Click.GiftLoad infection

[anbelo]

Sorry for the late reply, I missed your email notification

No problem, a million thanks for your help.

OTL.txt:

OTL logfile created on: 12/05/2011 18:42:06 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\andres1\Escritorio
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000C0A | Country: España | Language: ESN | Date Format: dd/MM/yyyy

1.023,00 Mb Total Physical Memory | 796,00 Mb Available Physical Memory | 78,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 97,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Archivos de programa
Drive C: | 298,08 Gb Total Space | 1,10 Gb Free Space | 0,37% Space Free | Partition Type: NTFS
Drive E: | 218,97 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: ANDRES-15E02CCC | User Name: andres1 | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\andres1\Escritorio\OTL.exe (OldTimer Tools)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\andres1\Escritorio\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (srvA50) -- File not found
SRV - (ckfhatpqubgol) -- File not found
SRV - (AppMgmt) -- File not found
SRV - (PAVSRV) -- C:\Archivos de programa\Panda Security\Panda Antivirus Pro 2010\pavsrv51.exe (Panda Security, S.L.)
SRV - (Apple Mobile Device) -- C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (PskSvcRetail) -- C:\Archivos de programa\Panda Security\Panda Antivirus Pro 2010\PskSvc.exe (Panda Security, S.L.)
SRV - (Panda Software Controller) -- C:\Archivos de programa\Panda Security\Panda Antivirus Pro 2010\PsCtrls.exe (Panda Security, S.L.)
SRV - (PAVFNSVR) -- C:\Archivos de programa\Panda Security\Panda Antivirus Pro 2010\PavFnSvr.exe (Panda Security, S.L.)
SRV - (TPSrv) -- C:\Archivos de programa\Panda Security\Panda Antivirus Pro 2010\TPSrv.exe (Panda Security, S.L.)
SRV - (PSHost) -- C:\Archivos de programa\Panda Security\Panda Antivirus Pro 2010\Firewall\PSHOST.EXE (Panda Security International)
SRV - (Gwmsrv) -- C:\Archivos de programa\Panda Security\Panda Antivirus Pro 2010\GWMsrv.dll (Panda Security, S.L.)
SRV - (PSIMSVC) -- C:\Archivos de programa\Panda Security\Panda Antivirus Pro 2010\PsImSvc.exe (Panda Security S.L.)
SRV - (aawservice) -- C:\Archivos de programa\Lavasoft\Ad-Aware 2007\aawservice.exe (Lavasoft)
SRV - (Sony SCSI Helper Service) -- C:\Archivos de programa\Archivos comunes\Sony Shared\Fsk\SonySCSIHelperService.exe (Sony Corporation)
SRV - (PavPrSrv) -- C:\Archivos de programa\Archivos comunes\Panda Security\PavShld\pavprsrv.exe (Panda Security, S.L.)
SRV - (Adobe LM Service) -- C:\Archivos de programa\Archivos comunes\Adobe Systems Shared\Service\Adobelmsvc.exe (Adobe Systems)
SRV - (ose) -- C:\Archivos de programa\Archivos comunes\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (APPFLT) -- C:\WINDOWS\system32\drivers\APPFLT.SYS (Panda Security, S.L.)
DRV - (NETIMFLT01060039) -- C:\WINDOWS\system32\drivers\neti1639.sys (Panda Security, S.L.)
DRV - (PavProc) -- C:\WINDOWS\system32\drivers\PavProc.sys (Panda Security, S.L.)
DRV - (pavboot) -- C:\WINDOWS\system32\Drivers\pavboot.sys (Panda Security, S.L.)
DRV - (WNMFLT) -- C:\WINDOWS\system32\drivers\wnmflt.sys (Panda Security, S.L.)
DRV - (NETFLTDI) -- C:\WINDOWS\system32\drivers\NETFLTDI.SYS (Panda Security, S.L.)
DRV - (IDSFLT) -- C:\WINDOWS\system32\drivers\idsflt.sys (Panda Security, S.L.)
DRV - (DSAFLT) -- C:\WINDOWS\system32\drivers\dsaflt.sys (Panda Security, S.L.)
DRV - (RkPavproc1) -- C:\WINDOWS\system32\drivers\RkPavproc1.sys (Panda Security, S.L.)
DRV - (USBModem) -- C:\WINDOWS\system32\drivers\lgusbmodem.sys (LG Electronics Inc.)
DRV - (UsbDiag) -- C:\WINDOWS\system32\drivers\lgusbdiag.sys (LG Electronics Inc.)
DRV - (usbbus) -- C:\WINDOWS\system32\drivers\lgusbbus.sys (LG Electronics Inc.)
DRV - (PAVDRV) -- C:\WINDOWS\system32\drivers\pavdrv51.sys (Panda Security, S.L.)
DRV - (USB_RNDIS) -- C:\WINDOWS\system32\drivers\usb8023.sys (Microsoft Corporation)
DRV - (MPE) -- C:\WINDOWS\system32\drivers\mpe.sys (Microsoft Corporation)
DRV - (FNETMON) -- C:\WINDOWS\system32\drivers\fnetmon.sys (Panda Security, S.L.)
DRV - (ShldDrv) -- C:\WINDOWS\system32\drivers\ShlDrv51.sys (Panda Security, S.L.)
DRV - (PRISM_A02) -- C:\WINDOWS\system32\drivers\PRISMA02.sys (Conexant Systems, Inc.)
DRV - (DgiVecp) -- C:\WINDOWS\system32\drivers\DGIVECP.SYS (Samsung Electronics Co., Ltd.)
DRV - (xusb20) -- C:\WINDOWS\system32\drivers\xusb20.sys (Microsoft Corporation)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (USBCCID) -- C:\WINDOWS\system32\drivers\usbccid.sys (Microsoft Corporation)
DRV - (AVerBDA) -- C:\WINDOWS\system32\drivers\AVerBDA3x.sys (AVerMedia TECHNOLOGIES, Inc.)
DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation )
DRV - (SenFiltService) -- C:\WINDOWS\system32\drivers\senfilt.sys (Sensaura)
DRV - (LHidKe) -- C:\WINDOWS\system32\drivers\LHidKE.Sys (Logitech, Inc.)
DRV - (LMouKE) -- C:\WINDOWS\system32\drivers\LMouKE.Sys (Logitech, Inc.)
DRV - (L8042mou) -- C:\WINDOWS\system32\drivers\L8042MOU.SYS (Logitech, Inc.)
DRV - (L8042Kbd) -- C:\WINDOWS\system32\drivers\L8042Kbd.SYS (Logitech, Inc.)
DRV - (HdAudAddService) -- C:\WINDOWS\system32\drivers\Hdaudio.sys (Windows (R) Server 2003 DDK provider)
DRV - (AsIO) -- C:\WINDOWS\system32\drivers\AsIO.sys ()
DRV - (MTsensor) -- C:\WINDOWS\system32\drivers\ASACPI.sys ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-842925246-1284227242-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.es/
IE - HKU\S-1-5-21-842925246-1284227242-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: YoutubeDownloader@PeterOlayev.com:1.5
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: acotec@acotec.es:2.2.2

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Archivos de programa\Mozilla Firefox\components [2011/04/30 03:22:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Archivos de programa\Mozilla Firefox\plugins [2011/04/30 03:21:53 | 000,000,000 | ---D | M]

[2010/01/07 13:30:04 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\andres1\Datos de programa\Mozilla\Extensions
[2010/01/07 13:30:04 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\andres1\Datos de programa\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/04/29 11:43:34 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\andres1\Datos de programa\Mozilla\Firefox\Profiles\d7wjsik5.default\extensions
[2010/06/27 18:57:24 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\andres1\Datos de programa\Mozilla\Firefox\Profiles\d7wjsik5.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/03/13 13:41:55 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Documents and Settings\andres1\Datos de programa\Mozilla\Firefox\Profiles\d7wjsik5.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2010/09/01 19:50:07 | 000,000,000 | ---D | M] (1-Click YouTube Video Downloader) -- C:\Documents and Settings\andres1\Datos de programa\Mozilla\Firefox\Profiles\d7wjsik5.default\extensions\YoutubeDownloader@PeterOlayev.com
[2009/04/21 09:40:25 | 000,001,032 | ---- | M] () -- C:\Documents and Settings\andres1\Datos de programa\Mozilla\Firefox\Profiles\d7wjsik5.default\searchplugins\wikipedia-eng.xml
[2011/04/29 11:43:34 | 000,000,000 | ---D | M] (No name found) -- C:\Archivos de programa\Mozilla Firefox\extensions
[2011/04/12 20:32:03 | 000,000,000 | ---D | M] (Acotec PKCS#11) -- C:\Archivos de programa\Mozilla Firefox\extensions\acotec@acotec.es
[2009/03/28 20:04:34 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\ARCHIVOS DE PROGRAMA\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/10/11 12:22:59 | 000,003,996 | ---- | M] () -- C:\Archivos de programa\Mozilla Firefox\searchplugins\drae.xml
[2010/10/11 12:22:59 | 000,000,751 | ---- | M] () -- C:\Archivos de programa\Mozilla Firefox\searchplugins\eBay-es.xml
[2010/10/11 12:22:59 | 000,001,178 | ---- | M] () -- C:\Archivos de programa\Mozilla Firefox\searchplugins\wikipedia-es.xml
[2010/10/11 12:22:59 | 000,001,102 | ---- | M] () -- C:\Archivos de programa\Mozilla Firefox\searchplugins\yahoo-es.xml

