Ad served by primawega

View previous topic View next topic Go down

Ad served by primawega

Post by pom on Tue Jun 29, 2010 10:42 am

Hi,
Thank you for your help. Everytime I am searching on the web this malware change the page I visit for some publicity. I run OTL (it was installed in Spanish automatically, I hope that is not a problem for you) as you recommended and the output is attached to the message.

Best

pom
Novice
Novice

Posts Posts : 7
Joined Joined : 2010-06-29
OS OS : XP
Points Points : 23613
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Ad served by primawega

Post by Belahzur on Tue Jun 29, 2010 5:44 pm

There's no attachment here?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Ad served by primawega

Post by pom on Thu Jul 01, 2010 3:52 pm

I am sorry, for some reason the files weren't attached. I will copy the results of the scan below. Thank you again

OTL

OTL logfile created on: 29-06-2010 10:42:30 - Run 1
OTL by OldTimer - Version 3.2.7.0 Folder = C:\Documents and Settings\POM\Escritorio
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 0000340A | Country: Chile | Language: ESL | Date Format: dd-MM-yyyy

1.014,00 Mb Total Physical Memory | 667,00 Mb Available Physical Memory | 66,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 79,00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Archivos de programa
Drive C: | 107,32 Gb Total Space | 16,36 Gb Free Space | 15,25% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PAULA
Current User Name: POM
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010-06-29 10:35:29 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\POM\Escritorio\OTL.exe
PRC - [2010-03-24 19:17:47 | 000,952,768 | ---- | M] (Adobe Systems Incorporated) -- C:\Archivos de programa\Archivos comunes\Adobe\ARM\1.0\AdobeARM.exe
PRC - [2010-02-18 11:43:18 | 000,248,040 | ---- | M] (Sun Microsystems, Inc.) -- C:\Archivos de programa\Archivos comunes\Java\Java Update\jusched.exe
PRC - [2009-12-09 01:57:43 | 001,201,640 | ---- | M] (Webroot Software, Inc. ) -- C:\Archivos de programa\Webroot\WebrootSecurity\WRConsumerService.exe
PRC - [2009-11-06 16:19:44 | 006,515,784 | ---- | M] (Webroot Software, Inc.) -- C:\Archivos de programa\Webroot\WebrootSecurity\SpySweeperUI.exe
PRC - [2009-11-06 13:00:22 | 004,048,240 | ---- | M] (Webroot Software, Inc. ([You must be registered and logged in to see this link.] -- C:\Archivos de programa\Webroot\WebrootSecurity\SpySweeper.exe
PRC - [2009-11-06 13:00:22 | 000,165,232 | ---- | M] (Webroot Software, Inc. ([You must be registered and logged in to see this link.] -- C:\Archivos de programa\Webroot\WebrootSecurity\SSU.exe
PRC - [2009-05-27 03:27:04 | 029,262,680 | ---- | M] (Microsoft Corporation) -- c:\Archivos de programa\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
PRC - [2009-05-15 18:27:08 | 000,077,824 | ---- | M] (Clarus, Inc.) -- C:\Archivos de programa\Clarus\Samsung Auto Backup\ISFRealTimeD.exe
PRC - [2009-05-15 18:27:06 | 000,888,832 | ---- | M] (Clarus, Inc.) -- C:\Archivos de programa\Clarus\Samsung Auto Backup\ISFGuage.exe
PRC - [2009-05-15 18:26:56 | 000,094,208 | ---- | M] (Clarus, Inc.) -- C:\Archivos de programa\Clarus\Samsung Auto Backup\ISFTimerD.exe
PRC - [2008-11-24 22:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) -- c:\Archivos de programa\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2008-11-24 22:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) -- c:\Archivos de programa\Microsoft SQL Server\90\Shared\sqlbrowser.exe
PRC - [2007-09-18 15:16:16 | 000,171,464 | ---- | M] (DT Soft Ltd.) -- C:\Archivos de programa\Daemon Tools\daemon.exe
PRC - [2007-06-13 14:22:28 | 001,035,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006-11-03 20:20:12 | 000,866,584 | ---- | M] (Microsoft Corporation) -- C:\Archivos de programa\Windows Defender\MSASCui.exe
PRC - [2006-11-03 20:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- C:\Archivos de programa\Windows Defender\MsMpEng.exe
PRC - [2006-11-02 18:43:10 | 000,472,632 | ---- | M] () -- C:\Archivos de programa\Sony\SonicStage\SSAAD.exe
PRC - [2006-05-01 15:34:00 | 000,262,217 | ---- | M] (Intel(R) Corporation) -- C:\Archivos de programa\Intel\Wireless\Bin\WLKEEPER.exe
PRC - [2006-05-01 15:28:26 | 000,602,182 | ---- | M] (Intel Corporation) -- C:\Archivos de programa\Intel\Wireless\Bin\iFrmewrk.exe
PRC - [2006-05-01 15:28:06 | 000,667,718 | ---- | M] (Intel Corporation) -- C:\Archivos de programa\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2006-05-01 15:26:14 | 000,397,381 | ---- | M] (Intel Corporation) -- C:\Archivos de programa\Intel\Wireless\Bin\Dot1XCfg.exe
PRC - [2006-05-01 15:22:42 | 000,540,745 | ---- | M] (Intel Corporation ) -- C:\Archivos de programa\Intel\Wireless\Bin\S24EvMon.exe
PRC - [2006-05-01 15:20:52 | 000,114,753 | ---- | M] (Intel Corporation) -- C:\Archivos de programa\Intel\Wireless\Bin\EvtEng.exe
PRC - [2006-05-01 15:20:26 | 000,217,164 | ---- | M] (Intel Corporation) -- C:\Archivos de programa\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2006-03-24 22:30:44 | 000,282,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2005-01-14 14:32:38 | 000,053,248 | ---- | M] () -- C:\WINDOWS\system32\PAStiSvc.exe
PRC - [2004-07-27 22:50:18 | 000,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Archivos de programa\Archivos comunes\InstallShield\UpdateService\issch.exe
PRC - [2003-09-10 08:24:00 | 000,020,480 | ---- | M] () -- C:\Archivos de programa\NetWaiting\netwaiting.exe


========== Modules (SafeList) ==========

MOD - [2010-06-29 10:35:29 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\POM\Escritorio\OTL.exe
MOD - [2006-08-25 16:46:26 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2005-12-13 22:39:58 | 000,073,728 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\hccutils.dll
MOD - [2004-08-20 18:00:00 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2009-12-09 01:57:43 | 001,201,640 | ---- | M] (Webroot Software, Inc. ) [Auto | Running] -- C:\Archivos de programa\Webroot\WebrootSecurity\WRConsumerService.exe -- (WRConsumerService)
SRV - [2009-11-06 13:00:22 | 004,048,240 | ---- | M] (Webroot Software, Inc. ([You must be registered and logged in to see this link.] [Auto | Running] -- C:\Archivos de programa\Webroot\WebrootSecurity\SpySweeper.exe -- (WebrootSpySweeperService)
SRV - [2009-10-20 20:39:28 | 000,340,456 | ---- | M] (Kaspersky Lab) [Unknown | Stopped] -- C:\Archivos de programa\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe -- (AVP)
SRV - [2009-05-27 03:27:04 | 029,262,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Archivos de programa\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$QSRNVIVO) SQL Server (QSRNVIVO)
SRV - [2008-11-24 22:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Archivos de programa\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2008-11-24 22:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Archivos de programa\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2008-11-24 22:31:08 | 000,045,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Archivos de programa\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2006-11-03 20:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Archivos de programa\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2006-11-02 17:31:14 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Archivos de programa\Archivos comunes\Sony Shared\AVLib\SSScsiSV.exe -- (SSScsiSV)
SRV - [2006-10-04 23:25:00 | 000,057,344 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Archivos de programa\Archivos comunes\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2006-10-04 23:15:30 | 000,057,344 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Archivos de programa\Archivos comunes\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2006-10-04 23:06:58 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Archivos de programa\Archivos comunes\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2006-05-01 15:34:00 | 000,262,217 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Archivos de programa\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER) Intel(R)
SRV - [2006-05-01 15:22:42 | 000,540,745 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\Archivos de programa\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor) Intel(R)
SRV - [2006-05-01 15:20:52 | 000,114,753 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Archivos de programa\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel(R)
SRV - [2006-05-01 15:20:26 | 000,217,164 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Archivos de programa\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel(R)
SRV - [2005-11-14 05:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Archivos de programa\Archivos comunes\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2005-01-14 14:32:38 | 000,053,248 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\PAStiSvc.exe -- (STI Simulator)


========== Driver Services (SafeList) ==========

DRV - [2009-12-19 04:22:56 | 000,315,408 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
DRV - [2009-12-09 01:55:01 | 000,108,880 | ---- | M] (Privacyware/PWI, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\pwipf6.sys -- (pwipf6)
DRV - [2009-11-06 13:00:36 | 000,176,752 | ---- | M] (Webroot Software, Inc. ([You must be registered and logged in to see this link.] [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ssidrv.sys -- (ssidrv)
DRV - [2009-11-06 13:00:36 | 000,023,152 | ---- | M] (Webroot Software, Inc. ([You must be registered and logged in to see this link.] [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sshrmd.sys -- (sshrmd)
DRV - [2009-11-06 13:00:34 | 000,029,808 | ---- | M] (Webroot Software, Inc. ([You must be registered and logged in to see this link.] [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ssfs0bbc.sys -- (ssfs0bbc)
DRV - [2009-10-14 21:18:34 | 000,036,880 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\klbg.sys -- (klbg)
DRV - [2009-10-02 19:39:44 | 000,019,472 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2009-09-14 14:42:46 | 000,032,272 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klim5.sys -- (klim5)
DRV - [2009-09-01 15:29:50 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kl1.sys -- (kl1)
DRV - [2008-01-02 14:25:15 | 000,685,816 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2006-05-01 15:52:02 | 000,013,568 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2006-04-26 22:13:04 | 001,429,632 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel(R)
DRV - [2006-03-24 22:34:30 | 001,156,648 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006-03-08 17:35:10 | 000,191,872 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2005-10-14 14:40:18 | 000,307,968 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2005-10-14 14:40:18 | 000,051,328 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2005-10-14 14:40:18 | 000,028,544 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2005-08-05 15:32:16 | 000,045,312 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2005-07-22 02:02:12 | 001,035,008 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005-07-22 02:01:08 | 000,201,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2005-07-22 02:01:00 | 000,717,952 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005-06-29 17:21:24 | 000,019,328 | R--- | M] (WideView Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DTV_Loader_2X1.sys -- (DTV_Loader_2X1)
DRV - [2005-04-08 15:46:18 | 000,162,176 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pfc027.sys -- (PAC207)
DRV - [2004-12-06 07:05:00 | 000,100,603 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudfa.sys -- (tfsnudfa)
DRV - [2004-12-06 07:05:00 | 000,098,714 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudf.sys -- (tfsnudf)
DRV - [2004-12-06 07:05:00 | 000,086,586 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnifs.sys -- (tfsnifs)
DRV - [2004-12-06 07:05:00 | 000,034,843 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsncofs.sys -- (tfsncofs)
DRV - [2004-12-06 07:05:00 | 000,025,883 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnboio.sys -- (tfsnboio)
DRV - [2004-12-06 07:05:00 | 000,015,227 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnopio.sys -- (tfsnopio)
DRV - [2004-12-06 07:05:00 | 000,006,363 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnpool.sys -- (tfsnpool)
DRV - [2004-12-06 07:05:00 | 000,004,123 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndrct.sys -- (tfsndrct)
DRV - [2004-12-06 07:05:00 | 000,002,239 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndres.sys -- (tfsndres)
DRV - [2004-12-01 09:22:00 | 000,087,488 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
DRV - [2004-11-23 08:56:00 | 000,040,480 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\drvnddm.sys -- (drvnddm)
DRV - [2004-09-06 20:40:04 | 000,018,432 | R--- | M] (Computer & Entertainment, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DTV_Capture_2X0.sys -- (DTV_Capture_2X0)
DRV - [2004-08-12 23:45:54 | 000,137,728 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
DRV - [2004-08-04 05:07:44 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2004-08-04 05:07:44 | 000,041,088 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2004-08-04 04:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2004-07-14 17:29:04 | 000,005,627 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\sscdbhk5.sys -- (sscdbhk5)
DRV - [2004-07-14 17:28:50 | 000,023,545 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\ssrtln.sys -- (ssrtln)
DRV - [2004-02-13 15:46:00 | 000,017,153 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (omci)
DRV - [2003-12-08 15:53:50 | 000,036,256 | ---- | M] (THOMSON) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\alcan5ln.sys -- (alcan5ln) SpeedTouch(tm) USB ADSL RFC1483 Networking Driver (NDIS)
DRV - [2003-12-08 10:53:02 | 000,070,688 | R--- | M] (THOMSON) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\alcaudsl.sys -- (alcaudsl)
DRV - [2003-07-16 18:27:40 | 000,043,264 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2001-08-23 03:33:56 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001-08-18 04:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001-08-18 04:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001-08-18 04:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001-08-18 04:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001-08-18 04:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001-08-18 03:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001-08-18 03:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001-08-18 03:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001-08-18 03:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001-08-18 03:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001-08-18 03:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001-08-18 03:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001-08-18 03:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001-08-18 03:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001-08-18 02:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\el90xbc5.sys -- (EL90XBC)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {473c2cc6-c9d8-b3d5-1118-a9daef875c2e}:4.6.6.2
FF - prefs.js..extensions.enabledItems: {A94B8D9A-BC01-4881-AA8D-F54DA7E2DC1E}:1.9.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0


