TR/Trash.Gen [trojan]

**vitrola** · **vitrola** on 8th August 2010, 7:53 am

Hi
Help needed
This is my 1st post.
I have been getting this message from my Avira Anti Virus for a the last days.

Virus or unwanted program 'TR/Trash.Gen [trojan]'
detected in file 'C:\System Volume Information\_restore{59D6C9FD-1AC5-4ADB-81D1-A8E79044010B}\RP10\A0000638.exe.

And I "deny access" or "delete file" every time.

But the point is that I started having a problems with the audio system 1 month and half or maybe more. For example no audio in any kind of form (system,youtube,etc) and I had to change the speakers Usb Port most of the times or reboot the PC 1 or 2 times. And some times my keyboard was locked and I had to change the usb port to get it working. But in the last weeks the sound is coming and going. Now is working fine

And from today there are folders showing (like a SLIDES ).One of them is THUMBS.DB on my desktop, and more inside different folders.

And before of this, in the last month I've bee having some virus

Virus or unwanted program 'HEUR/HTML.Malware [heuristic]' or

The file 'C:\System Volume Information\_restore{59D6C9FD-1AC5-4ADB-81D1-A8E79044010B}\RP97\A0015546.exe'
contained a virus or unwanted program 'TR/PCK.Tdss.Z.6418' [trojan]
Action(s) taken:
The file was moved to '4c6e34c4.qua'!

and few more if "an unwanted ...."Deny access" "Delete file".

OTL logfile created on: 08/08/2010 03:47:02 a.m. - Run 3
OTL by OldTimer - Version 3.2.9.0 Folder = C:\Archivos de programa\OTL
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00002C0A | Country: Argentina | Language: ESS | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 71,00% Memory free
5,00 Gb Paging File | 4,00 Gb Available in Paging File | 88,00% Paging File free
Paging file location(s): C:\pagefile.sys 3055 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Archivos de programa
Drive C: | 232,88 Gb Total Space | 42,60 Gb Free Space | 18,29% Space Free | Partition Type: NTFS
Drive D: | 2,61 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: COMMODORE
Current User Name: yo
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/07/30 02:52:13 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Archivos de programa\OTL\OTL.com
PRC - [2010/07/12 13:32:48 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Archivos de programa\Winamp\winampa.exe
PRC - [2010/07/06 08:57:00 | 000,720,704 | ---- | M] (TuneUp Software) -- C:\Archivos de programa\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
PRC - [2010/07/06 08:55:16 | 001,051,968 | ---- | M] (TuneUp Software) -- C:\Archivos de programa\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
PRC - [2010/05/14 11:44:46 | 000,248,552 | ---- | M] (Sun Microsystems, Inc.) -- C:\Archivos de programa\Archivos comunes\Java\Java Update\jusched.exe
PRC - [2009/07/21 12:34:33 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Archivos de programa\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/05/13 14:48:22 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Archivos de programa\Avira\AntiVir Desktop\sched.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Archivos de programa\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/03/02 11:08:47 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Archivos de programa\Avira\AntiVir Desktop\avgnt.exe
PRC - [2009/01/01 23:48:27 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Archivos de programa\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2008/04/14 06:48:58 | 001,036,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2003/06/19 22:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7DEBUG\MDM.EXE

========== Modules (SafeList) ==========

MOD - [2010/07/30 02:52:13 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Archivos de programa\OTL\OTL.com
MOD - [2008/04/14 06:47:12 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV - [2010/07/23 12:24:04 | 000,435,008 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Archivos de programa\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2010/07/06 08:55:16 | 001,051,968 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Archivos de programa\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2010/07/06 08:52:04 | 000,030,016 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)
SRV - [2009/07/21 12:34:33 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Archivos de programa\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/05/13 14:48:22 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Archivos de programa\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2007/01/19 11:54:14 | 000,097,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Archivos de programa\MSN Messenger\usnsvc.exe -- (usnjsvc)
SRV - [2003/07/28 19:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Archivos de programa\Archivos comunes\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2003/06/19 22:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM)

========== Driver Services (SafeList) ==========

DRV - File not found [File_System | Boot | Stopped] -- C:\WINDOWS\System32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2010/08/03 12:49:02 | 000,016,608 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\gdrv.sys -- (gdrv)
DRV - [2010/01/25 19:00:36 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/10/14 05:24:44 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Archivos de programa\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2009/05/11 08:12:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/03/30 08:33:07 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2009/02/13 10:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Archivos de programa\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008/04/13 23:15:14 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) Controlador de audio USB (WDM)
DRV - [2008/04/13 21:06:06 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/02/14 06:04:06 | 004,676,096 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/01/03 11:10:16 | 000,105,856 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2007/08/24 00:22:56 | 005,776,928 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gooofullsearch.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKLM\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Archivos de programa\Winamp Toolbar\winamptb.dll (AOL LLC.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com.ar/
IE - HKCU\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Archivos de programa\Winamp Toolbar\winamptb.dll (AOL LLC.)
IE - HKCU\..\URLSearchHook: {9c905b42-976e-43c1-bc30-fc5937017909} - C:\Archivos de programa\shARES\tbshA0.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {c2ed826e-8903-4a9d-b0df-3a8fb8ea918a} - C:\Archivos de programa\Softonic_ES\tbSof1.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {d51d388b-f5dc-471a-a1ce-5e2d671091c0} - C:\Archivos de programa\Mininova-Vuze\tbMin0.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {f592709f-ff4a-4862-b659-4afabda56312} - C:\Archivos de programa\Mininova\tbMin1.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Winamp Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Mininova-Vuze Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query="
FF - prefs.js..browser.search.selectedEngine: "Winamp Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.gooofullsearch.com/"
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.4.3.105
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.0
FF - prefs.js..extensions.enabledItems: {181F4BBC-2453-40D2-B42C-3135E3B07C7B}:1.0.18
FF - prefs.js..extensions.enabledItems: {d51d388b-f5dc-471a-a1ce-5e2d671091c0}:2.0.4.1
FF - prefs.js..extensions.enabledItems: {9c905b42-976e-43c1-bc30-fc5937017909}:1.5.47.1
FF - prefs.js..extensions.enabledItems: {c2ed826e-8903-4a9d-b0df-3a8fb8ea918a}:2.5.6.0
FF - prefs.js..extensions.enabledItems: {0b38152b-1b20-484d-a11f-5e04a9b0661f}:5.6.12.1
FF - prefs.js..keyword.URL: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query="

