Hey,

When I try to run Spybot and I click on the shortcut, nothing happens. I think I got some virus or something. But my up to dat Avast virus scanner didn't detect anything....

please find the DSS.txt log below and the attach.zip attached:
I am looking forwards to hearing from you.
Thank you for your time and support!
===========================


DDS (Ver_10-10-10.03) - NTFSx86
Run by Administrador at 13:34:18.52 on 16/10/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.54.3082.18.3455.2322 [GMT 1:00]

SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Calibrize\CalibrizeResume.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\AEADISRV.EXE
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\AstSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\taskeng.exe
C:\Program Files\RegCure\RegCure.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\AUDIODG.EXE
C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Administrador\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Aplicación auxiliar de inicio de sesión: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [Google Update] "c:\users\administrador\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [CGFLoader] c:\program files\calibrize\CalibrizeLoader.exe
uRun: [CalibrizeResume] c:\program files\calibrize\CalibrizeResume.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [VoipBuster] "c:\program files\voipbuster.com\voipbuster\voipbuster.exe" -nosplash -minimized
mRun: [UnlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe"
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [SynTPStart] c:\program files\synaptics\syntp\SynTPStart.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [LogMeIn Hamachi Ui] "c:\program files\logmein hamachi\hamachi-2-ui.exe" --auto-start
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
uPolicies-explorer: AlwaysShowClassicMenu = 1 (0x1)
uPolicies-explorer: NoResolveTrack = 1 (0x1)
uPolicies-system: DisableLockWorkstation = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xportar a Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - d:\micros~1\office12\REFIEBAR.DLL
Trusted Zone: fnmt.es
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SEH: CShellExecuteHookImpl Object: {54d9498b-cf93-414f-8984-8ce7fde0d391} - c:\program files\ewido anti-malware\shellhook.dll
Hosts: 127.0.0.1 www.spywareinfo.com (http://www.spywareinfo.com)

============= SERVICES / DRIVERS ===============

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-9-11 165584]
R1 ewido security suite driver;ewido security suite driver;c:\program files\ewido anti-malware\guard.sys [2004-11-22 3072]
R1 SASDIFSV;SASDIFSV;c:\users\admini~1\appdata\local\temp\sas_selfextract\SASDIFSV.SYS [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\users\admini~1\appdata\local\temp\sas_selfextract\SASKUTIL.SYS [2010-5-10 67656]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-9-11 17744]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-9-11 50768]
R2 SSPORT;SSPORT;c:\windows\system32\drivers\SSPORT.SYS [2010-4-13 5120]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2007-2-26 179712]
R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [2007-5-9 97280]
S3 PAC207;SoC PC-Camera;c:\windows\system32\drivers\PFC027.SYS [2006-12-5 507136]

