Free Malware Removal Forum

[armandkun]

Hello, my name is Armando and I tihnk I have a problem with wwwzuc32.exe

Some days ago, my computer started behaving strangely: applications became very slow, internet connection failed to perform (or when it did it was really slow) and a lot of avast dialog boxes sported the message "rootkit found". All in all, there was nothing avast could do and thing went on similarly. Then my cousin ran a scan of the computer and found wwwzuc32.exe as the source of the problems we were having. So we looked up for help on the Internet and found this post at bleepingcomputer http://www.bleepingcomputer.com/forums/topic316171.html, whose author claimed to have a similar problem. After reading this post, my cousin ran combofix, which helped a bit (Internet connection improved), but the dialog box identifying rootkits would still appear.

However, I then found out my cousin had run combofix whithout following the previous steps mentioned by the MRT Team member assisting that post (namely, changing the settings of hidden files and folders, disabling security software, and runnning avenger). I have just followed all the steps mentioned in that post, but the log file from combofix is required so that the MRT Team member can continue helping that person. My computer is behaving more efficently, but I don't know for sure if all elements affecting my PC have been removed. I am afraid the same situation could happen again and I would like to know if someone could please give some piece of advice

Here are the logs required: hijackthis log and uninstall list, in that order:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:05:51, on 17/05/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Archivos de programa\Alwil Software\Avast4\aswUpdSv.exe
C:\Archivos de programa\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Archivos de programa\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Archivos de programa\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\ARCHIV~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Archivos de programa\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Documents and Settings\Rosa María\Configuración local\Datos de programa\Google\Update\GoogleUpdate.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Rosa María\Configuración local\Datos de programa\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Rosa María\Configuración local\Datos de programa\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Rosa María\Configuración local\Datos de programa\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Rosa María\Configuración local\Datos de programa\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Rosa María\Configuración local\Datos de programa\Google\Chrome\Application\chrome.exe
C:\Archivos de programa\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource= ... =CT2077543
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
R3 - URLSearchHook: ToggleEN Toolbar - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Archivos de programa\ToggleEN\tbTog0.dll
O2 - BHO: ToggleEN Toolbar - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Archivos de programa\ToggleEN\tbTog0.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Archivos de programa\Archivos comunes\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Archivos de programa\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Archivos de programa\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Windows Live Aplicación auxiliar de inicio de sesión - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Archivos de programa\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Archivos de programa\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Archivos de programa\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Archivos de programa\MSN Apps\MSN Toolbar\01.02.5000.1021\es-la\msntb.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Archivos de programa\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Archivos de programa\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Archivos de programa\MSN Apps\MSN Toolbar\01.02.5000.1021\es-la\msntb.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Archivos de programa\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Archivos de programa\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: ToggleEN Toolbar - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Archivos de programa\ToggleEN\tbTog0.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [RemoteControl8] "C:\Archivos de programa\CyberLink\PowerDVD8\PDVD8Serv.exe"
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Archivos de programa\CyberLink\PowerDVD8\Language\Language.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Archivos de programa\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\ARCHIV~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Archivos de programa\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] "C:\Archivos de programa\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Rosa María\Configuración local\Datos de programa\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Agregar entrada - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Archivos de programa\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Agregar entrada en Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Archivos de programa\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Archivos de programa\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/ ... leId=21871
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Archivos de programa\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O22 - SharedTaskScheduler: Precargador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Demonio de caché de las categorías de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Archivos de programa\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Archivos de programa\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Archivos de programa\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Archivos de programa\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Servicio del administrador de discos lógicos (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Registro de sucesos (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Archivos de programa\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Servicio COM de grabación de CD de IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: Escritorio remoto compartido de NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Unknown owner - C:\Archivos de programa\Archivos comunes\Nero\Nero BackItUp 4\NBService.exe (file missing)
O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Administrador de sesión de Ayuda de escritorio remoto (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Tarjeta inteligente (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Registros y alertas de rendimiento (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Telnet (TlntSvr) - Unknown owner - C:\WINDOWS\system32\tlntsvr.exe
O23 - Service: Instantáneas de volumen (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Adaptador de rendimiento de WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
O23 - Service: Servicio de uso compartido de red del Reproductor de Windows Media (WMPNetworkSvc) - Unknown owner - C:\Archivos de programa\Windows Media Player\WMPNetwk.exe

