Page 1 of 2 12 LastLast
Results 1 to 10 of 15

Thread: Spybot S&D doesn't work

  1. 2010-10-16, 14:39 #1
    arucard_esp
    arucard_esp is offline
    Junior Member
    Join Date
    Oct 2010
    Posts
    6

    Default Spybot S&D doesn't work

    Hey,

    When I try to run Spybot and I click on the shortcut, nothing happens. I think I got some virus or something. But my up to dat Avast virus scanner didn't detect anything....

    please find the DSS.txt log below and the attach.zip attached:
    I am looking forwards to hearing from you.
    Thank you for your time and support!
    ===========================


    DDS (Ver_10-10-10.03) - NTFSx86
    Run by Administrador at 13:34:18.52 on 16/10/2010
    Internet Explorer: 8.0.7600.16385
    Microsoft Windows 7 Ultimate 6.1.7600.0.1252.54.3082.18.3455.2322 [GMT 1:00]

    SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\Ati2evxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\Ati2evxx.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    C:\Windows\system32\WLANExt.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Unlocker\UnlockerAssistant.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Calibrize\CalibrizeResume.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\AEADISRV.EXE
    C:\Windows\system32\agrsmsvc.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Windows\system32\AstSrv.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\Program Files\ewido anti-malware\ewidoguard.exe
    C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\taskeng.exe
    C:\Program Files\RegCure\RegCure.exe
    C:\Windows\system32\svchost.exe -k WindowsMobile
    C:\Windows\system32\wuauclt.exe
    C:\Windows\system32\AUDIODG.EXE
    C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Administrador\Desktop\dds.scr
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.google.com/
    uSearch Page = hxxp://www.google.com
    uSearch Bar = hxxp://www.google.com/ie
    uInternet Settings,ProxyOverride = *.local
    uSearchURL,(Default) = hxxp://www.google.com/keyword/s
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Windows Live Aplicación auxiliar de inicio de sesión: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    uRun: [Google Update] "c:\users\administrador\appdata\local\google\update\GoogleUpdate.exe" /c
    uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
    uRun: [CGFLoader] c:\program files\calibrize\CalibrizeLoader.exe
    uRun: [CalibrizeResume] c:\program files\calibrize\CalibrizeResume.exe
    uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
    uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
    uRun: [VoipBuster] "c:\program files\voipbuster.com\voipbuster\voipbuster.exe" -nosplash -minimized
    mRun: [UnlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe"
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
    mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
    mRun: [SynTPStart] c:\program files\synaptics\syntp\SynTPStart.exe
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
    mRun: [LogMeIn Hamachi Ui] "c:\program files\logmein hamachi\hamachi-2-ui.exe" --auto-start
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    uPolicies-explorer: AlwaysShowClassicMenu = 1 (0x1)
    uPolicies-explorer: NoResolveTrack = 1 (0x1)
    uPolicies-system: DisableLockWorkstation = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    IE: E&xportar a Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - d:\micros~1\office12\REFIEBAR.DLL
    Trusted Zone: fnmt.es
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    SEH: CShellExecuteHookImpl Object: {54d9498b-cf93-414f-8984-8ce7fde0d391} - c:\program files\ewido anti-malware\shellhook.dll
    Hosts: 127.0.0.1 www.spywareinfo.com

    ============= SERVICES / DRIVERS ===============

    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-9-11 165584]
    R1 ewido security suite driver;ewido security suite driver;c:\program files\ewido anti-malware\guard.sys [2004-11-22 3072]
    R1 SASDIFSV;SASDIFSV;c:\users\admini~1\appdata\local\temp\sas_selfextract\SASDIFSV.SYS [2010-2-17 12872]
    R1 SASKUTIL;SASKUTIL;c:\users\admini~1\appdata\local\temp\sas_selfextract\SASKUTIL.SYS [2010-5-10 67656]
    R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-9-11 17744]
    R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-9-11 50768]
    R2 SSPORT;SSPORT;c:\windows\system32\drivers\SSPORT.SYS [2010-4-13 5120]
    R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2007-2-26 179712]
    R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [2007-5-9 97280]
    S3 PAC207;SoC PC-Camera;c:\windows\system32\drivers\PFC027.SYS [2006-12-5 507136]

