Hi Deltalima thanks for waiting. Today I performed the actions you recommended me, and the result are here:
First the OTL.txt and Extras.txt files
OTL logfile created on: 24/05/2010 11:49:52 - Run 1
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Documents and Settings\Rosa María\Escritorio
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C0A | Country: España | Language: ESN | Date Format: dd/MM/yyyy
446,00 Mb Total Physical Memory | 171,00 Mb Available Physical Memory | 38,00% Memory free
1,00 Gb Paging File | 0,00 Gb Available in Paging File | 47,00% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Archivos de programa
Drive C: | 18,63 Gb Total Space | 4,38 Gb Free Space | 23,50% Space Free | Partition Type: FAT32
Drive D: | 18,44 Gb Total Space | 18,20 Gb Free Space | 98,73% Space Free | Partition Type: FAT32
Drive E: | 37,43 Gb Total Space | 26,13 Gb Free Space | 69,80% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
Drive G: | 1,92 Gb Total Space | 1,92 Gb Free Space | 99,95% Space Free | Partition Type: FAT32
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: ROSA
Current User Name: Rosa María
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Processes (SafeList) ========== PRC - C:\Documents and Settings\Rosa María\Escritorio\OTL.exe (OldTimer Tools)
PRC - C:\Documents and Settings\Rosa María\Configuración local\Datos de programa\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Archivos de programa\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Archivos de programa\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Archivos de programa\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
PRC - C:\Archivos de programa\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
PRC - C:\Archivos de programa\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
PRC - C:\Archivos de programa\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
PRC - C:\Archivos de programa\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
PRC - C:\Archivos de programa\CyberLink\PowerDVD8\PDVD8Serv.exe (Cyberlink Corp.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
========== Modules (SafeList) ========== MOD - C:\Documents and Settings\Rosa María\Escritorio\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)
========== Win32 Services (SafeList) ========== SRV - (Nero BackItUp Scheduler 4.0) -- File not found
SRV - (fsssvc) -- C:\Archivos de programa\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (SeaPort) -- C:\Archivos de programa\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (avast! Antivirus) -- C:\Archivos de programa\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
SRV - (avast! Mail Scanner) -- C:\Archivos de programa\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
SRV - (avast! Web Scanner) -- C:\Archivos de programa\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
SRV - (aswUpdSv) -- C:\Archivos de programa\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
SRV - (ose) -- C:\Archivos de programa\Archivos comunes\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
========== Driver Services (SafeList) ========== DRV - (aswMon2) -- C:\WINDOWS\system32\drivers\aswmon2.sys (ALWIL Software)
DRV - (aswSP) -- C:\WINDOWS\system32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswFsBlk) -- C:\WINDOWS\system32\drivers\aswFsBlk.sys (ALWIL Software)
DRV - (aswTdi) -- C:\WINDOWS\system32\drivers\aswTdi.sys (ALWIL Software)
DRV - (aswRdr) -- C:\WINDOWS\system32\drivers\aswRdr.sys (ALWIL Software)
DRV - (Aavmker4) -- C:\WINDOWS\system32\drivers\aavmker4.sys (ALWIL Software)
DRV - (fssfltr) -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys (Microsoft Corporation)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys (Realtek Semiconductor Corp.)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation )
DRV - (Afc) -- C:\WINDOWS\system32\drivers\afc.sys (Arcsoft, Inc.)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\Hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (rtl8139) Controlador de Windows NT del adaptador Fast Ethernet PCI basado en Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1060284298-162531612-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
http://www.bing.com/ [binary data]
IE - HKU\S-1-5-21-1060284298-162531612-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1060284298-162531612-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://search.conduit.com?SearchSource= ... =CT2077543IE - HKU\S-1-5-21-1060284298-162531612-839522115-1003\..\URLSearchHook: {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Archivos de programa\ToggleEN\tbTog0.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1060284298-162531612-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ========== [2009/04/02 22:00:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rosa María\Datos de programa\Mozilla\Extensions
[2009/04/02 22:00:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rosa María\Datos de programa\Mozilla\Firefox\Profiles\6fj8pukh.default\extensions