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.3\extensions\\Components: C:\Archivos de programa\Mozilla Firefox\components [2009/07/14 20:16:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.3\extensions\\Plugins: C:\Archivos de programa\Mozilla Firefox\plugins [2010/07/30 02:35:48 | 000,000,000 | ---D | M]

[2009/01/17 18:09:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\yo\Datos de programa\Mozilla\Extensions
[2010/07/17 19:16:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\yo\Datos de programa\Mozilla\Firefox\Profiles\pnydudbk.default\extensions
[2010/07/16 18:45:51 | 000,000,000 | ---D | M] (Winamp Toolbar) -- C:\Documents and Settings\yo\Datos de programa\Mozilla\Firefox\Profiles\pnydudbk.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
[2010/06/20 03:09:47 | 000,000,000 | ---D | M] (Free software Gooofull toolbar) -- C:\Documents and Settings\yo\Datos de programa\Mozilla\Firefox\Profiles\pnydudbk.default\extensions\{181F4BBC-2453-40D2-B42C-3135E3B07C7B}
[2010/02/04 15:52:54 | 000,000,000 | ---D | M] (Softonic ES Toolbar) -- C:\Documents and Settings\yo\Datos de programa\Mozilla\Firefox\Profiles\pnydudbk.default\extensions\{c2ed826e-8903-4a9d-b0df-3a8fb8ea918a}
[2010/05/05 16:58:18 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\yo\Datos de programa\Mozilla\Firefox\Profiles\pnydudbk.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/07/27 19:31:24 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\yo\Datos de programa\Mozilla\Firefox\Profiles\pnydudbk.default\extensions\{d51d388b-f5dc-471a-a1ce-5e2d671091c0}
[2010/07/17 19:15:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\yo\Datos de programa\Mozilla\Firefox\Profiles\pnydudbk.default\extensions\toolbar@ask.com
[2009/09/21 17:54:38 | 000,000,888 | ---- | M] () -- C:\Documents and Settings\yo\Datos de programa\Mozilla\Firefox\Profiles\pnydudbk.default\searchplugins\conduit.xml
[2010/07/17 19:16:24 | 000,001,196 | ---- | M] () -- C:\Documents and Settings\yo\Datos de programa\Mozilla\Firefox\Profiles\pnydudbk.default\searchplugins\winamp-search.xml
[2010/07/30 02:12:24 | 000,000,000 | ---D | M] -- C:\Archivos de programa\Mozilla Firefox\extensions
[2009/04/28 15:41:20 | 000,000,000 | ---D | M] (shARES Toolbar) -- C:\Archivos de programa\Mozilla Firefox\extensions\{9c905b42-976e-43c1-bc30-fc5937017909}
[2010/07/30 02:12:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Archivos de programa\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/07/30 02:11:55 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Archivos de programa\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/05/25 13:09:48 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Archivos de programa\Mozilla Firefox\plugins\npwachk.dll
[2006/12/08 20:53:48 | 000,003,996 | ---- | M] () -- C:\Archivos de programa\Mozilla Firefox\searchplugins\drae.xml
[2006/12/08 20:53:48 | 000,001,048 | ---- | M] () -- C:\Archivos de programa\Mozilla Firefox\searchplugins\eBay-es.xml
[2010/06/20 03:09:49 | 000,001,836 | ---- | M] () -- C:\Archivos de programa\Mozilla Firefox\searchplugins\Goofullsearch.xml
[2008/03/12 20:27:40 | 000,001,178 | ---- | M] () -- C:\Archivos de programa\Mozilla Firefox\searchplugins\wikipedia-es.xml
[2006/12/08 20:53:48 | 000,000,798 | ---- | M] () -- C:\Archivos de programa\Mozilla Firefox\searchplugins\yahoo-es.xml

O1 HOSTS File: ([2001/08/24 07:00:00 | 000,000,792 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Archivos de programa\Archivos comunes\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Archivos de programa\Winamp Toolbar\winamptb.dll (AOL LLC.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Archivos de programa\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (shARES Toolbar) - {9c905b42-976e-43c1-bc30-fc5937017909} - C:\Archivos de programa\shARES\tbshA0.dll (Conduit Ltd.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Archivos de programa\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Archivos de programa\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O2 - BHO: (Softonic ES Toolbar) - {c2ed826e-8903-4a9d-b0df-3a8fb8ea918a} - C:\Archivos de programa\Softonic_ES\tbSof1.dll (Conduit Ltd.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Archivos de programa\Ask.com\GenericAskToolbar.dll (Ask.com)
O2 - BHO: (Mininova-Vuze Toolbar) - {d51d388b-f5dc-471a-a1ce-5e2d671091c0} - C:\Archivos de programa\Mininova-Vuze\tbMin0.dll (Conduit Ltd.)
O2 - BHO: (Mininova Toolbar) - {f592709f-ff4a-4862-b659-4afabda56312} - C:\Archivos de programa\Mininova\tbMin1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Archivos de programa\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (shARES Toolbar) - {9c905b42-976e-43c1-bc30-fc5937017909} - C:\Archivos de programa\shARES\tbshA0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Softonic ES Toolbar) - {c2ed826e-8903-4a9d-b0df-3a8fb8ea918a} - C:\Archivos de programa\Softonic_ES\tbSof1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Archivos de programa\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Mininova-Vuze Toolbar) - {d51d388b-f5dc-471a-a1ce-5e2d671091c0} - C:\Archivos de programa\Mininova-Vuze\tbMin0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Archivos de programa\Winamp Toolbar\winamptb.dll (AOL LLC.)
O3 - HKLM\..\Toolbar: (Mininova Toolbar) - {f592709f-ff4a-4862-b659-4afabda56312} - C:\Archivos de programa\Mininova\tbMin1.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Archivos de programa\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (shARES Toolbar) - {9C905B42-976E-43C1-BC30-FC5937017909} - C:\Archivos de programa\shARES\tbshA0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Softonic ES Toolbar) - {C2ED826E-8903-4A9D-B0DF-3A8FB8EA918A} - C:\Archivos de programa\Softonic_ES\tbSof1.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Archivos de programa\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Mininova-Vuze Toolbar) - {D51D388B-F5DC-471A-A1CE-5E2D671091C0} - C:\Archivos de programa\Mininova-Vuze\tbMin0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Archivos de programa\Winamp Toolbar\winamptb.dll (AOL LLC.)
O3 - HKCU\..\Toolbar\WebBrowser: (Mininova Toolbar) - {F592709F-FF4A-4862-B659-4AFABDA56312} - C:\Archivos de programa\Mininova\tbMin1.dll (Conduit Ltd.)
O4 - HKLM..\Run: [Adobe ARM] C:\Archivos de programa\Archivos comunes\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avgnt] C:\Archivos de programa\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Archivos de programa\Archivos comunes\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Archivos de programa\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Archivos de programa\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [swg] C:\Archivos de programa\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [uTorrent] C:\Archivos de programa\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Datos de programa\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: Google Sidewiki... - C:\Archivos de programa\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Archivos de programa\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 200.49.130.20 200.49.130.21 200.49.130.32 172.20.2.23
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Archivos de programa\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Archivos de programa\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O24 - Desktop Components:0 (Mi página de inicio actual) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Felicidad.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Felicidad.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/12/09 10:52:10 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: UxTuneUp - C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software)
NetSvcs: WmdmPmSp - File not found

