Free Malware Removal Forum

by **superstarperrito** » April 7th, 2010, 10:29 pm

Can you help me?
Thanks!

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 11:16:25 p.m., on 07/04/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Archivos de programa\AVG\AVG9\avgchsvx.exe
C:\Archivos de programa\AVG\AVG9\avgrsx.exe
C:\Archivos de programa\AVG\AVG9\avgcsrvx.exe
C:\Archivos de programa\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Archivos de programa\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Archivos de programa\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Archivos de programa\Google\Gmail Notifier\gnotify.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Archivos de programa\iTunes\iTunesHelper.exe
C:\ARCHIV~1\AVG\AVG9\avgtray.exe
C:\ARCHIV~1\ALWILS~1\Avast5\avastUI.exe
C:\Archivos de programa\TaskSwitchXP\TaskSwitchXP.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Archivos de programa\Archivos comunes\Apple\Mobile Device
Support\bin\AppleMobileDeviceService.exe
C:\Archivos de programa\AVG\AVG9\avgwdsvc.exe
C:\Archivos de programa\Sony\Sony Picture
Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Archivos de programa\Bonjour\mDNSResponder.exe
C:\Windows\Temp\RtkBtMnt.exe
C:\Archivos de programa\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Archivos de programa\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\Archivos de programa\AVG\AVG9\avgnsx.exe
C:\Archivos de programa\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Archivos de programa\Alwil Software\Avast5\setup\avast.setup
C:\Archivos de programa\TrendMicro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL
= http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName
= Vínculos
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter -
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Archivos de
programa\AVG\AVG9\avgssie.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} -
C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper -
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Archivos de
programa\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Aplicación auxiliar de inicio de sesión -
{9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Archivos de
programa\Archivos comunes\Microsoft Shared\Windows
Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO -
{A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Archivos de
programa\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper -
{DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Archivos de
programa\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl -
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Archivos de
programa\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AVG Security Toolbar -
{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Archivos de
programa\AVG\AVG9\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [egui] "C:\Archivos de programa\ESET\ESET NOD32
Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Archivos de
programa\Realtek\Audio\Drivers\AzMixerSel.exe
O4 - HKLM\..\Run: [M3000Mnt] Rundll32.exe M3000Rmv.dll ,WinMainRmv
/StartStillMnt
O4 - HKLM\..\Run: [SynTPEnh] C:\Archivos de
programa\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Archivos
de programa\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Archivos de
programa\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Archivos de
programa\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG9_TRAY] C:\ARCHIV~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [avast5] C:\ARCHIV~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKCU\..\Run: [TaskSwitchXP] C:\Archivos de
programa\TaskSwitchXP\TaskSwitchXP.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and
Settings\Administrador\Configuración local\Datos de
programa\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE
(User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32
(User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE
(User 'Servicio de red')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32
(User 'Servicio de red')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE
(User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32
(User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE
(User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32
(User 'Default user')
O4 - Startup: Herramienta de búsqueda de soportes de Picture Motion
Browser.lnk = C:\Archivos de programa\Sony\Sony Picture
Utility\VolumeWatcher\SPUVolumeWatcher.exe
O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263}
- C:\ARCHIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583}
- C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -
{e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network
Diagnostic\xpnetdiag.exe
O18 - Protocol: avgsecuritytoolbar -
{F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Archivos de
programa\AVG\AVG9\Toolbar\IEToolbar.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
C:\Archivos de programa\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -
C:\ARCHIV~1\ARCHIV~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Precargador Browseui -
{438755C2-A8BA-11D1-B96B-00A0C90312E1} -
C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Demonio de caché de las categorías de
componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} -
C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Archivos de
programa\Archivos comunes\Apple\Mobile Device
Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Archivos de
programa\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Archivos de
programa\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Archivos de
programa\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: AVG Security Toolbar Service - Unknown owner -
C:\Archivos de programa\AVG\AVG9\Toolbar\ToolbarBroker.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ,
s.r.o. - C:\Archivos de programa\AVG\AVG9\avgwdsvc.exe
O23 - Service: Servicio Bonjour (Bonjour Service) - Apple Inc. -
C:\Archivos de programa\Bonjour\mDNSResponder.exe
O23 - Service: Servicio del administrador de discos lógicos (dmadmin)
- Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Archivos de
programa\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Archivos de
programa\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Registro de sucesos (Eventlog) - Unknown owner -
C:\WINDOWS\system32\services.exe
O23 - Service: Servicio Google Update (gupdate) (gupdate) - Unknown
owner - C:\Archivos de programa\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Archivos
de programa\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Servicio del iPod (iPod Service) - Apple Inc. -
C:\Archivos de programa\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun
Microsystems, Inc. - C:\Archivos de programa\Java\jre6\bin\jqs.exe
O23 - Service: Escritorio remoto compartido de NetMeeting (mnmsrvc) -
Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: Plug and Play (PlugPlay) - Unknown owner -
C:\WINDOWS\system32\services.exe
O23 - Service: Administrador de sesión de Ayuda de escritorio remoto
(RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Tarjeta inteligente (SCardSvr) - Unknown owner -
C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Registros y alertas de rendimiento (SysmonLog) -
Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp
Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service
(TuneUp.ProgramStatisticsSvc) - TuneUp Software -
C:\WINDOWS\System32\TUProgSt.exe
O23 - Service: Instantáneas de volumen (VSS) - Unknown owner -
C:\WINDOWS\System32\vssvc.exe
O23 - Service: Adaptador de rendimiento de WMI (WmiApSrv) - Unknown
owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
O23 - Service: Servicio de uso compartido de red del Reproductor de
Windows Media (WMPNetworkSvc) - Unknown owner - C:\Archivos de
programa\Windows Media Player\WMPNetwk.exe

--
End of file - 10455 bytes

by **MWR 3 day Mod** » April 11th, 2010, 2:19 am

Hi,

We are sorry to see your topic is over three days old and no one has yet been able to respond and offer help.

If you still require assistance, please post a link to your topic in our Waiting for help with malware removal? forum, and our staff will make an effort to assist you as promptly as possible. Only post a LINK to this topic, DO NOT post your DDS log!

Please do not reply to this topic.

If you haven't posted within two days in the "Waiting for help with malware removal?" forum, we will assume you have been able to get assistance in other ways and this topic will be closed.

by **deltalima** » April 13th, 2010, 4:25 am

Hi superstarperrito,

Welcome to the forum.

My nickname is deltalima and I will be helping you with your computer problems.

The logs can take some time to research, so please be patient with me.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Please note the following:

I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
The fixes are specific to your problem and should only be used for this issue on this machine.
Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
If after 3 days you have not responded to this topic, it will be closed, and you will need to start a new one.
It's often worth reading through these instructions and printing them for ease of reference.
If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
Please reply to this thread. Do not start a new topic.

Uninstall List

Open HijackThis.
Look under System tools.
Click on the Open Uninstall Manager... button.
Click on the Save list... button.
It will prompt you to save. Save this log in a convenient location. By default it's named uninstall_list.txt.
Notepad will open. Please copy and paste the contents of this log in your next reply.

by **superstarperrito** » April 13th, 2010, 2:24 pm

Thanks!