--
End of file - 9814 bytes

____________________________________________


ABBYY FineReader 6.0 Sprint
Actualización crítica para el Reproductor de Windows Media 11 (KB959772)
Actualización de seguridad para el Reproductor de Windows Media (KB911564)
Actualización de seguridad para el Reproductor de Windows Media (KB952069)
Actualización de seguridad para el Reproductor de Windows Media 11 (KB936782)
Actualización de seguridad para el Reproductor de Windows Media 11 (KB954154)
Actualización de seguridad para el Reproductor de Windows Media 6.4 (KB925398)
Actualización de seguridad para el Reproductor de Windows Media 9 (KB936782)
Actualización de seguridad para Windows Internet Explorer 8 (KB972260)
Actualización de seguridad para Windows XP (KB890046)
Actualización de seguridad para Windows XP (KB893756)
Actualización de seguridad para Windows XP (KB896358)
Actualización de seguridad para Windows XP (KB896423)
Actualización de seguridad para Windows XP (KB896428)
Actualización de seguridad para Windows XP (KB899587)
Actualización de seguridad para Windows XP (KB899591)
Actualización de seguridad para Windows XP (KB900725)
Actualización de seguridad para Windows XP (KB901017)
Actualización de seguridad para Windows XP (KB901214)
Actualización de seguridad para Windows XP (KB902400)
Actualización de seguridad para Windows XP (KB905414)
Actualización de seguridad para Windows XP (KB905749)
Actualización de seguridad para Windows XP (KB908519)
Actualización de seguridad para Windows XP (KB911562)
Actualización de seguridad para Windows XP (KB911927)
Actualización de seguridad para Windows XP (KB913580)
Actualización de seguridad para Windows XP (KB914388)
Actualización de seguridad para Windows XP (KB914389)
Actualización de seguridad para Windows XP (KB917344)
Actualización de seguridad para Windows XP (KB918118)
Actualización de seguridad para Windows XP (KB918439)
Actualización de seguridad para Windows XP (KB919007)
Actualización de seguridad para Windows XP (KB920213)
Actualización de seguridad para Windows XP (KB920670)
Actualización de seguridad para Windows XP (KB920683)
Actualización de seguridad para Windows XP (KB920685)
Actualización de seguridad para Windows XP (KB922819)
Actualización de seguridad para Windows XP (KB923191)
Actualización de seguridad para Windows XP (KB923414)
Actualización de seguridad para Windows XP (KB923561)
Actualización de seguridad para Windows XP (KB923789)
Actualización de seguridad para Windows XP (KB923980)
Actualización de seguridad para Windows XP (KB924270)
Actualización de seguridad para Windows XP (KB924496)
Actualización de seguridad para Windows XP (KB924667)
Actualización de seguridad para Windows XP (KB925902)
Actualización de seguridad para Windows XP (KB926255)
Actualización de seguridad para Windows XP (KB926436)
Actualización de seguridad para Windows XP (KB927779)
Actualización de seguridad para Windows XP (KB927802)
Actualización de seguridad para Windows XP (KB928255)
Actualización de seguridad para Windows XP (KB928843)
Actualización de seguridad para Windows XP (KB929123)
Actualización de seguridad para Windows XP (KB930178)
Actualización de seguridad para Windows XP (KB931261)
Actualización de seguridad para Windows XP (KB931784)
Actualización de seguridad para Windows XP (KB932168)
Actualización de seguridad para Windows XP (KB933729)
Actualización de seguridad para Windows XP (KB935839)
Actualización de seguridad para Windows XP (KB935840)
Actualización de seguridad para Windows XP (KB936021)
Actualización de seguridad para Windows XP (KB937894)
Actualización de seguridad para Windows XP (KB938127)
Actualización de seguridad para Windows XP (KB938464)
Actualización de seguridad para Windows XP (KB938829)
Actualización de seguridad para Windows XP (KB941202)
Actualización de seguridad para Windows XP (KB941568)
Actualización de seguridad para Windows XP (KB941569)
Actualización de seguridad para Windows XP (KB941644)
Actualización de seguridad para Windows XP (KB941693)
Actualización de seguridad para Windows XP (KB943055)
Actualización de seguridad para Windows XP (KB943460)
Actualización de seguridad para Windows XP (KB943485)
Actualización de seguridad para Windows XP (KB944338)
Actualización de seguridad para Windows XP (KB944533)
Actualización de seguridad para Windows XP (KB944653)
Actualización de seguridad para Windows XP (KB945553)
Actualización de seguridad para Windows XP (KB946026)
Actualización de seguridad para Windows XP (KB946648)
Actualización de seguridad para Windows XP (KB947864)
Actualización de seguridad para Windows XP (KB948590)
Actualización de seguridad para Windows XP (KB948881)
Actualización de seguridad para Windows XP (KB950749)
Actualización de seguridad para Windows XP (KB950759)
Actualización de seguridad para Windows XP (KB950760)
Actualización de seguridad para Windows XP (KB950762)
Actualización de seguridad para Windows XP (KB950974)
Actualización de seguridad para Windows XP (KB951066)
Actualización de seguridad para Windows XP (KB951376)
Actualización de seguridad para Windows XP (KB951376-v2)
Actualización de seguridad para Windows XP (KB951698)
Actualización de seguridad para Windows XP (KB951748)
Actualización de seguridad para Windows XP (KB952004)
Actualización de seguridad para Windows XP (KB952954)
Actualización de seguridad para Windows XP (KB953838)
Actualización de seguridad para Windows XP (KB953839)
Actualización de seguridad para Windows XP (KB954211)
Actualización de seguridad para Windows XP (KB954600)
Actualización de seguridad para Windows XP (KB955069)
Actualización de seguridad para Windows XP (KB956390)
Actualización de seguridad para Windows XP (KB956391)
Actualización de seguridad para Windows XP (KB956572)
Actualización de seguridad para Windows XP (KB956802)
Actualización de seguridad para Windows XP (KB956803)
Actualización de seguridad para Windows XP (KB956841)
Actualización de seguridad para Windows XP (KB957095)
Actualización de seguridad para Windows XP (KB957097)
Actualización de seguridad para Windows XP (KB958215)
Actualización de seguridad para Windows XP (KB958644)
Actualización de seguridad para Windows XP (KB958687)
Actualización de seguridad para Windows XP (KB958690)
Actualización de seguridad para Windows XP (KB959426)
Actualización de seguridad para Windows XP (KB960225)
Actualización de seguridad para Windows XP (KB960714)
Actualización de seguridad para Windows XP (KB960715)
Actualización de seguridad para Windows XP (KB960803)
Actualización de seguridad para Windows XP (KB961373)
Actualización de seguridad para Windows XP (KB963027)
Actualización del driver del escáner EPSON Stylus CX5600 Series
Actualización para Windows Internet Explorer 8 (KB973874)
Actualización para Windows XP (KB894391)
Actualización para Windows XP (KB898461)
Actualización para Windows XP (KB900485)
Actualización para Windows XP (KB908531)
Actualización para Windows XP (KB910437)
Actualización para Windows XP (KB911280)
Actualización para Windows XP (KB916595)
Actualización para Windows XP (KB920872)
Actualización para Windows XP (KB922582)
Actualización para Windows XP (KB927891)
Actualización para Windows XP (KB930916)
Actualización para Windows XP (KB936357)
Actualización para Windows XP (KB938828)
Actualización para Windows XP (KB942763)
Actualización para Windows XP (KB942840)
Actualización para Windows XP (KB951072-v2)
Actualización para Windows XP (KB955839)
Actualización para Windows XP (KB967715)
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.1.1 - Español
ArcSoft PhotoImpression 6
ATI Display Driver
avast! Antivirus
Barra de Herramientas MSN
BIOTECNOLOGIA
CDisplay 1.8
CyberLink PowerDVD 8
EPSON Scan
ffdshow [rev 1946] [2008-04-21]
Galería fotográfica de Windows Live
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Herramienta de carga de Windows Live
High Definition Audio Driver Package - KB888111
HiJackThis
Hotfix for Windows XP (KB926239)
Japanese Fonts Support For Adobe Reader 9
Java(TM) 6 Update 6
Junk Mail filter update
Manual del usuario CX5600
Microsoft .NET Framework 2.0
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office Live Add-in 1.3
Microsoft Office Outlook Connector
Microsoft Office Professional Edition 2003
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
MSN
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 Parser and SDK
neroxml
OpenOffice.org Installer 1.0
REALTEK Gigabit and Fast Ethernet NIC Driver
Realtek High Definition Audio Driver
Reproductor de Windows Media 11
Revisión de Windows XP - KB873339
Revisión de Windows XP - KB885835
Revisión de Windows XP - KB885836
Revisión de Windows XP - KB886185
Revisión de Windows XP - KB887472
Revisión de Windows XP - KB888302
Revisión de Windows XP - KB890859
Revisión de Windows XP - KB891781
Revisión para el Reproductor de Windows Media 11 (KB939683)
Revisión para Windows XP (KB935448)
Revisión para Windows XP (KB952287)
save2pc Light 4.0
Segoe UI
Software de impresora EPSON
ToggleEN Toolbar
Winamp (remove only)
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 8
Windows Live Asistente para el inicio de sesión
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Protección Infantil
Windows Live Sync
Windows Live Toolbar
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
WinRAR archiver
WinZip
Xvid 1.2.1 final uninstall
Yahoo! Install Manager


_________________________________________________________________________________________________________________

Here I also include the logs from avenger and combofix:

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Error: could not open driver "ybsik"
Disablement of driver "ybsik" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\ybsik" not found!
Deletion of driver "ybsik" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Completed script processing.

*******************

Finished! Terminate.

_____________________________________________

ComboFix 10-05-16.02 - Rosa María 17/05/2010 11:07:58.1.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1252.34.3082.18.446.154 [GMT -5:00]
Running from: c:\documents and settings\Rosa María\Escritorio\schrauber.exe
AV: avast! antivirus 4.8.1368 [VPS 100517-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2010-04-17 to 2010-05-17 )))))))))))))))))))))))))))))))
.

2010-05-13 23:50 . 2010-05-13 23:50 -------- d-----w- C:\FOUND.004
2010-05-13 04:07 . 2010-05-13 04:07 -------- d-----w- c:\windows\system32\wbem\Repository
2010-05-13 02:12 . 2010-05-13 02:12 -------- d-----w- c:\archivos de programa\Trend Micro
2010-05-11 01:07 . 2010-05-11 01:07 -------- d-----w- C:\FOUND.003
2010-05-08 00:58 . 2010-05-08 00:58 -------- d-----w- C:\LINKS de youtube, etc

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-11 00:49 . 2010-05-11 00:49 12 ----a-w- c:\windows\system32\config\systemprofile\Datos de programa\qvjsge.dat
2010-05-10 22:39 . 2004-08-04 01:58 755200 ----a-w- c:\windows\system32\drivers\atmarpc.sys.tmp
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{038cb5c7-48ea-4af9-94e0-a1646542e62b}"= "c:\archivos de programa\ToggleEN\tbTog0.dll" [2010-02-25 2349080]

[HKEY_CLASSES_ROOT\clsid\{038cb5c7-48ea-4af9-94e0-a1646542e62b}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{038cb5c7-48ea-4af9-94e0-a1646542e62b}]
2010-02-25 04:50 2349080 ----a-w- c:\archivos de programa\ToggleEN\tbTog0.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{038cb5c7-48ea-4af9-94e0-a1646542e62b}"= "c:\archivos de programa\ToggleEN\tbTog0.dll" [2010-02-25 2349080]

[HKEY_CLASSES_ROOT\clsid\{038cb5c7-48ea-4af9-94e0-a1646542e62b}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{038CB5C7-48EA-4AF9-94E0-A1646542E62B}"= "c:\archivos de programa\ToggleEN\tbTog0.dll" [2010-02-25 2349080]

[HKEY_CLASSES_ROOT\clsid\{038cb5c7-48ea-4af9-94e0-a1646542e62b}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\archivos de programa\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"swg"="c:\archivos de programa\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-05 39408]
"Google Update"="c:\documents and settings\Rosa María\Configuración local\Datos de programa\Google\Update\GoogleUpdate.exe" [2009-06-19 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2005-10-15 14864384]
"RemoteControl8"="c:\archivos de programa\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-03-21 83240]
"PDVD8LanguageShortcut"="c:\archivos de programa\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 50472]
"Adobe Reader Speed Launcher"="c:\archivos de programa\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"avast!"="c:\archiv~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Archivos de programa\\Messenger\\MSMSGS.EXE"=
"c:\\Archivos de programa\\Java\\jre1.6.0_06\\bin\\javaw.exe"=
"c:\\Archivos de programa\\CyberLink\\PowerDVD8\\PowerDVD8.exe"=
"c:\\Archivos de programa\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Archivos de programa\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Archivos de programa\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Archivos de programa\\Java\\jre1.6.0_06\\launch4j-tmp\\frd.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [06/06/2009 21:34 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [06/06/2009 21:34 20560]

--- Other Services/Drivers In Memory ---

*Deregistered* - Cdaudio
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.conduit.com?SearchSource= ... =CT2077543
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xportar a Microsoft Excel - c:\archiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-WinampAgent - c:\archivos de programa\Winamp\Winampa.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-17 11:13
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Cdaudio]

.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(652)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(1488)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-05-17 11:16:12
ComboFix-quarantined-files.txt 2010-05-17 16:16

Pre-Run: 9.658.138.624 bytes libres
Post-Run: 9.641.148.416 bytes libres

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - D3C2ACC942921AB1E7348319381225FC


Hope this information is helpful, thanks a lot

[deltalima]

Hi armandkun,

Welcome to the forum.