FF - HKLM\software\mozilla\Firefox\Extensions\\{A94B8D9A-BC01-4881-AA8D-F54DA7E2DC1E}: C:\Documents and Settings\POM\Configuración local\Datos de programa\{A94B8D9A-BC01-4881-AA8D-F54DA7E2DC1E} [2010-01-30 01:21:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Archivos de programa\Mozilla Firefox\components [2010-06-28 09:09:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Archivos de programa\Mozilla Firefox\plugins [2010-06-28 09:09:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Archivos de programa\Kaspersky Lab\Kaspersky Internet Security 2010\THBExt [2009-12-19 04:10:47 | 000,000,000 | ---D | M]

[2008-12-12 16:07:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\POM\Datos de programa\Mozilla\Extensions
[2010-06-29 09:12:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\POM\Datos de programa\Mozilla\Firefox\Profiles\lcznavsi.default\extensions
[2009-12-31 15:15:31 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\POM\Datos de programa\Mozilla\Firefox\Profiles\lcznavsi.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009-12-29 12:12:07 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\POM\Datos de programa\Mozilla\Firefox\Profiles\lcznavsi.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010-06-27 18:09:20 | 000,000,000 | ---D | M] -- C:\Archivos de programa\Mozilla Firefox\extensions
[2009-12-28 16:54:00 | 000,000,000 | ---D | M] (LoudMo Contextual Ad Assistant) -- C:\Archivos de programa\Mozilla Firefox\extensions\{473c2cc6-c9d8-b3d5-1118-a9daef875c2e}
[2010-05-01 20:58:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Archivos de programa\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010-05-01 20:57:56 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Archivos de programa\Mozilla Firefox\plugins\npdeployJava1.dll
[2010-04-01 18:01:14 | 000,003,996 | ---- | M] () -- C:\Archivos de programa\Mozilla Firefox\searchplugins\drae.xml
[2010-04-01 18:01:14 | 000,000,751 | ---- | M] () -- C:\Archivos de programa\Mozilla Firefox\searchplugins\eBay-es.xml
[2010-04-01 18:01:14 | 000,001,178 | ---- | M] () -- C:\Archivos de programa\Mozilla Firefox\searchplugins\wikipedia-es.xml
[2010-04-01 18:01:14 | 000,001,102 | ---- | M] () -- C:\Archivos de programa\Mozilla Firefox\searchplugins\yahoo-es.xml

O1 HOSTS File: ([2008-12-09 20:58:58 | 000,000,792 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Archivos de programa\Archivos comunes\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {1C46D9F2-F166-25BA-07A9-083CA9C1F3E8} - C:\WINDOWS\System32\ogykgmk.dll File not found
O2 - BHO: (no name) - {44B7FEAD-E392-4EBC-822C-FB54333396D1} - C:\WINDOWS\System32\xxywXNgf.dll File not found
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Archivos de programa\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live Aplicación auxiliar de inicio de sesión) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (PDFCreator Toolbar Helper) - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Archivos de programa\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll ()
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Archivos de programa\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O3 - HKLM\..\Toolbar: (PDFCreator Toolbar) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Archivos de programa\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll ()
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (PDFCreator Toolbar) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Archivos de programa\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (PDFCreator Toolbar) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Archivos de programa\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe ARM] C:\Archivos de programa\Archivos comunes\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [b0170c95] C:\WINDOWS\system32\mjltivca.DLL File not found
O4 - HKLM..\Run: [IntelWireless] C:\Archivos de programa\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Archivos de programa\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Archivos de programa\Archivos comunes\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Archivos de programa\Archivos comunes\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [kybcmt] C:\WINDOWS\System32\kybcmt.exe File not found
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SpeedTouch USB Diagnostics] C:\Archivos de programa\Thomson\SpeedTouch USB\Dragdiag.exe (THOMSON Telecom Belgium)
O4 - HKLM..\Run: [SpySweeper] C:\Archivos de programa\Webroot\WebrootSecurity\SpySweeperUI.exe (Webroot Software, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Archivos de programa\Archivos comunes\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Archivos de programa\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [ares] C:\Archivos de programa\Ares\Ares.exe File not found
O4 - HKCU..\Run: [DAEMON Tools] C:\Archivos de programa\DAEMON Tools\daemon.exe (DT Soft Ltd.)
O4 - HKCU..\Run: [ModemOnHold] C:\Archivos de programa\NetWaiting\NetWaiting.exe ()
O4 - HKCU..\Run: [SsAAD.exe] C:\Archivos de programa\Sony\SonicStage\SSAAD.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Menú Inicio\Programas\Inicio\.protected ()
O4 - Startup: C:\Documents and Settings\All Users\Menú Inicio\Programas\Inicio\Adobe Gamma Loader.lnk = C:\Archivos de programa\Archivos comunes\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\POM\Menú Inicio\Programas\Inicio\.protected ()
O4 - Startup: C:\Documents and Settings\POM\Menú Inicio\Programas\Inicio\BBC iPlayer Desktop.lnk = C:\Archivos de programa\BBC iPlayer Desktop\BBC iPlayer Desktop.exe File not found
O4 - Startup: C:\Documents and Settings\POM\Menú Inicio\Programas\Inicio\Samsung Auto Backup Guage.lnk = C:\Archivos de programa\Clarus\Samsung Auto Backup\ISFGuage.exe (Clarus, Inc.)
O4 - Startup: C:\Documents and Settings\POM\Menú Inicio\Programas\Inicio\Samsung Auto Backup Real-Time Daemon.lnk = C:\Archivos de programa\Clarus\Samsung Auto Backup\ISFRealTimeD.exe (Clarus, Inc.)
O4 - Startup: C:\Documents and Settings\POM\Menú Inicio\Programas\Inicio\Samsung Auto Backup Scheduler.lnk = C:\Archivos de programa\Clarus\Samsung Auto Backup\ISFTimerD.exe (Clarus, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Agregar al componente Anti-Banner - C:\Archivos de programa\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm ()
O8 - Extra context menu item: E&xportar a Microsoft Excel - C:\Archivos de programa\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Antivirus de la Web - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Archivos de programa\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll (Kaspersky Lab)
O16 - DPF: {00000161-9980-0010-8000-00AA00389B71} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} [You must be registered and logged in to see this link.] (Facebook Photo Uploader 5 Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} [You must be registered and logged in to see this link.] (Windows Genuine Advantage Validation Tool)
O16 - DPF: {4E8A3661-FB5B-4AEF-BF60-B0E9712FAE49} [You must be registered and logged in to see this link.] (Silverwire Image Uploader 3.0 Control)
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} [You must be registered and logged in to see this link.] (Facebook Photo Uploader 4 Control)
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} [You must be registered and logged in to see this link.] (Facebook Photo Uploader Control)
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} [You must be registered and logged in to see this link.] (Autodesk MapGuide ActiveX Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} [You must be registered and logged in to see this link.] (MUWebControl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} [You must be registered and logged in to see this link.] (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.5.0_09)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.5.0_10)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\archiv~1\kasper~1\kasper~1.0\adialhk.dll vggonl.dll) - c:\archiv~1\kasper~1\kasper~1.0\adialhk.dll vggonl.dll File not found
O20 - AppInit_DLLs: (c:\archiv~1\kasper~1\kasper~1\mzvkbd3.dll) - c:\Archivos de programa\Kaspersky Lab\Kaspersky Internet Security 2010\mzvkbd3.dll (Kaspersky Lab)
O20 - AppInit_DLLs: (c:\archiv~1\kasper~1\kasper~1\kloehk.dll) - c:\Archivos de programa\Kaspersky Lab\Kaspersky Internet Security 2010\kloehk.dll (Kaspersky Lab)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\klogon: DllName - C:\WINDOWS\system32\klogon.dll - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab)
O20 - Winlogon\Notify\vtUmNFwt: DllName - vtUmNFwt.dll - File not found
O24 - Desktop Components:0 (Mi página de inicio actual) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\POM\Configuración local\Datos de programa\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\POM\Configuración local\Datos de programa\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Archivos de programa\Windows Defender\MpShHook.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (C:\WINDOWS\system32\xxywXNgf) - File not found
O30 - LSA: Authentication Packages - (unes\Roxio Shared\9.0\DLLShared\\e) - File not found
O30 - LSA: Security Packages - (comunes\Roxio Shared\9.0\DLLSha) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004-09-09 23:57:56 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{5bb261ee-0c1d-11df-b161-0015c5abbaaf}\Shell\AutoRun\command - "" = F:\SamsungSoftware\APPInst.exe -- File not found
O33 - MountPoints2\{5e828de6-9f76-11dc-b4e6-0015c5abbaaf}\Shell\AutoRun\command - "" = fooool.exe
O33 - MountPoints2\{5e828de6-9f76-11dc-b4e6-0015c5abbaaf}\Shell\explore\Command - "" = fooool.exe
O33 - MountPoints2\{5e828de6-9f76-11dc-b4e6-0015c5abbaaf}\Shell\open\Command - "" = fooool.exe
O33 - MountPoints2\{726ef554-7990-11db-bd05-0015c5abbaaf}\Shell - "" = AutoRun
O33 - MountPoints2\{726ef554-7990-11db-bd05-0015c5abbaaf}\Shell\1\Command - "" = .\RECYCLER\RECYCLER.exe
O33 - MountPoints2\{726ef554-7990-11db-bd05-0015c5abbaaf}\Shell\2\Command - "" = .\RECYCLER\RECYCLER.exe
O33 - MountPoints2\{8cc1e047-7411-11db-bd03-0015c5abbaaf}\Shell\auto\command - "" = Knight.exe open
O33 - MountPoints2\{8cc1e047-7411-11db-bd03-0015c5abbaaf}\Shell\explore\command - "" = Knight.exe open
O33 - MountPoints2\{8cc1e047-7411-11db-bd03-0015c5abbaaf}\Shell\find\command - "" = Knight.exe open
O33 - MountPoints2\{8cc1e047-7411-11db-bd03-0015c5abbaaf}\Shell\install\command - "" = Knight.exe open
O33 - MountPoints2\{8cc1e047-7411-11db-bd03-0015c5abbaaf}\Shell\open\command - "" = Knight.exe open
O33 - MountPoints2\{ac9b3aca-a7da-11db-bde0-0015c5abbaaf}\Shell - "" = AutoRun
O33 - MountPoints2\{c8564bf5-4e4c-11dd-ac4e-0015c5abbaaf}\Shell - "" = AutoRun
O33 - MountPoints2\{c8564bf5-4e4c-11dd-ac4e-0015c5abbaaf}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O33 - MountPoints2\{ce92a4fc-9450-11dc-b4cf-0015c5abbaaf}\Shell\AutoRun\command - "" = fooool.exe
O33 - MountPoints2\{ce92a4fc-9450-11dc-b4cf-0015c5abbaaf}\Shell\explore\Command - "" = fooool.exe
O33 - MountPoints2\{ce92a4fc-9450-11dc-b4cf-0015c5abbaaf}\Shell\open\Command - "" = fooool.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2004-09-09 23:43:20 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

MsConfig - Services: "WMPNetworkSvc"
MsConfig - Services: "SwPrv"
MsConfig - Services: "gusvc"
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Menú Inicio^Programas^Inicio^Microsoft Office.lnk - C:\Archivos de programa\Microsoft Office\Office10\OSA.EXE - (Microsoft Corporation)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Menú Inicio^Programas^Inicio^WinZip Quick Pick.lnk - C:\ARCHIV~1\WinZip10\WZQKPICK.EXE - File not found
MsConfig - StartUpReg: ares - hkey= - key= - C:\Archivos de programa\Ares\Ares.exe File not found
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Archivos de programa\iTunes\iTunesHelper.exe File not found
MsConfig - StartUpReg: SDR6Y_Check - hkey= - key= - C:\Archivos de programa\Archivos comunes\DriveCleaner 2006 Free\sdrmon.exe File not found
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 2
MsConfig - State: "startup" - 2