    =============== Created Last 30 ================

    2010-10-16 11:38:56 -------- d-----w- c:\program files\Spybot
    2010-10-16 10:39:48 -------- d-----w- c:\program files\ewido anti-malware
    2010-10-16 10:23:50 -------- d-----w- c:\users\admini~1\appdata\roaming\Malwarebytes
    2010-10-15 21:52:37 -------- d-----w- c:\users\admini~1\appdata\roaming\SUPERAntiSpyware.com
    2010-10-15 21:52:37 -------- d-----w- c:\progra~2\SUPERAntiSpyware.com
    2010-10-15 21:52:01 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-10-15 21:52:00 -------- d-----w- c:\progra~2\Malwarebytes
    2010-10-15 21:51:59 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-10-15 21:51:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-10-15 21:08:00 -------- d-----w- c:\program files\Lavasoft
    2010-10-15 20:55:33 -------- d-----w- c:\program files\Panda Security
    2010-10-15 20:35:18 70144 --sha-r- c:\windows\system32\mspbde40V.dll
    2010-10-15 17:49:41 -------- d-----w- C:\MetaStock
    2010-10-15 17:48:09 -------- d-----w- c:\program files\MLDownloader
    2010-10-15 17:42:29 327168 ----a-w- c:\windows\IsUninst.exe
    2010-10-13 11:33:15 201728 ----a-w- c:\windows\system32\Nike+ Mini.scr
    2010-10-13 11:33:15 -------- d-----w- c:\windows\system32\Nike+ Mini dir
    2010-10-02 23:29:54 -------- d-----w- c:\progra~2\RegCure
    2010-09-30 19:37:46 -------- d-----w- c:\users\admini~1\appdata\roaming\Softland
    2010-09-30 19:37:45 22856 ----a-w- c:\windows\system32\dopdfmn7.dll
    2010-09-30 19:37:45 19784 ----a-w- c:\windows\system32\dopdfmi7.dll
    2010-09-30 19:37:44 -------- d-----w- c:\program files\Softland
    2010-09-30 12:04:02 146432 ----a-w- c:\program files\common files\microsoft shared\nateed\TRIEDIT.DLL
    2010-09-30 12:04:02 -------- d-----w- c:\program files\NATEON
    2010-09-30 12:03:53 753664 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iKernel.dll
    2010-09-30 12:03:53 69714 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\ctor.dll
    2010-09-30 12:03:53 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\DotNetInstaller.exe
    2010-09-30 12:03:53 32768 ----a-w- c:\program files\common files\installshield\professional\runtime\Objectps.dll
    2010-09-30 12:03:53 274432 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iscript.dll
    2010-09-30 12:03:53 184320 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iuser.dll
    2010-09-30 12:03:52 331908 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\setup.dll
    2010-09-30 12:03:52 200836 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iGdi.dll
    2010-09-30 11:28:30 -------- d-----w- c:\program files\iTunes
    2010-09-30 11:28:30 -------- d-----w- c:\program files\iPod
    2010-09-30 11:26:59 159744 ----a-w- c:\program files\internet explorer\módulos\npqtplugin7.dll
    2010-09-30 11:26:59 159744 ----a-w- c:\program files\internet explorer\módulos\npqtplugin6.dll
    2010-09-30 11:26:59 159744 ----a-w- c:\program files\internet explorer\módulos\npqtplugin5.dll
    2010-09-30 11:26:59 159744 ----a-w- c:\program files\internet explorer\módulos\npqtplugin4.dll
    2010-09-30 11:26:59 159744 ----a-w- c:\program files\internet explorer\módulos\npqtplugin3.dll
    2010-09-30 11:26:59 159744 ----a-w- c:\program files\internet explorer\módulos\npqtplugin2.dll
    2010-09-30 11:26:59 159744 ----a-w- c:\program files\internet explorer\módulos\npqtplugin.dll
    2010-09-24 15:30:40 -------- d-----w- c:\program files\CamStudio
    2010-09-22 16:26:26 -------- d-----w- c:\users\admini~1\appdata\local\Apple Computer
    2010-09-22 16:26:20 26600 ------w- c:\windows\system32\drivers\GEARAspiWDM.sys
    2010-09-22 16:26:20 107368 ------w- c:\windows\system32\GEARAspi.dll
    2010-09-22 16:26:03 -------- d-----w- c:\progra~2\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    2010-09-22 16:25:36 -------- d-----w- c:\users\admini~1\appdata\local\Apple
    2010-09-22 16:25:17 -------- d-----w- c:\program files\Bonjour
    2010-09-21 21:03:16 -------- d-----w- c:\users\admini~1\appdata\local\LogMeIn Hamachi
    2010-09-21 21:03:04 -------- d-----w- c:\program files\LogMeIn Hamachi
    2010-09-18 23:00:58 -------- d-----w- c:\users\admini~1\appdata\local\CyberLink
    2010-09-18 03:04:27 -------- d-----w- c:\windows\PixArt
    2010-09-17 21:16:59 -------- d-----w- c:\program files\CCleaner
    2010-09-16 16:33:40 -------- d-----w- c:\users\admini~1\appdata\roaming\Software602