My nickname is deltalima and I will be helping you with your computer problems.

The logs can take some time to research, so please be patient with me.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.


Please note the following:

• I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
• The fixes are specific to your problem and should only be used for this issue on this machine.
• Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
• If after 3 days you have not responded to this topic, it will be closed, and you will need to start a new one.
• It's often worth reading through these instructions and printing them for ease of reference.
• If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
• Please reply to this thread. Do not start a new topic.

Download and run OTL
Download OTL by Old Timer and save it to your Desktop.

• Double click on OTL.exe to run it.
• Under Output, ensure that Minimal Output is selected.
• Under Extra Registry section, select Use SafeList.
• Click the Scan All Users checkbox.
• Click on Run Scan at the top left hand corner.
• When done, two Notepad files will open.
  
  • OTL.txt <-- Will be opened
  • Extras.txt <-- Will be minimized
• Please post the contents of these 2 Notepad files in your next reply.

Please download GMER Rootkit Scanner from here.

• Double click the .exe file. If asked to allow gmer.sys driver to load, please consent
• If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
• Run Gmer again and click on the Rootkit tab.
• Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
• Make sure all other boxes on the right of the screen are checked, EXCEPT for "Show All".
• Click on the "Scan" and wait for the scan to finish.
  Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan.
• When completed, click on the Copy button and right-click on your Desktop, choose "New" > Text document. Once the file is created, open it and right-click again and choose Paste or Ctrl+V. Save the file as gmer.txt and copy the information in your next reply.
• Note: If you have any problems, try running GMER in SAFE MODE

Important! Please do not select the "Show all" checkbox during the scan..

Please post the GMER log along with OTL.txt and Extras.txt from the OTL scan into your next reply.

[armandkun]

Thanks a lot for answering, deltalima, and for taking the job of reading this post .
Now, it's really impossible for me to perform the tasks you are recommending me,
until monday :S. So, if you could please wait for me until that day, I promise
I would do that first thing in the morning.

Sorry for the delay and thanks a lot once again

[deltalima]

Now, it's really impossible for me to perform the tasks you are recommending me,
until monday :S. So, if you could please wait for me until that day

OK, no problem.

Please let me know if this is a computer that you use at work.

[armandkun]

Hi Deltalima thanks for waiting. Today I performed the actions you recommended me, and the result are here:

First the OTL.txt and Extras.txt files

OTL logfile created on: 24/05/2010 11:49:52 - Run 1
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Documents and Settings\Rosa María\Escritorio
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C0A | Country: España | Language: ESN | Date Format: dd/MM/yyyy

446,00 Mb Total Physical Memory | 171,00 Mb Available Physical Memory | 38,00% Memory free
1,00 Gb Paging File | 0,00 Gb Available in Paging File | 47,00% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Archivos de programa
Drive C: | 18,63 Gb Total Space | 4,38 Gb Free Space | 23,50% Space Free | Partition Type: FAT32
Drive D: | 18,44 Gb Total Space | 18,20 Gb Free Space | 98,73% Space Free | Partition Type: FAT32
Drive E: | 37,43 Gb Total Space | 26,13 Gb Free Space | 69,80% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
Drive G: | 1,92 Gb Total Space | 1,92 Gb Free Space | 99,95% Space Free | Partition Type: FAT32
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ROSA
Current User Name: Rosa María
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Rosa María\Escritorio\OTL.exe (OldTimer Tools)
PRC - C:\Documents and Settings\Rosa María\Configuración local\Datos de programa\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Archivos de programa\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Archivos de programa\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Archivos de programa\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
PRC - C:\Archivos de programa\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
PRC - C:\Archivos de programa\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
PRC - C:\Archivos de programa\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
PRC - C:\Archivos de programa\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
PRC - C:\Archivos de programa\CyberLink\PowerDVD8\PDVD8Serv.exe (Cyberlink Corp.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Rosa María\Escritorio\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (Nero BackItUp Scheduler 4.0) -- File not found
SRV - (fsssvc) -- C:\Archivos de programa\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (SeaPort) -- C:\Archivos de programa\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (avast! Antivirus) -- C:\Archivos de programa\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
SRV - (avast! Mail Scanner) -- C:\Archivos de programa\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
SRV - (avast! Web Scanner) -- C:\Archivos de programa\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
SRV - (aswUpdSv) -- C:\Archivos de programa\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
SRV - (ose) -- C:\Archivos de programa\Archivos comunes\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (aswMon2) -- C:\WINDOWS\system32\drivers\aswmon2.sys (ALWIL Software)
DRV - (aswSP) -- C:\WINDOWS\system32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswFsBlk) -- C:\WINDOWS\system32\drivers\aswFsBlk.sys (ALWIL Software)
DRV - (aswTdi) -- C:\WINDOWS\system32\drivers\aswTdi.sys (ALWIL Software)
DRV - (aswRdr) -- C:\WINDOWS\system32\drivers\aswRdr.sys (ALWIL Software)
DRV - (Aavmker4) -- C:\WINDOWS\system32\drivers\aavmker4.sys (ALWIL Software)
DRV - (fssfltr) -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys (Microsoft Corporation)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys (Realtek Semiconductor Corp.)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation )
DRV - (Afc) -- C:\WINDOWS\system32\drivers\afc.sys (Arcsoft, Inc.)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\Hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (rtl8139) Controlador de Windows NT del adaptador Fast Ethernet PCI basado en Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1060284298-162531612-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.bing.com/ [binary data]
IE - HKU\S-1-5-21-1060284298-162531612-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1060284298-162531612-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource= ... =CT2077543
IE - HKU\S-1-5-21-1060284298-162531612-839522115-1003\..\URLSearchHook: {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Archivos de programa\ToggleEN\tbTog0.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1060284298-162531612-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========



[2009/04/02 22:00:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rosa María\Datos de programa\Mozilla\Extensions
[2009/04/02 22:00:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rosa María\Datos de programa\Mozilla\Firefox\Profiles\6fj8pukh.default\extensions