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: WebrootSpySweeperService - C:\Archivos de programa\Webroot\WebrootSecurity\SpySweeper.exe (Webroot Software, Inc. ([You must be registered and logged in to see this link.]
SafeBootMin: WinDefend - C:\Archivos de programa\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SafeBootMin: WRConsumerService - C:\Archivos de programa\Webroot\WebrootSecurity\WRConsumerService.exe (Webroot Software, Inc. )
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: WebrootSpySweeperService - C:\Archivos de programa\Webroot\WebrootSecurity\SpySweeper.exe (Webroot Software, Inc. ([You must be registered and logged in to see this link.]
SafeBootNet: WinDefend - C:\Archivos de programa\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SafeBootNet: WRConsumerService - C:\Archivos de programa\Webroot\WebrootSecurity\WRConsumerService.exe (Webroot Software, Inc. )
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Generación de gráficos vectoriales (VML)
ActiveX: {1325db73-d9f1-48f8-8895-6d814ec58889} - Actualización de seguridad para Windows XP (KB913433)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.4
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Enlace dinámico de datos HTML para Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Autoría avanzada
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - Clases Java DirectAnimation
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Carpetas Web
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {83169D43-4660-4347-BC95-E9D6E6BE65CE} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Programador de tareas
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.atrac3 - c:\Archivos de programa\Codec Pack de ELISOFT\atrac3\atrac3.acm ()
Drivers32: msacm.avis - c:\Archivos de programa\Codec Pack de ELISOFT\ffvfw\ffvfw.dll ()
Drivers32: msacm.divxa32 - c:\Archivos de programa\Codec Pack de ELISOFT\wma\DivXa32.acm (Kristal StudioD FileDescription)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.imc - c:\Archivos de programa\Codec Pack de ELISOFT\i263\IMC32.ACM (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\System32\l3codeca.acm (Kristal Studio)
Drivers32: msacm.lameacm - c:\Archivos de programa\Codec Pack de ELISOFT\mp3lame\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.msaudio2 - c:\Archivos de programa\Codec Pack de ELISOFT\wma\Msaud32h.acm (Microsoft Corporation)
Drivers32: msacm.qmpeg - c:\Archivos de programa\Codec Pack de ELISOFT\qmpeg\qmpeg.acm (QDesign Corporation)
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msacm.uleaddv - c:\Archivos de programa\Codec Pack de ELISOFT\uleaddv\DVACM.ACM (Ulead Systems, Inc.)
Drivers32: msacm.vorbis - c:\Archivos de programa\Codec Pack de ELISOFT\vorbis\vorbis.acm (HMS [You must be registered and logged in to see this link.]
Drivers32: msacm.ympgacm - c:\Archivos de programa\Codec Pack de ELISOFT\ympeg\ympgacm.acm ()
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.3IV2 - c:\Archivos de programa\Codec Pack de ELISOFT\3ivx\3ivxVfWCodec.dll (3ivx.com)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIV3 - c:\Archivos de programa\Codec Pack de ELISOFT\divx3\DivXc32.dll (Hacked with Joy !)
Drivers32: vidc.DIV4 - c:\Archivos de programa\Codec Pack de ELISOFT\divx412\divx.dll (DivXNetworks, Inc.)
Drivers32: vidc.DIVX - c:\Archivos de programa\Codec Pack de ELISOFT\divx511\DivX.dll (DivXNetworks, Inc.)
Drivers32: vidc.dmb1 - c:\Archivos de programa\Codec Pack de ELISOFT\m3jpegv3\m3jpeg32.dll (Morgan Multimedia)
Drivers32: vidc.dvmc - c:\Archivos de programa\Codec Pack de ELISOFT\mcdv\mcdvd_32.dll (MainConcept)
Drivers32: vidc.fvfw - c:\Archivos de programa\Codec Pack de ELISOFT\ffvfw\ffvfw.dll ()
Drivers32: VIDC.HFYU - c:\Archivos de programa\Codec Pack de ELISOFT\huffyuv\huffyuv.dll (Disappearing Inc.)
Drivers32: vidc.I263 - c:\Archivos de programa\Codec Pack de ELISOFT\i263\i263_32.drv (Intel Corporation)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: VIDC.MJPG - c:\Archivos de programa\Codec Pack de ELISOFT\picvideo\pvmjpg21.dll (Pegasus Imaging Corporation)
Drivers32: vidc.MJPX - c:\Archivos de programa\Codec Pack de ELISOFT\m3jpegv3\m3jpeg32.dll (Morgan Multimedia)
Drivers32: vidc.MP42 - c:\Archivos de programa\Codec Pack de ELISOFT\mpeg4\Mpg4c32.dll (Microcrap Corporation)
Drivers32: vidc.MP43 - c:\Archivos de programa\Codec Pack de ELISOFT\mpeg4\Mpg4c32.dll (Microcrap Corporation)
Drivers32: vidc.MPG4 - c:\Archivos de programa\Codec Pack de ELISOFT\mpeg4\Mpg4c32.dll (Microcrap Corporation)
Drivers32: VIDC.MSZH - c:\Archivos de programa\Codec Pack de ELISOFT\lcljp\avimszh.dll ()
Drivers32: vidc.MVW1 - c:\Archivos de programa\Codec Pack de ELISOFT\aware\ICMW_32.DLL (Aware Inc.)
Drivers32: VIDC.PIMJ - c:\Archivos de programa\Codec Pack de ELISOFT\picvideo\pvljpg20.dll (Pegasus Imaging Corporation)
Drivers32: VIDC.PVW2 - c:\Archivos de programa\Codec Pack de ELISOFT\picvideo\pvwv220.dll (Pegasus Imaging Corporation)
Drivers32: VIDC.SJPG - c:\Archivos de programa\Codec Pack de ELISOFT\pmmjpeg\pmmjpeg.dll (Paradigm Matrix, Inc. San Ramon CA USA)
Drivers32: vidc.VP31 - c:\Archivos de programa\Codec Pack de ELISOFT\on2vp3\vp31vfw.dll (On2.com)
Drivers32: vidc.VP60 - c:\Archivos de programa\Codec Pack de ELISOFT\on2vp6\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - c:\Archivos de programa\Codec Pack de ELISOFT\on2vp6\vp6vfw.dll (On2.com)
Drivers32: VIDC.WMV3 - c:\Archivos de programa\Codec Pack de ELISOFT\wm9\WMV9VCM.dll (Microsoft Corporation)
Drivers32: vidc.xvid - c:\Archivos de programa\Codec Pack de ELISOFT\xvid\xvid.dll ()
Drivers32: VIDC.YMPG - c:\Archivos de programa\Codec Pack de ELISOFT\ympeg\ympgcdc.dll ()
Drivers32: VIDC.ZLIB - c:\Archivos de programa\Codec Pack de ELISOFT\lcljp\avizlib.dll ()

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (65315805348233216)

========== Files/Folders - Created Within 30 Days ==========

[2010-06-29 10:35:18 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\POM\Escritorio\OTL.exe
[2010-06-01 10:59:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\POM\Mis documentos\Libros Chilenos wenos
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010-06-29 10:35:29 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\POM\Escritorio\OTL.exe
[2010-06-29 10:25:18 | 014,680,064 | -H-- | M] () -- C:\Documents and Settings\POM\NTUSER.DAT
[2010-06-29 10:00:00 | 000,000,290 | ---- | M] () -- C:\WINDOWS\tasks\imzdltgd.job
[2010-06-29 09:13:15 | 000,000,344 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010-06-29 09:10:43 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010-06-29 09:10:11 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010-06-29 09:10:06 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010-06-29 09:10:04 | 1063,714,816 | -HS- | M] () -- C:\hiberfil.sys
[2010-06-29 00:50:27 | 000,000,304 | -HS- | M] () -- C:\Documents and Settings\POM\ntuser.ini
[2010-06-28 20:35:10 | 000,000,432 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{541ED365-48BA-4898-9629-DAE8E5AC22EC}.job
[2010-06-28 16:09:02 | 000,359,721 | ---- | M] () -- C:\Documents and Settings\POM\Escritorio\order_history.pdf
[2010-06-28 16:07:59 | 000,002,795 | ---- | M] () -- C:\Documents and Settings\POM\Escritorio\hyde park.pdf
[2010-06-28 15:46:48 | 000,212,015 | ---- | M] () -- C:\Documents and Settings\POM\Escritorio\200629163442455.pdf
[2010-06-28 12:40:23 | 000,669,032 | ---- | M] () -- C:\Documents and Settings\POM\Escritorio\127748744529.pdf
[2010-06-28 12:29:37 | 000,049,664 | ---- | M] () -- C:\Documents and Settings\POM\Escritorio\Ficha de Inscripcion.doc
[2010-06-27 23:09:56 | 000,022,016 | ---- | M] () -- C:\Documents and Settings\POM\Escritorio\Carta a autores extranjeros Paula P.doc
[2010-06-27 23:09:52 | 000,026,624 | ---- | M] () -- C:\Documents and Settings\POM\Escritorio\Carta final-Extranjeros-Marxismo.doc
[2010-06-25 10:00:08 | 000,001,668 | ---- | M] () -- C:\WINDOWS\tasks\wrSpySweeper_LB0B852A774CA486580D24D79F6EDB7D8.job
[2010-06-23 08:51:12 | 001,214,372 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010-06-23 08:51:12 | 000,553,868 | ---- | M] () -- C:\WINDOWS\System32\perfh00A.dat
[2010-06-23 08:51:12 | 000,489,930 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010-06-23 08:51:12 | 000,109,588 | ---- | M] () -- C:\WINDOWS\System32\perfc00A.dat
[2010-06-23 08:51:12 | 000,090,010 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010-06-21 17:25:41 | 000,042,953 | ---- | M] () -- C:\Documents and Settings\POM\Escritorio\marturet.rtf
[2010-06-15 17:02:55 | 000,105,472 | ---- | M] () -- C:\Documents and Settings\POM\Escritorio\Registration Form PhD Conference 2010.doc
[2010-06-15 14:18:47 | 000,181,760 | ---- | M] () -- C:\Documents and Settings\POM\Escritorio\demanda.doc
[2010-06-10 07:09:20 | 000,290,088 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010-06-09 22:43:03 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010-06-09 22:26:28 | 000,050,176 | ---- | M] () -- C:\Documents and Settings\POM\Escritorio\Changes introduced with the Youth Justice reform DRAFT.doc
[2010-06-09 13:12:15 | 000,186,991 | ---- | M] () -- C:\Documents and Settings\POM\Escritorio\CareersinAcademia-programmeweb.pdf
[2010-06-07 17:09:41 | 000,066,048 | ---- | M] () -- C:\Documents and Settings\POM\Escritorio\job_description_1052.doc
[2010-06-01 23:18:34 | 000,397,098 | ---- | M] () -- C:\Documents and Settings\POM\Mis documentos\JUSTIS advance project.pdf
[2010-06-01 23:11:53 | 000,136,704 | ---- | M] () -- C:\Documents and Settings\POM\Escritorio\Literature review CHILE draft one.doc
[2010-06-01 22:41:03 | 000,036,502 | ---- | M] () -- C:\Documents and Settings\POM\Escritorio\Introduccion de El reves del derecho Carranza Garcia Mendez.pdf
[2010-06-01 22:30:13 | 000,061,952 | ---- | M] () -- C:\Documents and Settings\POM\Escritorio\Youth Justice Reform in Chile introduction CHRIS.doc
[2010-06-01 22:03:03 | 000,089,600 | ---- | M] () -- C:\Documents and Settings\POM\Escritorio\Children rights in Chile and Bill drafts CHRIS.doc
[2010-06-01 10:51:33 | 000,293,703 | ---- | M] () -- C:\Documents and Settings\POM\Escritorio\7270503-3-Manifiesto-de-Historiadores-La-Dictadura-Militar-y-El-Juicio-de-La-Historia.pdf
[2010-05-31 17:36:40 | 000,000,049 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010-06-28 16:09:01 | 000,359,721 | ---- | C] () -- C:\Documents and Settings\POM\Escritorio\order_history.pdf
[2010-06-28 16:07:38 | 000,002,795 | ---- | C] () -- C:\Documents and Settings\POM\Escritorio\hyde park.pdf
[2010-06-28 15:46:44 | 000,212,015 | ---- | C] () -- C:\Documents and Settings\POM\Escritorio\200629163442455.pdf
[2010-06-28 12:40:22 | 000,669,032 | ---- | C] () -- C:\Documents and Settings\POM\Escritorio\127748744529.pdf
[2010-06-28 12:29:31 | 000,049,664 | ---- | C] () -- C:\Documents and Settings\POM\Escritorio\Ficha de Inscripcion.doc
[2010-06-27 18:56:59 | 000,026,624 | ---- | C] () -- C:\Documents and Settings\POM\Escritorio\Carta final-Extranjeros-Marxismo.doc
[2010-06-27 18:56:13 | 000,022,016 | ---- | C] () -- C:\Documents and Settings\POM\Escritorio\Carta a autores extranjeros Paula P.doc
[2010-06-21 17:25:39 | 000,042,953 | ---- | C] () -- C:\Documents and Settings\POM\Escritorio\marturet.rtf
[2010-06-15 17:02:52 | 000,105,472 | ---- | C] () -- C:\Documents and Settings\POM\Escritorio\Registration Form PhD Conference 2010.doc
[2010-06-15 14:18:42 | 000,181,760 | ---- | C] () -- C:\Documents and Settings\POM\Escritorio\demanda.doc
[2010-06-09 13:12:13 | 000,186,991 | ---- | C] () -- C:\Documents and Settings\POM\Escritorio\CareersinAcademia-programmeweb.pdf
[2010-06-07 17:09:16 | 000,066,048 | ---- | C] () -- C:\Documents and Settings\POM\Escritorio\job_description_1052.doc
[2010-06-01 23:18:34 | 000,397,098 | ---- | C] () -- C:\Documents and Settings\POM\Mis documentos\JUSTIS advance project.pdf
[2010-06-01 22:57:25 | 000,050,176 | ---- | C] () -- C:\Documents and Settings\POM\Escritorio\Changes introduced with the Youth Justice reform DRAFT.doc
[2010-06-01 22:41:03 | 000,036,502 | ---- | C] () -- C:\Documents and Settings\POM\Escritorio\Introduccion de El reves del derecho Carranza Garcia Mendez.pdf
[2010-06-01 22:03:02 | 000,089,600 | ---- | C] () -- C:\Documents and Settings\POM\Escritorio\Children rights in Chile and Bill drafts CHRIS.doc
[2010-06-01 20:36:06 | 000,061,952 | ---- | C] () -- C:\Documents and Settings\POM\Escritorio\Youth Justice Reform in Chile introduction CHRIS.doc
[2010-06-01 10:51:30 | 000,293,703 | ---- | C] () -- C:\Documents and Settings\POM\Escritorio\7270503-3-Manifiesto-de-Historiadores-La-Dictadura-Militar-y-El-Juicio-de-La-Historia.pdf
[2010-05-31 16:20:08 | 000,136,704 | ---- | C] () -- C:\Documents and Settings\POM\Escritorio\Literature review CHILE draft one.doc
[2009-11-06 13:00:28 | 000,031,088 | ---- | C] () -- C:\WINDOWS\System32\wrLZMA.dll
[2008-12-09 20:55:13 | 000,001,715 | -HS- | C] () -- C:\WINDOWS\System32\fgNXwyxx.ini
[2008-12-09 14:39:35 | 001,498,584 | -HS- | C] () -- C:\WINDOWS\System32\acvitljm.ini
[2008-12-09 14:38:02 | 000,001,715 | -HS- | C] () -- C:\WINDOWS\System32\fgNXwyxx.ini2
[2008-08-27 02:53:14 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\grcauth2.dll
[2008-08-27 02:53:14 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\grcauth1.dll
[2008-08-27 02:53:14 | 000,000,100 | ---- | C] () -- C:\WINDOWS\System32\prsgrc.dll
[2008-01-02 14:25:14 | 000,685,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2007-10-29 03:24:55 | 000,005,606 | R--- | C] () -- C:\WINDOWS\System32\stci.dll
[2007-08-31 04:06:33 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Sony.dll
[2007-08-24 03:40:37 | 000,000,049 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007-05-26 16:52:45 | 000,000,124 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007-02-23 23:06:43 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\UNRAR3.dll
[2007-02-23 23:06:43 | 000,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll
[2007-02-18 22:49:04 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\mmswitch.dll
[2007-02-18 22:48:54 | 000,168,448 | ---- | C] () -- C:\WINDOWS\System32\ympg.dll
[2007-02-18 22:48:51 | 000,000,695 | ---- | C] () -- C:\WINDOWS\M3JPEG.INI
[2007-02-18 22:48:51 | 000,000,079 | ---- | C] () -- C:\WINDOWS\huffyuv.ini
[2007-02-18 22:48:46 | 000,372,736 | ---- | C] () -- C:\WINDOWS\System32\ffvfw.dll
[2007-02-18 22:48:46 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll
[2007-02-18 22:48:45 | 000,770,048 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2007-01-17 14:46:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\serauth2.dll
[2007-01-17 14:46:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\serauth1.dll
[2007-01-17 14:46:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\nsprs.dll
[2006-12-26 21:36:20 | 000,000,762 | ---- | C] () -- C:\WINDOWS\dialerexe.ini
[2006-12-02 18:08:25 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2006-09-26 02:13:23 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll
[2006-09-26 02:13:23 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll
[2006-09-26 02:13:23 | 000,000,073 | ---- | C] () -- C:\WINDOWS\System32\ssprs.dll
[2006-09-26 02:13:22 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2006-09-26 02:13:22 | 000,000,477 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll
[2006-09-17 04:06:11 | 000,000,608 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006-09-01 18:25:48 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006-09-01 18:22:22 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006-09-01 17:58:50 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2006-09-01 17:57:31 | 000,000,538 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005-04-09 16:04:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005-04-08 15:46:18 | 000,162,176 | ---- | C] () -- C:\WINDOWS\System32\drivers\pfc027.sys
[2005-01-25 19:15:42 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\PA207Usd.dll
[2004-09-09 23:54:20 | 000,003,656 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004-08-18 14:00:00 | 000,035,328 | -H-- | C] () -- C:\WINDOWS\System32\msls50.dll
[1997-06-14 15:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll

========== Custom Scans ==========

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009-11-06 13:00:28 | 000,031,088 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\wrLZMA.dll
[6 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\*.exe /lockedfiles >
[2009-11-06 13:00:20 | 000,016,240 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\SsiEfr.exe
[6 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2008-01-02 14:25:15 | 000,685,816 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sptd.sys

< %systemroot%\System32\config\*.sav >
[2004-09-09 23:48:44 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2004-09-09 23:48:44 | 000,643,072 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2004-09-09 23:48:44 | 000,454,656 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav



pom
Novice
Novice

Posts Posts : 7
Joined Joined : 2010-06-29
OS OS : XP
Points Points : 23613
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Ad served by primawega

Post by pom on Thu Jul 01, 2010 3:53 pm

CONTINUES (OTL.txt file)

< %systemroot%\system32\*.sys >
[2004-08-20 18:00:00 | 000,009,035 | ---- | M] () -- C:\WINDOWS\system32\ansi.sys
[2004-08-20 18:00:00 | 000,027,097 | ---- | M] () -- C:\WINDOWS\system32\country.sys
[2004-08-20 18:00:00 | 000,004,960 | ---- | M] () -- C:\WINDOWS\system32\himem.sys
[2004-08-20 18:00:00 | 000,042,809 | ---- | M] () -- C:\WINDOWS\system32\key01.sys
[2004-08-20 18:00:00 | 000,042,537 | ---- | M] () -- C:\WINDOWS\system32\keyboard.sys
[2004-08-20 18:00:00 | 000,027,900 | ---- | M] () -- C:\WINDOWS\system32\ntdos.sys
[2004-08-20 18:00:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos404.sys
[2004-08-20 18:00:00 | 000,029,370 | ---- | M] () -- C:\WINDOWS\system32\ntdos411.sys
[2004-08-20 18:00:00 | 000,029,274 | ---- | M] () -- C:\WINDOWS\system32\ntdos412.sys
[2004-08-20 18:00:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos804.sys
[2004-08-20 18:00:00 | 000,034,016 | ---- | M] () -- C:\WINDOWS\system32\ntio.sys
[2004-08-20 18:00:00 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio404.sys
[2004-08-20 18:00:00 | 000,035,648 | ---- | M] () -- C:\WINDOWS\system32\ntio411.sys
[2004-08-20 18:00:00 | 000,035,424 | ---- | M] () -- C:\WINDOWS\system32\ntio412.sys
[2004-08-20 18:00:00 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio804.sys
[2004-08-20 18:00:00 | 000,017,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\watchdog.sys
[2010-05-02 09:26:01 | 001,851,008 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\win32k.sys
[6 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\drivers\*.dll >

< %systemroot%\system32\drivers\*.ini >

< %systemroot%\system32\drivers\*.exe >

< %SYSTEMDRIVE%\*.* >
[2006-10-12 17:43:40 | 000,000,000 | -H-- | M] () -- C:\.protected
[2007-05-30 20:27:16 | 000,001,378 | ---- | M] () -- C:\0167C301.key
[2007-01-09 21:07:39 | 000,000,000 | ---- | M] () -- C:\AILog.txt
[2004-09-09 23:57:56 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2007-04-16 18:36:10 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2004-08-20 18:00:00 | 000,004,952 | RHS- | M] () -- C:\Bootfont.bin
[2006-09-17 19:50:49 | 000,008,813 | ---- | M] () -- C:\caavsetup.log
[2007-04-12 00:55:34 | 000,009,663 | ---- | M] () -- C:\caisslog.txt
[2004-09-09 23:57:56 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2008-05-02 01:12:54 | 000,020,713 | ---- | M] () -- C:\debug.log
[2006-09-01 18:01:36 | 000,004,882 | RH-- | M] () -- C:\dell.sdr
[2009-12-08 14:39:53 | 000,037,382 | ---- | M] () -- C:\drwtsn32.log
[2009-02-13 23:16:27 | 000,013,824 | ---- | M] () -- C:\dvb.GRF
[2008-11-20 21:59:16 | 000,005,632 | ---- | M] () -- C:\dvb4.GRF
[2008-12-12 16:05:04 | 007,329,072 | ---- | M] (Mozilla) -- C:\Firefox Setup 3.0.4.exe
[2010-04-04 12:31:44 | 008,170,528 | ---- | M] (Mozilla) -- C:\Firefox Setup 3.6.3.exe
[2010-06-29 09:10:04 | 1063,714,816 | -HS- | M] () -- C:\hiberfil.sys
[2008-04-23 18:23:31 | 000,304,957 | ---- | M] () -- C:\hjsplit.zip
[2006-09-18 00:15:39 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
[2009-07-01 17:12:38 | 001,878,888 | ---- | M] (Adobe Systems Incorporated) -- C:\install_flash_player.exe
[2004-09-09 23:57:56 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
[2008-12-09 15:22:20 | 039,647,808 | ---- | M] (Kaspersky Lab) -- C:\kav8.0.0.506en.exe
[2009-12-19 03:59:22 | 077,803,680 | ---- | M] (Kaspersky Lab) -- C:\kis2010_9.0.0.736LA.exe
[2007-04-11 21:27:48 | 016,020,704 | ---- | M] (Kaspersky Lab ) -- C:\kis6.0.0.303es_1y.exe
[2008-08-27 02:48:32 | 000,000,000 | ---- | M] () -- C:\law.sp
[2007-04-19 13:45:19 | 000,000,017 | ---- | M] () -- C:\log.txt
[2008-07-09 14:14:32 | 002,560,512 | ---- | M] () -- C:\milan.ppt
[2004-09-09 23:57:56 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS
[2009-10-23 01:44:42 | 013,504,792 | ---- | M] (Macrovision Corporation) -- C:\NapsterSetup-GB-4.6.2.8.exe
[2004-08-20 18:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2006-09-01 18:14:30 | 000,251,168 | RHS- | M] () -- C:\ntldr
[2010-06-29 09:10:02 | 1598,029,824 | -HS- | M] () -- C:\pagefile.sys
[2006-12-02 17:42:34 | 013,256,032 | ---- | M] (Frank Heindörfer, Philip Chinery ) -- C:\PDFCreator-0_9_3_GPLGhostscript.exe
[2010-01-05 22:44:32 | 002,795,178 | ---- | M] ( ) -- C:\poptools310_setup.exe
[2007-08-31 01:22:08 | 000,000,092 | ---- | M] () -- C:\ResumeOmgApDeliveryMgrCntrl_SonicStage_EmdDownloadObj.dmf
[2005-04-14 18:23:00 | 015,312,654 | ---- | M] (VideoCAM GF112 ) -- C:\SETUP.exe
[2008-12-19 14:10:27 | 004,566,456 | ---- | M] () -- C:\Shockwave_Installer_Slim.exe
[2007-08-31 01:09:56 | 000,820,216 | ---- | M] (Sony Corporation ) -- C:\SonicStageInstaller.exe
[2009-06-20 18:05:05 | 040,577,080 | ---- | M] (Webroot Software, Inc. ) -- C:\SpySweeperRegSetup_EN.exe
[2008-08-18 15:45:21 | 000,000,232 | -H-- | M] () -- C:\sqmdata00.sqm
[2009-04-16 23:46:33 | 000,000,232 | -H-- | M] () -- C:\sqmdata01.sqm
[2009-06-13 18:59:56 | 000,000,232 | -H-- | M] () -- C:\sqmdata02.sqm
[2009-07-30 05:41:44 | 000,000,232 | -H-- | M] () -- C:\sqmdata03.sqm
[2009-07-30 13:57:37 | 000,000,232 | -H-- | M] () -- C:\sqmdata04.sqm
[2008-08-18 15:45:21 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2009-04-16 23:46:33 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2009-06-13 18:59:56 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2009-07-30 05:41:43 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2009-07-30 13:57:37 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2006-12-29 16:51:09 | 000,304,160 | ---- | M] () -- C:\StiImg.dat
[2008-09-08 23:20:18 | 007,605,527 | ---- | M] (EffectMatrix Inc. ) -- C:\tvcnew.exe
[2006-10-20 21:32:03 | 009,083,205 | ---- | M] () -- C:\vcgf112.zip
[2009-12-09 01:45:29 | 042,059,904 | ---- | M] (Webroot Software, Inc. ) -- C:\WebrootSecurityRegSetup_EN.exe
[2007-09-22 04:08:08 | 002,841,074 | ---- | M] (FDRLab ) -- C:\youtubed_setup.exe