    ==================== Find3M ====================

    2010-09-08 10:17:46 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
    2010-09-08 10:17:46 69632 ----a-w- c:\windows\system32\QuickTime.qts
    2010-09-07 15:12:17 38848 ----a-w- c:\windows\avastSS.scr
    2010-07-29 06:30:49 197632 ----a-w- c:\windows\system32\ir32_32.dll
    2010-07-29 06:30:34 82944 ----a-w- c:\windows\system32\iccvid.dll
    2010-07-27 17:44:10 91424 ------w- c:\windows\system32\dnssd.dll
    2010-07-27 17:44:10 75040 ------w- c:\windows\system32\jdns_sd.dll
    2010-07-27 17:44:10 197920 ------w- c:\windows\system32\dnssdX.dll
    2010-07-27 17:44:10 107808 ------w- c:\windows\system32\dns-sd.exe

    ============= FINISH: 13:35:37.75 ===============

    GMER 1.0.15.15319 - http://www.gmer.net
    Rootkit scan 2010-10-16 14:25:15
    Windows 6.1.7600
    Running: gmer.exe; Driver: C:\Users\ADMINI~1\AppData\Local\Temp\pxldqpow.sys


    ---- System - GMER 1.0.15 ----

    SSDT \??\C:\Program Files\ewido anti-malware\guard.sys ZwOpenProcess [0x9167F68C]
    SSDT \??\C:\Program Files\ewido anti-malware\guard.sys ZwTerminateProcess [0x9167F604]

    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x916C7BAE]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0x916C79D2]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0x916C7B0C]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) NtCreateSection
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82A96599 1 Byte [06]
    .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82ABAF52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
    .text ntkrnlpa.exe!RtlSidHashLookup + 4E8 82AC29F8 4 Bytes [8C, F6, 67, 91]
    .text ntkrnlpa.exe!RtlSidHashLookup + 7B8 82AC2CC8 4 Bytes [04, F6, 67, 91]
    PAGE ntkrnlpa.exe!ZwLoadDriver 82BF4291 7 Bytes JMP 916C7B10 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
    PAGE ntkrnlpa.exe!ObMakeTemporaryObject 82C5BFBF 5 Bytes JMP 916C35D4 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
    PAGE ntkrnlpa.exe!ObInsertObject + 27 82C75CF3 5 Bytes JMP 916C5012 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
    PAGE ntkrnlpa.exe!NtCreateSection 82C83D63 7 Bytes JMP 916C79D6 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
    PAGE ntkrnlpa.exe!ZwCreateProcessEx 82D2DEAC 7 Bytes JMP 916C7BB2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
    ? System32\drivers\ayatl.sys El sistema no puede encontrar la ruta especificada. !
    ? System32\Drivers\spml.sys El sistema no puede encontrar la ruta especificada. !
    PAGE ataport.SYS!DllUnload + 1 8C272AD7 4 Bytes JMP 856201D9
    .rsrc C:\Windows\system32\DRIVERS\disk.sys entry point in ".rsrc" section [0x8C833014]
    .text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x92A3C000, 0x1E7580, 0xE8000020]
    .text USBPORT.SYS!DllUnload 938A5CA0 5 Bytes JMP 85FA44E0
    .text agdqzu4i.SYS 9173B000 12 Bytes [44, 18, A2, 82, EE, 16, A2, ...]
    .text agdqzu4i.SYS 9173B00D 9 Bytes [F7, A1, 82, 48, 1B, A2, 82, ...] {MUL DWORD [ECX-0x5de4b77e]; ADD BYTE [EAX], 0x0}
    .text agdqzu4i.SYS 9173B017 170 Bytes [00, DE, F7, 17, 8C, E6, F5, ...]
    .text agdqzu4i.SYS 9173B0C3 8 Bytes [00, 00, 00, 00, 00, 00, 00, ...] {ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL}
    .text agdqzu4i.SYS 9173B0CE 4 Bytes [00, 00, 00, 00] {ADD [EAX], AL; ADD [EAX], AL}
    .text ...