O1 HOSTS File: ([2001/08/24 10:00:00 | 000,000,792 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (ToggleEN Toolbar) - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Archivos de programa\ToggleEN\tbTog0.dll (Conduit Ltd.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Archivos de programa\Archivos comunes\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Archivos de programa\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Aplicación auxiliar de inicio de sesión) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (ST) - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Archivos de programa\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Archivos de programa\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Archivos de programa\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (MSNToolBandBHO) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Archivos de programa\MSN Apps\MSN Toolbar\01.02.5000.1021\es-la\msntb.dll (Microsoft Corporation)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Archivos de programa\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Archivos de programa\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (ToggleEN Toolbar) - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Archivos de programa\ToggleEN\tbTog0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Archivos de programa\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Archivos de programa\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (MSN) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Archivos de programa\MSN Apps\MSN Toolbar\01.02.5000.1021\es-la\msntb.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-1060284298-162531612-839522115-1003\..\Toolbar\WebBrowser: (ToggleEN Toolbar) - {038CB5C7-48EA-4AF9-94E0-A1646542E62B} - C:\Archivos de programa\ToggleEN\tbTog0.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-1060284298-162531612-839522115-1003\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Archivos de programa\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-1060284298-162531612-839522115-1003\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Archivos de programa\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKU\S-1-5-21-1060284298-162531612-839522115-1003\..\Toolbar\WebBrowser: (MSN) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Archivos de programa\MSN Apps\MSN Toolbar\01.02.5000.1021\es-la\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [avast!] C:\Archivos de programa\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Archivos de programa\CyberLink\PowerDVD8\Language\Language.exe ()
O4 - HKLM..\Run: [RemoteControl8] C:\Archivos de programa\CyberLink\PowerDVD8\PDVD8Serv.exe (Cyberlink Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Archivos de programa\Archivos comunes\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKU\S-1-5-21-1060284298-162531612-839522115-1003..\Run: [EPSON Stylus CX5600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAL.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\S-1-5-21-1060284298-162531612-839522115-1003..\Run: [swg] C:\Archivos de programa\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1060284298-162531612-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1060284298-162531612-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1060284298-162531612-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1060284298-162531612-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Agregar entrada - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Archivos de programa\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Agregar entrada en Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Archivos de programa\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Archivos de programa\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shoc ... wflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Archivos de programa\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Archivos de programa\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Mi página de inicio actual) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/02/06 16:20:18 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/05/24 11:47:12 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Rosa María\Escritorio\OTL.exe
[2010/05/20 16:44:18 | 000,000,000 | -HSD | C] -- C:\FOUND.006
[2010/05/20 16:16:06 | 000,000,000 | -HSD | C] -- C:\FOUND.005
[2010/05/20 00:44:55 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/05/19 18:56:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2010/05/19 18:56:49 | 000,000,000 | ---D | C] -- C:\Archivos de programa\MSBuild
[2010/05/19 18:56:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
[2010/05/19 18:56:21 | 000,000,000 | ---D | C] -- C:\Archivos de programa\Reference Assemblies
[2010/05/19 18:55:10 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpssvcs.dll
[2010/05/19 18:55:10 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpssvcs.dll
[2010/05/19 18:55:10 | 000,597,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\printfilterpipelinesvc.exe
[2010/05/19 18:55:10 | 000,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpsshhdr.dll
[2010/05/19 18:55:10 | 000,117,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\prntvpt.dll
[2010/05/19 18:55:10 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\filterpipelineprintproc.dll
[2010/05/19 18:45:17 | 000,000,000 | ---D | C] -- C:\Archivos de programa\MSXML 6.0
[2010/05/19 02:07:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2010/05/19 01:05:23 | 000,000,000 | -HSD | C] -- C:\Recycled
[2010/05/19 00:54:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Datos de programa\Sun
[2010/05/19 00:53:09 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/05/19 00:53:09 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/05/19 00:53:09 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/05/19 00:53:08 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/05/18 23:29:23 | 000,274,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll
[2010/05/18 23:29:23 | 000,017,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui
[2010/05/17 11:06:38 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/05/17 10:51:19 | 000,000,000 | ---D | C] -- C:\Avenger
[2010/05/13 18:50:58 | 000,000,000 | ---D | C] -- C:\FOUND.004
[2010/05/12 22:14:00 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/05/12 22:14:00 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/05/12 22:14:00 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/05/12 22:14:00 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/05/12 22:13:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/05/12 22:10:45 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/05/12 21:12:50 | 000,000,000 | ---D | C] -- C:\Archivos de programa\Trend Micro
[2010/05/10 20:07:54 | 000,000,000 | ---D | C] -- C:\FOUND.003
[2010/05/07 19:58:46 | 000,000,000 | ---D | C] -- C:\LINKS de youtube, etc
[2010/05/07 19:29:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rosa María\Escritorio\tareas UGEL03
[2010/05/03 23:52:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rosa María\Escritorio\blogs ciencias
[2010/05/02 18:31:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rosa María\Escritorio\educap2010
[2010/05/02 17:25:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rosa María\Escritorio\sesiones de aprendizaje
[2010/04/28 22:48:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rosa María\Mis documentos\experiencias-docentes en TICs_archivos
[2010/04/25 21:51:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rosa María\Escritorio\TICS_UGEL03
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[31716 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/05/24 12:08:44 | 000,755,200 | ---- | M] () -- C:\WINDOWS\System32\drivers\Cdaudio.SYS
[2010/05/24 11:07:40 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/05/24 11:06:32 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/24 11:06:10 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/24 11:05:10 | 000,000,304 | -HS- | M] () -- C:\Documents and Settings\Rosa María\ntuser.ini
[2010/05/24 11:05:08 | 005,091,328 | ---- | M] () -- C:\Documents and Settings\Rosa María\ntuser.dat
[2010/05/24 09:42:48 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Rosa María\Escritorio\g3wo12or.exe
[2010/05/24 09:27:18 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rosa María\Escritorio\OTL.exe
[2010/05/22 02:34:36 | 000,105,984 | ---- | M] () -- C:\Documents and Settings\Rosa María\Mis documentos\datos juanalarquinas.doc
[2010/05/22 02:00:12 | 000,488,448 | ---- | M] () -- C:\Documents and Settings\Rosa María\Escritorio\ENLACES QUÍMICOS.ppt
[2010/05/21 22:54:38 | 000,043,240 | ---- | M] () -- C:\Documents and Settings\Rosa María\Configuración local\Datos de programa\GDIPFONTCACHEV1.DAT
[2010/05/20 16:56:44 | 001,059,216 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/05/20 16:56:44 | 000,499,218 | ---- | M] () -- C:\WINDOWS\System32\perfh00A.dat
[2010/05/20 16:56:44 | 000,435,710 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/05/20 16:56:44 | 000,087,126 | ---- | M] () -- C:\WINDOWS\System32\perfc00A.dat
[2010/05/20 16:56:44 | 000,068,606 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/05/20 00:52:26 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/05/20 00:49:50 | 000,000,603 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/05/19 19:23:10 | 000,196,160 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/05/19 00:52:40 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/05/19 00:52:38 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/05/19 00:52:38 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/05/19 00:52:38 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/05/19 00:52:36 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/05/17 12:05:16 | 000,002,501 | ---- | M] () -- C:\Documents and Settings\Rosa María\Escritorio\HiJackThis.lnk
[2010/05/17 11:14:10 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/05/17 11:06:42 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/05/14 00:57:28 | 000,184,320 | ---- | M] () -- C:\Documents and Settings\Rosa María\Escritorio\rosam_cuba_marmanillo_tarea3.doc
[2010/05/14 00:04:32 | 000,061,952 | ---- | M] () -- C:\Documents and Settings\Rosa María\Escritorio\tarea.doc
[2010/05/13 18:58:44 | 000,002,958 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/05/10 23:22:18 | 000,214,528 | ---- | M] () -- C:\Documents and Settings\Rosa María\Mis documentos\DERECHOS VISUALES DEL NIÑO.doc