< %PROGRAMFILES%\*. >
[2010-03-15 11:06:07 | 000,000,000 | ---D | M] -- C:\Archivos de programa\Adobe
[2007-02-23 23:51:08 | 000,000,000 | ---D | M] -- C:\Archivos de programa\Advanced System Optimizer
[2007-08-24 03:34:34 | 000,000,000 | ---D | M] -- C:\Archivos de programa\Ahead
[2008-08-27 03:12:15 | 000,000,000 | ---D | M] -- C:\Archivos de programa\AMOS 16.0
[2007-08-24 20:10:17 | 000,000,000 | ---D | M] -- C:\Archivos de programa\Apple Software Update
[2010-03-14 12:23:51 | 000,000,000 | ---D | M] -- C:\Archivos de programa\Archivos comunes
[2008-04-23 18:11:37 | 000,000,000 | ---D | M] -- C:\Archivos de programa\art
[2008-01-02 15:07:11 | 000,000,000 | ---D | M] -- C:\Archivos de programa\audio
[2006-09-25 08:37:26 | 000,000,000 | ---D | M] -- C:\Archivos de programa\Browser Mouse
[2007-02-05 19:20:43 | 000,000,000 | ---D | M] -- C:\Archivos de programa\Cambridge
[2010-01-29 15:04:54 | 000,000,000 | ---D | M] -- C:\Archivos de programa\Clarus
[2009-12-31 15:01:25 | 000,000,000 | ---D | M] -- C:\Archivos de programa\Codec Pack de ELISOFT
[2007-11-21 21:36:52 | 000,000,000 | ---D | M] -- C:\Archivos de programa\Collins
[2008-01-02 15:04:16 | 000,000,000 | ---D | M] -- C:\Archivos de programa\Complete Guide to The TOEFL Test iBT Edition
[2004-09-09 23:55:26 | 000,000,000 | ---D | M] -- C:\Archivos de programa\ComPlus Applications
[2006-09-01 18:18:30 | 000,000,000 | ---D | M] -- C:\Archivos de programa\CONEXANT
[2009-12-31 15:07:13 | 000,000,000 | ---D | M] -- C:\Archivos de programa\CyberLink
[2008-01-02 15:02:14 | 000,000,000 | ---D | M] -- C:\Archivos de programa\Daemon Tools
[2008-05-19 23:49:19 | 000,000,000 | ---D | M] -- C:\Archivos de programa\DTV
[2008-03-26 23:16:53 | 000,000,000 | ---D | M] -- C:\Archivos de programa\eMule
[2010-03-14 12:23:10 | 000,000,000 | ---D | M] -- C:\Archivos de programa\EndNote X3
[2008-01-18 21:17:55 | 000,000,000 | ---D | M] -- C:\Archivos de programa\FunWebProducts
[2008-12-12 16:20:16 | 000,000,000 | ---D | M] -- C:\Archivos de programa\Google
[2009-12-31 14:57:40 | 000,000,000 | ---D | M] -- C:\Archivos de programa\HP
[2010-03-09 11:35:44 | 000,000,000 | -H-D | M] -- C:\Archivos de programa\InstallShield Installation Information
[2006-09-01 18:16:52 | 000,000,000 | ---D | M] -- C:\Archivos de programa\Intel
[2006-09-01 18:17:26 | 000,000,000 | ---D | M] -- C:\Archivos de programa\Intel, Inc
[2010-06-09 22:30:55 | 000,000,000 | ---D | M] -- C:\Archivos de programa\Internet Explorer
[2010-05-01 20:57:20 | 000,000,000 | ---D | M] -- C:\Archivos de programa\Java
[2008-01-02 14:32:27 | 000,000,000 | ---D | M] -- C:\Archivos de programa\Kap.TOEFL
[2008-01-02 14:23:40 | 000,000,000 | ---D | M] -- C:\Archivos de programa\Kaplan TOEFL IBT
[2009-12-19 04:09:39 | 000,000,000 | ---D | M] -- C:\Archivos de programa\Kaspersky Lab
[2007-11-30 20:04:44 | 000,000,000 | ---D | M] -- C:\Archivos de programa\Lingea
[2008-02-01 04:19:27 | 000,000,000 | ---D | M] -- C:\Archivos de programa\Longman iBT
[2008-01-02 14:58:59 | 000,000,000 | ---D | M] -- C:\Archivos de programa\LongMan TOEFL iBT
[2007-09-09 02:44:16 | 000,000,000 | ---D | M] -- C:\Archivos de programa\MagicRecovery Pro DEMO
[2008-08-15 15:51:03 | 000,000,000 | ---D | M] -- C:\Archivos de programa\Messenger
[2009-09-16 00:31:27 | 000,000,000 | ---D | M] -- C:\Archivos de programa\Microsoft
[2004-09-09 23:58:08 | 000,000,000 | ---D | M] -- C:\Archivos de programa\microsoft frontpage
[2006-12-16 16:26:11 | 000,000,000 | ---D | M] -- C:\Archivos de programa\Microsoft Office
[2009-10-22 17:14:10 | 000,000,000 | ---D | M] -- C:\Archivos de programa\Microsoft SQL Server
[2006-09-17 21:08:58 | 000,000,000 | ---D | M] -- C:\Archivos de programa\Microsoft Works
[2008-04-23 18:38:43 | 000,000,000 | ---D | M] -- C:\Archivos de programa\Microsoft.NET
[2006-09-17 04:12:46 | 000,000,000 | ---D | M] -- C:\Archivos de programa\Modem Helper
[2010-03-11 04:03:48 | 000,000,000 | ---D | M] -- C:\Archivos de programa\Movie Maker
[2010-06-28 09:09:13 | 000,000,000 | ---D | M] -- C:\Archivos de programa\Mozilla Firefox
[2009-10-23 02:41:17 | 000,000,000 | ---D | M] -- C:\Archivos de programa\MSBuild
[2008-12-09 16:17:32 | 000,000,000 | ---D | M] -- C:\Archivos de programa\MSECACHE
[2006-09-16 17:25:27 | 000,000,000 | ---D | M] -- C:\Archivos de programa\MSN
[2004-09-09 23:54:28 | 000,000,000 | ---D | M] -- C:\Archivos de programa\MSN Gaming Zone
[2006-10-15 20:48:03 | 000,000,000 | ---D | M] -- C:\Archivos de programa\MSXML 4.0
[2008-04-24 09:27:30 | 000,000,000 | ---D | M] -- C:\Archivos de programa\MSXML 6.0
[2010-03-09 11:35:51 | 000,000,000 | ---D | M] -- C:\Archivos de programa\Napster
[2004-09-09 23:55:54 | 000,000,000 | ---D | M] -- C:\Archivos de programa\NetMeeting
[2006-09-01 18:20:54 | 000,000,000 | ---D | M] -- C:\Archivos de programa\NetWaiting
[2008-12-24 13:41:41 | 000,000,000 | ---D | M] -- C:\Archivos de programa\Norton Security Scan
[2004-09-09 23:54:38 | 000,000,000 | ---D | M] -- C:\Archivos de programa\Online Services
[2010-05-12 16:30:58 | 000,000,000 | ---D | M] -- C:\Archivos de programa\Outlook Express
[2006-12-02 18:08:57 | 000,000,000 | ---D | M] -- C:\Archivos de programa\PDFCreator
[2006-12-02 18:08:42 | 000,000,000 | ---D | M] -- C:\Archivos de programa\PDFCreator Toolbar
[2010-01-15 15:04:57 | 000,000,000 | ---D | M] -- C:\Archivos de programa\PopTools
[2008-06-27 00:27:36 | 000,000,000 | ---D | M] -- C:\Archivos de programa\QSR
[2006-09-26 04:13:30 | 000,000,000 | ---D | M] -- C:\Archivos de programa\QuickTime
[2007-04-19 16:56:18 | 000,000,000 | ---D | M] -- C:\Archivos de programa\Real
[2008-01-14 20:39:00 | 000,000,000 | ---D | M] -- C:\Archivos de programa\Real Alternative
[2009-10-23 02:41:04 | 000,000,000 | ---D | M] -- C:\Archivos de programa\Reference Assemblies
[2006-12-08 22:12:04 | 000,000,000 | ---D | M] -- C:\Archivos de programa\Replay Converter
[2004-09-09 23:56:20 | 000,000,000 | ---D | M] -- C:\Archivos de programa\Servicios en línea
[2006-09-01 18:18:23 | 000,000,000 | ---D | M] -- C:\Archivos de programa\Sigmatel
[2006-09-20 16:13:31 | 000,000,000 | ---D | M] -- C:\Archivos de programa\Skype
[2006-11-03 02:45:03 | 000,000,000 | ---D | M] -- C:\Archivos de programa\Smartcom Internet Móvil
[2006-09-01 18:22:22 | 000,000,000 | ---D | M] -- C:\Archivos de programa\Sonic
[2009-09-28 12:34:22 | 000,000,000 | ---D | M] -- C:\Archivos de programa\Sony
[2007-04-19 13:53:15 | 000,000,000 | ---D | M] -- C:\Archivos de programa\Sony Corporation
[2008-01-02 15:07:11 | 000,000,000 | ---D | M] -- C:\Archivos de programa\speaking
[2007-10-29 03:25:31 | 000,000,000 | ---D | M] -- C:\Archivos de programa\SpeedTouch
[2008-08-23 19:49:38 | 000,000,000 | ---D | M] -- C:\Archivos de programa\SPSS
[2008-12-09 20:55:02 | 000,000,000 | ---D | M] -- C:\Archivos de programa\SPSS Evaluation
[2008-08-27 02:59:51 | 000,000,000 | ---D | M] -- C:\Archivos de programa\SPSSInc
[2006-09-01 18:20:10 | 000,000,000 | ---D | M] -- C:\Archivos de programa\Synaptics
[2009-05-26 20:05:17 | 000,000,000 | ---D | M] -- C:\Archivos de programa\Thomson
[2009-12-31 14:59:59 | 000,000,000 | ---D | M] -- C:\Archivos de programa\Total Video Converter
[2004-09-10 00:03:52 | 000,000,000 | -H-D | M] -- C:\Archivos de programa\Uninstall Information
[2008-12-09 17:15:29 | 000,000,000 | ---D | M] -- C:\Archivos de programa\Webroot
[2008-05-02 00:12:32 | 000,000,000 | ---D | M] -- C:\Archivos de programa\WinAVIVideoConverter
[2008-12-09 22:58:46 | 000,000,000 | ---D | M] -- C:\Archivos de programa\Windows Defender
[2008-12-09 16:19:06 | 000,000,000 | ---D | M] -- C:\Archivos de programa\Windows Installer Clean Up
[2009-09-16 00:31:20 | 000,000,000 | ---D | M] -- C:\Archivos de programa\Windows Live
[2009-09-16 00:30:55 | 000,000,000 | ---D | M] -- C:\Archivos de programa\Windows Live SkyDrive
[2007-01-29 16:48:58 | 000,000,000 | ---D | M] -- C:\Archivos de programa\Windows Media Connect 2
[2009-09-28 12:40:20 | 000,000,000 | ---D | M] -- C:\Archivos de programa\Windows Media Player
[2004-09-09 23:54:16 | 000,000,000 | ---D | M] -- C:\Archivos de programa\Windows NT
[2004-09-09 23:56:24 | 000,000,000 | -H-D | M] -- C:\Archivos de programa\WindowsUpdate
[2006-10-25 03:56:58 | 000,000,000 | ---D | M] -- C:\Archivos de programa\WinRAR
[2007-01-21 15:58:06 | 000,000,000 | ---D | M] -- C:\Archivos de programa\WinZip
[2006-12-12 08:25:42 | 000,000,000 | ---D | M] -- C:\Archivos de programa\WinZipb
[2008-01-02 15:07:11 | 000,000,000 | ---D | M] -- C:\Archivos de programa\writing
[2004-09-09 23:58:08 | 000,000,000 | ---D | M] -- C:\Archivos de programa\xerox
[2008-01-02 15:07:11 | 000,000,000 | ---D | M] -- C:\Archivos de programa\xtras

< %appdata%\*.* >
[2004-09-09 23:49:52 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\POM\Datos de programa\desktop.ini
[2009-11-28 12:31:25 | 000,081,128 | ---- | M] () -- C:\Documents and Settings\POM\Datos de programa\GDIPFONTCACHEV1.DAT


< MD5 for: AGP440.SYS >
[2004-08-20 18:00:00 | 018,785,875 | ---- | M] () .cab file -- C:\i386\sp2.cab:AGP440.sys
[2004-08-20 18:00:00 | 018,785,875 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008-04-13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\c90143e38809b5ce94759a9bc8b1e3be\agp440.sys
[2004-08-04 05:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\i386\AGP440.SYS
[2004-08-04 05:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\drivers\AGP440.SYS

< MD5 for: ATAPI.SYS >
[2004-08-20 18:00:00 | 018,785,875 | ---- | M] () .cab file -- C:\i386\sp2.cab:atapi.sys
[2004-08-20 18:00:00 | 018,785,875 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008-04-13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\c90143e38809b5ce94759a9bc8b1e3be\atapi.sys
[2004-08-04 04:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\i386\atapi.sys
[2004-08-04 04:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2004-08-04 04:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004-08-04 04:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\i386\atapi.sys

< MD5 for: DISK.SYS >
[2004-08-20 18:00:00 | 018,785,875 | ---- | M] () .cab file -- C:\i386\sp2.cab:disk.sys
[2004-08-20 18:00:00 | 018,785,875 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:disk.sys
[2004-08-20 18:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\i386\disk.sys
[2004-08-20 18:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\system32\drivers\disk.sys
[2008-04-13 19:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\SoftwareDistribution\Download\c90143e38809b5ce94759a9bc8b1e3be\disk.sys

< MD5 for: EVENTLOG.DLL >
[2008-04-14 03:18:21 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2744C713F0217BD8FFD13E2EF731371C -- C:\WINDOWS\SoftwareDistribution\Download\c90143e38809b5ce94759a9bc8b1e3be\eventlog.dll
[2004-08-20 18:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=5696DF4EF09C375CE42FB2DDE1E68AB7 -- C:\i386\eventlog.dll
[2004-08-20 18:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=5696DF4EF09C375CE42FB2DDE1E68AB7 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2004-08-20 18:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=7FD182B1B80117C353983565D60B1CAF -- C:\i386\netlogon.dll
[2004-08-20 18:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=7FD182B1B80117C353983565D60B1CAF -- C:\WINDOWS\system32\netlogon.dll
[2008-04-14 03:18:28 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=CD2BBB52DFAAB666B812A51B1E96F2A0 -- C:\WINDOWS\SoftwareDistribution\Download\c90143e38809b5ce94759a9bc8b1e3be\netlogon.dll
[2009-02-06 19:46:46 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=E24DE816D7A868A11A320C0A09164BFF -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009-02-06 19:46:46 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=E24DE816D7A868A11A320C0A09164BFF -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll

< MD5 for: SCECLI.DLL >
[2008-04-14 03:18:35 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=B6BE3C96CD33336A551DB3F2299A8E69 -- C:\WINDOWS\SoftwareDistribution\Download\c90143e38809b5ce94759a9bc8b1e3be\scecli.dll
[2004-08-20 18:00:00 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=C6347748F2E9F310EA1E1915482ABFEF -- C:\i386\scecli.dll
[2004-08-20 18:00:00 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=C6347748F2E9F310EA1E1915482ABFEF -- C:\WINDOWS\system32\scecli.dll

< MD5 for: USBSTOR.SYS >
[2004-08-20 18:00:00 | 018,785,875 | ---- | M] () .cab file -- C:\i386\sp2.cab:usbstor.sys
[2004-08-20 18:00:00 | 018,785,875 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:usbstor.sys
[2004-08-04 04:08:48 | 000,026,496 | ---- | M] (Microsoft Corporation) MD5=6CD7B22193718F1D17A47A1CD6D37E75 -- C:\WINDOWS\system32\dllcache\usbstor.sys
[2004-08-04 04:08:48 | 000,026,496 | ---- | M] (Microsoft Corporation) MD5=6CD7B22193718F1D17A47A1CD6D37E75 -- C:\WINDOWS\system32\drivers\USBSTOR.SYS
[2008-04-13 19:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\SoftwareDistribution\Download\c90143e38809b5ce94759a9bc8b1e3be\usbstor.sys

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-06-23 07:52:41

========== Alternate Data Streams ==========

@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Datos de programa\TEMP:CB0AACC9
< End of report >






pom
Novice
Novice

Posts Posts : 7
Joined Joined : 2010-06-29
OS OS : XP
Points Points : 23613
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Ad served by primawega

Post by pom on Thu Jul 01, 2010 3:55 pm

FILE Extras.txt

OTL Extras logfile created on: 29-06-2010 10:42:30 - Run 1
OTL by OldTimer - Version 3.2.7.0 Folder = C:\Documents and Settings\POM\Escritorio
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 0000340A | Country: Chile | Language: ESL | Date Format: dd-MM-yyyy

1.014,00 Mb Total Physical Memory | 667,00 Mb Available Physical Memory | 66,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 79,00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Archivos de programa
Drive C: | 107,32 Gb Total Space | 16,36 Gb Free Space | 15,25% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PAULA
Current User Name: POM
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Archivos de programa\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Archivos de programa\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Archivos de programa\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Archivos de programa\MSN Messenger\msnmsgr.exe" = C:\Archivos de programa\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 -- File not found
"C:\Archivos de programa\MSN Messenger\livecall.exe" = C:\Archivos de programa\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found
"C:\Archivos de programa\Windows Live\Messenger\wlcsdk.exe" = C:\Archivos de programa\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Archivos de programa\Ares\Ares.exe" = C:\Archivos de programa\Ares\Ares.exe:*:Enabled:Ares -- File not found
"C:\Archivos de programa\Microsoft Games\Age of Empires II\empires2.exe" = C:\Archivos de programa\Microsoft Games\Age of Empires II\empires2.exe:*:Disabled:Age of Empires II -- File not found
"C:\Archivos de programa\MSN Messenger\livecall.exe" = C:\Archivos de programa\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found
"C:\Archivos de programa\Google\Google Talk\googletalk.exe" = C:\Archivos de programa\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk -- (Google)
"C:\Archivos de programa\SPSSInc\SPSS16\SPSSWinWrapIDE.exe" = C:\Archivos de programa\SPSSInc\SPSS16\SPSSWinWrapIDE.exe:*:Disabled:SPSS Basic script Editor (1033) -- (SPSS Inc.)
"C:\Archivos de programa\SPSSInc\SPSS16\spss.exe" = C:\Archivos de programa\SPSSInc\SPSS16\spss.exe:*:Disabled:SPSS 16.0 for Windows (1033:exe) -- (SPSS Inc)
"C:\Archivos de programa\SPSSInc\SPSS16\spss.com" = C:\Archivos de programa\SPSSInc\SPSS16\spss.com:*:Disabled:SPSS 16.0 for Windows (1033:com) -- (SPSS Inc)
"C:\Archivos de programa\Mozilla Firefox\firefox.exe" = C:\Archivos de programa\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\WINDOWS\system32\rtcshare.exe" = C:\WINDOWS\system32\rtcshare.exe:*:Disabled:Uso compartido de aplicaciones RTC -- (Microsoft Corporation)
"C:\Archivos de programa\Windows Live\Messenger\wlcsdk.exe" = C:\Archivos de programa\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_FpP4fSXell-R" = LoudMo Contextual Ad Assistant
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}" = mSSO
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{1FCC574F-AFA2-4432-9EF1-79CA7BA73431}_is1" = Webroot Internet Security Essentials
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Herramienta de carga de Windows Live
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD LE
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (QSRNVIVO)
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{32343DB6-9A52-40C9-87E4-5E7C79791C87}" = MSXML 4.0 SP2 and SOAP Toolkit 3.0
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{350C9C0A-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{38A0481D-544D-4C01-BB32-39332391D012}" = Windows Live Call
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D79DB6E-73DA-46C9-B8FA-DAE52108246F}" = OpenMG Secure Module 4.6.01
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{3F5B6210-0903-4DC6-8034-8F488AA3A782}" = Spy Sweeper Core
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}" = mHlpDell
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4DA782CB-C9A0-462F-9D18-17D301BC507C}" = Amos 16.0
"{4F260CA1-6FEB-4868-BC3D-CA5BBC9A4630}" = QSR NVivo 7.0
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{621025AE-3510-478E-BC27-1A647150976F}" = SPSS 16.0 for Windows
"{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{7593234B-2AEB-4FC9-B02D-C9B30D86084C}" = Windows Live Asistente para el inicio de sesión
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7C05EEDD-E565-4E2B-ADE4-0C784C17311C}" = Crystal Reports for .NET Framework 2.0 (x86)
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{821D6F49-1B20-4809-8C73-286CFC52B1B1}" = Samsung Auto Backup
"{83169D43-4660-4347-BC95-E9D6E6BE65CE}" = Microsoft .NET Framework 1.1 Spanish Language Pack
"{86B3F2D6-AC2B-4E88-8AE1-F2F77F781B0C}" = EndNote X3
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8F94D5AC-C1C6-432D-8924-2F5EEBC28446}" = Windows Live Essentials
"{90190C0A-6000-11D3-8CFE-0050048383C9}" = Microsoft Publisher 2002
"{90280C0A-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional con FrontPage
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{9D8B0949-7C47-476F-9F06-F900D3B078EA}" = Kaspersky Internet Security 2010
"{A0EB195B-5876-48E6-879D-33D4B2102610}" = SonicStage 4.2
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{AB8F9BA0-D552-4644-B22B-B594E9A7DB88}" = Collins Master Dictionary
"{AC76BA86-7AD7-1034-7B44-A93000000001}" = Adobe Reader 9.3 - Español
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{BC3E116C-2E5F-4655-B177-CBBA5AC5CA4C}" = face2face Intermediate
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{C06CC958-B60F-429F-BBBA-92DB84761BBB}" = Mirar
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D41FAAA9-8048-4906-86B2-9AADEA1FA0B7}" = SpeedTouch USB Software
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{EA61B3FD-10FF-4979-BC69-D3CC9E753765}" = SPSS SmartViewer 16.0
"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
"{F07B861C-72B9-40A4-8B1A-AAED4C06A7E8}" = QuickTime
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F23AADDA-4402-4B0F-A3C5-CB3EC511D679}" = Mirar
"{F2FFEEAA-0B48-4342-9B67-12ABB0B58F24}" = Windows Live Messenger
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Adobe Shockwave Player" = Adobe Shockwave Player
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem
"Codec Pack de ELISOFT v14.0" = Codec Pack de ELISOFT v14.0
"HCP_GrammarPlus" = Collins Cobuild English Grammar Plus
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{3D79DB6E-73DA-46C9-B8FA-DAE52108246F}" = OpenMG Secure Module 4.6.01
"InstallWIX_{9D8B0949-7C47-476F-9F06-F900D3B078EA}" = Kaspersky Internet Security 2010
"InstallWIX_{D0DCD54F-C829-41A5-AF32-71E632BB0E2C}" = Kaspersky Internet Security 6.0
"Internet-based TOEFL_is1" = Internet-based TOEFL
"Longman iBT" = Longman iBT
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox (3.6.6)" = Mozilla Firefox (3.6.6)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nero - Burning Rom!UninstallKey" = Nero OEM
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PDFCreator Toolbar" = PDFCreator Toolbar
"PopTools_is1" = PopTools
"ProInst" = Software Intel(R) PROSet/Wireless
"RealAlt_is1" = Real Alternative 1.7.5
"ResearchSoft Direct Export Helper" = ResearchSoft Direct Export Helper
"Skype_is1" = Skype 2.5
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"The Complete Guide to the TOEFL(R) Test" = The Complete Guide to the TOEFL(R) Test
"WIC" = Windows Imaging Component
"WinAVIVideoConverter_is1" = WinAVIVideoConverter
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Reproductor de Windows Media 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = Compresor WinRAR
"WinZip" = WinZip
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 16-06-2010 17:04:45 | Computer Name = PAULA | Source = Application Hang | ID = 1002
Description = Aplicación que no responde: firefox.exe, versión 1.9.2.3743, módulo
que no responde hungapp, versión 0.0.0.0, dirección que no responde 0x00000000.

Error - 16-06-2010 17:07:13 | Computer Name = PAULA | Source = Application Hang | ID = 1002
Description = Aplicación que no responde: firefox.exe, versión 1.9.2.3743, módulo
que no responde hungapp, versión 0.0.0.0, dirección que no responde 0x00000000.

Error - 16-06-2010 17:07:18 | Computer Name = PAULA | Source = Application Hang | ID = 1002
Description = Aplicación que no responde: firefox.exe, versión 1.9.2.3743, módulo
que no responde hungapp, versión 0.0.0.0, dirección que no responde 0x00000000.

Error - 28-06-2010 10:42:56 | Computer Name = PAULA | Source = Application Hang | ID = 1002
Description = Aplicación que no responde: WINWORD.EXE, versión 10.0.6856.0, módulo
que no responde hungapp, versión 0.0.0.0, dirección que no responde 0x00000000.

Error - 28-06-2010 10:43:14 | Computer Name = PAULA | Source = Application Hang | ID = 1002
Description = Aplicación que no responde: WINWORD.EXE, versión 10.0.6856.0, módulo
que no responde hungapp, versión 0.0.0.0, dirección que no responde 0x00000000.

Error - 28-06-2010 10:43:14 | Computer Name = PAULA | Source = Application Hang | ID = 1002
Description = Aplicación que no responde: WINWORD.EXE, versión 10.0.6856.0, módulo
que no responde hungapp, versión 0.0.0.0, dirección que no responde 0x00000000.

Error - 28-06-2010 10:54:51 | Computer Name = PAULA | Source = Application Hang | ID = 1002
Description = Aplicación que no responde: iexplore.exe, versión 7.0.6000.17055,
módulo que no responde hungapp, versión 0.0.0.0, dirección que no responde 0x00000000.

Error - 28-06-2010 10:55:00 | Computer Name = PAULA | Source = Application Hang | ID = 1002
Description = Aplicación que no responde: iexplore.exe, versión 7.0.6000.17055,
módulo que no responde hungapp, versión 0.0.0.0, dirección que no responde 0x00000000.

Error - 28-06-2010 10:55:01 | Computer Name = PAULA | Source = Application Hang | ID = 1002
Description = Aplicación que no responde: iexplore.exe, versión 7.0.6000.17055,
módulo que no responde hungapp, versión 0.0.0.0, dirección que no responde 0x00000000.

Error - 28-06-2010 12:01:56 | Computer Name = PAULA | Source = Application Error | ID = 1000
Description = Aplicación con errores: plugin-container.exe, versión: 1.9.2.3828,
módulo con error: ntdll.dll, versión 5.1.2600.3520, dirección de error 0x0000100b.

[ System Events ]
Error - 31-05-2010 4:51:19 | Computer Name = PAULA | Source = ipnathlp | ID = 32003
Description = El Traductor de direcciones de red (NAT) no pudo pedir una operación

del módulo de traducción de modo del núcleo. Esto puede indicar errores de configuración,
recursos insuficientes, o un error interno. Los datos son el código de error.

Error - 15-06-2010 5:08:28 | Computer Name = PAULA | Source = ipnathlp | ID = 32003
Description = El Traductor de direcciones de red (NAT) no pudo pedir una operación

del módulo de traducción de modo del núcleo. Esto puede indicar errores de configuración,
recursos insuficientes, o un error interno. Los datos son el código de error.

Error - 19-06-2010 18:52:37 | Computer Name = PAULA | Source = DCOM | ID = 10010
Description = El servidor {C2BFE331-6739-4270-86C9-493D9A04CD38} no se registró
con DCOM dentro del tiempo de espera requerido.

Error - 19-06-2010 18:53:07 | Computer Name = PAULA | Source = DCOM | ID = 10010
Description = El servidor {078AEF33-C48A-49F7-AFF3-A0EE810BFE7C} no se registró
con DCOM dentro del tiempo de espera requerido.