    ---- User code sections - GMER 1.0.15 ----

    .text C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe[828] ntdll.dll!NtCreateFile + 6 773C4A36 4 Bytes [28, 00, 07, 00]
    .text C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe[828] ntdll.dll!NtCreateFile + B 773C4A3B 1 Byte [E2]
    .text C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe[828] ntdll.dll!NtMapViewOfSection + 6 773C5096 1 Byte [28]
    .text C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe[828] ntdll.dll!NtMapViewOfSection + 6 773C5096 4 Bytes [28, 03, 07, 00]
    .text C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe[828] ntdll.dll!NtMapViewOfSection + B 773C509B 1 Byte [E2]
    .text C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe[828] ntdll.dll!NtOpenFile + 6 773C5146 4 Bytes [68, 00, 07, 00]
    .text C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe[828] ntdll.dll!NtOpenFile + B 773C514B 1 Byte [E2]
    .text C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe[828] ntdll.dll!NtOpenProcess + 6 773C51F6 4 Bytes [A8, 01, 07, 00]
    .text C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe[828] ntdll.dll!NtOpenProcess + B 773C51FB 1 Byte [E2]
    .text C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe[828] ntdll.dll!NtOpenProcessToken + B 773C520B 1 Byte [E2]
    .text C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe[828] ntdll.dll!NtOpenProcessTokenEx + 6 773C5216 4 Bytes [A8, 02, 07, 00]
    .text C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe[828] ntdll.dll!NtOpenProcessTokenEx + B 773C521B 1 Byte [E2]
    .text C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe[828] ntdll.dll!NtOpenThread + 6 773C5276 4 Bytes [68, 01, 07, 00]
    .text C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe[828] ntdll.dll!NtOpenThread + B 773C527B 1 Byte [E2]
    .text C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe[828] ntdll.dll!NtOpenThreadToken + 6 773C5286 4 Bytes [68, 02, 07, 00]
    .text C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe[828] ntdll.dll!NtOpenThreadToken + B 773C528B 1 Byte [E2]
    .text C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe[828] ntdll.dll!NtOpenThreadTokenEx + B 773C529B 1 Byte [E2]
    .text C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe[828] ntdll.dll!NtQueryAttributesFile + 6 773C53A6 4 Bytes [A8, 00, 07, 00]
    .text C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe[828] ntdll.dll!NtQueryAttributesFile + B 773C53AB 1 Byte [E2]
    .text C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe[828] ntdll.dll!NtQueryFullAttributesFile + B 773C545B 1 Byte [E2]
    .text C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe[828] ntdll.dll!NtSetInformationFile + 6 773C5AA6 4 Bytes [28, 01, 07, 00]
    .text C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe[828] ntdll.dll!NtSetInformationFile + B 773C5AAB 1 Byte [E2]
    .text C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe[828] ntdll.dll!NtSetInformationThread + 6 773C5B06 4 Bytes [28, 02, 07, 00]
    .text C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe[828] ntdll.dll!NtSetInformationThread + B 773C5B0B 1 Byte [E2]
    .text C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe[828] ntdll.dll!NtUnmapViewOfSection + 6 773C5E26 1 Byte [68]
    .text C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe[828] ntdll.dll!NtUnmapViewOfSection + 6 773C5E26 4 Bytes [68, 03, 07, 00]
    .text C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe[828] ntdll.dll!NtUnmapViewOfSection + B 773C5E2B 1 Byte [E2]
    .text C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe[884] ntdll.dll!NtCreateFile + 6 773C4A36 4 Bytes [28, 00, 07, 00]
    .text C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe[884] ntdll.dll!NtCreateFile + B 773C4A3B 1 Byte [E2]
    .text C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe[884] ntdll.dll!NtMapViewOfSection + 6 773C5096 1 Byte [28]
    .text C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe[884] ntdll.dll!NtMapViewOfSection + 6 773C5096 4 Bytes [28, 03, 07, 00]
    .text C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe[884] ntdll.dll!NtMapViewOfSection + B 773C509B 1 Byte [E2]
    .text C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe[884] ntdll.dll!NtOpenFile + 6 773C5146 4 Bytes [68, 00, 07, 00]
    .text C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe[884] ntdll.dll!NtOpenFile + B 773C514B 1 Byte [E2]
    .text C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe[884] ntdll.dll!NtOpenProcess + 6 773C51F6 4 Bytes [A8, 01, 07, 00]
    .text C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe[884] ntdll.dll!NtOpenProcess + B 773C51FB 1 Byte [E2]
    .text C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe[884] ntdll.dll!NtOpenProcessToken + B 773C520B 1 Byte [E2]