Acer Crystal Eye Webcam 1.0.1.3
ActualizaciÛn de seguridad para Windows XP (KB923789)
Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Shockwave Player
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Atheros for Acer Driver v7.6.0.224_Foxconn Installation Program
avast! Free Antivirus
AVG Free 9.0
Bonjour
CCleaner (remove only)
Compresor WinRAR
ESET NOD32 Antivirus
EVEREST Ultimate Edition v4.60
Google Earth
Google Gmail Notifier
Google Update Helper
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Image Resizer Powertoy for Windows XP
Intel(R) Graphics Media Accelerator Driver
iTunes
Java(TM) 6 Update 11
JMicron JMB38X Flash Media Controller
K-Lite Mega Codec Pack 4.4.2
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Choice Guard
Microsoft Office Professional Edition 2003
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Movistar 3.5G
Mozilla Firefox (3.0.5)
MSVCRT
Nero 8.3.2.1
NOD32 v3.x FiX 1.1 by TemDono (Free Updates - Expire in 2050)
Opera 10.10
Picasa 3
QuickTime
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Realtek High Definition Audio Driver
Safari
Segoe UI
Skypeô 4.1
Sonic UDF Reader
Sony Picture Utility
Sony USB Driver
Synaptics Pointing Device Driver
TaskSwitchXP
TuneUp Utilities 2009
TweetDeck
TweetDeck
Windows Live Asistente para el inicio de sesiÛn
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Messenger
Windows Live Upload Tool
XPize Darkside 2.1

by **deltalima** » April 13th, 2010, 2:43 pm

Hi superstarperrito,

Cracked/Keygen related software detected!!!

While going through your logs I found out that you have downloaded various keygen/cracked software and that you are actively using it.

Our forum policy Here says we will not help people who use cracked or pirated software.
You likely got infected by using cracked software or visiting crack sites.
Hence, i would like you to remove all the crack/keygen applications that are present on your system

NOTE: If you give me advice that the software/Keygens have been removed & I find it has not (the tools we use can & will detect it) then I will have no choice but to have this thread closed.
Please decide what you are going to do & let me know.

by **superstarperrito** » April 13th, 2010, 3:32 pm

My computer skills aren't great and I bought this netbook a month ago. Neither good is my english. I am more than willing to do everything that is need it to recover my PC, please tell me how to delete those files and I happily do it.

Thanks again!

by **deltalima** » April 13th, 2010, 3:44 pm

Hi superstarperrito,

You have 3 antivirus programs running, Avast, AVG and NOD32.

It is very unwise to have more than 1 antivirus program running.

The version of NOD32 and the associated crack needs to be removed.

Click Start, point to Settings, and then click Control Panel.
In Control Panel, double-click Add or Remove Programs.
In Add or Remove Programs,
highlight NOD32 v3.x FiX 1.1 by TemDono (Free Updates - Expire in 2050)
highlight ESET NOD32 Antivirus
click Remove
Close the Add or Remove Programs and the Control Panel windows.

Next reboot the computer.

Now choose to keep either AVG Free 9.0 or avast! Free Antivirus and uninstall the other using the same method as above.

Next reboot again.

Now please run a new scan with HijackThis.

CKScanner:

Please download CKScanner from here to your Desktop.

Make sure that CKScanner.exe is on the your Desktop before running the application!

Double-click on CKScanner.exe and click Search For Files.
After a very short time, when the cursor hourglass disappears, click Save List To File.
A message box will verify the file saved
Double-click on the CKFiles.txt icon on your Desktop and copy/paste the contents in your next reply along with the log from HijackThis.

by **superstarperrito** » April 13th, 2010, 4:27 pm

Done! I choose to delete AVG

CKScanner - Additional Security Risks - These are not necessarily bad
scanner sequence 3.RP.11
----- EOF -----

My logs:

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 05:23:49 p.m., on 13/04/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Archivos de programa\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Administrador\Configuraci�n local\Datos de programa\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrador\Configuraci�n local\Datos de programa\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrador\Configuraci�n local\Datos de programa\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrador\Configuraci�n local\Datos de programa\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Archivos de programa\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Archivos de programa\Google\Gmail Notifier\gnotify.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\Archivos de programa\iTunes\iTunesHelper.exe
C:\ARCHIV~1\ALWILS~1\Avast5\avastUI.exe
C:\Archivos de programa\TaskSwitchXP\TaskSwitchXP.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Archivos de programa\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Archivos de programa\Bonjour\mDNSResponder.exe
C:\Archivos de programa\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\Windows\Temp\RtkBtMnt.exe
C:\Archivos de programa\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Archivos de programa\TrendMicro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = V�nculos
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Archivos de programa\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Aplicaci�n auxiliar de inicio de sesi�n - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Archivos de programa\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Archivos de programa\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Archivos de programa\Realtek\Audio\Drivers\AzMixerSel.exe
O4 - HKLM\..\Run: [M3000Mnt] Rundll32.exe M3000Rmv.dll ,WinMainRmv /StartStillMnt
O4 - HKLM\..\Run: [SynTPEnh] C:\Archivos de programa\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Archivos de programa\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Archivos de programa\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Archivos de programa\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast5] C:\ARCHIV~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKCU\..\Run: [TaskSwitchXP] C:\Archivos de programa\TaskSwitchXP\TaskSwitchXP.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrador\Configuraci�n local\Datos de programa\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Servicio de red')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Servicio de red')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Startup: Herramienta de b�squeda de soportes de Picture Motion Browser.lnk = C:\Archivos de programa\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARCHIV~1\ARCHIV~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Precargador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Demonio de cach� de las categor�as de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Archivos de programa\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Archivos de programa\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Archivos de programa\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Servicio Bonjour (Bonjour Service) - Apple Inc. - C:\Archivos de programa\Bonjour\mDNSResponder.exe
O23 - Service: Servicio del administrador de discos l�gicos (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Registro de sucesos (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Servicio Google Update (gupdate) (gupdate) - Unknown owner - C:\Archivos de programa\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Archivos de programa\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Servicio del iPod (iPod Service) - Apple Inc. - C:\Archivos de programa\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Archivos de programa\Java\jre6\bin\jqs.exe
O23 - Service: Escritorio remoto compartido de NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Administrador de sesi�n de Ayuda de escritorio remoto (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Tarjeta inteligente (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Registros y alertas de rendimiento (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
O23 - Service: Instant�neas de volumen (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Adaptador de rendimiento de WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
O23 - Service: Servicio de uso compartido de red del Reproductor de Windows Media (WMPNetworkSvc) - Unknown owner - C:\Archivos de programa\Windows Media Player\WMPNetwk.exe

--
End of file - 9226 bytes

by **deltalima** » April 13th, 2010, 5:26 pm

Hi superstarperrito,

Done! I choose to delete AVG

Good, you will already notice the computer runs faster with just one antivirus program and you will be better protected too.

I believe my computer has malware

Please describe the symptoms that lead you believe that the computer has malware.