< End of report >


pom
Novice
Novice

Posts Posts : 7
Joined Joined : 2010-06-29
OS OS : XP
Points Points : 23613
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Ad served by primawega

Post by Belahzur on Thu Jul 01, 2010 4:22 pm

Hello.

Please download GooredFix from one of the locations below and save it to your Desktop
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  • When prompted to run the scan, click Yes.
  • GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).



Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose CopyCrying


    :OTL
    O2 - BHO: (no name) - {1C46D9F2-F166-25BA-07A9-083CA9C1F3E8} - C:\WINDOWS\System32\ogykgmk.dll File not found
    O2 - BHO: (no name) - {44B7FEAD-E392-4EBC-822C-FB54333396D1} - C:\WINDOWS\System32\xxywXNgf.dll File not found
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [b0170c95] C:\WINDOWS\system32\mjltivca.DLL File not found
    O4 - HKLM..\Run: [KernelFaultCheck] File not found
    O4 - HKLM..\Run: [kybcmt] C:\WINDOWS\System32\kybcmt.exe File not found
    O4 - Startup: C:\Documents and Settings\All Users\Menú Inicio\Programas\Inicio\.protected ()
    O4 - Startup: C:\Documents and Settings\POM\Menú Inicio\Programas\Inicio\.protected ()
    O20 - AppInit_DLLs: (c:\archiv~1\kasper~1\kasper~1.0\adialhk.dll vggonl.dll) - c:\archiv~1\kasper~1\kasper~1.0\adialhk.dll vggonl.dll File not found
    O20 - Winlogon\Notify\vtUmNFwt: DllName - vtUmNFwt.dll - File not found
    O30 - LSA: Authentication Packages - (C:\WINDOWS\system32\xxywXNgf) - File not found
    O30 - LSA: Authentication Packages - (unes\Roxio Shared\9.0\DLLShared\\e) - File not found
    O30 - LSA: Security Packages - (comunes\Roxio Shared\9.0\DLLSha) - File not found
    O33 - MountPoints2\{5e828de6-9f76-11dc-b4e6-0015c5abbaaf}\Shell\AutoRun\command - "" = fooool.exe
    O33 - MountPoints2\{5e828de6-9f76-11dc-b4e6-0015c5abbaaf}\Shell\explore\Command - "" = fooool.exe
    O33 - MountPoints2\{5e828de6-9f76-11dc-b4e6-0015c5abbaaf}\Shell\open\Command - "" = fooool.exe
    O33 - MountPoints2\{726ef554-7990-11db-bd05-0015c5abbaaf}\Shell - "" = AutoRun
    O33 - MountPoints2\{726ef554-7990-11db-bd05-0015c5abbaaf}\Shell\1\Command - "" = .\RECYCLER\RECYCLER.exe
    O33 - MountPoints2\{726ef554-7990-11db-bd05-0015c5abbaaf}\Shell\2\Command - "" = .\RECYCLER\RECYCLER.exe
    O33 - MountPoints2\{8cc1e047-7411-11db-bd03-0015c5abbaaf}\Shell\auto\command - "" = Knight.exe open
    O33 - MountPoints2\{8cc1e047-7411-11db-bd03-0015c5abbaaf}\Shell\explore\command - "" = Knight.exe open
    O33 - MountPoints2\{8cc1e047-7411-11db-bd03-0015c5abbaaf}\Shell\find\command - "" = Knight.exe open
    O33 - MountPoints2\{8cc1e047-7411-11db-bd03-0015c5abbaaf}\Shell\install\command - "" = Knight.exe open
    O33 - MountPoints2\{8cc1e047-7411-11db-bd03-0015c5abbaaf}\Shell\open\command - "" = Knight.exe open
    O33 - MountPoints2\{ac9b3aca-a7da-11db-bde0-0015c5abbaaf}\Shell - "" = AutoRun
    O33 - MountPoints2\{c8564bf5-4e4c-11dd-ac4e-0015c5abbaaf}\Shell - "" = AutoRun
    O33 - MountPoints2\{c8564bf5-4e4c-11dd-ac4e-0015c5abbaaf}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
    O33 - MountPoints2\{ce92a4fc-9450-11dc-b4cf-0015c5abbaaf}\Shell\AutoRun\command - "" = fooool.exe
    O33 - MountPoints2\{ce92a4fc-9450-11dc-b4cf-0015c5abbaaf}\Shell\explore\Command - "" = fooool.exe
    O33 - MountPoints2\{ce92a4fc-9450-11dc-b4cf-0015c5abbaaf}\Shell\open\Command - "" = fooool.exe
    [2008-12-09 20:55:13 | 000,001,715 | -HS- | C] () -- C:\WINDOWS\System32\fgNXwyxx.ini
    [2008-12-09 14:39:35 | 001,498,584 | -HS- | C] () -- C:\WINDOWS\System32\acvitljm.ini
    [2008-12-09 14:38:02 | 000,001,715 | -HS- | C] () -- C:\WINDOWS\System32\fgNXwyxx.ini2

    :commands
    [emptytemp]
    [resethosts]
    [reboot]


  • Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. Thank You!


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Ad served by primawega

Post by pom on Sun Jul 04, 2010 9:08 pm

Hello, I run Gooredfix and I've got:
(thank you again)


GooredFix by jpshortstuff (03.07.10.1)
Log created at 22:05 on 04/07/2010 (POM)
Firefox version 3.6.6 (es-ES)

========== GooredScan ==========

Deleting "C:\Archivos de programa\Mozilla Firefox\extensions\{473c2cc6-c9d8-b3d5-1118-a9daef875c2e}" -> Success!
Deleting HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\{A94B8D9A-BC01-4881-AA8D-F54DA7E2DC1E} -> Success!
Deleting C:\Documents and Settings\POM\Configuración local\Datos de programa\{A94B8D9A-BC01-4881-AA8D-F54DA7E2DC1E} -> Success!

========== GooredLog ==========

C:\Archivos de programa\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [15:07 12/12/2008]
{AB2CE124-6272-4b12-94A9-7303C7397BD1} [19:29 04/07/2010]
{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [19:58 01/05/2010]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension" [01:42 23/10/2009]
"jqs@sun.com"="C:\Archivos de programa\Java\jre6\lib\deploy\jqs\ff" [19:58 01/05/2010]

-=E.O.F=-

pom
Novice
Novice

Posts Posts : 7
Joined Joined : 2010-06-29
OS OS : XP
Points Points : 23613
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Ad served by primawega

Post by Belahzur on Mon Jul 05, 2010 12:04 am

Do you have the OTL log?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Ad served by primawega

Post by pom on Mon Jul 05, 2010 7:23 am

Yes, sorry!


Files\Folders moved on Reboot...
C:\Documents and Settings\NetworkService\Configuración local\Temp\Perflib_Perfdata_b4.dat moved successfully.
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.

Registry entries deleted on Reboot...

pom
Novice
Novice

Posts Posts : 7
Joined Joined : 2010-06-29
OS OS : XP
Points Points : 23613
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Ad served by primawega

Post by Belahzur on Mon Jul 05, 2010 9:07 pm

Hello.

  • Download combofix from here
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:





    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See [You must be registered and logged in to see this link.] for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Ad served by primawega

Post by pom on Wed Jul 07, 2010 10:55 pm

Hello, I am posting combofix output Smile

ComboFix 10-07-06.03 - POM 07-07-2010 23:24:39.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.34.3082.18.1014.625 [GMT 1:00]
Running from: c:\documents and settings\POM\Escritorio\Combo-Fix.exe
AV: Webroot Internet Security Essentials *On-access scanning disabled* (Updated) {77E10C7F-2CCA-4187-9394-BDBC267AD597}
FW: Webroot Internet Security Essentials *disabled* {63671000-11A2-46DD-BADD-A084CABCDEAE}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\.protected
c:\archivos de programa\FunWebProducts
c:\documents and settings\LocalService\Datos de programa\NetMon
c:\documents and settings\LocalService\Datos de programa\NetMon\domains.txt
c:\documents and settings\LocalService\Datos de programa\NetMon\log.txt
c:\documents and settings\NetworkService\Datos de programa\NetMon
c:\documents and settings\NetworkService\Datos de programa\NetMon\domains.txt
c:\documents and settings\NetworkService\Datos de programa\NetMon\log.txt
c:\documents and settings\POM\.COMMgr
c:\documents and settings\POM\Datos de programa\gadcom
C:\setup.exe
c:\temp\1cb
c:\temp\1cb\syscheck.log
c:\temp\DIV55
c:\temp\DIV55\xDb.log
c:\windows\.protected
c:\windows\cpu.exe
c:\windows\dialerexe.ini
c:\windows\run.log
c:\windows\system32\AutoRun.inf
c:\windows\system32\drivers\etc\.protected
c:\windows\system32\kybcmt.dat
c:\windows\system32\kybcmt_nav.dat
c:\windows\system32\kybcmt_navps.dat
c:\windows\system32\nvs2.inf
c:\windows\system32\up
c:\windows\Tasks\imzdltgd.job
c:\windows\tmlpcert2007
c:\windows\xpsp1hfm.log

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NETWORK_MONITOR


((((((((((((((((((((((((( Files Created from 2010-06-07 to 2010-07-07 )))))))))))))))))))))))))))))))
.