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Generación de gráficos vectoriales (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Enlace dinámico de datos HTML para Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Autoría avanzada
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - Clases Java DirectAnimation
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Carpetas Web
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Programador de tareas
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corp.)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.ffds - C:\Archivos de programa\Combined Community Codec Pack\Filters\FFDShow\ff_vfw.dll ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (56027131116781568)

========== Files/Folders - Created Within 30 Days ==========

[2010/08/06 16:48:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2010/08/06 04:09:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\yo\Datos de programa\Youtube Downloader HD
[2010/08/06 04:09:34 | 000,000,000 | ---D | C] -- C:\Archivos de programa\Youtube Downloader HD
[2010/08/06 04:08:12 | 003,513,989 | ---- | C] (YoutubeDownloaderHD.com ) -- C:\Archivos de programa\youtube_downloader_hd_setup.exe
[2010/08/02 13:01:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\yo\Datos de programa\Malwarebytes
[2010/08/02 13:00:52 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/08/02 13:00:51 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/08/02 13:00:51 | 000,000,000 | ---D | C] -- C:\Archivos de programa\Malwarebytes' Anti-Malware
[2010/08/02 13:00:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Datos de programa\Malwarebytes
[2010/08/02 12:08:57 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\yo\Recent
[2010/07/31 05:11:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Datos de programa\Spybot - Search & Destroy
[2010/07/31 05:11:58 | 000,000,000 | ---D | C] -- C:\Archivos de programa\Spybot - Search & Destroy
[2010/07/30 15:22:53 | 000,000,000 | ---D | C] -- C:\Archivos de programa\OTL
[2010/07/30 02:35:13 | 000,000,000 | ---D | C] -- C:\Archivos de programa\Archivos comunes\Adobe
[2010/07/30 02:35:13 | 000,000,000 | ---D | C] -- C:\Archivos de programa\Adobe
[2010/07/30 02:14:55 | 000,000,000 | ---D | C] -- C:\Archivos de programa\JavaRa
[2010/07/30 02:13:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Datos de programa\Sun
[2010/07/30 02:12:59 | 000,000,000 | ---D | C] -- C:\Archivos de programa\Archivos comunes\Java
[2010/07/30 02:12:07 | 000,423,656 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/07/30 02:12:07 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/07/30 02:12:07 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/07/30 02:12:07 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/07/30 02:12:07 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/07/30 02:11:53 | 000,000,000 | ---D | C] -- C:\Archivos de programa\Java
[2010/07/30 02:11:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\yo\Datos de programa\Sun
[2010/07/30 02:00:06 | 016,062,240 | ---- | C] (Sun Microsystems, Inc.) -- C:\Documents and Settings\yo\Escritorio\jre-6u21-windows-i586.exe
[2010/07/25 01:51:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\yo\Escritorio\Discos
[2010/07/17 20:11:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\yo\Configuración local\Datos de programa\Sunbelt Software
[2010/07/17 20:00:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2010/07/17 19:16:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Datos de programa\WidgetServer
[2010/07/17 02:46:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Datos de programa\Macromedia
[2010/07/16 19:03:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\yo\Configuración local\Datos de programa\Winamp Toolbar
[2010/07/16 18:45:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Datos de programa\Winamp Toolbar
[2010/07/16 18:45:47 | 000,000,000 | ---D | C] -- C:\Archivos de programa\Winamp Toolbar
[2010/07/15 15:11:06 | 000,018,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2010/07/15 15:10:57 | 000,000,000 | ---D | C] -- C:\Archivos de programa\Windows Media Connect 2
[2010/07/15 15:10:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF
[2010/07/15 15:10:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2010/07/14 19:43:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\yo\Datos de programa\vlc
[2010/07/14 19:41:58 | 000,000,000 | ---D | C] -- C:\Archivos de programa\VLC
[2010/07/14 16:49:31 | 000,000,000 | ---D | C] -- C:\Archivos de programa\RealArcade
[2010/07/14 15:47:03 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe
[2010/07/13 00:56:48 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/08/08 03:42:47 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/08/08 03:27:00 | 000,001,038 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/08/08 03:01:00 | 000,000,242 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2010/08/08 01:55:24 | 008,650,752 | -H-- | M] () -- C:\Documents and Settings\yo\NTUSER.DAT
[2010/08/08 01:02:34 | 000,000,268 | -H-- | M] () -- C:\sqmdata07.sqm
[2010/08/08 01:02:34 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2010/08/08 01:00:13 | 000,001,034 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/08/08 01:00:13 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/08 01:00:11 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/08/07 16:17:27 | 000,171,008 | ---- | M] () -- C:\Documents and Settings\yo\Configuración local\Datos de programa\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/07 16:16:05 | 000,000,671 | ---- | M] () -- C:\Documents and Settings\yo\Datos de programa\vso_ts_preview.xml
[2010/08/07 01:09:26 | 000,000,268 | -H-- | M] () -- C:\sqmdata06.sqm
[2010/08/07 01:09:26 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2010/08/07 01:06:29 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/08/07 01:05:35 | 000,000,192 | -HS- | M] () -- C:\Documents and Settings\yo\ntuser.ini
[2010/08/06 04:35:34 | 010,014,027 | ---- | M] () -- C:\Documents and Settings\yo\Mis documentos\Mama Waits-Bryan Scary and the Shredding Tears.mp4
[2010/08/06 04:30:24 | 006,445,976 | ---- | M] () -- C:\Documents and Settings\yo\Mis documentos\Zero Light by Bryan Scary and the Shedding Tears_(480p).avi.mp3
[2010/08/06 04:21:10 | 010,299,006 | ---- | M] () -- C:\Documents and Settings\yo\Mis documentos\Zero Light by Bryan Scary and the Shedding Tears_(480p).avi
[2010/08/06 04:09:35 | 000,000,785 | ---- | M] () -- C:\Documents and Settings\yo\Escritorio\Youtube Downloader HD.lnk
[2010/08/06 04:08:12 | 003,513,989 | ---- | M] (YoutubeDownloaderHD.com ) -- C:\Archivos de programa\youtube_downloader_hd_setup.exe
[2010/08/05 00:44:23 | 000,000,633 | ---- | M] () -- C:\Documents and Settings\yo\Escritorio\Acceso directo a Burrrn.lnk
[2010/08/03 13:12:45 | 000,000,268 | -H-- | M] () -- C:\sqmdata05.sqm
[2010/08/03 13:12:45 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2010/08/03 12:49:02 | 000,016,608 | ---- | M] (Windows (R) 2000 DDK provider) -- C:\WINDOWS\gdrv.sys
[2010/08/03 03:07:30 | 000,000,268 | -H-- | M] () -- C:\sqmdata04.sqm