Upload a File to Virustotal

Please go to Virustotal

Copy/paste this file and path into the white box at the top:

C:\Windows\Temp\RtkBtMnt.exe

Press Submit - this will submit the file for testing.
Please wait for all the scanners to finish then copy and paste the results in your next response.

Please go to Kaspersky website and perform an online antivirus scan.

Read through the requirements and privacy statement and click on Accept button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
When the downloads have finished, click on Settings.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
Click on My Computer under Scan.
Once the scan is complete, it will display the results. Click on View Scan Report.
You will see a list of infected items there. Click on Save Report As....
Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
Please post this log in your next reply along with the results from Virustotal

by **superstarperrito** » April 13th, 2010, 5:49 pm

I believe I have malware because I can't access any webpage except those with "https:" in the beggining.

(I am installing JAVA for http://www.kaspersky.com, meanwhile:

Virustotal results:

Motor antivirus Versión Última actualización Resultado
a-squared 4.5.0.50 2010.04.04 -
AhnLab-V3 5.0.0.2 2010.04.03 -
AntiVir 7.10.6.24 2010.04.03 -
Antiy-AVL 2.0.3.7 2010.04.02 -
Authentium 5.2.0.5 2010.04.04 -
Avast 4.8.1351.0 2010.04.04 -
Avast5 5.0.332.0 2010.04.04 -
AVG 9.0.0.787 2010.04.04 -
BitDefender 7.2 2010.04.04 -
CAT-QuickHeal 10.00 2010.04.03 -
ClamAV 0.96.0.0-git 2010.04.03 -
Comodo 4500 2010.04.04 -
DrWeb 5.0.2.03300 2010.04.04 -
eSafe 7.0.17.0 2010.04.01 -
eTrust-Vet 35.2.7405 2010.04.02 -
F-Prot 4.5.1.85 2010.04.04 -
F-Secure 9.0.15370.0 2010.04.04 -
Fortinet 4.0.14.0 2010.04.04 -
GData 19 2010.04.04 -
Ikarus T3.1.1.80.0 2010.04.04 -
Jiangmin 13.0.900 2010.04.04 -
K7AntiVirus 7.10.1004 2010.03.22 -
Kaspersky 7.0.0.125 2010.04.04 -
McAfee 5937 2010.03.31 -
McAfee+Artemis 5937 2010.03.31 -
McAfee-GW-Edition 6.8.5 2010.04.03 -
Microsoft 1.5605 2010.04.04 -
NOD32 4999 2010.04.04 -
Norman 6.04.10 2010.04.03 -
nProtect 2009.1.8.0 2010.04.04 -
Panda 10.0.2.2 2010.04.04 -
PCTools 7.0.3.5 2010.04.04 -
Prevx 3.0 2010.04.04 -
Rising 22.41.04.05 2010.04.02 -
Sophos 4.52.0 2010.04.04 -
Sunbelt 6137 2010.04.04 -
Symantec 20091.2.0.41 2010.04.04 -
TheHacker 6.5.2.0.252 2010.04.04 -
TrendMicro 9.120.0.1004 2010.04.04 -
VBA32 3.12.12.4 2010.04.02 -
ViRobot 2010.4.3.2259 2010.04.04 -
VirusBuster 5.0.27.0 2010.04.04 -
Información adicional
File size: 212992 bytes
MD5 : a1953a905b76837b637863012e8641a9
SHA1 : 41c6baaf9487e80a458e221ee746b1fad59bdb49
SHA256: 44cc6d2b021bc167b2616beb06b33a923a096b6d5ce21b8c1742067e896e802c
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x11DBC
timedatestamp.....: 0x4816EA27 (Tue Apr 29 11:28:07 2008)
machinetype.......: 0x14C (Intel I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x22DC5 0x23000 6.61 8b684b6ed332c3c3dbbbc6585457c9d3
.rdata 0x24000 0x7D9A 0x8000 5.00 4ede3cc8f092778f6d4d0234b115373a
.data 0x2C000 0x5D78 0x3000 2.70 d7f9972d90b4aebcc7cce0cd2e80d750
.rsrc 0x32000 0x4EF4 0x5000 3.58 7e9a26e949053976b56021106ca54a83

( 0 imports )

( 0 exports )
TrID : File type identification
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
ThreatExpert: http://www.threatexpert.com/report.aspx ... 012e8641a9
ssdeep: 3072:H6jm0BdBWcFfmAQuq2aRL9s2vqDPa+eC9jbYF6gWyjgpwr73ce/Kzt5iZ0T26:Wm08cFfmArrYyxel2bi3EiZw
sigcheck: publisher....: Realtek Semiconductor Corp.
copyright....: 2006 (c) Realtek Semiconductor. All rights reserved.
product......: Realtek HD Audio Data Rerouter
description..: Realtek HD Audio Data Rerouter
original name: RtkBtMnt.exe
internal name: RtkBtMnt
file version.: 1.0.0.10
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
PEiD : -
CWSandbox: http://research.sunbelt-software.com/pa ... 012e8641a9
RDS : NSRL Reference Data Set

by **superstarperrito** » April 14th, 2010, 7:17 am

The Kaspersky report:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Wednesday, April 14, 2010
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Tuesday, April 13, 2010 18:47:08
Records in database: 3939804
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\

Scan statistics:
Objects scanned: 40573
Threats found: 1
Infected objects found: 1
Suspicious objects found: 0
Scan duration: 01:55:48

File name / Threat / Threats count
C:\WINDOWS\system32\cmdow.exe Infected: not-a-virus:RiskTool.Win32.HideWindows 1

Selected area has been scanned.

by **deltalima** » April 14th, 2010, 7:22 am

Hi superstarperrito,

I believe I have malware because I can't access any webpage except those with "https:" in the beggining.

Does this affect just Internet Explorer or all browsers (e.g. Chrome) ?

Download and run OTL
Download OTL by Old Timer and save it to your Desktop.

Double click on OTL.exe to run it.
Under Output, ensure that Minimal Output is selected.
Under Extra Registry section, select Use SafeList.
Click the Scan All Users checkbox.
Click on Run Scan at the top left hand corner.
When done, two Notepad files will open.
- OTL.txt <-- Will be opened
- Extras.txt <-- Will be minimized
Please post the contents of these 2 Notepad files in your next reply.

Please download GMER Rootkit Scanner from here.

Double click the .exe file. If asked to allow gmer.sys driver to load, please consent
If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
Run Gmer again and click on the Rootkit tab.
Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
Make sure all other boxes on the right of the screen are checked, EXCEPT for "Show All".
Click on the "Scan" and wait for the scan to finish.
Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan.
When completed, click on the Copy button and right-click on your Desktop, choose "New" > Text document. Once the file is created, open it and right-click again and choose Paste or Ctrl+V. Save the file as gmer.txt and copy the information in your next reply.
Note: If you have any problems, try running GMER in SAFE MODE

Important! Please do not select the "Show all" checkbox during the scan..