[2010/05/10 23:10:44 | 000,610,304 | ---- | M] () -- C:\Documents and Settings\Rosa María\Mis documentos\IMPRECISOS MOVIMIENTOS OCULARES.doc
[2010/05/10 17:33:38 | 000,000,012 | ---- | M] () -- C:\Documents and Settings\Rosa María\Datos de programa\qvjsge.dat
[2010/05/10 17:31:26 | 000,000,004 | ---- | M] () -- C:\Documents and Settings\Rosa María\Datos de programa\avdrn.dat
[2010/05/10 16:41:42 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Rosa María\Mis documentos\~$RECHOS VISUALES DEL NIÑO.doc
[2010/05/10 16:41:20 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Rosa María\Mis documentos\~$PRECISOS MOVIMIENTOS OCULARES.doc
[2010/05/10 01:46:52 | 000,000,335 | ---- | M] () -- C:\Documents and Settings\Rosa María\Escritorio\APR-001 APR-001 Una mirada al currículo escolar.url
[2010/05/06 23:37:10 | 000,018,944 | ---- | M] () -- C:\Documents and Settings\Rosa María\Mis documentos\energía.xls
[2010/05/04 00:40:34 | 000,182,790 | ---- | M] () -- C:\Documents and Settings\Rosa María\Escritorio\programas de garantía social especial (sullivan).pdf
[2010/05/03 19:49:48 | 000,046,080 | ---- | M] () -- C:\Documents and Settings\Rosa María\Mis documentos\lista alumnas2010.xls
[2010/05/03 16:51:12 | 000,227,328 | ---- | M] () -- C:\Documents and Settings\Rosa María\Mis documentos\SESIoN DE APRENDIZAJE2010.doc
[2010/05/03 14:11:12 | 000,000,586 | ---- | M] () -- C:\Documents and Settings\Rosa María\Escritorio\Acceso directo a frd.lnk
[2010/05/02 18:17:58 | 000,260,096 | ---- | M] () -- C:\Documents and Settings\Rosa María\Mis documentos\infarto.pps
[2010/05/02 18:10:38 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Rosa María\Mis documentos\~$E ES LA SOCIEDAD DEL CONOCIMIENT1.doc
[2010/05/02 00:09:48 | 000,037,376 | ---- | M] () -- C:\Documents and Settings\Rosa María\Mis documentos\EVALUACION FINAL MODULO 1.doc
[2010/05/02 00:02:34 | 000,034,304 | ---- | M] () -- C:\Documents and Settings\Rosa María\Mis documentos\QUE ES LA SOCIEDAD DEL CONOCIMIENTO.doc
[2010/05/01 21:35:48 | 000,049,664 | ---- | M] () -- C:\Documents and Settings\Rosa María\Mis documentos\QUE ES LA SOCIEDAD DEL CONOCIMIENT1.doc
[2010/05/01 18:18:50 | 000,070,656 | ---- | M] () -- C:\Documents and Settings\Rosa María\Mis documentos\ASPECTOS ETICOS DE LAS TECNOLOGIAS DE LA INFORMACION.doc
[2010/05/01 13:36:16 | 000,333,295 | ---- | M] () -- C:\Documents and Settings\Rosa María\Mis documentos\Aspectos_eticos_TICs.pdf
[2010/05/01 13:34:50 | 000,392,945 | ---- | M] () -- C:\Documents and Settings\Rosa María\Mis documentos\Lineamientos poedagógicos de las TICs UGEL03.doc
[2010/05/01 13:32:30 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Rosa María\Mis documentos\~$E ES LA SOCIEDAD DEL CONOCIMIENTO.doc
[2010/04/28 22:48:34 | 000,067,195 | ---- | M] () -- C:\Documents and Settings\Rosa María\Mis documentos\experiencias-docentes en TICs.doc
[2010/04/28 22:48:28 | 000,027,648 | ---- | M] () -- C:\Documents and Settings\Rosa María\Mis documentos\En la incorporación de las TICs en el proceso de E.doc
[2010/04/28 21:00:14 | 000,002,281 | ---- | M] () -- C:\Documents and Settings\Rosa María\Escritorio\Google Chrome.lnk
[2010/04/28 00:30:52 | 000,057,344 | ---- | M] () -- C:\Documents and Settings\Rosa María\Mis documentos\Mixturas Lilia´s.doc
[2010/04/28 00:30:38 | 000,081,920 | ---- | M] () -- C:\Documents and Settings\Rosa María\Mis documentos\Como las tics pueden.doc
[2010/04/26 15:58:14 | 000,256,512 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2010/04/25 22:30:42 | 000,100,352 | ---- | M] () -- C:\Documents and Settings\Rosa María\Mis documentos\Para Consulo Ames.doc
[2010/04/25 21:47:32 | 000,032,768 | ---- | M] () -- C:\Documents and Settings\Rosa María\Escritorio\rosam_cuba_ marmanillo.doc
[2010/04/25 21:44:20 | 000,032,256 | ---- | M] () -- C:\Documents and Settings\Rosa María\Mis documentos\rosam cuba.doc
[2010/04/25 17:51:46 | 000,308,736 | ---- | M] () -- C:\Documents and Settings\Rosa María\Mis documentos\24-GLOSARIO DE NECESIDADES EDUCATIVAS ESPECIALES.doc
[2010/04/25 02:26:42 | 000,032,256 | ---- | M] () -- C:\Documents and Settings\Rosa María\Mis documentos\rosam_cuba_ marmanillo.doc
[2010/04/24 22:21:06 | 000,310,784 | ---- | M] () -- C:\Documents and Settings\Rosa María\Mis documentos\invitación internacion a docentes (virtuales).doc
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[31883 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/05/24 11:47:12 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Rosa María\Escritorio\g3wo12or.exe
[2010/05/22 02:34:35 | 000,105,984 | ---- | C] () -- C:\Documents and Settings\Rosa María\Mis documentos\datos juanalarquinas.doc
[2010/05/22 02:00:11 | 000,488,448 | ---- | C] () -- C:\Documents and Settings\Rosa María\Escritorio\ENLACES QUÍMICOS.ppt
[2010/05/17 11:06:40 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/05/17 11:06:38 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/05/14 00:57:27 | 000,184,320 | ---- | C] () -- C:\Documents and Settings\Rosa María\Escritorio\rosam_cuba_marmanillo_tarea3.doc
[2010/05/14 00:04:31 | 000,061,952 | ---- | C] () -- C:\Documents and Settings\Rosa María\Escritorio\tarea.doc
[2010/05/13 18:51:00 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\drivers\Cdaudio.SYS
[2010/05/12 22:19:52 | 005,091,328 | ---- | C] () -- C:\Documents and Settings\Rosa María\ntuser.dat
[2010/05/12 22:14:00 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/05/12 22:14:00 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/05/12 22:14:00 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/05/12 22:14:00 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/05/12 22:14:00 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/05/12 21:12:53 | 000,002,501 | ---- | C] () -- C:\Documents and Settings\Rosa María\Escritorio\HiJackThis.lnk
[2010/05/10 17:32:55 | 000,000,012 | ---- | C] () -- C:\Documents and Settings\Rosa María\Datos de programa\qvjsge.dat
[2010/05/10 17:31:25 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\Rosa María\Datos de programa\avdrn.dat
[2010/05/10 16:41:40 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Rosa María\Mis documentos\~$RECHOS VISUALES DEL NIÑO.doc
[2010/05/10 16:41:19 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Rosa María\Mis documentos\~$PRECISOS MOVIMIENTOS OCULARES.doc
[2010/05/10 01:46:50 | 000,000,335 | ---- | C] () -- C:\Documents and Settings\Rosa María\Escritorio\APR-001 APR-001 Una mirada al currículo escolar.url
[2010/05/09 02:10:00 | 000,610,304 | ---- | C] () -- C:\Documents and Settings\Rosa María\Mis documentos\IMPRECISOS MOVIMIENTOS OCULARES.doc
[2010/05/09 02:08:54 | 000,214,528 | ---- | C] () -- C:\Documents and Settings\Rosa María\Mis documentos\DERECHOS VISUALES DEL NIÑO.doc
[2010/05/06 00:13:30 | 000,018,944 | ---- | C] () -- C:\Documents and Settings\Rosa María\Mis documentos\energía.xls
[2010/05/04 00:40:33 | 000,182,790 | ---- | C] () -- C:\Documents and Settings\Rosa María\Escritorio\programas de garantía social especial (sullivan).pdf
[2010/05/03 14:11:10 | 000,000,586 | ---- | C] () -- C:\Documents and Settings\Rosa María\Escritorio\Acceso directo a frd.lnk
[2010/05/02 18:20:31 | 000,260,096 | ---- | C] () -- C:\Documents and Settings\Rosa María\Mis documentos\infarto.pps
[2010/05/02 18:10:36 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Rosa María\Mis documentos\~$E ES LA SOCIEDAD DEL CONOCIMIENT1.doc
[2010/05/01 21:30:24 | 000,037,376 | ---- | C] () -- C:\Documents and Settings\Rosa María\Mis documentos\EVALUACION FINAL MODULO 1.doc
[2010/05/01 18:19:41 | 000,049,664 | ---- | C] () -- C:\Documents and Settings\Rosa María\Mis documentos\QUE ES LA SOCIEDAD DEL CONOCIMIENT1.doc
[2010/05/01 18:18:48 | 000,070,656 | ---- | C] () -- C:\Documents and Settings\Rosa María\Mis documentos\ASPECTOS ETICOS DE LAS TECNOLOGIAS DE LA INFORMACION.doc
[2010/05/01 13:36:14 | 000,333,295 | ---- | C] () -- C:\Documents and Settings\Rosa María\Mis documentos\Aspectos_eticos_TICs.pdf
[2010/05/01 13:34:46 | 000,392,945 | ---- | C] () -- C:\Documents and Settings\Rosa María\Mis documentos\Lineamientos poedagógicos de las TICs UGEL03.doc
[2010/05/01 13:32:28 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Rosa María\Mis documentos\~$E ES LA SOCIEDAD DEL CONOCIMIENTO.doc
[2010/04/28 22:48:25 | 000,027,648 | ---- | C] () -- C:\Documents and Settings\Rosa María\Mis documentos\En la incorporación de las TICs en el proceso de E.doc
[2010/04/25 21:47:31 | 000,032,768 | ---- | C] () -- C:\Documents and Settings\Rosa María\Escritorio\rosam_cuba_ marmanillo.doc
[2010/04/25 21:44:19 | 000,032,256 | ---- | C] () -- C:\Documents and Settings\Rosa María\Mis documentos\rosam cuba.doc
[2010/04/25 17:51:45 | 000,308,736 | ---- | C] () -- C:\Documents and Settings\Rosa María\Mis documentos\24-GLOSARIO DE NECESIDADES EDUCATIVAS ESPECIALES.doc
[2010/04/25 02:07:08 | 000,032,256 | ---- | C] () -- C:\Documents and Settings\Rosa María\Mis documentos\rosam_cuba_ marmanillo.doc
[2010/04/24 22:49:42 | 000,067,195 | ---- | C] () -- C:\Documents and Settings\Rosa María\Mis documentos\experiencias-docentes en TICs.doc
[2010/04/24 22:21:04 | 000,310,784 | ---- | C] () -- C:\Documents and Settings\Rosa María\Mis documentos\invitación internacion a docentes (virtuales).doc
[2009/06/28 18:53:13 | 000,000,039 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2009/06/18 19:40:20 | 000,815,104 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/06/18 19:40:19 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/06/07 20:38:56 | 000,000,056 | ---- | C] () -- C:\WINDOWS\VideoConvert.INI
[2009/06/06 19:35:58 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009/06/06 19:35:57 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/04/07 23:44:49 | 000,000,212 | ---- | C] () -- C:\WINDOWS\pdf2word.INI
[2008/02/29 21:25:43 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/02/06 17:54:56 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2008/02/06 17:54:21 | 000,000,079 | ---- | C] () -- C:\WINDOWS\EPCX5600.ini
[2008/02/06 17:50:23 | 000,000,095 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2008/02/06 16:59:42 | 000,000,379 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/02/06 16:35:51 | 000,157,184 | R--- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2003/04/11 13:14:14 | 000,005,827 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/08/17 21:52:30 | 000,018,688 | ---- | C] () -- C:\WINDOWS\System32\drivers\Cdaudio.sys.bak
< End of report >