=============== Created Last 30 ================

2010-10-16 11:38:56 -------- d-----w- c:\program files\Spybot
2010-10-16 10:39:48 -------- d-----w- c:\program files\ewido anti-malware
2010-10-16 10:23:50 -------- d-----w- c:\users\admini~1\appdata\roaming\Malwarebytes
2010-10-15 21:52:37 -------- d-----w- c:\users\admini~1\appdata\roaming\SUPERAntiSpyware.com
2010-10-15 21:52:37 -------- d-----w- c:\progra~2\SUPERAntiSpyware.com
2010-10-15 21:52:01 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-15 21:52:00 -------- d-----w- c:\progra~2\Malwarebytes
2010-10-15 21:51:59 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-15 21:51:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-15 21:08:00 -------- d-----w- c:\program files\Lavasoft
2010-10-15 20:55:33 -------- d-----w- c:\program files\Panda Security
2010-10-15 20:35:18 70144 --sha-r- c:\windows\system32\mspbde40V.dll
2010-10-15 17:49:41 -------- d-----w- C:\MetaStock
2010-10-15 17:48:09 -------- d-----w- c:\program files\MLDownloader
2010-10-15 17:42:29 327168 ----a-w- c:\windows\IsUninst.exe
2010-10-13 11:33:15 201728 ----a-w- c:\windows\system32\Nike+ Mini.scr
2010-10-13 11:33:15 -------- d-----w- c:\windows\system32\Nike+ Mini dir
2010-10-02 23:29:54 -------- d-----w- c:\progra~2\RegCure
2010-09-30 19:37:46 -------- d-----w- c:\users\admini~1\appdata\roaming\Softland
2010-09-30 19:37:45 22856 ----a-w- c:\windows\system32\dopdfmn7.dll
2010-09-30 19:37:45 19784 ----a-w- c:\windows\system32\dopdfmi7.dll
2010-09-30 19:37:44 -------- d-----w- c:\program files\Softland
2010-09-30 12:04:02 146432 ----a-w- c:\program files\common files\microsoft shared\nateed\TRIEDIT.DLL
2010-09-30 12:04:02 -------- d-----w- c:\program files\NATEON
2010-09-30 12:03:53 753664 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iKernel.dll
2010-09-30 12:03:53 69714 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\ctor.dll
2010-09-30 12:03:53 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\DotNetInstaller.exe
2010-09-30 12:03:53 32768 ----a-w- c:\program files\common files\installshield\professional\runtime\Objectps.dll
2010-09-30 12:03:53 274432 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iscript.dll
2010-09-30 12:03:53 184320 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iuser.dll
2010-09-30 12:03:52 331908 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\setup.dll
2010-09-30 12:03:52 200836 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iGdi.dll
2010-09-30 11:28:30 -------- d-----w- c:\program files\iTunes
2010-09-30 11:28:30 -------- d-----w- c:\program files\iPod
2010-09-30 11:26:59 159744 ----a-w- c:\program files\internet explorer\módulos\npqtplugin7.dll
2010-09-30 11:26:59 159744 ----a-w- c:\program files\internet explorer\módulos\npqtplugin6.dll
2010-09-30 11:26:59 159744 ----a-w- c:\program files\internet explorer\módulos\npqtplugin5.dll
2010-09-30 11:26:59 159744 ----a-w- c:\program files\internet explorer\módulos\npqtplugin4.dll
2010-09-30 11:26:59 159744 ----a-w- c:\program files\internet explorer\módulos\npqtplugin3.dll
2010-09-30 11:26:59 159744 ----a-w- c:\program files\internet explorer\módulos\npqtplugin2.dll
2010-09-30 11:26:59 159744 ----a-w- c:\program files\internet explorer\módulos\npqtplugin.dll
2010-09-24 15:30:40 -------- d-----w- c:\program files\CamStudio
2010-09-22 16:26:26 -------- d-----w- c:\users\admini~1\appdata\local\Apple Computer
2010-09-22 16:26:20 26600 ------w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-09-22 16:26:20 107368 ------w- c:\windows\system32\GEARAspi.dll
2010-09-22 16:26:03 -------- d-----w- c:\progra~2\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-09-22 16:25:36 -------- d-----w- c:\users\admini~1\appdata\local\Apple
2010-09-22 16:25:17 -------- d-----w- c:\program files\Bonjour
2010-09-21 21:03:16 -------- d-----w- c:\users\admini~1\appdata\local\LogMeIn Hamachi
2010-09-21 21:03:04 -------- d-----w- c:\program files\LogMeIn Hamachi
2010-09-18 23:00:58 -------- d-----w- c:\users\admini~1\appdata\local\CyberLink
2010-09-18 03:04:27 -------- d-----w- c:\windows\PixArt
2010-09-17 21:16:59 -------- d-----w- c:\program files\CCleaner
2010-09-16 16:33:40 -------- d-----w- c:\users\admini~1\appdata\roaming\Software602

==================== Find3M ====================

2010-09-08 10:17:46 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 10:17:46 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-09-07 15:12:17 38848 ----a-w- c:\windows\avastSS.scr
2010-07-29 06:30:49 197632 ----a-w- c:\windows\system32\ir32_32.dll
2010-07-29 06:30:34 82944 ----a-w- c:\windows\system32\iccvid.dll
2010-07-27 17:44:10 91424 ------w- c:\windows\system32\dnssd.dll
2010-07-27 17:44:10 75040 ------w- c:\windows\system32\jdns_sd.dll
2010-07-27 17:44:10 197920 ------w- c:\windows\system32\dnssdX.dll
2010-07-27 17:44:10 107808 ------w- c:\windows\system32\dns-sd.exe

============= FINISH: 13:35:37.75 ===============

GMER 1.0.15.15319 - http://www.gmer.net
Rootkit scan 2010-10-16 14:25:15
Windows 6.1.7600
Running: gmer.exe; Driver: C:\Users\ADMINI~1\AppData\Local\Temp\pxldqpow.sys


---- System - GMER 1.0.15 ----

SSDT \??\C:\Program Files\ewido anti-malware\guard.sys ZwOpenProcess [0x9167F68C]
SSDT \??\C:\Program Files\ewido anti-malware\guard.sys ZwTerminateProcess [0x9167F604]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x916C7BAE]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0x916C79D2]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0x916C7B0C]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82A96599 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82ABAF52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!RtlSidHashLookup + 4E8 82AC29F8 4 Bytes [8C, F6, 67, 91]
.text ntkrnlpa.exe!RtlSidHashLookup + 7B8 82AC2CC8 4 Bytes [04, F6, 67, 91]
PAGE ntkrnlpa.exe!ZwLoadDriver 82BF4291 7 Bytes JMP 916C7B10 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 82C5BFBF 5 Bytes JMP 916C35D4 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject + 27 82C75CF3 5 Bytes JMP 916C5012 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!NtCreateSection 82C83D63 7 Bytes JMP 916C79D6 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 82D2DEAC 7 Bytes JMP 916C7BB2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
? System32\drivers\ayatl.sys El sistema no puede encontrar la ruta especificada. !
? System32\Drivers\spml.sys El sistema no puede encontrar la ruta especificada. !
PAGE ataport.SYS!DllUnload + 1 8C272AD7 4 Bytes JMP 856201D9
.rsrc C:\Windows\system32\DRIVERS\disk.sys entry point in ".rsrc" section [0x8C833014]
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x92A3C000, 0x1E7580, 0xE8000020]
.text USBPORT.SYS!DllUnload 938A5CA0 5 Bytes JMP 85FA44E0
.text agdqzu4i.SYS 9173B000 12 Bytes [44, 18, A2, 82, EE, 16, A2, ...]
.text agdqzu4i.SYS 9173B00D 9 Bytes [F7, A1, 82, 48, 1B, A2, 82, ...] {MUL DWORD [ECX-0x5de4b77e]; ADD BYTE [EAX], 0x0}
.text agdqzu4i.SYS 9173B017 170 Bytes [00, DE, F7, 17, 8C, E6, F5, ...]
.text agdqzu4i.SYS 9173B0C3 8 Bytes [00, 00, 00, 00, 00, 00, 00, ...] {ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL}
.text agdqzu4i.SYS 9173B0CE 4 Bytes [00, 00, 00, 00] {ADD [EAX], AL; ADD [EAX], AL}
.text ...

---- User code sections - GMER 1.0.15 ----

.text C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe[828] ntdll.dll!NtCreateFile + 6 773C4A36 4 Bytes [28, 00, 07, 00]
.text C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe[828] ntdll.dll!NtCreateFile + B 773C4A3B 1 Byte [E2]
.text C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe[828] ntdll.dll!NtMapViewOfSection + 6 773C5096 1 Byte [28]
.text C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe[828] ntdll.dll!NtMapViewOfSection + 6 773C5096 4 Bytes [28, 03, 07, 00]
.text C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe[828] ntdll.dll!NtMapViewOfSection + B 773C509B 1 Byte [E2]
.text C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe[828] ntdll.dll!NtOpenFile + 6 773C5146 4 Bytes [68, 00, 07, 00]
.text C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe[828] ntdll.dll!NtOpenFile + B 773C514B 1 Byte [E2]
.text C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe[828] ntdll.dll!NtOpenProcess + 6 773C51F6 4 Bytes [A8, 01, 07, 00]
.text C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe[828] ntdll.dll!NtOpenProcess + B 773C51FB 1 Byte [E2]
.text C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe[828] ntdll.dll!NtOpenProcessToken + B 773C520B 1 Byte [E2]
.text C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe[828] ntdll.dll!NtOpenProcessTokenEx + 6 773C5216 4 Bytes [A8, 02, 07, 00]
.text C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe[828] ntdll.dll!NtOpenProcessTokenEx + B 773C521B 1 Byte [E2]
.text C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe[828] ntdll.dll!NtOpenThread + 6 773C5276 4 Bytes [68, 01, 07, 00]
.text C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe[828] ntdll.dll!NtOpenThread + B 773C527B 1 Byte [E2]
.text C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe[828] ntdll.dll!NtOpenThreadToken + 6 773C5286 4 Bytes [68, 02, 07, 00]
.text C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe[828] ntdll.dll!NtOpenThreadToken + B 773C528B 1 Byte [E2]
.text C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe[828] ntdll.dll!NtOpenThreadTokenEx + B 773C529B 1 Byte [E2]
.text C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe[828] ntdll.dll!NtQueryAttributesFile + 6 773C53A6 4 Bytes [A8, 00, 07, 00]
.text C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe[828] ntdll.dll!NtQueryAttributesFile + B 773C53AB 1 Byte [E2]
.text C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe[828] ntdll.dll!NtQueryFullAttributesFile + B 773C545B 1 Byte [E2]
.text C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe[828] ntdll.dll!NtSetInformationFile + 6 773C5AA6 4 Bytes [28, 01, 07, 00]
.text C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe[828] ntdll.dll!NtSetInformationFile + B 773C5AAB 1 Byte [E2]
.text C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe[828] ntdll.dll!NtSetInformationThread + 6 773C5B06 4 Bytes [28, 02, 07, 00]
.text C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe[828] ntdll.dll!NtSetInformationThread + B 773C5B0B 1 Byte [E2]
.text C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe[828] ntdll.dll!NtUnmapViewOfSection + 6 773C5E26 1 Byte [68]
.text C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe[828] ntdll.dll!NtUnmapViewOfSection + 6 773C5E26 4 Bytes [68, 03, 07, 00]
.text C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe[828] ntdll.dll!NtUnmapViewOfSection + B 773C5E2B 1 Byte [E2]
.text C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe[884] ntdll.dll!NtCreateFile + 6 773C4A36 4 Bytes [28, 00, 07, 00]
.text C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe[884] ntdll.dll!NtCreateFile + B 773C4A3B 1 Byte [E2]
.text C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe[884] ntdll.dll!NtMapViewOfSection + 6 773C5096 1 Byte [28]
.text C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe[884] ntdll.dll!NtMapViewOfSection + 6 773C5096 4 Bytes [28, 03, 07, 00]
.text C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe[884] ntdll.dll!NtMapViewOfSection + B 773C509B 1 Byte [E2]
.text C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe[884] ntdll.dll!NtOpenFile + 6 773C5146 4 Bytes [68, 00, 07, 00]
.text C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe[884] ntdll.dll!NtOpenFile + B 773C514B 1 Byte [E2]
.text C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe[884] ntdll.dll!NtOpenProcess + 6 773C51F6 4 Bytes [A8, 01, 07, 00]
.text C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe[884] ntdll.dll!NtOpenProcess + B 773C51FB 1 Byte [E2]
.text C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe[884] ntdll.dll!NtOpenProcessToken + B 773C520B 1 Byte [E2]
.text C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe[884] ntdll.dll!NtOpenProcessTokenEx + 6 773C5216 4 Bytes [A8, 02, 07, 00]
.text C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe[884] ntdll.dll!NtOpenProcessTokenEx + B 773C521B 1 Byte [E2]
.text C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe[884] ntdll.dll!NtOpenThread + 6 773C5276 4 Bytes [68, 01, 07, 00]
.text C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe[884] ntdll.dll!NtOpenThread + B 773C527B 1 Byte [E2]
.text C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe[884] ntdll.dll!NtOpenThreadToken + 6 773C5286 4 Bytes [68, 02, 07, 00]
.text C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe[884] ntdll.dll!NtOpenThreadToken + B 773C528B 1 Byte [E2]
.text C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe[884] ntdll.dll!NtOpenThreadTokenEx + B 773C529B 1 Byte [E2]
.text C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe[884] ntdll.dll!NtQueryAttributesFile + 6 773C53A6 4 Bytes [A8, 00, 07, 00]
.text C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe[884] ntdll.dll!NtQueryAttributesFile + B 773C53AB 1 Byte [E2]
.text C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe[884] ntdll.dll!NtQueryFullAttributesFile + B 773C545B 1 Byte [E2]
.text C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe[884] ntdll.dll!NtSetInformationFile + 6 773C5AA6 4 Bytes [28, 01, 07, 00]
.text C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe[884] ntdll.dll!NtSetInformationFile + B 773C5AAB 1 Byte [E2]
.text C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe[884] ntdll.dll!NtSetInformationThread + 6 773C5B06 4 Bytes [28, 02, 07, 00]
.text C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe[884] ntdll.dll!NtSetInformationThread + B 773C5B0B 1 Byte [E2]
.text C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe[884] ntdll.dll!NtUnmapViewOfSection + 6 773C5E26 1 Byte [68]
.text C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe[884] ntdll.dll!NtUnmapViewOfSection + 6 773C5E26 4 Bytes [68, 03, 07, 00]
.text C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe[884] ntdll.dll!NtUnmapViewOfSection + B 773C5E2B 1 Byte [E2]
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1352] kernel32.dll!SetUnhandledExceptionFilter 760E3162 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Windows\Explorer.EXE[1580] SHELL32.dll!SHFileOperationW 76479718 5 Bytes JMP 10001102 C:\Program Files\Unlocker\UnlockerHook.dll
.text C:\Windows\explorer.exe[2376] SHELL32.dll!SHFileOperationW 76479718 5 Bytes JMP 10001102 C:\Program Files\Unlocker\UnlockerHook.dll
.text C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe[3680] ntdll.dll!NtCreateFile + 6 773C4A36 4 Bytes [28, 00, 07, 00]
.text C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe[3680] ntdll.dll!NtCreateFile + B 773C4A3B 1 Byte [E2]
.text C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe[3680] ntdll.dll!NtMapViewOfSection + 6 773C5096 1 Byte [28]
.text C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe[3680] ntdll.dll!NtMapViewOfSection + 6 773C5096 4 Bytes [28, 03, 07, 00]
.text C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe[3680] ntdll.dll!NtMapViewOfSection + B 773C509B 1 Byte [E2]
.text C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe[3680] ntdll.dll!NtOpenFile + 6 773C5146 4 Bytes [68, 00, 07, 00]
.text C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe[3680] ntdll.dll!NtOpenFile + B 773C514B 1 Byte [E2]
.text C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe[3680] ntdll.dll!NtOpenProcess + 6 773C51F6 4 Bytes [A8, 01, 07, 00]
.text C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe[3680] ntdll.dll!NtOpenProcess + B 773C51FB 1 Byte [E2]
.text C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe[3680] ntdll.dll!NtOpenProcessToken + B 773C520B 1 Byte [E2]
.text C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe[3680] ntdll.dll!NtOpenProcessTokenEx + 6 773C5216 4 Bytes [A8, 02, 07, 00]
.text C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe[3680] ntdll.dll!NtOpenProcessTokenEx + B 773C521B 1 Byte [E2]
.text C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe[3680] ntdll.dll!NtOpenThread + 6 773C5276 4 Bytes [68, 01, 07, 00]
.text C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe[3680] ntdll.dll!NtOpenThread + B 773C527B 1 Byte [E2]
.text C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe[3680] ntdll.dll!NtOpenThreadToken + 6 773C5286 4 Bytes [68, 02, 07, 00]
.text C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe[3680] ntdll.dll!NtOpenThreadToken + B 773C528B 1 Byte [E2]
.text C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe[3680] ntdll.dll!NtOpenThreadTokenEx + B 773C529B 1 Byte [E2]
.text C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe[3680] ntdll.dll!NtQueryAttributesFile + 6 773C53A6 4 Bytes [A8, 00, 07, 00]
.text C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe[3680] ntdll.dll!NtQueryAttributesFile + B 773C53AB 1 Byte [E2]
.text C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe[3680] ntdll.dll!NtQueryFullAttributesFile + B 773C545B 1 Byte [E2]
.text C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe[3680] ntdll.dll!NtSetInformationFile + 6 773C5AA6 4 Bytes [28, 01, 07, 00]
.text C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe[3680] ntdll.dll!NtSetInformationFile + B 773C5AAB 1 Byte [E2]
.text C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe[3680] ntdll.dll!NtSetInformationThread + 6 773C5B06 4 Bytes [28, 02, 07, 00]
.text C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe[3680] ntdll.dll!NtSetInformationThread + B 773C5B0B 1 Byte [E2]
.text C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe[3680] ntdll.dll!NtUnmapViewOfSection + 6 773C5E26 1 Byte [68]
.text C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe[3680] ntdll.dll!NtUnmapViewOfSection + 6 773C5E26 4 Bytes [68, 03, 07, 00]
.text C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe[3680] ntdll.dll!NtUnmapViewOfSection + B 773C5E2B 1 Byte [E2]
.text C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe[3956] ntdll.dll!NtCreateFile + 6 773C4A36 4 Bytes [28, 00, 07, 00]
.text C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe[3956] ntdll.dll!NtCreateFile + B 773C4A3B 1 Byte [E2]
.text C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe[3956] ntdll.dll!NtMapViewOfSection + 6 773C5096 1 Byte [28]
.text C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe[3956] ntdll.dll!NtMapViewOfSection + 6 773C5096 4 Bytes [28, 03, 07, 00]
.text C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe[3956] ntdll.dll!NtMapViewOfSection + B 773C509B 1 Byte [E2]
.text C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe[3956] ntdll.dll!NtOpenFile + 6 773C5146 4 Bytes [68, 00, 07, 00]
.text C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe[3956] ntdll.dll!NtOpenFile + B 773C514B 1 Byte [E2]
.text C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe[3956] ntdll.dll!NtOpenProcess + 6 773C51F6 4 Bytes [A8, 01, 07, 00]
.text C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe[3956] ntdll.dll!NtOpenProcess + B 773C51FB 1 Byte [E2]
.text C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe[3956] ntdll.dll!NtOpenProcessToken + B 773C520B 1 Byte [E2]
.text C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe[3956] ntdll.dll!NtOpenProcessTokenEx + 6 773C5216 4 Bytes [A8, 02, 07, 00]
.text C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe[3956] ntdll.dll!NtOpenProcessTokenEx + B 773C521B 1 Byte [E2]
.text C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe[3956] ntdll.dll!NtOpenThread + 6 773C5276 4 Bytes [68, 01, 07, 00]
.text C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe[3956] ntdll.dll!NtOpenThread + B 773C527B 1 Byte [E2]
.text C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe[3956] ntdll.dll!NtOpenThreadToken + 6 773C5286 4 Bytes [68, 02, 07, 00]
.text C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe[3956] ntdll.dll!NtOpenThreadToken + B 773C528B 1 Byte [E2]
.text C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe[3956] ntdll.dll!NtOpenThreadTokenEx + B 773C529B 1 Byte [E2]
.text C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe[3956] ntdll.dll!NtQueryAttributesFile + 6 773C53A6 4 Bytes [A8, 00, 07, 00]
.text C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe[3956] ntdll.dll!NtQueryAttributesFile + B 773C53AB 1 Byte [E2]
.text C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe[3956] ntdll.dll!NtQueryFullAttributesFile + B 773C545B 1 Byte [E2]
.text C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe[3956] ntdll.dll!NtSetInformationFile + 6 773C5AA6 4 Bytes [28, 01, 07, 00]
.text C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe[3956] ntdll.dll!NtSetInformationFile + B 773C5AAB 1 Byte [E2]
.text C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe[3956] ntdll.dll!NtSetInformationThread + 6 773C5B06 4 Bytes [28, 02, 07, 00]
.text C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe[3956] ntdll.dll!NtSetInformationThread + B 773C5B0B 1 Byte [E2]
.text C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe[3956] ntdll.dll!NtUnmapViewOfSection + 6 773C5E26 1 Byte [68]
.text C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe[3956] ntdll.dll!NtUnmapViewOfSection + 6 773C5E26 4 Bytes [68, 03, 07, 00]
.text C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe[3956] ntdll.dll!NtUnmapViewOfSection + B 773C5E2B 1 Byte [E2]

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 856271F8

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Motor en tiempo de ejecución del marco de controlador en modo kernel/Microsoft Corporation)

Device \Driver\volmgr \Device\VolMgrControl 856221F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{2A1ACC0C-A744-4C03-B12A-860CD151A6F9} 862B71F8
Device \Driver\usbuhci \Device\USBPDO-0 863AC1F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{D2328AAA-45E5-4B0F-8B36-78EA7A3FD414} 862B71F8
Device \Driver\usbuhci \Device\USBPDO-1 863AC1F8
Device \Driver\usbuhci \Device\USBPDO-2 863AC1F8
Device \Driver\ACPI_HAL \Device\00000046 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
Device \Driver\usbuhci \Device\USBPDO-3 863AC1F8
Device \Driver\usbehci \Device\USBPDO-4 85F903C8

AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device \Driver\PCI_PNP0102 \Device\00000062 spml.sys
Device \Driver\volmgr \Device\HarddiskVolume1 856221F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device \Driver\volmgr \Device\HarddiskVolume2 856221F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device \Driver\cdrom \Device\CdRom0 862CC500
Device \Driver\cdrom \Device\CdRom1 862CC500
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP0T0L0-0 860FAAEA
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 856241F8
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 860FAAEA
Device \Driver\atapi \Device\Ide\IdePort0 856241F8
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1 860FAAEA
Device \Driver\atapi \Device\Ide\IdePort1 856241F8
Device \Driver\msahci \Device\Ide\PciIde1Channel0 856251F8
Device \Driver\sptd \Device\1812804106 spml.sys
Device \Driver\NetBT \Device\NetBt_Wins_Export 862B71F8
Device \Driver\BTHUSB \Device\00000085 bthport.sys (Controlador de bus Bluetooth/Microsoft Corporation)
Device \Driver\BTHUSB \Device\00000085 bthport.sys (Controlador de bus Bluetooth/Microsoft Corporation)
Device \Driver\BTHUSB \Device\00000087 bthport.sys (Controlador de bus Bluetooth/Microsoft Corporation)
Device \Driver\BTHUSB \Device\00000087 bthport.sys (Controlador de bus Bluetooth/Microsoft Corporation)

AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device \Driver\usbuhci \Device\USBFDO-0 863AC1F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{B74A4E07-590E-4F21-9745-D4E2F7746272} 862B71F8
Device \Driver\usbuhci \Device\USBFDO-1 863AC1F8
Device \Driver\usbuhci \Device\USBFDO-2 863AC1F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{1CCCACE6-1527-4CF9-BE81-785B5FE5C73C} 862B71F8
Device \Driver\usbuhci \Device\USBFDO-3 863AC1F8
Device \Driver\usbehci \Device\USBFDO-4 85F903C8
Device \Driver\agdqzu4i \Device\Scsi\agdqzu4i1Port2Path0Target0Lun0 863181F8
Device \Driver\agdqzu4i \Device\Scsi\agdqzu4i1 863181F8
Device -> \Driver\atapi \Device\Harddisk0\DR0 860FAEC5

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001a6b7333a1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x48 0x33 0x62 0xB8 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x58 0x14 0xB2 0x0E ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x39 0x77 0x25 0x7D ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001a6b7333a1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x48 0x33 0x62 0xB8 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x58 0x14 0xB2 0x0E ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x39 0x77 0x25 0x7D ...

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 62: copy of MBR

---- Files - GMER 1.0.15 ----

File C:\Windows\system32\DRIVERS\disk.sys suspicious modification
File C:\Windows\system32\drivers\atapi.sys suspicious modification

---- EOF - GMER 1.0.15 ----

Hi :)

I am checking through your logs and will get back to you shortly...

Hello arucard_esp and :welcome:

My name is JonTom

Malware Logs can sometimes take a lot of time to research and interpret.

Please be patient while I try to assist with your problem. If at any time you do not understand what is required, please ask for further explanation.

Please note that there is no "Quick Fix" to modern malware infections and we may need to use several different approaches to get your system clean.

Read every reply you receive carefully and thoroughly before carrying out the instructions. You may also find it helpful to print out the instructions you receive, as in some instances you may have to disconnect your computer from the Internet.

PLEASE NOTE: If you do not reply after 5 days your thread will be closed.


Thank you for the logs.

Please work your way through the following steps:


P2P Programs:


P2P programs are a major source of Malware infections.
From your log I see you have µTorrent. We do not pass judgment on file-sharing, however we must inform you that engaging in this activity and having this kind of software installed on your system will always make you more susceptible to Malware infections.
The use of P2P programs may be contributing to your current situation, and you would certainly be doing yourself a favour by removing them.
If you wish to keep the program(s), please do not use them until your computer is cleaned.


Information regarding the risk of using these programs can be found from here (http://malwareremoval.com/p2pindex.php) and here. (http://www.internetworldstats.com/articles/art053.htm)


It is strongly recommend that you uninstall any P2P programs you have on your system.


To do this, Click on the "Windows Orb" (bottom left hand corner of your screen), then on "Conrol Panel" and then on the "Programs and Features" tab.
A list of currently installed programs will be displayed.
Find the "µTorrent" program, click on it once and then click on the "Uninstall" button.
If you are prompted to re-boot your computer to complete the uninstall please do so.


PLEASE NOTE:
Even if you are using a P2P program that is deemed safe, it is only the program that is safe. Any files that you receive using a "safe" P2P program may be infected with Malware. The malware writers use P2P file-sharing as a major conduit to spread infected files.



DeFogger


Please download DeFogger (http://www.jpshortstuff.247fixes.com/Defogger.exe) to your desktop.
Right Click on DeFogger and select "Run as Administrator" to run the tool.
The application window will appear.
Click the Disable button to disable your CD Emulation drivers.
Click Yes to continue.
A 'Finished!' message will appear.
Click OK.
DeFogger will now ask to reboot the machine - click OK.
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.
Do not re-enable these drivers until otherwise instructed.



Combofix


Download ComboFix from one of the following locations:

Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.infospyware.net/antimalware/combofix/)

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here (http://forums.whatthetech.com/How_Disable_your_Security_Programs_t96260.html&pid=494216#entry494216).
Right click on ComboFix.exe and select "Run as Administrator" to rum the program. Follow the prompts.


As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

http://img.photobucket.com/albums/v706/ried7/RC1.png

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


http://img.photobucket.com/albums/v706/ried7/RC2-1.png

Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes: Do not mouse-click Combofix's window while it is running. That may cause it to stall.
Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Hey JonTom,

Thank you for the fast reply and support, i really appreciate it!

Now, I had some problems with the last stage of your process. First it wouldn't open the file Combofix.exe.... After browsing the web I learned that I had to rename it. Once renamed I ran it and followed the procedure.

When finished,the logged file popped up and I copied the content in an other text file because I couldn't open the C:\ComboFix.txt file, after I closed the popped up log file, the C:\ComboFix.txt was even automatically deleted!

So please find it attached as log.txt I also attached you a file with the screenshots of the errors.

I hope you can find something out! thank you a lot in any case!
Regards,
Rafa

Hey Spybot is working!!! and suddenly the combofix.txt file is on the C drive. I don't understand hahaha.

So are we done? It's fixed?

PD: sorry for the double post, I can't find any edit button!
:thanks::thanks::thanks::thanks::angel:

So are we done? It's fixed? Don't go anywhere just yet - chances are we will still have a few things to do.

I have just received your reply so let me spend some time looking at your log and I'll get back to you in due course :)

Hello arucard_esp

Did this machine have XP or Vista installed before Windows 7?

Hello arucard_esp

Did this machine have XP or Vista installed before Windows 7?

Hey JonTom, thank you for your help!
Before windows 7 I had Windows XP SP3.

Hello arucard_esp

Thanks for letting me know.

Before we continue with your fix, please run the following tool and post the log created:


CKScanner


Download CKScanner by askey127 from here (http://downloads.malwareremoval.com/CKScanner.exe) and save it to your Desktop.
Right click CKScanner.exe and select "Run as Administrator", then click on Search For Files.
When the cursor hourglass disappears, click Save List To File.
A message box will verify the file saved.
Double click the CKFiles.txt icon on your desktop then copy/paste the contents in your next reply

Double click the CKFiles.txt icon on your desktop then copy/paste the contents in your next reply

Hi, I think it didn't find anything:

CKScanner - Additional Security Risks - These are not necessarily bad
scanner sequence 3.MN.11
----- EOF -----

Hello arucard_esp

Thank you for the log.


I think it didn't find anything Thats nothing to worry about

ComboFix indicates that you have a number of damaged services on your machine. We will try and repair these now.


Please work your way through the following steps


Hold down the Windows key (has the Windows symbol on it) and press the "R" key. A Run box will open. Type in Notepad and press Enter.
Copy the text provided in the code box below and paste it into Notepad (make sure you include Windows Registry Editor Version 5.00.



Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost]
"netsvcs"=hex(7):41,00,65,00,4c,00,6f,00,6f,00,6b,00,75,00,70,00,53,00,76,00,63,00,00,\
00,41,00,70,00,70,00,49,00,6e,00,66,00,6f,00,00,00,41,00,70,00,70,00,4d,00,\
67,00,6d,00,74,00,00,00,41,00,75,00,64,00,69,00,6f,00,53,00,72,00,76,00,00,\
00,42,00,44,00,45,00,53,00,56,00,43,00,00,00,42,00,49,00,54,00,53,00,00,00,\
62,00,72,00,6f,00,77,00,73,00,65,00,72,00,00,00,43,00,65,00,72,00,74,00,50,\
00,72,00,6f,00,70,00,53,00,76,00,63,00,00,00,45,00,61,00,70,00,48,00,6f,00,\
73,00,74,00,00,00,46,00,61,00,73,00,74,00,55,00,73,00,65,00,72,00,53,00,77,\
00,69,00,74,00,63,00,68,00,69,00,6e,00,67,00,43,00,6f,00,6d,00,70,00,61,00,\
74,00,69,00,62,00,69,00,6c,00,69,00,74,00,79,00,00,00,67,00,70,00,73,00,76,\
00,63,00,00,00,68,00,65,00,6c,00,70,00,73,00,76,00,63,00,00,00,68,00,6b,00,\
6d,00,73,00,76,00,63,00,00,00,69,00,70,00,68,00,6c,00,70,00,73,00,76,00,63,\
00,00,00,6c,00,61,00,6e,00,6d,00,61,00,6e,00,73,00,65,00,72,00,76,00,65,00,\
72,00,00,00,49,00,4b,00,45,00,45,00,58,00,54,00,00,00,49,00,61,00,73,00,00,\
00,49,00,72,00,6d,00,6f,00,6e,00,00,00,4c,00,6f,00,67,00,6f,00,6e,00,48,00,\
6f,00,75,00,72,00,73,00,00,00,4d,00,4d,00,43,00,53,00,53,00,00,00,4d,00,53,\
00,69,00,53,00,43,00,53,00,49,00,00,00,4e,00,6c,00,61,00,00,00,4e,00,74,00,\
6d,00,73,00,73,00,76,00,63,00,00,00,4e,00,57,00,43,00,57,00,6f,00,72,00,6b,\
00,73,00,74,00,61,00,74,00,69,00,6f,00,6e,00,00,00,4e,00,77,00,73,00,61,00,\
70,00,61,00,67,00,65,00,6e,00,74,00,00,00,50,00,43,00,41,00,75,00,64,00,69,\
00,74,00,00,00,50,00,72,00,6f,00,66,00,53,00,76,00,63,00,00,00,52,00,61,00,\
73,00,41,00,75,00,74,00,6f,00,00,00,52,00,61,00,73,00,6d,00,61,00,6e,00,00,\
00,52,00,65,00,6d,00,6f,00,74,00,65,00,41,00,63,00,63,00,65,00,73,00,73,00,\
00,00,73,00,63,00,68,00,65,00,64,00,75,00,6c,00,65,00,00,00,53,00,43,00,50,\
00,6f,00,6c,00,69,00,63,00,79,00,53,00,76,00,63,00,00,00,73,00,65,00,63,00,\
6c,00,6f,00,67,00,6f,00,6e,00,00,00,53,00,45,00,4e,00,53,00,00,00,53,00,65,\
00,73,00,73,00,69,00,6f,00,6e,00,45,00,6e,00,76,00,00,00,53,00,68,00,61,00,\
72,00,65,00,64,00,61,00,63,00,63,00,65,00,73,00,73,00,00,00,53,00,68,00,65,\
00,6c,00,6c,00,48,00,57,00,44,00,65,00,74,00,65,00,63,00,74,00,69,00,6f,00,\
6e,00,00,00,53,00,52,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,00,00,54,\
00,61,00,70,00,69,00,73,00,72,00,76,00,00,00,54,00,68,00,65,00,6d,00,65,00,\
73,00,00,00,75,00,70,00,6c,00,6f,00,61,00,64,00,6d,00,67,00,72,00,00,00,77,\
00,65,00,72,00,63,00,70,00,6c,00,73,00,75,00,70,00,70,00,6f,00,72,00,74,00,\
00,00,77,00,69,00,6e,00,6d,00,67,00,6d,00,74,00,00,00,57,00,6d,00,64,00,6d,\
00,50,00,6d,00,53,00,70,00,00,00,57,00,6d,00,69,00,00,00,77,00,75,00,61,00,\
75,00,73,00,65,00,72,00,76,00,00,00,00,00,00,00


Save the text in Notepad as fix.reg, change the "Save as Type" to "All Files" and select your desktop as the save location.
An icon will appear on your desktop called "fix.reg".
Double click on the "fix.reg" icon.
You will be asked if you wish to merge the contents of the file to the registry. Click "Yes" or "OK".
You should then receive a message informing you that the merge was successful.
Next, please reboot your machine.
Once you have rebooted, you may delete the fix.reg file.


Once you have completed the steps above, please disable your security programs and run ComboFix again.

Please post the log that is created in your next reply.

Hey Jontom,

About the services: I'm running an optimized version of Windows 7, and I think some of them are disabled.... Does this matter?

Unfortunately my charger of the laptop stopped working two days ago. I'm waiting for a new one, as soon as I get it, I'll follow your instructions and post the log. Thank you once again for all your effort and support!

Best regards,
Rafa

Hello arucard_esp


Does this matter? Thats an excellent question (and I am glad you asked it).

The fix I provided is designed not only to repair the services that ComboFix listed as being damaged, but also to restore some missing default services to your machine.

If the "optimisation" removed some of the default services, then these would be restored by running the fix.

If you have some services purposefully disabled these services would (most likely) have to be re-disabled after running the script, so I would think that it would have an impact.


Without having the details of exactly how your services were optimised (which ones are purposefully absent/present, which ones are disabled) I can only return them to the defaults, so the question becomes: If your services were returned to their defaults, would you be able to reconfigure them to the way you had them before?


I'm waiting for a new one Thanks for letting me know :)

It has been a few days now - are you still with me?

Due to lack of response, this topic will now be closed. If you need continued support, please begin a new thread.