[2010/08/03 03:07:30 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2010/08/03 03:01:54 | 004,312,768 | -H-- | M] () -- C:\Documents and Settings\yo\Configuración local\Datos de programa\IconCache.db
[2010/08/03 01:00:01 | 000,000,268 | -H-- | M] () -- C:\sqmdata03.sqm
[2010/08/03 01:00:01 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2010/08/02 19:48:10 | 000,000,268 | -H-- | M] () -- C:\sqmdata02.sqm
[2010/08/02 19:48:10 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2010/08/02 13:00:55 | 000,000,731 | ---- | M] () -- C:\Documents and Settings\All Users\Escritorio\Malwarebytes' Anti-Malware.lnk
[2010/07/31 05:12:01 | 000,000,982 | ---- | M] () -- C:\Documents and Settings\yo\Escritorio\Spybot - Search & Destroy.lnk
[2010/07/31 04:24:49 | 000,000,268 | -H-- | M] () -- C:\sqmdata01.sqm
[2010/07/31 04:24:49 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2010/07/30 02:35:48 | 000,001,764 | ---- | M] () -- C:\Documents and Settings\All Users\Escritorio\Adobe Reader 9.lnk
[2010/07/30 02:11:55 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/07/30 02:11:55 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/07/30 02:11:55 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/07/30 02:11:55 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/07/30 02:11:55 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/07/30 02:00:06 | 016,062,240 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\yo\Escritorio\jre-6u21-windows-i586.exe
[2010/07/30 01:09:40 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
[2010/07/30 01:09:40 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2010/07/29 17:44:48 | 000,000,268 | -H-- | M] () -- C:\sqmdata19.sqm
[2010/07/29 17:44:48 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm
[2010/07/28 05:29:08 | 000,001,876 | ---- | M] () -- C:\Documents and Settings\All Users\Escritorio\Google Chrome.lnk
[2010/07/27 18:57:29 | 000,000,268 | -H-- | M] () -- C:\sqmdata18.sqm
[2010/07/27 18:57:29 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm
[2010/07/27 14:38:02 | 000,000,731 | ---- | M] () -- C:\Documents and Settings\yo\Escritorio\CCleaner.lnk
[2010/07/27 03:29:55 | 008,504,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shell32.dll
[2010/07/23 12:24:03 | 000,001,794 | ---- | M] () -- C:\Documents and Settings\All Users\Escritorio\TuneUp 1-Click Maintenance.lnk
[2010/07/23 12:24:03 | 000,001,792 | ---- | M] () -- C:\Documents and Settings\All Users\Escritorio\TuneUp Utilities.lnk
[2010/07/17 23:32:59 | 000,000,703 | ---- | M] () -- C:\Documents and Settings\All Users\Escritorio\Winamp.lnk
[2010/07/17 22:18:39 | 000,000,268 | -H-- | M] () -- C:\sqmdata17.sqm
[2010/07/17 22:18:39 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm
[2010/07/17 20:19:44 | 000,000,268 | -H-- | M] () -- C:\sqmdata16.sqm
[2010/07/17 20:19:44 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
[2010/07/17 20:05:01 | 000,000,268 | -H-- | M] () -- C:\sqmdata15.sqm
[2010/07/17 20:05:01 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
[2010/07/17 09:10:19 | 000,000,268 | -H-- | M] () -- C:\sqmdata14.sqm
[2010/07/17 09:10:19 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
[2010/07/16 02:23:20 | 000,772,234 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/07/16 02:23:20 | 000,362,564 | ---- | M] () -- C:\WINDOWS\System32\perfh00A.dat
[2010/07/16 02:23:20 | 000,311,740 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/07/16 02:23:20 | 000,051,286 | ---- | M] () -- C:\WINDOWS\System32\perfc00A.dat
[2010/07/16 02:23:20 | 000,040,128 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/07/16 02:22:06 | 000,000,268 | -H-- | M] () -- C:\sqmdata13.sqm
[2010/07/16 02:22:06 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2010/07/15 15:42:43 | 000,000,268 | -H-- | M] () -- C:\sqmdata12.sqm
[2010/07/15 15:42:43 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2010/07/15 15:41:42 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/07/15 15:41:42 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/07/15 15:11:00 | 000,000,603 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/07/15 15:10:31 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2010/07/15 15:10:05 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2010/07/14 19:42:30 | 000,000,659 | ---- | M] () -- C:\Documents and Settings\All Users\Escritorio\VLC media player.lnk
[2010/07/14 17:02:12 | 000,056,832 | ---- | M] () -- C:\Documents and Settings\yo\Mis documentos\CV - Sebastián DE RIZ - Luis.doc
[2010/07/14 17:02:12 | 000,056,832 | ---- | M] () -- C:\Documents and Settings\yo\Escritorio\Curriculum Vitae.doc
[2010/07/13 19:30:56 | 000,000,268 | -H-- | M] () -- C:\sqmdata11.sqm
[2010/07/13 19:30:56 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2010/07/12 17:27:03 | 000,003,299 | ---- | M] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp m4a Codec.dat
[2010/07/12 17:26:43 | 000,033,846 | ---- | M] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp m4a Codec.bmp
[2010/07/12 17:26:27 | 000,869,608 | ---- | M] () -- C:\WINDOWS\System32\SpoonUninstall.exe
[2010/07/11 18:40:50 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2010/07/11 18:40:50 | 000,000,232 | -H-- | M] () -- C:\sqmdata10.sqm
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/08/06 04:33:44 | 010,014,027 | ---- | C] () -- C:\Documents and Settings\yo\Mis documentos\Mama Waits-Bryan Scary and the Shredding Tears.mp4
[2010/08/06 04:30:09 | 006,445,976 | ---- | C] () -- C:\Documents and Settings\yo\Mis documentos\Zero Light by Bryan Scary and the Shedding Tears_(480p).avi.mp3
[2010/08/06 04:20:33 | 010,299,006 | ---- | C] () -- C:\Documents and Settings\yo\Mis documentos\Zero Light by Bryan Scary and the Shedding Tears_(480p).avi
[2010/08/06 04:09:35 | 000,000,785 | ---- | C] () -- C:\Documents and Settings\yo\Escritorio\Youtube Downloader HD.lnk
[2010/08/05 00:44:23 | 000,000,633 | ---- | C] () -- C:\Documents and Settings\yo\Escritorio\Acceso directo a Burrrn.lnk
[2010/08/02 13:00:55 | 000,000,731 | ---- | C] () -- C:\Documents and Settings\All Users\Escritorio\Malwarebytes' Anti-Malware.lnk
[2010/07/31 05:12:01 | 000,000,982 | ---- | C] () -- C:\Documents and Settings\yo\Escritorio\Spybot - Search & Destroy.lnk
[2010/07/30 02:35:48 | 000,001,764 | ---- | C] () -- C:\Documents and Settings\All Users\Escritorio\Adobe Reader 9.lnk
[2010/07/27 14:38:01 | 000,000,731 | ---- | C] () -- C:\Documents and Settings\yo\Escritorio\CCleaner.lnk
[2010/07/15 15:10:05 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2010/07/14 19:42:30 | 000,000,659 | ---- | C] () -- C:\Documents and Settings\All Users\Escritorio\VLC media player.lnk
[2010/07/14 17:06:18 | 000,056,832 | ---- | C] () -- C:\Documents and Settings\yo\Escritorio\Curriculum Vitae.doc
[2010/07/12 17:27:03 | 000,033,846 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp m4a Codec.bmp
[2010/07/12 17:27:03 | 000,003,299 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp m4a Codec.dat
[2008/12/09 11:28:41 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/12/09 11:08:14 | 000,000,379 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/12/09 10:59:55 | 000,147,456 | R--- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4864.dll
[2003/04/11 12:14:14 | 000,005,827 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== Custom Scans ==========