O1 HOSTS File: ([2001/08/24 10:00:00 | 000,000,792 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (ToggleEN Toolbar) - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Archivos de programa\ToggleEN\tbTog0.dll (Conduit Ltd.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Archivos de programa\Archivos comunes\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Archivos de programa\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Aplicación auxiliar de inicio de sesión) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (ST) - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Archivos de programa\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Archivos de programa\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Archivos de programa\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (MSNToolBandBHO) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Archivos de programa\MSN Apps\MSN Toolbar\01.02.5000.1021\es-la\msntb.dll (Microsoft Corporation)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Archivos de programa\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Archivos de programa\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (ToggleEN Toolbar) - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Archivos de programa\ToggleEN\tbTog0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Archivos de programa\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Archivos de programa\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (MSN) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Archivos de programa\MSN Apps\MSN Toolbar\01.02.5000.1021\es-la\msntb.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-1060284298-162531612-839522115-1003\..\Toolbar\WebBrowser: (ToggleEN Toolbar) - {038CB5C7-48EA-4AF9-94E0-A1646542E62B} - C:\Archivos de programa\ToggleEN\tbTog0.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-1060284298-162531612-839522115-1003\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Archivos de programa\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-1060284298-162531612-839522115-1003\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Archivos de programa\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKU\S-1-5-21-1060284298-162531612-839522115-1003\..\Toolbar\WebBrowser: (MSN) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Archivos de programa\MSN Apps\MSN Toolbar\01.02.5000.1021\es-la\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [avast!] C:\Archivos de programa\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Archivos de programa\CyberLink\PowerDVD8\Language\Language.exe ()
O4 - HKLM..\Run: [RemoteControl8] C:\Archivos de programa\CyberLink\PowerDVD8\PDVD8Serv.exe (Cyberlink Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Archivos de programa\Archivos comunes\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKU\S-1-5-21-1060284298-162531612-839522115-1003..\Run: [EPSON Stylus CX5600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAL.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\S-1-5-21-1060284298-162531612-839522115-1003..\Run: [swg] C:\Archivos de programa\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1060284298-162531612-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1060284298-162531612-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1060284298-162531612-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1060284298-162531612-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Agregar entrada - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Archivos de programa\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Agregar entrada en Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Archivos de programa\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Archivos de programa\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000}
http://download.macromedia.com/pub/shoc ... wflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Archivos de programa\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Archivos de programa\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Mi página de inicio actual) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/02/06 16:20:18 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ========== [2010/05/24 11:47:12 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Rosa María\Escritorio\OTL.exe
[2010/05/20 16:44:18 | 000,000,000 | -HSD | C] -- C:\FOUND.006
[2010/05/20 16:16:06 | 000,000,000 | -HSD | C] -- C:\FOUND.005
[2010/05/20 00:44:55 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/05/19 18:56:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2010/05/19 18:56:49 | 000,000,000 | ---D | C] -- C:\Archivos de programa\MSBuild
[2010/05/19 18:56:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
[2010/05/19 18:56:21 | 000,000,000 | ---D | C] -- C:\Archivos de programa\Reference Assemblies
[2010/05/19 18:55:10 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpssvcs.dll
[2010/05/19 18:55:10 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpssvcs.dll
[2010/05/19 18:55:10 | 000,597,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\printfilterpipelinesvc.exe
[2010/05/19 18:55:10 | 000,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpsshhdr.dll
[2010/05/19 18:55:10 | 000,117,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\prntvpt.dll
[2010/05/19 18:55:10 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\filterpipelineprintproc.dll
[2010/05/19 18:45:17 | 000,000,000 | ---D | C] -- C:\Archivos de programa\MSXML 6.0
[2010/05/19 02:07:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2010/05/19 01:05:23 | 000,000,000 | -HSD | C] -- C:\Recycled
[2010/05/19 00:54:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Datos de programa\Sun
[2010/05/19 00:53:09 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/05/19 00:53:09 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/05/19 00:53:09 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/05/19 00:53:08 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/05/18 23:29:23 | 000,274,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll
[2010/05/18 23:29:23 | 000,017,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui
[2010/05/17 11:06:38 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/05/17 10:51:19 | 000,000,000 | ---D | C] -- C:\Avenger
[2010/05/13 18:50:58 | 000,000,000 | ---D | C] -- C:\FOUND.004
[2010/05/12 22:14:00 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/05/12 22:14:00 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/05/12 22:14:00 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/05/12 22:14:00 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/05/12 22:13:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/05/12 22:10:45 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/05/12 21:12:50 | 000,000,000 | ---D | C] -- C:\Archivos de programa\Trend Micro
[2010/05/10 20:07:54 | 000,000,000 | ---D | C] -- C:\FOUND.003
[2010/05/07 19:58:46 | 000,000,000 | ---D | C] -- C:\LINKS de youtube, etc
[2010/05/07 19:29:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rosa María\Escritorio\tareas UGEL03
[2010/05/03 23:52:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rosa María\Escritorio\blogs ciencias
[2010/05/02 18:31:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rosa María\Escritorio\educap2010
[2010/05/02 17:25:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rosa María\Escritorio\sesiones de aprendizaje
[2010/04/28 22:48:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rosa María\Mis documentos\experiencias-docentes en TICs_archivos
[2010/04/25 21:51:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rosa María\Escritorio\TICS_UGEL03
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[31716 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
========== Files - Modified Within 30 Days ========== [2010/05/24 12:08:44 | 000,755,200 | ---- | M] () -- C:\WINDOWS\System32\drivers\Cdaudio.SYS
[2010/05/24 11:07:40 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/05/24 11:06:32 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/24 11:06:10 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/24 11:05:10 | 000,000,304 | -HS- | M] () -- C:\Documents and Settings\Rosa María\ntuser.ini
[2010/05/24 11:05:08 | 005,091,328 | ---- | M] () -- C:\Documents and Settings\Rosa María\ntuser.dat
[2010/05/24 09:42:48 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Rosa María\Escritorio\g3wo12or.exe
[2010/05/24 09:27:18 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rosa María\Escritorio\OTL.exe
[2010/05/22 02:34:36 | 000,105,984 | ---- | M] () -- C:\Documents and Settings\Rosa María\Mis documentos\datos juanalarquinas.doc
[2010/05/22 02:00:12 | 000,488,448 | ---- | M] () -- C:\Documents and Settings\Rosa María\Escritorio\ENLACES QUÍMICOS.ppt
[2010/05/21 22:54:38 | 000,043,240 | ---- | M] () -- C:\Documents and Settings\Rosa María\Configuración local\Datos de programa\GDIPFONTCACHEV1.DAT
[2010/05/20 16:56:44 | 001,059,216 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/05/20 16:56:44 | 000,499,218 | ---- | M] () -- C:\WINDOWS\System32\perfh00A.dat
[2010/05/20 16:56:44 | 000,435,710 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/05/20 16:56:44 | 000,087,126 | ---- | M] () -- C:\WINDOWS\System32\perfc00A.dat
[2010/05/20 16:56:44 | 000,068,606 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/05/20 00:52:26 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/05/20 00:49:50 | 000,000,603 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/05/19 19:23:10 | 000,196,160 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/05/19 00:52:40 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/05/19 00:52:38 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/05/19 00:52:38 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/05/19 00:52:38 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/05/19 00:52:36 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/05/17 12:05:16 | 000,002,501 | ---- | M] () -- C:\Documents and Settings\Rosa María\Escritorio\HiJackThis.lnk
[2010/05/17 11:14:10 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/05/17 11:06:42 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/05/14 00:57:28 | 000,184,320 | ---- | M] () -- C:\Documents and Settings\Rosa María\Escritorio\rosam_cuba_marmanillo_tarea3.doc
[2010/05/14 00:04:32 | 000,061,952 | ---- | M] () -- C:\Documents and Settings\Rosa María\Escritorio\tarea.doc
[2010/05/13 18:58:44 | 000,002,958 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/05/10 23:22:18 | 000,214,528 | ---- | M] () -- C:\Documents and Settings\Rosa María\Mis documentos\DERECHOS VISUALES DEL NIÑO.doc
[2010/05/10 23:10:44 | 000,610,304 | ---- | M] () -- C:\Documents and Settings\Rosa María\Mis documentos\IMPRECISOS MOVIMIENTOS OCULARES.doc
[2010/05/10 17:33:38 | 000,000,012 | ---- | M] () -- C:\Documents and Settings\Rosa María\Datos de programa\qvjsge.dat
[2010/05/10 17:31:26 | 000,000,004 | ---- | M] () -- C:\Documents and Settings\Rosa María\Datos de programa\avdrn.dat
[2010/05/10 16:41:42 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Rosa María\Mis documentos\~$RECHOS VISUALES DEL NIÑO.doc
[2010/05/10 16:41:20 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Rosa María\Mis documentos\~$PRECISOS MOVIMIENTOS OCULARES.doc
[2010/05/10 01:46:52 | 000,000,335 | ---- | M] () -- C:\Documents and Settings\Rosa María\Escritorio\APR-001 APR-001 Una mirada al currículo escolar.url
[2010/05/06 23:37:10 | 000,018,944 | ---- | M] () -- C:\Documents and Settings\Rosa María\Mis documentos\energía.xls
[2010/05/04 00:40:34 | 000,182,790 | ---- | M] () -- C:\Documents and Settings\Rosa María\Escritorio\programas de garantía social especial (sullivan).pdf
[2010/05/03 19:49:48 | 000,046,080 | ---- | M] () -- C:\Documents and Settings\Rosa María\Mis documentos\lista alumnas2010.xls
