View Full Version : Click.GiftLoad infection
Hello, and thank you very much in advance for your help.
A few days ago my PC spontaneously restarted, and after the reboot Windows notified it had recovered itself from a serious error. Then I tried to install the latest Windows update, but the installation failed; in a moment I couldn't even access the Windows Update page. I ran Spybot-S&D and it found Click.GiftLoad. Now I'm working in safe mode (as I can do nothing in normal mode, everything going too slow). Since then I've only connected the computer to the internet in order to download ERUNT, DDS, etc. and to read the forum. I have also run ATF Cleaner, GooredFix and TDSSKiller as suggested by a friend, but it didn't work.
Thank you very much again.
.
DDS (Ver_11-03-05.01) - NTFSx86 NETWORK
Run by andres1 at 18:59:26,95 on 08/05/2011
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.34.3082.18.1023.765 [GMT 2:00]
.
AV: Panda Antivirus Pro 2010 *Enabled/Updated* {EEE2D94A-D4C1-421A-AB2C-2CE8FE51747A}
FW: Panda Personal Firewall 2010 *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Archivos de programa\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\andres1\Escritorio\shazam\spybot\dds.com
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.es/
uInternet Connection Wizard,ShellNext = hxxp://www.pandasoftware.com/redirector/?prod=104&app=KeysSupport&lang=spa
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\docume~1\andres1\config~1\temp\bldjad.exe
BHO: Aplicación auxiliar de vínculos de Adobe PDF Reader: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\archivos de programa\archivos comunes\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Windows Live Aplicación auxiliar de inicio de sesión: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\archivos de programa\archivos comunes\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\archivos de programa\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [High Definition Audio Property Page Shortcut] HDAShCut.exe
mRun: [NeroFilterCheck] c:\archivos de programa\archivos comunes\ahead\lib\NeroCheck.exe
mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [SoundMAXPnP] c:\archivos de programa\analog devices\core\smax4pnp.exe
mRun: [XboxStat] "c:\archivos de programa\microsoft xbox 360 accessories\XboxStat.exe" silentrun
mRun: [APVXDWIN] "c:\archivos de programa\panda security\panda antivirus pro 2010\APVXDWIN.EXE" /s
mRun: [SCANINICIO] "c:\archivos de programa\panda security\panda antivirus pro 2010\Inicio.exe"
mRun: [Adobe Reader Speed Launcher] "c:\archivos de programa\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\archivos de programa\archivos comunes\adobe\arm\1.0\AdobeARM.exe"
mRun: [Samsung PanelMgr] c:\windows\samsung\panelmgr\SSMMgr.exe /autorun
mRun: [QuickTime Task] "c:\archivos de programa\quicktime\qttask.exe" -atboottime
mRun: [CERTUI] c:\archivos de programa\acotec\certui\CerTUI.exe
mRun: [RegistrarUsrDNIeCertStoreDLL] "c:\archivos de programa\dnie\udcs.exe"
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\andres1\menini~1\progra~1\inicio\certui.lnk - c:\archivos de programa\acotec\certui\CerTui.exe
StartupFolder: c:\docume~1\andres1\menini~1\progra~1\inicio\uninst~1.lnk - c:\windows\certui\uninstall.exe
StartupFolder: c:\docume~1\alluse~1\menini~1\progra~1\inicio\logite~1.lnk - c:\archivos de programa\logitech\setpoint\SetPoint.exe
mPolicies-system: EnableUA = 0 (0x0)
IE: E&xportar a Microsoft Excel - c:\archiv~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\archivos de programa\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\archiv~1\micros~2\office11\REFIEBAR.DLL
Trusted Zone: fnmt.es\www.cert
DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://downloads.ewido.net/ewidoOnlineScan.cab
DPF: {1C4C6BC7-91F1-4FD3-A208-B07B6C1BDBFB} - hxxps://www.juntadeandalucia.es/economiayhacienda/apl/surnet/firma/instalacion/SignV2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {A996E48C-D3DC-4244-89F7-AFA33EC60679} - hxxps://www.cert.fnmt.es/content/pages_std/ficheros_apps_usuarios/capicom.cab
DPF: {B785FA3C-1DE9-4D20-8396-613C486FE95E} - hxxps://www1.aeat.es/imagenes/comun/cactivex.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avldr - avldr.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: ShellHook Class: {88485281-8b4b-4f8d-9ede-82e29a064277} - c:\archiv~1\markany\conten~1\MACSMA~1.DLL
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, mrjmptwa.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\andres1\datosd~1\mozilla\firefox\profiles\d7wjsik5.default\
FF - Ext: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - %profile%\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: 1-Click YouTube Video Downloader: YoutubeDownloader@PeterOlayev.com - %profile%\extensions\YoutubeDownloader@PeterOlayev.com
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\archivos de programa\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\archivos de programa\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - c:\archivos de programa\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\archivos de programa\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\archivos de programa\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Acotec PKCS#11: acotec@acotec.es - c:\archivos de programa\mozilla firefox\extensions\acotec@acotec.es
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\archivos de programa\java\jre6\lib\deploy\jqs\ff
.
============= SERVICES / DRIVERS ===============
.
R1 NETFLTDI;Panda Net Driver [TDI Layer];c:\windows\system32\drivers\NETFLTDI.SYS [2010-6-19 159112]
R2 aawservice;Ad-Aware 2007 Service;c:\archivos de programa\lavasoft\ad-aware 2007\aawservice.exe [2007-6-5 607576]
R3 NETIMFLT01060039;PANDA NDIS IM Filter Miniport v1.6.0.39;c:\windows\system32\drivers\neti1639.sys [2010-6-19 199432]
S0 pavboot;Panda boot driver;c:\windows\system32\drivers\pavboot.sys [2010-6-19 28552]
S1 APPFLT;App Filter Plugin;c:\windows\system32\drivers\APPFLT.SYS [2010-6-19 75016]
S1 DSAFLT;DSA Filter Plugin;c:\windows\system32\drivers\dsaflt.sys [2010-6-19 53128]
S1 FNETMON;NetMon Filter Plugin;c:\windows\system32\drivers\fnetmon.sys [2010-6-19 22072]
S1 IDSFLT;Ids Filter Plugin;c:\windows\system32\drivers\idsflt.sys [2010-6-19 193800]
S1 ShldDrv;Panda File Shield Driver;c:\windows\system32\drivers\ShlDrv51.sys [2010-6-19 41144]
S1 WNMFLT;Wifi Monitor Filter Plugin;c:\windows\system32\drivers\wnmflt.sys [2010-6-19 46728]
S2 ckfhatpqubgol;ckfhatpqubgol;"c:\docume~1\andres1\config~1\temp\dat1aed.tmp.exe" --service --> c:\docume~1\andres1\config~1\temp\DAT1AED.tmp.exe [?]
S2 Gwmsrv;Panda Goodware Cache Manager;c:\windows\system32\svchost -k panda --> c:\windows\system32\svchost -k Panda [?]
S2 Panda Software Controller;Panda Software Controller;c:\archivos de programa\panda security\panda antivirus pro 2010\PsCtrlS.exe [2010-6-19 173312]
S2 PAVDRV;pavdrv;c:\windows\system32\drivers\pavdrv51.sys [2010-6-19 84024]
S2 PAVFNSVR;Panda Function Service;c:\archivos de programa\panda security\panda antivirus pro 2010\PavFnSvr.exe [2010-6-19 169216]
S2 PavProc;Panda Process Protection Driver;c:\windows\system32\drivers\PavProc.sys [2010-6-19 163336]
S2 PavPrSrv;Panda Process Protection Service;c:\archivos de programa\archivos comunes\panda security\pavshld\PavPrSrv.exe [2010-6-19 62768]
S2 PAVSRV;Panda On-Access Anti-Malware Service;c:\archivos de programa\panda security\panda antivirus pro 2010\PAVSRV51.EXE [2010-6-19 291584]
S2 PskSvcRetail;Panda PSK service;c:\archivos de programa\panda security\panda antivirus pro 2010\psksvc.exe [2010-6-19 28928]
S2 srvA50;srvA50;c:\windows\system32\svchost.exe -k netsvcs [2006-3-2 14336]
S2 SSPORT;SSPORT;\??\c:\windows\system32\drivers\ssport.sys --> c:\windows\system32\drivers\SSPORT.sys [?]
S3 AvFlt;Antivirus Filter Driver;c:\windows\system32\drivers\av5flt.sys --> c:\windows\system32\drivers\av5flt.sys [?]
S3 PavSRK.sys;PavSRK.sys;\??\c:\windows\system32\pavsrk.sys --> c:\windows\system32\PavSRK.sys [?]
S3 PavTPK.sys;PavTPK.sys;\??\c:\windows\system32\pavtpk.sys --> c:\windows\system32\PavTPK.sys [?]
S3 RkPavproc1;RkPavproc1;c:\windows\system32\drivers\RkPavproc1.sys [2011-4-30 16648]
S3 RkPavproc2;RkPavproc2;\??\c:\windows\system32\drivers\rkpavproc2.sys --> c:\windows\system32\drivers\RkPavproc2.sys [?]
S3 RkPavproc3;RkPavproc3;\??\c:\windows\system32\drivers\rkpavproc3.sys --> c:\windows\system32\drivers\RkPavproc3.sys [?]
S3 RkPavproc4;RkPavproc4;\??\c:\windows\system32\drivers\rkpavproc4.sys --> c:\windows\system32\drivers\RkPavproc4.sys [?]
S3 xusb20;Xbox 360 Wireless Receiver for Windows Driver Service;c:\windows\system32\drivers\xusb20.sys [2006-10-14 50048]
.
=============== File Associations ===============
.
JSEFile=c:\archiv~1\pandas~2\pandaa~1\PAVSCRIP.EXE "%1" %*
VBEFile=c:\archiv~1\pandas~2\pandaa~1\PAVSCRIP.EXE "%1" %*
VBSFile=c:\archiv~1\pandas~2\pandaa~1\PAVSCRIP.EXE "%1" %*
.
=============== Created Last 30 ================
.
2011-05-05 16:12:06 -------- d-----w- C:\PANDA
2011-04-30 16:39:03 16648 ----a-w- c:\windows\system32\drivers\RkPavproc1.sys
2011-04-29 23:32:51 0 ----a-w- c:\windows\system32\tmp.tmp
2011-04-29 20:42:09 37888 ----a-w- c:\windows\system32\mrjmptwa.dll
2011-04-29 20:40:28 11968 ----a-w- c:\archivos de programa\mozilla firefox\null0.8191773321168803.exe
2011-04-13 18:19:48 196608 ----a-w- C:\aeat.dll
2011-04-12 20:24:21 -------- d-----w- c:\archivos de programa\DNIe
2011-04-12 18:32:01 -------- d-----w- c:\windows\CerTUI
2011-04-12 18:32:01 -------- d-----w- c:\archivos de programa\ACOTEC
.
==================== Find3M ====================
.
2011-03-21 18:13:18 295042 ----a-w- c:\windows\system32\shimg.dll
2011-03-07 05:33:36 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 08:43:22 434176 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:53:03 1858048 ----a-w- c:\windows\system32\win32k.sys
2011-02-17 18:55:28 832512 ----a-w- c:\windows\system32\wininet.dll
2011-02-17 18:55:28 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2011-02-17 18:55:27 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-02-17 18:55:27 17408 ----a-w- c:\windows\system32\corpol.dll
2011-02-17 12:54:06 5632 ----a-w- c:\windows\system32\xpsp4res.dll
2011-02-17 11:44:16 389120 ----a-w- c:\windows\system32\html.iec
2011-02-15 12:56:39 290432 ----a-w- c:\windows\system32\atmfd.dll
2011-02-09 13:53:27 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53:27 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-08 13:33:28 978944 ----a-w- c:\windows\system32\mfc42.dll
2011-02-08 13:33:28 974848 ----a-w- c:\windows\system32\mfc42u.dll
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: Maxtor_6V320F0 rev.VA111900 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-17
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x86E45730]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x86e4ba10]; MOV EAX, [0x86e4ba8c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 nt!IofCallDriver[0x804E13B9] -> \Device\Harddisk0\DR0[0x86F36AB8]
3 CLASSPNP[0xF762FFD7] -> nt!IofCallDriver[0x804E13B9] -> [0x86EFDAE8]
\Driver\atapi[0x86ED0D28] -> IRP_MJ_CREATE -> 0x86E45730
error: Read Uno de los dispositivos vinculados al sistema no funciona.
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x86E4557B
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 19:01:15,96 ===============
Click.GiftLoad: [SBI $89783858] Configuración del usuario (Valor del registro, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\featurecontrol\FEATURE_BROWSER_EMULATION\svchost.exe
--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---
2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2007-06-29 unins000.exe (51.41.0.0)
2009-04-02 unins001.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-11-04 advcheck.dll (1.6.5.20)
2007-04-02 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2011-03-18 Includes\Adware.sbi (*)
2011-03-22 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2010-12-14 Includes\Dialer.sbi (*)
2011-03-08 Includes\DialerC.sbi (*)
2011-02-24 Includes\HeavyDuty.sbi (*)
2011-03-29 Includes\Hijackers.sbi (*)
2011-03-29 Includes\HijackersC.sbi (*)
2010-09-15 Includes\iPhone.sbi (*)
2010-12-14 Includes\Keyloggers.sbi (*)
2011-03-08 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2011-04-05 Includes\Malware.sbi (*)
2011-05-03 Includes\MalwareC.sbi (*)
2011-02-24 Includes\PUPS.sbi (*)
2011-03-15 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2009-01-13 Includes\Security.sbi (*)
2011-05-03 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2011-02-24 Includes\Spyware.sbi (*)
2011-05-03 Includes\SpywareC.sbi (*)
2010-03-08 Includes\Tracks.uti
2010-12-28 Includes\Trojans.sbi (*)
2011-05-02 Includes\TrojansC-02.sbi (*)
2011-05-03 Includes\TrojansC-03.sbi (*)
2011-05-03 Includes\TrojansC-04.sbi (*)
2011-05-04 Includes\TrojansC-05.sbi (*)
2011-03-08 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll
:snwelcome:
Please read Before You Post (http://forums.spybot.info/showthread.php?t=288)
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.
Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware except for the programs we may run.
Besides Click.Giftload, your infected with a nasty Rootkit
REGEDIT4
[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\featurecontrol\FEATURE_BROWSER_EMULATION]
"svchost.exe"=-
Copy the entire contents inside the Quote box and Paste it into Notepad ( this will only work with Notepad ) name the file Regfix.reg and in the drop down box, save it as All Files. Save it to your desktop. Then Rightclick on the Regfix.reg file and click on Merge, when it asks you to merge with the Registry, say yes.
If you saved the file correctly it should look like this http://i24.photobucket.com/albums/c30/ken545/reg.jpg
Download aswMBR.exe (http://public.avast.com/~gmerek/aswMBR.exe) ( 511KB ) to your desktop.
Double click the aswMBR.exe to run it
Click the "Scan" button to start scan
http://public.avast.com/~gmerek/aswMBR1.png
On completion of the scan click save log, save it to your desktop and post in your next reply
http://public.avast.com/~gmerek/aswMBR2.png
Hi Ken, thank you very much for your support.
---
aswMBR version 0.9.5.256 Copyright(c) 2011 AVAST Software
Run date: 2011-05-11 09:47:44
-----------------------------
09:47:44.484 OS Version: Windows 5.1.2600 Service Pack 3
09:47:44.484 Number of processors: 2 586 0x604
09:47:44.484 ComputerName: ANDRES-15E02CCC UserName: andres1
09:47:45.546 Initialize success
09:48:00.875 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-17
09:48:00.906 Disk 0 Vendor: Maxtor_6V320F0 VA111900 Size: 305245MB BusType: 3
09:48:00.921 Device \Driver\atapi -> DriverStartIo 86e4f57b
09:48:00.937 Disk 0 MBR read error 0
09:48:00.953 Disk 0 MBR scan
09:48:00.968 Disk 0 unknown MBR code
09:48:01.000 MBR BIOS signature not found 0
09:48:01.015 Disk 0 scanning sectors +625121280
09:48:01.031 Disk 0 scanning C:\WINDOWS\system32\drivers
09:48:07.328 Service scanning
09:48:11.750 Disk 0 trace - called modules:
09:48:11.765 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x86e4f730]<<
09:48:11.781 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86eedab8]
09:48:11.812 3 CLASSPNP.SYS[f762ffd7] -> nt!IofCallDriver -> [0x86f16b48]
09:48:11.843 \Driver\atapi[0x86f1eca8] -> IRP_MJ_CREATE -> 0x86e4f730
09:48:11.953 Scan finished successfully
09:48:38.703 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\andres1\Escritorio\shazam\spybot\MBR.dat"
09:48:38.734 The log file has been saved successfully to "C:\Documents and Settings\andres1\Escritorio\shazam\spybot\aswMBR.txt"
Good Morning
Re-Run aswMBR
Click Scan
On completion of the scan
Click Fix
http://public.avast.com/~gmerek/aswMBR3.png
Save the log as before and post in your next reply
After re-scanning, the "Fix" button is disabled, I can only push the "FixMBR" button. Should I?
Also, I must mention before your first reply I was provided by Panda with a "SafeCD" for scanning the computer, and it disinfected 3 files (nothing changed, though):
File checked : /mnt/sda1/WINDOWS/system32/mrjmptwa.dll
Found virus :Generic Malware Virus disinfected
File checked : /mnt/sda1/WINDOWS/Temp/srv1E4.tmp
Found virus :Generic Trojan Virus disinfected
File checked : /mnt/sda1/WINDOWS/Temp/srvA50.tmp
Found virus :Generic Trojan Virus disinfected
Of course, now that you are assisting me I will stick to your instructions, but I wanted you to know this for you to have all the info. Sorry for not mentioning before.
No, dont use FIXMBR.
See if this program will run
Please download TDSSKiller.zip (http://support.kaspersky.com/downloads/utils/tdsskiller.zip)
Extract it to your desktop
Double click TDSSKiller.exe
Press Start Scan
Only if Malicious objects are found then ensure Cure is selected
Then click Continue > Reboot now
Copy and paste the log in your next reply
A copy of the log will be saved automatically to the root of the drive (typically C:\)
It ran now!