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2010/05/04 14:16:49 | 000,347,136 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2010/05/04 14:16:49 | 000,214,528 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\*.exe /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2008/12/09 18:42:10 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2008/12/09 18:42:10 | 000,667,648 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2008/12/09 18:42:10 | 000,491,520 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\*.sys >
[2001/08/24 07:00:00 | 000,009,035 | ---- | M] () -- C:\WINDOWS\system32\ansi.sys
[2001/08/24 07:00:00 | 000,027,097 | ---- | M] () -- C:\WINDOWS\system32\country.sys
[2001/08/24 07:00:00 | 000,004,960 | ---- | M] () -- C:\WINDOWS\system32\himem.sys
[2001/08/24 07:00:00 | 000,042,809 | ---- | M] () -- C:\WINDOWS\system32\key01.sys
[2004/08/03 17:46:56 | 000,042,537 | ---- | M] () -- C:\WINDOWS\system32\keyboard.sys
[2001/08/24 07:00:00 | 000,027,900 | ---- | M] () -- C:\WINDOWS\system32\ntdos.sys
[2001/08/24 07:00:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos404.sys
[2001/08/24 07:00:00 | 000,029,370 | ---- | M] () -- C:\WINDOWS\system32\ntdos411.sys
[2001/08/24 07:00:00 | 000,029,274 | ---- | M] () -- C:\WINDOWS\system32\ntdos412.sys
[2001/08/24 07:00:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos804.sys
[2004/08/03 17:45:24 | 000,034,016 | ---- | M] () -- C:\WINDOWS\system32\ntio.sys
[2004/08/03 17:45:16 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio404.sys
[2004/08/03 17:45:12 | 000,035,648 | ---- | M] () -- C:\WINDOWS\system32\ntio411.sys
[2004/08/03 17:45:16 | 000,035,424 | ---- | M] () -- C:\WINDOWS\system32\ntio412.sys
[2004/08/03 17:45:14 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio804.sys
[2008/04/13 23:15:00 | 000,017,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\watchdog.sys
[2010/05/02 05:07:58 | 001,851,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\win32k.sys
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\drivers\*.dll >
[2008/04/14 06:48:20 | 000,004,255 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv01nt5.dll
[2008/04/14 06:48:20 | 000,003,967 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv02nt5.dll
[2008/04/14 06:48:20 | 000,003,615 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv05nt5.dll
[2008/04/14 06:48:20 | 000,003,647 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv07nt5.dll
[2008/04/14 06:48:20 | 000,003,135 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv08nt5.dll
[2008/04/14 06:48:20 | 000,003,711 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv09nt5.dll
[2008/04/14 06:48:20 | 000,003,775 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv11nt5.dll
[2008/04/14 06:48:20 | 000,021,183 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv01nt5.dll
[2008/04/14 06:48:20 | 000,011,359 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv02nt5.dll
[2008/04/14 06:48:20 | 000,025,471 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv04nt5.dll
[2008/04/14 06:48:20 | 000,014,143 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv06nt5.dll
[2008/04/14 06:48:20 | 000,017,279 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv10nt5.dll
[2008/04/14 06:48:22 | 000,015,423 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\ch7xxnt5.dll
[2008/04/14 06:48:38 | 000,003,901 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\siint5.dll
[2008/04/14 06:48:46 | 000,011,325 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\vchnt5.dll

< %systemroot%\system32\drivers\*.ini >

< %systemroot%\system32\drivers\*.exe >

< %SYSTEMDRIVE%\*.* >
[2010/07/30 01:08:40 | 000,009,161 | ---- | M] () -- C:\aaw7boot.log
[2008/12/09 10:52:10 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2008/12/09 10:48:20 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2001/08/24 07:00:00 | 000,004,952 | RHS- | M] () -- C:\Bootfont.bin
[2010/06/27 21:49:09 | 000,000,000 | ---- | M] () -- C:\cdrdao
[2008/12/09 10:52:10 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2008/12/09 11:02:16 | 000,000,043 | ---- | M] () -- C:\csb.log
[2008/12/09 10:52:10 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/07/30 02:16:57 | 000,006,079 | ---- | M] () -- C:\JavaRa.log
[2008/12/09 10:52:10 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/03 17:38:34 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/12/09 11:19:40 | 000,251,168 | RHS- | M] () -- C:\ntldr
[2004/02/29 12:44:34 | 000,052,576 | ---- | M] () -- C:\orange.bmp
[2010/08/08 01:00:09 | 3203,399,680 | -HS- | M] () -- C:\pagefile.sys
[2008/12/09 11:00:49 | 000,000,436 | ---- | M] () -- C:\RHDSetup.log
[2010/07/30 01:09:40 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
[2010/07/31 04:24:49 | 000,000,268 | -H-- | M] () -- C:\sqmdata01.sqm
[2010/08/02 19:48:10 | 000,000,268 | -H-- | M] () -- C:\sqmdata02.sqm
[2010/08/03 01:00:01 | 000,000,268 | -H-- | M] () -- C:\sqmdata03.sqm
[2010/08/03 03:07:30 | 000,000,268 | -H-- | M] () -- C:\sqmdata04.sqm
[2010/08/03 13:12:45 | 000,000,268 | -H-- | M] () -- C:\sqmdata05.sqm
[2010/08/07 01:09:26 | 000,000,268 | -H-- | M] () -- C:\sqmdata06.sqm
[2010/08/08 01:02:34 | 000,000,268 | -H-- | M] () -- C:\sqmdata07.sqm
[2010/07/06 21:46:26 | 000,000,268 | -H-- | M] () -- C:\sqmdata08.sqm
[2010/07/07 16:24:02 | 000,000,268 | -H-- | M] () -- C:\sqmdata09.sqm
[2010/07/11 18:40:50 | 000,000,232 | -H-- | M] () -- C:\sqmdata10.sqm
[2010/07/13 19:30:56 | 000,000,268 | -H-- | M] () -- C:\sqmdata11.sqm
[2010/07/15 15:42:43 | 000,000,268 | -H-- | M] () -- C:\sqmdata12.sqm
[2010/07/16 02:22:06 | 000,000,268 | -H-- | M] () -- C:\sqmdata13.sqm
[2010/07/17 09:10:19 | 000,000,268 | -H-- | M] () -- C:\sqmdata14.sqm
[2010/07/17 20:05:01 | 000,000,268 | -H-- | M] () -- C:\sqmdata15.sqm
[2010/07/17 20:19:44 | 000,000,268 | -H-- | M] () -- C:\sqmdata16.sqm
[2010/07/17 22:18:39 | 000,000,268 | -H-- | M] () -- C:\sqmdata17.sqm
[2010/07/27 18:57:29 | 000,000,268 | -H-- | M] () -- C:\sqmdata18.sqm
[2010/07/29 17:44:48 | 000,000,268 | -H-- | M] () -- C:\sqmdata19.sqm
[2010/07/30 01:09:40 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2010/07/31 04:24:49 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2010/08/02 19:48:10 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2010/08/03 01:00:01 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2010/08/03 03:07:30 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2010/08/03 13:12:45 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2010/08/07 01:09:26 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2010/08/08 01:02:34 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2010/07/06 21:46:26 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2010/07/07 16:24:02 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2010/07/11 18:40:50 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2010/07/13 19:30:56 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2010/07/15 15:42:43 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2010/07/16 02:22:06 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2010/07/17 09:10:19 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
[2010/07/17 20:05:01 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
[2010/07/17 20:19:44 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
[2010/07/17 22:18:39 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm
[2010/07/27 18:57:29 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm
[2010/07/29 17:44:48 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm

< %PROGRAMFILES%\*. >
[2010/07/30 02:35:13 | 000,000,000 | ---D | M] -- C:\Archivos de programa\Adobe
[2010/07/30 02:35:13 | 000,000,000 | ---D | M] -- C:\Archivos de programa\Archivos comunes
[2010/08/02 18:26:26 | 000,000,000 | ---D | M] -- C:\Archivos de programa\Ares
[2010/06/02 20:01:19 | 000,000,000 | ---D | M] -- C:\Archivos de programa\Ask.com
[2010/08/02 18:30:55 | 000,000,000 | ---D | M] -- C:\Archivos de programa\Avira
[2010/08/05 00:44:50 | 000,000,000 | ---D | M] -- C:\Archivos de programa\Burrrn
[2010/06/28 00:25:10 | 000,000,000 | ---D | M] -- C:\Archivos de programa\burrrn_1.13
[2010/08/02 18:53:59 | 000,000,000 | ---D | M] -- C:\Archivos de programa\CCleaner
[2008/12/09 11:08:25 | 000,000,000 | ---D | M] -- C:\Archivos de programa\Combined Community Codec Pack
[2008/12/09 10:49:56 | 000,000,000 | ---D | M] -- C:\Archivos de programa\ComPlus Applications
[2009/05/06 02:51:28 | 000,000,000 | ---D | M] -- C:\Archivos de programa\Conduit
[2010/06/20 01:50:59 | 000,000,000 | ---D | M] -- C:\Archivos de programa\cuesplitter_setup
[2010/08/02 18:27:07 | 000,000,000 | ---D | M] -- C:\Archivos de programa\eMule
[2010/08/02 18:50:24 | 000,000,000 | ---D | M] -- C:\Archivos de programa\EVEREST Ultimate Edition
[2010/08/02 18:49:20 | 000,000,000 | ---D | M] -- C:\Archivos de programa\foobar2000
[2010/05/03 12:48:24 | 000,000,000 | ---D | M] -- C:\Archivos de programa\Google
[2010/08/02 18:44:15 | 000,000,000 | ---D | M] -- C:\Archivos de programa\Illustrate
[2008/12/09 11:02:03 | 000,000,000 | -H-D | M] -- C:\Archivos de programa\InstallShield Installation Information
[2008/12/09 10:58:09 | 000,000,000 | ---D | M] -- C:\Archivos de programa\Intel
[2010/06/10 18:45:32 | 000,000,000 | ---D | M] -- C:\Archivos de programa\Internet Explorer
[2010/07/30 02:11:53 | 000,000,000 | ---D | M] -- C:\Archivos de programa\Java
[2010/07/30 02:14:56 | 000,000,000 | ---D | M] -- C:\Archivos de programa\JavaRa
[2010/08/02 18:28:21 | 000,000,000 | ---D | M] -- C:\Archivos de programa\Last.fm
[2010/08/02 18:18:15 | 000,000,000 | ---D | M] -- C:\Archivos de programa\Malwarebytes' Anti-Malware
[2010/06/20 01:51:29 | 000,000,000 | ---D | M] -- C:\Archivos de programa\Medieval Software
[2008/12/26 17:39:36 | 000,000,000 | ---D | M] -- C:\Archivos de programa\Messenger
[2008/12/09 10:52:25 | 000,000,000 | ---D | M] -- C:\Archivos de programa\microsoft frontpage
[2010/01/01 17:54:08 | 000,000,000 | ---D | M] -- C:\Archivos de programa\Microsoft Multimedia
[2008/12/09 11:07:39 | 000,000,000 | ---D | M] -- C:\Archivos de programa\Microsoft Office
[2008/12/09 11:07:35 | 000,000,000 | ---D | M] -- C:\Archivos de programa\Microsoft Visual Studio
[2008/12/09 11:07:37 | 000,000,000 | ---D | M] -- C:\Archivos de programa\Microsoft Works
[2008/12/09 11:07:50 | 000,000,000 | ---D | M] -- C:\Archivos de programa\Microsoft.NET
[2010/02/19 15:33:12 | 000,000,000 | ---D | M] -- C:\Archivos de programa\Mininova
[2010/05/03 13:21:56 | 000,000,000 | ---D | M] -- C:\Archivos de programa\Mininova-Vuze
[2010/08/02 19:01:06 | 000,000,000 | ---D | M] -- C:\Archivos de programa\Monkey's Audio
[2010/03/31 13:16:51 | 000,000,000 | ---D | M] -- C:\Archivos de programa\Movie Maker
[2010/07/17 19:16:16 | 000,000,000 | ---D | M] -- C:\Archivos de programa\Mozilla Firefox
[2008/12/09 10:49:14 | 000,000,000 | ---D | M] -- C:\Archivos de programa\MSN
[2008/12/09 10:49:38 | 000,000,000 | ---D | M] -- C:\Archivos de programa\MSN Gaming Zone
[2009/10/19 20:23:22 | 000,000,000 | ---D | M] -- C:\Archivos de programa\MSN Messenger
[2008/12/09 11:09:31 | 000,000,000 | ---D | M] -- C:\Archivos de programa\Nero
[2008/12/09 11:20:48 | 000,000,000 | ---D | M] -- C:\Archivos de programa\NetMeeting
[2009/09/17 20:12:14 | 000,000,000 | ---D | M] -- C:\Archivos de programa\nTorrent-bin-0.5-win
[2008/12/09 10:49:46 | 000,000,000 | ---D | M] -- C:\Archivos de programa\Online Services
[2010/08/08 03:43:27 | 000,000,000 | ---D | M] -- C:\Archivos de programa\OTL
[2010/06/05 00:49:11 | 000,000,000 | ---D | M] -- C:\Archivos de programa\Outlook Express
[2009/11/19 19:05:04 | 000,000,000 | ---D | M] -- C:\Archivos de programa\Real
[2008/12/09 11:16:42 | 000,000,000 | ---D | M] -- C:\Archivos de programa\Real Alternative
[2010/07/14 17:11:21 | 000,000,000 | ---D | M] -- C:\Archivos de programa\RealArcade
[2008/12/09 11:02:03 | 000,000,000 | ---D | M] -- C:\Archivos de programa\Realtek
[2010/08/02 18:31:13 | 000,000,000 | ---D | M] -- C:\Archivos de programa\RemoveWGA_Victorxxx
[2008/12/09 10:51:18 | 000,000,000 | ---D | M] -- C:\Archivos de programa\Servicios en línea
[2010/01/06 17:40:46 | 000,000,000 | ---D | M] -- C:\Archivos de programa\shARES
[2010/05/10 14:39:04 | 000,000,000 | ---D | M] -- C:\Archivos de programa\Softonic_ES
[2010/08/02 18:56:29 | 000,000,000 | ---D | M] -- C:\Archivos de programa\Spybot - Search & Destroy
[2010/08/02 18:22:03 | 000,000,000 | ---D | M] -- C:\Archivos de programa\TotalAudioConverter
[2010/05/03 12:15:22 | 000,000,000 | ---D | M] -- C:\Archivos de programa\TU.U.10
[2010/07/23 12:24:14 | 000,000,000 | ---D | M] -- C:\Archivos de programa\TuneUp Utilities 2010
[2008/12/09 10:55:12 | 000,000,000 | -H-D | M] -- C:\Archivos de programa\Uninstall Information
[2009/07/15 12:48:57 | 000,000,000 | ---D | M] -- C:\Archivos de programa\uTorrent
[2010/07/30 02:32:44 | 000,000,000 | ---D | M] -- C:\Archivos de programa\VDOWNLOADER
[2010/08/02 18:25:47 | 000,000,000 | ---D | M] -- C:\Archivos de programa\VirtualDub-1.9.8
[2010/08/02 18:51:26 | 000,000,000 | ---D | M] -- C:\Archivos de programa\VLC
[2010/08/02 18:29:16 | 000,000,000 | ---D | M] -- C:\Archivos de programa\VSO
[2010/08/02 18:33:00 | 000,000,000 | ---D | M] -- C:\Archivos de programa\Winamp
[2010/07/16 18:45:51 | 000,000,000 | ---D | M] -- C:\Archivos de programa\Winamp Detect
[2010/07/16 18:45:48 | 000,000,000 | ---D | M] -- C:\Archivos de programa\Winamp Toolbar
[2010/07/15 15:10:57 | 000,000,000 | ---D | M] -- C:\Archivos de programa\Windows Media Connect 2
[2010/07/15 15:10:56 | 000,000,000 | ---D | M] -- C:\Archivos de programa\Windows Media Player
[2008/12/09 11:20:46 | 000,000,000 | ---D | M] -- C:\Archivos de programa\Windows NT
[2008/12/09 10:51:21 | 000,000,000 | -H-D | M] -- C:\Archivos de programa\WindowsUpdate
[2010/08/02 19:14:54 | 000,000,000 | ---D | M] -- C:\Archivos de programa\WinRAR
[2010/06/04 21:50:51 | 000,000,000 | ---D | M] -- C:\Archivos de programa\WXP
[2008/12/09 10:52:25 | 000,000,000 | ---D | M] -- C:\Archivos de programa\xerox
[2010/06/04 19:44:43 | 000,000,000 | ---D | M] -- C:\Archivos de programa\Xp SP3
[2010/08/06 04:09:35 | 000,000,000 | ---D | M] -- C:\Archivos de programa\Youtube Downloader HD