____________________________________



OTL Extras logfile created on: 24/05/2010 11:49:52 - Run 1
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Documents and Settings\Rosa María\Escritorio
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C0A | Country: España | Language: ESN | Date Format: dd/MM/yyyy

446,00 Mb Total Physical Memory | 171,00 Mb Available Physical Memory | 38,00% Memory free
1,00 Gb Paging File | 0,00 Gb Available in Paging File | 47,00% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Archivos de programa
Drive C: | 18,63 Gb Total Space | 4,38 Gb Free Space | 23,50% Space Free | Partition Type: FAT32
Drive D: | 18,44 Gb Total Space | 18,20 Gb Free Space | 98,73% Space Free | Partition Type: FAT32
Drive E: | 37,43 Gb Total Space | 26,13 Gb Free Space | 69,80% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
Drive G: | 1,92 Gb Total Space | 1,92 Gb Free Space | 99,95% Space Free | Partition Type: FAT32
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ROSA
Current User Name: Rosa María
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-21-1060284298-162531612-839522115-1003\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Archivos de programa\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Archivos de programa\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Archivos de programa\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Archivos de programa\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Archivos de programa\Winamp\Winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Archivos de programa\MSN Messenger\livecall.exe" = C:\Archivos de programa\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found
"C:\Archivos de programa\CyberLink\PowerDVD8\PowerDVD8.exe" = C:\Archivos de programa\CyberLink\PowerDVD8\PowerDVD8.exe:*:Enabled:CyberLink PowerDVD 8.0 -- (CyberLink Corp.)
"C:\Archivos de programa\Windows Live\Messenger\wlcsdk.exe" = C:\Archivos de programa\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Archivos de programa\Windows Live\Sync\WindowsLiveSync.exe" = C:\Archivos de programa\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Archivos de programa\Java\jre1.6.0_06\bin\javaw.exe" = C:\Archivos de programa\Java\jre1.6.0_06\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Archivos de programa\CyberLink\PowerDVD8\PowerDVD8.exe" = C:\Archivos de programa\CyberLink\PowerDVD8\PowerDVD8.exe:*:Enabled:CyberLink PowerDVD 8.0 -- (CyberLink Corp.)
"C:\Archivos de programa\Windows Live\Messenger\wlcsdk.exe" = C:\Archivos de programa\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Archivos de programa\Windows Live\Sync\WindowsLiveSync.exe" = C:\Archivos de programa\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Archivos de programa\Java\jre1.6.0_06\launch4j-tmp\frd.exe" = C:\Archivos de programa\Java\jre1.6.0_06\launch4j-tmp\frd.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{116D5112-0717-4411-A516-43468EF26D73}" = Actualización del driver del escáner EPSON Stylus CX5600 Series
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Herramienta de carga de Windows Live
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{22B915C5-FFB7-4401-93B5-C7EC61C81CBE}" = Windows Live Protección Infantil
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{25F6A201-C40C-4669-936D-473877CFEB4C}" = Galería fotográfica de Windows Live
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(TM) 6 Update 6
"{350C9C0A-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{38A0481D-544D-4C01-BB32-39332391D012}" = Windows Live Call
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3F6FF1E6-4364-402C-B915-FA1A40016DFA}" = Windows Live Toolbar
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7593234B-2AEB-4FC9-B02D-C9B30D86084C}" = Windows Live Asistente para el inicio de sesión
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8F94D5AC-C1C6-432D-8924-2F5EEBC28446}" = Windows Live Essentials
"{90110C0A-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{94FB906A-CF42-4128-A509-D353026A607E}" = REALTEK Gigabit and Fast Ethernet NIC Driver
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0C0A-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{953D4586-9A16-495E-BA1F-EE5AA66604DB}" = Windows Live Sync
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{AC76BA86-7AD7-1034-7B44-A91000000001}" = Adobe Reader 9.1.1 - Español
"{AC76BA86-7AD7-5760-0000-900000000003}" = Japanese Fonts Support For Adobe Reader 9
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B8583CB3-8ABE-407E-8BC6-F9A83EAC9133}" = Windows Live Writer
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BEC001F9-0451-4396-92D7-E1A4E7854BF3}" = Windows Live Mail
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE38B24E-4146-4DAC-AD4E-4EC8BF24C261}" = OpenOffice.org Installer 1.0
"{D03E7B00-CA85-4684-9321-1888873C34BD}" = ArcSoft PhotoImpression 6
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2FFEEAA-0B48-4342-9B67-12ABB0B58F24}" = Windows Live Messenger
"{FA3EDE74-3425-4E18-94C8-AD105B3D1478}" = BIOTECNOLOGIA
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ATI Display Driver" = ATI Display Driver
"avast!" = avast! Antivirus
"CDisplay_is1" = CDisplay 1.8
"EPSON Printer and Utilities" = Software de impresora EPSON
"EPSON Scanner" = EPSON Scan
"ffdshow_is1" = ffdshow [rev 1946] [2008-04-21]
"ie8" = Windows Internet Explorer 8
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSN Toolbar" = Barra de Herramientas MSN
"MSNINST" = MSN
"save2pc Light_is1" = save2pc Light 4.0
"Silent Package Run-Time Sample" = Manual del usuario CX5600
"ToggleEN Toolbar" = ToggleEN Toolbar
"WIC" = Windows Imaging Component
"Winamp" = Winamp (remove only)
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Reproductor de Windows Media 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WinZip" = WinZip
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xvid_is1" = Xvid 1.2.1 final uninstall
"YInstHelper" = Yahoo! Install Manager

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1060284298-162531612-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 07/06/2009 22:02:43 | Computer Name = ROSA | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\DOCUME~1\ROSAMA~1\CONFIG~1\Temp\gMrIdPzM.exe.part failed, 0000000D.

Error - 07/06/2009 22:02:43 | Computer Name = ROSA | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Documents and Settings\Rosa María\Configuración local\Datos de programa\Mozilla\Firefox\Profiles\6fj8pukh.default\Cache\8A079644d01
failed, 0000000D.

Error - 13/05/2010 20:05:19 | Computer Name = ROSA | Source = avast! | ID = 33554522
Description = Internal error has occurred in module basEncodeFileToSubmit failed!
, function 00000002.

Error - 13/05/2010 20:05:19 | Computer Name = ROSA | Source = avast! | ID = 33554522
Description = Internal error has occurred in module basEncodeFileToSubmit failed!
, function 0000001F.

Error - 24/05/2010 12:04:10 | Computer Name = ROSA | Source = avast! | ID = 33554522
Description = Internal error has occurred in module basEncodeFileToSubmit failed!
, function 0000001F.

[ Application Events ]
Error - 20/05/2010 17:39:24 | Computer Name = ROSA | Source = ESENT | ID = 455
Description = wuaueng.dll (3324) SUS20ClientDataStore: Error -1032 (0xfffffbf8)
al abrir un archivo de registro C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.

Error - 20/05/2010 17:39:34 | Computer Name = ROSA | Source = ESENT | ID = 489
Description = wuauclt (156) Al intentar abrir el archivo "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log"
para acceso de sólo lectura se produjo el error de sistema 32 (0x00000020): "El
proceso no tiene acceso al archivo porque está siendo utilizado por otro proceso.
". La operación para abrir el archivo se cerrará con el error -1032 (0xfffffbf8).

Error - 20/05/2010 17:39:34 | Computer Name = ROSA | Source = ESENT | ID = 455
Description = wuaueng.dll (156) SUS20ClientDataStore: Error -1032 (0xfffffbf8) al
abrir un archivo de registro C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.

Error - 20/05/2010 17:39:45 | Computer Name = ROSA | Source = ESENT | ID = 489
Description = wuauclt (156) Al intentar abrir el archivo "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log"
para acceso de sólo lectura se produjo el error de sistema 32 (0x00000020): "El
proceso no tiene acceso al archivo porque está siendo utilizado por otro proceso.
". La operación para abrir el archivo se cerrará con el error -1032 (0xfffffbf8).

Error - 20/05/2010 17:39:45 | Computer Name = ROSA | Source = ESENT | ID = 455
Description = wuaueng.dll (156) SUS20ClientDataStore: Error -1032 (0xfffffbf8) al
abrir un archivo de registro C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.

Error - 20/05/2010 17:39:57 | Computer Name = ROSA | Source = ESENT | ID = 489
Description = wuauclt (248) Al intentar abrir el archivo "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log"
para acceso de sólo lectura se produjo el error de sistema 32 (0x00000020): "El
proceso no tiene acceso al archivo porque está siendo utilizado por otro proceso.
". La operación para abrir el archivo se cerrará con el error -1032 (0xfffffbf8).

Error - 20/05/2010 17:39:57 | Computer Name = ROSA | Source = ESENT | ID = 455
Description = wuaueng.dll (248) SUS20ClientDataStore: Error -1032 (0xfffffbf8) al
abrir un archivo de registro C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.

Error - 20/05/2010 17:40:07 | Computer Name = ROSA | Source = ESENT | ID = 489
Description = wuauclt (248) Al intentar abrir el archivo "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log"
para acceso de sólo lectura se produjo el error de sistema 32 (0x00000020): "El
proceso no tiene acceso al archivo porque está siendo utilizado por otro proceso.
". La operación para abrir el archivo se cerrará con el error -1032 (0xfffffbf8).

Error - 20/05/2010 17:40:07 | Computer Name = ROSA | Source = ESENT | ID = 455
Description = wuaueng.dll (248) SUS20ClientDataStore: Error -1032 (0xfffffbf8) al
abrir un archivo de registro C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.

Error - 24/05/2010 12:19:11 | Computer Name = ROSA | Source = Application Hang | ID = 1002
Description = Aplicación que no responde: iexplore.exe, versión 8.0.6001.18702,
módulo que no responde hungapp, versión 0.0.0.0, dirección que no responde 0x00000000.

[ System Events ]
Error - 21/05/2010 23:30:02 | Computer Name = ROSA | Source = Service Control Manager | ID = 7000
Description = El servicio Nero BackItUp Scheduler 4.0 no pudo iniciarse debido al
siguiente error: %%2

Error - 24/05/2010 11:44:51 | Computer Name = ROSA | Source = Service Control Manager | ID = 7000
Description = El servicio Nero BackItUp Scheduler 4.0 no pudo iniciarse debido al
siguiente error: %%2


< End of report >

__________________________________________________________________________________________________________________


Then I stopped the Avast on-access protection and ran GMER, though at the end of the operation a dialog box apperead giving the next message: "your computer has been modified by rootkit activities" (this is not literal, but it is faithful to the original text).

Note: If you have any problems, try running GMER in SAFE MODE

, so I thought I should run GMER once again, but now in safety mode, since I considered that dialog box as a problem. I got to safety mode by msconfig command.

Next are the two results, first in normal mode, last in safety mode

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-05-24 14:40:09
Windows 5.1.2600 Service Pack 2
Running: g3wo12or.exe; Driver: C:\DOCUME~1\ROSAMA~1\CONFIG~1\Temp\pxtdrpow.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xF27B86B8] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xF27B8574] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xF27B8A52] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xF27B814C] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xF27B864E] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xF27B808C] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xF27B80F0] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xF27B876E] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xF27B872E] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xF27B88AE] <-- ROOTKIT !!!

---- Kernel code sections - GMER 1.0.15 ----

PAGE Fastfat.sys F7430CC0 4 Bytes CALL 8429C1C9
? System32\Drivers\Cdaudio.SYS Uno de los dispositivos vinculados al sistema no funciona. !

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\services.exe[684] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 003C0002
IAT C:\WINDOWS\system32\services.exe[684] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 003C0000

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Fastfat \FatCdrom 8427A1C0

AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \FileSystem\Fastfat \Fat 8427A1C0

AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

---- Services - GMER 1.0.15 ----

Service (*** hidden *** ) [SYSTEM] Cdaudio <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager@PendingFileRenameOperations ???<?????????????=???????>???????&???????????>???e8??<?=?=?=?=?>?>?>?>??????????? ???????????????????????????????????????????W??? ??????????????????????????????N???????19??pxtdrpow?????????????6???????????????????????5?????s53??Realtek HD Audio output? o??Realtek HD Audio input?o i??Realtek HD Audio output? o???????????????????????????????????????h??wdmaud,swmidi,redbook????????????#???h??? ????????????????????????????????8??8?????????????????????????5????storprop.dll,IdePropPageProvider????????????????????????Microsoft???????????????????atapi_Inst_primary????????B??????????????2??? &??????????????????????????????h??RtkHDAud.sys????????????????????????storprop.dll,IdePropPageProvider????????????????????????????? *??????????????????????'??oem2.inf????mshdc.inf???????????Microsoft???????????? ??????????????????7-1-2001????atapi_Inst_secondary????? ??????????????n?????????????,???????????????s?????????????????????????? ???????????????????????? ???????(??????????r??? ????????????????????????????"?????????r??????
Reg HKLM\SYSTEM\CurrentControlSet\Services\Cdaudio@ErrorControl 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\Cdaudio@Group Filter
Reg HKLM\SYSTEM\CurrentControlSet\Services\Cdaudio@Start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\Cdaudio@Tag 6
Reg HKLM\SYSTEM\CurrentControlSet\Services\Cdaudio@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\System\cdaudio@EventMessageFile %SystemRoot%\System32\IoLogMsg.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\System\cdaudio@TypesSupported 7
Reg HKLM\SYSTEM\ControlSet002\Services\Cdaudio@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet002\Services\Cdaudio@Group Filter
Reg HKLM\SYSTEM\ControlSet002\Services\Cdaudio@Start 1
Reg HKLM\SYSTEM\ControlSet002\Services\Cdaudio@Tag 6
Reg HKLM\SYSTEM\ControlSet002\Services\Cdaudio@Type 1
Reg HKLM\SYSTEM\ControlSet002\Services\Eventlog\System\cdaudio@EventMessageFile %SystemRoot%\System32\IoLogMsg.dll
Reg HKLM\SYSTEM\ControlSet002\Services\Eventlog\System\cdaudio@TypesSupported 7

---- EOF - GMER 1.0.15 ----

___________________________________



GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-05-24 15:36:26
Windows 5.1.2600 Service Pack 2
Running: g3wo12or.exe; Driver: C:\DOCUME~1\ROSAMA~1\CONFIG~1\Temp\pxtdrpow.sys


---- Kernel code sections - GMER 1.0.15 ----

PAGE Fastfat.sys F7443CC0 4 Bytes CALL 8434A2B1
? System32\Drivers\Cdaudio.SYS Uno de los dispositivos vinculados al sistema no funciona. !

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Fastfat \FatCdrom 84349380
Device \FileSystem\Fastfat \Fat 84349380

---- Services - GMER 1.0.15 ----

Service (*** hidden *** ) [SYSTEM] Cdaudio <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\Cdaudio@ErrorControl 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\Cdaudio@Group Filter
Reg HKLM\SYSTEM\CurrentControlSet\Services\Cdaudio@Start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\Cdaudio@Tag 6
Reg HKLM\SYSTEM\CurrentControlSet\Services\Cdaudio@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\System\cdaudio@EventMessageFile %SystemRoot%\System32\IoLogMsg.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\System\cdaudio@TypesSupported 7
Reg HKLM\SYSTEM\ControlSet002\Services\Cdaudio@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet002\Services\Cdaudio@Group Filter
Reg HKLM\SYSTEM\ControlSet002\Services\Cdaudio@Start 1
Reg HKLM\SYSTEM\ControlSet002\Services\Cdaudio@Tag 6
Reg HKLM\SYSTEM\ControlSet002\Services\Cdaudio@Type 1
Reg HKLM\SYSTEM\ControlSet002\Services\Eventlog\System\cdaudio@EventMessageFile %SystemRoot%\System32\IoLogMsg.dll
Reg HKLM\SYSTEM\ControlSet002\Services\Eventlog\System\cdaudio@TypesSupported 7

---- EOF - GMER 1.0.15 ----


__________________________________________________________________________________________________________________

Well, this is what happened today.

Thanks ince again for waiting

bye-bye

PS: I was forgetting that after I ran GMER in safety mode, I returned to normal mode by the system configuration utility, but now eveytime I turn on the computer or restart the next message appears at the point when the machine lists some equipment that is installed in the machine (amount of memory, hard drives installed etc.): "veryfing DMI Pool Data", and it doesn't move anymore .
So, what I've been doing is press CTRL+ALT+DEL, and then go to the boot menu by cliking F8 repeatedly. There I choose
the option "- 4th master: ********* (the "*" represents numbers and letters), and then computer starts normally.

[deltalima]

Hi armandkun,

Upload a File to Virustotal

Please go to Virustotal

Copy/paste this file and path into the white box at the top:

c:\windows\System32\Drivers\Cdaudio.SYS

Press Submit - this will submit the file for testing.
Please wait for all the scanners to finish then copy and paste the results in your next response.

Download SystemLook and save it to your Desktop.

• Double-click SystemLook.exe to run it.
• Copy the content of the following codebox into the main textfield:
  

  Code: Select all

  :dir
  C:\Qoobox
  

• Click the Look button to start the scan.
• When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

Malwarebytes Anti-Malware

Please download Malwarebytes' Anti-Malware to your desktop.

• Double-click mbam-setup.exe and select then follow the prompts to install the program.
• At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select Perform quick scan, then click Scan.
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is checked, and click Remove Selected.
• When completed, a log will open in Notepad. Please post that log in your next reply.

The log can also be found here:

1. Launch Malwarebytes' Anti-Malware
2. Click on the Logs radio tab.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Please post the log from Malwarebytes along with SystemLook.txt and the results from Virustotal in your next reply.

[armandkun]

Hello Deltalima, thanks for answering so quickly . I have just performed the procedures you told me to do in your last reply, so here are the results from the three actions:


Virustotal:

c:\windows\System32\Drivers\Cdaudio.SYS

0 bytes size received / Se ha recibido un archivo vacio


c:\windows\System32\Drivers\Cdaudio.SYS.bak

0 bytes size received / Se ha recibido un archivo vacio


SystemLook:

SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 09:30 on 26/05/2010 by Rosa María (Administrator - Elevation successful)

========== dir ==========

C:\Qoobox - Parameters: "(none)"

---Files---
Add-Remove Programs.txt --a--- 10049 bytes [16:15 17/05/2010] [16:15 17/05/2010]
ComboFix-quarantined-files.txt --a--- 358 bytes [16:16 17/05/2010] [16:16 17/05/2010]
SnapShot@2010-05-17_16.14.08.dat --a--- 1020204 bytes [16:15 17/05/2010] [16:15 17/05/2010]

---Folders---
BackEnv d----- [16:04 17/05/2010]
Quarantine d----- [03:10 13/05/2010]

-=End Of File=-




Malwarebytes Anti-Malware:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4145

Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

26/05/2010 10:17:04
mbam-log-2010-05-26 (10-17-04).txt

Scan type: Quick scan
Objects scanned: 188891
Time elapsed: 31 minute(s), 51 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Rosa María\Datos de programa\avdrn.dat (Malware.Trace) -> Quarantined and deleted successfully.


As you can see, in the VirusTotal part I also sent c:\windows\System32\Drivers\Cdaudio.SYS.bak (apart from c:\windows\System32\Drivers\Cdaudio.SYS), because when I entered the path into the browser that file appeared as an
option, too. I hope this might be of help (or at least not harmful ).

Thanks again and I'll be eagerly waiting for your reply

bye

[deltalima]

Hi armandkun,

I see that the telnet service is running on the computer. This would allow someone to connect to the computer and run commands from the command prompt. If you are aware of this then it is not a problem, but if this service is running without your knowledge then the service can be disabled.

To disable Telnet service, right click on My Computer
Select Manage
Click Services and Application on the left hand side
Then click Services on the right hand side
Scroll down and select Telnet
Change Startup type to disabled then click OK

You are running XP Service Pack 2 and this is not supported by Microsoft, you urgently need to visit Windows Update and upgrade to Service Pack 3.

Please go to Kaspersky website and perform an online antivirus scan.

1. Read through the requirements and privacy statement and click on Accept button.
2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
3. When the downloads have finished, click on Settings.
4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
   Spyware, Adware, Dialers, and other potentially dangerous programs
   Archives
   
5. Click on My Computer under Scan.
6. Once the scan is complete, it will display the results. Click on View Scan Report.
7. You will see a list of infected items there. Click on Save Report As....
8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
9. Please post this log in your next reply.

[armandkun]

Hi Deltalima, I wasn't aware that there is such a thing as telnet, nevermind having it enabled: I disabled it inmediately. I also up-graded to service pack 3 and ran the Kapersky Online Scanner:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Saturday, May 29, 2010
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Saturday, May 29, 2010 10:34:51
Records in database: 4196408
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\

Scan statistics:
Objects scanned: 127009
Threats found: 1
Infected objects found: 1
Suspicious objects found: 0
Scan duration: 03:41:14


File name / Threat / Threats count
C:\WINDOWS\Temp\sig1CE9.tmp Infected: Rootkit.Win32.Bubnix.s 1

Selected area has been scanned.


Well, thanks once again and see you on next reply


PS: Deltalima, I'd like to ask you a favor. Do you think you could explain to me a little more about this telnet service: who could have access to a computer?, what could this person do?

[deltalima]

Hi armandkun,

Do you think you could explain to me a little more about this telnet service: who could have access to a computer?, what could this person do?

Anyone who knew a valid account name and password, and could gain network access to the computer could open a command prompt and do anything that they wish to the computer.

If you are connected to the Internet through a NAT router this would prevent anyone from the Internet connecting.

TFC

• Please download TFC to your desktop,
• Save any unsaved work. TFC will close all open application windows.
• Double-click TFC.exe to run the program.
• Click the Start button in the bottom left of TFC
• If prompted, click "Yes" to reboot.

Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It should not take longer than a couple of minutes , and may only take a few seconds. Only if needed will you be prompted to reboot.

Now please run another online Kaspersky scan and post the log in your next reply.

[armandkun]

Hi deltalima, thanks for the information about telnet. I ran TFC, whitout any problems, though the kaspersky online scanner has freezed in this part:

Scanning: mailres2.dll
Path: C:\Archivos de programa\Windows Live\Mail
(C:\Program Files\Windows Live\Mail)

I don't know if this has something to do with the problem, but whenever i use windows live messeger, internet becomes really slow.

bye-bye

[deltalima]

Hi armandkun,

though the kaspersky online scanner has freezed in this part:

Please reboot the computer and then run the Kaspersky scan again, it can take a very long time so please let it run overnight if possible.

If Kaspersky does freeze completely then please run it one more time and choose scan selected area and select the folder C:\WINDOWS\Temp and post the log in your next reply.

[Dakeyras]

Due to lack of activity, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.