Please post the GMER log along with OTL.txt and Extras.txt from the OTL scan into your next reply.

by **superstarperrito** » April 14th, 2010, 8:08 am

(I've just recovered Internet access in all browsers... I am about to cry. I will run xb391 now)

OTL.txt

OTL logfile created on: 14/04/2010 08:36:54 a.m. - Run 1
OTL by OldTimer - Version 3.2.1.1 Folder = C:\Documents and Settings\Administrador\Escritorio
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00002C0A | Country: Argentina | Language: ESS | Date Format: dd/MM/yyyy

1.012,00 Mb Total Physical Memory | 156,00 Mb Available Physical Memory | 15,00% Memory free
2,00 Gb Paging File | 1,00 Gb Available in Paging File | 40,00% Paging File free
Paging file location(s): C:\pagefile.sys 1512 3024 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Archivos de programa
Drive C: | 143,19 Gb Total Space | 130,42 Gb Free Space | 91,08% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: Equipo01
Current User Name: Administrador
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Administrador\Escritorio\OTL.exe (OldTimer Tools)
PRC - C:\WINDOWS\Temp\jkos-Administrador\binaries\ScanningProcess.exe (Kaspersky Lab.)
PRC - C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Archivos de programa\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
PRC - C:\Archivos de programa\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
PRC - C:\Archivos de programa\Java\jre6\bin\java.exe (Sun Microsystems, Inc.)
PRC - C:\WINDOWS\Temp\RtkBtMnt.exe (Realtek Semiconductor Corp.)
PRC - C:\WINDOWS\system32\TUProgSt.exe (TuneUp Software)
PRC - C:\Archivos de programa\Opera\opera.exe (Opera Software)
PRC - C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Archivos de programa\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe (Sony Corporation)
PRC - C:\Archivos de programa\TaskSwitchXP\TaskSwitchXP.exe (Alexander Avdonin)
PRC - C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
PRC - C:\Archivos de programa\Google\Gmail Notifier\gnotify.exe (Google Inc.)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Administrador\Escritorio\OTL.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (avast! Web Scanner) -- C:\Archivos de programa\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
SRV - (avast! Mail Scanner) -- C:\Archivos de programa\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
SRV - (avast! Antivirus) -- C:\Archivos de programa\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
SRV - (TuneUp.ProgramStatisticsSvc) -- C:\WINDOWS\system32\TUProgSt.exe (TuneUp Software)
SRV - (TuneUp.Defrag) -- C:\WINDOWS\system32\TuneUpDefragService.exe (TuneUp Software)
SRV - (Apple Mobile Device) -- C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (UxTuneUp) -- C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software)
SRV - (ose) -- C:\Archivos de programa\Archivos comunes\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (aswTdi) -- C:\WINDOWS\system32\drivers\aswTdi.sys (ALWIL Software)
DRV - (aswSP) -- C:\WINDOWS\system32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswRdr) -- C:\WINDOWS\system32\drivers\aswRdr.sys (ALWIL Software)
DRV - (aswMon2) -- C:\WINDOWS\system32\drivers\aswmon2.sys (ALWIL Software)
DRV - (aswFsBlk) -- C:\WINDOWS\system32\drivers\aswFsBlk.sys (ALWIL Software)
DRV - (Aavmker4) -- C:\WINDOWS\system32\drivers\aavmker4.sys (ALWIL Software)
DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (ZTEusbser6k) -- C:\WINDOWS\system32\drivers\ZTEusbser6k.sys (ZTE Incorporated)
DRV - (ZTEusbnmea) -- C:\WINDOWS\system32\drivers\ZTEusbnmea.sys (ZTE Incorporated)
DRV - (ZTEusbmdm6k) -- C:\WINDOWS\system32\drivers\ZTEusbmdm6k.sys (ZTE Incorporated)
DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation )
DRV - (AR5416) -- C:\WINDOWS\system32\drivers\athw.sys (Atheros Communications, Inc.)
DRV - (M3000Srv) -- C:\WINDOWS\system32\drivers\M3000KNT.sys ()
DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (ialm) -- C:\WINDOWS\system32\drivers\igxpmp32.sys (Intel Corporation)
DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Sonic Solutions)
DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Sonic Solutions)
DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Sonic Solutions)
DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Sonic Solutions)
DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Sonic Solutions)
DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Sonic Solutions)
DRV - (DLADResN) -- C:\WINDOWS\system32\DLA\DLADResN.SYS (Sonic Solutions)
DRV - (DRVMCDB) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS (Sonic Solutions)
DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Sonic Solutions)
DRV - (DLARTL_N) -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS (Sonic Solutions)
DRV - (DRVNDDM) -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS (Sonic Solutions)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.busca7.com/
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchURL\g, = http://www.google.es/custom?sa=B%FAsque ... 1&hl=es&q=%s
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.busca7.com/
IE - HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchURL\g, = http://www.google.es/custom?sa=B%FAsque ... 1&hl=es&q=%s
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.busca7.com/
IE - HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchURL\g, = http://www.google.es/custom?sa=B%FAsque ... 1&hl=es&q=%s

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.busca7.com/
IE - HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchURL\g, = http://www.google.es/custom?sa=B%FAsque ... 1&hl=es&q=%s

IE - HKU\S-1-5-21-1614895754-842925246-515967899-500\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-1614895754-842925246-515967899-500\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}
IE - HKU\S-1-5-21-1614895754-842925246-515967899-500\Software\Microsoft\Internet Explorer\SearchURL\g, = http://www.google.es/custom?sa=B%FAsque ... 1&hl=es&q=%s
IE - HKU\S-1-5-21-1614895754-842925246-515967899-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.5\extensions\\Components: C:\Archivos de programa\Mozilla Firefox\components [2010/03/05 17:41:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.5\extensions\\Plugins: C:\Archivos de programa\Mozilla Firefox\plugins [2010/04/13 18:49:28 | 000,000,000 | ---D | M]

[2009/12/01 20:48:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Datos de programa\Mozilla\Extensions
[2009/12/01 20:48:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Datos de programa\Mozilla\Firefox\Profiles\kdh80l4x.default\extensions
[2010/04/13 18:49:29 | 000,000,000 | ---D | M] -- C:\Archivos de programa\Mozilla Firefox\extensions
[2006/12/08 20:53:48 | 000,003,996 | ---- | M] () -- C:\Archivos de programa\Mozilla Firefox\searchplugins\drae.xml
[2008/09/19 11:19:12 | 000,000,751 | ---- | M] () -- C:\Archivos de programa\Mozilla Firefox\searchplugins\eBay-es.xml
[2008/03/12 20:27:40 | 000,001,178 | ---- | M] () -- C:\Archivos de programa\Mozilla Firefox\searchplugins\wikipedia-es.xml
[2006/12/08 20:53:48 | 000,000,798 | ---- | M] () -- C:\Archivos de programa\Mozilla Firefox\searchplugins\yahoo-es.xml

O1 HOSTS File: ([2001/08/24 15:00:00 | 000,000,792 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Windows Live Aplicación auxiliar de inicio de sesión) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\S-1-5-21-1614895754-842925246-515967899-500\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4 - HKLM..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Archivos de programa\Google\Gmail Notifier\gnotify.exe (Google Inc.)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avast5] C:\Archivos de programa\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [AzMixerSel] C:\Archivos de programa\Realtek\Audio\Drivers\AzMixerSel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [M3000Mnt] File not found
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Archivos de programa\Archivos comunes\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKU\S-1-5-21-1614895754-842925246-515967899-500..\Run: [TaskSwitchXP] C:\Archivos de programa\TaskSwitchXP\TaskSwitchXP.exe (Alexander Avdonin)
O4 - HKU\.DEFAULT..\RunOnce: [nltide_2] File not found
O4 - HKU\S-1-5-18..\RunOnce: [nltide_2] File not found
O4 - HKU\S-1-5-19..\RunOnce: [nltide_2] File not found
O4 - HKU\S-1-5-20..\RunOnce: [nltide_2] File not found
O4 - Startup: C:\Documents and Settings\Administrador\Menú Inicio\Programas\Inicio\Herramienta de búsqueda de soportes de Picture Motion Browser.lnk = C:\Archivos de programa\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe (Sony Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRemoteRecursiveEvents = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoInternetOpenWith = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\S-1-5-21-1614895754-842925246-515967899-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1614895754-842925246-515967899-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKU\S-1-5-21-1614895754-842925246-515967899-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 1
O7 - HKU\S-1-5-21-1614895754-842925246-515967899-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-21-1614895754-842925246-515967899-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\S-1-5-21-1614895754-842925246-515967899-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\S-1-5-21-1614895754-842925246-515967899-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\S-1-5-21-1614895754-842925246-515967899-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\S-1-5-21-1614895754-842925246-515967899-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 0
O7 - HKU\S-1-5-21-1614895754-842925246-515967899-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Archivos de programa\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_19)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 200.45.191.35 200.45.48.233
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Archivos de programa\Archivos comunes\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (XPize_Logon.exe) - C:\WINDOWS\System32\XPize_Logon.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (Mi página de inicio actual) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/12/01 15:01:49 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{2aa967fe-e839-11de-9221-00242b8ee52a}\Shell - "" = AutoRun
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/04/14 08:34:32 | 000,561,664 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrador\Escritorio\OTL.exe
[2010/04/13 18:52:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Datos de programa\Sun
[2010/04/13 18:52:52 | 000,000,000 | ---D | C] -- C:\Archivos de programa\Archivos comunes\Java
[2010/04/13 18:49:27 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/04/13 18:49:27 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/04/13 18:49:27 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/04/13 17:19:10 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Datos de programa\Microsoft
[2010/04/13 17:19:10 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Configuración local\Datos de programa\Microsoft
[2010/04/13 17:19:10 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Datos de programa\Microsoft
[2010/04/13 17:19:10 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Configuración local\Datos de programa\Microsoft
[2010/04/13 17:05:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2010/04/07 23:45:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Datos de programa\Windows Genuine Advantage
[2010/03/31 20:48:52 | 000,000,000 | ---D | C] -- C:\Archivos de programa\TrendMicro
[2010/03/31 20:34:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrador\Datos de programa\Malwarebytes
[2010/03/31 20:34:22 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/31 20:34:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Datos de programa\Malwarebytes
[2010/03/31 20:34:18 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/03/31 20:34:18 | 000,000,000 | ---D | C] -- C:\Archivos de programa\Malwarebytes' Anti-Malware
[2010/03/31 20:33:38 | 005,918,720 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrador\Escritorio\mbam-setup.exe
[2010/03/31 11:38:06 | 000,019,024 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/03/31 11:38:05 | 000,162,640 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/03/31 11:38:04 | 000,023,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/03/31 11:38:02 | 000,046,672 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/03/31 11:37:59 | 000,100,432 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/03/31 11:37:58 | 000,094,800 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/03/31 11:37:58 | 000,028,880 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/03/31 11:37:19 | 000,153,184 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/03/31 11:37:19 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr
[2010/03/31 11:37:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Datos de programa\Alwil Software
[2010/03/31 11:37:08 | 000,000,000 | ---D | C] -- C:\Archivos de programa\Alwil Software
[2010/03/31 11:24:52 | 000,000,000 | -H-D | C] -- C:\$AVG
[2010/03/31 10:46:37 | 000,000,000 | ---D | C] -- C:\Archivos de programa\AVG
[2010/03/31 10:46:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Datos de programa\avg9
[2010/03/31 10:46:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2010/03/29 11:08:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrador\Escritorio\Seminario Humanista I
[2010/03/25 16:11:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2010/03/24 22:36:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrador\Escritorio\ENALFIL
[2010/03/19 13:21:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrador\Mis documentos\S{i!
[2010/03/18 09:18:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrador\Mis documentos\Presentación JIFA
[2010/01/15 17:16:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Configuración local\Datos de programa\Apple
[2009/12/07 21:42:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Configuración local\Datos de programa\ESET
[2009/12/01 22:02:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Configuración local\Datos de programa\Google
[2009/12/01 21:03:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Configuración local\Datos de programa\Google
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\Documents and Settings\Administrador\Escritorio\*.tmp files -> C:\Documents and Settings\Administrador\Escritorio\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/04/14 08:43:01 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Administrador\Escritorio\xk3931wo.exe
[2010/04/14 08:34:33 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrador\Escritorio\OTL.exe
[2010/04/14 08:19:01 | 000,001,102 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/04/14 08:15:35 | 000,002,868 | ---- | M] () -- C:\Documents and Settings\Administrador\Escritorio\reporte on line antivirus.html
[2010/04/14 08:11:00 | 000,001,160 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1614895754-842925246-515967899-500UA.job
[2010/04/14 08:00:01 | 000,000,548 | ---- | M] () -- C:\WINDOWS\tasks\Mantenimiento con 1 clic.job
[2010/04/13 20:11:00 | 000,001,108 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1614895754-842925246-515967899-500Core.job
[2010/04/13 18:48:48 | 001,124,618 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/04/13 18:48:48 | 000,506,162 | ---- | M] () -- C:\WINDOWS\System32\perfh00A.dat
[2010/04/13 18:48:48 | 000,442,100 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/04/13 18:48:48 | 000,091,330 | ---- | M] () -- C:\WINDOWS\System32\perfc00A.dat
[2010/04/13 18:48:48 | 000,071,844 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/04/13 17:26:25 | 000,002,501 | ---- | M] () -- C:\Documents and Settings\Administrador\Escritorio\HiJackThis.lnk