2010-07-07 22:13 . 2010-07-07 22:15 -------- d-----w- C:\32788R22FWJFW
2010-07-04 21:20 . 2010-07-04 21:20 -------- d-----w- C:\_OTL
2010-07-04 19:32 . 2010-07-04 19:32 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-07-04 19:32 . 2010-07-04 19:32 -------- d-----w- c:\documents and settings\POM\Datos de programa\skypePM
2010-07-04 19:29 . 2010-07-04 19:29 -------- d-----w- c:\archivos de programa\Archivos comunes\Skype
2010-07-04 19:29 . 2010-07-04 19:29 -------- d-----r- c:\archivos de programa\Skype
2010-07-04 19:21 . 2010-07-04 19:22 22966568 ----a-w- C:\SkypeSetupFull.exe
2010-07-04 19:19 . 2010-07-04 19:29 -------- d-----w- c:\documents and settings\All Users\Datos de programa\Skype
2010-07-04 19:18 . 2010-07-04 19:18 1704744 ----a-w- C:\SkypeSetup.exe
2010-07-01 00:25 . 2010-07-01 00:25 567640 ----a-w- C:\GoogleVoiceAndVideoSetup.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-07 22:40 . 2006-09-20 15:13 -------- d-----w- c:\documents and settings\POM\Datos de programa\Skype
2010-06-23 07:51 . 2004-09-09 22:41 553868 ----a-w- c:\windows\system32\perfh00A.dat
2010-06-23 07:51 . 2004-09-09 22:41 109588 ----a-w- c:\windows\system32\perfc00A.dat
2010-05-22 13:04 . 2010-05-22 13:04 503808 ----a-w- c:\documents and settings\POM\Datos de programa\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-6bdb8d91-n\msvcp71.dll
2010-05-22 13:03 . 2010-05-22 13:03 499712 ----a-w- c:\documents and settings\POM\Datos de programa\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-6bdb8d91-n\jmc.dll
2010-05-22 13:03 . 2010-05-22 13:03 12800 ----a-w- c:\documents and settings\POM\Datos de programa\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-37ec7f70-n\decora-d3d.dll
2010-05-22 13:03 . 2010-05-22 13:03 348160 ----a-w- c:\documents and settings\POM\Datos de programa\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-6bdb8d91-n\msvcr71.dll
2010-05-22 13:03 . 2010-05-22 13:03 61440 ----a-w- c:\documents and settings\POM\Datos de programa\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-37ec7f70-n\decora-sse.dll
2010-05-07 11:55 . 2010-05-07 11:55 255472 ----a-w- c:\documents and settings\POM\Datos de programa\Mozilla\plugins\npgoogletalk.dll
2010-05-04 17:16 . 2004-09-09 22:41 832512 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 17:16 . 2004-09-09 22:41 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-05-04 17:16 . 2004-09-09 22:40 17408 ----a-w- c:\windows\system32\corpol.dll
2010-05-02 08:26 . 2004-09-09 22:41 1851008 ----a-w- c:\windows\system32\win32k.sys
2010-05-01 19:59 . 2010-05-01 19:59 503808 ----a-w- c:\documents and settings\POM\Datos de programa\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-7c98c0a2-n\msvcp71.dll
2010-05-01 19:59 . 2010-05-01 19:59 499712 ----a-w- c:\documents and settings\POM\Datos de programa\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-7c98c0a2-n\jmc.dll
2010-05-01 19:59 . 2010-05-01 19:59 348160 ----a-w- c:\documents and settings\POM\Datos de programa\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-7c98c0a2-n\msvcr71.dll
2010-05-01 19:59 . 2010-05-01 19:59 12800 ----a-w- c:\documents and settings\POM\Datos de programa\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-728966b4-n\decora-d3d.dll
2010-05-01 19:59 . 2010-05-01 19:59 61440 ----a-w- c:\documents and settings\POM\Datos de programa\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-728966b4-n\decora-sse.dll
2010-05-01 19:57 . 2010-05-01 19:58 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-20 05:47 . 2004-09-09 22:40 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-03-16 21:15 . 2010-03-16 21:02 100431872 ----a-w- c:\archivos de programa\AA9ProExt.By.Draco.part01.rar
2010-03-14 11:16 . 2010-03-14 11:09 65772432 ----a-w- c:\archivos de programa\doa-0296.rar
2009-11-19 14:22 . 2009-11-19 14:22 1925024 ----a-w- c:\archivos de programa\install_flash_player.exe
2009-09-29 12:03 . 2009-09-29 12:00 13376016 ----a-w- c:\archivos de programa\NapsterSetup-GB-NCOM4.6.2.3.exe
2009-09-29 11:30 . 2009-09-29 11:29 29237888 ----a-w- c:\archivos de programa\NWZ-S630F_V1_11.exe
2009-09-29 11:14 . 2009-09-29 11:14 4107436 ----a-w- c:\archivos de programa\Setup_FreeVideoConverter.exe
2008-06-26 23:23 . 2008-06-26 23:23 146906573 ----a-w- c:\archivos de programa\NVivo 7.exe
2008-06-26 16:19 . 2008-06-26 16:19 304957 ----a-w- c:\archivos de programa\hjsplit.zip
2008-05-26 19:56 . 2008-05-26 19:56 70302780 ----a-w- c:\archivos de programa\SPSS_Amos_v16_www.chilewarez.org.rar
2008-01-02 14:07 . 2008-01-02 14:07 15818 ----a-w- c:\archivos de programa\uninstal.log
2006-11-08 17:17 . 2006-11-07 12:59 271322 ----a-w- c:\archivos de programa\scripts.cxt
2006-11-07 12:59 . 2006-11-07 12:59 9595395 ----a-w- c:\archivos de programa\interface.cxt
2006-11-07 12:59 . 2006-11-07 12:59 7174 ----a-w- c:\archivos de programa\dbase.cxt
2006-11-07 12:59 . 2006-11-07 12:59 256340 ----a-w- c:\archivos de programa\testtaker.dxr
2006-10-25 02:50 . 2006-10-25 02:50 1106349 ------w- c:\archivos de programa\wrar351es.exe
2006-06-28 14:10 . 2006-11-07 12:51 16384 ----a-w- c:\archivos de programa\cg.v12
2006-03-15 19:33 . 2006-11-07 12:51 26621 ----a-w- c:\archivos de programa\Practicetest2_listen.xml
2006-03-15 13:40 . 2006-11-07 12:51 206 ----a-w- c:\archivos de programa\menu.txt
2006-03-15 13:40 . 2006-11-07 16:57 101 ----a-r- c:\archivos de programa\test2.txt
2006-03-15 13:39 . 2006-11-07 16:57 101 ----a-r- c:\archivos de programa\test1.txt
2006-03-14 19:49 . 2006-11-07 12:51 58405 ----a-w- c:\archivos de programa\Practicetest2_rdg.xml
2006-03-13 15:11 . 2006-11-07 12:51 19 ----a-w- c:\archivos de programa\cg.ini
2006-02-24 15:28 . 2006-11-07 12:51 5558 ----a-w- c:\archivos de programa\Practicetest2_write.xml
2006-02-17 17:02 . 2006-11-07 12:57 4837836 ----a-r- c:\archivos de programa\Complete Guide.exe
2006-02-17 10:38 . 2006-11-07 16:57 2480 ----a-w- c:\archivos de programa\readMe.txt
2006-02-16 21:35 . 2006-11-07 12:51 26869 ----a-w- c:\archivos de programa\Practicetest1_listen.xml
2006-02-14 17:08 . 2006-11-07 12:51 58922 ----a-w- c:\archivos de programa\Practicetest1_rdg.xml
2006-02-07 11:11 . 2006-11-07 12:51 8747 ----a-w- c:\archivos de programa\Practicetest1_speak.xml
2006-02-07 11:11 . 2006-11-07 12:51 8346 ----a-w- c:\archivos de programa\Practicetest2_speak.xml
2006-02-07 11:11 . 2006-11-07 12:51 5511 ----a-w- c:\archivos de programa\Practicetest1_write.xml
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\BackupIconOverlayId]
@="{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}"
[HKEY_CLASSES_ROOT\CLSID\{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}]
2009-11-06 15:14 238968 ----a-w- c:\archivos de programa\Webroot\WebrootSecurity\Backup\CtxMenu_1_0_0_10.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ModemOnHold"="c:\archivos de programa\NetWaiting\NetWaiting.exe" [2003-09-10 20480]
"SsAAD.exe"="c:\archiv~1\Sony\SONICS~1\SsAAD.exe" [2006-11-02 472632]
"DAEMON Tools"="c:\archivos de programa\DAEMON Tools\daemon.exe" [2007-09-18 171464]
"Google Update"="c:\documents and settings\POM\Configuración local\Datos de programa\Google\Update\GoogleUpdate.exe" [2010-07-01 136176]
"Skype"="c:\archivos de programa\Skype\Phone\Skype.exe" [2010-05-14 26192168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-12-13 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-13 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-13 118784]
"SunJavaUpdateSched"="c:\archivos de programa\Archivos comunes\Java\Java Update\jusched.exe" [2010-02-18 248040]
"IntelZeroConfig"="c:\archivos de programa\Intel\Wireless\bin\ZCfgSvc.exe" [2006-05-01 667718]
"IntelWireless"="c:\archivos de programa\Intel\Wireless\Bin\ifrmewrk.exe" [2006-05-01 602182]
"SigmatelSysTrayApp"="c:\windows\stsystra.exe" [2006-03-24 282624]
"SynTPEnh"="c:\archivos de programa\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"ISUSPM Startup"="c:\archiv~1\ARCHIV~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\archivos de programa\Archivos comunes\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"QuickTime Task"="c:\archivos de programa\QuickTime\qttask.exe" [2006-09-01 282624]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Windows Defender"="c:\archivos de programa\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"SpeedTouch USB Diagnostics"="c:\archivos de programa\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 866816]
"Adobe Reader Speed Launcher"="c:\archivos de programa\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\archivos de programa\Archivos comunes\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"SpySweeper"="c:\archivos de programa\Webroot\WebrootSecurity\SpySweeperUI.exe" [2009-11-06 6515784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-20 15360]
"DWQueuedReporting"="c:\archiv~1\ARCHIV~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

c:\documents and settings\All Users\Men£ Inicio\Programas\Inicio\
Adobe Gamma Loader.lnk - c:\archivos de programa\Archivos comunes\Adobe\Calibration\Adobe Gamma Loader.exe [2006-12-16 113664]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menú Inicio^Programas^Inicio^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Menú Inicio\Programas\Inicio\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menú Inicio^Programas^Inicio^WinZip Quick Pick.lnk]
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"SwPrv"=3 (0x3)
"gusvc"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Archivos de programa\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Archivos de programa\\Google\\Google Talk\\googletalk.exe"=
"c:\\Archivos de programa\\SPSSInc\\SPSS16\\SPSSWinWrapIDE.exe"=
"c:\\Archivos de programa\\SPSSInc\\SPSS16\\spss.exe"=
"c:\\Archivos de programa\\SPSSInc\\SPSS16\\spss.com"=
"c:\\Archivos de programa\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"c:\\Archivos de programa\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Archivos de programa\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Documents and Settings\\POM\\Configuración local\\Datos de programa\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Archivos de programa\\Skype\\Phone\\Skype.exe"=
"c:\\Archivos de programa\\Skype\\Plugin Manager\\skypePM.exe"=

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [14-10-2009 21:18 36880]
R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [12-11-2008 17:02 29808]
R1 pwipf6;pwipf6;c:\windows\system32\drivers\pwipf6.sys [09-12-2009 1:56 108880]
R2 MSSQL$QSRNVIVO;SQL Server (QSRNVIVO);c:\archivos de programa\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [27-05-2009 3:27 29262680]
R2 WinDefend;Windows Defender;c:\archivos de programa\Windows Defender\MsMpEng.exe [03-11-2006 20:19 13592]
R2 WRConsumerService;Webroot Client Service;c:\archivos de programa\Webroot\WebrootSecurity\WRConsumerService.exe [09-12-2008 17:16 1201640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [14-09-2009 14:42 32272]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [02-10-2009 19:39 19472]
S3 alcan5ln;SpeedTouch(tm) USB ADSL RFC1483 Networking Driver (NDIS);c:\windows\system32\drivers\alcan5ln.sys [29-10-2007 3:24 36256]
S3 DTV_Capture_2X0;DVB-T Receiver;c:\windows\system32\drivers\DTV_Capture_2X0.sys [19-05-2008 23:48 18432]
S3 DTV_Loader_2X1;DVB-T Loader;c:\windows\system32\drivers\DTV_Loader_2X1.sys [19-05-2008 23:47 19328]
S3 PAC207;VideoCAM GF112;c:\windows\system32\drivers\pfc027.sys [08-04-2005 15:46 162176]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [02-01-2008 14:25 685816]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder

2010-07-07 c:\windows\Tasks\MP Scheduled Scan.job
- c:\archivos de programa\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]

2010-07-07 c:\windows\Tasks\User_Feed_Synchronization-{541ED365-48BA-4898-9629-DAE8E5AC22EC}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 14:58]

2010-07-04 c:\windows\Tasks\wrSpySweeper_LB0B852A774CA486580D24D79F6EDB7D8.job
- c:\archivos de programa\Webroot\WebrootSecurity\SpySweeperUI.exe [2008-12-09 15:19]

2010-07-04 c:\windows\Tasks\wrSpySweeper_LB0B852A774CA486580D24D79F6EDB7D8.job
- c:\archivos de programa\Webroot\WebrootSecurity\SpySweeperUI.exe [2008-12-09 15:19]

.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
IE: Agregar al componente Anti-Banner - c:\archivos de programa\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
IE: E&xportar a Microsoft Excel - c:\archiv~1\MICROS~3\Office10\EXCEL.EXE/3000
IE: {{898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\archivos de programa\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
FF - ProfilePath - c:\documents and settings\POM\Datos de programa\Mozilla\Firefox\Profiles\lcznavsi.default\
FF - prefs.js: browser.search.defaulturl - [You must be registered and logged in to see this link.]
FF - prefs.js: browser.search.selectedEngine - Google
FF - component: c:\archivos de programa\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - component: c:\documents and settings\POM\Datos de programa\Mozilla\Firefox\Profiles\lcznavsi.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - plugin: c:\archivos de programa\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\documents and settings\POM\Datos de programa\Mozilla\plugins\npgoogletalk.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\archivos de programa\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\archivos de programa\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\archivos de programa\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\archivos de programa\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\archivos de programa\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\archivos de programa\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\archivos de programa\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\archivos de programa\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\archivos de programa\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\archivos de programa\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\archivos de programa\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\archivos de programa\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\archivos de programa\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\archivos de programa\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\archivos de programa\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\archivos de programa\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\archivos de programa\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\archivos de programa\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\archivos de programa\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\archivos de programa\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\archivos de programa\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\archivos de programa\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\archivos de programa\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\archivos de programa\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\archivos de programa\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-ares - c:\archivos de programa\Ares\Ares.exe
MSConfigStartUp-ares - c:\archivos de programa\Ares\Ares.exe
MSConfigStartUp-iTunesHelper - c:\archivos de programa\iTunes\iTunesHelper.exe
MSConfigStartUp-SDR6Y_Check - c:\archivos de programa\Archivos comunes\DriveCleaner 2006 Free\sdrmon.exe
AddRemove-_FpP4fSXell-R - c:\windows\system32\_FpP4fSXell-R.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-07-07 23:44
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(820)
c:\windows\system32\WININET.dll
c:\archivos de programa\Webroot\WebrootSecurity\Backup\CtxMenu_1_0_0_10.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\archivos de programa\Intel\Wireless\Bin\EvtEng.exe
c:\archivos de programa\Intel\Wireless\Bin\S24EvMon.exe
c:\archivos de programa\Intel\Wireless\Bin\WLKeeper.exe
c:\archivos de programa\Java\jre6\bin\jqs.exe
c:\archivos de programa\Intel\Wireless\Bin\RegSrvc.exe
c:\archivos de programa\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\archivos de programa\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\System32\PAStiSvc.exe
c:\archivos de programa\Webroot\WebrootSecurity\SpySweeper.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\igfxsrvc.exe
c:\archiv~1\Intel\Wireless\Bin\Dot1XCfg.exe
c:\archivos de programa\Clarus\Samsung Auto Backup\ISFGuage.exe
c:\archivos de programa\Clarus\Samsung Auto Backup\ISFRealTimeD.exe
c:\archivos de programa\Clarus\Samsung Auto Backup\ISFTimerD.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-07-07 23:47:50 - machine was rebooted
ComboFix-quarantined-files.txt 2010-07-07 22:47

Pre-Run: 17.826.922.496 bytes libres
Post-Run: 17.708.208.128 bytes libres

- - End Of File - - 7FD94DCC6ED2517DC333BD35D0CBFFC6

pom
Novice
Novice

Posts Posts : 7
Joined Joined : 2010-06-29
OS OS : XP
Points Points : 23613
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Ad served by primawega

Post by Belahzur on Wed Jul 07, 2010 11:29 pm

Hello.

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /uninstall

This will also reset your restore points.

Run ESET Online Scan
Please do an online scan with [You must be registered and logged in to see this link.]. Please use Internet Explorer as it uses ActiveX.

  • Check (tick) this box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • When prompted to run ActiveX. click Yes.
  • You will be asked to install an ActiveX. Click Install.
  • Once installed, the scanner will be initialized.
  • After the scanner is initialized, click Start.
  • Check (tick) Remove found threats box.
  • Check (tick) Scan unwanted applications.
  • Click on Scan.
  • It will start scanning. Please be patient.
  • Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum