[A] Computer stuttering with video and audio very slow after malware delete from HKEY

Inactive
By SebastianB23
Mar 22, 2012
Topic Status:
Not open for further replies.
  1. Hi,

    First and foremost, i'm not very familiar with the technicalities of computers.

    So i ran malwarebytes anti malware yesterday as an attempt to speed up my computer. Now it found 4 viruses or malware in something called HKEY......After deleting the 4 viruses, I was asked to reboot and so I did. Upon rebooting the computer took aaaages to get to the login area (I use windows xp btw). And then once finally on my desktop I decided to go to youtube. The videos and audio were stuttering like mad, it takes ages to start up whatever program I want to use and the CPU usage is thru the roof! I've looked on some forums and downloaded the Kapersky TSDt killer or whatever its called, I've tried doing a system restore but it just freezes halfway thru, i've disabled Avast shields to see if it made any difference and also nothing. There doesnt seem to be any other thread on the net really describing the same problem Im having so hopefully you can help?

    Thanks
  2. Broni

    Broni Malware Annihilator Posts: 46,433   +252

    Welcome aboard [​IMG]

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
  3. SebastianB23

    SebastianB23 Newcomer, in training Topic Starter

    Logs

    I had to run in Safe Mode because its just got worse over time to the point where it takes 15 min to open Malwarebytes for example. Hope u can help please


    Malwarebytes Anti-Malware 1.60.1.1000
    www.malwarebytes.org

    Database version: v2012.03.20.06

    Windows XP Service Pack 3 x86 NTFS (Safe Mode/Networking)
    Internet Explorer 8.0.6001.18702
    Usuario :: 87685 [administrator]

    3/23/2012 10:10:28 AM
    mbam-log-2012-03-23 (10-10-28).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 189609
    Time elapsed: 21 minute(s), 26 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)


    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2012-03-23 10:13:32
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 Maxtor_6L120P0 rev.BAJ41G20
    Running: sv7r2cjq.exe; Driver: C:\Windows\Temp\pxtdqpow.sys


    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \Driver\Tcpip \Device\Tcp AswRdr.SYS (avast! TDI Redirect Driver/AVAST Software)

    ---- EOF - GMER 1.0.15 ----

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 2/27/2012 10:37:34 AM
    System Uptime: 3/23/2012 10:06:06 AM (0 hours ago)
    .
    Motherboard: Compaq | | 073Ch
    Processor: AMD Athlon(tm) XP 1700 | U12A | 1466/133mhz
    .
    ==== Disk Partitions =========================
    .
    A: is Removable
    C: is FIXED (NTFS) - 114 GiB total, 85.001 GiB free.
    D: is CDROM ()
    E: is CDROM ()
    F: is Removable
    G: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4D36E96F-E325-11CE-BFC1-08002BE10318}
    Description: Mouse compatible PS/2
    Device ID: ACPI\PNP0F13\4&37307686&0
    Manufacturer: Microsoft
    Name: Mouse compatible PS/2
    PNP Device ID: ACPI\PNP0F13\4&37307686&0
    Service: i8042prt
    .
    Class GUID: {4D36E96B-E325-11CE-BFC1-08002BE10318}
    Description: Teclado estándar de 101/102 teclas o Microsoft Natural PS/2 Keyboard
    Device ID: ACPI\PNP0303\4&37307686&0
    Manufacturer: (Teclados estándar)
    Name: Teclado estándar de 101/102 teclas o Microsoft Natural PS/2 Keyboard
    PNP Device ID: ACPI\PNP0303\4&37307686&0
    Service: i8042prt
    .
    ==== System Restore Points ===================
    .
    RP1: 3/21/2012 10:30:02 AM - Punto de control del sistema
    RP2: 3/21/2012 10:57:24 AM - Se ha instalado %1 %2.
    RP3: 3/21/2012 11:02:27 AM - Se ha instalado Windows XP KB2492386.
    RP4: 3/21/2012 11:04:34 AM - Se ha instalado Windows XP KB2598845.
    RP5: 3/21/2012 11:06:44 AM - Se ha instalado Windows XP KB2632503.
    RP6: 3/21/2012 12:03:06 PM - Operación de restauración
    RP7: 3/21/2012 12:48:26 PM - Operación de restauración
    RP8: 3/21/2012 5:18:57 PM - Se ha instalado Windows XP KB2492386.
    RP9: 3/21/2012 5:20:11 PM - Se ha instalado Windows XP KB2632503.
    RP10: 3/21/2012 8:27:05 PM - Software Distribution Service 3.0
    .
    ==== Installed Programs ======================
    .
    Actualización de seguridad para el Reproductor de Windows Media (KB2378111)
    Actualización de seguridad para el Reproductor de Windows Media (KB975558)
    Actualización de seguridad para Microsoft Windows (KB2564958)
    Actualización de seguridad para Windows Internet Explorer 8 (KB2510531)
    Actualización de seguridad para Windows Internet Explorer 8 (KB2647516)
    Actualización de seguridad para Windows XP (KB2296011)
    Actualización de seguridad para Windows XP (KB2347290)
    Actualización de seguridad para Windows XP (KB2360937)
    Actualización de seguridad para Windows XP (KB2387149)
    Actualización de seguridad para Windows XP (KB2393802)
    Actualización de seguridad para Windows XP (KB2412687)
    Actualización de seguridad para Windows XP (KB2419632)
    Actualización de seguridad para Windows XP (KB2423089)
    Actualización de seguridad para Windows XP (KB2440591)
    Actualización de seguridad para Windows XP (KB2476490)
    Actualización de seguridad para Windows XP (KB2478960)
    Actualización de seguridad para Windows XP (KB2478971)
    Actualización de seguridad para Windows XP (KB2479943)
    Actualización de seguridad para Windows XP (KB2483185)
    Actualización de seguridad para Windows XP (KB2485663)
    Actualización de seguridad para Windows XP (KB2506212)
    Actualización de seguridad para Windows XP (KB2507618)
    Actualización de seguridad para Windows XP (KB2507938)
    Actualización de seguridad para Windows XP (KB2508429)
    Actualización de seguridad para Windows XP (KB2509553)
    Actualización de seguridad para Windows XP (KB2535512)
    Actualización de seguridad para Windows XP (KB2536276-v2)
    Actualización de seguridad para Windows XP (KB2544893-v2)
    Actualización de seguridad para Windows XP (KB2566454)
    Actualización de seguridad para Windows XP (KB2570222)
    Actualización de seguridad para Windows XP (KB2570947)
    Actualización de seguridad para Windows XP (KB2585542)
    Actualización de seguridad para Windows XP (KB2592799)
    Actualización de seguridad para Windows XP (KB2598479)
    Actualización de seguridad para Windows XP (KB2603381)
    Actualización de seguridad para Windows XP (KB2618451)
    Actualización de seguridad para Windows XP (KB2619339)
    Actualización de seguridad para Windows XP (KB2620712)
    Actualización de seguridad para Windows XP (KB2621440)
    Actualización de seguridad para Windows XP (KB2624667)
    Actualización de seguridad para Windows XP (KB2631813)
    Actualización de seguridad para Windows XP (KB2633171)
    Actualización de seguridad para Windows XP (KB2641653)
    Actualización de seguridad para Windows XP (KB2646524)
    Actualización de seguridad para Windows XP (KB2647518)
    Actualización de seguridad para Windows XP (KB2660465)
    Actualización de seguridad para Windows XP (KB2661637)
    Actualización de seguridad para Windows XP (KB979687)
    Actualización de seguridad para Windows XP (KB981322)
    Actualización de seguridad para Windows XP (KB982132)
    Actualización para Windows Internet Explorer 8 (KB2598845)
    Actualización para Windows Internet Explorer 8 (KB2632503)
    Actualización para Windows XP (KB2345886)
    Actualización para Windows XP (KB2492386)
    Actualización para Windows XP (KB2641690)
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Shockwave Player 11.5
    Advanced SystemCare 5
    AiO_Scan_CDA
    AiOSoftwareNPI
    ATI Display Driver
    avast! Free Antivirus
    BufferChm
    C3100
    c3100_Help
    CCleaner
    Compresor WinRAR
    CPUID CPU-Z 1.59
    Destinations
    DeviceManagementQFolder
    DocProc
    DocProcQFolder
    eSupportQFolder
    Fax_CDA
    Google Chrome
    Google Earth Plug-in
    Google Update Helper
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Windows XP (KB954550-v5)
    HP Imaging Device Functions 7.0
    HP Photosmart and Deskjet 7.0.A
    HP Photosmart Essential
    HP Software Update
    HP Solution Center 7.0
    HPPhotoSmartExpress
    HPProductAssistant
    InstantShareDevicesMFC
    IObit Toolbar v5.1
    Java(TM) 6 Update 31
    K-Lite Codec Pack 6.6.6 (Full)
    LibreOffice 3.3
    Malwarebytes Anti-Malware version 1.60.1.1000
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2656353)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Silverlight
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Mozilla Firefox (3.6.13)
    NewCopy_CDA
    OCR Software by I.R.I.S 7.0
    PanoStandAlone
    ProductContextNPI
    Readme
    Reproductor de Windows Media 11
    Revisión para Windows XP (KB2633952)
    Revisión para Windows XP (KB961118)
    Scan
    ScannerCopy
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    SolutionCenter
    SoundMAX
    SpywareBlaster 4.6
    Status
    Steam
    System Requirements Lab CYRI
    Toolbox
    TrayApp
    Unload
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Vid-Saver
    VLC media player 1.1.7
    Vuze
    Vuze Remote Toolbar
    WebReg
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Management Framework Core
    Windows Media Player Firefox Plugin
    Yontoo 1.10.02
    .
    ==== Event Viewer Messages From Past Week ========
    .
    3/20/2012 9:13:37 AM, error: Service Control Manager [7026] - El controlador de inicialización siguiente no se cargó correctamente: i8042prt
    .
    ==== End Of File ===========================


    DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_31
    Run by Usuario at 10:38:13 on 2012-03-23
    Microsoft Windows XP Professional 5.1.2600.3.1252.34.3082.18.512.116 [GMT 1:00]
    .
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\system32\svchost.exe -k netsvcs
    C:\WINDOWS\Explorer.EXE
    C:\Archivos de programa\Malwarebytes' Anti-Malware\mbam.exe
    C:\Documents and Settings\Usuario\Mis documentos\Downloads\sv7r2cjq.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.es/
    uSearch Page = google.com
    uURLSearchHooks: H - No File
    uURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\archivos de programa\vuze_remote\prxtbVuze.dll
    mWinlogon: SfcDisable=-99 (0xffffff9d)
    BHO: {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - No File
    BHO: {11111111-1111-1111-1111-110011341191} - No File
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\archivos de programa\java\jre6\bin\ssv.dll
    BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\archivos de programa\avast software\avast\aswWebRepIE.dll
    BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\archivos de programa\vuze_remote\prxtbVuze.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\archivos de programa\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\archivos de programa\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    BHO: Yontoo: {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\archivos de programa\yontoo\YontooIEClient.dll
    TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\archivos de programa\avast software\avast\aswWebRepIE.dll
    TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\archivos de programa\vuze_remote\prxtbVuze.dll
    TB: {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - No File
    uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
    uRun: [Advanced SystemCare 5] "c:\archivos de programa\iobit\advanced systemcare 5\ASCTray.exe" /AutoStart
    mRun: [avast] "c:\archivos de programa\avast software\avast\avastUI.exe" /nogui
    mRun: [Smapp] c:\archivos de programa\analog devices\soundmax\Smtray.exe
    mRun: [<NO NAME>]
    mRun: [HP Software Update] c:\archivos de programa\hp\hp software update\hpwuschd2.exe
    mRun: [SearchSettings] c:\archivos de programa\archivos comunes\spigot\search settings\searchsettings.exe
    dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
    dRunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
    StartupFolder: c:\docume~1\alluse~1\menini~1\progra~1\inicio\hpdigi~1.lnk - c:\archivos de programa\hp\digital imaging\bin\hpqtra08.exe
    uPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
    uPolicies-explorer: NoSMMyPictures = 1 (0x1)
    uPolicies-explorer: NoResolveTrack = 1 (0x1)
    mPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
    dPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
    dPolicies-explorer: NoSMHelp = 1 (0x1)
    dPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
    dPolicies-explorer: NoSMMyPictures = 1 (0x1)
    dPolicies-explorer: NoResolveTrack = 1 (0x1)
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    TCP: DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{3237274F-16A1-4659-9AAA-9F7A0CAE04F3} : DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{C24F19E1-D24E-492D-9EC8-596A970E9D41} : DhcpNameServer = 62.36.225.150 62.37.228.20
    Notify: AtiExtEvent - Ati2evxx.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R3 EN1207D;Accton EN1207D/2242A Adapter Driver;c:\windows\system32\drivers\ACC07D.sys [2012-2-27 23661]
    S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-2-27 610648]
    S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-2-27 337112]
    S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\archivos de programa\iobit\advanced systemcare 5\ASCService.exe [2012-3-21 913752]
    S2 Application Updater;Application Updater;c:\archivos de programa\application updater\ApplicationUpdater.exe [2012-3-4 748440]
    S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-2-27 20696]
    S2 avast! Antivirus;avast! Antivirus;c:\archivos de programa\avast software\avast\AvastSvc.exe [2012-2-27 44768]
    S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [2012-2-28 21992]
    S2 gupdate;Servicio de Google Update (gupdate);c:\archivos de programa\google\update\GoogleUpdate.exe [2012-2-27 136176]
    S3 gupdatem;Servicio de Google Update (gupdatem);c:\archivos de programa\google\update\GoogleUpdate.exe [2012-2-27 136176]
    S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-3-23 40776]
    S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2008-4-14 14336]
    .
    =============== Created Last 30 ================
    .
    2012-03-23 09:09:04 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2012-03-21 10:14:05 -------- d-----w- c:\windows\SxsCaPendDel
    2012-03-21 10:05:20 726528 ----a-w- c:\windows\system32\SET18E.tmp
    2012-03-21 10:03:28 6144 ------w- c:\windows\system32\dllcache\iecompat.dll
    2012-03-21 10:01:25 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
    2012-03-21 09:57:57 -------- d-----w- c:\windows\system32\winrm
    2012-03-21 09:56:51 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$
    2012-03-21 09:01:14 -------- d--h--w- c:\windows\system32\GroupPolicy
    2012-03-21 08:48:56 -------- d-----w- c:\documents and settings\usuario\datos de programa\PriceGong
    2012-03-20 17:17:43 -------- d-----w- c:\archivos de programa\Vuze
    2012-03-20 17:17:34 1071088 ----a-w- c:\windows\system32\MSCOMCTL.OCX
    2012-03-20 17:17:33 118784 ----a-w- c:\windows\system32\MSSTDFMT.DLL
    2012-03-20 17:17:30 -------- d-----w- c:\archivos de programa\SpywareBlaster
    2012-03-20 17:17:17 -------- d-----w- c:\archivos de programa\Vuze_Remote
    2012-03-14 17:23:25 274288 ----a-w- c:\windows\system32\mucltui.dll
    2012-03-14 17:23:25 17776 ----a-w- c:\windows\system32\mucltui.dll.mui
    2012-03-14 17:07:23 -------- d-----w- c:\documents and settings\usuario\datos de programa\Search Settings
    2012-03-14 17:07:13 -------- d-----w- c:\archivos de programa\Application Updater
    2012-03-14 17:07:12 -------- d-----w- c:\archivos de programa\archivos comunes\Spigot
    2012-03-14 16:14:43 21336 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
    2012-03-14 15:46:40 -------- d-----w- c:\documents and settings\all users\datos de programa\IObit
    2012-03-14 15:46:12 -------- d-----w- c:\documents and settings\usuario\datos de programa\IObit
    2012-03-14 15:45:45 -------- d-----w- c:\archivos de programa\IObit
    2012-03-14 14:43:32 -------- d-----w- c:\documents and settings\usuario\GameMaker 8.1
    2012-03-12 09:51:52 5632 ----a-w- c:\windows\system32\ptpusb.dll
    2012-03-12 09:51:39 159232 ----a-w- c:\windows\system32\ptpusd.dll
    2012-03-09 08:02:55 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-03-07 18:18:40 -------- d-----w- c:\archivos de programa\Yontoo
    2012-03-07 18:18:16 -------- d-----w- c:\documents and settings\all users\datos de programa\Tarma Installer
    2012-03-07 18:17:28 -------- d-----w- c:\documents and settings\usuario\.swt
    2012-03-07 18:16:46 -------- d-----w- c:\documents and settings\usuario\datos de programa\Azureus
    2012-03-07 18:13:58 -------- d-----w- c:\archivos de programa\Conduit
    2012-03-07 12:24:16 -------- d-----w- c:\documents and settings\usuario\datos de programa\Malwarebytes
    2012-03-07 12:23:03 -------- d-----w- c:\documents and settings\all users\datos de programa\Malwarebytes
    2012-03-07 12:23:00 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-03-07 12:23:00 -------- d-----w- c:\archivos de programa\Malwarebytes' Anti-Malware
    2012-03-03 15:22:14 -------- d-----w- c:\documents and settings\usuario\datos de programa\.minecraft
    2012-03-01 11:22:59 -------- d-----w- c:\archivos de programa\SystemRequirementsLab
    2012-03-01 11:22:38 -------- d-----w- c:\documents and settings\usuario\SystemRequirementsLab
    2012-03-01 08:22:45 -------- d-----w- c:\documents and settings\all users\Men Inicio
    2012-03-01 08:22:43 -------- d-----w- c:\archivos de programa\archivos comunes\Steam
    2012-02-28 19:08:14 -------- d-----w- c:\archivos de programa\archivos comunes\HP
    2012-02-28 19:05:18 -------- d-----w- c:\archivos de programa\archivos comunes\Hewlett-Packard
    2012-02-28 17:51:14 16496 ----a-r- c:\windows\system32\drivers\HPZipr12.sys
    2012-02-28 17:37:31 49664 ----a-r- c:\windows\system32\drivers\HPZid412.sys
    2012-02-28 16:47:05 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
    2012-02-28 16:46:32 94208 ----a-w- c:\windows\system32\HPZipt12.dll
    2012-02-28 16:46:32 57344 ----a-w- c:\windows\system32\HPZisn12.dll
    2012-02-28 16:46:31 69632 ----a-w- c:\windows\system32\HPZipm12.exe
    2012-02-28 16:46:31 65536 ----a-w- c:\windows\system32\HPZinw12.exe
    2012-02-28 16:46:31 306688 ----a-w- c:\windows\IsUninst.exe
    2012-02-28 16:46:31 278584 ----a-w- c:\windows\system32\HPZidr12.dll
    2012-02-28 16:46:31 204800 ----a-w- c:\windows\system32\HPZipr12.dll
    2012-02-28 16:45:31 -------- d-----w- c:\archivos de programa\HP
    2012-02-28 16:39:32 77824 ----a-r- c:\windows\system32\HPZIDS01.dll
    2012-02-28 16:39:29 74240 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\hpzpp054.dll
    2012-02-28 16:39:28 38400 ----a-w- c:\windows\system32\hpz3l054.dll
    2012-02-28 16:37:38 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
    2012-02-28 16:24:21 -------- d-----w- c:\documents and settings\usuario\datos de programa\LibreOffice
    2012-02-28 16:19:00 -------- d-----w- c:\archivos de programa\MSECache
    2012-02-28 10:55:38 -------- d-----w- c:\windows\system32\appmgmt
    2012-02-28 10:44:42 720896 ----a-w- c:\windows\system32\a3d.dll
    2012-02-28 10:44:42 415400 ----a-w- c:\windows\system32\drivers\smwdm.sys
    2012-02-28 10:44:42 2619 ----a-w- c:\windows\system32\drivers\sensupgd.sys
    2012-02-28 10:44:40 -------- d-----w- c:\archivos de programa\Analog Devices
    2012-02-28 10:44:39 45056 ----a-w- c:\windows\system32\DSndUp.exe
    2012-02-28 10:44:39 28672 ----a-w- c:\windows\system32\Aud2Full.exe
    2012-02-28 10:44:16 225280 ----a-w- c:\archivos de programa\archivos comunes\installshield\iscript\IScript.dll
    2012-02-28 10:44:15 176128 ----a-w- c:\archivos de programa\archivos comunes\installshield\engine\6\intel 32\iuser.dll
    2012-02-28 10:44:14 77824 ----a-w- c:\archivos de programa\archivos comunes\installshield\engine\6\intel 32\ctor.dll
    2012-02-28 10:44:14 32768 ----a-w- c:\archivos de programa\archivos comunes\installshield\engine\6\intel 32\objectps.dll
    2012-02-28 10:44:05 -------- d-----w- c:\archivos de programa\archivos comunes\InstallShield
    2012-02-28 10:43:50 -------- d-----w- C:\Compaq
    2012-02-28 10:37:21 21992 ----a-w- c:\windows\system32\drivers\cpuz135_x32.sys
    2012-02-28 10:37:19 -------- d-----w- c:\archivos de programa\CPUID
    2012-02-28 10:32:38 -------- d-----w- c:\documents and settings\usuario\datos de programa\Systweak
    2012-02-28 10:32:32 17280 ----a-w- c:\windows\system32\roboot.exe
    2012-02-28 10:20:32 -------- d-----w- c:\windows\system32\Data
    2012-02-28 10:20:29 49152 ----a-w- c:\windows\CTDCRES.DLL
    2012-02-28 10:20:29 20480 ----a-w- c:\windows\INRES.DLL
    2012-02-28 10:16:39 -------- d-----w- C:\HP
    2012-02-28 09:52:09 21504 ----a-w- c:\windows\system32\hidserv.dll
    2012-02-28 09:52:05 14720 ----a-w- c:\windows\system32\drivers\kbdhid.sys
    2012-02-28 09:52:00 12416 ----a-w- c:\windows\system32\drivers\mouhid.sys
    2012-02-28 09:51:48 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
    2012-02-28 09:51:42 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
    2012-02-27 19:57:10 610648 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2012-02-27 19:56:40 41184 ----a-w- c:\windows\avastSS.scr
    2012-02-27 19:56:07 -------- d-----w- c:\archivos de programa\AVAST Software
    2012-02-27 19:42:10 -------- d-----w- c:\documents and settings\all users\datos de programa\AVAST Software
    2012-02-27 18:20:14 4122368 ----a-w- c:\windows\system32\drivers\ALCXWDM.SYS
    2012-02-27 18:20:13 147456 ----a-w- c:\windows\system32\RTLCPAPI.dll
    2012-02-27 18:19:33 577536 ----a-w- c:\windows\SOUNDMAN.EXE
    2012-02-27 18:19:31 10528768 ----a-w- c:\windows\system32\RTLCPL.EXE
    2012-02-27 18:17:32 217088 ----a-w- c:\windows\Alcrmv.exe
    2012-02-27 18:17:14 18804736 ----a-w- c:\windows\system32\ALSNDMGR.CPL
    2012-02-27 18:16:42 23661 ----a-w- c:\windows\system32\drivers\ACC07D.sys
    2012-02-27 18:16:06 0 ----a-w- c:\windows\ativpsrm.bin
    2012-02-27 18:15:40 3565056 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
    2012-02-27 18:15:11 155648 ----a-w- c:\windows\system32\Oemdspif.dll
    2012-02-27 18:13:18 -------- d-----w- c:\windows\system32\ReinstallBackups
    2012-02-27 18:13:11 27904 ----a-w- c:\windows\system32\drivers\VIAAGP1.SYS
    2012-02-27 12:36:01 221184 ----a-w- c:\windows\system32\wmpns.dll
    2012-02-27 12:15:17 -------- d-----w- c:\windows\ie8updates
    2012-02-27 11:55:43 954368 ------w- c:\windows\system32\dllcache\mfc40.dll
    2012-02-27 11:55:43 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll
    2012-02-27 11:50:01 456320 ------w- c:\windows\system32\dllcache\mrxsmb.sys
    2012-02-27 11:45:00 617472 ------w- c:\windows\system32\dllcache\comctl32.dll
    2012-02-27 11:41:06 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys
    2012-02-27 11:10:48 -------- d-----w- c:\windows\ShellNew
    2012-02-27 11:07:48 -------- d-----w- c:\archivos de programa\LibreOffice 3
    .
    ==================== Find3M ====================
    .
    2012-03-21 08:51:52 94208 ----a-w- c:\windows\DUMPada0.tmp
    2012-02-28 19:33:08 94208 ----a-w- c:\windows\DUMP7c15.tmp
    2012-02-28 10:45:24 44 ----a-w- c:\windows\system32\msssc.dll
    2012-02-27 18:22:59 94208 ----a-w- c:\windows\DUMP569b.tmp
    2012-02-27 10:56:27 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2012-02-27 10:56:27 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2012-02-03 09:57:03 1860224 ----a-w- c:\windows\system32\win32k.sys
    2012-01-11 19:06:49 3072 ------w- c:\windows\system32\iacenc.dll
    2012-01-09 16:20:19 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    .
    ============= FINISH: 10:39:01.06 ===============
  4. Broni

    Broni Malware Annihilator Posts: 46,433   +252

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

    ==================================================================

    Download Bootkit Remover to your desktop.

    • Unzip downloaded file to your Desktop.
    • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
    • It will show a Black screen with some data on it.
    • Right click on the screen and click Select All.
    • Press CTRL+C
    • Open a Notepad and press CTRL+V
    • Post the output back here.
  5. SebastianB23

    SebastianB23 Newcomer, in training Topic Starter

    Logs

    Bootkit Remover
    (c) 2009 Esage Lab
    www.esagelab.com

    Program version: 1.2.0.1
    OS Version: Microsoft Windows XP Professional Service Pack 3 (build 2600)

    System volume is \\.\C:
    \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00
    Boot sector MD5 is: ad57b1592ca785dfcb952c0a1678d3b1

    Size Device Name MBR Status
    --------------------------------------------
    114 GB \\.\PhysicalDrive0 Unknown boot code

    Unknown boot code has been found on some of your physical disks.
    To inspect the boot code manually, dump the master boot sector:
    remover.exe dump <device_name> [output_file]
    To disinfect the master boot sector, use the following command:
    remover.exe fix <device_name>


    Done;
    Press any key to quit...


    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-03-27 09:45:35
    -----------------------------
    09:45:35.859 OS Version: Windows 5.1.2600 Service Pack 3
    09:45:35.859 Number of processors: 1 586 0x602
    09:45:35.859 ComputerName: 87685 UserName:
    09:45:43.734 Initialze error C000010E - driver not loaded
    09:45:43.875 AVAST engine defs: 12032602
    09:46:27.000 Service scanning
    09:48:35.812 Modules scanning
    09:48:35.859 Disk 0 trace - called modules:
    09:48:35.859
    09:48:43.187 AVAST engine scan C:\WINDOWS
    09:48:55.156 AVAST engine scan C:\WINDOWS\system32
    10:05:47.078 AVAST engine scan C:\WINDOWS\system32\drivers
    10:06:16.843 AVAST engine scan C:\Documents and Settings\Usuario
    10:20:31.078 AVAST engine scan C:\Documents and Settings\All Users
    10:20:40.187 Scan finished successfully
    10:21:01.515 The log file has been saved successfully to "C:\Documents and Settings\Usuario\Escritorio\aswMBR.txt"
  6. Broni

    Broni Malware Annihilator Posts: 46,433   +252

    aswMBR didn't complete its scan.
    Re-run it and be more patient.
    Let it finish.
  7. SebastianB23

    SebastianB23 Newcomer, in training Topic Starter

    Log aswmbr

    Sorry about that. See log below



    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-03-28 11:53:03
    -----------------------------
    11:53:03.187 OS Version: Windows 5.1.2600 Service Pack 3
    11:53:03.187 Number of processors: 1 586 0x602
    11:53:03.187 ComputerName: 87685 UserName:
    11:53:07.031 Initialize success
    11:53:10.359 AVAST engine defs: 12032800
    11:53:38.671 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
    11:53:38.671 Disk 0 Vendor: Maxtor_6L120P0 BAJ41G20 Size: 117245MB BusType: 3
    11:53:38.750 Disk 0 MBR read successfully
    11:53:38.750 Disk 0 MBR scan
    11:53:39.062 Disk 0 Windows XP default MBR code
    11:53:39.078 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 117231 MB offset 63
    11:53:39.156 Disk 0 scanning sectors +240090480
    11:53:39.500 Disk 0 scanning C:\WINDOWS\system32\drivers
    11:54:39.859 Service scanning
    11:55:24.140 Modules scanning
    11:55:53.468 Disk 0 trace - called modules:
    11:55:53.546 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll videX32.sys
    11:55:53.562 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x823d0ab8]
    11:55:53.921 3 CLASSPNP.SYS[f8575fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x82397d98]
    11:56:00.531 AVAST engine scan C:\WINDOWS
    11:56:19.171 AVAST engine scan C:\WINDOWS\system32
    12:06:18.593 AVAST engine scan C:\WINDOWS\system32\drivers
    12:07:00.000 AVAST engine scan C:\Documents and Settings\Usuario
    12:29:28.609 AVAST engine scan C:\Documents and Settings\All Users
    12:29:47.375 Scan finished successfully
    12:37:09.531 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Usuario\Escritorio\MBR.dat"
    12:37:09.546 The log file has been saved successfully to "C:\Documents and Settings\Usuario\Escritorio\aswMBR1.txt"
  8. Broni

    Broni Malware Annihilator Posts: 46,433   +252

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
    There are 4 different versions. If one of them won't run then download and try to run the other one.
    Vista and Win7 users need to right click Rkill and choose Run as Administrator
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    * Rkill.com
    * Rkill.scr
    * Rkill.exe
    • Double-click on the Rkill icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.
    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
  9. SebastianB23

    SebastianB23 Newcomer, in training Topic Starter

    Log combo

    ComboFix 12-03-29.01 - Usuario 03/29/2012 10:55:06.1.1 - x86 NETWORK
    Microsoft Windows XP Professional 5.1.2600.3.1252.34.3082.18.512.426 [GMT 2:00]
    Running from: c:\documents and settings\Usuario\Escritorio\ComboFix.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\All Users\Datos de programa\Tarma Installer
    c:\documents and settings\All Users\Datos de programa\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\_Setup.dll
    c:\documents and settings\All Users\Datos de programa\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\_Setupx.dll
    c:\documents and settings\All Users\Datos de programa\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\Setup.dat
    c:\documents and settings\All Users\Datos de programa\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\Setup.exe
    c:\documents and settings\All Users\Datos de programa\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\Setup.ico
    c:\documents and settings\All Users\Datos de programa\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setup.dll
    c:\documents and settings\All Users\Datos de programa\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll
    c:\documents and settings\All Users\Datos de programa\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.dat
    c:\documents and settings\All Users\Datos de programa\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.exe
    c:\documents and settings\All Users\Datos de programa\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.ico
    c:\documents and settings\All Users\Datos de programa\TEMP
    c:\documents and settings\Usuario\Datos de programa\PriceGong
    c:\documents and settings\Usuario\Datos de programa\PriceGong\Data\1.txt
    c:\documents and settings\Usuario\Datos de programa\PriceGong\Data\a.txt
    c:\documents and settings\Usuario\Datos de programa\PriceGong\Data\b.txt
    c:\documents and settings\Usuario\Datos de programa\PriceGong\Data\c.txt
    c:\documents and settings\Usuario\Datos de programa\PriceGong\Data\d.txt
    c:\documents and settings\Usuario\Datos de programa\PriceGong\Data\e.txt
    c:\documents and settings\Usuario\Datos de programa\PriceGong\Data\f.txt
    c:\documents and settings\Usuario\Datos de programa\PriceGong\Data\g.txt
    c:\documents and settings\Usuario\Datos de programa\PriceGong\Data\h.txt
    c:\documents and settings\Usuario\Datos de programa\PriceGong\Data\i.txt
    c:\documents and settings\Usuario\Datos de programa\PriceGong\Data\j.txt
    c:\documents and settings\Usuario\Datos de programa\PriceGong\Data\k.txt
    c:\documents and settings\Usuario\Datos de programa\PriceGong\Data\l.txt
    c:\documents and settings\Usuario\Datos de programa\PriceGong\Data\m.txt
    c:\documents and settings\Usuario\Datos de programa\PriceGong\Data\mru.xml
    c:\documents and settings\Usuario\Datos de programa\PriceGong\Data\n.txt
    c:\documents and settings\Usuario\Datos de programa\PriceGong\Data\o.txt
    c:\documents and settings\Usuario\Datos de programa\PriceGong\Data\p.txt
    c:\documents and settings\Usuario\Datos de programa\PriceGong\Data\q.txt
    c:\documents and settings\Usuario\Datos de programa\PriceGong\Data\r.txt
    c:\documents and settings\Usuario\Datos de programa\PriceGong\Data\s.txt
    c:\documents and settings\Usuario\Datos de programa\PriceGong\Data\t.txt
    c:\documents and settings\Usuario\Datos de programa\PriceGong\Data\u.txt
    c:\documents and settings\Usuario\Datos de programa\PriceGong\Data\v.txt
    c:\documents and settings\Usuario\Datos de programa\PriceGong\Data\w.txt
    c:\documents and settings\Usuario\Datos de programa\PriceGong\Data\wlu.txt
    c:\documents and settings\Usuario\Datos de programa\PriceGong\Data\x.txt
    c:\documents and settings\Usuario\Datos de programa\PriceGong\Data\y.txt
    c:\documents and settings\Usuario\Datos de programa\PriceGong\Data\z.txt
    c:\windows\system32\autorun.reg
    c:\windows\system32\msssc.dll
    c:\windows\system32\roboot.exe
    c:\windows\system32\SET18E.tmp
    .
    c:\windows\system32\drivers\usbehci.sys . . . is missing!!
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-02-28 to 2012-03-29 )))))))))))))))))))))))))))))))
    .
    .
    2012-03-27 10:16 . 2007-06-27 12:42 207488 ----a-r- c:\windows\system32\drivers\vinyl97.sys
    2012-03-27 10:11 . 2012-03-27 10:16 -------- d-----w- c:\archivos de programa\VIA
    2012-03-27 10:11 . 2007-04-11 13:35 331184 ------w- c:\windows\system32\difxapi.dll
    2012-03-27 09:11 . 2012-03-27 09:11 -------- d-----w- c:\archivos de programa\Lavalys
    2012-03-24 09:16 . 2012-03-24 09:16 -------- d-----w- c:\documents and settings\Administrador\Configuración local\Datos de programa\Google
    2012-03-24 08:44 . 2012-03-24 08:44 -------- d-----w- c:\windows\system32\wbem\Repository
    2012-03-21 10:14 . 2012-03-21 10:14 -------- d-----w- c:\windows\SxsCaPendDel
    2012-03-21 10:03 . 2011-08-16 10:45 6144 ------w- c:\windows\system32\dllcache\iecompat.dll
    2012-03-21 10:01 . 2011-03-11 14:10 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
    2012-03-21 09:57 . 2012-03-21 09:57 -------- d-----w- c:\windows\system32\winrm
    2012-03-21 09:56 . 2012-03-21 09:58 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$
    2012-03-21 09:01 . 2012-03-21 09:01 -------- d--h--w- c:\windows\system32\GroupPolicy
    2012-03-20 17:17 . 2012-03-20 17:18 -------- d-----w- c:\archivos de programa\Vuze
    2012-03-20 17:17 . 2010-01-10 17:40 1071088 ----a-w- c:\windows\system32\MSCOMCTL.OCX
    2012-03-20 17:17 . 2010-01-10 17:40 118784 ----a-w- c:\windows\system32\MSSTDFMT.DLL
    2012-03-20 17:17 . 2012-03-20 17:17 -------- d-----w- c:\archivos de programa\SpywareBlaster
    2012-03-14 17:23 . 2009-08-06 18:23 274288 ----a-w- c:\windows\system32\mucltui.dll
    2012-03-14 17:10 . 2012-03-14 17:10 -------- d-----w- c:\windows\system32\config\systemprofile\Datos de programa\IObit
    2012-03-14 17:07 . 2012-03-14 17:07 -------- d-----w- c:\documents and settings\Usuario\Datos de programa\Search Settings
    2012-03-14 17:07 . 2012-03-14 17:07 -------- d-----w- c:\windows\system32\config\systemprofile\Datos de programa\Application Updater
    2012-03-14 17:07 . 2012-03-14 17:07 -------- d-----w- c:\archivos de programa\Application Updater
    2012-03-14 17:07 . 2012-03-14 17:07 -------- d-----w- c:\archivos de programa\Archivos comunes\Spigot
    2012-03-14 16:14 . 2012-02-23 13:25 21336 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
    2012-03-14 15:46 . 2012-03-14 17:06 -------- d-----w- c:\documents and settings\All Users\Datos de programa\IObit
    2012-03-14 15:46 . 2012-03-21 08:47 -------- d-----w- c:\documents and settings\Usuario\Datos de programa\IObit
    2012-03-14 15:45 . 2012-03-14 17:06 -------- d-----w- c:\archivos de programa\IObit
    2012-03-14 14:44 . 2012-03-14 14:44 -------- d-----w- c:\documents and settings\Usuario\Configuración local\Datos de programa\YoYo_Games_Ltd
    2012-03-14 14:44 . 2012-03-14 14:44 -------- d-----w- c:\documents and settings\Usuario\Configuración local\Datos de programa\GameMaker8.1
    2012-03-14 14:43 . 2012-03-15 08:36 -------- d-----w- c:\documents and settings\Usuario\GameMaker 8.1
    2012-03-12 09:51 . 2001-08-23 04:15 5632 ----a-w- c:\windows\system32\ptpusb.dll
    2012-03-12 09:51 . 2008-04-14 13:48 159232 ----a-w- c:\windows\system32\ptpusd.dll
    2012-03-09 08:02 . 2012-03-09 08:02 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-03-07 18:18 . 2012-03-07 18:18 -------- d-----w- c:\archivos de programa\Yontoo
    2012-03-07 18:17 . 2012-03-07 18:17 -------- d-----w- c:\documents and settings\Usuario\.swt
    2012-03-07 18:17 . 2012-03-07 18:17 -------- d-----w- c:\documents and settings\Usuario\Configuración local\Datos de programa\Vid-Saver
    2012-03-07 18:16 . 2012-03-21 09:50 -------- d-----w- c:\documents and settings\Usuario\Datos de programa\Azureus
    2012-03-07 18:13 . 2012-03-07 18:13 -------- d-----w- c:\archivos de programa\Conduit
    2012-03-07 18:13 . 2012-03-21 14:53 -------- d-----w- c:\documents and settings\Usuario\Configuración local\Datos de programa\Vuze_Remote
    2012-03-07 18:13 . 2012-03-07 18:13 -------- d-----w- c:\documents and settings\Usuario\Configuración local\Datos de programa\Conduit
    2012-03-07 18:13 . 2012-03-07 18:13 -------- d-----w- c:\documents and settings\Usuario\Configuración local\Datos de programa\Temp
    2012-03-07 12:24 . 2012-03-07 12:24 -------- d-----w- c:\documents and settings\Usuario\Datos de programa\Malwarebytes
    2012-03-07 12:23 . 2012-03-07 12:23 -------- d-----w- c:\documents and settings\All Users\Datos de programa\Malwarebytes
    2012-03-07 12:23 . 2012-03-07 12:23 -------- d-----w- c:\archivos de programa\Malwarebytes' Anti-Malware
    2012-03-07 12:23 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-03-03 15:22 . 2012-03-10 13:08 -------- d-----w- c:\documents and settings\Usuario\Datos de programa\.minecraft
    2012-03-01 11:22 . 2012-03-01 11:23 -------- d-----w- c:\archivos de programa\SystemRequirementsLab
    2012-03-01 11:22 . 2012-03-01 11:22 -------- d-----w- c:\documents and settings\Usuario\SystemRequirementsLab
    2012-03-01 11:22 . 2012-03-01 11:22 -------- d-----w- c:\windows\Sun
    2012-03-01 08:22 . 2012-03-01 08:22 -------- d-----w- c:\documents and settings\All Users\Men Inicio
    2012-03-01 08:22 . 2012-03-01 08:22 -------- d-----w- c:\archivos de programa\Archivos comunes\Steam
    2012-02-29 13:31 . 2012-02-29 13:31 -------- d-----w- c:\documents and settings\Usuario\Configuración local\Datos de programa\Identities
    2012-02-28 19:34 . 2012-03-01 12:59 -------- d-----w- c:\documents and settings\Usuario\Datos de programa\HP
    2012-02-28 19:17 . 2012-03-01 13:03 -------- d-----w- c:\documents and settings\Usuario\Datos de programa\Image Zone Express
    2012-02-28 19:10 . 2012-02-28 19:10 -------- d-----r- c:\documents and settings\LocalService\Favoritos
    2012-02-28 19:09 . 2012-02-28 19:09 -------- d-----w- c:\documents and settings\All Users\Datos de programa\HP
    2012-02-28 19:08 . 2012-02-28 19:09 -------- d-----w- c:\archivos de programa\Archivos comunes\HP
    2012-02-28 19:05 . 2012-02-28 19:06 -------- d-----w- c:\archivos de programa\Hewlett-Packard
    2012-02-28 19:05 . 2012-02-28 19:05 -------- d-----w- c:\archivos de programa\Archivos comunes\Hewlett-Packard
    2012-02-28 18:59 . 2012-02-28 18:59 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
    2012-02-28 17:51 . 2006-02-01 00:48 16496 ----a-r- c:\windows\system32\drivers\HPZipr12.sys
    2012-02-28 17:37 . 2006-02-01 00:48 49664 ----a-r- c:\windows\system32\drivers\HPZid412.sys
    2012-02-28 16:47 . 2008-04-14 06:15 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
    2012-02-28 16:46 . 2005-03-09 00:25 57344 ----a-w- c:\windows\system32\HPZisn12.dll
    2012-02-28 16:46 . 2005-03-09 00:25 94208 ----a-w- c:\windows\system32\HPZipt12.dll
    2012-02-28 16:46 . 2005-11-22 20:58 69632 ----a-w- c:\windows\system32\HPZipm12.exe
    2012-02-28 16:46 . 2005-03-15 02:09 65536 ----a-w- c:\windows\system32\HPZinw12.exe
    2012-02-28 16:46 . 2005-03-15 00:35 204800 ----a-w- c:\windows\system32\HPZipr12.dll
    2012-02-28 16:46 . 2005-03-15 00:33 278584 ----a-w- c:\windows\system32\HPZidr12.dll
    2012-02-28 16:46 . 1998-10-29 15:45 306688 ----a-w- c:\windows\IsUninst.exe
    2012-02-28 16:45 . 2012-02-28 19:09 -------- d-----w- c:\archivos de programa\HP
    2012-02-28 16:39 . 2006-01-04 08:12 77824 ----a-r- c:\windows\system32\HPZIDS01.dll
    2012-02-28 16:39 . 2006-02-09 14:43 74240 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpzpp054.dll
    2012-02-28 16:39 . 2006-02-09 14:45 38400 ----a-w- c:\windows\system32\hpz3l054.dll
    2012-02-28 16:37 . 2008-04-14 06:17 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
    2012-02-28 16:24 . 2012-02-28 16:24 -------- d-----w- c:\documents and settings\Usuario\Datos de programa\LibreOffice
    2012-02-28 16:19 . 2012-02-28 16:19 -------- d-----w- c:\archivos de programa\MSECache
    2012-02-28 12:40 . 2012-03-13 16:17 -------- d-----w- c:\documents and settings\Usuario\Datos de programa\vlc
    2012-02-28 10:45 . 2012-02-28 10:45 -------- d-----w- c:\windows\VirtualEar
    2012-02-28 10:45 . 2001-09-19 13:47 765952 ----a-w- c:\windows\system32\crlds3d.dll
    2012-02-28 10:45 . 2001-09-19 13:47 765952 ----a-w- c:\windows\system\crlds3d.dll
    2012-02-28 10:45 . 2001-10-04 15:50 991232 ----a-w- c:\windows\system32\virtear.dll
    2012-02-28 10:44 . 2001-10-19 10:04 45056 ----a-w- c:\windows\system32\DSndUp.exe
    2012-02-28 10:44 . 2001-09-27 10:09 28672 ----a-w- c:\windows\system32\Aud2Full.exe
    2012-02-28 10:44 . 2012-03-27 10:10 -------- d-----w- c:\archivos de programa\Archivos comunes\InstallShield
    2012-02-28 10:43 . 2012-02-28 10:43 -------- d-----w- C:\Compaq
    2012-02-28 10:37 . 2011-09-21 09:25 21992 ----a-w- c:\windows\system32\drivers\cpuz135_x32.sys
    2012-02-28 10:37 . 2012-02-28 10:37 -------- d-----w- c:\archivos de programa\CPUID
    2012-02-28 10:35 . 2012-02-28 10:35 -------- d-----w- c:\documents and settings\Usuario\Configuración local\Datos de programa\APN
    2012-02-28 10:32 . 2012-02-28 10:46 -------- d-----w- c:\documents and settings\Usuario\Datos de programa\Systweak
    2012-02-28 10:20 . 2012-02-28 10:20 -------- d-----w- c:\windows\system32\Data
    2012-02-28 10:20 . 2003-05-28 17:40 20480 ----a-w- c:\windows\INRES.DLL
    2012-02-28 10:20 . 2003-01-08 22:39 49152 ----a-w- c:\windows\CTDCRES.DLL
    2012-02-28 10:16 . 2012-02-28 10:16 -------- d-----w- C:\HP
    2012-02-28 09:52 . 2008-04-14 13:48 21504 ----a-w- c:\windows\system32\hidserv.dll
    2012-02-28 09:52 . 2008-04-14 13:25 14720 ----a-w- c:\windows\system32\drivers\kbdhid.sys
    2012-02-28 09:52 . 2001-08-23 03:34 12416 ----a-w- c:\windows\system32\drivers\mouhid.sys
    2012-02-28 09:51 . 2008-04-14 06:15 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
    2012-02-28 09:51 . 2008-04-14 06:15 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-03-21 08:51 . 2012-02-27 10:18 94208 ----a-w- c:\windows\DUMPada0.tmp
    2012-02-28 19:33 . 2012-02-27 10:18 94208 ----a-w- c:\windows\DUMP7c15.tmp
    2012-02-27 18:22 . 2012-02-27 10:18 94208 ----a-w- c:\windows\DUMP569b.tmp
    2012-02-27 10:56 . 2012-02-27 10:56 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2012-02-27 10:56 . 2012-02-27 09:58 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2012-02-23 16:23 . 2012-02-27 19:56 41184 ----a-w- c:\windows\avastSS.scr
    2012-02-23 16:23 . 2012-02-27 19:56 201352 ----a-w- c:\windows\system32\aswBoot.exe
    2012-02-23 16:12 . 2012-02-27 19:57 610648 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2012-02-23 16:12 . 2012-02-27 19:57 337112 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2012-02-23 16:10 . 2012-02-27 19:57 35672 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2012-02-23 16:10 . 2012-02-27 19:57 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2012-02-23 16:10 . 2012-02-27 19:57 95704 ----a-w- c:\windows\system32\drivers\aswmon2.sys
    2012-02-23 16:10 . 2012-02-27 19:57 89048 ----a-w- c:\windows\system32\drivers\aswmon.sys
    2012-02-23 16:10 . 2012-02-27 19:57 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2012-02-23 16:07 . 2012-02-27 19:57 24920 ----a-w- c:\windows\system32\drivers\aavmker4.sys
    2012-02-03 09:57 . 2010-08-15 21:59 1860224 ----a-w- c:\windows\system32\win32k.sys
    2012-01-11 19:06 . 2012-02-27 10:52 3072 ------w- c:\windows\system32\iacenc.dll
    2012-01-09 16:20 . 2012-02-27 09:31 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    .
    .
    ------- Sigcheck -------
    Note: Unsigned files aren't necessarily malware.
    .
    [-] 2010-08-15 . AEF41FC6F108CC4F94F9B4E96AFA9C70 . 401408 . . [5.1.2600.5755] . . c:\windows\system32\rpcss.dll
    .
    [-] 2010-08-15 . AA6E1769469F9D15603A619FC1FB9E18 . 111104 . . [5.1.2600.5755] . . c:\windows\system32\services.exe
    .
    [-] 2010-08-15 21:58 . 6EC3C2A5CEA41B78BB55B30444292CB8 . 253952 . . [2001.12.4414.706] . . c:\windows\system32\es.dll
    .
    [-] 2010-08-15 . 97D5372816EC546BD035EDAEDB5E6918 . 1044992 . . [5.1.2600.5781] . . c:\windows\system32\kernel32.dll
    .
    [-] 2010-08-15 . 63B1FC244A46EFDF726EA79588A380A2 . 407040 . . [5.1.2600.5582] . . c:\windows\system32\netlogon.dll
    .
    [-] 2010-08-15 . 8A34F9730A2206726B1BE4DC4209CAB9 . 135168 . . [6.00.2900.5853] . . c:\windows\system32\shsvcs.dll
    .
    .
    .
    [-] 2010-08-15 21:58 . 051B1BDECD6DEE18C771B5D5EC7F044D . 27136 . . [11.0.5721.5262] . . c:\windows\system32\mspmsnsv.dll
    .
    [-] 2010-08-15 . 732A9A6431F71414BAE0695A9AFE4BD4 . 177152 . . [5.1.2600.5582] . . c:\windows\system32\w32time.dll
    .
    c:\windows\System32\wscntfy.exe ... is missing !!
    c:\windows\System32\regsvc.dll ... is missing !!
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\archivos de programa\Vuze_Remote\prxtbVuze.dll" [2011-05-09 176936]
    .
    [HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
    2011-05-09 08:49 176936 ----a-w- c:\archivos de programa\Vuze_Remote\prxtbVuze.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\archivos de programa\Vuze_Remote\prxtbVuze.dll" [2011-05-09 176936]
    .
    [HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{BA14329E-9550-4989-B3F2-9732E92D17CC}"= "c:\archivos de programa\Vuze_Remote\prxtbVuze.dll" [2011-05-09 176936]
    .
    [HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2012-02-23 16:23 123536 ----a-w- c:\archivos de programa\AVAST Software\Avast\ashShell.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Advanced SystemCare 5"="c:\archivos de programa\IObit\Advanced SystemCare 5\ASCTray.exe" [2012-03-06 574296]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "avast"="c:\archivos de programa\AVAST Software\Avast\avastUI.exe" [2012-02-23 4031368]
    "Smapp"="c:\archivos de programa\Analog Devices\SoundMAX\Smtray.exe" [2001-10-12 69632]
    "HP Software Update"="c:\archivos de programa\hp\hp software update\hpwuschd2.exe" [2006-02-19 49152]
    "SearchSettings"="c:\archivos de programa\archivos comunes\spigot\search settings\searchsettings.exe" [2012-03-04 934752]
    "AudioDeck"="c:\archivos de programa\VIA\VIAudioi\SBADeck\ADeck.exe" [2007-08-09 528384]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "_nltide_3"="advpack.dll" [2010-08-15 128512]
    .
    c:\documents and settings\All Users\Menú Inicio\Programas\Inicio\
    HP Digital Imaging Monitor.lnk - c:\archivos de programa\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
    .
    c:\documents and settings\Default User\Menú Inicio\Programas\Inicio\
    autorun.cmd [2010-8-18 76]
    NUsuario.cmd [2010-8-13 89]
    .
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoSMConfigurePrograms"= 1 (0x1)
    "NoSMMyPictures"= 1 (0x1)
    "NoResolveTrack"= 1 (0x1)
    .
    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "ForceClassicControlPanel"= 1 (0x1)
    "NoSMHelp"= 1 (0x1)
    "NoSMConfigurePrograms"= 1 (0x1)
    "NoSMMyPictures"= 1 (0x1)
    "NoResolveTrack"= 1 (0x1)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Archivos de programa\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "c:\\Archivos de programa\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "c:\\Archivos de programa\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
    "c:\\Archivos de programa\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
    "c:\\Archivos de programa\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "c:\\Archivos de programa\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
    "c:\\Archivos de programa\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "c:\\Archivos de programa\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
    "c:\\Archivos de programa\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
    "c:\\Archivos de programa\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
    "c:\\Archivos de programa\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
    "c:\\Archivos de programa\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
    "c:\\Archivos de programa\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
    "c:\\Archivos de programa\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
    "c:\\Archivos de programa\\Vuze\\Azureus.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "5985:TCP"= 5985:TCP:*:Disabled:Administración remota de Windows
    .
    R3 EN1207D;Accton EN1207D/2242A Adapter Driver;c:\windows\system32\drivers\ACC07D.sys [2/27/2012 8:16 PM 23661]
    S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2/27/2012 9:57 PM 610648]
    S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2/27/2012 9:57 PM 337112]
    S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\archivos de programa\IObit\Advanced SystemCare 5\ASCService.exe [3/21/2012 11:27 AM 913752]
    S2 Application Updater;Application Updater;c:\archivos de programa\Application Updater\ApplicationUpdater.exe [3/4/2012 11:40 PM 748440]
    S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2/27/2012 9:57 PM 20696]
    S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [2/28/2012 12:37 PM 21992]
    S2 gupdate;Servicio de Google Update (gupdate);c:\archivos de programa\Google\Update\GoogleUpdate.exe [2/27/2012 9:43 PM 136176]
    S3 gupdatem;Servicio de Google Update (gupdatem);c:\archivos de programa\Google\Update\GoogleUpdate.exe [2/27/2012 9:43 PM 136176]
    S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [4/14/2008 3:49 AM 14336]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    WINRM REG_MULTI_SZ WINRM
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-03-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\archivos de programa\Google\Update\GoogleUpdate.exe [2012-02-27 19:43]
    .
    2012-03-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\archivos de programa\Google\Update\GoogleUpdate.exe [2012-02-27 19:43]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.es/
    TCP: DhcpNameServer = 192.168.1.1
    .
    - - - - ORPHANS REMOVED - - - -
    .
    BHO-{11111111-1111-1111-1111-110011341191} - (no file)
    AddRemove-{889DF117-14D1-44EE-9F31-C5FB5D47F68B} - c:\docume~1\ALLUSE~1\DATOSD~1\TARMAI~1\{889DF~1\Setup.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-03-29 11:09
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    AudioDeck = c:\archivos de programa\VIA\VIAudioi\SBADeck\ADeck.exe 1???????????????????????????????????????????????????????
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Microsoft\DbgagD\1*]
    "value"="?\03\03\07\12\0f\12?"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(532)
    c:\windows\system32\Ati2evxx.dll
    .
    Completion time: 2012-03-29 11:13:29
    ComboFix-quarantined-files.txt 2012-03-29 09:13
    .
    Pre-Run: 89,768,108,032 bytes libres
    Post-Run: 90,077,245,440 bytes libres
    .
    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
    .
    - - End Of File - - 99F6D7FAAB3F03F2B744CE2EBDD691A9
  10. Broni

    Broni Malware Annihilator Posts: 46,433   +252

    Uninstall Advanced SystemCare 5
    Registry cleaners/optimizers are not recommended for several reasons:

    • Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.

      The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable. For a more detailed explanation, read Understanding The Registry.
    • Not all registry cleaners are created equal. There are a number of them available but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still another may want to remove entries required for a program to work.
    • Not all registry cleaners create a backup of the registry before making changes. If the changes prevent the system from booting up, then there is no backup available to restore it in order to regain functionality. A backup of the registry is essential BEFORE making any changes to the registry.
    • Improperly removing registry entries can hamper malware disinfection and make the removal process more difficult if your computer becomes infected. For example, removing malware related registry entries before the infection is properly identified can contribute to system instability and even make the malware undetectable to removal tools.
    • The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results".
    Unless you have a particular problem that requires a registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning tools unnecessarily or incorrectly could lead to disastrous effects on your operating system such as preventing it from ever starting again. For routine use, the benefits to your computer are negligible while the potential risks are great.


    =====================================================================

    Then we have some system files missing.

    Please download SystemLook from one of the links below and save it to your Desktop.
    Download Mirror #1
    Download Mirror #2

    64-bit users go HERE
    • Double-click SystemLook.exe to run it.
    • Vista users:: Right click on SystemLook.exe, click Run As Administrator
    • Copy the content of the following box and paste it into the main textfield:
      Code:
      :filefind
      regsvc.dll
      wscntfy.exe
      usbehci.sys
      
    • Click the Look button to start the scan.
    • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
    Note: The log can also be found on your Desktop entitled SystemLook.txt
  11. SebastianB23

    SebastianB23 Newcomer, in training Topic Starter

    Systemlook Log

    SystemLook 30.07.11 by jpshortstuff
    Log created at 17:53 on 30/03/2012 by Usuario
    Administrator - Elevation successful

    ========== filefind ==========

    Searching for "regsvc.dll"
    No files found.

    Searching for "wscntfy.exe"
    No files found.

    Searching for "usbehci.sys"
    No files found.

    -= EOF =-
     
  12. Broni

    Broni Malware Annihilator Posts: 46,433   +252

    Download following Temp.zip file: http://www.bleepstatic.com/fhost/uploads/0/temp.zip
    Unzip it.
    Inside you'll fined three files:
    regsvc.dll
    wscntfy.exe
    usbehci.sys

    Copy all files and paste them into root C:\ directory.

    Re-run System Look with the same script as in my previous reply so I can see the files are in correct location.

    Did you uninstall Advanced SystemCare 5?
  13. SebastianB23

    SebastianB23 Newcomer, in training Topic Starter

    SystemLook 30.07.11 by jpshortstuff
    Log created at 13:15 on 31/03/2012 by Usuario
    Administrator - Elevation successful

    ========== filefind ==========

    Searching for "regsvc.dll"
    C:\regsvc.dll --a---- 59904 bytes [11:13 31/03/2012] [03:42 14/04/2008] 5B19B557B0C188210A56A6B699D90B8F

    Searching for "wscntfy.exe"
    No files found.

    Searching for "usbehci.sys"
    C:\usbehci.sys --a---- 30208 bytes [11:13 31/03/2012] [17:39 20/03/2008] 8E9D9764DD8030160FC42E183001113D

    -= EOF =-

    I pasted all 3 files into the C:\ directory.
    Yes, I uninstalled ASC.
  14. Broni

    Broni Malware Annihilator Posts: 46,433   +252

    I don't see "wscntfy.exe" in C:\ directory.
  15. SebastianB23

    SebastianB23 Newcomer, in training Topic Starter

    I pasted them all in at the same time and I even pasted wscntfy.exe seperately because it wouldn't show.
  16. Broni

    Broni Malware Annihilator Posts: 46,433   +252

    Re-run System Look one more time.
  17. SebastianB23

    SebastianB23 Newcomer, in training Topic Starter

    It seems like the PC is not stuttering but everything is speeded up by half a second, while watching videos on Youtube or listening to sounds it seems to go faster than ussual, even the Windows Start Up sound.


    SystemLook 30.07.11 by jpshortstuff
    Log created at 14:41 on 03/04/2012 by Usuario
    Administrator - Elevation successful

    ========== filefind ==========

    Searching for "regsvc.dll"
    C:\regsvc.dll --a---- 59904 bytes [11:13 31/03/2012] [03:42 14/04/2008] 5B19B557B0C188210A56A6B699D90B8F

    Searching for "wscntfy.exe"
    No files found.

    Searching for "usbehci.sys"
    C:\usbehci.sys --a---- 30208 bytes [11:13 31/03/2012] [17:39 20/03/2008] 8E9D9764DD8030160FC42E183001113D

    -= EOF =-

    3rd time trying and still doesnt work (already restarted and attempted it again)


    P.S. After RAM check when powering up I got a kind of boot menu, one was Recovery System, the other was Launch Windows XP SP3 and the last was called "do not press this" option sentance does not start with capital letter like all other things.
  18. Broni

    Broni Malware Annihilator Posts: 46,433   +252

    Can you check manually if "wscntfy.exe" file is in C:\ directory?
  19. SebastianB23

    SebastianB23 Newcomer, in training Topic Starter

    I checked and there was nothing, I dragged the file into the C:\ directory and when finished pasting it highlighted a file called "ushbehci".
  20. Broni

    Broni Malware Annihilator Posts: 46,433   +252

    I apologize. My fault. I included wrong file.
    Correct file attached (zipped).
    Unzip it and out the file into C:\ directory.
    Re-run System Look and post new log.

    Attached Files:

  21. SebastianB23

    SebastianB23 Newcomer, in training Topic Starter

    New logs

    SystemLook 30.07.11 by jpshortstuff
    Log created at 11:45 on 04/04/2012 by Usuario
    Administrator - Elevation successful

    No Context: regsvc.dll

    No Context: wscntfy.exe

    No Context: usbehci.sys

    -= EOF =-
  22. Broni

    Broni Malware Annihilator Posts: 46,433   +252

    I think you didn't copy a whole script.
    Please retry.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.