[2010/04/13 17:20:29 | 000,001,098 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/04/13 17:20:25 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/13 17:20:13 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/04/13 17:19:24 | 003,145,728 | -H-- | M] () -- C:\Documents and Settings\Administrador\NTUSER.DAT
[2010/04/13 17:19:24 | 000,000,192 | -HS- | M] () -- C:\Documents and Settings\Administrador\ntuser.ini
[2010/04/13 17:12:35 | 000,451,584 | ---- | M] () -- C:\Documents and Settings\Administrador\Escritorio\CKScanner.exe
[2010/04/13 15:11:19 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/03/31 11:38:08 | 000,001,768 | ---- | M] () -- C:\Documents and Settings\All Users\Escritorio\avast! Free Antivirus.lnk
[2010/03/31 11:38:00 | 000,002,958 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/03/31 10:29:44 | 046,914,104 | ---- | M] () -- C:\Documents and Settings\Administrador\Escritorio\setup_av_free.exe
[2010/03/30 18:30:25 | 000,017,408 | ---- | M] () -- C:\Documents and Settings\Administrador\Configuración local\Datos de programa\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/30 17:33:28 | 000,223,712 | ---- | M] () -- C:\Documents and Settings\Administrador\Mis documentos\Ciudad 9.jpg
[2010/03/30 17:33:19 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\Administrador\Mis documentos\Ciudad 310310.doc
[2010/03/30 14:08:06 | 005,918,720 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrador\Escritorio\mbam-setup.exe
[2010/03/29 15:24:58 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/29 15:24:46 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/03/27 17:29:54 | 000,042,496 | ---- | M] () -- C:\Documents and Settings\Administrador\Mis documentos\Newsletter inglés marzo.doc
[2010/03/26 19:21:17 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\Administrador\Mis documentos\Idea Twitter Aventura.doc
[2010/03/26 11:32:29 | 000,257,024 | ---- | M] () -- C:\Documents and Settings\Administrador\Mis documentos\Cuan seguro es tu password.jpg
[2010/03/26 09:12:52 | 000,146,006 | ---- | M] () -- C:\Documents and Settings\Administrador\Mis documentos\wetheads_02.jpg
[2010/03/26 09:12:46 | 000,117,564 | ---- | M] () -- C:\Documents and Settings\Administrador\Mis documentos\wetheads_03.jpg
[2010/03/26 09:12:40 | 000,141,810 | ---- | M] () -- C:\Documents and Settings\Administrador\Mis documentos\wetheads_04.jpg
[2010/03/26 09:12:35 | 000,128,464 | ---- | M] () -- C:\Documents and Settings\Administrador\Mis documentos\wetheads_05.jpg
[2010/03/26 09:12:28 | 000,129,567 | ---- | M] () -- C:\Documents and Settings\Administrador\Mis documentos\wetheads_06.jpg
[2010/03/26 09:01:44 | 000,031,232 | ---- | M] () -- C:\Documents and Settings\Administrador\Mis documentos\Tres notas más 26 de marzo.doc
[2010/03/26 08:12:35 | 000,028,160 | ---- | M] () -- C:\Documents and Settings\Administrador\Mis documentos\Ciudad 260310.doc
[2010/03/26 08:02:12 | 000,203,090 | ---- | M] () -- C:\Documents and Settings\Administrador\Mis documentos\Ciudad6.jpg
[2010/03/23 13:09:28 | 000,032,768 | ---- | M] () -- C:\Documents and Settings\Administrador\Mis documentos\Reporter 250310.doc
[2010/03/20 11:41:06 | 000,078,336 | ---- | M] () -- C:\Documents and Settings\Administrador\Mis documentos\Reporter 220310.doc
[2010/03/19 13:26:45 | 000,143,586 | ---- | M] () -- C:\Documents and Settings\Administrador\Mis documentos\JasonHernandezIAmTheMasteroftheUniv.jpg
[2010/03/19 13:23:58 | 000,052,946 | ---- | M] () -- C:\Documents and Settings\Administrador\Mis documentos\KierstenEssenpries.jpg
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\Documents and Settings\Administrador\Escritorio\*.tmp files -> C:\Documents and Settings\Administrador\Escritorio\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/04/14 08:43:01 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Administrador\Escritorio\xk3931wo.exe
[2010/04/14 08:15:35 | 000,002,868 | ---- | C] () -- C:\Documents and Settings\Administrador\Escritorio\reporte on line antivirus.html
[2010/04/13 17:22:34 | 000,451,584 | ---- | C] () -- C:\Documents and Settings\Administrador\Escritorio\CKScanner.exe
[2010/03/31 20:48:55 | 000,002,501 | ---- | C] () -- C:\Documents and Settings\Administrador\Escritorio\HiJackThis.lnk
[2010/03/31 20:33:33 | 001,401,344 | ---- | C] () -- C:\Documents and Settings\Administrador\Escritorio\HijackThis.msi
[2010/03/31 11:38:08 | 000,001,768 | ---- | C] () -- C:\Documents and Settings\All Users\Escritorio\avast! Free Antivirus.lnk
[2010/03/31 10:38:25 | 046,914,104 | ---- | C] () -- C:\Documents and Settings\Administrador\Escritorio\setup_av_free.exe
[2010/03/30 17:33:28 | 000,223,712 | ---- | C] () -- C:\Documents and Settings\Administrador\Mis documentos\Ciudad 9.jpg
[2010/03/30 17:31:45 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\Administrador\Mis documentos\Ciudad 310310.doc
[2010/03/26 18:39:59 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\Administrador\Mis documentos\Idea Twitter Aventura.doc
[2010/03/26 16:22:44 | 000,042,496 | ---- | C] () -- C:\Documents and Settings\Administrador\Mis documentos\Newsletter inglés marzo.doc
[2010/03/26 11:32:28 | 000,257,024 | ---- | C] () -- C:\Documents and Settings\Administrador\Mis documentos\Cuan seguro es tu password.jpg
[2010/03/26 09:12:52 | 000,146,006 | ---- | C] () -- C:\Documents and Settings\Administrador\Mis documentos\wetheads_02.jpg
[2010/03/26 09:12:46 | 000,117,564 | ---- | C] () -- C:\Documents and Settings\Administrador\Mis documentos\wetheads_03.jpg
[2010/03/26 09:12:40 | 000,141,810 | ---- | C] () -- C:\Documents and Settings\Administrador\Mis documentos\wetheads_04.jpg
[2010/03/26 09:12:34 | 000,128,464 | ---- | C] () -- C:\Documents and Settings\Administrador\Mis documentos\wetheads_05.jpg
[2010/03/26 09:12:28 | 000,129,567 | ---- | C] () -- C:\Documents and Settings\Administrador\Mis documentos\wetheads_06.jpg
[2010/03/26 08:02:12 | 000,203,090 | ---- | C] () -- C:\Documents and Settings\Administrador\Mis documentos\Ciudad6.jpg
[2010/03/25 21:39:45 | 000,031,232 | ---- | C] () -- C:\Documents and Settings\Administrador\Mis documentos\Tres notas más 26 de marzo.doc
[2010/03/25 20:30:31 | 000,028,160 | ---- | C] () -- C:\Documents and Settings\Administrador\Mis documentos\Ciudad 260310.doc
[2010/03/24 22:37:19 | 000,032,768 | ---- | C] () -- C:\Documents and Settings\Administrador\Mis documentos\Reporter 250310.doc
[2010/03/20 10:08:44 | 000,078,336 | ---- | C] () -- C:\Documents and Settings\Administrador\Mis documentos\Reporter 220310.doc
[2010/03/19 13:26:45 | 000,143,586 | ---- | C] () -- C:\Documents and Settings\Administrador\Mis documentos\JasonHernandezIAmTheMasteroftheUniv.jpg
[2010/03/19 13:23:58 | 000,052,946 | ---- | C] () -- C:\Documents and Settings\Administrador\Mis documentos\KierstenEssenpries.jpg
[2010/01/25 14:19:52 | 000,000,156 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010/01/25 14:19:16 | 000,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2009/12/05 18:58:28 | 000,017,408 | ---- | C] () -- C:\Documents and Settings\Administrador\Configuración local\Datos de programa\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/01 20:40:19 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2009/12/01 16:33:24 | 000,254,976 | ---- | C] () -- C:\WINDOWS\System32\drivers\M3000KNT.sys
[2009/12/01 16:33:24 | 000,233,472 | ---- | C] () -- C:\WINDOWS\System32\M3000DIF.dll
[2009/12/01 16:33:24 | 000,015,190 | ---- | C] () -- C:\WINDOWS\M3000Twn.ini
[2009/12/01 15:28:01 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/12/01 15:28:00 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2009/12/01 15:27:45 | 002,294,291 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll
[2009/12/01 15:27:45 | 000,795,648 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/12/01 15:27:45 | 000,130,048 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/12/01 15:27:44 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2009/12/01 15:27:27 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/12/01 15:27:27 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009/12/01 15:21:12 | 000,000,379 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/12/01 15:19:11 | 000,676,224 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll.bak
[2009/12/01 15:11:23 | 000,064,200 | ---- | C] () -- C:\Documents and Settings\LocalService\Configuración local\Datos de programa\FontCache3.0.0.0.dat
[2009/12/01 15:03:51 | 000,000,192 | -HS- | C] () -- C:\Documents and Settings\Administrador\ntuser.ini
[2009/12/01 15:03:49 | 003,145,728 | -H-- | C] () -- C:\Documents and Settings\Administrador\NTUSER.DAT
[2009/12/01 15:03:49 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\Administrador\NTUSER.DAT.LOG
[2009/12/01 15:01:57 | 000,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009/01/14 19:26:03 | 000,000,863 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2008/04/28 17:58:50 | 000,005,827 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
< End of report >