    .text C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe[884] ntdll.dll!NtOpenProcessTokenEx + 6 773C5216 4 Bytes [A8, 02, 07, 00]
    .text C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe[884] ntdll.dll!NtOpenProcessTokenEx + B 773C521B 1 Byte [E2]
    .text C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe[884] ntdll.dll!NtOpenThread + 6 773C5276 4 Bytes [68, 01, 07, 00]
    .text C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe[884] ntdll.dll!NtOpenThread + B 773C527B 1 Byte [E2]
    .text C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe[884] ntdll.dll!NtOpenThreadToken + 6 773C5286 4 Bytes [68, 02, 07, 00]
    .text C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe[884] ntdll.dll!NtOpenThreadToken + B 773C528B 1 Byte [E2]
    .text C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe[884] ntdll.dll!NtOpenThreadTokenEx + B 773C529B 1 Byte [E2]
    .text C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe[884] ntdll.dll!NtQueryAttributesFile + 6 773C53A6 4 Bytes [A8, 00, 07, 00]
    .text C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe[884] ntdll.dll!NtQueryAttributesFile + B 773C53AB 1 Byte [E2]
    .text C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe[884] ntdll.dll!NtQueryFullAttributesFile + B 773C545B 1 Byte [E2]
    .text C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe[884] ntdll.dll!NtSetInformationFile + 6 773C5AA6 4 Bytes [28, 01, 07, 00]
    .text C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe[884] ntdll.dll!NtSetInformationFile + B 773C5AAB 1 Byte [E2]
    .text C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe[884] ntdll.dll!NtSetInformationThread + 6 773C5B06 4 Bytes [28, 02, 07, 00]
    .text C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe[884] ntdll.dll!NtSetInformationThread + B 773C5B0B 1 Byte [E2]
    .text C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe[884] ntdll.dll!NtUnmapViewOfSection + 6 773C5E26 1 Byte [68]
    .text C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe[884] ntdll.dll!NtUnmapViewOfSection + 6 773C5E26 4 Bytes [68, 03, 07, 00]
    .text C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe[884] ntdll.dll!NtUnmapViewOfSection + B 773C5E2B 1 Byte [E2]
    .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1352] kernel32.dll!SetUnhandledExceptionFilter 760E3162 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
    .text C:\Windows\Explorer.EXE[1580] SHELL32.dll!SHFileOperationW 76479718 5 Bytes JMP 10001102 C:\Program Files\Unlocker\UnlockerHook.dll
    .text C:\Windows\explorer.exe[2376] SHELL32.dll!SHFileOperationW 76479718 5 Bytes JMP 10001102 C:\Program Files\Unlocker\UnlockerHook.dll
    .text C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe[3680] ntdll.dll!NtCreateFile + 6 773C4A36 4 Bytes [28, 00, 07, 00]
    .text C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe[3680] ntdll.dll!NtCreateFile + B 773C4A3B 1 Byte [E2]
    .text C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe[3680] ntdll.dll!NtMapViewOfSection + 6 773C5096 1 Byte [28]
    .text C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe[3680] ntdll.dll!NtMapViewOfSection + 6 773C5096 4 Bytes [28, 03, 07, 00]
    .text C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe[3680] ntdll.dll!NtMapViewOfSection + B 773C509B 1 Byte [E2]
    .text C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe[3680] ntdll.dll!NtOpenFile + 6 773C5146 4 Bytes [68, 00, 07, 00]
    .text C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe[3680] ntdll.dll!NtOpenFile + B 773C514B 1 Byte [E2]
    .text C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe[3680] ntdll.dll!NtOpenProcess + 6 773C51F6 4 Bytes [A8, 01, 07, 00]
    .text C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe[3680] ntdll.dll!NtOpenProcess + B 773C51FB 1 Byte [E2]
    .text C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe[3680] ntdll.dll!NtOpenProcessToken + B 773C520B 1 Byte [E2]
    .text C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe[3680] ntdll.dll!NtOpenProcessTokenEx + 6 773C5216 4 Bytes [A8, 02, 07, 00]
    .text C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe[3680] ntdll.dll!NtOpenProcessTokenEx + B 773C521B 1 Byte [E2]
    .text C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe[3680] ntdll.dll!NtOpenThread + 6 773C5276 4 Bytes [68, 01, 07, 00]
    .text C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe[3680] ntdll.dll!NtOpenThread + B 773C527B 1 Byte [E2]
    .text C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe[3680] ntdll.dll!NtOpenThreadToken + 6 773C5286 4 Bytes [68, 02, 07, 00]
    .text C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe[3680] ntdll.dll!NtOpenThreadToken + B 773C528B 1 Byte [E2]
    .text C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe[3680] ntdll.dll!NtOpenThreadTokenEx + B 773C529B 1 Byte [E2]