2011/05/11 10:51:14.0828 1824 TDSS rootkit removing tool 2.5.0.0 May 1 2011 14:20:16
2011/05/11 10:51:14.0859 1824 ================================================================================
2011/05/11 10:51:14.0859 1824 SystemInfo:
2011/05/11 10:51:14.0859 1824
2011/05/11 10:51:14.0859 1824 OS Version: 5.1.2600 ServicePack: 3.0
2011/05/11 10:51:14.0859 1824 Product type: Workstation
2011/05/11 10:51:14.0859 1824 ComputerName: ANDRES-15E02CCC
2011/05/11 10:51:14.0859 1824 UserName: andres1
2011/05/11 10:51:14.0859 1824 Windows directory: C:\WINDOWS
2011/05/11 10:51:14.0859 1824 System windows directory: C:\WINDOWS
2011/05/11 10:51:14.0859 1824 Processor architecture: Intel x86
2011/05/11 10:51:14.0859 1824 Number of processors: 2
2011/05/11 10:51:14.0859 1824 Page size: 0x1000
2011/05/11 10:51:14.0859 1824 Boot type: Safe boot with network
2011/05/11 10:51:14.0859 1824 ================================================================================
2011/05/11 10:51:15.0187 1824 Initialize success
2011/05/11 10:51:27.0578 1976 ================================================================================
2011/05/11 10:51:27.0578 1976 Scan started
2011/05/11 10:51:27.0578 1976 Mode: Manual;
2011/05/11 10:51:27.0578 1976 ================================================================================
2011/05/11 10:51:29.0078 1976 ACPI (cf2a07e1751a2d612d7e13aa431ab057) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/05/11 10:51:29.0171 1976 ACPIEC (1c905333c0b9f3d7c68ddf25e54b00f9) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/05/11 10:51:29.0234 1976 ADIHdAudAddService (0f0186521e3f45a2a3bf7cd3ee3fb8ca) C:\WINDOWS\system32\drivers\ADIHdAud.sys
2011/05/11 10:51:29.0359 1976 AEAudioService (9f59ae2de835641fbb0c6afd80d8fa9b) C:\WINDOWS\system32\drivers\AEAudio.sys
2011/05/11 10:51:29.0421 1976 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/05/11 10:51:29.0484 1976 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys
2011/05/11 10:51:29.0843 1976 APPFLT (2fc5d743822771fb40a053ac38b10012) C:\WINDOWS\system32\Drivers\APPFLT.SYS
2011/05/11 10:51:30.0156 1976 AsIO (c959989e2ce8da9bde8cafddba84badf) C:\WINDOWS\system32\drivers\AsIO.sys
2011/05/11 10:51:30.0281 1976 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/05/11 10:51:30.0343 1976 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/05/11 10:51:30.0546 1976 ati2mtag (86a7a22f3670465ef575614e001159c0) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2011/05/11 10:51:30.0656 1976 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/05/11 10:51:30.0781 1976 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/05/11 10:51:30.0875 1976 AVerBDA (126bbd8a8755ff7e3fdbe2ff3a1909c8) C:\WINDOWS\system32\DRIVERS\AVerBDA3x.sys
2011/05/11 10:51:31.0031 1976 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/05/11 10:51:31.0156 1976 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/05/11 10:51:31.0234 1976 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/05/11 10:51:31.0343 1976 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/05/11 10:51:31.0406 1976 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/05/11 10:51:31.0468 1976 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/05/11 10:51:32.0187 1976 DgiVecp (770471de2550820feeb7e5d24bf2e273) C:\WINDOWS\system32\Drivers\DgiVecp.sys
2011/05/11 10:51:32.0265 1976 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/05/11 10:51:32.0406 1976 dmboot (c252a99c0a78b39faa2e2d1d048b1050) C:\WINDOWS\system32\drivers\dmboot.sys
2011/05/11 10:51:32.0484 1976 dmio (33b4d4039cd2cb25351a7bf13b2988d9) C:\WINDOWS\system32\drivers\dmio.sys
2011/05/11 10:51:32.0562 1976 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/05/11 10:51:32.0687 1976 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/05/11 10:51:32.0843 1976 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/05/11 10:51:32.0921 1976 DSAFLT (c64c790e8a752b001a6b08ac194e5e5b) C:\WINDOWS\system32\Drivers\DSAFLT.SYS
2011/05/11 10:51:33.0093 1976 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/05/11 10:51:33.0171 1976 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/05/11 10:51:33.0218 1976 Fips (e5e61f2c07344e91dbfb7eafde549ab4) C:\WINDOWS\system32\drivers\Fips.sys
2011/05/11 10:51:33.0312 1976 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/05/11 10:51:33.0406 1976 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/05/11 10:51:33.0468 1976 FNETMON (72a4e942508abe5803ded728a2799d0f) C:\WINDOWS\system32\Drivers\fnetmon.SYS
2011/05/11 10:51:33.0578 1976 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/05/11 10:51:33.0640 1976 Ftdisk (cc5f3af5711a1c7c8fa1d43bb16b401a) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/05/11 10:51:33.0703 1976 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2011/05/11 10:51:33.0843 1976 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/05/11 10:51:33.0937 1976 HdAudAddService (f58d2900c66a1e773e3375098e0e9337) C:\WINDOWS\system32\drivers\HdAudio.sys
2011/05/11 10:51:34.0046 1976 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/05/11 10:51:34.0171 1976 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/05/11 10:51:34.0359 1976 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/05/11 10:51:34.0578 1976 i8042prt (4a2490a66e8271901e89dd5fb79748ae) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/05/11 10:51:34.0703 1976 IDSFLT (c4cfc85c311a9e1a8a50baeb080343e1) C:\WINDOWS\system32\Drivers\IDSFLT.SYS
2011/05/11 10:51:34.0765 1976 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/05/11 10:51:35.0046 1976 intelppm (49a060498c09db18c3ea9939789005ab) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/05/11 10:51:35.0140 1976 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/05/11 10:51:35.0234 1976 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/05/11 10:51:35.0343 1976 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/05/11 10:51:35.0406 1976 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/05/11 10:51:35.0546 1976 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/05/11 10:51:35.0593 1976 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/05/11 10:51:35.0703 1976 isapnp (0f3d281b0410fe5d482aada37d20524b) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/05/11 10:51:35.0765 1976 Kbdclass (188ddd286bc0daea6984858c6a4d7bbf) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/05/11 10:51:35.0859 1976 kbdhid (72efebecf76eb1dccc5ba9ea746d90e8) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/05/11 10:51:35.0968 1976 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/05/11 10:51:36.0062 1976 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/05/11 10:51:36.0156 1976 L8042Kbd (5a11400ea1f0a106fe7edb28c270f7b8) C:\WINDOWS\system32\Drivers\L8042Kbd.sys
2011/05/11 10:51:36.0250 1976 L8042mou (20c919b52897b72ebcb2ad2fc29d8ef0) C:\WINDOWS\system32\Drivers\L8042mou.sys
2011/05/11 10:51:36.0421 1976 LHidKe (31b582394da3290dff300f10952e9a4d) C:\WINDOWS\system32\DRIVERS\LHidKE.Sys
2011/05/11 10:51:36.0500 1976 LMouKE (90a794d0a0bf3531c4ba1c0510449629) C:\WINDOWS\system32\Drivers\LMouKE.sys
2011/05/11 10:51:36.0609 1976 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/05/11 10:51:36.0687 1976 Modem (9024556e739b8469d2b8f5f0e4c9bc9f) C:\WINDOWS\system32\drivers\Modem.sys
2011/05/11 10:51:36.0734 1976 Mouclass (6fd36b4994a2363659a65c9f970cfdb7) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/05/11 10:51:36.0828 1976 mouhid (8ee532e516b2d23d686cfc1cc0a15c25) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/05/11 10:51:36.0937 1976 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/05/11 10:51:37.0015 1976 MPE (c0f8e0c2c3c0437cf37c6781896dc3ec) C:\WINDOWS\system32\DRIVERS\MPE.sys
2011/05/11 10:51:37.0140 1976 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/05/11 10:51:37.0234 1976 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/05/11 10:51:37.0328 1976 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/05/11 10:51:37.0406 1976 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/05/11 10:51:37.0500 1976 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/05/11 10:51:37.0562 1976 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/05/11 10:51:37.0625 1976 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/05/11 10:51:37.0734 1976 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/05/11 10:51:37.0828 1976 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys
2011/05/11 10:51:37.0890 1976 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/05/11 10:51:38.0000 1976 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/05/11 10:51:38.0093 1976 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/05/11 10:51:38.0156 1976 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/05/11 10:51:38.0218 1976 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/05/11 10:51:38.0281 1976 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/05/11 10:51:38.0343 1976 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/05/11 10:51:38.0406 1976 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/05/11 10:51:38.0484 1976 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/05/11 10:51:38.0562 1976 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/05/11 10:51:38.0718 1976 NETFLTDI (c530477bb0e1c7b978cbc2a45f300887) C:\WINDOWS\system32\Drivers\NETFLTDI.SYS
2011/05/11 10:51:38.0812 1976 NETIMFLT01060039 (1aeacdf5a0b9d43b9b942d2d738d1ffb) C:\WINDOWS\system32\DRIVERS\neti1639.sys
2011/05/11 10:51:38.0953 1976 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/05/11 10:51:39.0000 1976 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/05/11 10:51:39.0093 1976 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/05/11 10:51:39.0203 1976 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/05/11 10:51:39.0265 1976 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/05/11 10:51:39.0359 1976 Parport (e7855cbd8bd1fda085a3f92cff7906e2) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/05/11 10:51:39.0421 1976 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/05/11 10:51:39.0500 1976 ParVdm (fad44d704ecd7d39ad01415b8bb34204) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/05/11 10:51:39.0578 1976 pavboot (3adb8bd6154a3ef87496e8fce9c22493) C:\WINDOWS\system32\Drivers\pavboot.sys
2011/05/11 10:51:39.0656 1976 PAVDRV (831acdb182529bd9d153b141f28b1cb0) C:\WINDOWS\system32\DRIVERS\pavdrv51.sys
2011/05/11 10:51:39.0765 1976 PavProc (ce249bd36ef6130deaddb90ec542a784) C:\WINDOWS\system32\DRIVERS\PavProc.sys
2011/05/11 10:51:40.0031 1976 PCI (f11bc84ae6c7b003b5e0c8eeb4a1f444) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/05/11 10:51:40.0156 1976 PCIIde (33d63f0a9021acb4d75d83b646b93a30) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/05/11 10:51:40.0218 1976 Pcmcia (f50c27cca56dc97b3a45e7f0059bd2ba) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/05/11 10:51:40.0671 1976 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/05/11 10:51:40.0781 1976 PRISM_A02 (586a0f9139d14729217dfff1259ffdbd) C:\WINDOWS\system32\DRIVERS\PRISMA02.sys
2011/05/11 10:51:40.0875 1976 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/05/11 10:51:41.0031 1976 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/05/11 10:51:41.0109 1976 PxHelp20 (1962166e0ceb740704f30fa55ad3d509) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/05/11 10:51:41.0390 1976 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/05/11 10:51:41.0468 1976 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/05/11 10:51:41.0531 1976 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/05/11 10:51:41.0593 1976 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/05/11 10:51:41.0671 1976 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/05/11 10:51:41.0718 1976 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/05/11 10:51:41.0828 1976 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/05/11 10:51:41.0906 1976 redbook (20950948970a0ea329b4254052bcf093) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/05/11 10:51:42.0031 1976 RkPavproc1 (ad291c360a62ff1309174e777476d21e) C:\WINDOWS\system32\drivers\RkPavproc1.sys
2011/05/11 10:51:42.0328 1976 RTL8023xp (df4930b33a5d32f46c71e6cd5df68650) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
2011/05/11 10:51:42.0484 1976 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/05/11 10:51:42.0609 1976 SenFiltService (eca77beeb2be8d573cf1b265e44fbfbd) C:\WINDOWS\system32\drivers\Senfilt.sys
2011/05/11 10:51:42.0703 1976 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/05/11 10:51:42.0750 1976 Serial (f41b42b92ae9c1191858c3f80cc24a9c) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/05/11 10:51:42.0843 1976 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/05/11 10:51:43.0015 1976 ShldDrv (25d7d8fd7e150cfbda160ebb38171334) C:\WINDOWS\system32\DRIVERS\ShlDrv51.sys
2011/05/11 10:51:43.0140 1976 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/05/11 10:51:43.0328 1976 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/05/11 10:51:43.0484 1976 sptd (d15da1ba189770d93eea2d7e18f95af9) C:\WINDOWS\system32\Drivers\sptd.sys
2011/05/11 10:51:43.0484 1976 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: d15da1ba189770d93eea2d7e18f95af9
2011/05/11 10:51:43.0500 1976 sptd - detected LockedFile.Multi.Generic (1)
2011/05/11 10:51:43.0546 1976 sr (ccb3065c3ee63a4515fe84af9e78d1dd) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/05/11 10:51:43.0687 1976 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/05/11 10:51:43.0906 1976 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/05/11 10:51:44.0031 1976 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/05/11 10:51:44.0250 1976 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/05/11 10:51:44.0562 1976 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/05/11 10:51:44.0718 1976 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/05/11 10:51:44.0812 1976 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/05/11 10:51:44.0875 1976 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/05/11 10:51:44.0937 1976 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/05/11 10:51:45.0125 1976 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/05/11 10:51:45.0265 1976 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/05/11 10:51:45.0406 1976 USBAAPL (1df89c499bf45d878b87ebd4421d462d) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/05/11 10:51:45.0500 1976 usbbus (9419faac6552a51542dbba02971c841c) C:\WINDOWS\system32\DRIVERS\lgusbbus.sys
2011/05/11 10:51:45.0578 1976 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/05/11 10:51:45.0703 1976 USBCCID (2825e0e294686a26506690059e1f437a) C:\WINDOWS\system32\DRIVERS\usbccid.sys
2011/05/11 10:51:45.0796 1976 UsbDiag (c0a466fa4ffec464320e159bc1bbdc0c) C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys
2011/05/11 10:51:45.0906 1976 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/05/11 10:51:46.0046 1976 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/05/11 10:51:46.0156 1976 USBModem (f74a54774a9b0afeb3c40adec68aa600) C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys
2011/05/11 10:51:46.0234 1976 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/05/11 10:51:46.0296 1976 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/05/11 10:51:46.0375 1976 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/05/11 10:51:46.0468 1976 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/05/11 10:51:46.0531 1976 USB_RNDIS (bee793d4a059caea55d6ac20e19b3a8f) C:\WINDOWS\system32\DRIVERS\usb8023.sys
2011/05/11 10:51:46.0578 1976 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/05/11 10:51:46.0703 1976 VolSnap (c41ffdc191e6c832e2e53c967eae0a16) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/05/11 10:51:46.0859 1976 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/05/11 10:51:47.0140 1976 Wdf01000 (060e8cb99cc0a6751db5810c042b0d45) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
2011/05/11 10:51:47.0265 1976 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/05/11 10:51:47.0546 1976 WNMFLT (5229193dac40312f1b9fad5fa0f57774) C:\WINDOWS\system32\Drivers\WNMFLT.SYS
2011/05/11 10:51:47.0609 1976 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2011/05/11 10:51:47.0703 1976 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/05/11 10:51:47.0781 1976 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/05/11 10:51:47.0859 1976 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/05/11 10:51:47.0937 1976 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/05/11 10:51:48.0093 1976 xusb20 (c1c30732240de36551f438d5412959be) C:\WINDOWS\system32\DRIVERS\xusb20.sys
2011/05/11 10:51:48.0187 1976 xusb21 (ee9144207ee0211eb5656ba6808ac4a0) C:\WINDOWS\system32\DRIVERS\xusb21.sys
2011/05/11 10:51:48.0296 1976 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/05/11 10:51:48.0312 1976 ================================================================================
2011/05/11 10:51:48.0312 1976 Scan finished
2011/05/11 10:51:48.0312 1976 ================================================================================
2011/05/11 10:51:48.0359 1912 Detected object count: 2
2011/05/11 10:53:21.0234 1912 LockedFile.Multi.Generic(sptd) - User select action: Skip
2011/05/11 10:53:21.0281 1912 \HardDisk0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/05/11 10:53:21.0281 1912 \HardDisk0 - ok
2011/05/11 10:53:21.0281 1912 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
2011/05/11 10:53:39.0656 1924 Deinitialize success
Make sure you rebooted after running TDSSKiller to have it take effect
Download ComboFix from one of these locations:
Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
* IMPORTANT !!! Save ComboFix.exe to your Desktop
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
See this Link (http://www.bleepingcomputer.com/forums/topic114351.html) for programs that need to be disabled and instruction on how to disable them.
Remember to re-enable them when we're done.
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
http://img.photobucket.com/albums/v706/ried7/RC1.png
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
http://img.photobucket.com/albums/v706/ried7/RC2-1.png
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.
Now this is what has happened: ComboFix has started after telling me my Panda AV was still active (it had no "Exit" option, so I pressed the upper-right corner "X", but it went ahead). Now it's on the "Install MS Windows Recovery Console" screen. Should I continue anyway, or stop it and disable Panda before? And in this in latter case, how do I stop it? (again no "Exit" button, just "Yes" or "No").
This is the resulting log:
ComboFix 11-05-10.02 - andres1 11/05/2011 14:18:28.1.2 - x86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.3.1252.34.3082.18.1023.783 [GMT 2:00]
Running from: c:\documents and settings\andres1\Escritorio\ComboFix.exe
AV: Panda Antivirus Pro 2010 *Enabled/Updated* {EEE2D94A-D4C1-421A-AB2C-2CE8FE51747A}
FW: Panda Personal Firewall 2010 *Enabled* {7B090DC0-8905-4BAF-8040-FD98A41C8FB8}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\muzapp.exe
c:\windows\system32\shimg.dll
c:\windows\system32\tmp.tmp
.
.
((((((((((((((((((((((((( Files Created from 2011-04-11 to 2011-05-11 )))))))))))))))))))))))))))))))
.
.
2011-05-08 16:57 . 2011-05-08 16:58 -------- d-----w- c:\archivos de programa\ERUNT
2011-05-08 16:38 . 2011-05-08 16:38 -------- d-----w- c:\documents and settings\Administrador
2011-05-05 16:12 . 2011-05-05 17:02 -------- d-----w- C:\PANDA
2011-04-30 16:39 . 2009-05-20 14:44 16648 ----a-w- c:\windows\system32\drivers\RkPavproc1.sys
2011-04-29 20:40 . 2011-04-29 20:41 11968 ----a-w- c:\archivos de programa\Mozilla Firefox\null0.8191773321168803.exe
2011-04-13 18:19 . 2010-12-02 12:55 196608 ----a-w- C:\aeat.dll
2011-04-12 20:24 . 2011-04-12 20:24 -------- d-----w- c:\archivos de programa\DNIe
2011-04-12 18:32 . 2011-04-12 18:32 -------- d-----w- c:\windows\CerTUI
2011-04-12 18:32 . 2011-04-12 18:32 -------- d-----w- c:\archivos de programa\ACOTEC
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-07 05:33 . 2006-08-23 00:16 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 08:43 . 2006-03-02 12:00 434176 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:53 . 2006-03-02 12:00 1858048 ----a-w- c:\windows\system32\win32k.sys
2011-02-17 18:55 . 2006-03-02 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2011-02-17 18:55 . 2006-03-02 12:00 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2011-02-17 18:55 . 2006-03-02 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-02-17 18:55 . 2006-03-02 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2011-02-17 13:18 . 2006-03-02 12:00 455936 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-02-17 13:18 . 2006-03-02 12:00 357888 ----a-w- c:\windows\system32\drivers\srv.sys
2011-02-17 12:54 . 2008-05-05 05:25 5632 ----a-w- c:\windows\system32\xpsp4res.dll
2011-02-17 11:44 . 2006-03-02 12:00 389120 ----a-w- c:\windows\system32\html.iec
2011-02-15 12:56 . 2006-03-02 12:00 290432 ----a-w- c:\windows\system32\atmfd.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 61952]
"NeroFilterCheck"="c:\archivos de programa\Archivos comunes\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-05-20 28160]
"SoundMAXPnP"="c:\archivos de programa\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"XboxStat"="c:\archivos de programa\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-09-26 734264]
"APVXDWIN"="c:\archivos de programa\Panda Security\Panda Antivirus Pro 2010\APVXDWIN.EXE" [2009-09-25 906496]
"SCANINICIO"="c:\archivos de programa\Panda Security\Panda Antivirus Pro 2010\Inicio.exe" [2009-08-12 56064]
"Adobe Reader Speed Launcher"="c:\archivos de programa\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-01-22 40368]
"Adobe ARM"="c:\archivos de programa\Archivos comunes\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2008-03-19 536576]
"QuickTime Task"="c:\archivos de programa\QuickTime\qttask.exe" [2009-09-04 417792]
"CERTUI"="c:\archivos de programa\ACOTEC\CerTUI\CerTUI.exe" [2010-02-15 1064960]
"RegistrarUsrDNIeCertStoreDLL"="c:\archivos de programa\DNIe\udcs.exe" [2009-03-02 37888]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\andres1\Men£ Inicio\Programas\Inicio\
CerTui.lnk - c:\archivos de programa\ACOTEC\CerTUI\CerTui.exe [2009-6-8 1064960]
Uninstall CerTUI.lnk - c:\windows\CerTUI\uninstall.exe [2011-4-12 451072]
.
c:\documents and settings\All Users\Men£ Inicio\Programas\Inicio\
Logitech SetPoint.lnk - c:\archivos de programa\Logitech\SetPoint\SetPoint.exe [2006-10-6 450560]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUA"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
2008-03-18 14:58 58672 ----a-w- c:\windows\system32\avldr.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /r \??\F:\0autocheck autochk *
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, mrjmptwa.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PskSvcRetail]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\srvA50]
@="service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Men˙ Inicio^Programas^Inicio^Adobe Gamma.lnk]
path=c:\documents and settings\All Users\Men˙ Inicio\Programas\Inicio\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Men˙ Inicio^Programas^Inicio^QuickTV6.lnk]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 18:37 932288 ----a-w- c:\archivos de programa\Archivos comunes\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-01-22 05:05 40368 ----a-w- c:\archivos de programa\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
2009-04-24 03:16 203928 ----a-w- c:\archivos de programa\Alcohol Soft\Alcohol 120\AxCmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
2006-05-10 09:12 90112 ----a-w- c:\archivos de programa\ATI Technologies\ATI.ACE\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 02:18 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-09-08 19:09 305440 ----a-w- c:\archivos de programa\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logan_S2P]
2007-06-10 23:58 253952 ----a-w- c:\archivos de programa\Samsung\Samsung SCX-4500 Series\SPanel\PSU\Scan2pc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 02:19 1695232 ------w- c:\archivos de programa\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-09-04 23:54 417792 ----a-w- c:\archivos de programa\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Samsung PanelMgr]
2008-03-19 12:07 536576 ----a-w- c:\windows\Samsung\PanelMgr\SSMMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSTray]
2007-09-20 07:23 132624 ----a-w- c:\archivos de programa\Samsung\Samsung Media Studio 5\SMSTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
2005-09-07 13:35 716800 ----a-w- c:\archivos de programa\Analog Devices\SoundMAX\SMax4.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Archivos de programa\\Messenger\\msmsgs.exe"=
"c:\\Archivos de programa\\Spotify\\spotify.exe"=
"c:\\Archivos de programa\\Bonjour\\mDNSResponder.exe"=
"c:\\Archivos de programa\\iTunes\\iTunes.exe"=
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [20/01/2007 11:09 721904]
R1 NETFLTDI;Panda Net Driver [TDI Layer];c:\windows\system32\drivers\NETFLTDI.SYS [19/06/2010 12:36 159112]
R3 NETIMFLT01060039;PANDA NDIS IM Filter Miniport v1.6.0.39;c:\windows\system32\drivers\neti1639.sys [19/06/2010 12:29 199432]
S0 pavboot;Panda boot driver;c:\windows\system32\drivers\pavboot.sys [19/06/2010 12:26 28552]
S1 APPFLT;App Filter Plugin;c:\windows\system32\drivers\APPFLT.SYS [19/06/2010 12:36 75016]
S1 DSAFLT;DSA Filter Plugin;c:\windows\system32\drivers\dsaflt.sys [19/06/2010 12:36 53128]
S1 FNETMON;NetMon Filter Plugin;c:\windows\system32\drivers\fnetmon.sys [19/06/2010 12:36 22072]
S1 IDSFLT;Ids Filter Plugin;c:\windows\system32\drivers\idsflt.sys [19/06/2010 12:36 193800]
S1 ShldDrv;Panda File Shield Driver;c:\windows\system32\drivers\ShlDrv51.sys [19/06/2010 12:25 41144]
S1 WNMFLT;Wifi Monitor Filter Plugin;c:\windows\system32\drivers\wnmflt.sys [19/06/2010 12:36 46728]
S2 ckfhatpqubgol;ckfhatpqubgol;"c:\docume~1\andres1\CONFIG~1\Temp\DAT1AED.tmp.exe" --SERVICE --> c:\docume~1\andres1\CONFIG~1\Temp\DAT1AED.tmp.exe [?]
S2 Gwmsrv;Panda Goodware Cache Manager;c:\windows\system32\svchost -k Panda --> c:\windows\system32\svchost -k Panda [?]
S2 PavProc;Panda Process Protection Driver;c:\windows\system32\drivers\PavProc.sys [19/06/2010 12:25 163336]
S2 PskSvcRetail;Panda PSK service;c:\archivos de programa\Panda Security\Panda Antivirus Pro 2010\psksvc.exe [19/06/2010 12:30 28928]
S2 srvA50;srvA50;c:\windows\system32\svchost.exe -k netsvcs [02/03/2006 14:00 14336]
S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?]
S3 AvFlt;Antivirus Filter Driver;c:\windows\system32\drivers\av5flt.sys --> c:\windows\system32\drivers\av5flt.sys [?]
S3 PavSRK.sys;PavSRK.sys;\??\c:\windows\system32\PavSRK.sys --> c:\windows\system32\PavSRK.sys [?]
S3 PavTPK.sys;PavTPK.sys;\??\c:\windows\system32\PavTPK.sys --> c:\windows\system32\PavTPK.sys [?]
S3 RkPavproc1;RkPavproc1;c:\windows\system32\drivers\RkPavproc1.sys [30/04/2011 18:39 16648]
S3 RkPavproc2;RkPavproc2;\??\c:\windows\system32\drivers\RkPavproc2.sys --> c:\windows\system32\drivers\RkPavproc2.sys [?]
S3 RkPavproc3;RkPavproc3;\??\c:\windows\system32\drivers\RkPavproc3.sys --> c:\windows\system32\drivers\RkPavproc3.sys [?]
S3 RkPavproc4;RkPavproc4;\??\c:\windows\system32\drivers\RkPavproc4.sys --> c:\windows\system32\drivers\RkPavproc4.sys [?]
S3 xusb20;Xbox 360 Wireless Receiver for Windows Driver Service;c:\windows\system32\drivers\xusb20.sys [14/10/2006 0:48 50048]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
panda REG_MULTI_SZ Gwmsrv
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
srvA50
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\archivos de programa\Apple Software Update\SoftwareUpdate.exe [2007-08-29 10:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.es/
uInternet Connection Wizard,ShellNext = hxxp://www.pandasoftware.com/redirector/?prod=104&app=KeysSupport&lang=spa
IE: E&xportar a Microsoft Excel - c:\archiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: fnmt.es\www.cert
DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://downloads.ewido.net/ewidoOnlineScan.cab
DPF: {1C4C6BC7-91F1-4FD3-A208-B07B6C1BDBFB} - hxxps://www.juntadeandalucia.es/economiayhacienda/apl/surnet/firma/instalacion/SignV2.cab
DPF: {B785FA3C-1DE9-4D20-8396-613C486FE95E} - hxxps://www1.aeat.es/imagenes/comun/cactivex.cab
FF - ProfilePath - c:\documents and settings\andres1\Datos de programa\Mozilla\Firefox\Profiles\d7wjsik5.default\
FF - Ext: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - %profile%\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: 1-Click YouTube Video Downloader: YoutubeDownloader@PeterOlayev.com - %profile%\extensions\YoutubeDownloader@PeterOlayev.com
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\archivos de programa\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\archivos de programa\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - c:\archivos de programa\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\archivos de programa\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\archivos de programa\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Acotec PKCS#11: acotec@acotec.es - c:\archivos de programa\Mozilla Firefox\extensions\acotec@acotec.es
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\archivos de programa\Java\jre6\lib\deploy\jqs\ff
.
.
------- File Associations -------
.
JSEFile=c:\archiv~1\PANDAS~2\PANDAA~1\PAVSCRIP.EXE "%1" %*
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-aqnarrae - c:\documents and settings\andres1\ConfiguraciÛn local\Datos de programa\thqtpm\yglusftav.exe
MSConfigStartUp-updateMgr - c:\archivos de programa\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-11 14:23
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\srvA50]
"servicedll"="\\?\globalroot\Device\HarddiskVolume1\WINDOWS\Temp\srvA50.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\ÄñÄ|ˇˇˇˇ¿ïÄ|˘ï9~�*]
"A0C0110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(964)
c:\windows\SYSTEM32\Ati2evxx.dll
c:\windows\SYSTEM32\avldr.dll
.
Completion time: 2011-05-11 14:25:37
ComboFix-quarantined-files.txt 2011-05-11 12:25
.
Pre-Run: 2.220.953.600 bytes libres
Post-Run: 2.555.641.856 bytes libres
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /safeboot:network
.
- - End Of File - - 875B62D1CD3EC33E237C40D7EC0236DD
Lets check this file and see if its ok, but first we need to find it
Download and Run SystemLook
Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1 (http://jpshortstuff.247fixes.com/SystemLook.exe)
Download Mirror #2 (http://images.malwareremoval.com/jpshortstuff/SystemLook.exe)
Double-click SystemLook.exe to run it.
Copy the content of the following codebox into the main textfield:
:filefind
mrjmptwa.dll
Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
It says not found. I've noticed mrjmptwa.dll was one of the three files disinfected by the Panda "SafeCD" [http://forums.spybot.info/showpost.php?p=403882&postcount=5]
---
S
It says not found. I've noticed mrjmptwa.dll was one of the three files disinfected by the Panda "SafeCD" [ http://forums.spybot.info/showpost.php?p=403882&postcount=5 ]
---
S
(sorry)
SystemLook 04.09.10 by jpshortstuff
Log created at 15:40 on 11/05/2011 by andres1
Administrator - Elevation successful
========== filefind ==========
Searching for "mrjmptwa.dll"
No files found.
-= EOF =-
We need to remove that missing file from the registry key
Backup Your Registry with ERUNT:
Download erunt.zip to your Desktop from here:
http://aumha.org/downloads/erunt.zip
Right-click erunt.zip, select Extract All... and follow the prompts to extract ERUNT to a new folder on your Desktop
Inside the new folder, double-click ERUNT.exe to start the program
OK all the prompts to back up your registry to the default location.Note: to restore your registry, go to the backup folder and start ERDNT.exe
REGEDIT4
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
Copy the entire contents inside the Quote box and Paste it into Notepad ( this will only work with Notepad ) name the file Regfix.reg and in the drop down box, save it as All Files. Save it to your desktop. Then Rightclick on the Regfix.reg file and click on Merge, when it asks you to merge with the Registry, say yes.
If you saved the file correctly it should look like this http://i24.photobucket.com/albums/c30/ken545/reg.jpg
Please download Malwarebytes from Here (http://www.malwarebytes.org/mbam-download.php) or Here (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)
Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
http://i24.photobucket.com/albums/c30/ken545/MBAMCapture.jpg
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected .
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
Post the report please
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
VersiÛn de la Base de Datos: 6556
Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 7.0.5730.11
11/05/2011 18:45:40
mbam-log-2011-05-11 (18-45-39).txt
Tipos de An·lisis: An·lisis R·pido
Objetos examinados: 173937
Tiempo transcurrido: 3 minuto(s), 11 segundo(s)
Procesos en Memoria Infectados: 0
MÛdulos de Memoria Infectados: 0
Claves del Registro Infectadas: 0
Valores del Registro Infectados: 0
Elementos de Datos del Registro Infectados: 0
Carpetas Infectadas: 0
Archivos Infectados: 1
Procesos en Memoria Infectados:
(No se han detectado elementos maliciosos)
MÛdulos de Memoria Infectados:
(No se han detectado elementos maliciosos)
Claves del Registro Infectadas:
(No se han detectado elementos maliciosos)
Valores del Registro Infectados:
(No se han detectado elementos maliciosos)
Elementos de Datos del Registro Infectados:
(No se han detectado elementos maliciosos)
Carpetas Infectadas:
(No se han detectado elementos maliciosos)
Archivos Infectados:
c:\archivos de programa\mozilla firefox\null0.8191773321168803.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
ESET Online Scanner
I'd like us to scan your machine with ESET OnlineScan
*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.
Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan (http://eset.com/onlinescan)
Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetOnline.png button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
Click on http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
Double click on the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstallDesktopIcon.png icon on your desktop.
Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetAcceptTerms.png
Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetStart.png button.
Accept any security warnings from your browser.
Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetScanArchives.png
Make sure that the option "Remove found threats" is Unchecked
Push the Start button.
ESET will then download updates for itself, install itself, and begin
scanning your computer. Please be patient as this can take some time.
When the scan completes, push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetListThreats.png
Push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetExport.png, and save the file to your desktop using a unique name, such as
ESETScan. Include the contents of this report in your next reply.
Push the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetBack.png button.
Push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetFinish.png
Please make sure you include the following items in your next post:
The log that was produced after running ESET Online Scanner.
ESET log (these threats have not been cleaned, as the option "Remove found threats" was unchecked):
C:\Documents and Settings\andres1\Datos de programa\Sun\Java\Deployment\cache\6.0\43\32cc7f2b-77b488bc multiple threats
C:\Documents and Settings\andres1\Datos de programa\Sun\Java\Deployment\cache\6.0\5\40e74185-56cec737 multiple threats
C:\Documents and Settings\andres1\Datos de programa\Sun\Java\Deployment\cache\6.0\54\1ccf6eb6-3e3f3f2d probably a variant of Win32/Agent.KKXLIIS trojan
C:\Documents and Settings\andres1\Datos de programa\Sun\Java\Deployment\cache\6.0\7\143b51c7-5fb4245f a variant of Java/TrojanDownloader.OpenStream.NBM trojan
Sorry for the late reply, I missed your email notification
All those bad files are in your Java Cache, we will clean those all out
OTL by OldTimer
Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Click the "Scan All Users" checkbox.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.
Sorry for the late reply, I missed your email notification
No problem, a million thanks for your help.
OTL.txt:
OTL logfile created on: 12/05/2011 18:42:06 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\andres1\Escritorio
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000C0A | Country: España | Language: ESN | Date Format: dd/MM/yyyy
1.023,00 Mb Total Physical Memory | 796,00 Mb Available Physical Memory | 78,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 97,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Archivos de programa
Drive C: | 298,08 Gb Total Space | 1,10 Gb Free Space | 0,37% Space Free | Partition Type: NTFS
Drive E: | 218,97 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name: ANDRES-15E02CCC | User Name: andres1 | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Documents and Settings\andres1\Escritorio\OTL.exe (OldTimer Tools)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
========== Modules (SafeList) ==========
MOD - C:\Documents and Settings\andres1\Escritorio\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
========== Win32 Services (SafeList) ==========
SRV - (srvA50) -- File not found
SRV - (ckfhatpqubgol) -- File not found
SRV - (AppMgmt) -- File not found
SRV - (PAVSRV) -- C:\Archivos de programa\Panda Security\Panda Antivirus Pro 2010\pavsrv51.exe (Panda Security, S.L.)
SRV - (Apple Mobile Device) -- C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (PskSvcRetail) -- C:\Archivos de programa\Panda Security\Panda Antivirus Pro 2010\PskSvc.exe (Panda Security, S.L.)
SRV - (Panda Software Controller) -- C:\Archivos de programa\Panda Security\Panda Antivirus Pro 2010\PsCtrls.exe (Panda Security, S.L.)
SRV - (PAVFNSVR) -- C:\Archivos de programa\Panda Security\Panda Antivirus Pro 2010\PavFnSvr.exe (Panda Security, S.L.)
SRV - (TPSrv) -- C:\Archivos de programa\Panda Security\Panda Antivirus Pro 2010\TPSrv.exe (Panda Security, S.L.)
SRV - (PSHost) -- C:\Archivos de programa\Panda Security\Panda Antivirus Pro 2010\Firewall\PSHOST.EXE (Panda Security International)
SRV - (Gwmsrv) -- C:\Archivos de programa\Panda Security\Panda Antivirus Pro 2010\GWMsrv.dll (Panda Security, S.L.)
SRV - (PSIMSVC) -- C:\Archivos de programa\Panda Security\Panda Antivirus Pro 2010\PsImSvc.exe (Panda Security S.L.)
SRV - (aawservice) -- C:\Archivos de programa\Lavasoft\Ad-Aware 2007\aawservice.exe (Lavasoft)
SRV - (Sony SCSI Helper Service) -- C:\Archivos de programa\Archivos comunes\Sony Shared\Fsk\SonySCSIHelperService.exe (Sony Corporation)
SRV - (PavPrSrv) -- C:\Archivos de programa\Archivos comunes\Panda Security\PavShld\pavprsrv.exe (Panda Security, S.L.)
SRV - (Adobe LM Service) -- C:\Archivos de programa\Archivos comunes\Adobe Systems Shared\Service\Adobelmsvc.exe (Adobe Systems)
SRV - (ose) -- C:\Archivos de programa\Archivos comunes\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (APPFLT) -- C:\WINDOWS\system32\drivers\APPFLT.SYS (Panda Security, S.L.)
DRV - (NETIMFLT01060039) -- C:\WINDOWS\system32\drivers\neti1639.sys (Panda Security, S.L.)
DRV - (PavProc) -- C:\WINDOWS\system32\drivers\PavProc.sys (Panda Security, S.L.)
DRV - (pavboot) -- C:\WINDOWS\system32\Drivers\pavboot.sys (Panda Security, S.L.)
DRV - (WNMFLT) -- C:\WINDOWS\system32\drivers\wnmflt.sys (Panda Security, S.L.)
DRV - (NETFLTDI) -- C:\WINDOWS\system32\drivers\NETFLTDI.SYS (Panda Security, S.L.)
DRV - (IDSFLT) -- C:\WINDOWS\system32\drivers\idsflt.sys (Panda Security, S.L.)
DRV - (DSAFLT) -- C:\WINDOWS\system32\drivers\dsaflt.sys (Panda Security, S.L.)
DRV - (RkPavproc1) -- C:\WINDOWS\system32\drivers\RkPavproc1.sys (Panda Security, S.L.)
DRV - (USBModem) -- C:\WINDOWS\system32\drivers\lgusbmodem.sys (LG Electronics Inc.)
DRV - (UsbDiag) -- C:\WINDOWS\system32\drivers\lgusbdiag.sys (LG Electronics Inc.)
DRV - (usbbus) -- C:\WINDOWS\system32\drivers\lgusbbus.sys (LG Electronics Inc.)
DRV - (PAVDRV) -- C:\WINDOWS\system32\drivers\pavdrv51.sys (Panda Security, S.L.)
DRV - (USB_RNDIS) -- C:\WINDOWS\system32\drivers\usb8023.sys (Microsoft Corporation)
DRV - (MPE) -- C:\WINDOWS\system32\drivers\mpe.sys (Microsoft Corporation)
DRV - (FNETMON) -- C:\WINDOWS\system32\drivers\fnetmon.sys (Panda Security, S.L.)
DRV - (ShldDrv) -- C:\WINDOWS\system32\drivers\ShlDrv51.sys (Panda Security, S.L.)
DRV - (PRISM_A02) -- C:\WINDOWS\system32\drivers\PRISMA02.sys (Conexant Systems, Inc.)
DRV - (DgiVecp) -- C:\WINDOWS\system32\drivers\DGIVECP.SYS (Samsung Electronics Co., Ltd.)
DRV - (xusb20) -- C:\WINDOWS\system32\drivers\xusb20.sys (Microsoft Corporation)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (USBCCID) -- C:\WINDOWS\system32\drivers\usbccid.sys (Microsoft Corporation)
DRV - (AVerBDA) -- C:\WINDOWS\system32\drivers\AVerBDA3x.sys (AVerMedia TECHNOLOGIES, Inc.)
DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation )
DRV - (SenFiltService) -- C:\WINDOWS\system32\drivers\senfilt.sys (Sensaura)
DRV - (LHidKe) -- C:\WINDOWS\system32\drivers\LHidKE.Sys (Logitech, Inc.)
DRV - (LMouKE) -- C:\WINDOWS\system32\drivers\LMouKE.Sys (Logitech, Inc.)
DRV - (L8042mou) -- C:\WINDOWS\system32\drivers\L8042MOU.SYS (Logitech, Inc.)
DRV - (L8042Kbd) -- C:\WINDOWS\system32\drivers\L8042Kbd.SYS (Logitech, Inc.)
DRV - (HdAudAddService) -- C:\WINDOWS\system32\drivers\Hdaudio.sys (Windows (R) Server 2003 DDK provider)
DRV - (AsIO) -- C:\WINDOWS\system32\drivers\AsIO.sys ()
DRV - (MTsensor) -- C:\WINDOWS\system32\drivers\ASACPI.sys ()
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-842925246-1284227242-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.es/
IE - HKU\S-1-5-21-842925246-1284227242-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..extensions.enabledItems: YoutubeDownloader@PeterOlayev.com:1.5
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: acotec@acotec.es:2.2.2
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Archivos de programa\Mozilla Firefox\components [2011/04/30 03:22:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Archivos de programa\Mozilla Firefox\plugins [2011/04/30 03:21:53 | 000,000,000 | ---D | M]
[2010/01/07 13:30:04 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\andres1\Datos de programa\Mozilla\Extensions
[2010/01/07 13:30:04 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\andres1\Datos de programa\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/04/29 11:43:34 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\andres1\Datos de programa\Mozilla\Firefox\Profiles\d7wjsik5.default\extensions
[2010/06/27 18:57:24 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\andres1\Datos de programa\Mozilla\Firefox\Profiles\d7wjsik5.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/03/13 13:41:55 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Documents and Settings\andres1\Datos de programa\Mozilla\Firefox\Profiles\d7wjsik5.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2010/09/01 19:50:07 | 000,000,000 | ---D | M] (1-Click YouTube Video Downloader) -- C:\Documents and Settings\andres1\Datos de programa\Mozilla\Firefox\Profiles\d7wjsik5.default\extensions\YoutubeDownloader@PeterOlayev.com
[2009/04/21 09:40:25 | 000,001,032 | ---- | M] () -- C:\Documents and Settings\andres1\Datos de programa\Mozilla\Firefox\Profiles\d7wjsik5.default\searchplugins\wikipedia-eng.xml
[2011/04/29 11:43:34 | 000,000,000 | ---D | M] (No name found) -- C:\Archivos de programa\Mozilla Firefox\extensions
[2011/04/12 20:32:03 | 000,000,000 | ---D | M] (Acotec PKCS#11) -- C:\Archivos de programa\Mozilla Firefox\extensions\acotec@acotec.es
[2009/03/28 20:04:34 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\ARCHIVOS DE PROGRAMA\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/10/11 12:22:59 | 000,003,996 | ---- | M] () -- C:\Archivos de programa\Mozilla Firefox\searchplugins\drae.xml
[2010/10/11 12:22:59 | 000,000,751 | ---- | M] () -- C:\Archivos de programa\Mozilla Firefox\searchplugins\eBay-es.xml
[2010/10/11 12:22:59 | 000,001,178 | ---- | M] () -- C:\Archivos de programa\Mozilla Firefox\searchplugins\wikipedia-es.xml
[2010/10/11 12:22:59 | 000,001,102 | ---- | M] () -- C:\Archivos de programa\Mozilla Firefox\searchplugins\yahoo-es.xml
O1 HOSTS File: ([2011/05/11 14:23:19 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Aplicación auxiliar de vínculos de Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Archivos comunes\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Windows Live Aplicación auxiliar de inicio de sesión) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe ARM] C:\Archivos de programa\Archivos comunes\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APVXDWIN] C:\Archivos de programa\Panda Security\Panda Antivirus Pro 2010\APVXDWIN.EXE (Panda Security, S.L.)
O4 - HKLM..\Run: [CERTUI] C:\Archivos de programa\ACOTEC\CerTUI\CerTui.exe (Acotec SmartCard Solutions)
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\HdAShCut.exe (Windows (R) Server 2003 DDK provider)
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Archivos de programa\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Archivos de programa\Archivos comunes\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [RegistrarUsrDNIeCertStoreDLL] C:\Archivos de programa\DNIe\udcs.exe ()
O4 - HKLM..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe ()
O4 - HKLM..\Run: [SCANINICIO] C:\Archivos de programa\Panda Security\Panda Antivirus Pro 2010\Inicio.exe (Panda Security, S.L.)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Archivos de programa\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Menú Inicio\Programas\Inicio\Logitech SetPoint.lnk = C:\Archivos de programa\Logitech\SetPoint\SetPoint.exe (Logitech Inc.)
O4 - Startup: C:\Documents and Settings\andres1\Menú Inicio\Programas\Inicio\CerTui.lnk = C:\Archivos de programa\ACOTEC\CerTUI\CerTui.exe (Acotec SmartCard Solutions)
O4 - Startup: C:\Documents and Settings\andres1\Menú Inicio\Programas\Inicio\Uninstall CerTUI.lnk = C:\WINDOWS\CerTUI\uninstall.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUA = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-842925246-1284227242-839522115-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-842925246-1284227242-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-842925246-1284227242-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-842925246-1284227242-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Archivos de programa\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-842925246-1284227242-839522115-1004\..Trusted Domains: fnmt.es ([www.cert] http in Sitios de confianza)
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} http://downloads.ewido.net/ewidoOnlineScan.cab (ewidoOnlineScan Control)
O16 - DPF: {1C4C6BC7-91F1-4FD3-A208-B07B6C1BDBFB} https://www.juntadeandalucia.es/economiayhacienda/apl/surnet/firma/instalacion/SignV2.cab (Firma1Fase @firma5 Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos-beta/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {A996E48C-D3DC-4244-89F7-AFA33EC60679} https://www.cert.fnmt.es/content/pages_std/ficheros_apps_usuarios/capicom.cab (Settings Class)
O16 - DPF: {B785FA3C-1DE9-4D20-8396-613C486FE95E} https://www1.aeat.es/imagenes/comun/cactivex.cab (AeatCtl Class)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avldr: DllName - avldr.dll - C:\WINDOWS\System32\avldr.dll (Panda Security, S.L.)
O24 - Desktop Components:0 (Mi página de inicio actual) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\andres1\Configuración local\Datos de programa\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\andres1\Configuración local\Datos de programa\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {88485281-8b4b-4f8d-9ede-82e29a064277} - C:\Archivos de programa\MarkAny\ContentSafer\MACSMANAGER.dll (MarkAny Cooperation.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/08/23 02:18:40 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk /r \??\F:) - File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/05/12 18:38:59 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\andres1\Escritorio\OTL.exe
[2011/05/11 21:06:45 | 000,000,000 | ---D | C] -- C:\Archivos de programa\ESET
[2011/05/11 18:41:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\andres1\Datos de programa\Malwarebytes
[2011/05/11 18:40:52 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/11 18:40:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Datos de programa\Malwarebytes
[2011/05/11 18:40:49 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/05/11 18:40:49 | 000,000,000 | ---D | C] -- C:\Archivos de programa\Malwarebytes' Anti-Malware
[2011/05/11 18:30:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\andres1\Escritorio\erunt
[2011/05/11 18:28:50 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/05/11 14:25:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/05/11 14:14:49 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/05/11 13:25:53 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/05/11 13:25:53 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/05/11 13:25:53 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/05/11 13:25:53 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/05/11 13:22:32 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/05/11 00:01:25 | 000,000,000 | ---D | C] -- C:\safecd
[2011/05/10 21:05:02 | 000,000,000 | ---D | C] -- C:\pavsig
[2011/05/09 17:55:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\andres1\Escritorio\CARMEN
[2011/05/09 17:49:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\andres1\Escritorio\CV
[2011/05/08 18:59:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/05/08 18:57:34 | 000,000,000 | ---D | C] -- C:\Archivos de programa\ERUNT
[2011/05/05 18:12:06 | 000,000,000 | ---D | C] -- C:\PANDA
[2011/05/01 13:46:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\andres1\Escritorio\GooredFix Backups
[2011/05/01 13:45:42 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Documents and Settings\andres1\Escritorio\GooredFix.exe
[2011/05/01 13:39:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\andres1\Escritorio\shazam
[2011/04/30 18:39:03 | 000,016,648 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\RkPavproc1.sys
[2011/04/30 01:51:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Datos de programa\Macromedia
[2011/04/30 01:51:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Datos de programa\Adobe
[2011/04/25 10:18:16 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2011/04/22 14:57:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\andres1\Escritorio\VALENCIA
[2011/04/13 20:19:48 | 000,196,608 | ---- | C] (A.E.A.T.) -- C:\aeat.dll
[2011/04/13 20:19:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\andres1\Escritorio\cactivex
[2011/04/13 20:18:54 | 000,196,608 | ---- | C] (A.E.A.T.) -- C:\Documents and Settings\andres1\Escritorio\aeat.dll
[2011/04/12 22:24:21 | 000,000,000 | ---D | C] -- C:\Archivos de programa\DNIe
[2011/04/12 20:32:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\CerTUI
[2011/04/12 20:32:01 | 000,000,000 | ---D | C] -- C:\Archivos de programa\ACOTEC
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011/05/12 09:52:54 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/12 09:52:24 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/12 09:52:14 | 000,000,088 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\NetAdapt.cfg
[2011/05/11 18:29:43 | 000,518,094 | ---- | M] () -- C:\Documents and Settings\andres1\Escritorio\erunt.zip
[2011/05/11 14:23:19 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/05/11 14:14:55 | 000,000,345 | RHS- | M] () -- C:\boot.ini
[2011/05/11 12:13:38 | 004,345,957 | R--- | M] () -- C:\Documents and Settings\andres1\Escritorio\ComboFix.exe
[2011/05/11 10:54:37 | 000,000,080 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\NetLoc.wlt
[2011/05/11 01:58:12 | 000,000,739 | ---- | M] () -- C:\safecd.tgz
[2011/05/09 15:12:35 | 000,021,261 | ---- | M] () -- C:\Documents and Settings\andres1\.recently-used.xbel
[2011/05/01 13:40:04 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Documents and Settings\andres1\Escritorio\GooredFix.exe
[2011/05/01 13:38:40 | 000,508,650 | ---- | M] () -- C:\WINDOWS\System32\perfh00A.dat
[2011/05/01 13:38:40 | 000,444,424 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/05/01 13:38:40 | 000,091,960 | ---- | M] () -- C:\WINDOWS\System32\perfc00A.dat
[2011/05/01 13:38:40 | 000,072,300 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/05/01 13:29:36 | 000,000,229 | ---- | M] () -- C:\Boot.bak
[2011/05/01 12:24:01 | 000,000,252 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\IdsFlt.cfg.bck
[2011/05/01 12:24:01 | 000,000,252 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\IdsFlt.cfg
[2011/05/01 12:24:01 | 000,000,068 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\NetFlt.cfg.bck
[2011/05/01 12:24:01 | 000,000,068 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\NetFlt.cfg
[2011/05/01 12:24:01 | 000,000,056 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\WnmFlt.cfg.bck
[2011/05/01 12:24:01 | 000,000,056 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\WnmFlt.cfg
[2011/05/01 12:24:01 | 000,000,056 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\DsaFlt.cfg.bck
[2011/05/01 12:24:01 | 000,000,056 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\DsaFlt.cfg
[2011/05/01 12:23:53 | 000,360,756 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\DsaFlt.rls.bck
[2011/05/01 12:23:53 | 000,360,756 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\DsaFlt.rls
[2011/05/01 12:23:53 | 000,001,132 | ---- | M] () -- C:\WINDOWS\System32\drivers\APPFLTR.CFG.bck
[2011/05/01 12:23:53 | 000,001,132 | ---- | M] () -- C:\WINDOWS\System32\drivers\APPFLTR.CFG
[2011/05/01 12:23:48 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\NetAR.wlt.bck
[2011/05/01 12:23:48 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\NetAR.wlt
[2011/05/01 12:21:30 | 000,000,088 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\NetAdapt.cfg.bck
[2011/04/30 02:04:32 | 000,269,268 | ---- | M] () -- C:\WINDOWS\System32\drivers\APPFCONT.DAT.bck
[2011/04/30 02:04:32 | 000,269,268 | ---- | M] () -- C:\WINDOWS\System32\drivers\APPFCONT.DAT
[2011/04/29 15:42:23 | 000,008,627 | ---- | M] () -- C:\WINDOWS\System32\PAV_FOG.OPC
[2011/04/27 19:14:14 | 000,000,298 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/04/25 12:02:07 | 000,000,229 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/04/25 10:49:10 | 000,000,080 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\NetLoc.wlt.bck
[2011/04/25 10:45:45 | 000,353,872 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/04/25 10:22:59 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/04/12 21:37:02 | 000,001,694 | ---- | M] () -- C:\Documents and Settings\andres1\Escritorio\CerTui (2).lnk
[2011/04/12 20:32:03 | 000,001,694 | ---- | M] () -- C:\Documents and Settings\andres1\Menú Inicio\Programas\Inicio\CerTui.lnk
[2011/04/12 20:32:03 | 000,001,633 | ---- | M] () -- C:\Documents and Settings\andres1\Menú Inicio\Programas\Inicio\Uninstall CerTUI.lnk
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011/05/11 18:30:27 | 000,518,094 | ---- | C] () -- C:\Documents and Settings\andres1\Escritorio\erunt.zip
[2011/05/11 15:35:50 | 000,075,264 | ---- | C] () -- C:\Documents and Settings\andres1\Escritorio\SystemLook.exe
[2011/05/11 14:14:54 | 000,000,229 | ---- | C] () -- C:\Boot.bak
[2011/05/11 14:14:51 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/05/11 13:25:53 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/05/11 13:25:53 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/05/11 13:25:53 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/05/11 13:25:53 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/05/11 13:25:53 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/05/11 13:21:33 | 004,345,957 | R--- | C] () -- C:\Documents and Settings\andres1\Escritorio\ComboFix.exe
[2011/05/11 01:58:12 | 000,000,739 | ---- | C] () -- C:\safecd.tgz
[2011/05/09 15:12:35 | 000,021,261 | ---- | C] () -- C:\Documents and Settings\andres1\.recently-used.xbel
[2011/04/13 20:18:54 | 000,000,368 | ---- | C] () -- C:\Documents and Settings\andres1\Escritorio\aeat.inf
[2011/04/12 21:37:02 | 000,001,694 | ---- | C] () -- C:\Documents and Settings\andres1\Escritorio\CerTui (2).lnk
[2011/04/12 20:32:03 | 000,001,694 | ---- | C] () -- C:\Documents and Settings\andres1\Menú Inicio\Programas\Inicio\CerTui.lnk
[2011/04/12 20:32:03 | 000,001,633 | ---- | C] () -- C:\Documents and Settings\andres1\Menú Inicio\Programas\Inicio\Uninstall CerTUI.lnk
[2010/06/19 12:36:26 | 000,269,268 | ---- | C] () -- C:\WINDOWS\System32\drivers\APPFCONT.DAT.bck
[2010/06/19 12:36:26 | 000,269,268 | ---- | C] () -- C:\WINDOWS\System32\drivers\APPFCONT.DAT
[2010/06/19 12:30:08 | 000,000,264 | ---- | C] () -- C:\WINDOWS\System32\PavCPL.dat
[2010/03/26 15:23:10 | 000,051,200 | ---- | C] () -- C:\WINDOWS\System32\regDNIeCSP.exe
[2010/02/13 01:00:06 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\andres1\Configuración local\Datos de programa\thqtpm.zip
[2010/01/08 14:24:19 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2009/06/08 20:51:04 | 000,000,451 | ---- | C] () -- C:\WINDOWS\RENT2008.INI
[2009/01/22 12:27:04 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\zlib1.dll
[2009/01/09 16:10:57 | 000,010,625 | ---- | C] () -- C:\Documents and Settings\andres1\Datos de programa\SmarThruOptions.xml
[2009/01/09 16:10:29 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\SecSNMP.dll
[2009/01/09 16:10:09 | 000,000,164 | ---- | C] () -- C:\WINDOWS\Readiris.ini
[2009/01/09 16:10:04 | 000,023,040 | ---- | C] () -- C:\WINDOWS\System32\irisco32.dll
[2009/01/09 16:08:03 | 000,479,232 | ---- | C] () -- C:\WINDOWS\ssndii.exe
[2009/01/09 16:03:22 | 000,022,723 | ---- | C] () -- C:\WINDOWS\System32\sx450sl3.dll
[2009/01/09 10:18:02 | 000,110,592 | R--- | C] () -- C:\WINDOWS\WiaInst.exe
[2009/01/09 10:17:59 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\Ssuiext.dll
[2009/01/09 10:17:58 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\WIAIPH.dll
[2009/01/09 10:17:58 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\WIASTIIO.dll
[2009/01/09 10:17:57 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\WIAEH.dll
[2009/01/09 10:17:56 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\Sswiadrv.dll
[2008/07/24 01:09:06 | 000,000,004 | RHS- | C] () -- C:\Documents and Settings\All Users\Datos de programa\sysqcl1129139270.dat
[2008/03/11 22:52:48 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2008/01/21 21:51:55 | 000,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2007/10/22 12:53:22 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\DLLSignV2.dll
[2007/05/18 03:30:41 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2007/05/18 03:30:41 | 000,972,072 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2007/04/16 20:14:06 | 000,156,160 | ---- | C] () -- C:\WINDOWS\System32\unrar3.dll
[2007/04/16 20:14:06 | 000,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll
[2007/04/13 15:19:52 | 000,012,632 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2007/04/02 18:59:29 | 000,024,576 | R--- | C] () -- C:\WINDOWS\System32\AsIO.dll
[2007/04/02 18:59:29 | 000,004,962 | R--- | C] () -- C:\WINDOWS\System32\drivers\AsIO.sys
[2007/03/02 22:29:08 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2007/02/15 21:48:33 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2007/02/15 21:48:10 | 000,133,246 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2007/02/15 21:36:10 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2007/01/28 21:38:12 | 000,015,360 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2007/01/21 14:21:17 | 000,000,604 | ---- | C] () -- C:\WINDOWS\Sof2.INI
[2007/01/21 13:48:26 | 000,000,574 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2007/01/20 20:01:28 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2006/12/03 19:20:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\GraphEdt.INI
[2006/11/24 20:53:27 | 000,001,353 | ---- | C] () -- C:\Documents and Settings\All Users\Datos de programa\QTSBandwidthCache
[2006/11/10 22:20:01 | 000,001,451 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2006/11/10 21:49:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/10/07 12:19:08 | 000,258,048 | ---- | C] () -- C:\WINDOWS\System32\sptlib02.dll
[2006/10/07 12:19:08 | 000,253,952 | ---- | C] () -- C:\WINDOWS\System32\sptlib01.dll
[2006/10/07 12:18:45 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\CardID.dll
[2006/10/07 12:18:45 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\AVerIO.dll
[2006/10/07 12:18:45 | 000,003,456 | ---- | C] () -- C:\WINDOWS\System32\AVerIO.sys
[2006/10/03 23:58:51 | 000,000,229 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/10/02 20:48:25 | 000,000,379 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/08/25 12:32:59 | 000,000,064 | ---- | C] () -- C:\WINDOWS\AVerText.ini
[2006/08/24 18:03:22 | 000,216,064 | ---- | C] () -- C:\Documents and Settings\andres1\Configuración local\Datos de programa\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/08/23 10:08:49 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2006/08/23 10:08:43 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\34CoInstaller.dll
[2006/08/23 03:05:51 | 000,004,205 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/08/23 03:04:51 | 000,353,872 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/08/23 02:30:34 | 000,014,295 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2006/08/23 02:30:33 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2006/08/23 02:30:30 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2006/08/23 02:20:25 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/08/23 02:16:19 | 000,021,900 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/08/22 21:03:04 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\andres1\Configuración local\Datos de programa\fusioncache.dat
[2006/03/02 14:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/03/02 14:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/03/02 14:00:00 | 000,508,650 | ---- | C] () -- C:\WINDOWS\System32\perfh00A.dat
[2006/03/02 14:00:00 | 000,444,424 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/03/02 14:00:00 | 000,317,534 | ---- | C] () -- C:\WINDOWS\System32\perfi00A.dat
[2006/03/02 14:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/03/02 14:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/03/02 14:00:00 | 000,091,960 | ---- | C] () -- C:\WINDOWS\System32\perfc00A.dat
[2006/03/02 14:00:00 | 000,072,300 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/03/02 14:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/03/02 14:00:00 | 000,036,284 | ---- | C] () -- C:\WINDOWS\System32\perfd00A.dat
[2006/03/02 14:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/03/02 14:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/03/02 14:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/03/02 14:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/03/02 14:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2005/01/29 03:25:57 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\avi.dll
[2005/01/29 03:25:42 | 000,091,136 | ---- | C] () -- C:\WINDOWS\System32\mkx.dll
[2004/12/20 12:03:26 | 000,679,936 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2003/09/16 17:52:30 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2003/09/16 17:43:32 | 000,884,736 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2003/09/16 17:41:44 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2003/08/07 15:01:52 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2003/04/11 13:14:14 | 000,005,827 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/11/15 14:11:26 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\MMSwitch.dll
[2002/03/07 00:19:16 | 000,454,656 | ---- | C] () -- C:\WINDOWS\System32\PaintX.dll
========== LOP Check ==========
[2009/11/04 19:49:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\kinoma
[2010/06/19 12:29:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\Panda Security
[2007/11/06 20:11:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\sentinel
[2009/09/17 12:01:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/11/05 13:19:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\andres1\Datos de programa\calibre
[2008/03/11 22:53:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\andres1\Datos de programa\DataCast
[2009/01/27 11:54:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\andres1\Datos de programa\Dev-Cpp
[2010/10/21 20:47:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\andres1\Datos de programa\inkscape
[2009/09/28 13:54:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\andres1\Datos de programa\LG Electronics
[2007/11/07 20:10:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\andres1\Datos de programa\Mp3tag
[2007/08/23 04:00:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\andres1\Datos de programa\Opera
[2010/06/19 12:29:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\andres1\Datos de programa\Panda Security
[2009/01/09 16:11:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\andres1\Datos de programa\SmarThru4
[2011/04/25 08:07:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\andres1\Datos de programa\Spotify
[2010/01/07 13:29:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\andres1\Datos de programa\Thunderbird
========== Purity Check ==========
< End of report >
Extras.txt:
OTL Extras logfile created on: 12/05/2011 18:42:06 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\andres1\Escritorio
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000C0A | Country: España | Language: ESN | Date Format: dd/MM/yyyy
1.023,00 Mb Total Physical Memory | 796,00 Mb Available Physical Memory | 78,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 97,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Archivos de programa
Drive C: | 298,08 Gb Total Space | 1,10 Gb Free Space | 0,37% Space Free | Partition Type: NTFS
Drive E: | 218,97 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name: ANDRES-15E02CCC | User Name: andres1 | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Archivos de programa\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
.jse [@ = JSEFile] -- C:\Archivos de programa\Panda Security\Panda Antivirus Pro 2010\PAVSCRIP.EXE (Panda Security, S.L.)
.wsf [@ = WSFFile] -- C:\Archivos de programa\Panda Security\Panda Antivirus Pro 2010\PAVSCRIP.EXE (Panda Security, S.L.)
.wsh [@ = WSHFile] -- C:\Archivos de programa\Panda Security\Panda Antivirus Pro 2010\PAVSCRIP.EXE (Panda Security, S.L.)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
https [open] -- "C:\Archivos de programa\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
jsefile [open] -- C:\ARCHIV~1\PANDAS~2\PANDAA~1\PAVSCRIP.EXE "%1" %* (Panda Security, S.L.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
wsffile [open] -- C:\ARCHIV~1\PANDAS~2\PANDAA~1\PAVSCRIP.EXE "%1" %* (Panda Security, S.L.)
wshfile [open] -- C:\ARCHIV~1\PANDAS~2\PANDAA~1\PAVSCRIP.EXE "%1" %* (Panda Security, S.L.)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
"DisableMonitoring" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
"DisableMonitoring" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Archivos de programa\Spotify\spotify.exe" = C:\Archivos de programa\Spotify\spotify.exe:*:Enabled:Spotify -- (Spotify Ltd)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0134A1A1-C283-4A47-91A1-92F19F960372}" = Adobe Creative Suite 2
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{0E6AB9FC-76C2-431B-9C06-6C1CFFFEA8EB}" = Ad-Aware 2007
"{0EEEC9BE-0571-4AD9-9F5F-2957EA414D3C}" = Instalable módulo criptográfico DNIe
"{14D08502-FEE4-40E5-90D3-8A967A1D8BA2}" = Readiris Pro 10
"{17E2F183-BAC4-4D01-BD7A-59F781E17EFA}" = REALTEK PCIE NIC Driver
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Herramienta de carga de Windows Live
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{236BB7C4-4419-42FD-0C0A-1E257A25E34D}" = Adobe Photoshop CS2
"{24B4E125-B77F-E91F-0A65-43F4A3BE1034}" = Nero 7 Demo
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 13
"{2C8B0579-46E6-4088-8E57-44833265798F}" = THE HOUSE OF THE DEAD 2
"{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}" = Logitech SetPoint
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{32A3A4F4-B792-11D6-A78A-00B0D0160130}" = Java(TM) SE Development Kit 6 Update 13
"{350C9C0A-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36CDA33B-909B-4719-97D1-C4B99309BDC7}" = ATI Parental Control & Encoder
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}" = ATI HYDRAVISION
"{590B11BB-7FF9-4D4F-A9E8-E8165BF88381}" = Panda Antivirus Pro 2010
"{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver
"{61D8C205-934A-428C-9429-FC8DF207D78E}" = Microsoft Xbox 360 Accessories 1.1
"{631A0B87-B0B7-4B47-00A2-119A4B942EB6}" = Clive Barker's Undying(tm)
"{68EB2C37-083A-4303-B5D8-41FA67E50B8F}_is1" = poEdit
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{7593234B-2AEB-4FC9-B02D-C9B30D86084C}" = Windows Live Asistente para el inicio de sesión
"{786C5747-1437-443D-B06E-79A00FE45110}" = Adobe Stock Photos 1.0
"{85AC0FFA-643D-3103-9310-7086ECB0C36C}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - ESN
"{8EDBA74D-0686-4C99-BFDD-F894678E5103}" = Adobe Common File Installer
"{8F94D5AC-C1C6-432D-8924-2F5EEBC28446}" = Windows Live Essentials
"{90110C0A-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0C0A-0000-0000000FF1CE}" = Paquete de compatibilidad para 2007 Office system
"{90F1943D-EA4A-4460-B59F-30023F3BA69A}" = SmarThru 4
"{92E4A65F-7007-3357-A69A-167F71A337BD}" = Microsoft .NET Framework 3.5 Language Pack SP1 - esn
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{998D6972-F58E-479D-9248-8F179E55AE38}" = Java DB 10.4.1.3
"{9CC826E7-4848-4CB2-A3F6-A24356CAB464}" = PRS-505 User's Guide
"{A0EAB3BE-AC3F-4F9F-ACC0-ED1809B607E3}" = eBook Library by Sony
"{A0FC458F-AA6E-430A-B91C-1D6640B4B149}" = Comic Life
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1034-7B44-A82000000003}" = Adobe Reader 8.2.6 - Español
"{AC76BA86-7AD7-5760-0000-800000000003}" = Japanese Fonts Support For Adobe Reader 8
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B418F434-15CD-4B68-A022-CFE0DB92A6F9}" = THE HOUSE OF THE DEAD 3
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B74D4E10-6884-0000-0000-000000000101}" = Adobe Bridge 1.0
"{BDEDB104-4067-3D5E-81F0-DBEBFE856B45}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - ESN
"{BEC001F9-0451-4396-92D7-E1A4E7854BF3}" = Windows Live Mail
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C20CE592-B0F8-4D20-BF31-0151CA6331A6}" = Samsung Media Studio
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{C49DAA9C-5BA8-459A-8244-E57B69DF0F04}" = Suite Specific
"{C72F5578-8925-4029-948D-1E0EE9128E74}" = ATI Catalyst Control Center
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D050D7362D214723AD585B541FFB6C11}" = DivX Content Uploader
"{DEB40C7A-CBDA-4941-9EA5-FA81059BA4B3}" = calibre
"{E06DBD80-CD9B-4A3F-BD83-ED1AA4CB1E3A}" = Capicom 2.1.0.2 FNMT-RCM
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E55FB276-73C9-4776-AB53-BC028C0509ED}" = Panda Antivirus Pro 2010
"{E9787678-551D-4478-9682-DBB587257110}" = Adobe Help Center 1.0
"{EC2A8F27-4FBF-4E41-B27B-FE822511B761}" = iTunes
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{FC87BEA8-5582-476C-A754-41F3A9D976D4}" = AVerTV 6.0
"2000th FireStorm screensaver_is1" = 2000th FireStorm screensaver v2.5
"75070B1806113224B16C70296B90DD1AD8A53479" = Windows Driver Package - Sony Corporation (PRSUSB) USB (08/08/2006 1.0.03.08080)
"7-Zip" = 7-Zip 4.42
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"All ATI Software" = ATI - Utilidad de desinstalación de software
"ATI Display Driver" = ATI Display Driver
"Audacity_is1" = Audacity 1.2.6
"AVerMedia A16D (Hybrid DVB-T and NTSC/PAL/SECAM/FM)" = AVerMedia A16D (Hybrid DVB-T and NTSC/PAL/SECAM/FM) 3.5.0.22
"AVI MPEG RM WMV Joiner_is1" = AVI/MPEG/RM/WMV Joiner 4.82
"AVI Splitter_is1" = AVI Splitter
"CCleaner" = CCleaner
"CDisplay_is1" = CDisplay 1.8
"CutePDF Writer Installation" = CutePDF Writer 2.8
"Dev-C++" = Dev-C++ 5 beta 9 release (4.9.9.2)
"DivX Total Pack" = DivX Total Pack
"EditPlus 2" = EditPlus 2
"eMule" = eMule
"ERUNT_is1" = ERUNT 1.1j
"ESET Online Scanner" = ESET Online Scanner v3
"EVEREST Home Edition_is1" = EVEREST Home Edition v1.51
"FileZilla" = FileZilla (remove only)
"GIF Animator" = Microsoft GIF Animator
"Hard Disk Low Level Format Tool_is1" = Hard Disk Low Level Format Tool 2.36 build 1181
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"Inkscape" = Inkscape 0.48.0
"Instalacion_CSP_WG10_v2.1_2.1" = CerTUI v1.3.0
"InstallShield_{0EEEC9BE-0571-4AD9-9F5F-2957EA414D3C}" = Instalable módulo criptográfico DNIe
"InstallShield_{FC87BEA8-5582-476C-A754-41F3A9D976D4}" = AVerTV 6.0
"IrfanView" = IrfanView (remove only)
"LADSPA_plugins-win_is1" = LADSPA_plugins-win-0.4.15
"Language pack for Ad-Aware SE" = Language pack for Ad-Aware SE
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - esn" = Paquete de idioma de Microsoft .NET Framework 3.5 SP1 - esn
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.17)" = Mozilla Firefox (3.6.17)
"Mp3tag" = Mp3tag v2.39
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"oggcodecs" = oggcodecs 0.71.0946
"RealAlt_is1" = Real Alternative 1.51
"RENT2008" = RENTA 2008
"Samsung SCX-4500 Series" = Samsung SCX-4500 Series
"Spotify" = Spotify
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.4
"TUGZip_is1" = TUGZip 3.4
"VLC media player" = VideoLAN VLC media player 0.8.5
"Wdf01001" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.1
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Reproductor de Windows Media 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 08/05/2011 13:24:41 | Computer Name = ANDRES-15E02CCC | Source = crypt32 | ID = 131080
Description = Error en la recuperación de actualización automática del número de
secuencia de la lista raíz de terceros de: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
con el error: The connection with the server was terminated abnormally
Error - 08/05/2011 13:24:42 | Computer Name = ANDRES-15E02CCC | Source = crypt32 | ID = 131080
Description = Error en la recuperación de actualización automática del número de
secuencia de la lista raíz de terceros de: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
con el error: No existe esta conexión de red.
Error - 08/05/2011 13:25:40 | Computer Name = ANDRES-15E02CCC | Source = crypt32 | ID = 131083
Description = Error en la extracción de la lista raíz de terceros del archivo .CAB
actualizado automáticamente: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
con el error: Un certificado requerido no se encuentra dentro del periodo de validez
cuando se ha realizado la comprobación con el reloj de sistema actual o con la
marca de fecha y hora en el archivo firmado.
Error - 08/05/2011 13:25:40 | Computer Name = ANDRES-15E02CCC | Source = crypt32 | ID = 131080
Description = Error en la recuperación de actualización automática del número de
secuencia de la lista raíz de terceros de: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
con el error: The connection with the server was terminated abnormally
Error - 08/05/2011 13:25:41 | Computer Name = ANDRES-15E02CCC | Source = crypt32 | ID = 131083
Description = Error en la extracción de la lista raíz de terceros del archivo .CAB
actualizado automáticamente: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
con el error: Un certificado requerido no se encuentra dentro del periodo de validez
cuando se ha realizado la comprobación con el reloj de sistema actual o con la
marca de fecha y hora en el archivo firmado.
Error - 08/05/2011 13:25:41 | Computer Name = ANDRES-15E02CCC | Source = crypt32 | ID = 131080
Description = Error en la recuperación de actualización automática del número de
secuencia de la lista raíz de terceros de: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
con el error: No existe esta conexión de red.
Error - 08/05/2011 13:34:20 | Computer Name = ANDRES-15E02CCC | Source = crypt32 | ID = 131083
Description = Error en la extracción de la lista raíz de terceros del archivo .CAB
actualizado automáticamente: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
con el error: Un certificado requerido no se encuentra dentro del periodo de validez
cuando se ha realizado la comprobación con el reloj de sistema actual o con la
marca de fecha y hora en el archivo firmado.
Error - 08/05/2011 13:34:20 | Computer Name = ANDRES-15E02CCC | Source = crypt32 | ID = 131080
Description = Error en la recuperación de actualización automática del número de
secuencia de la lista raíz de terceros de: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
con el error: The connection with the server was terminated abnormally
Error - 11/05/2011 4:58:02 | Computer Name = ANDRES-15E02CCC | Source = crypt32 | ID = 131080
Description = Error en la recuperación de actualización automática del número de
secuencia de la lista raíz de terceros de: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
con el error: The server name or address could not be resolved
Error - 11/05/2011 4:58:02 | Computer Name = ANDRES-15E02CCC | Source = crypt32 | ID = 131080
Description = Error en la recuperación de actualización automática del número de
secuencia de la lista raíz de terceros de: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
con el error: No existe esta conexión de red.
[ System Events ]
Error - 11/05/2011 12:31:52 | Computer Name = ANDRES-15E02CCC | Source = DCOM | ID = 10005
Description = DCOM ha obtenido un error "%1084" al intentar iniciar el servicio
StiSvc con argumentos "" para ejecutar el servidor: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
Error - 11/05/2011 12:33:57 | Computer Name = ANDRES-15E02CCC | Source = DCOM | ID = 10005
Description = DCOM ha obtenido un error "%1084" al intentar iniciar el servicio
StiSvc con argumentos "" para ejecutar el servidor: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
Error - 11/05/2011 12:47:05 | Computer Name = ANDRES-15E02CCC | Source = DCOM | ID = 10005
Description = DCOM ha obtenido un error "%1084" al intentar iniciar el servicio
EventSystem con argumentos "" para ejecutar el servidor: {1BE1F766-5536-11D1-B726-00C04FB926AF}
Error - 11/05/2011 12:48:52 | Computer Name = ANDRES-15E02CCC | Source = DCOM | ID = 10005
Description = DCOM ha obtenido un error "%1084" al intentar iniciar el servicio
EventSystem con argumentos "" para ejecutar el servidor: {1BE1F766-5536-11D1-B726-00C04FB926AF}
Error - 11/05/2011 12:49:46 | Computer Name = ANDRES-15E02CCC | Source = Service Control Manager | ID = 7026
Description = El controlador de inicialización siguiente no se cargó correctamente:
APPFLT AsIO DSAFLT Fips FNETMON IDSFLT intelppm pavboot ShldDrv WNMFLT
Error - 11/05/2011 19:13:07 | Computer Name = ANDRES-15E02CCC | Source = DCOM | ID = 10005
Description = DCOM ha obtenido un error "%1084" al intentar iniciar el servicio
StiSvc con argumentos "" para ejecutar el servidor: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
Error - 11/05/2011 19:20:25 | Computer Name = ANDRES-15E02CCC | Source = DCOM | ID = 10005
Description = DCOM ha obtenido un error "%1084" al intentar iniciar el servicio
EventSystem con argumentos "" para ejecutar el servidor: {1BE1F766-5536-11D1-B726-00C04FB926AF}
Error - 12/05/2011 3:53:11 | Computer Name = ANDRES-15E02CCC | Source = DCOM | ID = 10005
Description = DCOM ha obtenido un error "%1084" al intentar iniciar el servicio
EventSystem con argumentos "" para ejecutar el servidor: {1BE1F766-5536-11D1-B726-00C04FB926AF}
Error - 12/05/2011 3:54:02 | Computer Name = ANDRES-15E02CCC | Source = Service Control Manager | ID = 7026
Description = El controlador de inicialización siguiente no se cargó correctamente:
APPFLT AsIO DSAFLT Fips FNETMON IDSFLT intelppm pavboot ShldDrv WNMFLT
Error - 12/05/2011 11:29:47 | Computer Name = ANDRES-15E02CCC | Source = DCOM | ID = 10005
Description = DCOM ha obtenido un error "%1084" al intentar iniciar el servicio
StiSvc con argumentos "" para ejecutar el servidor: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
< End of report >
Download and Run SystemLook
Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1 (http://jpshortstuff.247fixes.com/SystemLook.exe)
Download Mirror #2 (http://images.malwareremoval.com/jpshortstuff/SystemLook.exe)
Double-click SystemLook.exe to run it.
Copy the content of the following codebox into the main textfield:
:service
srvA50
ckfhatpqubgol
Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
Open OTL.exe
Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
:processes
killallprocesses
:OTL
:Services
:Reg
:Files
ipconfig /release /c
ipconfig /renew /c
ipconfig /flushdns /c
:Commands
[purity]
[resethosts]
[emptytemp]
[start explorer]
[Reboot]
Then click the Run Fix button at the top. <--Not run Scan
Let the program run unhindered, reboot when it is done
Then post the results of the log it produces.
Then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )
SystemLook 04.09.10 by jpshortstuff
Log created at 19:33 on 12/05/2011 by andres1
Administrator - Elevation successful
========== filefind ==========
Searching for "srvA50"
No files found.
Searching for "ckfhatpqubgol"
No files found.
========== folderfind ==========
Searching for "srvA50"
No folders found.
Searching for "ckfhatpqubgol"
No folders found.
========== regfind ==========
Searching for "srvA50"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost]
"netsvcs"="srvA50 6to4 AppMgmt AudioSrv Browser CryptSvc DMServer DHCP ERSvc EventSystem FastUserSwitchingCompatibility HidServ Ias Iprip Irmon LanmanServer LanmanWorkstation Messenger Netman Nla Ntmssvc NWCWorkstation Nwsapagent Rasauto Rasman Remoteaccess Schedule Seclogon SENS Sharedaccess SRService Tapisrv Themes TrkWks W32Time WZCSVC Wmi WmdmPmSp winmgmt wscsvc xmlprov BITS wuauserv ShellHWDetection helpsvc WmdmPmSN napagent hkmsvc"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\srvA50]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SRVA50]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SRVA50\0000]
"Service"="srvA50"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SRVA50\0000]
"DeviceDesc"="srvA50"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srvA50]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srvA50]
"DisplayName"="srvA50"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srvA50\parameters]
"servicedll"="\\?\globalroot\Device\HarddiskVolume1\WINDOWS\Temp\srvA50.tmp"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srvA50\Enum]
"0"="Root\LEGACY_SRVA50\0000"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\SafeBoot\Minimal\srvA50]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SRVA50]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SRVA50\0000]
"Service"="srvA50"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SRVA50\0000]
"DeviceDesc"="srvA50"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\srvA50]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\srvA50]
"DisplayName"="srvA50"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\srvA50\parameters]
"servicedll"="\\?\globalroot\Device\HarddiskVolume1\WINDOWS\Temp\srvA50.tmp"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\srvA50]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SRVA50]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SRVA50\0000]
"Service"="srvA50"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SRVA50\0000]
"DeviceDesc"="srvA50"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srvA50]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srvA50]
"DisplayName"="srvA50"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srvA50\parameters]
"servicedll"="\\?\globalroot\Device\HarddiskVolume1\WINDOWS\Temp\srvA50.tmp"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srvA50\Enum]
"0"="Root\LEGACY_SRVA50\0000"
Searching for "ckfhatpqubgol"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CKFHATPQUBGOL]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CKFHATPQUBGOL\0000]
"Service"="ckfhatpqubgol"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CKFHATPQUBGOL\0000]
"DeviceDesc"="ckfhatpqubgol"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ckfhatpqubgol]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ckfhatpqubgol]
"DisplayName"="ckfhatpqubgol"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ckfhatpqubgol\Enum]
"0"="Root\LEGACY_CKFHATPQUBGOL\0000"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_CKFHATPQUBGOL]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_CKFHATPQUBGOL\0000]
"Service"="ckfhatpqubgol"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_CKFHATPQUBGOL\0000]
"DeviceDesc"="ckfhatpqubgol"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\ckfhatpqubgol]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\ckfhatpqubgol]
"DisplayName"="ckfhatpqubgol"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CKFHATPQUBGOL]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CKFHATPQUBGOL\0000]
"Service"="ckfhatpqubgol"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CKFHATPQUBGOL\0000]
"DeviceDesc"="ckfhatpqubgol"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ckfhatpqubgol]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ckfhatpqubgol]
"DisplayName"="ckfhatpqubgol"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ckfhatpqubgol\Enum]
"0"="Root\LEGACY_CKFHATPQUBGOL\0000"
-= EOF =-
All processes killed
========== PROCESSES ==========
========== OTL ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
< ipconfig /release /c >
Configuración IP de Windows
Adaptador Ethernet Conexión de área local :
Sufijo de conexión específica DNS :
Dirección IP. . . . . . . . . . . : 0.0.0.0
Máscara de subred . . . . . . . . : 0.0.0.0
Puerta de enlace predeterminada :
C:\Documents and Settings\andres1\Escritorio\cmd.bat deleted successfully.
C:\Documents and Settings\andres1\Escritorio\cmd.txt deleted successfully.
< ipconfig /renew /c >
Configuración IP de Windows
Adaptador Ethernet Conexión de área local :
Sufijo de conexión específica DNS : home
Dirección IP. . . . . . . . . . . : 192.168.1.12
Máscara de subred . . . . . . . . : 255.255.255.0
Puerta de enlace predeterminada : 192.168.1.1
C:\Documents and Settings\andres1\Escritorio\cmd.bat deleted successfully.
C:\Documents and Settings\andres1\Escritorio\cmd.txt deleted successfully.
< ipconfig /flushdns /c >
Configuración IP de Windows
Se vació con éxito la caché de resolución de DNS.
C:\Documents and Settings\andres1\Escritorio\cmd.bat deleted successfully.
C:\Documents and Settings\andres1\Escritorio\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: Administrador
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: All Users
User: andres1
->Temp folder emptied: 1872868169 bytes
->Temporary Internet Files folder emptied: 7572501 bytes
->Java cache emptied: 2739597 bytes
->FireFox cache emptied: 68081196 bytes
->Flash cache emptied: 201851 bytes
User: Carmen
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 1191 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2148798 bytes
%systemroot%\System32 .tmp files removed: 3765597 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 664 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 1.867,00 mb
OTL by OldTimer - Version 3.2.22.3 log created on 05122011_194434
Files\Folders moved on Reboot...
C:\Documents and Settings\andres1\Configuración local\Archivos temporales de Internet\Content.IE5\RTD8NKKN\showthread[2].htm moved successfully.
C:\Documents and Settings\andres1\Configuración local\Archivos temporales de Internet\AntiPhishing\A0AB7674-8D67-4F4D-B5E1-96FAEADFB79D.dat moved successfully.
Registry entries deleted on Reboot...
OTL logfile created on: 12/05/2011 19:51:44 - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\andres1\Escritorio
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000C0A | Country: España | Language: ESN | Date Format: dd/MM/yyyy
1.023,00 Mb Total Physical Memory | 797,00 Mb Available Physical Memory | 78,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 97,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Archivos de programa
Drive C: | 298,08 Gb Total Space | 2,93 Gb Free Space | 0,98% Space Free | Partition Type: NTFS
Drive E: | 218,97 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name: ANDRES-15E02CCC | User Name: andres1 | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Documents and Settings\andres1\Escritorio\OTL.exe (OldTimer Tools)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
========== Modules (SafeList) ==========
MOD - C:\Documents and Settings\andres1\Escritorio\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
========== Win32 Services (SafeList) ==========
SRV - (srvA50) -- File not found
SRV - (ckfhatpqubgol) -- File not found
SRV - (AppMgmt) -- File not found
SRV - (PAVSRV) -- C:\Archivos de programa\Panda Security\Panda Antivirus Pro 2010\pavsrv51.exe (Panda Security, S.L.)
SRV - (Apple Mobile Device) -- C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (PskSvcRetail) -- C:\Archivos de programa\Panda Security\Panda Antivirus Pro 2010\PskSvc.exe (Panda Security, S.L.)
SRV - (Panda Software Controller) -- C:\Archivos de programa\Panda Security\Panda Antivirus Pro 2010\PsCtrls.exe (Panda Security, S.L.)
SRV - (PAVFNSVR) -- C:\Archivos de programa\Panda Security\Panda Antivirus Pro 2010\PavFnSvr.exe (Panda Security, S.L.)
SRV - (TPSrv) -- C:\Archivos de programa\Panda Security\Panda Antivirus Pro 2010\TPSrv.exe (Panda Security, S.L.)
SRV - (PSHost) -- C:\Archivos de programa\Panda Security\Panda Antivirus Pro 2010\Firewall\PSHOST.EXE (Panda Security International)
SRV - (Gwmsrv) -- C:\Archivos de programa\Panda Security\Panda Antivirus Pro 2010\GWMsrv.dll (Panda Security, S.L.)
SRV - (PSIMSVC) -- C:\Archivos de programa\Panda Security\Panda Antivirus Pro 2010\PsImSvc.exe (Panda Security S.L.)
SRV - (aawservice) -- C:\Archivos de programa\Lavasoft\Ad-Aware 2007\aawservice.exe (Lavasoft)
SRV - (Sony SCSI Helper Service) -- C:\Archivos de programa\Archivos comunes\Sony Shared\Fsk\SonySCSIHelperService.exe (Sony Corporation)
SRV - (PavPrSrv) -- C:\Archivos de programa\Archivos comunes\Panda Security\PavShld\pavprsrv.exe (Panda Security, S.L.)
SRV - (Adobe LM Service) -- C:\Archivos de programa\Archivos comunes\Adobe Systems Shared\Service\Adobelmsvc.exe (Adobe Systems)
SRV - (ose) -- C:\Archivos de programa\Archivos comunes\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (APPFLT) -- C:\WINDOWS\system32\drivers\APPFLT.SYS (Panda Security, S.L.)
DRV - (NETIMFLT01060039) -- C:\WINDOWS\system32\drivers\neti1639.sys (Panda Security, S.L.)
DRV - (PavProc) -- C:\WINDOWS\system32\drivers\PavProc.sys (Panda Security, S.L.)
DRV - (pavboot) -- C:\WINDOWS\system32\Drivers\pavboot.sys (Panda Security, S.L.)
DRV - (WNMFLT) -- C:\WINDOWS\system32\drivers\wnmflt.sys (Panda Security, S.L.)
DRV - (NETFLTDI) -- C:\WINDOWS\system32\drivers\NETFLTDI.SYS (Panda Security, S.L.)
DRV - (IDSFLT) -- C:\WINDOWS\system32\drivers\idsflt.sys (Panda Security, S.L.)
DRV - (DSAFLT) -- C:\WINDOWS\system32\drivers\dsaflt.sys (Panda Security, S.L.)
DRV - (RkPavproc1) -- C:\WINDOWS\system32\drivers\RkPavproc1.sys (Panda Security, S.L.)
DRV - (USBModem) -- C:\WINDOWS\system32\drivers\lgusbmodem.sys (LG Electronics Inc.)
DRV - (UsbDiag) -- C:\WINDOWS\system32\drivers\lgusbdiag.sys (LG Electronics Inc.)
DRV - (usbbus) -- C:\WINDOWS\system32\drivers\lgusbbus.sys (LG Electronics Inc.)
DRV - (PAVDRV) -- C:\WINDOWS\system32\drivers\pavdrv51.sys (Panda Security, S.L.)
DRV - (USB_RNDIS) -- C:\WINDOWS\system32\drivers\usb8023.sys (Microsoft Corporation)
DRV - (MPE) -- C:\WINDOWS\system32\drivers\mpe.sys (Microsoft Corporation)
DRV - (FNETMON) -- C:\WINDOWS\system32\drivers\fnetmon.sys (Panda Security, S.L.)
DRV - (ShldDrv) -- C:\WINDOWS\system32\drivers\ShlDrv51.sys (Panda Security, S.L.)
DRV - (PRISM_A02) -- C:\WINDOWS\system32\drivers\PRISMA02.sys (Conexant Systems, Inc.)
DRV - (DgiVecp) -- C:\WINDOWS\system32\drivers\DGIVECP.SYS (Samsung Electronics Co., Ltd.)
DRV - (xusb20) -- C:\WINDOWS\system32\drivers\xusb20.sys (Microsoft Corporation)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (USBCCID) -- C:\WINDOWS\system32\drivers\usbccid.sys (Microsoft Corporation)
DRV - (AVerBDA) -- C:\WINDOWS\system32\drivers\AVerBDA3x.sys (AVerMedia TECHNOLOGIES, Inc.)
DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation )
DRV - (SenFiltService) -- C:\WINDOWS\system32\drivers\senfilt.sys (Sensaura)
DRV - (LHidKe) -- C:\WINDOWS\system32\drivers\LHidKE.Sys (Logitech, Inc.)
DRV - (LMouKE) -- C:\WINDOWS\system32\drivers\LMouKE.Sys (Logitech, Inc.)
DRV - (L8042mou) -- C:\WINDOWS\system32\drivers\L8042MOU.SYS (Logitech, Inc.)
DRV - (L8042Kbd) -- C:\WINDOWS\system32\drivers\L8042Kbd.SYS (Logitech, Inc.)
DRV - (HdAudAddService) -- C:\WINDOWS\system32\drivers\Hdaudio.sys (Windows (R) Server 2003 DDK provider)
DRV - (AsIO) -- C:\WINDOWS\system32\drivers\AsIO.sys ()
DRV - (MTsensor) -- C:\WINDOWS\system32\drivers\ASACPI.sys ()
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-842925246-1284227242-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.es/
IE - HKU\S-1-5-21-842925246-1284227242-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..extensions.enabledItems: YoutubeDownloader@PeterOlayev.com:1.5
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: acotec@acotec.es:2.2.2
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Archivos de programa\Mozilla Firefox\components [2011/04/30 03:22:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Archivos de programa\Mozilla Firefox\plugins [2011/04/30 03:21:53 | 000,000,000 | ---D | M]
[2010/01/07 13:30:04 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\andres1\Datos de programa\Mozilla\Extensions
[2010/01/07 13:30:04 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\andres1\Datos de programa\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/04/29 11:43:34 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\andres1\Datos de programa\Mozilla\Firefox\Profiles\d7wjsik5.default\extensions
[2010/06/27 18:57:24 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\andres1\Datos de programa\Mozilla\Firefox\Profiles\d7wjsik5.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/03/13 13:41:55 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Documents and Settings\andres1\Datos de programa\Mozilla\Firefox\Profiles\d7wjsik5.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2010/09/01 19:50:07 | 000,000,000 | ---D | M] (1-Click YouTube Video Downloader) -- C:\Documents and Settings\andres1\Datos de programa\Mozilla\Firefox\Profiles\d7wjsik5.default\extensions\YoutubeDownloader@PeterOlayev.com
[2009/04/21 09:40:25 | 000,001,032 | ---- | M] () -- C:\Documents and Settings\andres1\Datos de programa\Mozilla\Firefox\Profiles\d7wjsik5.default\searchplugins\wikipedia-eng.xml
[2011/04/29 11:43:34 | 000,000,000 | ---D | M] (No name found) -- C:\Archivos de programa\Mozilla Firefox\extensions
[2011/04/12 20:32:03 | 000,000,000 | ---D | M] (Acotec PKCS#11) -- C:\Archivos de programa\Mozilla Firefox\extensions\acotec@acotec.es
[2009/03/28 20:04:34 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\ARCHIVOS DE PROGRAMA\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/10/11 12:22:59 | 000,003,996 | ---- | M] () -- C:\Archivos de programa\Mozilla Firefox\searchplugins\drae.xml
[2010/10/11 12:22:59 | 000,000,751 | ---- | M] () -- C:\Archivos de programa\Mozilla Firefox\searchplugins\eBay-es.xml
[2010/10/11 12:22:59 | 000,001,178 | ---- | M] () -- C:\Archivos de programa\Mozilla Firefox\searchplugins\wikipedia-es.xml
[2010/10/11 12:22:59 | 000,001,102 | ---- | M] () -- C:\Archivos de programa\Mozilla Firefox\searchplugins\yahoo-es.xml
O1 HOSTS File: ([2011/05/12 19:44:45 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Aplicación auxiliar de vínculos de Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Archivos comunes\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Windows Live Aplicación auxiliar de inicio de sesión) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe ARM] C:\Archivos de programa\Archivos comunes\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APVXDWIN] C:\Archivos de programa\Panda Security\Panda Antivirus Pro 2010\APVXDWIN.EXE (Panda Security, S.L.)
O4 - HKLM..\Run: [CERTUI] C:\Archivos de programa\ACOTEC\CerTUI\CerTui.exe (Acotec SmartCard Solutions)
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\HdAShCut.exe (Windows (R) Server 2003 DDK provider)
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Archivos de programa\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Archivos de programa\Archivos comunes\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [RegistrarUsrDNIeCertStoreDLL] C:\Archivos de programa\DNIe\udcs.exe ()
O4 - HKLM..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe ()
O4 - HKLM..\Run: [SCANINICIO] C:\Archivos de programa\Panda Security\Panda Antivirus Pro 2010\Inicio.exe (Panda Security, S.L.)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Archivos de programa\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Menú Inicio\Programas\Inicio\Logitech SetPoint.lnk = C:\Archivos de programa\Logitech\SetPoint\SetPoint.exe (Logitech Inc.)
O4 - Startup: C:\Documents and Settings\andres1\Menú Inicio\Programas\Inicio\CerTui.lnk = C:\Archivos de programa\ACOTEC\CerTUI\CerTui.exe (Acotec SmartCard Solutions)
O4 - Startup: C:\Documents and Settings\andres1\Menú Inicio\Programas\Inicio\Uninstall CerTUI.lnk = C:\WINDOWS\CerTUI\uninstall.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUA = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-842925246-1284227242-839522115-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-842925246-1284227242-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-842925246-1284227242-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-842925246-1284227242-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Archivos de programa\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-842925246-1284227242-839522115-1004\..Trusted Domains: fnmt.es ([www.cert] http in Sitios de confianza)
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} http://downloads.ewido.net/ewidoOnlineScan.cab (ewidoOnlineScan Control)
O16 - DPF: {1C4C6BC7-91F1-4FD3-A208-B07B6C1BDBFB} https://www.juntadeandalucia.es/economiayhacienda/apl/surnet/firma/instalacion/SignV2.cab (Firma1Fase @firma5 Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos-beta/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {A996E48C-D3DC-4244-89F7-AFA33EC60679} https://www.cert.fnmt.es/content/pages_std/ficheros_apps_usuarios/capicom.cab (Settings Class)
O16 - DPF: {B785FA3C-1DE9-4D20-8396-613C486FE95E} https://www1.aeat.es/imagenes/comun/cactivex.cab (AeatCtl Class)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avldr: DllName - avldr.dll - C:\WINDOWS\System32\avldr.dll (Panda Security, S.L.)
O24 - Desktop Components:0 (Mi página de inicio actual) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\andres1\Configuración local\Datos de programa\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\andres1\Configuración local\Datos de programa\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {88485281-8b4b-4f8d-9ede-82e29a064277} - C:\Archivos de programa\MarkAny\ContentSafer\MACSMANAGER.dll (MarkAny Cooperation.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/08/23 02:18:40 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk /r \??\F:) - File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/05/12 19:44:34 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/05/12 18:38:59 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\andres1\Escritorio\OTL.exe
[2011/05/11 21:06:45 | 000,000,000 | ---D | C] -- C:\Archivos de programa\ESET
[2011/05/11 18:41:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\andres1\Datos de programa\Malwarebytes
[2011/05/11 18:40:52 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/11 18:40:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Datos de programa\Malwarebytes
[2011/05/11 18:40:49 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/05/11 18:40:49 | 000,000,000 | ---D | C] -- C:\Archivos de programa\Malwarebytes' Anti-Malware
[2011/05/11 18:30:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\andres1\Escritorio\erunt
[2011/05/11 18:28:50 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/05/11 14:25:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/05/11 14:14:49 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/05/11 13:25:53 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/05/11 13:25:53 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/05/11 13:25:53 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/05/11 13:25:53 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/05/11 13:22:32 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/05/11 00:01:25 | 000,000,000 | ---D | C] -- C:\safecd
[2011/05/10 21:05:02 | 000,000,000 | ---D | C] -- C:\pavsig
[2011/05/09 17:55:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\andres1\Escritorio\CARMEN
[2011/05/09 17:49:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\andres1\Escritorio\CV
[2011/05/08 18:59:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/05/08 18:57:34 | 000,000,000 | ---D | C] -- C:\Archivos de programa\ERUNT
[2011/05/05 18:12:06 | 000,000,000 | ---D | C] -- C:\PANDA
[2011/05/01 13:46:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\andres1\Escritorio\GooredFix Backups
[2011/05/01 13:45:42 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Documents and Settings\andres1\Escritorio\GooredFix.exe
[2011/05/01 13:39:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\andres1\Escritorio\shazam
[2011/04/30 18:39:03 | 000,016,648 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\RkPavproc1.sys
[2011/04/30 01:51:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Datos de programa\Macromedia
[2011/04/30 01:51:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Datos de programa\Adobe
[2011/04/25 10:18:16 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2011/04/22 14:57:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\andres1\Escritorio\VALENCIA
[2011/04/13 20:19:48 | 000,196,608 | ---- | C] (A.E.A.T.) -- C:\aeat.dll
[2011/04/13 20:19:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\andres1\Escritorio\cactivex
[2011/04/13 20:18:54 | 000,196,608 | ---- | C] (A.E.A.T.) -- C:\Documents and Settings\andres1\Escritorio\aeat.dll
[2011/04/12 22:24:21 | 000,000,000 | ---D | C] -- C:\Archivos de programa\DNIe
[2011/04/12 20:32:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\CerTUI
[2011/04/12 20:32:01 | 000,000,000 | ---D | C] -- C:\Archivos de programa\ACOTEC
========== Files - Modified Within 30 Days ==========
[2011/05/12 19:46:41 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/12 19:46:11 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/12 19:46:02 | 000,000,080 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\NetLoc.wlt
[2011/05/12 19:44:45 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/05/12 19:33:12 | 000,075,264 | ---- | M] () -- C:\Documents and Settings\andres1\Escritorio\SystemLook.exe
[2011/05/12 09:52:14 | 000,000,088 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\NetAdapt.cfg
[2011/05/11 18:29:43 | 000,518,094 | ---- | M] () -- C:\Documents and Settings\andres1\Escritorio\erunt.zip
[2011/05/11 14:14:55 | 000,000,345 | RHS- | M] () -- C:\boot.ini
[2011/05/11 12:13:38 | 004,345,957 | R--- | M] () -- C:\Documents and Settings\andres1\Escritorio\ComboFix.exe
[2011/05/11 01:58:12 | 000,000,739 | ---- | M] () -- C:\safecd.tgz
[2011/05/09 15:12:35 | 000,021,261 | ---- | M] () -- C:\Documents and Settings\andres1\.recently-used.xbel
[2011/05/01 13:40:04 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Documents and Settings\andres1\Escritorio\GooredFix.exe
[2011/05/01 13:38:40 | 000,508,650 | ---- | M] () -- C:\WINDOWS\System32\perfh00A.dat
[2011/05/01 13:38:40 | 000,444,424 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/05/01 13:38:40 | 000,091,960 | ---- | M] () -- C:\WINDOWS\System32\perfc00A.dat
[2011/05/01 13:38:40 | 000,072,300 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/05/01 13:29:36 | 000,000,229 | ---- | M] () -- C:\Boot.bak
[2011/05/01 12:24:01 | 000,000,252 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\IdsFlt.cfg.bck
[2011/05/01 12:24:01 | 000,000,252 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\IdsFlt.cfg
[2011/05/01 12:24:01 | 000,000,068 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\NetFlt.cfg.bck
[2011/05/01 12:24:01 | 000,000,068 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\NetFlt.cfg
[2011/05/01 12:24:01 | 000,000,056 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\WnmFlt.cfg.bck
[2011/05/01 12:24:01 | 000,000,056 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\WnmFlt.cfg
[2011/05/01 12:24:01 | 000,000,056 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\DsaFlt.cfg.bck
[2011/05/01 12:24:01 | 000,000,056 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\DsaFlt.cfg
[2011/05/01 12:23:53 | 000,360,756 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\DsaFlt.rls.bck
[2011/05/01 12:23:53 | 000,360,756 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\DsaFlt.rls
[2011/05/01 12:23:53 | 000,001,132 | ---- | M] () -- C:\WINDOWS\System32\drivers\APPFLTR.CFG.bck
[2011/05/01 12:23:53 | 000,001,132 | ---- | M] () -- C:\WINDOWS\System32\drivers\APPFLTR.CFG
[2011/05/01 12:23:48 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\NetAR.wlt.bck
[2011/05/01 12:23:48 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\NetAR.wlt
[2011/05/01 12:21:30 | 000,000,088 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\NetAdapt.cfg.bck
[2011/04/30 02:04:32 | 000,269,268 | ---- | M] () -- C:\WINDOWS\System32\drivers\APPFCONT.DAT.bck
[2011/04/30 02:04:32 | 000,269,268 | ---- | M] () -- C:\WINDOWS\System32\drivers\APPFCONT.DAT
[2011/04/29 15:42:23 | 000,008,627 | ---- | M] () -- C:\WINDOWS\System32\PAV_FOG.OPC
[2011/04/27 19:14:14 | 000,000,298 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/04/25 12:02:07 | 000,000,229 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/04/25 10:49:10 | 000,000,080 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\NetLoc.wlt.bck
[2011/04/25 10:45:45 | 000,353,872 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/04/25 10:22:59 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/04/12 21:37:02 | 000,001,694 | ---- | M] () -- C:\Documents and Settings\andres1\Escritorio\CerTui (2).lnk
[2011/04/12 20:32:03 | 000,001,694 | ---- | M] () -- C:\Documents and Settings\andres1\Menú Inicio\Programas\Inicio\CerTui.lnk
[2011/04/12 20:32:03 | 000,001,633 | ---- | M] () -- C:\Documents and Settings\andres1\Menú Inicio\Programas\Inicio\Uninstall CerTUI.lnk
========== Files Created - No Company Name ==========
[2011/05/11 18:30:27 | 000,518,094 | ---- | C] () -- C:\Documents and Settings\andres1\Escritorio\erunt.zip
[2011/05/11 15:35:50 | 000,075,264 | ---- | C] () -- C:\Documents and Settings\andres1\Escritorio\SystemLook.exe
[2011/05/11 14:14:54 | 000,000,229 | ---- | C] () -- C:\Boot.bak
[2011/05/11 14:14:51 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/05/11 13:25:53 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/05/11 13:25:53 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/05/11 13:25:53 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/05/11 13:25:53 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/05/11 13:25:53 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/05/11 13:21:33 | 004,345,957 | R--- | C] () -- C:\Documents and Settings\andres1\Escritorio\ComboFix.exe
[2011/05/11 01:58:12 | 000,000,739 | ---- | C] () -- C:\safecd.tgz
[2011/05/09 15:12:35 | 000,021,261 | ---- | C] () -- C:\Documents and Settings\andres1\.recently-used.xbel
[2011/04/13 20:18:54 | 000,000,368 | ---- | C] () -- C:\Documents and Settings\andres1\Escritorio\aeat.inf
[2011/04/12 21:37:02 | 000,001,694 | ---- | C] () -- C:\Documents and Settings\andres1\Escritorio\CerTui (2).lnk
[2011/04/12 20:32:03 | 000,001,694 | ---- | C] () -- C:\Documents and Settings\andres1\Menú Inicio\Programas\Inicio\CerTui.lnk
[2011/04/12 20:32:03 | 000,001,633 | ---- | C] () -- C:\Documents and Settings\andres1\Menú Inicio\Programas\Inicio\Uninstall CerTUI.lnk
[2010/06/19 12:36:26 | 000,269,268 | ---- | C] () -- C:\WINDOWS\System32\drivers\APPFCONT.DAT.bck
[2010/06/19 12:36:26 | 000,269,268 | ---- | C] () -- C:\WINDOWS\System32\drivers\APPFCONT.DAT
[2010/06/19 12:30:08 | 000,000,264 | ---- | C] () -- C:\WINDOWS\System32\PavCPL.dat
[2010/03/26 15:23:10 | 000,051,200 | ---- | C] () -- C:\WINDOWS\System32\regDNIeCSP.exe
[2010/02/13 01:00:06 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\andres1\Configuración local\Datos de programa\thqtpm.zip
[2010/01/08 14:24:19 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2009/06/08 20:51:04 | 000,000,451 | ---- | C] () -- C:\WINDOWS\RENT2008.INI
[2009/01/22 12:27:04 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\zlib1.dll
[2009/01/09 16:10:57 | 000,010,625 | ---- | C] () -- C:\Documents and Settings\andres1\Datos de programa\SmarThruOptions.xml
[2009/01/09 16:10:29 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\SecSNMP.dll
[2009/01/09 16:10:09 | 000,000,164 | ---- | C] () -- C:\WINDOWS\Readiris.ini
[2009/01/09 16:10:04 | 000,023,040 | ---- | C] () -- C:\WINDOWS\System32\irisco32.dll
[2009/01/09 16:08:03 | 000,479,232 | ---- | C] () -- C:\WINDOWS\ssndii.exe
[2009/01/09 16:03:22 | 000,022,723 | ---- | C] () -- C:\WINDOWS\System32\sx450sl3.dll
[2009/01/09 10:18:02 | 000,110,592 | R--- | C] () -- C:\WINDOWS\WiaInst.exe
[2009/01/09 10:17:59 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\Ssuiext.dll
[2009/01/09 10:17:58 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\WIAIPH.dll
[2009/01/09 10:17:58 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\WIASTIIO.dll
[2009/01/09 10:17:57 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\WIAEH.dll
[2009/01/09 10:17:56 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\Sswiadrv.dll
[2008/07/24 01:09:06 | 000,000,004 | RHS- | C] () -- C:\Documents and Settings\All Users\Datos de programa\sysqcl1129139270.dat
[2008/03/11 22:52:48 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2008/01/21 21:51:55 | 000,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2007/10/22 12:53:22 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\DLLSignV2.dll
[2007/05/18 03:30:41 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2007/05/18 03:30:41 | 000,972,072 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2007/04/16 20:14:06 | 000,156,160 | ---- | C] () -- C:\WINDOWS\System32\unrar3.dll
[2007/04/16 20:14:06 | 000,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll
[2007/04/13 15:19:52 | 000,012,632 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2007/04/02 18:59:29 | 000,024,576 | R--- | C] () -- C:\WINDOWS\System32\AsIO.dll
[2007/04/02 18:59:29 | 000,004,962 | R--- | C] () -- C:\WINDOWS\System32\drivers\AsIO.sys
[2007/03/02 22:29:08 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2007/02/15 21:48:33 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2007/02/15 21:48:10 | 000,133,246 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2007/02/15 21:36:10 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2007/01/28 21:38:12 | 000,015,360 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2007/01/21 14:21:17 | 000,000,604 | ---- | C] () -- C:\WINDOWS\Sof2.INI
[2007/01/21 13:48:26 | 000,000,574 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2007/01/20 20:01:28 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2006/12/03 19:20:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\GraphEdt.INI
[2006/11/24 20:53:27 | 000,001,353 | ---- | C] () -- C:\Documents and Settings\All Users\Datos de programa\QTSBandwidthCache
[2006/11/10 22:20:01 | 000,001,451 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2006/11/10 21:49:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/10/07 12:19:08 | 000,258,048 | ---- | C] () -- C:\WINDOWS\System32\sptlib02.dll
[2006/10/07 12:19:08 | 000,253,952 | ---- | C] () -- C:\WINDOWS\System32\sptlib01.dll
[2006/10/07 12:18:45 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\CardID.dll
[2006/10/07 12:18:45 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\AVerIO.dll
[2006/10/07 12:18:45 | 000,003,456 | ---- | C] () -- C:\WINDOWS\System32\AVerIO.sys
[2006/10/03 23:58:51 | 000,000,229 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/10/02 20:48:25 | 000,000,379 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/08/25 12:32:59 | 000,000,064 | ---- | C] () -- C:\WINDOWS\AVerText.ini
[2006/08/24 18:03:22 | 000,216,064 | ---- | C] () -- C:\Documents and Settings\andres1\Configuración local\Datos de programa\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/08/23 10:08:49 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2006/08/23 10:08:43 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\34CoInstaller.dll
[2006/08/23 03:05:51 | 000,004,205 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/08/23 03:04:51 | 000,353,872 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/08/23 02:30:34 | 000,014,295 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2006/08/23 02:30:33 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2006/08/23 02:30:30 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2006/08/23 02:20:25 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/08/23 02:16:19 | 000,021,900 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/08/22 21:03:04 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\andres1\Configuración local\Datos de programa\fusioncache.dat
[2006/03/02 14:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/03/02 14:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/03/02 14:00:00 | 000,508,650 | ---- | C] () -- C:\WINDOWS\System32\perfh00A.dat
[2006/03/02 14:00:00 | 000,444,424 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/03/02 14:00:00 | 000,317,534 | ---- | C] () -- C:\WINDOWS\System32\perfi00A.dat
[2006/03/02 14:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/03/02 14:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/03/02 14:00:00 | 000,091,960 | ---- | C] () -- C:\WINDOWS\System32\perfc00A.dat
[2006/03/02 14:00:00 | 000,072,300 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/03/02 14:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/03/02 14:00:00 | 000,036,284 | ---- | C] () -- C:\WINDOWS\System32\perfd00A.dat
[2006/03/02 14:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/03/02 14:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/03/02 14:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/03/02 14:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/03/02 14:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2005/01/29 03:25:57 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\avi.dll
[2005/01/29 03:25:42 | 000,091,136 | ---- | C] () -- C:\WINDOWS\System32\mkx.dll
[2004/12/20 12:03:26 | 000,679,936 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2003/09/16 17:52:30 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2003/09/16 17:43:32 | 000,884,736 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2003/09/16 17:41:44 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2003/08/07 15:01:52 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2003/04/11 13:14:14 | 000,005,827 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/11/15 14:11:26 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\MMSwitch.dll
[2002/03/07 00:19:16 | 000,454,656 | ---- | C] () -- C:\WINDOWS\System32\PaintX.dll
< End of report >
I am looking over your log, trying to determine if the two services I had you check with System Look need to be removed, I will be back in a short time
Open Notepad Go to Start> All Programs> Assessories> Notepad ( this will only work with Notepad )and copy all the text inside the Codebox by highlighting it all and pressing CTRL C on your keyboard, then paste it into Notepad, make sure there is no space before and above Registry::
Registry::
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\srvA50]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ckfhatpqubgol]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srvA50]
Driver::
ckfhatpqubgol
srvA50
File::
c:\docume~1\andres1\CONFIG~1\Temp\DAT1AED.tmp.exe
NetSvc::
srvA50
Save this as CFScript to your desktop.
Then drag the CFScript into ComboFix.exe as you see in the screenshot below.
http://i24.photobucket.com/albums/c30/ken545/CFScriptB-4.gif
This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.
Good morning Ken. ComboFix again notified Panda AV was enabled, although I couldn't find any trace of its icon on the System Tray or its processes on the Task Manager. It also informed about a new ComboFix version, but I didn't download it. Here's the resulting log:
vComboFix 11-05-10.02 - andres1 13/05/2011 10:00:02.2.2 - x86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.3.1252.34.3082.18.1023.789 [GMT 2:00]
Running from: c:\documents and settings\andres1\Escritorio\ComboFix.exe
Command switches used :: c:\documents and settings\andres1\Escritorio\CFScript.txt
AV: Panda Antivirus Pro 2010 *Enabled/Updated* {EEE2D94A-D4C1-421A-AB2C-2CE8FE51747A}
FW: Panda Personal Firewall 2010 *Enabled* {7B090DC0-8905-4BAF-8040-FD98A41C8FB8}
.
FILE ::
"c:\docume~1\andres1\CONFIG~1\Temp\DAT1AED.tmp.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_CKFHATPQUBGOL
-------\Legacy_SRVA50
-------\Service_ckfhatpqubgol
-------\Service_srvA50
.
.
((((((((((((((((((((((((( Files Created from 2011-04-13 to 2011-05-13 )))))))))))))))))))))))))))))))
.
.
2011-05-12 17:44 . 2011-05-12 17:44 -------- d-----w- C:\_OTL
2011-05-11 19:06 . 2011-05-11 19:06 -------- d-----w- c:\archivos de programa\ESET
2011-05-11 16:41 . 2011-05-11 16:41 -------- d-----w- c:\documents and settings\andres1\Datos de programa\Malwarebytes
2011-05-11 16:40 . 2011-05-11 16:40 -------- d-----w- c:\documents and settings\All Users\Datos de programa\Malwarebytes
2011-05-11 16:40 . 2010-12-20 16:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-11 16:40 . 2011-05-11 16:40 -------- d-----w- c:\archivos de programa\Malwarebytes' Anti-Malware
2011-05-11 16:40 . 2010-12-20 16:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-10 22:01 . 2011-05-10 22:01 -------- d-----w- C:\safecd
2011-05-10 19:05 . 2011-05-10 19:05 -------- d-----w- C:\pavsig
2011-05-08 16:57 . 2011-05-08 16:58 -------- d-----w- c:\archivos de programa\ERUNT
2011-05-08 16:38 . 2011-05-08 16:38 -------- d-----w- c:\documents and settings\Administrador
2011-05-05 16:12 . 2011-05-05 17:02 -------- d-----w- C:\PANDA
2011-04-30 16:39 . 2009-05-20 14:44 16648 ----a-w- c:\windows\system32\drivers\RkPavproc1.sys
2011-04-13 18:19 . 2010-12-02 12:55 196608 ----a-w- C:\aeat.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-07 05:33 . 2006-08-23 00:16 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 08:43 . 2006-03-02 12:00 434176 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:53 . 2006-03-02 12:00 1858048 ----a-w- c:\windows\system32\win32k.sys
2011-02-17 18:55 . 2006-03-02 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2011-02-17 18:55 . 2006-03-02 12:00 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2011-02-17 18:55 . 2006-03-02 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-02-17 18:55 . 2006-03-02 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2011-02-17 13:18 . 2006-03-02 12:00 455936 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-02-17 13:18 . 2006-03-02 12:00 357888 ----a-w- c:\windows\system32\drivers\srv.sys
2011-02-17 12:54 . 2008-05-05 05:25 5632 ----a-w- c:\windows\system32\xpsp4res.dll
2011-02-17 11:44 . 2006-03-02 12:00 389120 ----a-w- c:\windows\system32\html.iec
2011-02-15 12:56 . 2006-03-02 12:00 290432 ----a-w- c:\windows\system32\atmfd.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-05-11_12.23.25 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-05-11 16:31 . 2011-05-11 16:31 172032 c:\windows\ERDNT\11-05-2011\Users\00000002\UsrClass.dat
+ 2011-05-11 16:31 . 2005-10-20 10:02 163328 c:\windows\ERDNT\11-05-2011\ERDNT.EXE
+ 2011-05-11 16:31 . 2011-05-11 16:31 15593472 c:\windows\ERDNT\11-05-2011\Users\00000001\NTUSER.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 61952]
"NeroFilterCheck"="c:\archivos de programa\Archivos comunes\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-05-20 28160]
"SoundMAXPnP"="c:\archivos de programa\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"XboxStat"="c:\archivos de programa\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-09-26 734264]
"APVXDWIN"="c:\archivos de programa\Panda Security\Panda Antivirus Pro 2010\APVXDWIN.EXE" [2009-09-25 906496]
"SCANINICIO"="c:\archivos de programa\Panda Security\Panda Antivirus Pro 2010\Inicio.exe" [2009-08-12 56064]
"Adobe Reader Speed Launcher"="c:\archivos de programa\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-01-22 40368]
"Adobe ARM"="c:\archivos de programa\Archivos comunes\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2008-03-19 536576]
"QuickTime Task"="c:\archivos de programa\QuickTime\qttask.exe" [2009-09-04 417792]
"CERTUI"="c:\archivos de programa\ACOTEC\CerTUI\CerTUI.exe" [2010-02-15 1064960]
"RegistrarUsrDNIeCertStoreDLL"="c:\archivos de programa\DNIe\udcs.exe" [2009-03-02 37888]
"Malwarebytes' Anti-Malware (reboot)"="c:\archivos de programa\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\andres1\Men£ Inicio\Programas\Inicio\
CerTui.lnk - c:\archivos de programa\ACOTEC\CerTUI\CerTui.exe [2009-6-8 1064960]
Uninstall CerTUI.lnk - c:\windows\CerTUI\uninstall.exe [2011-4-12 451072]
.
c:\documents and settings\All Users\Men£ Inicio\Programas\Inicio\
Logitech SetPoint.lnk - c:\archivos de programa\Logitech\SetPoint\SetPoint.exe [2006-10-6 450560]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUA"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
2008-03-18 14:58 58672 ----a-w- c:\windows\system32\avldr.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /r \??\F:\0autocheck autochk *
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PskSvcRetail]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menú Inicio^Programas^Inicio^Adobe Gamma.lnk]
path=c:\documents and settings\All Users\Menú Inicio\Programas\Inicio\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menú Inicio^Programas^Inicio^QuickTV6.lnk]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 18:37 932288 ----a-w- c:\archivos de programa\Archivos comunes\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-01-22 05:05 40368 ----a-w- c:\archivos de programa\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
2009-04-24 03:16 203928 ----a-w- c:\archivos de programa\Alcohol Soft\Alcohol 120\AxCmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
2006-05-10 09:12 90112 ----a-w- c:\archivos de programa\ATI Technologies\ATI.ACE\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 02:18 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-09-08 19:09 305440 ----a-w- c:\archivos de programa\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logan_S2P]
2007-06-10 23:58 253952 ----a-w- c:\archivos de programa\Samsung\Samsung SCX-4500 Series\SPanel\PSU\Scan2pc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 02:19 1695232 ------w- c:\archivos de programa\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-09-04 23:54 417792 ----a-w- c:\archivos de programa\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Samsung PanelMgr]
2008-03-19 12:07 536576 ----a-w- c:\windows\Samsung\PanelMgr\SSMMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSTray]
2007-09-20 07:23 132624 ----a-w- c:\archivos de programa\Samsung\Samsung Media Studio 5\SMSTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
2005-09-07 13:35 716800 ----a-w- c:\archivos de programa\Analog Devices\SoundMAX\SMax4.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Archivos de programa\\Messenger\\msmsgs.exe"=
"c:\\Archivos de programa\\Spotify\\spotify.exe"=
"c:\\Archivos de programa\\Bonjour\\mDNSResponder.exe"=
"c:\\Archivos de programa\\iTunes\\iTunes.exe"=
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [20/01/2007 11:09 721904]
R1 NETFLTDI;Panda Net Driver [TDI Layer];c:\windows\system32\drivers\NETFLTDI.SYS [19/06/2010 12:36 159112]
R3 NETIMFLT01060039;PANDA NDIS IM Filter Miniport v1.6.0.39;c:\windows\system32\drivers\neti1639.sys [19/06/2010 12:29 199432]
S0 pavboot;Panda boot driver;c:\windows\system32\drivers\pavboot.sys [19/06/2010 12:26 28552]
S1 APPFLT;App Filter Plugin;c:\windows\system32\drivers\APPFLT.SYS [19/06/2010 12:36 75016]
S1 DSAFLT;DSA Filter Plugin;c:\windows\system32\drivers\dsaflt.sys [19/06/2010 12:36 53128]
S1 FNETMON;NetMon Filter Plugin;c:\windows\system32\drivers\fnetmon.sys [19/06/2010 12:36 22072]
S1 IDSFLT;Ids Filter Plugin;c:\windows\system32\drivers\idsflt.sys [19/06/2010 12:36 193800]
S1 ShldDrv;Panda File Shield Driver;c:\windows\system32\drivers\ShlDrv51.sys [19/06/2010 12:25 41144]
S1 WNMFLT;Wifi Monitor Filter Plugin;c:\windows\system32\drivers\wnmflt.sys [19/06/2010 12:36 46728]
S2 Gwmsrv;Panda Goodware Cache Manager;c:\windows\system32\svchost -k Panda --> c:\windows\system32\svchost -k Panda [?]
S2 PavProc;Panda Process Protection Driver;c:\windows\system32\drivers\PavProc.sys [19/06/2010 12:25 163336]
S2 PskSvcRetail;Panda PSK service;c:\archivos de programa\Panda Security\Panda Antivirus Pro 2010\psksvc.exe [19/06/2010 12:30 28928]
S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?]
S3 AvFlt;Antivirus Filter Driver;c:\windows\system32\drivers\av5flt.sys --> c:\windows\system32\drivers\av5flt.sys [?]
S3 PavSRK.sys;PavSRK.sys;\??\c:\windows\system32\PavSRK.sys --> c:\windows\system32\PavSRK.sys [?]
S3 PavTPK.sys;PavTPK.sys;\??\c:\windows\system32\PavTPK.sys --> c:\windows\system32\PavTPK.sys [?]
S3 RkPavproc1;RkPavproc1;c:\windows\system32\drivers\RkPavproc1.sys [30/04/2011 18:39 16648]
S3 RkPavproc2;RkPavproc2;\??\c:\windows\system32\drivers\RkPavproc2.sys --> c:\windows\system32\drivers\RkPavproc2.sys [?]
S3 RkPavproc3;RkPavproc3;\??\c:\windows\system32\drivers\RkPavproc3.sys --> c:\windows\system32\drivers\RkPavproc3.sys [?]
S3 RkPavproc4;RkPavproc4;\??\c:\windows\system32\drivers\RkPavproc4.sys --> c:\windows\system32\drivers\RkPavproc4.sys [?]
S3 xusb20;Xbox 360 Wireless Receiver for Windows Driver Service;c:\windows\system32\drivers\xusb20.sys [14/10/2006 0:48 50048]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
panda REG_MULTI_SZ Gwmsrv
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\archivos de programa\Apple Software Update\SoftwareUpdate.exe [2007-08-29 10:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.es/
uInternet Connection Wizard,ShellNext = hxxp://www.pandasoftware.com/redirector/?prod=104&app=KeysSupport&lang=spa
IE: E&xportar a Microsoft Excel - c:\archiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: fnmt.es\www.cert
DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://downloads.ewido.net/ewidoOnlineScan.cab
DPF: {1C4C6BC7-91F1-4FD3-A208-B07B6C1BDBFB} - hxxps://www.juntadeandalucia.es/economiayhacienda/apl/surnet/firma/instalacion/SignV2.cab
DPF: {B785FA3C-1DE9-4D20-8396-613C486FE95E} - hxxps://www1.aeat.es/imagenes/comun/cactivex.cab
FF - ProfilePath - c:\documents and settings\andres1\Datos de programa\Mozilla\Firefox\Profiles\d7wjsik5.default\
FF - Ext: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - %profile%\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: 1-Click YouTube Video Downloader: YoutubeDownloader@PeterOlayev.com - %profile%\extensions\YoutubeDownloader@PeterOlayev.com
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\archivos de programa\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\archivos de programa\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - c:\archivos de programa\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\archivos de programa\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\archivos de programa\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Acotec PKCS#11: acotec@acotec.es - c:\archivos de programa\Mozilla Firefox\extensions\acotec@acotec.es
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\archivos de programa\Java\jre6\lib\deploy\jqs\ff
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-13 10:10
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•9~�*]
"A0C0110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(964)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\avldr.dll
.
Completion time: 2011-05-13 10:14:40 - machine was rebooted
ComboFix-quarantined-files.txt 2011-05-13 08:14
ComboFix2.txt 2011-05-11 12:25
.
Pre-Run: 3.121.278.976 bytes libres
Post-Run: 3.015.397.376 bytes libres
.
- - End Of File - - 3FE27DF3E40F6A7F1FC6087559E40F95
:bigthumb:
How are things running now ?
I've been working in Safe Mode all this time, as everything went so slowly in normal mode. Now I've tried to disable the /SAFEBOOT option in msconfig, but I can't. I think it's related to the MS Windows Recovery Console, isn't it? Maybe I have to select "Use original BOOT.INI file" in the "General" tab at msconfig?
I have now restarted in normal mode, and everything looks fine! I have also managed to update Windows with no problem. :yahoo:
:bigthumb:
Glad things are running back to normal for you
Click START then RUN
Now type Combofix /uninstallin the runbox and click OK. Note the space between the X and the /, it needs to be there.
http://i526.photobucket.com/albums/cc345/MPKwings/CF-Uninstall.png
Open OTL and click on Clean Up and it will remove programs we used to clean your system along with there backups
How did I get infected in the first place ?
Read these links and find out how to prevent getting infected again.
Tutorial for System Restore (http://www.bleepingcomputer.com/tutorials/tutorial56.html) <-- Do this first to prevent yourself from being reinfected.
WhattheTech (http://forums.whatthetech.com/So_how_did_I_get_infected_in_the_first_place_t57817.html)
Grinler BleepingComputer (http://www.bleepingcomputer.com/forums/topic2520.html)
GeeksTo Go (http://www.geekstogo.com/forum/index.php?autocom=custom&page=How_did_I)
Dslreports (http://www.dslreports.com/faq/10002)
Safe Surfn
Ken
My stupid-soon-to-be-replaced Panda AV has again interfered with the ComboFix uninstall after it was supposedly disabled, I hope it won't be a problem...
Thank you very much, Ken. You do a wonderful work here. I will gladly make a donation to the page in grateful appreciation.
:rockon:
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.