L by OldTimer - Version 3.2.1.1 Folder = C:\Documents and Settings\Administrador\Escritorio
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00002C0A | Country: Argentina | Language: ESS | Date Format: dd/MM/yyyy

1.012,00 Mb Total Physical Memory | 156,00 Mb Available Physical Memory | 15,00% Memory free
2,00 Gb Paging File | 1,00 Gb Available in Paging File | 40,00% Paging File free
Paging file location(s): C:\pagefile.sys 1512 3024 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Archivos de programa
Drive C: | 143,19 Gb Total Space | 130,42 Gb Free Space | 91,08% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: Equipo01
Current User Name: Administrador
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-21-1614895754-842925246-515967899-500\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Archivos de programa\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Archivos de programa\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /k cd "%L" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
"DisableUnicastResponsesToMulticastBroadcast" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
"DisableUnicastResponsesToMulticastBroadcast" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"6946:TCP" = 6946:TCP:*:Enabled:xlmfdzrm

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Archivos de programa\Opera\opera.exe" = C:\Archivos de programa\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Archivos de programa\iTunes\iTunes.exe" = C:\Archivos de programa\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}" = Google Gmail Notifier
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}" = HiJackThis
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic UDF Reader
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{1CB92574-96F2-467B-B793-5CEB35C40C29}" = Image Resizer Powertoy for Windows XP
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 19
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros for Acer Driver v7.6.0.224_Foxconn Installation Program
"{2BD2FA21-B51D-4F01-94A7-AC16737B2163}" = Adobe Flash Player 10 ActiveX
"{2EAF7E61-068E-11DF-953C-005056806466}" = Google Earth
"{38A0481D-544D-4C01-BB32-39332391D012}" = Windows Live Call
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{55A29068-F2CE-456C-9148-C869879E2357}" = TuneUp Utilities 2009
"{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7593234B-2AEB-4FC9-B02D-C9B30D86084C}" = Windows Live Asistente para el inicio de sesión
"{81063354-9060-42B2-A000-1EBE96778AA9}" = iTunes
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8F94D5AC-C1C6-432D-8924-2F5EEBC28446}" = Windows Live Essentials
"{90110C0A-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{93D34EE3-99B3-4DB1-8B0A-0A657466F90D}" = Movistar 3.5G
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}" = Adobe Shockwave Player
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1DA9C11-9488-5882-2087-33EC06344A76}" = TweetDeck
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{D6E4E5D6-7693-4BB4-95BA-21F38FAFEE90}" = Safari
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2FFEEAA-0B48-4342-9B67-12ABB0B58F24}" = Windows Live Messenger
"{F7952CA2-A925-4CA1-A934-A46E8EC9CA18}" = Acer Crystal Eye Webcam 1.0.1.3
"{FB8148DD-C575-4B0A-9F6C-0CFC46937930}" = Opera 10.10
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"avast5" = avast! Free Antivirus
"CCleaner" = CCleaner (remove only)
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v4.60
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 4.4.2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.0.5)" = Mozilla Firefox (3.0.5)
"Nero8WinuE_is1" = Nero 8.3.2.1
"Picasa 3" = Picasa 3
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TaskSwitchXP" = TaskSwitchXP
"TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1" = TweetDeck
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = Compresor WinRAR
"XPize Darkside" = XPize Darkside 2.1

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1614895754-842925246-515967899-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 22/02/2010 10:11:38 a.m. | Computer Name = Equipo01 | Source = Google Update | ID = 20
Description =

Error - 22/02/2010 11:03:38 a.m. | Computer Name = Equipo01 | Source = Google Update | ID = 20
Description =

Error - 22/02/2010 11:11:38 a.m. | Computer Name = Equipo01 | Source = Google Update | ID = 20
Description =

Error - 22/02/2010 12:03:40 p.m. | Computer Name = Equipo01 | Source = Google Update | ID = 20
Description =

Error - 22/02/2010 12:11:38 p.m. | Computer Name = Equipo01 | Source = Google Update | ID = 20
Description =

Error - 22/02/2010 01:03:37 p.m. | Computer Name = Equipo01 | Source = Google Update | ID = 20
Description =

Error - 22/02/2010 01:11:38 p.m. | Computer Name = Equipo01 | Source = Google Update | ID = 20
Description =

Error - 24/02/2010 09:02:01 p.m. | Computer Name = Equipo01 | Source = Google Update | ID = 20
Description =

Error - 24/02/2010 09:09:13 p.m. | Computer Name = Equipo01 | Source = Google Update | ID = 20
Description =

Error - 01/03/2010 02:09:15 p.m. | Computer Name = Equipo01 | Source = Google Update | ID = 20
Description =

[ System Events ]
Error - 06/02/2010 10:07:38 a.m. | Computer Name = Equipo01 | Source = DCOM | ID = 10005
Description = DCOM ha obtenido un error "%1058" al intentar iniciar el servicio
StiSvc con argumentos "" para ejecutar el servidor: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 06/02/2010 10:07:41 a.m. | Computer Name = Equipo01 | Source = DCOM | ID = 10005
Description = DCOM ha obtenido un error "%1058" al intentar iniciar el servicio
StiSvc con argumentos "" para ejecutar el servidor: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 06/02/2010 10:07:52 a.m. | Computer Name = Equipo01 | Source = DCOM | ID = 10005
Description = DCOM ha obtenido un error "%1058" al intentar iniciar el servicio
StiSvc con argumentos "" para ejecutar el servidor: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 06/02/2010 10:07:55 a.m. | Computer Name = Equipo01 | Source = DCOM | ID = 10005
Description = DCOM ha obtenido un error "%1058" al intentar iniciar el servicio
StiSvc con argumentos "" para ejecutar el servidor: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 06/02/2010 11:11:30 a.m. | Computer Name = Equipo01 | Source = DCOM | ID = 10005
Description = DCOM ha obtenido un error "%1058" al intentar iniciar el servicio
StiSvc con argumentos "" para ejecutar el servidor: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 16/02/2010 07:57:53 p.m. | Computer Name = Equipo01 | Source = Service Control Manager | ID = 7023
Description = El servicio Adaptador de rendimiento de WMI terminó con el error:
%%2147500037

Error - 17/02/2010 05:32:36 p.m. | Computer Name = Equipo01 | Source = ACPIEC | ID = 327681
Description = \Device\ACPIEC: el hardware del controlador incrustado (EC) no respondió
dentro del período de tiempo de espera. Esto puede indicar que hay un error en
el hardware o firmware, o posiblemente una BIOS malamente diseñada que tiene acceso
a EC de una manera no segura. El controlador EC recuperará la transacción errónea
si es posible.

Error - 18/02/2010 08:29:29 a.m. | Computer Name = Equipo01 | Source = Dhcp | ID = 1002
Description = La concesión de la dirección IP 192.168.1.131 para la tarjeta de red
con la dirección de red 00242B8EE52A ha sido denegada por el servidor DHCP 10.1.14.2
(el servidor DHCP envió un mensaje DHCPNACK).

Error - 18/02/2010 10:27:54 a.m. | Computer Name = Equipo01 | Source = Dhcp | ID = 1000
Description = Su equipo ha perdido la concesión de su dirección IP 10.254.14.4 en
la tarjeta de red con dirección de red 00242B8EE52A.

Error - 20/02/2010 01:42:36 p.m. | Computer Name = Equipo01 | Source = Dhcp | ID = 1002
Description = La concesión de la dirección IP 192.168.4.191 para la tarjeta de red
con la dirección de red 00242B8EE52A ha sido denegada por el servidor DHCP 192.168.100.252
(el servidor DHCP envió un mensaje DHCPNACK).

[ TuneUp Events ]
Error - 31/03/2010 07:34:37 p.m. | Computer Name = Equipo01 | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-03-31 20:34:37', '\device\harddiskvolume2\archivos
de programa\malwarebytes' anti-malware\mbam.exe','452',0)

Error - 31/03/2010 07:35:02 p.m. | Computer Name = Equipo01 | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-03-31 20:35:02', '\device\harddiskvolume2\archivos
de programa\malwarebytes' anti-malware\mbam.exe','892',0)

Error - 03/04/2010 06:32:01 p.m. | Computer Name = Equipo01 | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-04-03 19:32:01', '\device\harddiskvolume2\archivos
de programa\malwarebytes' anti-malware\mbam.exe','3836',0)

Error - 03/04/2010 06:32:16 p.m. | Computer Name = Equipo01 | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-04-03 19:32:16', '\device\harddiskvolume2\archivos
de programa\malwarebytes' anti-malware\mbam.exe','3024',0)

< End of report >

by **deltalima** » April 14th, 2010, 8:21 am

Hi superstarperrito,

Upload a File to Virustotal

Please go to Virustotal

Copy/paste this file and path into the white box at the top:

C:\WINDOWS\System32\XPize_Logon.exe

Press Submit - this will submit the file for testing.
Please wait for all the scanners to finish then copy and paste the results in your next response.

by **superstarperrito** » April 14th, 2010, 11:00 am

Complete scanning result of "XPize_Logon.exe.off", received in VirusTotal at 05.29.2007, 01:55:39 (CET).

Antivirus Version Update Result
AhnLab-V3 2007.5.29.0 05.28.2007 no virus found
AntiVir 7.4.0.27 05.28.2007 no virus found
Authentium 4.93.8 05.23.2007 Possibly a new variant of W32/Threat-SysVenFakP-based!Maximus
Avast 4.7.997.0 05.28.2007 no virus found
AVG 7.5.0.467 05.28.2007 no virus found
BitDefender 7.2 05.29.2007 no virus found
CAT-QuickHeal 9.00 05.28.2007 (Suspicious) - DNAScan
ClamAV devel-20070416 05.29.2007 no virus found
DrWeb 4.33 05.28.2007 no virus found
eSafe 7.0.15.0 05.28.2007 Suspicious Trojan/Worm
eTrust-Vet 30.7.3670 05.28.2007 no virus found
Ewido 4.0 05.28.2007 no virus found
FileAdvisor 1 05.29.2007 no virus found
Fortinet 2.85.0.0 05.28.2007 no virus found
F-Prot 4.3.2.48 05.25.2007 W32/Threat-SysVenFakP-based!Maximus
F-Secure 6.70.13030.0 05.29.2007 no virus found
Ikarus T3.1.1.8 05.28.2007 no virus found
Kaspersky 4.0.2.24 05.29.2007 no virus found
McAfee 5040 05.28.2007 no virus found
Microsoft 1.2503 05.28.2007 no virus found
NOD32v2 2294 05.28.2007 no virus found
Norman 5.80.02 05.28.2007 no virus found
Panda 9.0.0.4 05.28.2007 no virus found
Prevx1 V2 05.29.2007 no virus found
Sophos 4.18.0 05.28.2007 no virus found
Sunbelt 2.2.907.0 05.26.2007 VIPRE.Suspicious
Symantec 10 05.29.2007 no virus found
TheHacker 6.1.6.124 05.28.2007 no virus found
VBA32 3.12.0 05.28.2007 no virus found
VirusBuster 4.3.23:9 05.28.2007 no virus found
Webwasher-Gateway 6.0.1 05.29.2007 Win32.Malware.gen#PECompact!88 (suspicious)

Aditional Information
File size: 131072 bytes
MD5: 726df83771cfdf14db7972311630763e
SHA1: b9c5da712e6ba4fb5bbb37849a1fa01788dfd19e
packers: PECOMPACT
Sunbelt info: VIPRE.Suspicious is a generic detection for potential threats that are deemed suspicious through heuristics.

Free Malware Removal Forum

I believe my computer has malware!

I believe my computer has malware!

Re: I believe my computer has malware!

Re: I believe my computer has malware!

Re: I believe my computer has malware!

Re: I believe my computer has malware!

Re: I believe my computer has malware!

Re: I believe my computer has malware!

Re: I believe my computer has malware!

Re: I believe my computer has malware!

Re: I believe my computer has malware!

Re: I believe my computer has malware!

Re: I believe my computer has malware!

Re: I believe my computer has malware!

Re: I believe my computer has malware!

Re: I believe my computer has malware!

Who is online