    .text C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe[3680] ntdll.dll!NtQueryAttributesFile + 6 773C53A6 4 Bytes [A8, 00, 07, 00]
    .text C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe[3680] ntdll.dll!NtQueryAttributesFile + B 773C53AB 1 Byte [E2]
    .text C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe[3680] ntdll.dll!NtQueryFullAttributesFile + B 773C545B 1 Byte [E2]
    .text C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe[3680] ntdll.dll!NtSetInformationFile + 6 773C5AA6 4 Bytes [28, 01, 07, 00]
    .text C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe[3680] ntdll.dll!NtSetInformationFile + B 773C5AAB 1 Byte [E2]
    .text C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe[3680] ntdll.dll!NtSetInformationThread + 6 773C5B06 4 Bytes [28, 02, 07, 00]
    .text C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe[3680] ntdll.dll!NtSetInformationThread + B 773C5B0B 1 Byte [E2]
    .text C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe[3680] ntdll.dll!NtUnmapViewOfSection + 6 773C5E26 1 Byte [68]
    .text C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe[3680] ntdll.dll!NtUnmapViewOfSection + 6 773C5E26 4 Bytes [68, 03, 07, 00]
    .text C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe[3680] ntdll.dll!NtUnmapViewOfSection + B 773C5E2B 1 Byte [E2]
    .text C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe[3956] ntdll.dll!NtCreateFile + 6 773C4A36 4 Bytes [28, 00, 07, 00]
    .text C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe[3956] ntdll.dll!NtCreateFile + B 773C4A3B 1 Byte [E2]
    .text C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe[3956] ntdll.dll!NtMapViewOfSection + 6 773C5096 1 Byte [28]
    .text C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe[3956] ntdll.dll!NtMapViewOfSection + 6 773C5096 4 Bytes [28, 03, 07, 00]
    .text C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe[3956] ntdll.dll!NtMapViewOfSection + B 773C509B 1 Byte [E2]
    .text C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe[3956] ntdll.dll!NtOpenFile + 6 773C5146 4 Bytes [68, 00, 07, 00]
    .text C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe[3956] ntdll.dll!NtOpenFile + B 773C514B 1 Byte [E2]
    .text C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe[3956] ntdll.dll!NtOpenProcess + 6 773C51F6 4 Bytes [A8, 01, 07, 00]
    .text C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe[3956] ntdll.dll!NtOpenProcess + B 773C51FB 1 Byte [E2]
    .text C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe[3956] ntdll.dll!NtOpenProcessToken + B 773C520B 1 Byte [E2]
    .text C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe[3956] ntdll.dll!NtOpenProcessTokenEx + 6 773C5216 4 Bytes [A8, 02, 07, 00]
    .text C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe[3956] ntdll.dll!NtOpenProcessTokenEx + B 773C521B 1 Byte [E2]
    .text C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe[3956] ntdll.dll!NtOpenThread + 6 773C5276 4 Bytes [68, 01, 07, 00]
    .text C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe[3956] ntdll.dll!NtOpenThread + B 773C527B 1 Byte [E2]
    .text C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe[3956] ntdll.dll!NtOpenThreadToken + 6 773C5286 4 Bytes [68, 02, 07, 00]
    .text C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe[3956] ntdll.dll!NtOpenThreadToken + B 773C528B 1 Byte [E2]
    .text C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe[3956] ntdll.dll!NtOpenThreadTokenEx + B 773C529B 1 Byte [E2]
    .text C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe[3956] ntdll.dll!NtQueryAttributesFile + 6 773C53A6 4 Bytes [A8, 00, 07, 00]
    .text C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe[3956] ntdll.dll!NtQueryAttributesFile + B 773C53AB 1 Byte [E2]
    .text C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe[3956] ntdll.dll!NtQueryFullAttributesFile + B 773C545B 1 Byte [E2]
    .text C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe[3956] ntdll.dll!NtSetInformationFile + 6 773C5AA6 4 Bytes [28, 01, 07, 00]
    .text C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe[3956] ntdll.dll!NtSetInformationFile + B 773C5AAB 1 Byte [E2]
    .text C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe[3956] ntdll.dll!NtSetInformationThread + 6 773C5B06 4 Bytes [28, 02, 07, 00]
    .text C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe[3956] ntdll.dll!NtSetInformationThread + B 773C5B0B 1 Byte [E2]
    .text C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe[3956] ntdll.dll!NtUnmapViewOfSection + 6 773C5E26 1 Byte [68]
    .text C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe[3956] ntdll.dll!NtUnmapViewOfSection + 6 773C5E26 4 Bytes [68, 03, 07, 00]
    .text C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe[3956] ntdll.dll!NtUnmapViewOfSection + B 773C5E2B 1 Byte [E2]

    ---- Devices - GMER 1.0.15 ----

    Device \FileSystem\Ntfs \Ntfs 856271F8

    AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Motor en tiempo de ejecución del marco de controlador en modo kernel/Microsoft Corporation)

    Device \Driver\volmgr \Device\VolMgrControl 856221F8
    Device \Driver\NetBT \Device\NetBT_Tcpip_{2A1ACC0C-A744-4C03-B12A-860CD151A6F9} 862B71F8
    Device \Driver\usbuhci \Device\USBPDO-0 863AC1F8
    Device \Driver\NetBT \Device\NetBT_Tcpip_{D2328AAA-45E5-4B0F-8B36-78EA7A3FD414} 862B71F8
    Device \Driver\usbuhci \Device\USBPDO-1 863AC1F8
    Device \Driver\usbuhci \Device\USBPDO-2 863AC1F8
    Device \Driver\ACPI_HAL \Device\00000046 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
    Device \Driver\usbuhci \Device\USBPDO-3 863AC1F8
    Device \Driver\usbehci \Device\USBPDO-4 85F903C8

    AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

    Device \Driver\PCI_PNP0102 \Device\00000062 spml.sys
    Device \Driver\volmgr \Device\HarddiskVolume1 856221F8

    AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

    Device \Driver\volmgr \Device\HarddiskVolume2 856221F8

    AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

    Device \Driver\cdrom \Device\CdRom0 862CC500
    Device \Driver\cdrom \Device\CdRom1 862CC500
    Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP0T0L0-0 860FAAEA
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 856241F8
    Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 860FAAEA
    Device \Driver\atapi \Device\Ide\IdePort0 856241F8
    Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1 860FAAEA
    Device \Driver\atapi \Device\Ide\IdePort1 856241F8
    Device \Driver\msahci \Device\Ide\PciIde1Channel0 856251F8
    Device \Driver\sptd \Device\1812804106 spml.sys
    Device \Driver\NetBT \Device\NetBt_Wins_Export 862B71F8
    Device \Driver\BTHUSB \Device\00000085 bthport.sys (Controlador de bus Bluetooth/Microsoft Corporation)
    Device \Driver\BTHUSB \Device\00000085 bthport.sys (Controlador de bus Bluetooth/Microsoft Corporation)
    Device \Driver\BTHUSB \Device\00000087 bthport.sys (Controlador de bus Bluetooth/Microsoft Corporation)
    Device \Driver\BTHUSB \Device\00000087 bthport.sys (Controlador de bus Bluetooth/Microsoft Corporation)

    AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

    Device \Driver\usbuhci \Device\USBFDO-0 863AC1F8
    Device \Driver\NetBT \Device\NetBT_Tcpip_{B74A4E07-590E-4F21-9745-D4E2F7746272} 862B71F8
    Device \Driver\usbuhci \Device\USBFDO-1 863AC1F8
    Device \Driver\usbuhci \Device\USBFDO-2 863AC1F8
    Device \Driver\NetBT \Device\NetBT_Tcpip_{1CCCACE6-1527-4CF9-BE81-785B5FE5C73C} 862B71F8
    Device \Driver\usbuhci \Device\USBFDO-3 863AC1F8
    Device \Driver\usbehci \Device\USBFDO-4 85F903C8
    Device \Driver\agdqzu4i \Device\Scsi\agdqzu4i1Port2Path0Target0Lun0 863181F8
    Device \Driver\agdqzu4i \Device\Scsi\agdqzu4i1 863181F8
    Device -> \Driver\atapi \Device\Harddisk0\DR0 860FAEC5

    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001a6b7333a1
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x48 0x33 0x62 0xB8 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x58 0x14 0xB2 0x0E ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x39 0x77 0x25 0x7D ...
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001a6b7333a1 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x48 0x33 0x62 0xB8 ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x58 0x14 0xB2 0x0E ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x39 0x77 0x25 0x7D ...

    ---- Disk sectors - GMER 1.0.15 ----

    Disk \Device\Harddisk0\DR0 sector 62: copy of MBR

    ---- Files - GMER 1.0.15 ----

    File C:\Windows\system32\DRIVERS\disk.sys suspicious modification
    File C:\Windows\system32\drivers\atapi.sys suspicious modification

    ---- EOF - GMER 1.0.15 ----
    Last edited by tashi; 2010-10-16 at 15:51. Reason: Merged two posts as per forum FAQ, please don't add. ;-)
  2. 2010-10-16, 17:30 #2
    JonTom
    JonTom is offline
    Senior Member
    Join Date
    Apr 2010
    Posts
    463

    Default

    Hi

    I am checking through your logs and will get back to you shortly...
    Proud Graduate of the WTT Classroom
  3. 2010-10-16, 18:33 #3
    JonTom
    JonTom is offline
    Senior Member
    Join Date
    Apr 2010
    Posts
    463

    Default

    Hello arucard_esp and

    My name is JonTom

    • Malware Logs can sometimes take a lot of time to research and interpret.
    • Please be patient while I try to assist with your problem. If at any time you do not understand what is required, please ask for further explanation.
    • Please note that there is no "Quick Fix" to modern malware infections and we may need to use several different approaches to get your system clean.
    • Read every reply you receive carefully and thoroughly before carrying out the instructions. You may also find it helpful to print out the instructions you receive, as in some instances you may have to disconnect your computer from the Internet.
    • PLEASE NOTE: If you do not reply after 5 days your thread will be closed.


    Thank you for the logs.

    Please work your way through the following steps:


    1. P2P Programs:


      • P2P programs are a major source of Malware infections.
      • From your log I see you have µTorrent. We do not pass judgment on file-sharing, however we must inform you that engaging in this activity and having this kind of software installed on your system will always make you more susceptible to Malware infections.
      • The use of P2P programs may be contributing to your current situation, and you would certainly be doing yourself a favour by removing them.
      • If you wish to keep the program(s), please do not use them until your computer is cleaned.

      • Information regarding the risk of using these programs can be found from here and here.

      • It is strongly recommend that you uninstall any P2P programs you have on your system.