O1 HOSTS File: ([2011/05/11 14:23:19 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Aplicación auxiliar de vínculos de Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Archivos comunes\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Windows Live Aplicación auxiliar de inicio de sesión) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe ARM] C:\Archivos de programa\Archivos comunes\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APVXDWIN] C:\Archivos de programa\Panda Security\Panda Antivirus Pro 2010\APVXDWIN.EXE (Panda Security, S.L.)
O4 - HKLM..\Run: [CERTUI] C:\Archivos de programa\ACOTEC\CerTUI\CerTui.exe (Acotec SmartCard Solutions)
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\HdAShCut.exe (Windows (R) Server 2003 DDK provider)
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Archivos de programa\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Archivos de programa\Archivos comunes\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [RegistrarUsrDNIeCertStoreDLL] C:\Archivos de programa\DNIe\udcs.exe ()
O4 - HKLM..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe ()
O4 - HKLM..\Run: [SCANINICIO] C:\Archivos de programa\Panda Security\Panda Antivirus Pro 2010\Inicio.exe (Panda Security, S.L.)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Archivos de programa\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Menú Inicio\Programas\Inicio\Logitech SetPoint.lnk = C:\Archivos de programa\Logitech\SetPoint\SetPoint.exe (Logitech Inc.)
O4 - Startup: C:\Documents and Settings\andres1\Menú Inicio\Programas\Inicio\CerTui.lnk = C:\Archivos de programa\ACOTEC\CerTUI\CerTui.exe (Acotec SmartCard Solutions)
O4 - Startup: C:\Documents and Settings\andres1\Menú Inicio\Programas\Inicio\Uninstall CerTUI.lnk = C:\WINDOWS\CerTUI\uninstall.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUA = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-842925246-1284227242-839522115-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-842925246-1284227242-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-842925246-1284227242-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-842925246-1284227242-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Archivos de programa\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-842925246-1284227242-839522115-1004\..Trusted Domains: fnmt.es ([www.cert] http in Sitios de confianza)
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} http://downloads.ewido.net/ewidoOnlineScan.cab (ewidoOnlineScan Control)
O16 - DPF: {1C4C6BC7-91F1-4FD3-A208-B07B6C1BDBFB} https://www.juntadeandalucia.es/econ...ion/SignV2.cab (Firma1Fase @firma5 Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos...ineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {A996E48C-D3DC-4244-89F7-AFA33EC60679} https://www.cert.fnmt.es/content/pag...os/capicom.cab (Settings Class)
O16 - DPF: {B785FA3C-1DE9-4D20-8396-613C486FE95E} https://www1.aeat.es/imagenes/comun/cactivex.cab (AeatCtl Class)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/...ndows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get...nt/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avldr: DllName - avldr.dll - C:\WINDOWS\System32\avldr.dll (Panda Security, S.L.)
O24 - Desktop Components:0 (Mi página de inicio actual) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\andres1\Configuración local\Datos de programa\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\andres1\Configuración local\Datos de programa\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {88485281-8b4b-4f8d-9ede-82e29a064277} - C:\Archivos de programa\MarkAny\ContentSafer\MACSMANAGER.dll (MarkAny Cooperation.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/08/23 02:18:40 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk /r \??\F - File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/12 18:38:59 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\andres1\Escritorio\OTL.exe
[2011/05/11 21:06:45 | 000,000,000 | ---D | C] -- C:\Archivos de programa\ESET
[2011/05/11 18:41:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\andres1\Datos de programa\Malwarebytes
[2011/05/11 18:40:52 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/11 18:40:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Datos de programa\Malwarebytes
[2011/05/11 18:40:49 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/05/11 18:40:49 | 000,000,000 | ---D | C] -- C:\Archivos de programa\Malwarebytes' Anti-Malware
[2011/05/11 18:30:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\andres1\Escritorio\erunt
[2011/05/11 18:28:50 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/05/11 14:25:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/05/11 14:14:49 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/05/11 13:25:53 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/05/11 13:25:53 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/05/11 13:25:53 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/05/11 13:25:53 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/05/11 13:22:32 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/05/11 00:01:25 | 000,000,000 | ---D | C] -- C:\safecd
[2011/05/10 21:05:02 | 000,000,000 | ---D | C] -- C:\pavsig
[2011/05/09 17:55:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\andres1\Escritorio\CARMEN
[2011/05/09 17:49:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\andres1\Escritorio\CV
[2011/05/08 18:59:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/05/08 18:57:34 | 000,000,000 | ---D | C] -- C:\Archivos de programa\ERUNT
[2011/05/05 18:12:06 | 000,000,000 | ---D | C] -- C:\PANDA
[2011/05/01 13:46:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\andres1\Escritorio\GooredFix Backups
[2011/05/01 13:45:42 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Documents and Settings\andres1\Escritorio\GooredFix.exe
[2011/05/01 13:39:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\andres1\Escritorio\shazam
[2011/04/30 18:39:03 | 000,016,648 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\RkPavproc1.sys
[2011/04/30 01:51:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Datos de programa\Macromedia
[2011/04/30 01:51:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Datos de programa\Adobe
[2011/04/25 10:18:16 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2011/04/22 14:57:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\andres1\Escritorio\VALENCIA
[2011/04/13 20:19:48 | 000,196,608 | ---- | C] (A.E.A.T.) -- C:\aeat.dll
[2011/04/13 20:19:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\andres1\Escritorio\cactivex
[2011/04/13 20:18:54 | 000,196,608 | ---- | C] (A.E.A.T.) -- C:\Documents and Settings\andres1\Escritorio\aeat.dll
[2011/04/12 22:24:21 | 000,000,000 | ---D | C] -- C:\Archivos de programa\DNIe
[2011/04/12 20:32:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\CerTUI
[2011/04/12 20:32:01 | 000,000,000 | ---D | C] -- C:\Archivos de programa\ACOTEC
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/12 09:52:54 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/12 09:52:24 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/12 09:52:14 | 000,000,088 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\NetAdapt.cfg
[2011/05/11 18:29:43 | 000,518,094 | ---- | M] () -- C:\Documents and Settings\andres1\Escritorio\erunt.zip
[2011/05/11 14:23:19 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/05/11 14:14:55 | 000,000,345 | RHS- | M] () -- C:\boot.ini
[2011/05/11 12:13:38 | 004,345,957 | R--- | M] () -- C:\Documents and Settings\andres1\Escritorio\ComboFix.exe
[2011/05/11 10:54:37 | 000,000,080 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\NetLoc.wlt
[2011/05/11 01:58:12 | 000,000,739 | ---- | M] () -- C:\safecd.tgz
[2011/05/09 15:12:35 | 000,021,261 | ---- | M] () -- C:\Documents and Settings\andres1\.recently-used.xbel
[2011/05/01 13:40:04 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Documents and Settings\andres1\Escritorio\GooredFix.exe
[2011/05/01 13:38:40 | 000,508,650 | ---- | M] () -- C:\WINDOWS\System32\perfh00A.dat
[2011/05/01 13:38:40 | 000,444,424 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/05/01 13:38:40 | 000,091,960 | ---- | M] () -- C:\WINDOWS\System32\perfc00A.dat
[2011/05/01 13:38:40 | 000,072,300 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/05/01 13:29:36 | 000,000,229 | ---- | M] () -- C:\Boot.bak
[2011/05/01 12:24:01 | 000,000,252 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\IdsFlt.cfg.bck
[2011/05/01 12:24:01 | 000,000,252 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\IdsFlt.cfg
[2011/05/01 12:24:01 | 000,000,068 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\NetFlt.cfg.bck
[2011/05/01 12:24:01 | 000,000,068 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\NetFlt.cfg
[2011/05/01 12:24:01 | 000,000,056 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\WnmFlt.cfg.bck
[2011/05/01 12:24:01 | 000,000,056 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\WnmFlt.cfg
[2011/05/01 12:24:01 | 000,000,056 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\DsaFlt.cfg.bck
[2011/05/01 12:24:01 | 000,000,056 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\DsaFlt.cfg
[2011/05/01 12:23:53 | 000,360,756 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\DsaFlt.rls.bck
[2011/05/01 12:23:53 | 000,360,756 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\DsaFlt.rls
[2011/05/01 12:23:53 | 000,001,132 | ---- | M] () -- C:\WINDOWS\System32\drivers\APPFLTR.CFG.bck
[2011/05/01 12:23:53 | 000,001,132 | ---- | M] () -- C:\WINDOWS\System32\drivers\APPFLTR.CFG
[2011/05/01 12:23:48 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\NetAR.wlt.bck
[2011/05/01 12:23:48 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\NetAR.wlt
[2011/05/01 12:21:30 | 000,000,088 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\NetAdapt.cfg.bck
[2011/04/30 02:04:32 | 000,269,268 | ---- | M] () -- C:\WINDOWS\System32\drivers\APPFCONT.DAT.bck
[2011/04/30 02:04:32 | 000,269,268 | ---- | M] () -- C:\WINDOWS\System32\drivers\APPFCONT.DAT
[2011/04/29 15:42:23 | 000,008,627 | ---- | M] () -- C:\WINDOWS\System32\PAV_FOG.OPC
[2011/04/27 19:14:14 | 000,000,298 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/04/25 12:02:07 | 000,000,229 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/04/25 10:49:10 | 000,000,080 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\NetLoc.wlt.bck
[2011/04/25 10:45:45 | 000,353,872 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/04/25 10:22:59 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/04/12 21:37:02 | 000,001,694 | ---- | M] () -- C:\Documents and Settings\andres1\Escritorio\CerTui (2).lnk
[2011/04/12 20:32:03 | 000,001,694 | ---- | M] () -- C:\Documents and Settings\andres1\Menú Inicio\Programas\Inicio\CerTui.lnk
[2011/04/12 20:32:03 | 000,001,633 | ---- | M] () -- C:\Documents and Settings\andres1\Menú Inicio\Programas\Inicio\Uninstall CerTUI.lnk
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/11 18:30:27 | 000,518,094 | ---- | C] () -- C:\Documents and Settings\andres1\Escritorio\erunt.zip
[2011/05/11 15:35:50 | 000,075,264 | ---- | C] () -- C:\Documents and Settings\andres1\Escritorio\SystemLook.exe
[2011/05/11 14:14:54 | 000,000,229 | ---- | C] () -- C:\Boot.bak
[2011/05/11 14:14:51 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/05/11 13:25:53 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/05/11 13:25:53 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/05/11 13:25:53 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/05/11 13:25:53 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/05/11 13:25:53 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/05/11 13:21:33 | 004,345,957 | R--- | C] () -- C:\Documents and Settings\andres1\Escritorio\ComboFix.exe
[2011/05/11 01:58:12 | 000,000,739 | ---- | C] () -- C:\safecd.tgz
[2011/05/09 15:12:35 | 000,021,261 | ---- | C] () -- C:\Documents and Settings\andres1\.recently-used.xbel
[2011/04/13 20:18:54 | 000,000,368 | ---- | C] () -- C:\Documents and Settings\andres1\Escritorio\aeat.inf
[2011/04/12 21:37:02 | 000,001,694 | ---- | C] () -- C:\Documents and Settings\andres1\Escritorio\CerTui (2).lnk
[2011/04/12 20:32:03 | 000,001,694 | ---- | C] () -- C:\Documents and Settings\andres1\Menú Inicio\Programas\Inicio\CerTui.lnk
[2011/04/12 20:32:03 | 000,001,633 | ---- | C] () -- C:\Documents and Settings\andres1\Menú Inicio\Programas\Inicio\Uninstall CerTUI.lnk
[2010/06/19 12:36:26 | 000,269,268 | ---- | C] () -- C:\WINDOWS\System32\drivers\APPFCONT.DAT.bck
[2010/06/19 12:36:26 | 000,269,268 | ---- | C] () -- C:\WINDOWS\System32\drivers\APPFCONT.DAT
[2010/06/19 12:30:08 | 000,000,264 | ---- | C] () -- C:\WINDOWS\System32\PavCPL.dat
[2010/03/26 15:23:10 | 000,051,200 | ---- | C] () -- C:\WINDOWS\System32\regDNIeCSP.exe
[2010/02/13 01:00:06 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\andres1\Configuración local\Datos de programa\thqtpm.zip
[2010/01/08 14:24:19 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2009/06/08 20:51:04 | 000,000,451 | ---- | C] () -- C:\WINDOWS\RENT2008.INI
[2009/01/22 12:27:04 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\zlib1.dll
[2009/01/09 16:10:57 | 000,010,625 | ---- | C] () -- C:\Documents and Settings\andres1\Datos de programa\SmarThruOptions.xml
[2009/01/09 16:10:29 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\SecSNMP.dll
[2009/01/09 16:10:09 | 000,000,164 | ---- | C] () -- C:\WINDOWS\Readiris.ini
[2009/01/09 16:10:04 | 000,023,040 | ---- | C] () -- C:\WINDOWS\System32\irisco32.dll
[2009/01/09 16:08:03 | 000,479,232 | ---- | C] () -- C:\WINDOWS\ssndii.exe
[2009/01/09 16:03:22 | 000,022,723 | ---- | C] () -- C:\WINDOWS\System32\sx450sl3.dll
[2009/01/09 10:18:02 | 000,110,592 | R--- | C] () -- C:\WINDOWS\WiaInst.exe
[2009/01/09 10:17:59 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\Ssuiext.dll
[2009/01/09 10:17:58 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\WIAIPH.dll
[2009/01/09 10:17:58 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\WIASTIIO.dll
[2009/01/09 10:17:57 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\WIAEH.dll
[2009/01/09 10:17:56 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\Sswiadrv.dll
[2008/07/24 01:09:06 | 000,000,004 | RHS- | C] () -- C:\Documents and Settings\All Users\Datos de programa\sysqcl1129139270.dat
[2008/03/11 22:52:48 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2008/01/21 21:51:55 | 000,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2007/10/22 12:53:22 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\DLLSignV2.dll
[2007/05/18 03:30:41 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2007/05/18 03:30:41 | 000,972,072 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2007/04/16 20:14:06 | 000,156,160 | ---- | C] () -- C:\WINDOWS\System32\unrar3.dll
[2007/04/16 20:14:06 | 000,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll
[2007/04/13 15:19:52 | 000,012,632 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2007/04/02 18:59:29 | 000,024,576 | R--- | C] () -- C:\WINDOWS\System32\AsIO.dll
[2007/04/02 18:59:29 | 000,004,962 | R--- | C] () -- C:\WINDOWS\System32\drivers\AsIO.sys
[2007/03/02 22:29:08 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2007/02/15 21:48:33 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2007/02/15 21:48:10 | 000,133,246 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2007/02/15 21:36:10 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2007/01/28 21:38:12 | 000,015,360 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2007/01/21 14:21:17 | 000,000,604 | ---- | C] () -- C:\WINDOWS\Sof2.INI
[2007/01/21 13:48:26 | 000,000,574 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2007/01/20 20:01:28 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2006/12/03 19:20:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\GraphEdt.INI
[2006/11/24 20:53:27 | 000,001,353 | ---- | C] () -- C:\Documents and Settings\All Users\Datos de programa\QTSBandwidthCache
[2006/11/10 22:20:01 | 000,001,451 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2006/11/10 21:49:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/10/07 12:19:08 | 000,258,048 | ---- | C] () -- C:\WINDOWS\System32\sptlib02.dll
[2006/10/07 12:19:08 | 000,253,952 | ---- | C] () -- C:\WINDOWS\System32\sptlib01.dll
[2006/10/07 12:18:45 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\CardID.dll
[2006/10/07 12:18:45 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\AVerIO.dll
[2006/10/07 12:18:45 | 000,003,456 | ---- | C] () -- C:\WINDOWS\System32\AVerIO.sys
[2006/10/03 23:58:51 | 000,000,229 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/10/02 20:48:25 | 000,000,379 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/08/25 12:32:59 | 000,000,064 | ---- | C] () -- C:\WINDOWS\AVerText.ini
[2006/08/24 18:03:22 | 000,216,064 | ---- | C] () -- C:\Documents and Settings\andres1\Configuración local\Datos de programa\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/08/23 10:08:49 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2006/08/23 10:08:43 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\34CoInstaller.dll
[2006/08/23 03:05:51 | 000,004,205 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/08/23 03:04:51 | 000,353,872 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/08/23 02:30:34 | 000,014,295 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2006/08/23 02:30:33 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2006/08/23 02:30:30 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2006/08/23 02:20:25 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/08/23 02:16:19 | 000,021,900 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/08/22 21:03:04 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\andres1\Configuración local\Datos de programa\fusioncache.dat
[2006/03/02 14:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/03/02 14:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/03/02 14:00:00 | 000,508,650 | ---- | C] () -- C:\WINDOWS\System32\perfh00A.dat
[2006/03/02 14:00:00 | 000,444,424 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/03/02 14:00:00 | 000,317,534 | ---- | C] () -- C:\WINDOWS\System32\perfi00A.dat
[2006/03/02 14:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/03/02 14:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/03/02 14:00:00 | 000,091,960 | ---- | C] () -- C:\WINDOWS\System32\perfc00A.dat
[2006/03/02 14:00:00 | 000,072,300 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/03/02 14:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/03/02 14:00:00 | 000,036,284 | ---- | C] () -- C:\WINDOWS\System32\perfd00A.dat
[2006/03/02 14:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/03/02 14:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/03/02 14:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/03/02 14:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/03/02 14:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2005/01/29 03:25:57 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\avi.dll
[2005/01/29 03:25:42 | 000,091,136 | ---- | C] () -- C:\WINDOWS\System32\mkx.dll
[2004/12/20 12:03:26 | 000,679,936 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2003/09/16 17:52:30 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2003/09/16 17:43:32 | 000,884,736 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2003/09/16 17:41:44 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2003/08/07 15:01:52 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2003/04/11 13:14:14 | 000,005,827 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/11/15 14:11:26 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\MMSwitch.dll
[2002/03/07 00:19:16 | 000,454,656 | ---- | C] () -- C:\WINDOWS\System32\PaintX.dll

========== LOP Check ==========

[2009/11/04 19:49:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\kinoma
[2010/06/19 12:29:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\Panda Security
[2007/11/06 20:11:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\sentinel
[2009/09/17 12:01:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/11/05 13:19:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\andres1\Datos de programa\calibre
[2008/03/11 22:53:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\andres1\Datos de programa\DataCast
[2009/01/27 11:54:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\andres1\Datos de programa\Dev-Cpp
[2010/10/21 20:47:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\andres1\Datos de programa\inkscape
[2009/09/28 13:54:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\andres1\Datos de programa\LG Electronics
[2007/11/07 20:10:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\andres1\Datos de programa\Mp3tag
[2007/08/23 04:00:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\andres1\Datos de programa\Opera
[2010/06/19 12:29:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\andres1\Datos de programa\Panda Security
[2009/01/09 16:11:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\andres1\Datos de programa\SmarThru4
[2011/04/25 08:07:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\andres1\Datos de programa\Spotify
[2010/01/07 13:29:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\andres1\Datos de programa\Thunderbird

========== Purity Check ==========



< End of report >

[anbelo]

Extras.txt:

OTL Extras logfile created on: 12/05/2011 18:42:06 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\andres1\Escritorio
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000C0A | Country: España | Language: ESN | Date Format: dd/MM/yyyy

1.023,00 Mb Total Physical Memory | 796,00 Mb Available Physical Memory | 78,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 97,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Archivos de programa
Drive C: | 298,08 Gb Total Space | 1,10 Gb Free Space | 0,37% Space Free | Partition Type: NTFS
Drive E: | 218,97 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: ANDRES-15E02CCC | User Name: andres1 | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Archivos de programa\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
.jse [@ = JSEFile] -- C:\Archivos de programa\Panda Security\Panda Antivirus Pro 2010\PAVSCRIP.EXE (Panda Security, S.L.)
.wsf [@ = WSFFile] -- C:\Archivos de programa\Panda Security\Panda Antivirus Pro 2010\PAVSCRIP.EXE (Panda Security, S.L.)
.wsh [@ = WSHFile] -- C:\Archivos de programa\Panda Security\Panda Antivirus Pro 2010\PAVSCRIP.EXE (Panda Security, S.L.)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
https [open] -- "C:\Archivos de programa\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
jsefile [open] -- C:\ARCHIV~1\PANDAS~2\PANDAA~1\PAVSCRIP.EXE "%1" %* (Panda Security, S.L.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
wsffile [open] -- C:\ARCHIV~1\PANDAS~2\PANDAA~1\PAVSCRIP.EXE "%1" %* (Panda Security, S.L.)
wshfile [open] -- C:\ARCHIV~1\PANDAS~2\PANDAA~1\PAVSCRIP.EXE "%1" %* (Panda Security, S.L.)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
"DisableMonitoring" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
"DisableMonitoring" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Archivos de programa\Spotify\spotify.exe" = C:\Archivos de programa\Spotify\spotify.exe:*:Enabled:Spotify -- (Spotify Ltd)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0134A1A1-C283-4A47-91A1-92F19F960372}" = Adobe Creative Suite 2
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{0E6AB9FC-76C2-431B-9C06-6C1CFFFEA8EB}" = Ad-Aware 2007
"{0EEEC9BE-0571-4AD9-9F5F-2957EA414D3C}" = Instalable módulo criptográfico DNIe
"{14D08502-FEE4-40E5-90D3-8A967A1D8BA2}" = Readiris Pro 10
"{17E2F183-BAC4-4D01-BD7A-59F781E17EFA}" = REALTEK PCIE NIC Driver
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Herramienta de carga de Windows Live
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{236BB7C4-4419-42FD-0C0A-1E257A25E34D}" = Adobe Photoshop CS2
"{24B4E125-B77F-E91F-0A65-43F4A3BE1034}" = Nero 7 Demo
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 13
"{2C8B0579-46E6-4088-8E57-44833265798F}" = THE HOUSE OF THE DEAD 2
"{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}" = Logitech SetPoint
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{32A3A4F4-B792-11D6-A78A-00B0D0160130}" = Java(TM) SE Development Kit 6 Update 13
"{350C9C0A-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36CDA33B-909B-4719-97D1-C4B99309BDC7}" = ATI Parental Control & Encoder
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}" = ATI HYDRAVISION
"{590B11BB-7FF9-4D4F-A9E8-E8165BF88381}" = Panda Antivirus Pro 2010
"{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver
"{61D8C205-934A-428C-9429-FC8DF207D78E}" = Microsoft Xbox 360 Accessories 1.1
"{631A0B87-B0B7-4B47-00A2-119A4B942EB6}" = Clive Barker's Undying(tm)
"{68EB2C37-083A-4303-B5D8-41FA67E50B8F}_is1" = poEdit
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{7593234B-2AEB-4FC9-B02D-C9B30D86084C}" = Windows Live Asistente para el inicio de sesión
"{786C5747-1437-443D-B06E-79A00FE45110}" = Adobe Stock Photos 1.0
"{85AC0FFA-643D-3103-9310-7086ECB0C36C}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - ESN
"{8EDBA74D-0686-4C99-BFDD-F894678E5103}" = Adobe Common File Installer
"{8F94D5AC-C1C6-432D-8924-2F5EEBC28446}" = Windows Live Essentials
"{90110C0A-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0C0A-0000-0000000FF1CE}" = Paquete de compatibilidad para 2007 Office system
"{90F1943D-EA4A-4460-B59F-30023F3BA69A}" = SmarThru 4
"{92E4A65F-7007-3357-A69A-167F71A337BD}" = Microsoft .NET Framework 3.5 Language Pack SP1 - esn
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{998D6972-F58E-479D-9248-8F179E55AE38}" = Java DB 10.4.1.3
"{9CC826E7-4848-4CB2-A3F6-A24356CAB464}" = PRS-505 User's Guide
"{A0EAB3BE-AC3F-4F9F-ACC0-ED1809B607E3}" = eBook Library by Sony
"{A0FC458F-AA6E-430A-B91C-1D6640B4B149}" = Comic Life
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1034-7B44-A82000000003}" = Adobe Reader 8.2.6 - Español
"{AC76BA86-7AD7-5760-0000-800000000003}" = Japanese Fonts Support For Adobe Reader 8
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B418F434-15CD-4B68-A022-CFE0DB92A6F9}" = THE HOUSE OF THE DEAD 3
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B74D4E10-6884-0000-0000-000000000101}" = Adobe Bridge 1.0
"{BDEDB104-4067-3D5E-81F0-DBEBFE856B45}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - ESN
"{BEC001F9-0451-4396-92D7-E1A4E7854BF3}" = Windows Live Mail
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C20CE592-B0F8-4D20-BF31-0151CA6331A6}" = Samsung Media Studio
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{C49DAA9C-5BA8-459A-8244-E57B69DF0F04}" = Suite Specific
"{C72F5578-8925-4029-948D-1E0EE9128E74}" = ATI Catalyst Control Center
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D050D7362D214723AD585B541FFB6C11}" = DivX Content Uploader
"{DEB40C7A-CBDA-4941-9EA5-FA81059BA4B3}" = calibre
"{E06DBD80-CD9B-4A3F-BD83-ED1AA4CB1E3A}" = Capicom 2.1.0.2 FNMT-RCM
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E55FB276-73C9-4776-AB53-BC028C0509ED}" = Panda Antivirus Pro 2010
"{E9787678-551D-4478-9682-DBB587257110}" = Adobe Help Center 1.0
"{EC2A8F27-4FBF-4E41-B27B-FE822511B761}" = iTunes
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{FC87BEA8-5582-476C-A754-41F3A9D976D4}" = AVerTV 6.0
"2000th FireStorm screensaver_is1" = 2000th FireStorm screensaver v2.5
"75070B1806113224B16C70296B90DD1AD8A53479" = Windows Driver Package - Sony Corporation (PRSUSB) USB (08/08/2006 1.0.03.08080)
"7-Zip" = 7-Zip 4.42
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"All ATI Software" = ATI - Utilidad de desinstalación de software
"ATI Display Driver" = ATI Display Driver
"Audacity_is1" = Audacity 1.2.6
"AVerMedia A16D (Hybrid DVB-T and NTSC/PAL/SECAM/FM)" = AVerMedia A16D (Hybrid DVB-T and NTSC/PAL/SECAM/FM) 3.5.0.22
"AVI MPEG RM WMV Joiner_is1" = AVI/MPEG/RM/WMV Joiner 4.82
"AVI Splitter_is1" = AVI Splitter
"CCleaner" = CCleaner
"CDisplay_is1" = CDisplay 1.8
"CutePDF Writer Installation" = CutePDF Writer 2.8
"Dev-C++" = Dev-C++ 5 beta 9 release (4.9.9.2)
"DivX Total Pack" = DivX Total Pack
"EditPlus 2" = EditPlus 2
"eMule" = eMule
"ERUNT_is1" = ERUNT 1.1j
"ESET Online Scanner" = ESET Online Scanner v3
"EVEREST Home Edition_is1" = EVEREST Home Edition v1.51
"FileZilla" = FileZilla (remove only)
"GIF Animator" = Microsoft GIF Animator
"Hard Disk Low Level Format Tool_is1" = Hard Disk Low Level Format Tool 2.36 build 1181
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"Inkscape" = Inkscape 0.48.0
"Instalacion_CSP_WG10_v2.1_2.1" = CerTUI v1.3.0
"InstallShield_{0EEEC9BE-0571-4AD9-9F5F-2957EA414D3C}" = Instalable módulo criptográfico DNIe
"InstallShield_{FC87BEA8-5582-476C-A754-41F3A9D976D4}" = AVerTV 6.0
"IrfanView" = IrfanView (remove only)
"LADSPA_plugins-win_is1" = LADSPA_plugins-win-0.4.15
"Language pack for Ad-Aware SE" = Language pack for Ad-Aware SE
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - esn" = Paquete de idioma de Microsoft .NET Framework 3.5 SP1 - esn
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.17)" = Mozilla Firefox (3.6.17)
"Mp3tag" = Mp3tag v2.39
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"oggcodecs" = oggcodecs 0.71.0946
"RealAlt_is1" = Real Alternative 1.51
"RENT2008" = RENTA 2008
"Samsung SCX-4500 Series" = Samsung SCX-4500 Series
"Spotify" = Spotify
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.4
"TUGZip_is1" = TUGZip 3.4
"VLC media player" = VideoLAN VLC media player 0.8.5
"Wdf01001" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.1
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Reproductor de Windows Media 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 08/05/2011 13:24:41 | Computer Name = ANDRES-15E02CCC | Source = crypt32 | ID = 131080
Description = Error en la recuperación de actualización automática del número de
secuencia de la lista raíz de terceros de: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
con el error: The connection with the server was terminated abnormally

Error - 08/05/2011 13:24:42 | Computer Name = ANDRES-15E02CCC | Source = crypt32 | ID = 131080
Description = Error en la recuperación de actualización automática del número de
secuencia de la lista raíz de terceros de: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
con el error: No existe esta conexión de red.

Error - 08/05/2011 13:25:40 | Computer Name = ANDRES-15E02CCC | Source = crypt32 | ID = 131083
Description = Error en la extracción de la lista raíz de terceros del archivo .CAB
actualizado automáticamente: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
con el error: Un certificado requerido no se encuentra dentro del periodo de validez
cuando se ha realizado la comprobación con el reloj de sistema actual o con la
marca de fecha y hora en el archivo firmado.

Error - 08/05/2011 13:25:40 | Computer Name = ANDRES-15E02CCC | Source = crypt32 | ID = 131080
Description = Error en la recuperación de actualización automática del número de
secuencia de la lista raíz de terceros de: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
con el error: The connection with the server was terminated abnormally

Error - 08/05/2011 13:25:41 | Computer Name = ANDRES-15E02CCC | Source = crypt32 | ID = 131083
Description = Error en la extracción de la lista raíz de terceros del archivo .CAB
actualizado automáticamente: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
con el error: Un certificado requerido no se encuentra dentro del periodo de validez
cuando se ha realizado la comprobación con el reloj de sistema actual o con la
marca de fecha y hora en el archivo firmado.

Error - 08/05/2011 13:25:41 | Computer Name = ANDRES-15E02CCC | Source = crypt32 | ID = 131080
Description = Error en la recuperación de actualización automática del número de
secuencia de la lista raíz de terceros de: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
con el error: No existe esta conexión de red.

Error - 08/05/2011 13:34:20 | Computer Name = ANDRES-15E02CCC | Source = crypt32 | ID = 131083
Description = Error en la extracción de la lista raíz de terceros del archivo .CAB
actualizado automáticamente: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
con el error: Un certificado requerido no se encuentra dentro del periodo de validez
cuando se ha realizado la comprobación con el reloj de sistema actual o con la
marca de fecha y hora en el archivo firmado.

Error - 08/05/2011 13:34:20 | Computer Name = ANDRES-15E02CCC | Source = crypt32 | ID = 131080
Description = Error en la recuperación de actualización automática del número de
secuencia de la lista raíz de terceros de: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
con el error: The connection with the server was terminated abnormally

Error - 11/05/2011 4:58:02 | Computer Name = ANDRES-15E02CCC | Source = crypt32 | ID = 131080
Description = Error en la recuperación de actualización automática del número de
secuencia de la lista raíz de terceros de: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
con el error: The server name or address could not be resolved

Error - 11/05/2011 4:58:02 | Computer Name = ANDRES-15E02CCC | Source = crypt32 | ID = 131080
Description = Error en la recuperación de actualización automática del número de
secuencia de la lista raíz de terceros de: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
con el error: No existe esta conexión de red.

[ System Events ]
Error - 11/05/2011 12:31:52 | Computer Name = ANDRES-15E02CCC | Source = DCOM | ID = 10005
Description = DCOM ha obtenido un error "%1084" al intentar iniciar el servicio
StiSvc con argumentos "" para ejecutar el servidor: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 11/05/2011 12:33:57 | Computer Name = ANDRES-15E02CCC | Source = DCOM | ID = 10005
Description = DCOM ha obtenido un error "%1084" al intentar iniciar el servicio
StiSvc con argumentos "" para ejecutar el servidor: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 11/05/2011 12:47:05 | Computer Name = ANDRES-15E02CCC | Source = DCOM | ID = 10005
Description = DCOM ha obtenido un error "%1084" al intentar iniciar el servicio
EventSystem con argumentos "" para ejecutar el servidor: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 11/05/2011 12:48:52 | Computer Name = ANDRES-15E02CCC | Source = DCOM | ID = 10005
Description = DCOM ha obtenido un error "%1084" al intentar iniciar el servicio
EventSystem con argumentos "" para ejecutar el servidor: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 11/05/2011 12:49:46 | Computer Name = ANDRES-15E02CCC | Source = Service Control Manager | ID = 7026
Description = El controlador de inicialización siguiente no se cargó correctamente:
APPFLT AsIO DSAFLT Fips FNETMON IDSFLT intelppm pavboot ShldDrv WNMFLT

Error - 11/05/2011 19:13:07 | Computer Name = ANDRES-15E02CCC | Source = DCOM | ID = 10005
Description = DCOM ha obtenido un error "%1084" al intentar iniciar el servicio
StiSvc con argumentos "" para ejecutar el servidor: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 11/05/2011 19:20:25 | Computer Name = ANDRES-15E02CCC | Source = DCOM | ID = 10005
Description = DCOM ha obtenido un error "%1084" al intentar iniciar el servicio
EventSystem con argumentos "" para ejecutar el servidor: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 12/05/2011 3:53:11 | Computer Name = ANDRES-15E02CCC | Source = DCOM | ID = 10005
Description = DCOM ha obtenido un error "%1084" al intentar iniciar el servicio
EventSystem con argumentos "" para ejecutar el servidor: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 12/05/2011 3:54:02 | Computer Name = ANDRES-15E02CCC | Source = Service Control Manager | ID = 7026
Description = El controlador de inicialización siguiente no se cargó correctamente:
APPFLT AsIO DSAFLT Fips FNETMON IDSFLT intelppm pavboot ShldDrv WNMFLT

Error - 12/05/2011 11:29:47 | Computer Name = ANDRES-15E02CCC | Source = DCOM | ID = 10005
Description = DCOM ha obtenido un error "%1084" al intentar iniciar el servicio
StiSvc con argumentos "" para ejecutar el servidor: {A1F4E726-8CF1-11D1-BF92-0060081ED811}


< End of report >

[ken545]

Download and Run SystemLook

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

• Double-click SystemLook.exe to run it.
• Copy the content of the following codebox into the main textfield:
  
  Code:

  :service
  srvA50
  ckfhatpqubgol

• Click the Look button to start the scan.
• When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt




Open OTL.exe

• Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
  
  
  Code:

  :processes
  killallprocesses
  
  :OTL
  
  
  
  :Services
  
  :Reg
  
  :Files
  ipconfig /release /c
  ipconfig /renew /c
  ipconfig /flushdns /c
  
  
  :Commands
  [purity]
  [resethosts]
  [emptytemp]
  [start explorer]
  [Reboot]

• Then click the Run Fix button at the top. <--Not run Scan
• Let the program run unhindered, reboot when it is done
• Then post the results of the log it produces.
• Then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )

[anbelo]

SystemLook 04.09.10 by jpshortstuff
Log created at 19:33 on 12/05/2011 by andres1
Administrator - Elevation successful

========== filefind ==========

Searching for "srvA50"
No files found.

Searching for "ckfhatpqubgol"
No files found.

========== folderfind ==========

Searching for "srvA50"
No folders found.

Searching for "ckfhatpqubgol"
No folders found.

========== regfind ==========

Searching for "srvA50"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost]
"netsvcs"="srvA50 6to4 AppMgmt AudioSrv Browser CryptSvc DMServer DHCP ERSvc EventSystem FastUserSwitchingCompatibility HidServ Ias Iprip Irmon LanmanServer LanmanWorkstation Messenger Netman Nla Ntmssvc NWCWorkstation Nwsapagent Rasauto Rasman Remoteaccess Schedule Seclogon SENS Sharedaccess SRService Tapisrv Themes TrkWks W32Time WZCSVC Wmi WmdmPmSp winmgmt wscsvc xmlprov BITS wuauserv ShellHWDetection helpsvc WmdmPmSN napagent hkmsvc"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\srvA50]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SRVA50]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SRVA50\0000]
"Service"="srvA50"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SRVA50\0000]
"DeviceDesc"="srvA50"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srvA50]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srvA50]
"DisplayName"="srvA50"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srvA50\parameters]
"servicedll"="\\?\globalroot\Device\HarddiskVolume1\WINDOWS\Temp\srvA50.tmp"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srvA50\Enum]
"0"="Root\LEGACY_SRVA50\0000"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\SafeBoot\Minimal\srvA50]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SRVA50]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SRVA50\0000]
"Service"="srvA50"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SRVA50\0000]
"DeviceDesc"="srvA50"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\srvA50]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\srvA50]
"DisplayName"="srvA50"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\srvA50\parameters]
"servicedll"="\\?\globalroot\Device\HarddiskVolume1\WINDOWS\Temp\srvA50.tmp"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\srvA50]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SRVA50]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SRVA50\0000]
"Service"="srvA50"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SRVA50\0000]
"DeviceDesc"="srvA50"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srvA50]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srvA50]
"DisplayName"="srvA50"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srvA50\parameters]
"servicedll"="\\?\globalroot\Device\HarddiskVolume1\WINDOWS\Temp\srvA50.tmp"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srvA50\Enum]
"0"="Root\LEGACY_SRVA50\0000"

Searching for "ckfhatpqubgol"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CKFHATPQUBGOL]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CKFHATPQUBGOL\0000]
"Service"="ckfhatpqubgol"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CKFHATPQUBGOL\0000]
"DeviceDesc"="ckfhatpqubgol"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ckfhatpqubgol]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ckfhatpqubgol]
"DisplayName"="ckfhatpqubgol"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ckfhatpqubgol\Enum]
"0"="Root\LEGACY_CKFHATPQUBGOL\0000"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_CKFHATPQUBGOL]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_CKFHATPQUBGOL\0000]
"Service"="ckfhatpqubgol"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_CKFHATPQUBGOL\0000]
"DeviceDesc"="ckfhatpqubgol"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\ckfhatpqubgol]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\ckfhatpqubgol]
"DisplayName"="ckfhatpqubgol"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CKFHATPQUBGOL]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CKFHATPQUBGOL\0000]
"Service"="ckfhatpqubgol"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CKFHATPQUBGOL\0000]
"DeviceDesc"="ckfhatpqubgol"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ckfhatpqubgol]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ckfhatpqubgol]
"DisplayName"="ckfhatpqubgol"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ckfhatpqubgol\Enum]
"0"="Root\LEGACY_CKFHATPQUBGOL\0000"

-= EOF =-

[anbelo]

All processes killed
========== PROCESSES ==========
========== OTL ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
< ipconfig /release /c >
Configuración IP de Windows
Adaptador Ethernet Conexión de área local :
Sufijo de conexión específica DNS :
Dirección IP. . . . . . . . . . . : 0.0.0.0
Máscara de subred . . . . . . . . : 0.0.0.0
Puerta de enlace predeterminada :
C:\Documents and Settings\andres1\Escritorio\cmd.bat deleted successfully.
C:\Documents and Settings\andres1\Escritorio\cmd.txt deleted successfully.
< ipconfig /renew /c >
Configuración IP de Windows
Adaptador Ethernet Conexión de área local :
Sufijo de conexión específica DNS : home
Dirección IP. . . . . . . . . . . : 192.168.1.12
Máscara de subred . . . . . . . . : 255.255.255.0
Puerta de enlace predeterminada : 192.168.1.1
C:\Documents and Settings\andres1\Escritorio\cmd.bat deleted successfully.
C:\Documents and Settings\andres1\Escritorio\cmd.txt deleted successfully.
< ipconfig /flushdns /c >
Configuración IP de Windows
Se vació con éxito la caché de resolución de DNS.
C:\Documents and Settings\andres1\Escritorio\cmd.bat deleted successfully.
C:\Documents and Settings\andres1\Escritorio\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrador
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: All Users

User: andres1
->Temp folder emptied: 1872868169 bytes
->Temporary Internet Files folder emptied: 7572501 bytes
->Java cache emptied: 2739597 bytes
->FireFox cache emptied: 68081196 bytes
->Flash cache emptied: 201851 bytes

User: Carmen
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 1191 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2148798 bytes
%systemroot%\System32 .tmp files removed: 3765597 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 664 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1.867,00 mb


OTL by OldTimer - Version 3.2.22.3 log created on 05122011_194434

Files\Folders moved on Reboot...
C:\Documents and Settings\andres1\Configuración local\Archivos temporales de Internet\Content.IE5\RTD8NKKN\showthread[2].htm moved successfully.
C:\Documents and Settings\andres1\Configuración local\Archivos temporales de Internet\AntiPhishing\A0AB7674-8D67-4F4D-B5E1-96FAEADFB79D.dat moved successfully.

Registry entries deleted on Reboot...

[anbelo]

OTL logfile created on: 12/05/2011 19:51:44 - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\andres1\Escritorio
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000C0A | Country: España | Language: ESN | Date Format: dd/MM/yyyy

1.023,00 Mb Total Physical Memory | 797,00 Mb Available Physical Memory | 78,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 97,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Archivos de programa
Drive C: | 298,08 Gb Total Space | 2,93 Gb Free Space | 0,98% Space Free | Partition Type: NTFS
Drive E: | 218,97 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: ANDRES-15E02CCC | User Name: andres1 | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\andres1\Escritorio\OTL.exe (OldTimer Tools)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\andres1\Escritorio\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (srvA50) -- File not found
SRV - (ckfhatpqubgol) -- File not found
SRV - (AppMgmt) -- File not found
SRV - (PAVSRV) -- C:\Archivos de programa\Panda Security\Panda Antivirus Pro 2010\pavsrv51.exe (Panda Security, S.L.)
SRV - (Apple Mobile Device) -- C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (PskSvcRetail) -- C:\Archivos de programa\Panda Security\Panda Antivirus Pro 2010\PskSvc.exe (Panda Security, S.L.)
SRV - (Panda Software Controller) -- C:\Archivos de programa\Panda Security\Panda Antivirus Pro 2010\PsCtrls.exe (Panda Security, S.L.)
SRV - (PAVFNSVR) -- C:\Archivos de programa\Panda Security\Panda Antivirus Pro 2010\PavFnSvr.exe (Panda Security, S.L.)
SRV - (TPSrv) -- C:\Archivos de programa\Panda Security\Panda Antivirus Pro 2010\TPSrv.exe (Panda Security, S.L.)
SRV - (PSHost) -- C:\Archivos de programa\Panda Security\Panda Antivirus Pro 2010\Firewall\PSHOST.EXE (Panda Security International)
SRV - (Gwmsrv) -- C:\Archivos de programa\Panda Security\Panda Antivirus Pro 2010\GWMsrv.dll (Panda Security, S.L.)
SRV - (PSIMSVC) -- C:\Archivos de programa\Panda Security\Panda Antivirus Pro 2010\PsImSvc.exe (Panda Security S.L.)
SRV - (aawservice) -- C:\Archivos de programa\Lavasoft\Ad-Aware 2007\aawservice.exe (Lavasoft)
SRV - (Sony SCSI Helper Service) -- C:\Archivos de programa\Archivos comunes\Sony Shared\Fsk\SonySCSIHelperService.exe (Sony Corporation)
SRV - (PavPrSrv) -- C:\Archivos de programa\Archivos comunes\Panda Security\PavShld\pavprsrv.exe (Panda Security, S.L.)
SRV - (Adobe LM Service) -- C:\Archivos de programa\Archivos comunes\Adobe Systems Shared\Service\Adobelmsvc.exe (Adobe Systems)
SRV - (ose) -- C:\Archivos de programa\Archivos comunes\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (APPFLT) -- C:\WINDOWS\system32\drivers\APPFLT.SYS (Panda Security, S.L.)
DRV - (NETIMFLT01060039) -- C:\WINDOWS\system32\drivers\neti1639.sys (Panda Security, S.L.)
DRV - (PavProc) -- C:\WINDOWS\system32\drivers\PavProc.sys (Panda Security, S.L.)
DRV - (pavboot) -- C:\WINDOWS\system32\Drivers\pavboot.sys (Panda Security, S.L.)
DRV - (WNMFLT) -- C:\WINDOWS\system32\drivers\wnmflt.sys (Panda Security, S.L.)
DRV - (NETFLTDI) -- C:\WINDOWS\system32\drivers\NETFLTDI.SYS (Panda Security, S.L.)
DRV - (IDSFLT) -- C:\WINDOWS\system32\drivers\idsflt.sys (Panda Security, S.L.)
DRV - (DSAFLT) -- C:\WINDOWS\system32\drivers\dsaflt.sys (Panda Security, S.L.)
DRV - (RkPavproc1) -- C:\WINDOWS\system32\drivers\RkPavproc1.sys (Panda Security, S.L.)
DRV - (USBModem) -- C:\WINDOWS\system32\drivers\lgusbmodem.sys (LG Electronics Inc.)
DRV - (UsbDiag) -- C:\WINDOWS\system32\drivers\lgusbdiag.sys (LG Electronics Inc.)
DRV - (usbbus) -- C:\WINDOWS\system32\drivers\lgusbbus.sys (LG Electronics Inc.)
DRV - (PAVDRV) -- C:\WINDOWS\system32\drivers\pavdrv51.sys (Panda Security, S.L.)
DRV - (USB_RNDIS) -- C:\WINDOWS\system32\drivers\usb8023.sys (Microsoft Corporation)
DRV - (MPE) -- C:\WINDOWS\system32\drivers\mpe.sys (Microsoft Corporation)
DRV - (FNETMON) -- C:\WINDOWS\system32\drivers\fnetmon.sys (Panda Security, S.L.)
DRV - (ShldDrv) -- C:\WINDOWS\system32\drivers\ShlDrv51.sys (Panda Security, S.L.)
DRV - (PRISM_A02) -- C:\WINDOWS\system32\drivers\PRISMA02.sys (Conexant Systems, Inc.)
DRV - (DgiVecp) -- C:\WINDOWS\system32\drivers\DGIVECP.SYS (Samsung Electronics Co., Ltd.)
DRV - (xusb20) -- C:\WINDOWS\system32\drivers\xusb20.sys (Microsoft Corporation)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (USBCCID) -- C:\WINDOWS\system32\drivers\usbccid.sys (Microsoft Corporation)
DRV - (AVerBDA) -- C:\WINDOWS\system32\drivers\AVerBDA3x.sys (AVerMedia TECHNOLOGIES, Inc.)
DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation )
DRV - (SenFiltService) -- C:\WINDOWS\system32\drivers\senfilt.sys (Sensaura)
DRV - (LHidKe) -- C:\WINDOWS\system32\drivers\LHidKE.Sys (Logitech, Inc.)
DRV - (LMouKE) -- C:\WINDOWS\system32\drivers\LMouKE.Sys (Logitech, Inc.)
DRV - (L8042mou) -- C:\WINDOWS\system32\drivers\L8042MOU.SYS (Logitech, Inc.)
DRV - (L8042Kbd) -- C:\WINDOWS\system32\drivers\L8042Kbd.SYS (Logitech, Inc.)
DRV - (HdAudAddService) -- C:\WINDOWS\system32\drivers\Hdaudio.sys (Windows (R) Server 2003 DDK provider)
DRV - (AsIO) -- C:\WINDOWS\system32\drivers\AsIO.sys ()
DRV - (MTsensor) -- C:\WINDOWS\system32\drivers\ASACPI.sys ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-842925246-1284227242-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.es/
IE - HKU\S-1-5-21-842925246-1284227242-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: YoutubeDownloader@PeterOlayev.com:1.5
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: acotec@acotec.es:2.2.2

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Archivos de programa\Mozilla Firefox\components [2011/04/30 03:22:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Archivos de programa\Mozilla Firefox\plugins [2011/04/30 03:21:53 | 000,000,000 | ---D | M]

[2010/01/07 13:30:04 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\andres1\Datos de programa\Mozilla\Extensions
[2010/01/07 13:30:04 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\andres1\Datos de programa\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/04/29 11:43:34 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\andres1\Datos de programa\Mozilla\Firefox\Profiles\d7wjsik5.default\extensions
[2010/06/27 18:57:24 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\andres1\Datos de programa\Mozilla\Firefox\Profiles\d7wjsik5.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/03/13 13:41:55 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Documents and Settings\andres1\Datos de programa\Mozilla\Firefox\Profiles\d7wjsik5.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2010/09/01 19:50:07 | 000,000,000 | ---D | M] (1-Click YouTube Video Downloader) -- C:\Documents and Settings\andres1\Datos de programa\Mozilla\Firefox\Profiles\d7wjsik5.default\extensions\YoutubeDownloader@PeterOlayev.com
[2009/04/21 09:40:25 | 000,001,032 | ---- | M] () -- C:\Documents and Settings\andres1\Datos de programa\Mozilla\Firefox\Profiles\d7wjsik5.default\searchplugins\wikipedia-eng.xml
[2011/04/29 11:43:34 | 000,000,000 | ---D | M] (No name found) -- C:\Archivos de programa\Mozilla Firefox\extensions
[2011/04/12 20:32:03 | 000,000,000 | ---D | M] (Acotec PKCS#11) -- C:\Archivos de programa\Mozilla Firefox\extensions\acotec@acotec.es
[2009/03/28 20:04:34 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\ARCHIVOS DE PROGRAMA\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/10/11 12:22:59 | 000,003,996 | ---- | M] () -- C:\Archivos de programa\Mozilla Firefox\searchplugins\drae.xml
[2010/10/11 12:22:59 | 000,000,751 | ---- | M] () -- C:\Archivos de programa\Mozilla Firefox\searchplugins\eBay-es.xml
[2010/10/11 12:22:59 | 000,001,178 | ---- | M] () -- C:\Archivos de programa\Mozilla Firefox\searchplugins\wikipedia-es.xml
[2010/10/11 12:22:59 | 000,001,102 | ---- | M] () -- C:\Archivos de programa\Mozilla Firefox\searchplugins\yahoo-es.xml

O1 HOSTS File: ([2011/05/12 19:44:45 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Aplicación auxiliar de vínculos de Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Archivos comunes\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Windows Live Aplicación auxiliar de inicio de sesión) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe ARM] C:\Archivos de programa\Archivos comunes\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APVXDWIN] C:\Archivos de programa\Panda Security\Panda Antivirus Pro 2010\APVXDWIN.EXE (Panda Security, S.L.)
O4 - HKLM..\Run: [CERTUI] C:\Archivos de programa\ACOTEC\CerTUI\CerTui.exe (Acotec SmartCard Solutions)
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\HdAShCut.exe (Windows (R) Server 2003 DDK provider)
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Archivos de programa\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Archivos de programa\Archivos comunes\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [RegistrarUsrDNIeCertStoreDLL] C:\Archivos de programa\DNIe\udcs.exe ()
O4 - HKLM..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe ()
O4 - HKLM..\Run: [SCANINICIO] C:\Archivos de programa\Panda Security\Panda Antivirus Pro 2010\Inicio.exe (Panda Security, S.L.)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Archivos de programa\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Menú Inicio\Programas\Inicio\Logitech SetPoint.lnk = C:\Archivos de programa\Logitech\SetPoint\SetPoint.exe (Logitech Inc.)
O4 - Startup: C:\Documents and Settings\andres1\Menú Inicio\Programas\Inicio\CerTui.lnk = C:\Archivos de programa\ACOTEC\CerTUI\CerTui.exe (Acotec SmartCard Solutions)
O4 - Startup: C:\Documents and Settings\andres1\Menú Inicio\Programas\Inicio\Uninstall CerTUI.lnk = C:\WINDOWS\CerTUI\uninstall.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUA = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-842925246-1284227242-839522115-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-842925246-1284227242-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-842925246-1284227242-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-842925246-1284227242-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Archivos de programa\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-842925246-1284227242-839522115-1004\..Trusted Domains: fnmt.es ([www.cert] http in Sitios de confianza)
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} http://downloads.ewido.net/ewidoOnlineScan.cab (ewidoOnlineScan Control)
O16 - DPF: {1C4C6BC7-91F1-4FD3-A208-B07B6C1BDBFB} https://www.juntadeandalucia.es/econ...ion/SignV2.cab (Firma1Fase @firma5 Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos...ineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {A996E48C-D3DC-4244-89F7-AFA33EC60679} https://www.cert.fnmt.es/content/pag...os/capicom.cab (Settings Class)
O16 - DPF: {B785FA3C-1DE9-4D20-8396-613C486FE95E} https://www1.aeat.es/imagenes/comun/cactivex.cab (AeatCtl Class)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/...ndows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get...nt/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avldr: DllName - avldr.dll - C:\WINDOWS\System32\avldr.dll (Panda Security, S.L.)
O24 - Desktop Components:0 (Mi página de inicio actual) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\andres1\Configuración local\Datos de programa\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\andres1\Configuración local\Datos de programa\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {88485281-8b4b-4f8d-9ede-82e29a064277} - C:\Archivos de programa\MarkAny\ContentSafer\MACSMANAGER.dll (MarkAny Cooperation.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/08/23 02:18:40 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk /r \??\F - File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/12 19:44:34 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/05/12 18:38:59 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\andres1\Escritorio\OTL.exe
[2011/05/11 21:06:45 | 000,000,000 | ---D | C] -- C:\Archivos de programa\ESET
[2011/05/11 18:41:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\andres1\Datos de programa\Malwarebytes
[2011/05/11 18:40:52 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/11 18:40:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Datos de programa\Malwarebytes
[2011/05/11 18:40:49 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/05/11 18:40:49 | 000,000,000 | ---D | C] -- C:\Archivos de programa\Malwarebytes' Anti-Malware
[2011/05/11 18:30:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\andres1\Escritorio\erunt
[2011/05/11 18:28:50 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/05/11 14:25:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/05/11 14:14:49 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/05/11 13:25:53 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/05/11 13:25:53 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/05/11 13:25:53 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/05/11 13:25:53 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/05/11 13:22:32 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/05/11 00:01:25 | 000,000,000 | ---D | C] -- C:\safecd
[2011/05/10 21:05:02 | 000,000,000 | ---D | C] -- C:\pavsig
[2011/05/09 17:55:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\andres1\Escritorio\CARMEN
[2011/05/09 17:49:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\andres1\Escritorio\CV
[2011/05/08 18:59:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/05/08 18:57:34 | 000,000,000 | ---D | C] -- C:\Archivos de programa\ERUNT
[2011/05/05 18:12:06 | 000,000,000 | ---D | C] -- C:\PANDA
[2011/05/01 13:46:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\andres1\Escritorio\GooredFix Backups
[2011/05/01 13:45:42 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Documents and Settings\andres1\Escritorio\GooredFix.exe
[2011/05/01 13:39:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\andres1\Escritorio\shazam
[2011/04/30 18:39:03 | 000,016,648 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\RkPavproc1.sys
[2011/04/30 01:51:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Datos de programa\Macromedia
[2011/04/30 01:51:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Datos de programa\Adobe
[2011/04/25 10:18:16 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2011/04/22 14:57:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\andres1\Escritorio\VALENCIA
[2011/04/13 20:19:48 | 000,196,608 | ---- | C] (A.E.A.T.) -- C:\aeat.dll
[2011/04/13 20:19:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\andres1\Escritorio\cactivex
[2011/04/13 20:18:54 | 000,196,608 | ---- | C] (A.E.A.T.) -- C:\Documents and Settings\andres1\Escritorio\aeat.dll
[2011/04/12 22:24:21 | 000,000,000 | ---D | C] -- C:\Archivos de programa\DNIe
[2011/04/12 20:32:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\CerTUI
[2011/04/12 20:32:01 | 000,000,000 | ---D | C] -- C:\Archivos de programa\ACOTEC

========== Files - Modified Within 30 Days ==========

[2011/05/12 19:46:41 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/12 19:46:11 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/12 19:46:02 | 000,000,080 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\NetLoc.wlt
[2011/05/12 19:44:45 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/05/12 19:33:12 | 000,075,264 | ---- | M] () -- C:\Documents and Settings\andres1\Escritorio\SystemLook.exe
[2011/05/12 09:52:14 | 000,000,088 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\NetAdapt.cfg
[2011/05/11 18:29:43 | 000,518,094 | ---- | M] () -- C:\Documents and Settings\andres1\Escritorio\erunt.zip
[2011/05/11 14:14:55 | 000,000,345 | RHS- | M] () -- C:\boot.ini
[2011/05/11 12:13:38 | 004,345,957 | R--- | M] () -- C:\Documents and Settings\andres1\Escritorio\ComboFix.exe
[2011/05/11 01:58:12 | 000,000,739 | ---- | M] () -- C:\safecd.tgz
[2011/05/09 15:12:35 | 000,021,261 | ---- | M] () -- C:\Documents and Settings\andres1\.recently-used.xbel
[2011/05/01 13:40:04 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Documents and Settings\andres1\Escritorio\GooredFix.exe
[2011/05/01 13:38:40 | 000,508,650 | ---- | M] () -- C:\WINDOWS\System32\perfh00A.dat
[2011/05/01 13:38:40 | 000,444,424 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/05/01 13:38:40 | 000,091,960 | ---- | M] () -- C:\WINDOWS\System32\perfc00A.dat
[2011/05/01 13:38:40 | 000,072,300 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/05/01 13:29:36 | 000,000,229 | ---- | M] () -- C:\Boot.bak
[2011/05/01 12:24:01 | 000,000,252 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\IdsFlt.cfg.bck
[2011/05/01 12:24:01 | 000,000,252 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\IdsFlt.cfg
[2011/05/01 12:24:01 | 000,000,068 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\NetFlt.cfg.bck
[2011/05/01 12:24:01 | 000,000,068 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\NetFlt.cfg
[2011/05/01 12:24:01 | 000,000,056 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\WnmFlt.cfg.bck
[2011/05/01 12:24:01 | 000,000,056 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\WnmFlt.cfg
[2011/05/01 12:24:01 | 000,000,056 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\DsaFlt.cfg.bck
[2011/05/01 12:24:01 | 000,000,056 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\DsaFlt.cfg
[2011/05/01 12:23:53 | 000,360,756 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\DsaFlt.rls.bck
[2011/05/01 12:23:53 | 000,360,756 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\DsaFlt.rls
[2011/05/01 12:23:53 | 000,001,132 | ---- | M] () -- C:\WINDOWS\System32\drivers\APPFLTR.CFG.bck
[2011/05/01 12:23:53 | 000,001,132 | ---- | M] () -- C:\WINDOWS\System32\drivers\APPFLTR.CFG
[2011/05/01 12:23:48 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\NetAR.wlt.bck
[2011/05/01 12:23:48 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\NetAR.wlt
[2011/05/01 12:21:30 | 000,000,088 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\NetAdapt.cfg.bck
[2011/04/30 02:04:32 | 000,269,268 | ---- | M] () -- C:\WINDOWS\System32\drivers\APPFCONT.DAT.bck
[2011/04/30 02:04:32 | 000,269,268 | ---- | M] () -- C:\WINDOWS\System32\drivers\APPFCONT.DAT
[2011/04/29 15:42:23 | 000,008,627 | ---- | M] () -- C:\WINDOWS\System32\PAV_FOG.OPC
[2011/04/27 19:14:14 | 000,000,298 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/04/25 12:02:07 | 000,000,229 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/04/25 10:49:10 | 000,000,080 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\NetLoc.wlt.bck
[2011/04/25 10:45:45 | 000,353,872 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/04/25 10:22:59 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/04/12 21:37:02 | 000,001,694 | ---- | M] () -- C:\Documents and Settings\andres1\Escritorio\CerTui (2).lnk
[2011/04/12 20:32:03 | 000,001,694 | ---- | M] () -- C:\Documents and Settings\andres1\Menú Inicio\Programas\Inicio\CerTui.lnk
[2011/04/12 20:32:03 | 000,001,633 | ---- | M] () -- C:\Documents and Settings\andres1\Menú Inicio\Programas\Inicio\Uninstall CerTUI.lnk

========== Files Created - No Company Name ==========

[2011/05/11 18:30:27 | 000,518,094 | ---- | C] () -- C:\Documents and Settings\andres1\Escritorio\erunt.zip
[2011/05/11 15:35:50 | 000,075,264 | ---- | C] () -- C:\Documents and Settings\andres1\Escritorio\SystemLook.exe
[2011/05/11 14:14:54 | 000,000,229 | ---- | C] () -- C:\Boot.bak
[2011/05/11 14:14:51 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/05/11 13:25:53 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/05/11 13:25:53 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/05/11 13:25:53 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/05/11 13:25:53 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/05/11 13:25:53 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/05/11 13:21:33 | 004,345,957 | R--- | C] () -- C:\Documents and Settings\andres1\Escritorio\ComboFix.exe
[2011/05/11 01:58:12 | 000,000,739 | ---- | C] () -- C:\safecd.tgz
[2011/05/09 15:12:35 | 000,021,261 | ---- | C] () -- C:\Documents and Settings\andres1\.recently-used.xbel
[2011/04/13 20:18:54 | 000,000,368 | ---- | C] () -- C:\Documents and Settings\andres1\Escritorio\aeat.inf
[2011/04/12 21:37:02 | 000,001,694 | ---- | C] () -- C:\Documents and Settings\andres1\Escritorio\CerTui (2).lnk
[2011/04/12 20:32:03 | 000,001,694 | ---- | C] () -- C:\Documents and Settings\andres1\Menú Inicio\Programas\Inicio\CerTui.lnk
[2011/04/12 20:32:03 | 000,001,633 | ---- | C] () -- C:\Documents and Settings\andres1\Menú Inicio\Programas\Inicio\Uninstall CerTUI.lnk
[2010/06/19 12:36:26 | 000,269,268 | ---- | C] () -- C:\WINDOWS\System32\drivers\APPFCONT.DAT.bck
[2010/06/19 12:36:26 | 000,269,268 | ---- | C] () -- C:\WINDOWS\System32\drivers\APPFCONT.DAT
[2010/06/19 12:30:08 | 000,000,264 | ---- | C] () -- C:\WINDOWS\System32\PavCPL.dat
[2010/03/26 15:23:10 | 000,051,200 | ---- | C] () -- C:\WINDOWS\System32\regDNIeCSP.exe
[2010/02/13 01:00:06 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\andres1\Configuración local\Datos de programa\thqtpm.zip
[2010/01/08 14:24:19 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2009/06/08 20:51:04 | 000,000,451 | ---- | C] () -- C:\WINDOWS\RENT2008.INI
[2009/01/22 12:27:04 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\zlib1.dll
[2009/01/09 16:10:57 | 000,010,625 | ---- | C] () -- C:\Documents and Settings\andres1\Datos de programa\SmarThruOptions.xml
[2009/01/09 16:10:29 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\SecSNMP.dll
[2009/01/09 16:10:09 | 000,000,164 | ---- | C] () -- C:\WINDOWS\Readiris.ini
[2009/01/09 16:10:04 | 000,023,040 | ---- | C] () -- C:\WINDOWS\System32\irisco32.dll
[2009/01/09 16:08:03 | 000,479,232 | ---- | C] () -- C:\WINDOWS\ssndii.exe
[2009/01/09 16:03:22 | 000,022,723 | ---- | C] () -- C:\WINDOWS\System32\sx450sl3.dll
[2009/01/09 10:18:02 | 000,110,592 | R--- | C] () -- C:\WINDOWS\WiaInst.exe
[2009/01/09 10:17:59 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\Ssuiext.dll
[2009/01/09 10:17:58 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\WIAIPH.dll
[2009/01/09 10:17:58 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\WIASTIIO.dll
[2009/01/09 10:17:57 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\WIAEH.dll
[2009/01/09 10:17:56 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\Sswiadrv.dll
[2008/07/24 01:09:06 | 000,000,004 | RHS- | C] () -- C:\Documents and Settings\All Users\Datos de programa\sysqcl1129139270.dat
[2008/03/11 22:52:48 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2008/01/21 21:51:55 | 000,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2007/10/22 12:53:22 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\DLLSignV2.dll
[2007/05/18 03:30:41 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2007/05/18 03:30:41 | 000,972,072 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2007/04/16 20:14:06 | 000,156,160 | ---- | C] () -- C:\WINDOWS\System32\unrar3.dll
[2007/04/16 20:14:06 | 000,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll
[2007/04/13 15:19:52 | 000,012,632 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2007/04/02 18:59:29 | 000,024,576 | R--- | C] () -- C:\WINDOWS\System32\AsIO.dll
[2007/04/02 18:59:29 | 000,004,962 | R--- | C] () -- C:\WINDOWS\System32\drivers\AsIO.sys
[2007/03/02 22:29:08 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2007/02/15 21:48:33 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2007/02/15 21:48:10 | 000,133,246 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2007/02/15 21:36:10 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2007/01/28 21:38:12 | 000,015,360 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2007/01/21 14:21:17 | 000,000,604 | ---- | C] () -- C:\WINDOWS\Sof2.INI
[2007/01/21 13:48:26 | 000,000,574 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2007/01/20 20:01:28 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2006/12/03 19:20:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\GraphEdt.INI
[2006/11/24 20:53:27 | 000,001,353 | ---- | C] () -- C:\Documents and Settings\All Users\Datos de programa\QTSBandwidthCache
[2006/11/10 22:20:01 | 000,001,451 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2006/11/10 21:49:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/10/07 12:19:08 | 000,258,048 | ---- | C] () -- C:\WINDOWS\System32\sptlib02.dll
[2006/10/07 12:19:08 | 000,253,952 | ---- | C] () -- C:\WINDOWS\System32\sptlib01.dll
[2006/10/07 12:18:45 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\CardID.dll
[2006/10/07 12:18:45 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\AVerIO.dll
[2006/10/07 12:18:45 | 000,003,456 | ---- | C] () -- C:\WINDOWS\System32\AVerIO.sys
[2006/10/03 23:58:51 | 000,000,229 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/10/02 20:48:25 | 000,000,379 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/08/25 12:32:59 | 000,000,064 | ---- | C] () -- C:\WINDOWS\AVerText.ini
[2006/08/24 18:03:22 | 000,216,064 | ---- | C] () -- C:\Documents and Settings\andres1\Configuración local\Datos de programa\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/08/23 10:08:49 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2006/08/23 10:08:43 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\34CoInstaller.dll
[2006/08/23 03:05:51 | 000,004,205 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/08/23 03:04:51 | 000,353,872 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/08/23 02:30:34 | 000,014,295 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2006/08/23 02:30:33 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2006/08/23 02:30:30 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2006/08/23 02:20:25 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/08/23 02:16:19 | 000,021,900 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/08/22 21:03:04 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\andres1\Configuración local\Datos de programa\fusioncache.dat
[2006/03/02 14:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/03/02 14:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/03/02 14:00:00 | 000,508,650 | ---- | C] () -- C:\WINDOWS\System32\perfh00A.dat
[2006/03/02 14:00:00 | 000,444,424 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/03/02 14:00:00 | 000,317,534 | ---- | C] () -- C:\WINDOWS\System32\perfi00A.dat
[2006/03/02 14:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/03/02 14:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/03/02 14:00:00 | 000,091,960 | ---- | C] () -- C:\WINDOWS\System32\perfc00A.dat
[2006/03/02 14:00:00 | 000,072,300 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/03/02 14:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/03/02 14:00:00 | 000,036,284 | ---- | C] () -- C:\WINDOWS\System32\perfd00A.dat
[2006/03/02 14:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/03/02 14:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/03/02 14:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/03/02 14:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/03/02 14:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2005/01/29 03:25:57 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\avi.dll
[2005/01/29 03:25:42 | 000,091,136 | ---- | C] () -- C:\WINDOWS\System32\mkx.dll
[2004/12/20 12:03:26 | 000,679,936 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2003/09/16 17:52:30 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2003/09/16 17:43:32 | 000,884,736 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2003/09/16 17:41:44 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2003/08/07 15:01:52 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2003/04/11 13:14:14 | 000,005,827 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/11/15 14:11:26 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\MMSwitch.dll
[2002/03/07 00:19:16 | 000,454,656 | ---- | C] () -- C:\WINDOWS\System32\PaintX.dll

< End of report >

[ken545]

I am looking over your log, trying to determine if the two services I had you check with System Look need to be removed, I will be back in a short time

[ken545]

Open Notepad Go to Start> All Programs> Assessories> Notepad ( this will only work with Notepad )and copy all the text inside the Codebox by highlighting it all and pressing CTRL C on your keyboard, then paste it into Notepad, make sure there is no space before and above Registry::

Code:

Registry::
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\srvA50]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ckfhatpqubgol]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srvA50]

Driver::
ckfhatpqubgol
srvA50

File::
c:\docume~1\andres1\CONFIG~1\Temp\DAT1AED.tmp.exe

NetSvc::
srvA50

Save this as CFScript to your desktop.

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.




This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.

[anbelo]

Good morning Ken. ComboFix again notified Panda AV was enabled, although I couldn't find any trace of its icon on the System Tray or its processes on the Task Manager. It also informed about a new ComboFix version, but I didn't download it. Here's the resulting log:

vComboFix 11-05-10.02 - andres1 13/05/2011 10:00:02.2.2 - x86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.3.1252.34.3082.18.1023.789 [GMT 2:00]
Running from: c:\documents and settings\andres1\Escritorio\ComboFix.exe
Command switches used :: c:\documents and settings\andres1\Escritorio\CFScript.txt
AV: Panda Antivirus Pro 2010 *Enabled/Updated* {EEE2D94A-D4C1-421A-AB2C-2CE8FE51747A}
FW: Panda Personal Firewall 2010 *Enabled* {7B090DC0-8905-4BAF-8040-FD98A41C8FB8}
.
FILE ::
"c:\docume~1\andres1\CONFIG~1\Temp\DAT1AED.tmp.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_CKFHATPQUBGOL
-------\Legacy_SRVA50
-------\Service_ckfhatpqubgol
-------\Service_srvA50
.
.
((((((((((((((((((((((((( Files Created from 2011-04-13 to 2011-05-13 )))))))))))))))))))))))))))))))
.
.
2011-05-12 17:44 . 2011-05-12 17:44 -------- d-----w- C:\_OTL
2011-05-11 19:06 . 2011-05-11 19:06 -------- d-----w- c:\archivos de programa\ESET
2011-05-11 16:41 . 2011-05-11 16:41 -------- d-----w- c:\documents and settings\andres1\Datos de programa\Malwarebytes
2011-05-11 16:40 . 2011-05-11 16:40 -------- d-----w- c:\documents and settings\All Users\Datos de programa\Malwarebytes
2011-05-11 16:40 . 2010-12-20 16:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-11 16:40 . 2011-05-11 16:40 -------- d-----w- c:\archivos de programa\Malwarebytes' Anti-Malware
2011-05-11 16:40 . 2010-12-20 16:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-10 22:01 . 2011-05-10 22:01 -------- d-----w- C:\safecd
2011-05-10 19:05 . 2011-05-10 19:05 -------- d-----w- C:\pavsig
2011-05-08 16:57 . 2011-05-08 16:58 -------- d-----w- c:\archivos de programa\ERUNT
2011-05-08 16:38 . 2011-05-08 16:38 -------- d-----w- c:\documents and settings\Administrador
2011-05-05 16:12 . 2011-05-05 17:02 -------- d-----w- C:\PANDA
2011-04-30 16:39 . 2009-05-20 14:44 16648 ----a-w- c:\windows\system32\drivers\RkPavproc1.sys
2011-04-13 18:19 . 2010-12-02 12:55 196608 ----a-w- C:\aeat.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-07 05:33 . 2006-08-23 00:16 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 08:43 . 2006-03-02 12:00 434176 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:53 . 2006-03-02 12:00 1858048 ----a-w- c:\windows\system32\win32k.sys
2011-02-17 18:55 . 2006-03-02 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2011-02-17 18:55 . 2006-03-02 12:00 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2011-02-17 18:55 . 2006-03-02 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-02-17 18:55 . 2006-03-02 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2011-02-17 13:18 . 2006-03-02 12:00 455936 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-02-17 13:18 . 2006-03-02 12:00 357888 ----a-w- c:\windows\system32\drivers\srv.sys
2011-02-17 12:54 . 2008-05-05 05:25 5632 ----a-w- c:\windows\system32\xpsp4res.dll
2011-02-17 11:44 . 2006-03-02 12:00 389120 ----a-w- c:\windows\system32\html.iec
2011-02-15 12:56 . 2006-03-02 12:00 290432 ----a-w- c:\windows\system32\atmfd.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-05-11_12.23.25 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-05-11 16:31 . 2011-05-11 16:31 172032 c:\windows\ERDNT\11-05-2011\Users\00000002\UsrClass.dat
+ 2011-05-11 16:31 . 2005-10-20 10:02 163328 c:\windows\ERDNT\11-05-2011\ERDNT.EXE
+ 2011-05-11 16:31 . 2011-05-11 16:31 15593472 c:\windows\ERDNT\11-05-2011\Users\00000001\NTUSER.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 61952]
"NeroFilterCheck"="c:\archivos de programa\Archivos comunes\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-05-20 28160]
"SoundMAXPnP"="c:\archivos de programa\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"XboxStat"="c:\archivos de programa\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-09-26 734264]
"APVXDWIN"="c:\archivos de programa\Panda Security\Panda Antivirus Pro 2010\APVXDWIN.EXE" [2009-09-25 906496]
"SCANINICIO"="c:\archivos de programa\Panda Security\Panda Antivirus Pro 2010\Inicio.exe" [2009-08-12 56064]
"Adobe Reader Speed Launcher"="c:\archivos de programa\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-01-22 40368]
"Adobe ARM"="c:\archivos de programa\Archivos comunes\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2008-03-19 536576]
"QuickTime Task"="c:\archivos de programa\QuickTime\qttask.exe" [2009-09-04 417792]
"CERTUI"="c:\archivos de programa\ACOTEC\CerTUI\CerTUI.exe" [2010-02-15 1064960]
"RegistrarUsrDNIeCertStoreDLL"="c:\archivos de programa\DNIe\udcs.exe" [2009-03-02 37888]
"Malwarebytes' Anti-Malware (reboot)"="c:\archivos de programa\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\andres1\Men£ Inicio\Programas\Inicio\
CerTui.lnk - c:\archivos de programa\ACOTEC\CerTUI\CerTui.exe [2009-6-8 1064960]
Uninstall CerTUI.lnk - c:\windows\CerTUI\uninstall.exe [2011-4-12 451072]
.
c:\documents and settings\All Users\Men£ Inicio\Programas\Inicio\
Logitech SetPoint.lnk - c:\archivos de programa\Logitech\SetPoint\SetPoint.exe [2006-10-6 450560]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUA"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
2008-03-18 14:58 58672 ----a-w- c:\windows\system32\avldr.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /r \??\F:\0autocheck autochk *
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PskSvcRetail]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menú Inicio^Programas^Inicio^Adobe Gamma.lnk]
path=c:\documents and settings\All Users\Menú Inicio\Programas\Inicio\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menú Inicio^Programas^Inicio^QuickTV6.lnk]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 18:37 932288 ----a-w- c:\archivos de programa\Archivos comunes\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-01-22 05:05 40368 ----a-w- c:\archivos de programa\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
2009-04-24 03:16 203928 ----a-w- c:\archivos de programa\Alcohol Soft\Alcohol 120\AxCmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
2006-05-10 09:12 90112 ----a-w- c:\archivos de programa\ATI Technologies\ATI.ACE\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 02:18 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-09-08 19:09 305440 ----a-w- c:\archivos de programa\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logan_S2P]
2007-06-10 23:58 253952 ----a-w- c:\archivos de programa\Samsung\Samsung SCX-4500 Series\SPanel\PSU\Scan2pc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 02:19 1695232 ------w- c:\archivos de programa\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-09-04 23:54 417792 ----a-w- c:\archivos de programa\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Samsung PanelMgr]
2008-03-19 12:07 536576 ----a-w- c:\windows\Samsung\PanelMgr\SSMMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSTray]
2007-09-20 07:23 132624 ----a-w- c:\archivos de programa\Samsung\Samsung Media Studio 5\SMSTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
2005-09-07 13:35 716800 ----a-w- c:\archivos de programa\Analog Devices\SoundMAX\SMax4.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Archivos de programa\\Messenger\\msmsgs.exe"=
"c:\\Archivos de programa\\Spotify\\spotify.exe"=
"c:\\Archivos de programa\\Bonjour\\mDNSResponder.exe"=
"c:\\Archivos de programa\\iTunes\\iTunes.exe"=
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [20/01/2007 11:09 721904]
R1 NETFLTDI;Panda Net Driver [TDI Layer];c:\windows\system32\drivers\NETFLTDI.SYS [19/06/2010 12:36 159112]
R3 NETIMFLT01060039;PANDA NDIS IM Filter Miniport v1.6.0.39;c:\windows\system32\drivers\neti1639.sys [19/06/2010 12:29 199432]
S0 pavboot;Panda boot driver;c:\windows\system32\drivers\pavboot.sys [19/06/2010 12:26 28552]
S1 APPFLT;App Filter Plugin;c:\windows\system32\drivers\APPFLT.SYS [19/06/2010 12:36 75016]
S1 DSAFLT;DSA Filter Plugin;c:\windows\system32\drivers\dsaflt.sys [19/06/2010 12:36 53128]
S1 FNETMON;NetMon Filter Plugin;c:\windows\system32\drivers\fnetmon.sys [19/06/2010 12:36 22072]
S1 IDSFLT;Ids Filter Plugin;c:\windows\system32\drivers\idsflt.sys [19/06/2010 12:36 193800]
S1 ShldDrv;Panda File Shield Driver;c:\windows\system32\drivers\ShlDrv51.sys [19/06/2010 12:25 41144]
S1 WNMFLT;Wifi Monitor Filter Plugin;c:\windows\system32\drivers\wnmflt.sys [19/06/2010 12:36 46728]
S2 Gwmsrv;Panda Goodware Cache Manager;c:\windows\system32\svchost -k Panda --> c:\windows\system32\svchost -k Panda [?]
S2 PavProc;Panda Process Protection Driver;c:\windows\system32\drivers\PavProc.sys [19/06/2010 12:25 163336]
S2 PskSvcRetail;Panda PSK service;c:\archivos de programa\Panda Security\Panda Antivirus Pro 2010\psksvc.exe [19/06/2010 12:30 28928]
S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?]
S3 AvFlt;Antivirus Filter Driver;c:\windows\system32\drivers\av5flt.sys --> c:\windows\system32\drivers\av5flt.sys [?]
S3 PavSRK.sys;PavSRK.sys;\??\c:\windows\system32\PavSRK.sys --> c:\windows\system32\PavSRK.sys [?]
S3 PavTPK.sys;PavTPK.sys;\??\c:\windows\system32\PavTPK.sys --> c:\windows\system32\PavTPK.sys [?]
S3 RkPavproc1;RkPavproc1;c:\windows\system32\drivers\RkPavproc1.sys [30/04/2011 18:39 16648]
S3 RkPavproc2;RkPavproc2;\??\c:\windows\system32\drivers\RkPavproc2.sys --> c:\windows\system32\drivers\RkPavproc2.sys [?]
S3 RkPavproc3;RkPavproc3;\??\c:\windows\system32\drivers\RkPavproc3.sys --> c:\windows\system32\drivers\RkPavproc3.sys [?]
S3 RkPavproc4;RkPavproc4;\??\c:\windows\system32\drivers\RkPavproc4.sys --> c:\windows\system32\drivers\RkPavproc4.sys [?]
S3 xusb20;Xbox 360 Wireless Receiver for Windows Driver Service;c:\windows\system32\drivers\xusb20.sys [14/10/2006 0:48 50048]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
panda REG_MULTI_SZ Gwmsrv
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\archivos de programa\Apple Software Update\SoftwareUpdate.exe [2007-08-29 10:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.es/
uInternet Connection Wizard,ShellNext = hxxp://www.pandasoftware.com/redirector/?prod=104&app=KeysSupport&lang=spa
IE: E&xportar a Microsoft Excel - c:\archiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: fnmt.es\www.cert
DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://downloads.ewido.net/ewidoOnlineScan.cab
DPF: {1C4C6BC7-91F1-4FD3-A208-B07B6C1BDBFB} - hxxps://www.juntadeandalucia.es/economiayhacienda/apl/surnet/firma/instalacion/SignV2.cab
DPF: {B785FA3C-1DE9-4D20-8396-613C486FE95E} - hxxps://www1.aeat.es/imagenes/comun/cactivex.cab
FF - ProfilePath - c:\documents and settings\andres1\Datos de programa\Mozilla\Firefox\Profiles\d7wjsik5.default\
FF - Ext: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - %profile%\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: 1-Click YouTube Video Downloader: YoutubeDownloader@PeterOlayev.com - %profile%\extensions\YoutubeDownloader@PeterOlayev.com
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\archivos de programa\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\archivos de programa\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - c:\archivos de programa\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\archivos de programa\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\archivos de programa\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Acotec PKCS#11: acotec@acotec.es - c:\archivos de programa\Mozilla Firefox\extensions\acotec@acotec.es
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\archivos de programa\Java\jre6\lib\deploy\jqs\ff
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-13 10:10
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•9~*]
"A0C0110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(964)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\avldr.dll
.
Completion time: 2011-05-13 10:14:40 - machine was rebooted
ComboFix-quarantined-files.txt 2011-05-13 08:14
ComboFix2.txt 2011-05-11 12:25
.
Pre-Run: 3.121.278.976 bytes libres
Post-Run: 3.015.397.376 bytes libres
.
- - End Of File - - 3FE27DF3E40F6A7F1FC6087559E40F95

[ken545]

How are things running now ?