[2010/05/03 16:51:12 | 000,227,328 | ---- | M] () -- C:\Documents and Settings\Rosa María\Mis documentos\SESIoN DE APRENDIZAJE2010.doc
[2010/05/03 14:11:12 | 000,000,586 | ---- | M] () -- C:\Documents and Settings\Rosa María\Escritorio\Acceso directo a frd.lnk
[2010/05/02 18:17:58 | 000,260,096 | ---- | M] () -- C:\Documents and Settings\Rosa María\Mis documentos\infarto.pps
[2010/05/02 18:10:38 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Rosa María\Mis documentos\~$E ES LA SOCIEDAD DEL CONOCIMIENT1.doc
[2010/05/02 00:09:48 | 000,037,376 | ---- | M] () -- C:\Documents and Settings\Rosa María\Mis documentos\EVALUACION FINAL MODULO 1.doc
[2010/05/02 00:02:34 | 000,034,304 | ---- | M] () -- C:\Documents and Settings\Rosa María\Mis documentos\QUE ES LA SOCIEDAD DEL CONOCIMIENTO.doc
[2010/05/01 21:35:48 | 000,049,664 | ---- | M] () -- C:\Documents and Settings\Rosa María\Mis documentos\QUE ES LA SOCIEDAD DEL CONOCIMIENT1.doc
[2010/05/01 18:18:50 | 000,070,656 | ---- | M] () -- C:\Documents and Settings\Rosa María\Mis documentos\ASPECTOS ETICOS DE LAS TECNOLOGIAS DE LA INFORMACION.doc
[2010/05/01 13:36:16 | 000,333,295 | ---- | M] () -- C:\Documents and Settings\Rosa María\Mis documentos\Aspectos_eticos_TICs.pdf
[2010/05/01 13:34:50 | 000,392,945 | ---- | M] () -- C:\Documents and Settings\Rosa María\Mis documentos\Lineamientos poedagógicos de las TICs UGEL03.doc
[2010/05/01 13:32:30 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Rosa María\Mis documentos\~$E ES LA SOCIEDAD DEL CONOCIMIENTO.doc
[2010/04/28 22:48:34 | 000,067,195 | ---- | M] () -- C:\Documents and Settings\Rosa María\Mis documentos\experiencias-docentes en TICs.doc
[2010/04/28 22:48:28 | 000,027,648 | ---- | M] () -- C:\Documents and Settings\Rosa María\Mis documentos\En la incorporación de las TICs en el proceso de E.doc
[2010/04/28 21:00:14 | 000,002,281 | ---- | M] () -- C:\Documents and Settings\Rosa María\Escritorio\Google Chrome.lnk
[2010/04/28 00:30:52 | 000,057,344 | ---- | M] () -- C:\Documents and Settings\Rosa María\Mis documentos\Mixturas Lilia´s.doc
[2010/04/28 00:30:38 | 000,081,920 | ---- | M] () -- C:\Documents and Settings\Rosa María\Mis documentos\Como las tics pueden.doc
[2010/04/26 15:58:14 | 000,256,512 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2010/04/25 22:30:42 | 000,100,352 | ---- | M] () -- C:\Documents and Settings\Rosa María\Mis documentos\Para Consulo Ames.doc
[2010/04/25 21:47:32 | 000,032,768 | ---- | M] () -- C:\Documents and Settings\Rosa María\Escritorio\rosam_cuba_ marmanillo.doc
[2010/04/25 21:44:20 | 000,032,256 | ---- | M] () -- C:\Documents and Settings\Rosa María\Mis documentos\rosam cuba.doc
[2010/04/25 17:51:46 | 000,308,736 | ---- | M] () -- C:\Documents and Settings\Rosa María\Mis documentos\24-GLOSARIO DE NECESIDADES EDUCATIVAS ESPECIALES.doc
[2010/04/25 02:26:42 | 000,032,256 | ---- | M] () -- C:\Documents and Settings\Rosa María\Mis documentos\rosam_cuba_ marmanillo.doc
[2010/04/24 22:21:06 | 000,310,784 | ---- | M] () -- C:\Documents and Settings\Rosa María\Mis documentos\invitación internacion a docentes (virtuales).doc
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[31883 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
========== Files Created - No Company Name ========== [2010/05/24 11:47:12 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Rosa María\Escritorio\g3wo12or.exe
[2010/05/22 02:34:35 | 000,105,984 | ---- | C] () -- C:\Documents and Settings\Rosa María\Mis documentos\datos juanalarquinas.doc
[2010/05/22 02:00:11 | 000,488,448 | ---- | C] () -- C:\Documents and Settings\Rosa María\Escritorio\ENLACES QUÍMICOS.ppt
[2010/05/17 11:06:40 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/05/17 11:06:38 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/05/14 00:57:27 | 000,184,320 | ---- | C] () -- C:\Documents and Settings\Rosa María\Escritorio\rosam_cuba_marmanillo_tarea3.doc
[2010/05/14 00:04:31 | 000,061,952 | ---- | C] () -- C:\Documents and Settings\Rosa María\Escritorio\tarea.doc
[2010/05/13 18:51:00 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\drivers\Cdaudio.SYS
[2010/05/12 22:19:52 | 005,091,328 | ---- | C] () -- C:\Documents and Settings\Rosa María\ntuser.dat
[2010/05/12 22:14:00 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/05/12 22:14:00 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/05/12 22:14:00 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/05/12 22:14:00 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/05/12 22:14:00 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/05/12 21:12:53 | 000,002,501 | ---- | C] () -- C:\Documents and Settings\Rosa María\Escritorio\HiJackThis.lnk
[2010/05/10 17:32:55 | 000,000,012 | ---- | C] () -- C:\Documents and Settings\Rosa María\Datos de programa\qvjsge.dat
[2010/05/10 17:31:25 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\Rosa María\Datos de programa\avdrn.dat
[2010/05/10 16:41:40 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Rosa María\Mis documentos\~$RECHOS VISUALES DEL NIÑO.doc
[2010/05/10 16:41:19 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Rosa María\Mis documentos\~$PRECISOS MOVIMIENTOS OCULARES.doc
[2010/05/10 01:46:50 | 000,000,335 | ---- | C] () -- C:\Documents and Settings\Rosa María\Escritorio\APR-001 APR-001 Una mirada al currículo escolar.url
[2010/05/09 02:10:00 | 000,610,304 | ---- | C] () -- C:\Documents and Settings\Rosa María\Mis documentos\IMPRECISOS MOVIMIENTOS OCULARES.doc
[2010/05/09 02:08:54 | 000,214,528 | ---- | C] () -- C:\Documents and Settings\Rosa María\Mis documentos\DERECHOS VISUALES DEL NIÑO.doc
[2010/05/06 00:13:30 | 000,018,944 | ---- | C] () -- C:\Documents and Settings\Rosa María\Mis documentos\energía.xls
[2010/05/04 00:40:33 | 000,182,790 | ---- | C] () -- C:\Documents and Settings\Rosa María\Escritorio\programas de garantía social especial (sullivan).pdf
[2010/05/03 14:11:10 | 000,000,586 | ---- | C] () -- C:\Documents and Settings\Rosa María\Escritorio\Acceso directo a frd.lnk
[2010/05/02 18:20:31 | 000,260,096 | ---- | C] () -- C:\Documents and Settings\Rosa María\Mis documentos\infarto.pps
[2010/05/02 18:10:36 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Rosa María\Mis documentos\~$E ES LA SOCIEDAD DEL CONOCIMIENT1.doc
[2010/05/01 21:30:24 | 000,037,376 | ---- | C] () -- C:\Documents and Settings\Rosa María\Mis documentos\EVALUACION FINAL MODULO 1.doc
[2010/05/01 18:19:41 | 000,049,664 | ---- | C] () -- C:\Documents and Settings\Rosa María\Mis documentos\QUE ES LA SOCIEDAD DEL CONOCIMIENT1.doc
[2010/05/01 18:18:48 | 000,070,656 | ---- | C] () -- C:\Documents and Settings\Rosa María\Mis documentos\ASPECTOS ETICOS DE LAS TECNOLOGIAS DE LA INFORMACION.doc
[2010/05/01 13:36:14 | 000,333,295 | ---- | C] () -- C:\Documents and Settings\Rosa María\Mis documentos\Aspectos_eticos_TICs.pdf
[2010/05/01 13:34:46 | 000,392,945 | ---- | C] () -- C:\Documents and Settings\Rosa María\Mis documentos\Lineamientos poedagógicos de las TICs UGEL03.doc
[2010/05/01 13:32:28 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Rosa María\Mis documentos\~$E ES LA SOCIEDAD DEL CONOCIMIENTO.doc
[2010/04/28 22:48:25 | 000,027,648 | ---- | C] () -- C:\Documents and Settings\Rosa María\Mis documentos\En la incorporación de las TICs en el proceso de E.doc
[2010/04/25 21:47:31 | 000,032,768 | ---- | C] () -- C:\Documents and Settings\Rosa María\Escritorio\rosam_cuba_ marmanillo.doc
[2010/04/25 21:44:19 | 000,032,256 | ---- | C] () -- C:\Documents and Settings\Rosa María\Mis documentos\rosam cuba.doc
[2010/04/25 17:51:45 | 000,308,736 | ---- | C] () -- C:\Documents and Settings\Rosa María\Mis documentos\24-GLOSARIO DE NECESIDADES EDUCATIVAS ESPECIALES.doc
[2010/04/25 02:07:08 | 000,032,256 | ---- | C] () -- C:\Documents and Settings\Rosa María\Mis documentos\rosam_cuba_ marmanillo.doc
[2010/04/24 22:49:42 | 000,067,195 | ---- | C] () -- C:\Documents and Settings\Rosa María\Mis documentos\experiencias-docentes en TICs.doc
[2010/04/24 22:21:04 | 000,310,784 | ---- | C] () -- C:\Documents and Settings\Rosa María\Mis documentos\invitación internacion a docentes (virtuales).doc
[2009/06/28 18:53:13 | 000,000,039 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2009/06/18 19:40:20 | 000,815,104 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/06/18 19:40:19 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/06/07 20:38:56 | 000,000,056 | ---- | C] () -- C:\WINDOWS\VideoConvert.INI
[2009/06/06 19:35:58 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009/06/06 19:35:57 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/04/07 23:44:49 | 000,000,212 | ---- | C] () -- C:\WINDOWS\pdf2word.INI
[2008/02/29 21:25:43 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/02/06 17:54:56 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2008/02/06 17:54:21 | 000,000,079 | ---- | C] () -- C:\WINDOWS\EPCX5600.ini
[2008/02/06 17:50:23 | 000,000,095 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2008/02/06 16:59:42 | 000,000,379 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/02/06 16:35:51 | 000,157,184 | R--- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2003/04/11 13:14:14 | 000,005,827 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/08/17 21:52:30 | 000,018,688 | ---- | C] () -- C:\WINDOWS\System32\drivers\Cdaudio.sys.bak
< End of report >
____________________________________
OTL Extras logfile created on: 24/05/2010 11:49:52 - Run 1
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Documents and Settings\Rosa María\Escritorio
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C0A | Country: España | Language: ESN | Date Format: dd/MM/yyyy
446,00 Mb Total Physical Memory | 171,00 Mb Available Physical Memory | 38,00% Memory free
1,00 Gb Paging File | 0,00 Gb Available in Paging File | 47,00% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Archivos de programa
Drive C: | 18,63 Gb Total Space | 4,38 Gb Free Space | 23,50% Space Free | Partition Type: FAT32
Drive D: | 18,44 Gb Total Space | 18,20 Gb Free Space | 98,73% Space Free | Partition Type: FAT32
Drive E: | 37,43 Gb Total Space | 26,13 Gb Free Space | 69,80% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
Drive G: | 1,92 Gb Total Space | 1,92 Gb Free Space | 99,95% Space Free | Partition Type: FAT32
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: ROSA
Current User Name: Rosa María
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
[HKEY_USERS\S-1-5-21-1060284298-162531612-839522115-1003\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Archivos de programa\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Archivos de programa\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Archivos de programa\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Archivos de programa\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Archivos de programa\Winamp\Winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Archivos de programa\MSN Messenger\livecall.exe" = C:\Archivos de programa\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found
"C:\Archivos de programa\CyberLink\PowerDVD8\PowerDVD8.exe" = C:\Archivos de programa\CyberLink\PowerDVD8\PowerDVD8.exe:*:Enabled:CyberLink PowerDVD 8.0 -- (CyberLink Corp.)
"C:\Archivos de programa\Windows Live\Messenger\wlcsdk.exe" = C:\Archivos de programa\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Archivos de programa\Windows Live\Sync\WindowsLiveSync.exe" = C:\Archivos de programa\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Archivos de programa\Java\jre1.6.0_06\bin\javaw.exe" = C:\Archivos de programa\Java\jre1.6.0_06\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Archivos de programa\CyberLink\PowerDVD8\PowerDVD8.exe" = C:\Archivos de programa\CyberLink\PowerDVD8\PowerDVD8.exe:*:Enabled:CyberLink PowerDVD 8.0 -- (CyberLink Corp.)
"C:\Archivos de programa\Windows Live\Messenger\wlcsdk.exe" = C:\Archivos de programa\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Archivos de programa\Windows Live\Sync\WindowsLiveSync.exe" = C:\Archivos de programa\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Archivos de programa\Java\jre1.6.0_06\launch4j-tmp\frd.exe" = C:\Archivos de programa\Java\jre1.6.0_06\launch4j-tmp\frd.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{116D5112-0717-4411-A516-43468EF26D73}" = Actualización del driver del escáner EPSON Stylus CX5600 Series
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Herramienta de carga de Windows Live
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{22B915C5-FFB7-4401-93B5-C7EC61C81CBE}" = Windows Live Protección Infantil
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{25F6A201-C40C-4669-936D-473877CFEB4C}" = Galería fotográfica de Windows Live
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(TM) 6 Update 6
"{350C9C0A-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{38A0481D-544D-4C01-BB32-39332391D012}" = Windows Live Call
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3F6FF1E6-4364-402C-B915-FA1A40016DFA}" = Windows Live Toolbar
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7593234B-2AEB-4FC9-B02D-C9B30D86084C}" = Windows Live Asistente para el inicio de sesión
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8F94D5AC-C1C6-432D-8924-2F5EEBC28446}" = Windows Live Essentials
"{90110C0A-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{94FB906A-CF42-4128-A509-D353026A607E}" = REALTEK Gigabit and Fast Ethernet NIC Driver
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0C0A-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{953D4586-9A16-495E-BA1F-EE5AA66604DB}" = Windows Live Sync
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{AC76BA86-7AD7-1034-7B44-A91000000001}" = Adobe Reader 9.1.1 - Español
"{AC76BA86-7AD7-5760-0000-900000000003}" = Japanese Fonts Support For Adobe Reader 9
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B8583CB3-8ABE-407E-8BC6-F9A83EAC9133}" = Windows Live Writer
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BEC001F9-0451-4396-92D7-E1A4E7854BF3}" = Windows Live Mail
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE38B24E-4146-4DAC-AD4E-4EC8BF24C261}" = OpenOffice.org Installer 1.0
"{D03E7B00-CA85-4684-9321-1888873C34BD}" = ArcSoft PhotoImpression 6
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2FFEEAA-0B48-4342-9B67-12ABB0B58F24}" = Windows Live Messenger
"{FA3EDE74-3425-4E18-94C8-AD105B3D1478}" = BIOTECNOLOGIA
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ATI Display Driver" = ATI Display Driver
"avast!" = avast! Antivirus
"CDisplay_is1" = CDisplay 1.8
"EPSON Printer and Utilities" = Software de impresora EPSON
"EPSON Scanner" = EPSON Scan
"ffdshow_is1" = ffdshow [rev 1946] [2008-04-21]
"ie8" = Windows Internet Explorer 8
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSN Toolbar" = Barra de Herramientas MSN
"MSNINST" = MSN
"save2pc Light_is1" = save2pc Light 4.0
"Silent Package Run-Time Sample" = Manual del usuario CX5600
"ToggleEN Toolbar" = ToggleEN Toolbar
"WIC" = Windows Imaging Component
"Winamp" = Winamp (remove only)
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Reproductor de Windows Media 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WinZip" = WinZip
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xvid_is1" = Xvid 1.2.1 final uninstall
"YInstHelper" = Yahoo! Install Manager
========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-1060284298-162531612-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
========== Last 10 Event Log Errors ========== [ Antivirus Events ]
Error - 07/06/2009 22:02:43 | Computer Name = ROSA | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\DOCUME~1\ROSAMA~1\CONFIG~1\Temp\gMrIdPzM.exe.part failed, 0000000D.
Error - 07/06/2009 22:02:43 | Computer Name = ROSA | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Documents and Settings\Rosa María\Configuración local\Datos de programa\Mozilla\Firefox\Profiles\6fj8pukh.default\Cache\8A079644d01
failed, 0000000D.
Error - 13/05/2010 20:05:19 | Computer Name = ROSA | Source = avast! | ID = 33554522
Description = Internal error has occurred in module basEncodeFileToSubmit failed!
, function 00000002.
Error - 13/05/2010 20:05:19 | Computer Name = ROSA | Source = avast! | ID = 33554522
Description = Internal error has occurred in module basEncodeFileToSubmit failed!
, function 0000001F.
Error - 24/05/2010 12:04:10 | Computer Name = ROSA | Source = avast! | ID = 33554522
Description = Internal error has occurred in module basEncodeFileToSubmit failed!
, function 0000001F.
[ Application Events ]
Error - 20/05/2010 17:39:24 | Computer Name = ROSA | Source = ESENT | ID = 455
Description = wuaueng.dll (3324) SUS20ClientDataStore: Error -1032 (0xfffffbf8)
al abrir un archivo de registro C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.
Error - 20/05/2010 17:39:34 | Computer Name = ROSA | Source = ESENT | ID = 489
Description = wuauclt (156) Al intentar abrir el archivo "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log"
para acceso de sólo lectura se produjo el error de sistema 32 (0x00000020): "El
proceso no tiene acceso al archivo porque está siendo utilizado por otro proceso.
". La operación para abrir el archivo se cerrará con el error -1032 (0xfffffbf8).
Error - 20/05/2010 17:39:34 | Computer Name = ROSA | Source = ESENT | ID = 455
Description = wuaueng.dll (156) SUS20ClientDataStore: Error -1032 (0xfffffbf8) al
abrir un archivo de registro C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.
Error - 20/05/2010 17:39:45 | Computer Name = ROSA | Source = ESENT | ID = 489
Description = wuauclt (156) Al intentar abrir el archivo "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log"
para acceso de sólo lectura se produjo el error de sistema 32 (0x00000020): "El
proceso no tiene acceso al archivo porque está siendo utilizado por otro proceso.
". La operación para abrir el archivo se cerrará con el error -1032 (0xfffffbf8).
Error - 20/05/2010 17:39:45 | Computer Name = ROSA | Source = ESENT | ID = 455
Description = wuaueng.dll (156) SUS20ClientDataStore: Error -1032 (0xfffffbf8) al
abrir un archivo de registro C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.
Error - 20/05/2010 17:39:57 | Computer Name = ROSA | Source = ESENT | ID = 489
Description = wuauclt (248) Al intentar abrir el archivo "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log"
para acceso de sólo lectura se produjo el error de sistema 32 (0x00000020): "El
proceso no tiene acceso al archivo porque está siendo utilizado por otro proceso.
". La operación para abrir el archivo se cerrará con el error -1032 (0xfffffbf8).
Error - 20/05/2010 17:39:57 | Computer Name = ROSA | Source = ESENT | ID = 455
Description = wuaueng.dll (248) SUS20ClientDataStore: Error -1032 (0xfffffbf8) al
abrir un archivo de registro C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.
Error - 20/05/2010 17:40:07 | Computer Name = ROSA | Source = ESENT | ID = 489
Description = wuauclt (248) Al intentar abrir el archivo "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log"
para acceso de sólo lectura se produjo el error de sistema 32 (0x00000020): "El
proceso no tiene acceso al archivo porque está siendo utilizado por otro proceso.
". La operación para abrir el archivo se cerrará con el error -1032 (0xfffffbf8).
Error - 20/05/2010 17:40:07 | Computer Name = ROSA | Source = ESENT | ID = 455
Description = wuaueng.dll (248) SUS20ClientDataStore: Error -1032 (0xfffffbf8) al
abrir un archivo de registro C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.
Error - 24/05/2010 12:19:11 | Computer Name = ROSA | Source = Application Hang | ID = 1002
Description = Aplicación que no responde: iexplore.exe, versión 8.0.6001.18702,
módulo que no responde hungapp, versión 0.0.0.0, dirección que no responde 0x00000000.
[ System Events ]
Error - 21/05/2010 23:30:02 | Computer Name = ROSA | Source = Service Control Manager | ID = 7000
Description = El servicio Nero BackItUp Scheduler 4.0 no pudo iniciarse debido al
siguiente error: %%2
Error - 24/05/2010 11:44:51 | Computer Name = ROSA | Source = Service Control Manager | ID = 7000
Description = El servicio Nero BackItUp Scheduler 4.0 no pudo iniciarse debido al
siguiente error: %%2
< End of report >
__________________________________________________________________________________________________________________
Then I stopped the Avast on-access protection and ran GMER, though at the end of the operation a dialog box apperead giving the next message: "your computer has been modified by rootkit activities" (this is not literal, but it is faithful to the original text).
armandkun wrote:Note: If you have any problems, try running GMER in SAFE MODE
, so I thought I should run GMER once again, but now in safety mode, since I considered that dialog box as a problem. I got to safety mode by msconfig command.
Next are the two results, first in normal mode, last in safety mode
GMER 1.0.15.15281 -
http://www.gmer.netRootkit scan 2010-05-24 14:40:09
Windows 5.1.2600 Service Pack 2
Running: g3wo12or.exe; Driver: C:\DOCUME~1\ROSAMA~1\CONFIG~1\Temp\pxtdrpow.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xF27B86B8] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xF27B8574] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xF27B8A52] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xF27B814C] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xF27B864E] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xF27B808C] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xF27B80F0] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xF27B876E] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xF27B872E] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xF27B88AE] <-- ROOTKIT !!!
---- Kernel code sections - GMER 1.0.15 ----
PAGE Fastfat.sys F7430CC0 4 Bytes CALL 8429C1C9
? System32\Drivers\Cdaudio.SYS Uno de los dispositivos vinculados al sistema no funciona. !
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\WINDOWS\system32\services.exe[684] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 003C0002
IAT C:\WINDOWS\system32\services.exe[684] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 003C0000
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Fastfat \FatCdrom 8427A1C0
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
Device \FileSystem\Fastfat \Fat 8427A1C0
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
---- Services - GMER 1.0.15 ----
Service (*** hidden *** ) [SYSTEM] Cdaudio <-- ROOTKIT !!!
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager@PendingFileRenameOperations ???<?????????????=???????>???????&???????????>???e8??<?=?=?=?=?>?>?>?>??????????? ???????????????????????????????????????????W??? ??????????????????????????????N???????19??pxtdrpow?????????????6???????????????????????5?????s53??Realtek HD Audio output? o??Realtek HD Audio input?o i??Realtek HD Audio output? o???????????????????????????????????????h??wdmaud,swmidi,redbook????????????#???h??? ????????????????????????????????8??8?????????????????????????5????storprop.dll,IdePropPageProvider????????????????????????Microsoft???????????????????atapi_Inst_primary????????B??????????????2??? &??????????????????????????????h??RtkHDAud.sys????????????????????????storprop.dll,IdePropPageProvider????????????????????????????? *??????????????????????'??oem2.inf????mshdc.inf???????????Microsoft???????????? ??????????????????7-1-2001????atapi_Inst_secondary????? ??????????????n?????????????,???????????????s?????????????????????????? ???????????????????????? ???????(??????????r??? ????????????????????????????"?????????r??????
Reg HKLM\SYSTEM\CurrentControlSet\Services\Cdaudio@ErrorControl 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\Cdaudio@Group Filter
Reg HKLM\SYSTEM\CurrentControlSet\Services\Cdaudio@Start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\Cdaudio@Tag 6
Reg HKLM\SYSTEM\CurrentControlSet\Services\Cdaudio@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\System\cdaudio@EventMessageFile %SystemRoot%\System32\IoLogMsg.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\System\cdaudio@TypesSupported 7
Reg HKLM\SYSTEM\ControlSet002\Services\Cdaudio@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet002\Services\Cdaudio@Group Filter
Reg HKLM\SYSTEM\ControlSet002\Services\Cdaudio@Start 1
Reg HKLM\SYSTEM\ControlSet002\Services\Cdaudio@Tag 6
Reg HKLM\SYSTEM\ControlSet002\Services\Cdaudio@Type 1
Reg HKLM\SYSTEM\ControlSet002\Services\Eventlog\System\cdaudio@EventMessageFile %SystemRoot%\System32\IoLogMsg.dll
Reg HKLM\SYSTEM\ControlSet002\Services\Eventlog\System\cdaudio@TypesSupported 7
---- EOF - GMER 1.0.15 ----
___________________________________
GMER 1.0.15.15281 -
http://www.gmer.netRootkit scan 2010-05-24 15:36:26
Windows 5.1.2600 Service Pack 2
Running: g3wo12or.exe; Driver: C:\DOCUME~1\ROSAMA~1\CONFIG~1\Temp\pxtdrpow.sys
---- Kernel code sections - GMER 1.0.15 ----
PAGE Fastfat.sys F7443CC0 4 Bytes CALL 8434A2B1
? System32\Drivers\Cdaudio.SYS Uno de los dispositivos vinculados al sistema no funciona. !
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Fastfat \FatCdrom 84349380
Device \FileSystem\Fastfat \Fat 84349380
---- Services - GMER 1.0.15 ----
Service (*** hidden *** ) [SYSTEM] Cdaudio <-- ROOTKIT !!!
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\Cdaudio@ErrorControl 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\Cdaudio@Group Filter
Reg HKLM\SYSTEM\CurrentControlSet\Services\Cdaudio@Start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\Cdaudio@Tag 6
Reg HKLM\SYSTEM\CurrentControlSet\Services\Cdaudio@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\System\cdaudio@EventMessageFile %SystemRoot%\System32\IoLogMsg.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\System\cdaudio@TypesSupported 7
Reg HKLM\SYSTEM\ControlSet002\Services\Cdaudio@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet002\Services\Cdaudio@Group Filter
Reg HKLM\SYSTEM\ControlSet002\Services\Cdaudio@Start 1
Reg HKLM\SYSTEM\ControlSet002\Services\Cdaudio@Tag 6
Reg HKLM\SYSTEM\ControlSet002\Services\Cdaudio@Type 1
Reg HKLM\SYSTEM\ControlSet002\Services\Eventlog\System\cdaudio@EventMessageFile %SystemRoot%\System32\IoLogMsg.dll
Reg HKLM\SYSTEM\ControlSet002\Services\Eventlog\System\cdaudio@TypesSupported 7
---- EOF - GMER 1.0.15 ----
__________________________________________________________________________________________________________________
Well, this is what happened today.
Thanks ince again for waiting
bye-bye
PS: I was forgetting that after I ran GMER in safety mode, I returned to normal mode by the system configuration utility, but now eveytime I turn on the computer or restart the next message appears at the point when the machine lists some equipment that is installed in the machine (amount of memory, hard drives installed etc.): "veryfing DMI Pool Data", and it doesn't move anymore
.
So, what I've been doing is press CTRL+ALT+DEL, and then go to the boot menu by cliking F8 repeatedly. There I choose
the option "- 4th master: ********* (the "*" represents numbers and letters), and then computer starts normally.