      • To do this, Click on the "Windows Orb" (bottom left hand corner of your screen), then on "Conrol Panel" and then on the "Programs and Features" tab.
      • A list of currently installed programs will be displayed.
      • Find the "µTorrent" program, click on it once and then click on the "Uninstall" button.
      • If you are prompted to re-boot your computer to complete the uninstall please do so.


        PLEASE NOTE:
      • Even if you are using a P2P program that is deemed safe, it is only the program that is safe. Any files that you receive using a "safe" P2P program may be infected with Malware. The malware writers use P2P file-sharing as a major conduit to spread infected files.


    2. DeFogger


      • Please download DeFogger to your desktop.
      • Right Click on DeFogger and select "Run as Administrator" to run the tool.
      • The application window will appear.
      • Click the Disable button to disable your CD Emulation drivers.
      • Click Yes to continue.
      • A 'Finished!' message will appear.
      • Click OK.
      • DeFogger will now ask to reboot the machine - click OK.
        IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.
        Do not re-enable these drivers until otherwise instructed.


    3. Combofix




      • VERY IMPORTANT !!! Save ComboFix.exe to your Desktop


      • IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here .
      • Right click on ComboFix.exe and select "Run as Administrator" to rum the program. Follow the prompts.


      • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
      • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
      • Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.




      • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:




      • Click on Yes, to continue scanning for malware.
      • When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
      • Notes: Do not mouse-click Combofix's window while it is running. That may cause it to stall.
      • Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
    Proud Graduate of the WTT Classroom
  4. 2010-10-16, 19:41 #4
    arucard_esp
    arucard_esp is offline
    Junior Member
    Join Date
    Oct 2010
    Posts
    6

    Default

    Hey JonTom,

    Thank you for the fast reply and support, i really appreciate it!

    Now, I had some problems with the last stage of your process. First it wouldn't open the file Combofix.exe.... After browsing the web I learned that I had to rename it. Once renamed I ran it and followed the procedure.

    When finished,the logged file popped up and I copied the content in an other text file because I couldn't open the C:\ComboFix.txt file, after I closed the popped up log file, the C:\ComboFix.txt was even automatically deleted!

    So please find it attached as log.txt I also attached you a file with the screenshots of the errors.

    I hope you can find something out! thank you a lot in any case!
    Regards,
    Rafa
  5. 2010-10-16, 19:46 #5
    arucard_esp
    arucard_esp is offline
    Junior Member
    Join Date
    Oct 2010
    Posts
    6

    Default ooooh! What the....!!!

    Hey Spybot is working!!! and suddenly the combofix.txt file is on the C drive. I don't understand hahaha.

    So are we done? It's fixed?

    PD: sorry for the double post, I can't find any edit button!
  6. 2010-10-16, 21:23 #6
    JonTom
    JonTom is offline
    Senior Member
    Join Date
    Apr 2010
    Posts
    463

    Default

    So are we done? It's fixed?
    Don't go anywhere just yet - chances are we will still have a few things to do.

    I have just received your reply so let me spend some time looking at your log and I'll get back to you in due course
    Proud Graduate of the WTT Classroom
  7. 2010-10-17, 03:21 #7
    JonTom
    JonTom is offline
    Senior Member
    Join Date
    Apr 2010
    Posts
    463

    Default

    Hello arucard_esp

    Did this machine have XP or Vista installed before Windows 7?
    Proud Graduate of the WTT Classroom
  8. 2010-10-17, 11:58 #8
    arucard_esp
    arucard_esp is offline
    Junior Member
    Join Date
    Oct 2010
    Posts
    6

    Default

    Quote Originally Posted by JonTom View Post
    Hello arucard_esp

    Did this machine have XP or Vista installed before Windows 7?
    Hey JonTom, thank you for your help!
    Before windows 7 I had Windows XP SP3.
  9. 2010-10-17, 13:13 #9
    JonTom
    JonTom is offline
    Senior Member
    Join Date
    Apr 2010
    Posts
    463

    Default

    Hello arucard_esp

    Thanks for letting me know.

    Before we continue with your fix, please run the following tool and post the log created:


    1. CKScanner


      • Download CKScanner by askey127 from here and save it to your Desktop.
      • Right click CKScanner.exe and select "Run as Administrator", then click on Search For Files.
      • When the cursor hourglass disappears, click Save List To File.
      • A message box will verify the file saved.
      • Double click the CKFiles.txt icon on your desktop then copy/paste the contents in your next reply
    Proud Graduate of the WTT Classroom
  10. 2010-10-17, 15:21 #10
    arucard_esp
    arucard_esp is offline
    Junior Member
    Join Date
    Oct 2010
    Posts
    6

    Default

    [*]Double click the CKFiles.txt icon on your desktop then copy/paste the contents in your next reply
    Hi, I think it didn't find anything:

    CKScanner - Additional Security Risks - These are not necessarily bad
    scanner sequence 3.MN.11
    ----- EOF -----
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules