 2748 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys
07:33:53.0409 2748 Ntfs - ok
07:33:53.0840 2748 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
07:33:53.0840 2748 Null - ok
07:33:53.0980 2748 nv (15859bf8d0b2301d91796823fd62f4bc) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
07:33:53.0990 2748 nv - ok
07:33:54.0721 2748 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
07:33:54.0721 2748 NwlnkFlt - ok
07:33:55.0202 2748 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
07:33:55.0202 2748 NwlnkFwd - ok
07:33:55.0282 2748 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
07:33:55.0282 2748 ohci1394 - ok
07:33:55.0412 2748 Parport (0df0b83c90473ccfdc3dc882cbb6e4a9) C:\WINDOWS\system32\DRIVERS\parport.sys
07:33:55.0412 2748 Parport - ok
07:33:55.0472 2748 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
07:33:55.0472 2748 PartMgr - ok
07:33:55.0592 2748 ParVdm (fad44d704ecd7d39ad01415b8bb34204) C:\WINDOWS\system32\drivers\ParVdm.sys
07:33:55.0592 2748 ParVdm - ok
07:33:55.0923 2748 PCI (a566b8da5e70b3237274d418853a87e0) C:\WINDOWS\system32\DRIVERS\pci.sys
07:33:55.0923 2748 PCI - ok
07:33:56.0003 2748 PCIDump - ok
07:33:56.0063 2748 PCIIde (33d63f0a9021acb4d75d83b646b93a30) C:\WINDOWS\system32\DRIVERS\pciide.sys
07:33:56.0063 2748 PCIIde - ok
07:33:56.0083 2748 pciSd - ok
07:33:56.0153 2748 Pcmcia (6374a34b03aea7971c976982a391ad07) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
07:33:56.0153 2748 Pcmcia - ok
07:33:56.0233 2748 PDCOMP - ok
07:33:56.0263 2748 PDFRAME - ok
07:33:56.0283 2748 PDRELI - ok
07:33:56.0303 2748 PDRFRAME - ok
07:33:56.0324 2748 perc2 - ok
07:33:56.0344 2748 perc2hib - ok
07:33:56.0404 2748 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
07:33:56.0414 2748 PptpMiniport - ok
07:33:56.0684 2748 Processor (8526ecbc5e6abc0404c3d3d0733f2c00) C:\WINDOWS\system32\DRIVERS\processr.sys
07:33:56.0684 2748 Processor - ok
07:33:56.0734 2748 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
07:33:56.0734 2748 PSched - ok
07:33:56.0824 2748 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
07:33:56.0824 2748 Ptilink - ok
07:33:56.0844 2748 ql1080 - ok
07:33:56.0864 2748 Ql10wnt - ok
07:33:56.0884 2748 ql12160 - ok
07:33:56.0914 2748 ql1240 - ok
07:33:56.0934 2748 ql1280 - ok
07:33:56.0974 2748 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
07:33:56.0974 2748 RasAcd - ok
07:33:57.0014 2748 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
07:33:57.0014 2748 Rasirda - ok
07:33:57.0525 2748 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
07:33:57.0525 2748 Rasl2tp - ok
07:33:57.0615 2748 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
07:33:57.0615 2748 RasPppoe - ok
07:33:57.0665 2748 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
07:33:57.0665 2748 Raspti - ok
07:33:57.0716 2748 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys
07:33:57.0716 2748 Rdbss - ok
07:33:58.0066 2748 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
07:33:58.0066 2748 RDPCDD - ok
07:33:58.0216 2748 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
07:33:58.0226 2748 RDPWD - ok
07:33:58.0316 2748 redbook (28531a950381da67fc6412dfebcc8c5c) C:\WINDOWS\system32\DRIVERS\redbook.sys
07:33:58.0316 2748 redbook - ok
07:33:58.0447 2748 RTL8192cu (5b3a5bc13614fffa1be65d434688ed3f) C:\WINDOWS\system32\DRIVERS\RTL8192cu.sys
07:33:58.0467 2748 RTL8192cu - ok
07:33:58.0847 2748 s24trans - ok
07:33:58.0917 2748 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
07:33:58.0917 2748 Secdrv - ok
07:33:59.0027 2748 Serial (fa9c4c4ac544301fa13c5c00a270399f) C:\WINDOWS\system32\drivers\Serial.sys
07:33:59.0027 2748 Serial - ok
07:33:59.0077 2748 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
07:33:59.0077 2748 Sfloppy - ok
07:33:59.0108 2748 Simbad - ok
07:33:59.0168 2748 SMCIRDA (9951b523fe6820f29ef010680cb692d2) C:\WINDOWS\system32\DRIVERS\smcirda.sys
07:33:59.0168 2748 SMCIRDA - ok
07:33:59.0188 2748 Sparrow - ok
07:33:59.0238 2748 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys
07:33:59.0238 2748 splitter - ok
07:33:59.0708 2748 sr (3c151d50cf3ae1683c6e3ec201b2ad3d) C:\WINDOWS\system32\DRIVERS\sr.sys
07:33:59.0718 2748 sr - ok
07:33:59.0798 2748 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
07:33:59.0809 2748 Srv - ok
07:33:59.0879 2748 STAC97 (a48dc73c8a26dc53d9480a108c3342b5) C:\WINDOWS\system32\drivers\stac97.sys
07:33:59.0879 2748 STAC97 - ok
07:34:00.0339 2748 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
07:34:00.0339 2748 swenum - ok
07:34:00.0429 2748 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
07:34:00.0429 2748 swmidi - ok
07:34:00.0489 2748 symc810 - ok
07:34:00.0510 2748 symc8xx - ok
07:34:00.0530 2748 sym_hi - ok
07:34:00.0550 2748 sym_u3 - ok
07:34:00.0570 2748 SynTP - ok
07:34:00.0620 2748 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
07:34:00.0620 2748 sysaudio - ok
07:34:00.0720 2748 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
07:34:00.0720 2748 Tcpip - ok
07:34:01.0130 2748 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
07:34:01.0130 2748 TDPIPE - ok
07:34:01.0201 2748 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
07:34:01.0201 2748 TDTCP - ok
07:34:01.0231 2748 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
07:34:01.0231 2748 TermDD - ok
07:34:01.0451 2748 TOSHIBASoftModem (bdf9ed967f81145ed058601b1c4d8fb7) C:\WINDOWS\system32\DRIVERS\LTSM.sys
07:34:01.0461 2748 TOSHIBASoftModem - ok
07:34:01.0841 2748 TosIde - ok
07:34:01.0902 2748 tsdhd (f85667bb084499da23397892974c1bdc) C:\WINDOWS\system32\DRIVERS\tsdhd.sys
07:34:01.0902 2748 tsdhd - ok
07:34:01.0982 2748 TVALZ (9d8fcc6099d641d7c2bdc7f41193bec5) C:\WINDOWS\system32\DRIVERS\TVALZ.SYS
07:34:01.0982 2748 TVALZ - ok
07:34:02.0032 2748 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
07:34:02.0042 2748 Udfs - ok
07:34:02.0052 2748 ultra - ok
07:34:02.0122 2748 Update (ced744117e91bdc0beb810f7d8608183) C:\WINDOWS\system32\DRIVERS\update.sys
07:34:02.0132 2748 Update - ok
07:34:02.0583 2748 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
07:34:02.0583 2748 usbccgp - ok
07:34:02.0633 2748 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
07:34:02.0633 2748 usbehci - ok
07:34:02.0703 2748 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
07:34:02.0703 2748 usbhub - ok
07:34:02.0733 2748 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
07:34:02.0733 2748 usbprint - ok
07:34:02.0793 2748 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
07:34:02.0793 2748 usbscan - ok
07:34:03.0414 2748 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
07:34:03.0414 2748 USBSTOR - ok
07:34:03.0474 2748 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
07:34:03.0474 2748 usbuhci - ok
07:34:03.0524 2748 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
07:34:03.0524 2748 VgaSave - ok
07:34:03.0604 2748 ViaIde - ok
07:34:03.0744 2748 VolSnap (d6ec4aff061665a10f0b1a9517d338e3) C:\WINDOWS\system32\drivers\VolSnap.sys
07:34:03.0744 2748 VolSnap - ok
07:34:03.0995 2748 w22n51 (4c009d4352849d79bf347846b6e03bfd) C:\WINDOWS\system32\DRIVERS\w22n51.sys
07:34:04.0025 2748 w22n51 - ok
07:34:04.0265 2748 w70n51 (3eccbb3689807787cd4c0fed20b1d0d8) C:\WINDOWS\system32\DRIVERS\w70n51.sys
07:34:04.0285 2748 w70n51 - ok
07:34:04.0625 2748 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
07:34:04.0625 2748 Wanarp - ok
07:34:04.0686 2748 WDICA - ok
07:34:04.0746 2748 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys
07:34:04.0746 2748 wdmaud - ok
07:34:04.0926 2748 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
07:34:04.0926 2748 WpdUsb - ok
07:34:04.0996 2748 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
07:34:04.0996 2748 WS2IFSL - ok
07:34:05.0306 2748 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
07:34:05.0316 2748 WudfPf - ok
07:34:05.0417 2748 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
07:34:05.0417 2748 WudfRd - ok
07:34:05.0497 2748 MBR (0x1B8) (671b81004fdd1588fa9ed1331c9ceca9) \Device\Harddisk0\DR0
07:34:05.0617 2748 \Device\Harddisk0\DR0 - ok
07:34:05.0627 2748 Boot (0x1200) (5b71510ec56fbb34801fdac58e35fb28) \Device\Harddisk0\DR0\Partition0
07:34:05.0627 2748 \Device\Harddisk0\DR0\Partition0 - ok
07:34:05.0637 2748 ============================================================
07:34:05.0637 2748 Scan finished
07:34:05.0637 2748 ============================================================
07:34:05.0657 2740 Detected object count: 2
07:34:05.0657 2740 Actual detected object count: 2
07:34:16.0072 2740 C:\WINDOWS\system32\DRIVERS\i8042prt.sys - copied to quarantine
07:34:16.0322 2740 Backup copy found, using it..
07:34:16.0322 2740 C:\WINDOWS\system32\DRIVERS\i8042prt.sys - will be cured on reboot
07:34:22.0141 2740 i8042prt ( Virus.Win32.ZAccess.c ) - User select action: Cure
07:34:22.0491 2740 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys - copied to quarantine
07:34:22.0661 2740 Backup copy found, using it..
07:34:22.0671 2740 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys - will be cured on reboot
07:34:29.0291 2740 MRxSmb ( Virus.Win32.ZAccess.c ) - User select action: Cure
07:34:39.0225 2500 Deinitialize success
 
Download OTL to your Desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Under the Custom Scan box paste this in:


netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\tasks\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
netbt.sys
i8042prt.sys
mrxsmb.sys
/md5stop


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
Ok, there it is:

OTL.txt

OTL logfile created on: 20/03/2012 23:14:20 - Run 1
OTL by OldTimer - Version 3.2.39.1 Folder = C:\Nueva carpeta
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C0A | Country: España | Language: ESN | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 1,59 Gb Available Physical Memory | 79,66% Memory free
2,60 Gb Paging File | 2,38 Gb Available in Paging File | 91,35% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Archivos de programa
Drive C: | 55,89 Gb Total Space | 19,67 Gb Free Space | 35,19% Space Free | Partition Type: NTFS
Drive E: | 1,83 Gb Total Space | 1,83 Gb Free Space | 100,00% Space Free | Partition Type: FAT

Computer Name: TOSHIBA | User Name: Paula | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/20 23:00:28 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Nueva carpeta\OTL.exe
PRC - [2011/10/23 01:15:52 | 000,086,016 | ---- | M] (alch) -- C:\Archivos de programa\ClamWin\bin\ClamTray.exe
PRC - [2011/05/25 13:06:20 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Archivos de programa\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/02/25 20:02:54 | 000,072,704 | ---- | M] (Autodesk) -- C:\Archivos de programa\Archivos comunes\Autodesk Shared\Service\AdskScSrv.exe
PRC - [2007/06/13 14:22:28 | 001,035,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/09/29 12:48:06 | 000,065,536 | ---- | M] () -- C:\Archivos de programa\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
PRC - [2003/12/16 16:41:40 | 000,122,880 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\RegSrvc.exe
PRC - [2003/12/02 17:05:54 | 000,028,672 | ---- | M] (TOSHIBA CORPORATION) -- C:\Archivos de programa\Toshiba\ConfigFree\CFSvcs.exe
PRC - [2003/10/02 13:09:36 | 000,266,240 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSMain.exe
PRC - [2003/10/02 13:09:22 | 000,040,960 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSBattM.exe
PRC - [2003/09/15 15:33:22 | 000,065,536 | ---- | M] (TOSHIBA) -- C:\Archivos de programa\Toshiba\TOSCDSPD\TOSCDSPD.exe
PRC - [2001/04/06 23:24:54 | 000,032,256 | ---- | M] (C-Dilla Ltd) -- C:\WINDOWS\system32\drivers\CDANTSRV.EXE


========== Modules (No Company Name) ==========

MOD - [2009/02/27 18:35:50 | 000,311,296 | ---- | M] () -- C:\Archivos de programa\Archivos comunes\Adobe\Acrobat\ActiveX\pdfshell.ESP
MOD - [2008/06/20 18:41:07 | 000,248,320 | ---- | M] () -- \\?\globalroot\systemroot\system32\mswsock.dll
MOD - [2008/06/20 18:41:07 | 000,248,320 | ---- | M] () -- \\.\globalroot\systemroot\system32\mswsock.dll
MOD - [2008/04/19 17:35:02 | 000,081,920 | ---- | M] () -- C:\Archivos de programa\ClamWin\bin\ExpShell.dll
MOD - [2006/09/29 12:48:06 | 000,065,536 | ---- | M] () -- C:\Archivos de programa\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
MOD - [2005/02/08 17:23:10 | 000,979,005 | ---- | M] () -- C:\Archivos de programa\ClamWin\bin\python23.dll
MOD - [2004/11/20 03:27:54 | 000,106,496 | ---- | M] () -- C:\Archivos de programa\ClamWin\lib\shell.pyd
MOD - [2004/11/20 03:27:54 | 000,086,016 | ---- | M] () -- C:\Archivos de programa\ClamWin\lib\win32gui.pyd
MOD - [2004/11/20 03:27:54 | 000,077,824 | ---- | M] () -- C:\Archivos de programa\ClamWin\lib\win32file.pyd
MOD - [2004/11/20 03:27:54 | 000,069,632 | ---- | M] () -- C:\Archivos de programa\ClamWin\lib\win32api.pyd
MOD - [2004/11/20 03:27:54 | 000,065,536 | ---- | M] () -- C:\Archivos de programa\ClamWin\lib\win32security.pyd
MOD - [2004/11/20 03:27:54 | 000,036,864 | ---- | M] () -- C:\Archivos de programa\ClamWin\lib\win32process.pyd
MOD - [2004/11/20 03:27:54 | 000,024,576 | ---- | M] () -- C:\Archivos de programa\ClamWin\lib\win32pipe.pyd
MOD - [2004/11/20 03:27:54 | 000,024,576 | ---- | M] () -- C:\Archivos de programa\ClamWin\lib\win32event.pyd
MOD - [2004/10/11 20:22:18 | 000,315,392 | ---- | M] () -- C:\Archivos de programa\ClamWin\lib\pythoncom23.dll
MOD - [2004/10/11 20:21:26 | 000,094,208 | ---- | M] () -- C:\Archivos de programa\ClamWin\lib\pywintypes23.dll
MOD - [2004/05/25 21:20:30 | 000,036,864 | ---- | M] () -- C:\Archivos de programa\ClamWin\lib\_winreg.pyd
MOD - [2004/05/25 21:19:32 | 000,045,117 | ---- | M] () -- C:\Archivos de programa\ClamWin\lib\datetime.pyd
MOD - [2004/05/25 21:18:42 | 000,495,616 | ---- | M] () -- C:\Archivos de programa\ClamWin\lib\_ssl.pyd
MOD - [2004/05/25 21:18:28 | 000,057,401 | ---- | M] () -- C:\Archivos de programa\ClamWin\lib\_sre.pyd
MOD - [2004/05/25 21:18:20 | 000,049,212 | ---- | M] () -- C:\Archivos de programa\ClamWin\lib\_socket.pyd
MOD - [2004/05/25 21:17:14 | 000,622,651 | ---- | M] () -- C:\Archivos de programa\ClamWin\lib\_bsddb.pyd
MOD - [2004/01/15 14:45:22 | 000,061,440 | ---- | M] () -- C:\Archivos de programa\ClamWin\lib\_ctypes.pyd
MOD - [2003/10/01 13:40:00 | 002,240,512 | ---- | M] () -- C:\Archivos de programa\ClamWin\lib\wxc.pyd
MOD - [2003/10/01 11:43:02 | 003,239,936 | ---- | M] () -- C:\Archivos de programa\ClamWin\lib\wxmsw24h.dll
MOD - [2003/08/10 09:14:40 | 000,061,440 | ---- | M] () -- C:\Archivos de programa\ClamWin\lib\mxDateTime.pyd
MOD - [2003/05/15 14:43:24 | 000,119,808 | ---- | M] () -- C:\Archivos de programa\WinRAR\RarExt.dll
MOD - [1998/09/25 09:56:00 | 000,033,384 | ---- | M] () -- C:\WINDOWS\system32\HPFiop14.dll
MOD - [1998/09/25 09:55:42 | 000,137,232 | ---- | M] () -- C:\WINDOWS\system32\HPFmlc14.dll
MOD - [1998/09/25 09:55:36 | 000,057,240 | ---- | M] () -- C:\WINDOWS\system32\HPFmem14.dll
MOD - [1998/09/25 09:55:30 | 000,048,292 | ---- | M] () -- C:\WINDOWS\system32\HPFlpm14.dll
MOD - [1998/09/25 09:55:20 | 000,072,368 | ---- | M] () -- C:\WINDOWS\system32\HPFcom14.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ql10wnt.dll -- (oraclesnmppeerencapsulator)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\symidsco.dll -- (dwusbdnt)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2011/05/25 13:06:20 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/02/25 20:02:54 | 000,072,704 | ---- | M] (Autodesk) [Auto | Running] -- C:\Archivos de programa\Archivos comunes\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2006/09/29 12:48:06 | 000,065,536 | ---- | M] () [Auto | Running] -- C:\Archivos de programa\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe -- (mi-raysat_3dsmax9_32) mental ray 3.5 Satellite (32-bit)
SRV - [2004/08/19 23:43:11 | 000,005,632 | ---- | M] (Oak Technology Inc.) [Auto | Running] -- C:\WINDOWS\system32\vgasave.dll -- (btwdins)
SRV - [2004/08/11 00:46:56 | 000,483,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Archivos de programa\Windows Media Connect\mswmccds.exe -- (WmcCds) Windows Media Connect (WMC)
SRV - [2004/08/10 21:50:42 | 000,028,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Archivos de programa\Windows Media Connect\mswmcls.exe -- (WmcCdsLs) Aplicación auxiliar de Windows Media Connect (WMC)
SRV - [2003/12/16 16:42:32 | 000,311,363 | ---- | M] (Intel Corporation ) [Auto | Stopped] -- C:\WINDOWS\system32\S24EvMon.exe -- (S24EventMonitor)
SRV - [2003/12/16 16:41:40 | 000,122,880 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\WINDOWS\system32\RegSrvc.exe -- (RegSrvc)
SRV - [2003/12/02 17:05:54 | 000,028,672 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Archivos de programa\Toshiba\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2003/07/28 20:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Archivos de programa\Archivos comunes\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2001/04/06 23:24:54 | 000,032,256 | ---- | M] (C-Dilla Ltd) [Auto | Running] -- C:\WINDOWS\system32\drivers\CDANTSRV.EXE -- (C-DillaSrv)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\DRIVERS\SynTP.sys -- (SynTP)
DRV - File not found [Kernel | Auto | Stopped] -- System32\DRIVERS\s24trans.sys -- (s24trans)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\DRIVERS\tossdpci.sys -- (pciSd)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | Auto | Stopped] -- System32\DRIVERS\mdc8021x.sys -- (MDC8021X) AEGIS Protocol (IEEE 802.1x)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbmdm.sys -- (hwdatacard)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewdcsc.sys -- (Huawei)
DRV - File not found [Kernel | System | Stopped] -- -- (FD)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Paula\CONFIG~1\Temp\catchme.sys -- (catchme)
DRV - [2012/03/05 08:59:02 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF) WinPcap Packet Driver (NPF)
DRV - [2011/02/11 01:34:28 | 000,987,904 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8192cu.sys -- (RTL8192cu)
DRV - [2006/11/10 14:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2004/03/02 17:37:50 | 000,125,184 | ---- | M] (Ahead Software AG) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\imagesrv.sys -- (imagesrv)
DRV - [2004/03/02 17:37:48 | 000,005,504 | ---- | M] (Ahead Software AG) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\imagedrv.sys -- (imagedrv)
DRV - [2004/01/02 02:52:34 | 001,646,720 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w22n51.sys -- (w22n51) Controlador Intel(R)
DRV - [2003/12/05 02:50:28 | 000,979,840 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w70n51.sys -- (w70n51) Controlador Intel(R)
DRV - [2003/08/07 14:52:00 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\TVALZ.SYS -- (TVALZ)
DRV - [2003/07/17 17:19:32 | 000,230,416 | R--- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\stac97.sys -- (STAC97) Audio Driver (WDM)
DRV - [2003/05/14 16:38:32 | 000,025,888 | R--- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tsdhd.sys -- (tsdhd)
DRV - [2003/01/29 14:35:00 | 000,012,032 | ---- | M] (TOSHIBA Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Netdevio.sys -- (Netdevio)
DRV - [2002/11/20 13:53:14 | 000,033,664 | R--- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gv3.sys -- (gv3)
DRV - [2002/09/17 15:12:38 | 000,809,872 | R--- | M] (LT) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LTSM.sys -- (TOSHIBASoftModem)
DRV - [2001/09/11 10:54:32 | 000,038,425 | R--- | M] (SMC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)
DRV - [1998/09/25 09:54:28 | 000,052,800 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HPFecp14.sys -- (HPFECP14)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\.DEFAULT\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\.DEFAULT\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-18\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-18\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3417961138-2405943823-3877995022-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-3417961138-2405943823-3877995022-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-3417961138-2405943823-3877995022-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.es/
IE - HKU\S-1-5-21-3417961138-2405943823-3877995022-1006\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-3417961138-2405943823-3877995022-1006\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-3417961138-2405943823-3877995022-1006\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GPEA_esES339
IE - HKU\S-1-5-21-3417961138-2405943823-3877995022-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3417961138-2405943823-3877995022-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Archivos de programa\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Archivos de programa\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Archivos de programa\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Archivos de programa\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Archivos de programa\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Archivos de programa\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Archivos de programa\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)



========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Archivos de programa\Google\Chrome\Application\16.0.912.75\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Archivos de programa\Google\Chrome\Application\16.0.912.75\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Archivos de programa\Google\Chrome\Application\16.0.912.75\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Archivos de programa\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.200.2 (Enabled) = C:\Archivos de programa\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U20 (Enabled) = C:\Archivos de programa\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Archivos de programa\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Archivos de programa\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Archivos de programa\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Archivos de programa\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Archivos de programa\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Archivos de programa\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Archivos de programa\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Archivos de programa\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Archivos de programa\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Archivos de programa\Windows Media Player\npdsplay.dll
CHR - plugin: Google Updater (Enabled) = C:\Archivos de programa\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
CHR - plugin: Google Update (Enabled) = C:\Archivos de programa\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Archivos de programa\Viewpoint\Viewpoint Media Player\npViewpoint.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Archivos de programa\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2012/03/05 09:00:00 | 000,000,761 | RHS- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Aplicación auxiliar de vínculos de Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Archivos comunes\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Archivos de programa\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Archivos de programa\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Archivos de programa\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Archivos de programa\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Archivos de programa\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-3417961138-2405943823-3877995022-1006\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-3417961138-2405943823-3877995022-1006\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-3417961138-2405943823-3877995022-1006\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Archivos de programa\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKU\S-1-5-21-3417961138-2405943823-3877995022-1006\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Archivos de programa\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [ClamWin] C:\Archivos de programa\ClamWin\bin\ClamTray.exe (alch)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] nwiziiiiiiiiiiiii.exe /installquiet File not found
O4 - HKLM..\Run: [PRONoMgr.exe] c:\Archivos de programa\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe (Intel(R) Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Archivos de programa\Java\jre6\bin\jusched.exe" File not found
O4 - HKLM..\Run: [SynTPLpr] C:\Archivos de programa\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TFncKy] TFncKyiiiiii.exe File not found
O4 - HKLM..\Run: [TFNF5] TFNF5iiiiiiiiii.exe File not found
O4 - HKLM..\Run: [TouchED] C:\Archivos de programa\TOSHIBA\TouchED\TouchEDiiiiiii.Exe File not found
O4 - HKLM..\Run: [TPSMain] C:\WINDOWS\System32\TPSMain.exe (TOSHIBA Corporation)
O4 - HKU\S-1-5-21-3417961138-2405943823-3877995022-1006..\Run: [SpybotSD TeaTimer] C:\Archivos de programa\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-3417961138-2405943823-3877995022-1006..\Run: [TOSCDSPD] C:\Archivos de programa\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - HKU\.DEFAULT..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil11e_ActiveX.exe (Adobe Systems, Inc.)
O4 - HKU\S-1-5-18..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil11e_ActiveX.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3417961138-2405943823-3877995022-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-3417961138-2405943823-3877995022-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Archivos de programa\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Archivos de programa\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Archivos de programa\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Archivos de programa\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Archivos de programa\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Archivos de programa\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Archivos de programa\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Archivos de programa\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Archivos de programa\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Archivos de programa\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Archivos de programa\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Archivos de programa\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Archivos de programa\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Archivos de programa\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Archivos de programa\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Archivos de programa\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Archivos de programa\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Archivos de programa\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Archivos de programa\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Archivos de programa\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Archivos de programa\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Archivos de programa\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Archivos de programa\Bonjour\mdnsNSP.dll File not found
O15 - HKU\S-1-5-21-3417961138-2405943823-3877995022-1006\..Trusted Domains: ([]msn in My Computer)
O15 - HKU\S-1-5-21-3417961138-2405943823-3877995022-1006\..Trusted Domains: gob.es ([agenciatributaria] https in Trusted sites)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{133FA5E4-7B7B-486E-A4F7-361C7D6D6924}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\Sebring: DllName - (c:\WINDOWS\System32\LgNotify.dll) - C:\WINDOWS\system32\LgNotify.dll (Intel Corporation)
O24 - Desktop Components:0 (Mi página de inicio actual) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Paula\Configuración local\Datos de programa\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Paula\Configuración local\Datos de programa\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003/10/13 08:34:10 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{67bc6ff0-5e3b-11dd-9b67-000e355fbfa7}\Shell - "" = AutoRun
O33 - MountPoints2\{67bc6ff0-5e3b-11dd-9b67-000e355fbfa7}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{9edca040-50b5-11e1-9f50-000e355fbfa7}\Shell - "" = AutoRun
O33 - MountPoints2\{9edca040-50b5-11e1-9f50-000e355fbfa7}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Toshiba Places.html
O33 - MountPoints2\{c19fe0f0-d3a2-11db-9ae4-000e355fbfa7}\Shell\AutoRun\command - "" = E:\setupSNK.exe
O33 - MountPoints2\{c79b5ca0-60a8-11dd-9b6c-000e355fbfa7}\Shell - "" = AutoRun
O33 - MountPoints2\{c79b5ca0-60a8-11dd-9b6c-000e355fbfa7}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: ROB_A - File not found
NetSvcs: CE3 - File not found
NetSvcs: btwdins - C:\WINDOWS\system32\vgasave.dll (Oak Technology Inc.)
NetSvcs: dwusbdnt - %systemroot%\system32\symidsco.dll File not found
NetSvcs: sr_watchdog - File not found
NetSvcs: oraclesnmppeerencapsulator - %systemroot%\system32\ql10wnt.dll File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\System32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\System32\l3codeca.acm (Kristal Studio)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/03/16 07:46:47 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012/03/15 07:32:24 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/03/15 07:29:31 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/03/15 07:29:31 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/03/15 07:29:31 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/03/15 07:29:31 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/03/15 07:29:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/03/15 07:29:07 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/03/15 07:28:13 | 004,436,007 | R--- | C] (Swearware) -- C:\Documents and Settings\Paula\Escritorio\ComboFix.exe
[2012/03/13 23:03:52 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/03/13 23:01:17 | 002,063,920 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Paula\Escritorio\TDSSKiller.exe
[2012/03/12 23:32:27 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Paula\Menú Inicio\Programas\Herramientas administrativas
[2012/03/12 22:51:07 | 000,000,000 | ---D | C] -- C:\Nueva carpeta (2)
[2012/03/12 22:33:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paula\Datos de programa\Malwarebytes
[2012/03/12 22:32:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menú Inicio\Programas\Malwarebytes' Anti-Malware
[2012/03/12 22:32:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Datos de programa\Malwarebytes
[2012/03/12 22:32:42 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/03/12 22:32:42 | 000,000,000 | ---D | C] -- C:\Archivos de programa\Malwarebytes' Anti-Malware
[2012/03/10 11:06:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menú Inicio\Programas\Spybot - Search & Destroy
[2012/03/10 11:06:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Datos de programa\Spybot - Search & Destroy
[2012/03/10 11:06:09 | 000,000,000 | ---D | C] -- C:\Archivos de programa\Spybot - Search & Destroy
[2012/03/10 10:46:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Datos de programa\Windows Genuine Advantage
[2012/03/09 20:09:27 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0
[2012/03/05 09:13:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Datos de programa\Google
[2012/03/05 08:59:02 | 000,281,104 | ---- | C] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\wpcap.dll
[2012/03/05 08:59:02 | 000,100,880 | ---- | C] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\Packet.dll
[2012/03/05 08:59:02 | 000,050,704 | ---- | C] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\drivers\npf.sys
[2012/03/03 20:49:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Datos de programa\Macromedia
[2012/03/03 20:49:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Datos de programa\Adobe
[2012/03/03 20:39:59 | 000,000,000 | ---D | C] -- C:\Program Files
[2012/03/02 12:04:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menú Inicio\Programas\Microsoft Silverlight
[2012/03/02 12:04:42 | 000,000,000 | ---D | C] -- C:\Archivos de programa\Microsoft Silverlight
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/03/20 22:47:40 | 000,001,098 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/20 22:47:10 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/03/19 23:04:37 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/03/16 08:39:13 | 000,001,102 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/16 08:23:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2012/03/16 08:23:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2012/03/15 23:35:37 | 000,504,656 | ---- | M] () -- C:\WINDOWS\System32\perfh00A.dat
[2012/03/15 23:35:37 | 000,090,396 | ---- | M] () -- C:\WINDOWS\System32\perfc00A.dat
[2012/03/15 23:35:36 | 000,441,124 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/03/15 23:35:36 | 000,071,060 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/03/15 07:32:33 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/03/15 07:23:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2012/03/15 07:23:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2012/03/15 07:19:01 | 004,436,007 | R--- | M] (Swearware) -- C:\Documents and Settings\Paula\Escritorio\ComboFix.exe
[2012/03/15 07:13:13 | 000,000,000 | -HS- | M] () -- C:\WINDOWS\System32\dds_trash_log.cmd
[2012/03/14 07:26:14 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/03/14 00:23:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2012/03/14 00:23:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2012/03/13 23:23:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At48.job
[2012/03/13 23:23:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At47.job
[2012/03/12 22:46:10 | 000,001,876 | ---- | M] () -- C:\Documents and Settings\All Users\Escritorio\Google Chrome.lnk
[2012/03/12 22:43:34 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At46.job
[2012/03/12 22:43:34 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At45.job
[2012/03/12 22:32:44 | 000,000,833 | ---- | M] () -- C:\Documents and Settings\All Users\Escritorio\Malwarebytes Anti-Malware.lnk
[2012/03/10 11:24:59 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2012/03/10 11:24:59 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2012/03/10 11:06:18 | 000,000,982 | ---- | M] () -- C:\Documents and Settings\Paula\Escritorio\Spybot - Search & Destroy.lnk
[2012/03/10 10:26:34 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2012/03/10 10:26:30 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2012/03/10 09:26:32 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2012/03/10 09:26:29 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2012/03/09 17:12:06 | 002,063,920 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Paula\Escritorio\TDSSKiller.exe
[2012/03/05 09:08:19 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At44.job
[2012/03/05 09:08:19 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At42.job
[2012/03/05 09:08:19 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At40.job
[2012/03/05 09:08:19 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At38.job
[2012/03/05 09:08:19 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At36.job
[2012/03/05 09:08:19 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At34.job
[2012/03/05 09:08:19 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At32.job
[2012/03/05 09:08:19 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At30.job
[2012/03/05 09:08:19 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At28.job
[2012/03/05 09:08:19 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At26.job
[2012/03/05 09:08:19 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At43.job
[2012/03/05 09:08:19 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At41.job
[2012/03/05 09:08:19 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At39.job
[2012/03/05 09:08:19 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At37.job
[2012/03/05 09:08:19 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At35.job
[2012/03/05 09:08:19 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At33.job
[2012/03/05 09:08:19 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At31.job
[2012/03/05 09:08:19 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At29.job
[2012/03/05 09:08:19 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At27.job
[2012/03/05 09:08:19 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At25.job
[2012/03/05 09:08:18 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2012/03/05 09:08:18 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
[2012/03/05 09:08:18 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2012/03/05 09:08:18 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2012/03/05 09:08:18 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2012/03/05 09:08:18 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2012/03/05 09:08:18 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2012/03/05 09:08:18 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
[2012/03/05 09:08:18 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
[2012/03/05 09:08:18 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2012/03/05 09:08:18 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2012/03/05 09:08:18 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2012/03/05 08:59:02 | 000,281,104 | ---- | M] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\wpcap.dll
[2012/03/05 08:59:02 | 000,100,880 | ---- | M] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\Packet.dll
[2012/03/05 08:59:02 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\drivers\npf.sys
[2012/02/28 12:01:01 | 000,000,298 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/02/22 20:18:13 | 000,062,976 | ---- | M] () -- C:\Documents and Settings\Paula\Configuración local\Datos de programa\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/03/15 07:32:33 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012/03/15 07:32:28 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/03/15 07:29:31 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/03/15 07:29:31 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/03/15 07:29:31 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/03/15 07:29:31 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/03/15 07:29:31 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/03/12 22:32:44 | 000,000,833 | ---- | C] () -- C:\Documents and Settings\All Users\Escritorio\Malwarebytes Anti-Malware.lnk
[2012/03/10 11:06:18 | 000,000,982 | ---- | C] () -- C:\Documents and Settings\Paula\Escritorio\Spybot - Search & Destroy.lnk
[2012/03/05 09:08:19 | 000,000,354 | ---- | C] () -- C:\WINDOWS\tasks\At48.job
[2012/03/05 09:08:19 | 000,000,354 | ---- | C] () -- C:\WINDOWS\tasks\At46.job
[2012/03/05 09:08:19 | 000,000,354 | ---- | C] () -- C:\WINDOWS\tasks\At44.job
[2012/03/05 09:08:19 | 000,000,354 | ---- | C] () -- C:\WINDOWS\tasks\At42.job
[2012/03/05 09:08:19 | 000,000,354 | ---- | C] () -- C:\WINDOWS\tasks\At40.job
[2012/03/05 09:08:19 | 000,000,354 | ---- | C] () -- C:\WINDOWS\tasks\At38.job
[2012/03/05 09:08:19 | 000,000,354 | ---- | C] () -- C:\WINDOWS\tasks\At36.job
[2012/03/05 09:08:19 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At47.job
[2012/03/05 09:08:19 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At45.job
[2012/03/05 09:08:19 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At43.job
[2012/03/05 09:08:19 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At41.job
[2012/03/05 09:08:19 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At39.job
[2012/03/05 09:08:19 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At37.job
[2012/03/05 09:08:19 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At35.job
[2012/03/05 09:08:18 | 000,000,354 | ---- | C] () -- C:\WINDOWS\tasks\At8.job
[2012/03/05 09:08:18 | 000,000,354 | ---- | C] () -- C:\WINDOWS\tasks\At6.job
[2012/03/05 09:08:18 | 000,000,354 | ---- | C] () -- C:\WINDOWS\tasks\At34.job
[2012/03/05 09:08:18 | 000,000,354 | ---- | C] () -- C:\WINDOWS\tasks\At32.job
[2012/03/05 09:08:18 | 000,000,354 | ---- | C] () -- C:\WINDOWS\tasks\At30.job
[2012/03/05 09:08:18 | 000,000,354 | ---- | C] () -- C:\WINDOWS\tasks\At28.job
[2012/03/05 09:08:18 | 000,000,354 | ---- | C] () -- C:\WINDOWS\tasks\At26.job
[2012/03/05 09:08:18 | 000,000,354 | ---- | C] () -- C:\WINDOWS\tasks\At24.job
[2012/03/05 09:08:18 | 000,000,354 | ---- | C] () -- C:\WINDOWS\tasks\At22.job
[2012/03/05 09:08:18 | 000,000,354 | ---- | C] () -- C:\WINDOWS\tasks\At20.job
[2012/03/05 09:08:18 | 000,000,354 | ---- | C] () -- C:\WINDOWS\tasks\At18.job
[2012/03/05 09:08:18 | 000,000,354 | ---- | C] () -- C:\WINDOWS\tasks\At16.job
[2012/03/05 09:08:18 | 000,000,354 | ---- | C] () -- C:\WINDOWS\tasks\At14.job
[2012/03/05 09:08:18 | 000,000,354 | ---- | C] () -- C:\WINDOWS\tasks\At12.job
[2012/03/05 09:08:18 | 000,000,354 | ---- | C] () -- C:\WINDOWS\tasks\At10.job
[2012/03/05 09:08:18 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At9.job
[2012/03/05 09:08:18 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At7.job
[2012/03/05 09:08:18 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At5.job
[2012/03/05 09:08:18 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At33.job
[2012/03/05 09:08:18 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At31.job
[2012/03/05 09:08:18 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At29.job
[2012/03/05 09:08:18 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At27.job
[2012/03/05 09:08:18 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At25.job
[2012/03/05 09:08:18 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At23.job
[2012/03/05 09:08:18 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At21.job
[2012/03/05 09:08:18 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At19.job
[2012/03/05 09:08:18 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At17.job
[2012/03/05 09:08:18 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At15.job
[2012/03/05 09:08:18 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At13.job
[2012/03/05 09:08:18 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At11.job
[2012/03/05 09:08:17 | 000,000,354 | ---- | C] () -- C:\WINDOWS\tasks\At4.job
[2012/03/05 09:08:17 | 000,000,354 | ---- | C] () -- C:\WINDOWS\tasks\At2.job
[2012/03/05 09:08:17 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At3.job
[2012/03/05 09:08:17 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2012/03/03 20:49:27 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/03/03 20:33:04 | 000,000,000 | -HS- | C] () -- C:\WINDOWS\System32\dds_trash_log.cmd
[2012/01/26 20:36:38 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2011/12/21 20:05:06 | 000,038,668 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/05/22 11:36:44 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\adedinet.dll
[2010/06/27 10:13:11 | 000,010,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS

(continues)
 
(OTL.txt continues)

========== LOP Check ==========

[2009/02/25 19:59:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\Autodesk
[2009/06/06 12:01:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\EPSON
[2009/06/06 12:08:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\UDL
[2004/12/23 21:31:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\Viewpoint
[2011/08/27 18:57:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/02/02 11:49:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paula\Datos de programa\Autodesk
[2010/12/17 20:26:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paula\Datos de programa\EPSON
[2008/10/31 10:26:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paula\Datos de programa\ICAClient
[2009/02/08 17:59:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paula\Datos de programa\InterVideo
[2008/07/30 14:31:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paula\Datos de programa\Telefónica Móviles
[2012/03/14 00:23:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job
[2012/03/05 09:08:18 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\At10.job
[2012/03/05 09:08:18 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At11.job
[2012/03/05 09:08:18 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\At12.job
[2012/03/05 09:08:18 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At13.job
[2012/03/05 09:08:18 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\At14.job
[2012/03/15 07:23:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At15.job
[2012/03/15 07:23:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\At16.job
[2012/03/16 08:23:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At17.job
[2012/03/16 08:23:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\At18.job
[2012/03/10 09:26:29 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At19.job
[2012/03/14 00:23:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\At2.job
[2012/03/10 09:26:32 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\At20.job
[2012/03/10 10:26:34 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At21.job
[2012/03/10 10:26:30 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\At22.job
[2012/03/10 11:24:59 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At23.job
[2012/03/10 11:24:59 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\At24.job
[2012/03/05 09:08:19 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At25.job
[2012/03/05 09:08:19 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\At26.job
[2012/03/05 09:08:19 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At27.job
[2012/03/05 09:08:19 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\At28.job
[2012/03/05 09:08:19 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At29.job
[2012/03/05 09:08:18 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At3.job
[2012/03/05 09:08:19 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\At30.job
[2012/03/05 09:08:19 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At31.job
[2012/03/05 09:08:19 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\At32.job
[2012/03/05 09:08:19 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At33.job
[2012/03/05 09:08:19 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\At34.job
[2012/03/05 09:08:19 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At35.job
[2012/03/05 09:08:19 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\At36.job
[2012/03/05 09:08:19 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At37.job
[2012/03/05 09:08:19 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\At38.job
[2012/03/05 09:08:19 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At39.job
[2012/03/05 09:08:18 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\At4.job
[2012/03/05 09:08:19 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\At40.job
[2012/03/05 09:08:19 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At41.job
[2012/03/05 09:08:19 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\At42.job
[2012/03/05 09:08:19 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At43.job
[2012/03/05 09:08:19 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\At44.job
[2012/03/12 22:43:34 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At45.job
[2012/03/12 22:43:34 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\At46.job
[2012/03/13 23:23:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At47.job
[2012/03/13 23:23:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\At48.job
[2012/03/05 09:08:18 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At5.job
[2012/03/05 09:08:18 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\At6.job
[2012/03/05 09:08:18 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At7.job
[2012/03/05 09:08:18 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\At8.job
[2012/03/05 09:08:18 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At9.job

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2003/10/13 08:34:10 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2004/12/22 20:47:10 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2012/03/15 07:32:33 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2002/09/10 21:00:00 | 000,004,952 | RHS- | M] () -- C:\Bootfont.bin
[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2003/10/13 08:34:10 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2003/10/13 08:34:10 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2003/10/13 08:34:10 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/12/22 20:40:38 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2004/12/22 20:40:38 | 000,250,640 | RHS- | M] () -- C:\ntldr
[2012/03/20 22:46:59 | 805,306,368 | -HS- | M] () -- C:\pagefile.sys
[2004/03/17 10:53:44 | 000,000,183 | -H-- | M] () -- C:\SWSTAMP.TXT
[2012/03/16 07:34:39 | 000,050,636 | ---- | M] () -- C:\TDSSKiller.2.7.20.0_16.03.2012_07.31.44_log.txt
[2012/03/10 11:03:37 | 323,586,088 | ---- | M] (Microsoft Corporation) -- C:\WindowsXP-KB936929-SP3-x86-ESN.exe

< %systemroot%\Fonts\*.com >
[2006/04/18 14:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 13:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 14:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 13:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2003/10/13 08:33:36 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 13:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2007/04/09 13:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
[2008/07/06 11:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2003/10/23 15:17:52 | 000,053,248 | ---- | M] (TOSHIBA) -- C:\WINDOWS\cfdemo.scr
[2003/09/19 00:15:54 | 000,053,248 | ---- | M] (TOSHIBA) -- C:\WINDOWS\cfscr.scr
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >
[2010/05/08 10:56:02 | 000,001,530 | -H-- | M] () -- C:\Documents and Settings\Paula\Datos de programa\Microsoft\LastFlashConfig.WFC

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2003/10/13 10:24:30 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2003/10/13 10:24:30 | 000,610,304 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2003/10/13 10:24:29 | 000,397,312 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2004/12/22 20:54:51 | 000,000,198 | -HS- | M] () -- C:\Documents and Settings\Paula\Datos de programa\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2004/12/22 18:15:33 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Paula\Datos de programa\Microsoft\Internet Explorer\Quick Launch\Mostrar escritorio.scf

< %USERPROFILE%\Desktop\*.exe >

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\tasks\*.* >
[2012/02/28 12:01:01 | 000,000,298 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/03/14 00:23:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2012/03/05 09:08:18 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2012/03/05 09:08:18 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2012/03/05 09:08:18 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2012/03/05 09:08:18 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2012/03/05 09:08:18 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2012/03/15 07:23:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2012/03/15 07:23:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2012/03/16 08:23:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2012/03/16 08:23:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2012/03/10 09:26:29 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2012/03/14 00:23:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2012/03/10 09:26:32 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2012/03/10 10:26:34 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2012/03/10 10:26:30 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2012/03/10 11:24:59 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2012/03/10 11:24:59 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2012/03/05 09:08:19 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At25.job
[2012/03/05 09:08:19 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At26.job
[2012/03/05 09:08:19 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At27.job
[2012/03/05 09:08:19 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At28.job
[2012/03/05 09:08:19 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At29.job
[2012/03/05 09:08:18 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2012/03/05 09:08:19 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At30.job
[2012/03/05 09:08:19 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At31.job
[2012/03/05 09:08:19 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At32.job
[2012/03/05 09:08:19 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At33.job
[2012/03/05 09:08:19 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At34.job
[2012/03/05 09:08:19 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At35.job
[2012/03/05 09:08:19 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At36.job
[2012/03/05 09:08:19 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At37.job
[2012/03/05 09:08:19 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At38.job
[2012/03/05 09:08:19 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At39.job
[2012/03/05 09:08:18 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2012/03/05 09:08:19 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At40.job
[2012/03/05 09:08:19 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At41.job
[2012/03/05 09:08:19 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At42.job
[2012/03/05 09:08:19 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At43.job
[2012/03/05 09:08:19 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At44.job
[2012/03/12 22:43:34 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At45.job
[2012/03/12 22:43:34 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At46.job
[2012/03/13 23:23:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At47.job
[2012/03/13 23:23:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At48.job
[2012/03/05 09:08:18 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
[2012/03/05 09:08:18 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
[2012/03/05 09:08:18 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
[2012/03/05 09:08:18 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2012/03/05 09:08:18 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2002/09/10 21:00:00 | 000,000,065 | RH-- | M] () -- C:\WINDOWS\tasks\desktop.ini
[2012/03/20 22:47:40 | 000,001,098 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/16 08:39:13 | 000,001,102 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/20 22:47:30 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >
[2011/05/22 11:35:48 | 005,838,848 | ---- | M] (AEAT) -- C:\Documents and Settings\Paula\Actualizacion_Renta2010_windows_1_20.exe

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2012/03/20 22:47:36 | 000,917,504 | ---- | M] () -- C:\Documents and Settings\Paula\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2004/08/11 21:24:40 | 000,192,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >
[2004/08/19 23:41:57 | 000,028,672 | ---- | M] (Microsoft Corporation) -- C:\Archivos de programa\Messenger\custsat.dll
[2002/08/20 11:32:18 | 000,004,821 | ---- | M] () -- C:\Archivos de programa\Messenger\logowin.gif
[2002/08/20 11:32:18 | 000,007,047 | ---- | M] () -- C:\Archivos de programa\Messenger\lvback.gif
[2002/04/11 10:57:58 | 000,000,985 | ---- | M] () -- C:\Archivos de programa\Messenger\mailtmpl.txt
[2008/05/02 15:24:23 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Archivos de programa\Messenger\msgsc.dll
[2004/08/19 23:39:26 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Archivos de programa\Messenger\msgslang.dll
[2004/10/13 17:24:37 | 001,694,208 | ---- | M] (Microsoft Corporation) -- C:\Archivos de programa\Messenger\msmsgs.exe
[2002/08/20 14:08:38 | 000,069,663 | ---- | M] (Microsoft Corporation) -- C:\Archivos de programa\Messenger\msmsgsin.exe
[2002/09/10 21:00:00 | 000,002,882 | ---- | M] () -- C:\Archivos de programa\Messenger\newalert.wav
[2002/09/10 21:00:00 | 000,006,156 | ---- | M] () -- C:\Archivos de programa\Messenger\newemail.wav
[2002/09/10 21:00:00 | 000,006,160 | ---- | M] () -- C:\Archivos de programa\Messenger\online.wav
[2002/08/20 11:32:20 | 000,004,454 | ---- | M] () -- C:\Archivos de programa\Messenger\type.wav
[2004/07/17 19:35:15 | 000,126,477 | ---- | M] () -- C:\Archivos de programa\Messenger\xpmsgr.chm

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

< MD5 for: I8042PRT.SYS >
[2002/09/10 21:00:00 | 010,180,710 | ---- | M] () .cab file -- C:\I386\sp1.cab:i8042prt.sys
[2002/09/10 21:00:00 | 010,180,710 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:i8042prt.sys
[2004/12/22 20:37:30 | 022,285,982 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:i8042prt.sys
[2004/12/22 20:37:30 | 022,285,982 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:i8042prt.sys
[2004/08/19 23:23:40 | 000,053,760 | ---- | M] (Microsoft Corporation) MD5=0CAB3EE361CFEAB260B3906C8B6FB2BE -- C:\WINDOWS\ServicePackFiles\i386\i8042prt.sys
[2012/03/16 07:36:07 | 000,053,760 | ---- | M] (Microsoft Corporation) MD5=0CAB3EE361CFEAB260B3906C8B6FB2BE -- C:\WINDOWS\system32\drivers\i8042prt.sys
[2002/09/10 21:00:00 | 000,052,096 | ---- | M] (Microsoft Corporation) MD5=16466F7DF4DA68EF8687EA4AE4699FFD -- C:\WINDOWS\$NtServicePackUninstall$\i8042prt.sys
[2002/09/10 21:00:00 | 000,052,096 | ---- | M] (Microsoft Corporation) MD5=16466F7DF4DA68EF8687EA4AE4699FFD -- C:\WINDOWS\system32\ReinstallBackups\0008\DriverFiles\i386\i8042prt.sys
[2008/04/14 02:52:35 | 000,053,504 | ---- | M] (Microsoft Corporation) MD5=4A2490A66E8271901E89DD5FB79748AE -- C:\WINDOWS\SoftwareDistribution\Download\2aeaf54e7e4b5f583622470fe7c5fdef\i8042prt.sys

< MD5 for: MRXSMB.SYS >
[2002/09/10 21:00:00 | 010,180,710 | ---- | M] () .cab file -- C:\I386\sp1.cab:mrxsmb.sys
[2002/09/10 21:00:00 | 010,180,710 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:mrxsmb.sys
[2004/12/22 20:37:30 | 022,285,982 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:mrxsmb.sys
[2004/12/22 20:37:30 | 022,285,982 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:mrxsmb.sys
[2006/05/05 10:41:45 | 000,453,120 | ---- | M] (Microsoft Corporation) MD5=025AF03CE51645C62F3B6907A7E2BE5E -- C:\WINDOWS\$NtUninstallKB957097$\mrxsmb.sys
[2004/08/04 07:15:16 | 000,451,456 | ---- | M] (Microsoft Corporation) MD5=1FD607FC67F7F7C633C3DA65BFC53D18 -- C:\WINDOWS\$NtUninstallKB885835$\mrxsmb.sys
[2004/08/04 07:15:16 | 000,451,456 | ---- | M] (Microsoft Corporation) MD5=1FD607FC67F7F7C633C3DA65BFC53D18 -- C:\WINDOWS\ServicePackFiles\i386\mrxsmb.sys
[2009/12/04 14:37:07 | 000,456,832 | ---- | M] (Microsoft Corporation) MD5=31422F271B5F3E257339541E76569A00 -- C:\WINDOWS\$hf_mig$\KB978251\SP2QFE\mrxsmb.sys
[2010/02/24 13:48:23 | 000,457,216 | ---- | M] (Microsoft Corporation) MD5=3500E756812E716351F2D341AE1D5623 -- C:\WINDOWS\$hf_mig$\KB980232\SP2QFE\mrxsmb.sys
[2009/12/04 19:22:22 | 000,455,424 | ---- | M] (Microsoft Corporation) MD5=421F7B922CEC5A5F340E7574A98F7B7C -- C:\WINDOWS\$hf_mig$\KB978251\SP3GDR\mrxsmb.sys
[2005/01/19 05:26:52 | 000,451,584 | ---- | M] (Microsoft Corporation) MD5=5DDC9A1B2EB5A4BF010CE8C019A18C1F -- C:\WINDOWS\$NtUninstallKB914389$\mrxsmb.sys
[2009/12/04 18:25:56 | 000,456,832 | ---- | M] (Microsoft Corporation) MD5=602549D1E8A622E5746991F6C56B21CA -- C:\WINDOWS\$hf_mig$\KB978251\SP3QFE\mrxsmb.sys
[2008/10/24 12:21:09 | 000,455,296 | ---- | M] (Microsoft Corporation) MD5=60AE98742484E7AB80C3C1450E708148 -- C:\WINDOWS\$hf_mig$\KB957097\SP3GDR\mrxsmb.sys
[2008/04/13 20:17:01 | 000,456,576 | ---- | M] (Microsoft Corporation) MD5=68755F0FF16070178B54674FE5B847B0 -- C:\WINDOWS\SoftwareDistribution\Download\2aeaf54e7e4b5f583622470fe7c5fdef\mrxsmb.sys
[2008/10/24 12:10:42 | 000,453,632 | ---- | M] (Microsoft Corporation) MD5=6F2D483B97B395544E59749C47963C6A -- C:\WINDOWS\$NtUninstallKB978251$\mrxsmb.sys
[2008/10/24 12:41:11 | 000,455,936 | ---- | M] (Microsoft Corporation) MD5=7170AB42B51954DEF2781A4D1CCE65F4 -- C:\WINDOWS\$hf_mig$\KB957097\SP3QFE\mrxsmb.sys
[2006/05/05 11:16:39 | 000,454,400 | ---- | M] (Microsoft Corporation) MD5=7412CE77C6FD823F8889B4DF420C680B -- C:\WINDOWS\$hf_mig$\KB914389\SP2QFE\mrxsmb.sys
[2002/09/10 21:00:00 | 000,407,552 | ---- | M] (Microsoft Corporation) MD5=7A3A2BE44E12E2ABDE1AF891E83AC130 -- C:\WINDOWS\$NtUninstallQ810577$\mrxsmb.sys
[2005/01/19 04:51:57 | 000,451,584 | ---- | M] (Microsoft Corporation) MD5=7B195060FF456FA65954C72C5C1640FF -- C:\WINDOWS\$hf_mig$\KB885250\SP2QFE\mrxsmb.sys
[2004/10/28 02:15:16 | 000,448,128 | ---- | M] (Microsoft Corporation) MD5=A1BE3CB080DCC0A8270D21E3CA3B7005 -- C:\WINDOWS\$hf_mig$\KB885835\SP2QFE\mrxsmb.sys
[2004/10/28 02:14:18 | 000,448,128 | ---- | M] (Microsoft Corporation) MD5=C9D17DAA82B917CF2FD6E4F595974934 -- C:\WINDOWS\$hf_mig$\KB885835\SP2GDR\mrxsmb.sys
[2004/10/28 02:14:18 | 000,448,128 | ---- | M] (Microsoft Corporation) MD5=C9D17DAA82B917CF2FD6E4F595974934 -- C:\WINDOWS\$NtUninstallKB885250$\mrxsmb.sys
[2008/10/24 12:25:29 | 000,455,936 | ---- | M] (Microsoft Corporation) MD5=D07DA410091143336DAE419A921AAE2B -- C:\WINDOWS\$hf_mig$\KB957097\SP2QFE\mrxsmb.sys
[2010/02/24 12:57:57 | 000,457,216 | ---- | M] (Microsoft Corporation) MD5=D09B9F0B9960DD41E73127B7814C115F -- C:\WINDOWS\$hf_mig$\KB980232\SP3QFE\mrxsmb.sys
[2002/11/18 10:27:40 | 000,392,576 | ---- | M] (Microsoft Corporation) MD5=D4BD5EF775AD4FB0B8E3786F674DABDD -- C:\WINDOWS\$NtUninstallKB885835_0$\mrxsmb.sys
[2004/10/12 17:22:52 | 000,436,608 | ---- | M] (Microsoft Corporation) MD5=E5D956E9839C75CCABDDEDC07E17670C -- C:\WINDOWS\$NtServicePackUninstall$\mrxsmb.sys
[2010/02/24 14:11:07 | 000,455,680 | ---- | M] (Microsoft Corporation) MD5=F3AEFB11ABC521122B67095044169E98 -- C:\WINDOWS\$hf_mig$\KB980232\SP3GDR\mrxsmb.sys
[2009/12/04 15:41:55 | 000,453,760 | ---- | M] (Microsoft Corporation) MD5=F9692BE777822AB3F1A91C34728786DA -- C:\WINDOWS\$NtUninstallKB980232$\mrxsmb.sys
[2010/02/24 13:31:30 | 000,454,016 | ---- | M] (Microsoft Corporation) MD5=FB6C89BB3CE282B08BDB1E3C179E1C39 -- C:\WINDOWS\Driver Cache\i386\mrxsmb.sys
[2010/02/24 13:31:30 | 000,454,016 | ---- | M] (Microsoft Corporation) MD5=FB6C89BB3CE282B08BDB1E3C179E1C39 -- C:\WINDOWS\system32\dllcache\mrxsmb.sys
[2012/03/14 06:39:05 | 000,454,016 | ---- | M] (Microsoft Corporation) MD5=FB6C89BB3CE282B08BDB1E3C179E1C39 -- C:\WINDOWS\system32\drivers\mrxsmb.sys

< MD5 for: NETBT.SYS >
[2004/08/04 07:14:37 | 000,162,816 | ---- | M] (Microsoft Corporation) MD5=0C80E410CD2F47134407EE7DD19CC86B -- C:\WINDOWS\ServicePackFiles\i386\netbt.sys
[2004/08/04 07:14:37 | 000,162,816 | ---- | M] (Microsoft Corporation) MD5=0C80E410CD2F47134407EE7DD19CC86B -- C:\WINDOWS\system32\dllcache\netbt.sys
[2004/08/04 07:14:37 | 000,162,816 | ---- | M] (Microsoft Corporation) MD5=0C80E410CD2F47134407EE7DD19CC86B -- C:\WINDOWS\system32\drivers\netbt.sys
[2008/04/13 20:21:00 | 000,162,816 | ---- | M] (Microsoft Corporation) MD5=74B2B2F5BEA5E9A3DC021D685551BD3D -- C:\WINDOWS\SoftwareDistribution\Download\2aeaf54e7e4b5f583622470fe7c5fdef\netbt.sys
[2002/09/10 21:00:00 | 000,157,056 | ---- | M] (Microsoft Corporation) MD5=D96F3BC5A6E7452B0E3275B560DC8528 -- C:\WINDOWS\$NtServicePackUninstall$\netbt.sys

< >

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\WINDOWS\$NtUninstallKB10188$] -> Error: Cannot create file handle -> Unknown point type

< End of report >
 
Extras.txt

OTL Extras logfile created on: 20/03/2012 23:14:20 - Run 1
OTL by OldTimer - Version 3.2.39.1 Folder = C:\Nueva carpeta
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C0A | Country: España | Language: ESN | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 1,59 Gb Available Physical Memory | 79,66% Memory free
2,60 Gb Paging File | 2,38 Gb Available in Paging File | 91,35% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Archivos de programa
Drive C: | 55,89 Gb Total Space | 19,67 Gb Free Space | 35,19% Space Free | Partition Type: NTFS
Drive E: | 1,83 Gb Total Space | 1,83 Gb Free Space | 100,00% Space Free | Partition Type: FAT

Computer Name: TOSHIBA | User Name: Paula | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_USERS\S-1-5-21-3417961138-2405943823-3877995022-1006\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Archivos de programa\Google\Google Talk\googletalk.exe" = C:\Archivos de programa\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk -- (Google)
"C:\Archivos de programa\Autodesk\3ds Max 9\3dsmax.exe" = C:\Archivos de programa\Autodesk\3ds Max 9\3dsmax.exe:*:Enabled:Autodesk 3ds Max 9 32-bit -- (Autodesk, Inc.)
"C:\Archivos de programa\Autodesk\Backburner\monitor.exe" = C:\Archivos de programa\Autodesk\Backburner\monitor.exe:*:Enabled:backburner 2.3 monitor -- (Autodesk, Inc.)
"C:\Archivos de programa\Autodesk\Backburner\manager.exe" = C:\Archivos de programa\Autodesk\Backburner\manager.exe:*:Enabled:backburner 2.3 manager -- (Autodesk, Inc.)
"C:\Archivos de programa\Autodesk\Backburner\server.exe" = C:\Archivos de programa\Autodesk\Backburner\server.exe:*:Enabled:backburner 2.3 server -- (Autodesk, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{188BA1CC-F3A1-49B0-A34D-8C861C64E1AE}" = Manuales de TOSHIBA
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{26A24AE4-039D-4CA4-87B4-2F83216013F0}" = Java(TM) 6 Update 13
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{350C9C0A-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3CF0858D-1AC5-4308-9DE7-AD15288A8BDC}" = Consola de Toshiba
"{3D347E6D-5A03-4342-B5BA-6A771885F379}" = Backburner
"{405C32CF-9C6F-49B3-9436-3F5FDBE7B3CE}" = Microsoft .NET Framework 2.0 Language Pack - ESN
"{4815AD3B-EFF3-4515-9A57-9FA13A547B6E}" = Autoliquidación Plusvalía
"{48CF9A66-5F03-4025-ABD0-B3A3FA095A59}" = Formato de tarjeta de memoria SD de TOSHIBA
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5339885F-4597-4343-BD3B-74280CC79424}" = VideoImpression
"{5380063E-2909-4d72-BFA3-625881F2E78B}" = Intel(R) PROSet for Wireless
"{5783F2D7-0134-040A-0002-0060B0CE6BBA}" = Autodesk Architectural Desktop 3.3 - Español
"{5783F2D7-0301-040A-0002-0060B0CE6BBA}" = AutoCAD 2005 - Español
"{69995C7A-062A-4A90-A4DF-8C22895DF522}" = iTunes
"{7148F0A8-6813-11D6-A77B-00B0D0142000}" = Java 2 Runtime Environment, SE v1.4.2
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{7148F0A8-6813-11D6-A77B-00B0D0142040}" = Java 2 Runtime Environment, SE v1.4.2_04
"{7148F0A8-6813-11D6-A77B-00B0D0142060}" = Java 2 Runtime Environment, SE v1.4.2_06
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7959721D-8268-4565-9E0E-C41A9F4848A9}" = Controladores de sonido SigmaTel AC97
"{7C8B5E63-821A-4DFB-BDFA-19854D88EC5C}" = 3dsmax ancillary install
"{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page
"{83169D43-4660-4347-BC95-E9D6E6BE65CE}" = Microsoft .NET Framework 1.1 Spanish Language Pack
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90110C0A-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{91A10C0A-6000-11D3-8CFE-0150048383C9}" = Microsoft Office OneNote 2003
"{98E8A2EF-4EAE-43B8-A172-74842B764777}" = InterVideo WinDVD 4
"{9A346205-EA92-4406-B1AB-50379DA3F057}" = Autodesk DWF Viewer 7
"{9E1DDBE7-BF44-4AC8-87CA-3D25FC63C6E1}" = Windows Live installer
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = Silenciador de unidad de CD/DVD
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A6690C0E-B96E-4F0F-A8EB-D5B332454AC6}" = TOSHIBA Controls
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-0000-0000-0000-6028747ADE01}" = Adobe Acrobat - Reader 6.0.2 Update
"{AC76BA86-1033-0000-7760-000000000001}" = Adobe Acrobat 6.0.1 Professional
"{AC76BA86-7AD7-1034-7B44-A95000000001}" = Adobe Reader 9.5.0 - Español
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}" = TOSHIBA ConfigFree
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C49067A8-8212-4A82-A4D9-1519701644F0}" = Cliente Citrix Presentation Server - Web solamente
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D03482C5-9AD8-496D-B388-692AE04C93AF}" = Bonjour
"{DEDB47A3-C988-4A43-A645-E2CEA571E680}" = Epson Easy Photo Print 2
"{E96D4088-AAC5-437F-9E39-EC0E387897B4}" = Autodesk 3ds Max 9 32-bit
"{ED703EEA-0E02-4A77-ABD0-F0986C4AF2E6}" = WinZip 9.0
"{F6869CD2-3DB4-476D-A4C7-B3AE7C3ACF7B}" = Windows Media Connect
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = Extensión de HighMAT para el Asistente para grabación de CD de Microsoft Windows XP
"2359-2070-3006-7938" = Renta2010 1.20
"3971-4815-1971-1205" = Renta2009 1.10
"Adobe Atmosphere Player" = Adobe Atmosphere Player for Acrobat and Adobe Reader
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AnswerWorks 3.0" = AnswerWorks Runtime
"BSPlayer1" = BSPlayer
"ClamWin Free Antivirus_is1" = ClamWin Free Antivirus 0.97.3
"EPSON Scanner" = EPSON Scan
"EPSON Stylus SX100_TX100 Manual de usuario" = EPSON Stylus SX100_TX100 Manual
"EPSON SX100 Series" = EPSON SX100 Series Printer Uninstall
"FBX Plugin 2006.08 for Max 9.0" = FBX Plugin 2006.08 for Max 9.0
"Google Chrome" = Google Chrome
"Google Updater" = Google Updater
"HP DeskJet 720C Series" = HP DeskJet Serie 720C (Quitar sólo)
"ie8" = Windows Internet Explorer 8
"LMS" = C-Dilla Licence Management System
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware versión 1.60.1.1000
"Menfis 5.6" = Menfis 5.6
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0 Language Pack - ESN" = Paquete de idioma de Microsoft .NET Framework 2.0 - ESN
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Nero - Burning Rom!UninstallKey" = Nero 6
"NVIDIA" = NVIDIA Windows 2000/XP Display Drivers
"Power Saver" = Ahorro de energía de TOSHIBA
"PROSet" = Intel(R) Network Connections Drivers
"RENT2005" = RENTA 2005
"RENT2008" = RENTA 2008
"RRK32.EXE" = El Conejo Lector - Kinder
"Shockwave" = Shockwave
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TDspBtn" = Utilidad de cambio de dispositivo de visualización de TOSHIBA
"TFNF5" = Utilidad de tecla directa TOSHIBA para dispositivos de pantalla
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"TOSHIBA Utilities" = TOSHIBA Utilities
"TouchED" = Utilidad de activación/desactivación de panel táctil de TOSHIBA V2.05.00
"Volo View Express" = Volo View Express
"WIC" = Windows Imaging Component
"Windows Media Connect" = Windows Media Connect
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Reproductor de Windows Media 10
"Windows XP Service Pack" = Windows XP Service Pack 2
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 16/03/2012 2:30:11 | Computer Name = TOSHIBA | Source = PerfNet | ID = 2002
Description = No se puede abrir el servicio Redirector. No se devolverán datos de
rendimiento
del redirector. El código de error devuelto está en los datos DWORD 0.

Error - 16/03/2012 3:06:12 | Computer Name = TOSHIBA | Source = PerfNet | ID = 2002
Description = No se puede abrir el servicio Redirector. No se devolverán datos de
rendimiento
del redirector. El código de error devuelto está en los datos DWORD 0.

Error - 19/03/2012 18:05:41 | Computer Name = TOSHIBA | Source = PerfNet | ID = 2002
Description = No se puede abrir el servicio Redirector. No se devolverán datos de
rendimiento
del redirector. El código de error devuelto está en los datos DWORD 0.

Error - 20/03/2012 17:48:08 | Computer Name = TOSHIBA | Source = PerfNet | ID = 2002
Description = No se puede abrir el servicio Redirector. No se devolverán datos de
rendimiento
del redirector. El código de error devuelto está en los datos DWORD 0.

[ System Events ]
Error - 20/03/2012 17:48:38 | Computer Name = TOSHIBA | Source = Service Control Manager | ID = 7023
Description = El servicio NLA (Network Location Awareness) terminó con el error:
%%127

Error - 20/03/2012 17:48:38 | Computer Name = TOSHIBA | Source = Service Control Manager | ID = 7023
Description = El servicio NLA (Network Location Awareness) terminó con el error:
%%127

Error - 20/03/2012 17:48:38 | Computer Name = TOSHIBA | Source = Service Control Manager | ID = 7023
Description = El servicio NLA (Network Location Awareness) terminó con el error:
%%127

Error - 20/03/2012 17:48:39 | Computer Name = TOSHIBA | Source = Workstation | ID = 5727
Description = No se puede cargar el controlador de dispositivo MRxSmb.

Error - 20/03/2012 17:48:39 | Computer Name = TOSHIBA | Source = Workstation | ID = 5727
Description = No se puede cargar el controlador de dispositivo RDR.

Error - 20/03/2012 17:48:39 | Computer Name = TOSHIBA | Source = Service Control Manager | ID = 7024
Description = El servicio Estación de trabajo terminó con el error específico de
servicio 2250 (0x8CA).

Error - 20/03/2012 17:48:39 | Computer Name = TOSHIBA | Source = Service Control Manager | ID = 7001
Description = El servicio Examinador de equipos depende del servicio Estación de
trabajo, el cual no pudo iniciarse debido al siguiente error: %%1066

Error - 20/03/2012 17:48:40 | Computer Name = TOSHIBA | Source = Service Control Manager | ID = 7023
Description = El servicio NLA (Network Location Awareness) terminó con el error:
%%127

Error - 20/03/2012 18:23:00 | Computer Name = TOSHIBA | Source = Schedule | ID = 7901
Description = No se puede ejecutar el comando At47.job debido al siguiente error:
%%2147942402

Error - 20/03/2012 18:23:00 | Computer Name = TOSHIBA | Source = Schedule | ID = 7901
Description = No se puede ejecutar el comando At48.job debido al siguiente error:
%%2147942402


< End of report >
 
For 32-bit systems please download GrantPerms.zip and save it to your desktop.
For 64-bit systems please download GrantPerms64.zip and save it to your desktop.
Unzip the file and depending on the system run GrantPerms.exe or GrantPerms64.exe
Copy and paste the following in the edit box:

Code:
C:\WINDOWS\$NtUninstallKB10188$

Click Unlock. When it is done click "OK".
Click List Permissions and post the result of Perms.txt file that pops up.
A copy of Perms.txt will be saved in the same directory the tool is run.

=====================================================================

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code:
    :OTL
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ql10wnt.dll -- (oraclesnmppeerencapsulator)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\symidsco.dll -- (dwusbdnt)
    SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKU\S-1-5-21-3417961138-2405943823-3877995022-1006\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    O3 - HKU\S-1-5-21-3417961138-2405943823-3877995022-1006\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O4 - HKLM..\Run: [nwiz] nwiziiiiiiiiiiiii.exe /installquiet File not found
    O4 - HKLM..\Run: [TFncKy] TFncKyiiiiii.exe File not found
    O4 - HKLM..\Run: [TFNF5] TFNF5iiiiiiiiii.exe File not found
    O4 - HKLM..\Run: [TouchED] C:\Archivos de programa\TOSHIBA\TouchED\TouchEDiiiiiii.Exe File not found
    O15 - HKU\S-1-5-21-3417961138-2405943823-3877995022-1006\..Trusted Domains: ([]msn in My Computer)
    O15 - HKU\S-1-5-21-3417961138-2405943823-3877995022-1006\..Trusted Domains: gob.es ([agenciatributaria] https in Trusted sites)
    O33 - MountPoints2\{67bc6ff0-5e3b-11dd-9b67-000e355fbfa7}\Shell - "" = AutoRun
    O33 - MountPoints2\{67bc6ff0-5e3b-11dd-9b67-000e355fbfa7}\Shell\AutoRun\command - "" = E:\AutoRun.exe
    O33 - MountPoints2\{9edca040-50b5-11e1-9f50-000e355fbfa7}\Shell - "" = AutoRun
    O33 - MountPoints2\{9edca040-50b5-11e1-9f50-000e355fbfa7}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Toshiba Places.html
    O33 - MountPoints2\{c19fe0f0-d3a2-11db-9ae4-000e355fbfa7}\Shell\AutoRun\command - "" = E:\setupSNK.exe
    O33 - MountPoints2\{c79b5ca0-60a8-11dd-9b6c-000e355fbfa7}\Shell - "" = AutoRun
    O33 - MountPoints2\{c79b5ca0-60a8-11dd-9b6c-000e355fbfa7}\Shell\AutoRun\command - "" = E:\AutoRun.exe
    [2012/03/15 07:13:13 | 000,000,000 | -HS- | M] () -- C:\WINDOWS\System32\dds_trash_log.cmd
    
    :Files
    C:\WINDOWS\tasks\At*.job
    
    :Commands
    [purity]
    [emptytemp]
    [emptyjava]
    [emptyflash]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply. Only one log will be created.
 
Here it comes:

GrantPerms output:

GrantPerms by Farbar
Ran by Paula (administrator) at 2012-03-21 06:58:36

===============================================
\\?\C:\WINDOWS\$NtUninstallKB10188$

Owner: BUILTIN\Administradores

DACL(P)(AI):
BUILTIN\Administradores FULL ALLOW (CI)(OI)
NT AUTHORITY\SYSTEM FULL ALLOW (CI)(OI)
BUILTIN\Usuarios READ/EXECUTE ALLOW (CI)(OI)



OTL fix output:


All processes killed
========== OTL ==========
Service oraclesnmppeerencapsulator stopped successfully!
Service oraclesnmppeerencapsulator deleted successfully!
File %systemroot%\system32\ql10wnt.dll not found.
Service dwusbdnt stopped successfully!
Service dwusbdnt deleted successfully!
File %systemroot%\system32\symidsco.dll not found.
Service AppMgmt stopped successfully!
Service AppMgmt deleted successfully!
File %SystemRoot%\System32\appmgmts.dll not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_USERS\S-1-5-21-3417961138-2405943823-3877995022-1006\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_USERS\S-1-5-21-3417961138-2405943823-3877995022-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\nwiz deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\TFncKy deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\TFNF5 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\TouchED deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3417961138-2405943823-3877995022-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-3417961138-2405943823-3877995022-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\gob.es\agenciatributaria\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{67bc6ff0-5e3b-11dd-9b67-000e355fbfa7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67bc6ff0-5e3b-11dd-9b67-000e355fbfa7}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{67bc6ff0-5e3b-11dd-9b67-000e355fbfa7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67bc6ff0-5e3b-11dd-9b67-000e355fbfa7}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9edca040-50b5-11e1-9f50-000e355fbfa7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9edca040-50b5-11e1-9f50-000e355fbfa7}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9edca040-50b5-11e1-9f50-000e355fbfa7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9edca040-50b5-11e1-9f50-000e355fbfa7}\ not found.
File C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Toshiba Places.html not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c19fe0f0-d3a2-11db-9ae4-000e355fbfa7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c19fe0f0-d3a2-11db-9ae4-000e355fbfa7}\ not found.
File E:\setupSNK.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c79b5ca0-60a8-11dd-9b6c-000e355fbfa7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c79b5ca0-60a8-11dd-9b6c-000e355fbfa7}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c79b5ca0-60a8-11dd-9b6c-000e355fbfa7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c79b5ca0-60a8-11dd-9b6c-000e355fbfa7}\ not found.
File E:\AutoRun.exe not found.
C:\WINDOWS\system32\dds_trash_log.cmd moved successfully.
========== FILES ==========
C:\WINDOWS\tasks\At1.job moved successfully.
C:\WINDOWS\tasks\At10.job moved successfully.
C:\WINDOWS\tasks\At11.job moved successfully.
C:\WINDOWS\tasks\At12.job moved successfully.
C:\WINDOWS\tasks\At13.job moved successfully.
C:\WINDOWS\tasks\At14.job moved successfully.
C:\WINDOWS\tasks\At15.job moved successfully.
C:\WINDOWS\tasks\At16.job moved successfully.
C:\WINDOWS\tasks\At17.job moved successfully.
C:\WINDOWS\tasks\At18.job moved successfully.
C:\WINDOWS\tasks\At19.job moved successfully.
C:\WINDOWS\tasks\At2.job moved successfully.
C:\WINDOWS\tasks\At20.job moved successfully.
C:\WINDOWS\tasks\At21.job moved successfully.
C:\WINDOWS\tasks\At22.job moved successfully.
C:\WINDOWS\tasks\At23.job moved successfully.
C:\WINDOWS\tasks\At24.job moved successfully.
C:\WINDOWS\tasks\At25.job moved successfully.
C:\WINDOWS\tasks\At26.job moved successfully.
C:\WINDOWS\tasks\At27.job moved successfully.
C:\WINDOWS\tasks\At28.job moved successfully.
C:\WINDOWS\tasks\At29.job moved successfully.
C:\WINDOWS\tasks\At3.job moved successfully.
C:\WINDOWS\tasks\At30.job moved successfully.
C:\WINDOWS\tasks\At31.job moved successfully.
C:\WINDOWS\tasks\At32.job moved successfully.
C:\WINDOWS\tasks\At33.job moved successfully.
C:\WINDOWS\tasks\At34.job moved successfully.
C:\WINDOWS\tasks\At35.job moved successfully.
C:\WINDOWS\tasks\At36.job moved successfully.
C:\WINDOWS\tasks\At37.job moved successfully.
C:\WINDOWS\tasks\At38.job moved successfully.
C:\WINDOWS\tasks\At39.job moved successfully.
C:\WINDOWS\tasks\At4.job moved successfully.
C:\WINDOWS\tasks\At40.job moved successfully.
C:\WINDOWS\tasks\At41.job moved successfully.
C:\WINDOWS\tasks\At42.job moved successfully.
C:\WINDOWS\tasks\At43.job moved successfully.
C:\WINDOWS\tasks\At44.job moved successfully.
C:\WINDOWS\tasks\At45.job moved successfully.
C:\WINDOWS\tasks\At46.job moved successfully.
C:\WINDOWS\tasks\At47.job moved successfully.
C:\WINDOWS\tasks\At48.job moved successfully.
C:\WINDOWS\tasks\At5.job moved successfully.
C:\WINDOWS\tasks\At6.job moved successfully.
C:\WINDOWS\tasks\At7.job moved successfully.
C:\WINDOWS\tasks\At8.job moved successfully.
C:\WINDOWS\tasks\At9.job moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrador
->Temp folder emptied: 21723 bytes
->Temporary Internet Files folder emptied: 370939 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 11027078 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 146133227 bytes
->Flash cache emptied: 5700 bytes

User: Paula
->Temp folder emptied: 64467174 bytes
->Temporary Internet Files folder emptied: 26389522 bytes
->Java cache emptied: 521077 bytes
->Google Chrome cache emptied: 6587289 bytes
->Flash cache emptied: 2110810 bytes

User: Propietario

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 560200 bytes
%systemroot%\System32 .tmp files removed: 2909 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 822894 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 247,00 mb


[EMPTYJAVA]

User: Administrador

User: All Users

User: Default User

User: LocalService

User: NetworkService

User: Paula
->Java cache emptied: 0 bytes

User: Propietario

Total Java Files Cleaned = 0,00 mb


[EMPTYFLASH]

User: Administrador

User: All Users

User: Default User

User: LocalService

User: NetworkService
->Flash cache emptied: 0 bytes

User: Paula
->Flash cache emptied: 0 bytes

User: Propietario

Total Flash Files Cleaned = 0,00 mb


OTL by OldTimer - Version 3.2.39.1 log created on 03212012_070103

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
 
OTL Scan output:

OTL logfile created on: 21/03/2012 7:31:32 - Run 2
OTL by OldTimer - Version 3.2.39.1 Folder = C:\Nueva carpeta
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C0A | Country: España | Language: ESN | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 1,51 Gb Available Physical Memory | 75,57% Memory free
2,60 Gb Paging File | 2,29 Gb Available in Paging File | 88,01% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Archivos de programa
Drive C: | 55,89 Gb Total Space | 19,96 Gb Free Space | 35,71% Space Free | Partition Type: NTFS
Drive E: | 1,83 Gb Total Space | 1,83 Gb Free Space | 100,00% Space Free | Partition Type: FAT

Computer Name: TOSHIBA | User Name: Paula | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/20 23:00:28 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Nueva carpeta\OTL.exe
PRC - [2011/10/23 01:15:52 | 000,086,016 | ---- | M] (alch) -- C:\Archivos de programa\ClamWin\bin\ClamTray.exe
PRC - [2011/05/25 13:06:20 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Archivos de programa\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/02/25 20:02:54 | 000,072,704 | ---- | M] (Autodesk) -- C:\Archivos de programa\Archivos comunes\Autodesk Shared\Service\AdskScSrv.exe
PRC - [2007/06/13 14:22:28 | 001,035,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/09/29 12:48:06 | 000,065,536 | ---- | M] () -- C:\Archivos de programa\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
PRC - [2003/12/16 16:41:40 | 000,122,880 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\RegSrvc.exe
PRC - [2003/12/02 17:05:54 | 000,028,672 | ---- | M] (TOSHIBA CORPORATION) -- C:\Archivos de programa\Toshiba\ConfigFree\CFSvcs.exe
PRC - [2003/10/02 13:09:36 | 000,266,240 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSMain.exe
PRC - [2003/10/02 13:09:22 | 000,040,960 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSBattM.exe
PRC - [2003/09/15 15:33:22 | 000,065,536 | ---- | M] (TOSHIBA) -- C:\Archivos de programa\Toshiba\TOSCDSPD\TOSCDSPD.exe
PRC - [2001/04/06 23:24:54 | 000,032,256 | ---- | M] (C-Dilla Ltd) -- C:\WINDOWS\system32\drivers\CDANTSRV.EXE


========== Modules (No Company Name) ==========

MOD - [2009/02/27 18:35:50 | 000,311,296 | ---- | M] () -- C:\Archivos de programa\Archivos comunes\Adobe\Acrobat\ActiveX\pdfshell.ESP
MOD - [2008/06/20 18:41:07 | 000,248,320 | ---- | M] () -- \\?\globalroot\systemroot\system32\mswsock.dll
MOD - [2008/06/20 18:41:07 | 000,248,320 | ---- | M] () -- \\.\globalroot\systemroot\system32\mswsock.dll
MOD - [2008/04/19 17:35:02 | 000,081,920 | ---- | M] () -- C:\Archivos de programa\ClamWin\bin\ExpShell.dll
MOD - [2006/09/29 12:48:06 | 000,065,536 | ---- | M] () -- C:\Archivos de programa\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
MOD - [2005/02/08 17:23:10 | 000,979,005 | ---- | M] () -- C:\Archivos de programa\ClamWin\bin\python23.dll
MOD - [2004/11/20 03:27:54 | 000,106,496 | ---- | M] () -- C:\Archivos de programa\ClamWin\lib\shell.pyd
MOD - [2004/11/20 03:27:54 | 000,086,016 | ---- | M] () -- C:\Archivos de programa\ClamWin\lib\win32gui.pyd
MOD - [2004/11/20 03:27:54 | 000,077,824 | ---- | M] () -- C:\Archivos de programa\ClamWin\lib\win32file.pyd
MOD - [2004/11/20 03:27:54 | 000,069,632 | ---- | M] () -- C:\Archivos de programa\ClamWin\lib\win32api.pyd
MOD - [2004/11/20 03:27:54 | 000,065,536 | ---- | M] () -- C:\Archivos de programa\ClamWin\lib\win32security.pyd
MOD - [2004/11/20 03:27:54 | 000,036,864 | ---- | M] () -- C:\Archivos de programa\ClamWin\lib\win32process.pyd
MOD - [2004/11/20 03:27:54 | 000,024,576 | ---- | M] () -- C:\Archivos de programa\ClamWin\lib\win32pipe.pyd
MOD - [2004/11/20 03:27:54 | 000,024,576 | ---- | M] () -- C:\Archivos de programa\ClamWin\lib\win32event.pyd
MOD - [2004/10/11 20:22:18 | 000,315,392 | ---- | M] () -- C:\Archivos de programa\ClamWin\lib\pythoncom23.dll
MOD - [2004/10/11 20:21:26 | 000,094,208 | ---- | M] () -- C:\Archivos de programa\ClamWin\lib\pywintypes23.dll
MOD - [2004/05/25 21:20:30 | 000,036,864 | ---- | M] () -- C:\Archivos de programa\ClamWin\lib\_winreg.pyd
MOD - [2004/05/25 21:19:32 | 000,045,117 | ---- | M] () -- C:\Archivos de programa\ClamWin\lib\datetime.pyd
MOD - [2004/05/25 21:18:42 | 000,495,616 | ---- | M] () -- C:\Archivos de programa\ClamWin\lib\_ssl.pyd
MOD - [2004/05/25 21:18:28 | 000,057,401 | ---- | M] () -- C:\Archivos de programa\ClamWin\lib\_sre.pyd
MOD - [2004/05/25 21:18:20 | 000,049,212 | ---- | M] () -- C:\Archivos de programa\ClamWin\lib\_socket.pyd
MOD - [2004/05/25 21:17:14 | 000,622,651 | ---- | M] () -- C:\Archivos de programa\ClamWin\lib\_bsddb.pyd
MOD - [2004/01/15 14:45:22 | 000,061,440 | ---- | M] () -- C:\Archivos de programa\ClamWin\lib\_ctypes.pyd
MOD - [2003/10/01 13:40:00 | 002,240,512 | ---- | M] () -- C:\Archivos de programa\ClamWin\lib\wxc.pyd
MOD - [2003/10/01 11:43:02 | 003,239,936 | ---- | M] () -- C:\Archivos de programa\ClamWin\lib\wxmsw24h.dll
MOD - [2003/08/10 09:14:40 | 000,061,440 | ---- | M] () -- C:\Archivos de programa\ClamWin\lib\mxDateTime.pyd
MOD - [2003/05/15 14:43:24 | 000,119,808 | ---- | M] () -- C:\Archivos de programa\WinRAR\RarExt.dll
MOD - [1998/09/25 09:56:00 | 000,033,384 | ---- | M] () -- C:\WINDOWS\system32\HPFiop14.dll
MOD - [1998/09/25 09:55:42 | 000,137,232 | ---- | M] () -- C:\WINDOWS\system32\HPFmlc14.dll
MOD - [1998/09/25 09:55:36 | 000,057,240 | ---- | M] () -- C:\WINDOWS\system32\HPFmem14.dll
MOD - [1998/09/25 09:55:30 | 000,048,292 | ---- | M] () -- C:\WINDOWS\system32\HPFlpm14.dll
MOD - [1998/09/25 09:55:20 | 000,072,368 | ---- | M] () -- C:\WINDOWS\system32\HPFcom14.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/05/25 13:06:20 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/02/25 20:02:54 | 000,072,704 | ---- | M] (Autodesk) [Auto | Running] -- C:\Archivos de programa\Archivos comunes\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2006/09/29 12:48:06 | 000,065,536 | ---- | M] () [Auto | Running] -- C:\Archivos de programa\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe -- (mi-raysat_3dsmax9_32) mental ray 3.5 Satellite (32-bit)
SRV - [2004/08/19 23:43:11 | 000,005,632 | ---- | M] (Oak Technology Inc.) [Auto | Running] -- C:\WINDOWS\system32\vgasave.dll -- (btwdins)
SRV - [2004/08/11 00:46:56 | 000,483,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Archivos de programa\Windows Media Connect\mswmccds.exe -- (WmcCds) Windows Media Connect (WMC)
SRV - [2004/08/10 21:50:42 | 000,028,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Archivos de programa\Windows Media Connect\mswmcls.exe -- (WmcCdsLs) Aplicación auxiliar de Windows Media Connect (WMC)
SRV - [2003/12/16 16:42:32 | 000,311,363 | ---- | M] (Intel Corporation ) [Auto | Stopped] -- C:\WINDOWS\system32\S24EvMon.exe -- (S24EventMonitor)
SRV - [2003/12/16 16:41:40 | 000,122,880 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\WINDOWS\system32\RegSrvc.exe -- (RegSrvc)
SRV - [2003/12/02 17:05:54 | 000,028,672 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Archivos de programa\Toshiba\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2003/07/28 20:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Archivos de programa\Archivos comunes\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2001/04/06 23:24:54 | 000,032,256 | ---- | M] (C-Dilla Ltd) [Auto | Running] -- C:\WINDOWS\system32\drivers\CDANTSRV.EXE -- (C-DillaSrv)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\DRIVERS\SynTP.sys -- (SynTP)
DRV - File not found [Kernel | Auto | Stopped] -- System32\DRIVERS\s24trans.sys -- (s24trans)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\DRIVERS\tossdpci.sys -- (pciSd)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | Auto | Stopped] -- System32\DRIVERS\mdc8021x.sys -- (MDC8021X) AEGIS Protocol (IEEE 802.1x)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbmdm.sys -- (hwdatacard)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewdcsc.sys -- (Huawei)
DRV - File not found [Kernel | System | Stopped] -- -- (FD)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Paula\CONFIG~1\Temp\catchme.sys -- (catchme)
DRV - [2012/03/05 08:59:02 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF) WinPcap Packet Driver (NPF)
DRV - [2011/02/11 01:34:28 | 000,987,904 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8192cu.sys -- (RTL8192cu)
DRV - [2006/11/10 14:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2004/03/02 17:37:50 | 000,125,184 | ---- | M] (Ahead Software AG) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\imagesrv.sys -- (imagesrv)
DRV - [2004/03/02 17:37:48 | 000,005,504 | ---- | M] (Ahead Software AG) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\imagedrv.sys -- (imagedrv)
DRV - [2004/01/02 02:52:34 | 001,646,720 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w22n51.sys -- (w22n51) Controlador Intel(R)
DRV - [2003/12/05 02:50:28 | 000,979,840 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w70n51.sys -- (w70n51) Controlador Intel(R)
DRV - [2003/08/07 14:52:00 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\TVALZ.SYS -- (TVALZ)
DRV - [2003/07/17 17:19:32 | 000,230,416 | R--- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\stac97.sys -- (STAC97) Audio Driver (WDM)
DRV - [2003/05/14 16:38:32 | 000,025,888 | R--- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tsdhd.sys -- (tsdhd)
DRV - [2003/01/29 14:35:00 | 000,012,032 | ---- | M] (TOSHIBA Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Netdevio.sys -- (Netdevio)
DRV - [2002/11/20 13:53:14 | 000,033,664 | R--- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gv3.sys -- (gv3)
DRV - [2002/09/17 15:12:38 | 000,809,872 | R--- | M] (LT) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LTSM.sys -- (TOSHIBASoftModem)
DRV - [2001/09/11 10:54:32 | 000,038,425 | R--- | M] (SMC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)
DRV - [1998/09/25 09:54:28 | 000,052,800 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HPFecp14.sys -- (HPFECP14)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.es/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GPEA_esES339
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Archivos de programa\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Archivos de programa\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Archivos de programa\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Archivos de programa\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Archivos de programa\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Archivos de programa\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Archivos de programa\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)



========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Archivos de programa\Google\Chrome\Application\16.0.912.75\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Archivos de programa\Google\Chrome\Application\16.0.912.75\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Archivos de programa\Google\Chrome\Application\16.0.912.75\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Archivos de programa\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.200.2 (Enabled) = C:\Archivos de programa\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U20 (Enabled) = C:\Archivos de programa\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Archivos de programa\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Archivos de programa\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Archivos de programa\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Archivos de programa\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Archivos de programa\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Archivos de programa\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Archivos de programa\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Archivos de programa\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Archivos de programa\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Archivos de programa\Windows Media Player\npdsplay.dll
CHR - plugin: Google Updater (Enabled) = C:\Archivos de programa\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
CHR - plugin: Google Update (Enabled) = C:\Archivos de programa\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Archivos de programa\Viewpoint\Viewpoint Media Player\npViewpoint.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Archivos de programa\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2012/03/05 09:00:00 | 000,000,761 | RHS- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Aplicación auxiliar de vínculos de Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Archivos comunes\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Archivos de programa\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Archivos de programa\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Archivos de programa\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Archivos de programa\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Archivos de programa\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Archivos de programa\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Archivos de programa\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [ClamWin] C:\Archivos de programa\ClamWin\bin\ClamTray.exe (alch)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PRONoMgr.exe] c:\Archivos de programa\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe (Intel(R) Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Archivos de programa\Java\jre6\bin\jusched.exe" File not found
O4 - HKLM..\Run: [SynTPLpr] C:\Archivos de programa\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TPSMain] C:\WINDOWS\System32\TPSMain.exe (TOSHIBA Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Archivos de programa\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [TOSCDSPD] C:\Archivos de programa\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Archivos de programa\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Archivos de programa\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Archivos de programa\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Archivos de programa\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Archivos de programa\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Archivos de programa\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Archivos de programa\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Archivos de programa\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Archivos de programa\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Archivos de programa\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Archivos de programa\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Archivos de programa\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Archivos de programa\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Archivos de programa\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Archivos de programa\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Archivos de programa\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Archivos de programa\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Archivos de programa\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Archivos de programa\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Archivos de programa\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Archivos de programa\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Archivos de programa\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Archivos de programa\Bonjour\mdnsNSP.dll File not found
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{133FA5E4-7B7B-486E-A4F7-361C7D6D6924}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\Sebring: DllName - (c:\WINDOWS\System32\LgNotify.dll) - C:\WINDOWS\system32\LgNotify.dll (Intel Corporation)
O24 - Desktop Components:0 (Mi página de inicio actual) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Paula\Configuración local\Datos de programa\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Paula\Configuración local\Datos de programa\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003/10/13 08:34:10 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/21 07:01:04 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/03/16 07:46:47 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012/03/15 07:32:24 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/03/15 07:29:31 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/03/15 07:29:31 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/03/15 07:29:31 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/03/15 07:29:31 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/03/15 07:29:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/03/15 07:29:07 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/03/15 07:28:13 | 004,436,007 | R--- | C] (Swearware) -- C:\Documents and Settings\Paula\Escritorio\ComboFix.exe
[2012/03/13 23:03:52 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/03/13 23:01:17 | 002,063,920 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Paula\Escritorio\TDSSKiller.exe
[2012/03/12 23:32:27 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Paula\Menú Inicio\Programas\Herramientas administrativas
[2012/03/12 22:51:07 | 000,000,000 | ---D | C] -- C:\Nueva carpeta (2)
[2012/03/12 22:33:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paula\Datos de programa\Malwarebytes
[2012/03/12 22:32:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menú Inicio\Programas\Malwarebytes' Anti-Malware
[2012/03/12 22:32:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Datos de programa\Malwarebytes
[2012/03/12 22:32:42 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/03/12 22:32:42 | 000,000,000 | ---D | C] -- C:\Archivos de programa\Malwarebytes' Anti-Malware
[2012/03/10 11:06:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menú Inicio\Programas\Spybot - Search & Destroy
[2012/03/10 11:06:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Datos de programa\Spybot - Search & Destroy
[2012/03/10 11:06:09 | 000,000,000 | ---D | C] -- C:\Archivos de programa\Spybot - Search & Destroy
[2012/03/10 10:46:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Datos de programa\Windows Genuine Advantage
[2012/03/09 20:09:27 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0
[2012/03/05 09:13:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Datos de programa\Google
[2012/03/05 08:59:02 | 000,281,104 | ---- | C] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\wpcap.dll
[2012/03/05 08:59:02 | 000,100,880 | ---- | C] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\Packet.dll
[2012/03/05 08:59:02 | 000,050,704 | ---- | C] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\drivers\npf.sys
[2012/03/03 20:49:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Datos de programa\Macromedia
[2012/03/03 20:49:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Datos de programa\Adobe
[2012/03/03 20:39:59 | 000,000,000 | ---D | C] -- C:\Program Files
[2012/03/02 12:04:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menú Inicio\Programas\Microsoft Silverlight
[2012/03/02 12:04:42 | 000,000,000 | ---D | C] -- C:\Archivos de programa\Microsoft Silverlight

========== Files - Modified Within 30 Days ==========

[2012/03/21 07:25:31 | 000,001,098 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/21 07:25:06 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/03/21 07:01:12 | 000,505,254 | ---- | M] () -- C:\WINDOWS\System32\perfh00A.dat
[2012/03/21 07:01:12 | 000,441,458 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/03/21 07:01:12 | 000,090,812 | ---- | M] () -- C:\WINDOWS\System32\perfc00A.dat
[2012/03/21 07:01:11 | 000,071,394 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/03/19 23:04:37 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/03/16 08:39:13 | 000,001,102 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/15 07:32:33 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/03/15 07:19:01 | 004,436,007 | R--- | M] (Swearware) -- C:\Documents and Settings\Paula\Escritorio\ComboFix.exe
[2012/03/14 07:26:14 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/03/12 22:46:10 | 000,001,876 | ---- | M] () -- C:\Documents and Settings\All Users\Escritorio\Google Chrome.lnk
[2012/03/12 22:32:44 | 000,000,833 | ---- | M] () -- C:\Documents and Settings\All Users\Escritorio\Malwarebytes Anti-Malware.lnk
[2012/03/10 11:06:18 | 000,000,982 | ---- | M] () -- C:\Documents and Settings\Paula\Escritorio\Spybot - Search & Destroy.lnk
[2012/03/09 17:12:06 | 002,063,920 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Paula\Escritorio\TDSSKiller.exe
[2012/03/05 08:59:02 | 000,281,104 | ---- | M] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\wpcap.dll
[2012/03/05 08:59:02 | 000,100,880 | ---- | M] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\Packet.dll
[2012/03/05 08:59:02 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\drivers\npf.sys
[2012/02/28 12:01:01 | 000,000,298 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/02/22 20:18:13 | 000,062,976 | ---- | M] () -- C:\Documents and Settings\Paula\Configuración local\Datos de programa\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== Files Created - No Company Name ==========

[2012/03/15 07:32:33 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012/03/15 07:32:28 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/03/15 07:29:31 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/03/15 07:29:31 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/03/15 07:29:31 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/03/15 07:29:31 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/03/15 07:29:31 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/03/12 22:32:44 | 000,000,833 | ---- | C] () -- C:\Documents and Settings\All Users\Escritorio\Malwarebytes Anti-Malware.lnk
[2012/03/10 11:06:18 | 000,000,982 | ---- | C] () -- C:\Documents and Settings\Paula\Escritorio\Spybot - Search & Destroy.lnk
[2012/03/03 20:49:27 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/01/26 20:36:38 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2011/12/21 20:05:06 | 000,038,668 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/05/22 11:36:44 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\adedinet.dll
[2010/06/27 10:13:11 | 000,010,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS

========== LOP Check ==========

[2009/02/25 19:59:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\Autodesk
[2009/06/06 12:01:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\EPSON
[2009/06/06 12:08:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\UDL
[2004/12/23 21:31:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\Viewpoint
[2011/08/27 18:57:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/02/02 11:49:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paula\Datos de programa\Autodesk
[2010/12/17 20:26:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paula\Datos de programa\EPSON
[2008/10/31 10:26:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paula\Datos de programa\ICAClient
[2009/02/08 17:59:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paula\Datos de programa\InterVideo
[2008/07/30 14:31:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paula\Datos de programa\Telefónica Móviles

========== Purity Check ==========



< End of report >
 
Regarding some entries in the Registry from previous logs (not these ones), some of them ending in "iiiiii", or such names, I did those changes, before talking to you on this thread. I was trying to remove useless processs at the Run section of the registry, and before removing lines, I renamed them to check that the change was not important to the system. I forgot to remove afterwards the lines, so they have been kept in the registry till now. Just for you to know.

I will be out till Sunday evening, so i will not be able to do any more tries to the computer. Broni, if you do not mind, the next steps you tell me, I will apply them on Sunday, so you will get the logs on that day.

Broni, thank you very much for your help!!
 
OK, thank you. Copy back it here.

You suggested me to retry ComboFix again.

It did not work properly, as the previous one: I did the first way, following your instructions. Combofix created the recovery point properly, and ran for a while. Then it showed a message saying that it had detected a RootKit.ZeroAccess in the TCP/IP stack. I pressed ok, and everything hang: no activity in HD, nothing. Waited for a very long time (30m at least), but nothing, no HD activity.

After restart, I did ran the program again, but in safe mode. This time kept working for a while after the RootKit.ZeroAccess message, it showed another simple message" Rootkit Detected", pressed again ok, and the system hang the same way as before, same behaviour.

I did not tryied RKill, since you said I had to do one of the two options, and as I understand, RKill permits ComboFix running. But my problems is that it runs, but a certain point, halts.
 
Re-run OTL.

Use the following settings:

  • Click the NONE button
  • Under Custom Scans/Fixes paste:
Code:
/md5start
mrxsmb.sys
netbt.sys
/md5stop
  • Finally hit Run Scan and wait for the log to open.
  • Please post the content of the log into your next reply.
 
Output from OTL:

OTL logfile created on: 29/03/2012 23:10:53 - Run 3
OTL by OldTimer - Version 3.2.39.1 Folder = C:\Nueva carpeta
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C0A | Country: España | Language: ESN | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 1,59 Gb Available Physical Memory | 79,61% Memory free
2,60 Gb Paging File | 2,37 Gb Available in Paging File | 91,08% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Archivos de programa
Drive C: | 55,89 Gb Total Space | 19,91 Gb Free Space | 35,62% Space Free | Partition Type: NTFS

Computer Name: TOSHIBA | User Name: Paula | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

========== Custom Scans ==========

< MD5 for: MRXSMB.SYS >
[2002/09/10 22:00:00 | 010,180,710 | ---- | M] () .cab file -- C:\I386\sp1.cab:mrxsmb.sys
[2002/09/10 22:00:00 | 010,180,710 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:mrxsmb.sys
[2004/12/22 21:37:30 | 022,285,982 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:mrxsmb.sys
[2004/12/22 21:37:30 | 022,285,982 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:mrxsmb.sys
[2006/05/05 11:41:45 | 000,453,120 | ---- | M] (Microsoft Corporation) MD5=025AF03CE51645C62F3B6907A7E2BE5E -- C:\WINDOWS\$NtUninstallKB957097$\mrxsmb.sys
[2004/08/04 08:15:16 | 000,451,456 | ---- | M] (Microsoft Corporation) MD5=1FD607FC67F7F7C633C3DA65BFC53D18 -- C:\WINDOWS\$NtUninstallKB885835$\mrxsmb.sys
[2004/08/04 08:15:16 | 000,451,456 | ---- | M] (Microsoft Corporation) MD5=1FD607FC67F7F7C633C3DA65BFC53D18 -- C:\WINDOWS\ServicePackFiles\i386\mrxsmb.sys
[2009/12/04 15:37:07 | 000,456,832 | ---- | M] (Microsoft Corporation) MD5=31422F271B5F3E257339541E76569A00 -- C:\WINDOWS\$hf_mig$\KB978251\SP2QFE\mrxsmb.sys
[2010/02/24 14:48:23 | 000,457,216 | ---- | M] (Microsoft Corporation) MD5=3500E756812E716351F2D341AE1D5623 -- C:\WINDOWS\$hf_mig$\KB980232\SP2QFE\mrxsmb.sys
[2009/12/04 20:22:22 | 000,455,424 | ---- | M] (Microsoft Corporation) MD5=421F7B922CEC5A5F340E7574A98F7B7C -- C:\WINDOWS\$hf_mig$\KB978251\SP3GDR\mrxsmb.sys
[2005/01/19 06:26:52 | 000,451,584 | ---- | M] (Microsoft Corporation) MD5=5DDC9A1B2EB5A4BF010CE8C019A18C1F -- C:\WINDOWS\$NtUninstallKB914389$\mrxsmb.sys
[2009/12/04 19:25:56 | 000,456,832 | ---- | M] (Microsoft Corporation) MD5=602549D1E8A622E5746991F6C56B21CA -- C:\WINDOWS\$hf_mig$\KB978251\SP3QFE\mrxsmb.sys
[2008/10/24 13:21:09 | 000,455,296 | ---- | M] (Microsoft Corporation) MD5=60AE98742484E7AB80C3C1450E708148 -- C:\WINDOWS\$hf_mig$\KB957097\SP3GDR\mrxsmb.sys
[2008/04/13 21:17:01 | 000,456,576 | ---- | M] (Microsoft Corporation) MD5=68755F0FF16070178B54674FE5B847B0 -- C:\WINDOWS\SoftwareDistribution\Download\2aeaf54e7e4b5f583622470fe7c5fdef\mrxsmb.sys
[2008/10/24 13:10:42 | 000,453,632 | ---- | M] (Microsoft Corporation) MD5=6F2D483B97B395544E59749C47963C6A -- C:\WINDOWS\$NtUninstallKB978251$\mrxsmb.sys
[2008/10/24 13:41:11 | 000,455,936 | ---- | M] (Microsoft Corporation) MD5=7170AB42B51954DEF2781A4D1CCE65F4 -- C:\WINDOWS\$hf_mig$\KB957097\SP3QFE\mrxsmb.sys
[2006/05/05 12:16:39 | 000,454,400 | ---- | M] (Microsoft Corporation) MD5=7412CE77C6FD823F8889B4DF420C680B -- C:\WINDOWS\$hf_mig$\KB914389\SP2QFE\mrxsmb.sys
[2002/09/10 22:00:00 | 000,407,552 | ---- | M] (Microsoft Corporation) MD5=7A3A2BE44E12E2ABDE1AF891E83AC130 -- C:\WINDOWS\$NtUninstallQ810577$\mrxsmb.sys
[2005/01/19 05:51:57 | 000,451,584 | ---- | M] (Microsoft Corporation) MD5=7B195060FF456FA65954C72C5C1640FF -- C:\WINDOWS\$hf_mig$\KB885250\SP2QFE\mrxsmb.sys
[2004/10/28 03:15:16 | 000,448,128 | ---- | M] (Microsoft Corporation) MD5=A1BE3CB080DCC0A8270D21E3CA3B7005 -- C:\WINDOWS\$hf_mig$\KB885835\SP2QFE\mrxsmb.sys
[2004/10/28 03:14:18 | 000,448,128 | ---- | M] (Microsoft Corporation) MD5=C9D17DAA82B917CF2FD6E4F595974934 -- C:\WINDOWS\$hf_mig$\KB885835\SP2GDR\mrxsmb.sys
[2004/10/28 03:14:18 | 000,448,128 | ---- | M] (Microsoft Corporation) MD5=C9D17DAA82B917CF2FD6E4F595974934 -- C:\WINDOWS\$NtUninstallKB885250$\mrxsmb.sys
[2008/10/24 13:25:29 | 000,455,936 | ---- | M] (Microsoft Corporation) MD5=D07DA410091143336DAE419A921AAE2B -- C:\WINDOWS\$hf_mig$\KB957097\SP2QFE\mrxsmb.sys
[2010/02/24 13:57:57 | 000,457,216 | ---- | M] (Microsoft Corporation) MD5=D09B9F0B9960DD41E73127B7814C115F -- C:\WINDOWS\$hf_mig$\KB980232\SP3QFE\mrxsmb.sys
[2002/11/18 11:27:40 | 000,392,576 | ---- | M] (Microsoft Corporation) MD5=D4BD5EF775AD4FB0B8E3786F674DABDD -- C:\WINDOWS\$NtUninstallKB885835_0$\mrxsmb.sys
[2004/10/12 18:22:52 | 000,436,608 | ---- | M] (Microsoft Corporation) MD5=E5D956E9839C75CCABDDEDC07E17670C -- C:\WINDOWS\$NtServicePackUninstall$\mrxsmb.sys
[2010/02/24 15:11:07 | 000,455,680 | ---- | M] (Microsoft Corporation) MD5=F3AEFB11ABC521122B67095044169E98 -- C:\WINDOWS\$hf_mig$\KB980232\SP3GDR\mrxsmb.sys
[2009/12/04 16:41:55 | 000,453,760 | ---- | M] (Microsoft Corporation) MD5=F9692BE777822AB3F1A91C34728786DA -- C:\WINDOWS\$NtUninstallKB980232$\mrxsmb.sys
[2010/02/24 14:31:30 | 000,454,016 | ---- | M] (Microsoft Corporation) MD5=FB6C89BB3CE282B08BDB1E3C179E1C39 -- C:\WINDOWS\Driver Cache\i386\mrxsmb.sys
[2010/02/24 14:31:30 | 000,454,016 | ---- | M] (Microsoft Corporation) MD5=FB6C89BB3CE282B08BDB1E3C179E1C39 -- C:\WINDOWS\system32\dllcache\mrxsmb.sys
[2012/03/14 07:39:05 | 000,454,016 | ---- | M] (Microsoft Corporation) MD5=FB6C89BB3CE282B08BDB1E3C179E1C39 -- C:\WINDOWS\system32\drivers\mrxsmb.sys

< MD5 for: NETBT.SYS >
[2004/08/04 08:14:37 | 000,162,816 | ---- | M] (Microsoft Corporation) MD5=0C80E410CD2F47134407EE7DD19CC86B -- C:\WINDOWS\ServicePackFiles\i386\netbt.sys
[2004/08/04 08:14:37 | 000,162,816 | ---- | M] (Microsoft Corporation) MD5=0C80E410CD2F47134407EE7DD19CC86B -- C:\WINDOWS\system32\dllcache\netbt.sys
[2004/08/04 08:14:37 | 000,162,816 | ---- | M] (Microsoft Corporation) MD5=0C80E410CD2F47134407EE7DD19CC86B -- C:\WINDOWS\system32\drivers\netbt.sys
[2008/04/13 21:21:00 | 000,162,816 | ---- | M] (Microsoft Corporation) MD5=74B2B2F5BEA5E9A3DC021D685551BD3D -- C:\WINDOWS\SoftwareDistribution\Download\2aeaf54e7e4b5f583622470fe7c5fdef\netbt.sys
[2002/09/10 22:00:00 | 000,157,056 | ---- | M] (Microsoft Corporation) MD5=D96F3BC5A6E7452B0E3275B560DC8528 -- C:\WINDOWS\$NtServicePackUninstall$\netbt.sys

< End of report >
 
Back