< %appdata%\*.* >
[2008/12/09 17:43:33 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\yo\Datos de programa\desktop.ini
[2010/04/06 16:18:25 | 000,081,920 | ---- | M] () -- C:\Documents and Settings\yo\Datos de programa\ezpinst.exe
[2010/02/03 14:36:34 | 000,087,608 | ---- | M] () -- C:\Documents and Settings\yo\Datos de programa\inst.exe
[2010/04/06 16:18:25 | 000,007,176 | ---- | M] () -- C:\Documents and Settings\yo\Datos de programa\pcouffin.cat
[2010/04/06 16:18:25 | 000,001,144 | ---- | M] () -- C:\Documents and Settings\yo\Datos de programa\pcouffin.inf
[2010/04/06 16:18:32 | 000,000,034 | ---- | M] () -- C:\Documents and Settings\yo\Datos de programa\pcouffin.log
[2010/04/06 16:18:25 | 000,047,360 | ---- | M] (VSO Software) -- C:\Documents and Settings\yo\Datos de programa\pcouffin.sys
[2010/08/07 16:16:05 | 000,000,671 | ---- | M] () -- C:\Documents and Settings\yo\Datos de programa\vso_ts_preview.xml

< MD5 for: AGP440.SYS >
[2004/08/19 10:56:12 | 018,785,875 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/04/14 07:01:54 | 020,100,698 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/04/14 07:01:54 | 020,100,698 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 23:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 23:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 23:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

**vitrola** · **vitrola** on 8th August 2010, 8:07 am

Part 2 of OTL.text

< MD5 for: ATAPI.SYS >
[2004/08/19 10:56:12 | 018,785,875 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/04/14 07:01:54 | 020,100,698 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/04/14 07:01:54 | 020,100,698 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 23:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 23:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 21:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/03 17:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys

< MD5 for: DISK.SYS >
[2004/08/19 10:56:12 | 018,785,875 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:disk.sys
[2008/04/14 07:01:54 | 020,100,698 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:disk.sys
[2008/04/14 07:01:54 | 020,100,698 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:disk.sys
[2004/08/03 17:59:56 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\$NtServicePackUninstall$\disk.sys
[2008/04/13 23:10:48 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\ServicePackFiles\i386\disk.sys
[2008/04/13 23:10:48 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\drivers\disk.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/14 06:48:22 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2744C713F0217BD8FFD13E2EF731371C -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/14 06:48:22 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2744C713F0217BD8FFD13E2EF731371C -- C:\WINDOWS\system32\eventlog.dll
[2004/08/19 10:42:08 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=5696DF4EF09C375CE42FB2DDE1E68AB7 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2004/08/19 10:42:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=7FD182B1B80117C353983565D60B1CAF -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2008/04/14 06:48:30 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=CD2BBB52DFAAB666B812A51B1E96F2A0 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/14 06:48:30 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=CD2BBB52DFAAB666B812A51B1E96F2A0 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2008/04/14 06:48:36 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=B6BE3C96CD33336A551DB3F2299A8E69 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/14 06:48:36 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=B6BE3C96CD33336A551DB3F2299A8E69 -- C:\WINDOWS\system32\scecli.dll
[2004/08/19 10:42:24 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=C6347748F2E9F310EA1E1915482ABFEF -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll

< MD5 for: USBSTOR.SYS >
[2004/08/19 10:56:12 | 018,785,875 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:usbstor.sys
[2008/04/14 07:01:54 | 020,100,698 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:usbstor.sys
[2008/04/14 07:01:54 | 020,100,698 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:usbstor.sys
[2004/08/03 18:08:48 | 000,026,496 | ---- | M] (Microsoft Corporation) MD5=6CD7B22193718F1D17A47A1CD6D37E75 -- C:\WINDOWS\$NtServicePackUninstall$\usbstor.sys
[2008/04/13 23:15:40 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\ServicePackFiles\i386\usbstor.sys
[2008/04/13 23:15:40 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\system32\drivers\usbstor.sys

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-08-03 05:30:39

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Datos de programa\TEMP:DFC5A2B2
< End of report >

**Belahzur** · **Belahzur** on 8th August 2010, 7:24 pm

Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

Post the contents of the MBAM Log.

**vitrola** · **vitrola** on 8th August 2010, 9:43 pm

Hi Belahzur
Thanks for your quick answer.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Versión de la Base de Datos: 4408

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

08/08/2010 05:49:52 p.m.
mbam-log-2010-08-08 (17-49-52).txt

Tipos de Análisis: Análisis Rápido
Objetos examinados: 130868
Tiempo transcurrido: 2 minuto(s), 44 segundo(s)

Procesos en Memoria Infectados: 0
Módulos de Memoria Infectados: 0
Claves del Registro Infectadas: 0
Valores del Registro Infectados: 0
Elementos de Datos del Registro Infectados: 0
Carpetas Infectadas: 0
Archivos Infectados: 0

Procesos en Memoria Infectados:
(No se han detectado elementos maliciosos)

Módulos de Memoria Infectados:
(No se han detectado elementos maliciosos)

Claves del Registro Infectadas:
(No se han detectado elementos maliciosos)

Valores del Registro Infectados:
(No se han detectado elementos maliciosos)

Elementos de Datos del Registro Infectados:
(No se han detectado elementos maliciosos)

Carpetas Infectadas:
(No se han detectado elementos maliciosos)

Archivos Infectados:
(No se han detectado elementos maliciosos)

**Belahzur** · **Belahzur** on 8th August 2010, 9:52 pm

Hello.
Can you post Extras.txt please? your first post saying where the trojan was found is harmless, just system restore and not a big risk right now.

**vitrola** · **vitrola** on 8th August 2010, 10:43 pm

Hi
The OTL produced only 1 file "OTL.txt", is that posible? Because it didn't show in the OTL folder and apparently is not anywhere.
And what you say about system restore, what I have to do exactly?

Thanks

**Belahzur** · **Belahzur** on 9th August 2010, 11:52 pm

Hello.

Please download the current version of HijackThis from HERE

Double click and run the installer.
It will install to C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
After installing, you should get the user agreement, press accept and Hijack This will run.
When Hijack This opens, click "Open the Misc Tools section"
Then select "Open Uninstall Manager"
Click on "Save List..." (generates uninstall_list.txt)
Click Save, copy and paste the results in your next post.

**vitrola** · **vitrola** on 10th August 2010, 3:38 am

Hi again
Here is:

Actualización de seguridad para el Reproductor de Windows Media (KB952069)
Actualización de seguridad para el Reproductor de Windows Media (KB954155)
Actualización de seguridad para el Reproductor de Windows Media (KB968816)
Actualización de seguridad para el Reproductor de Windows Media (KB973540)
Actualización de seguridad para el Reproductor de Windows Media (KB978695)
Actualización de seguridad para el Reproductor de Windows Media (KB979402)
Actualización de seguridad para el Reproductor de Windows Media 11 (KB954154)
Actualización de seguridad para Windows Internet Explorer 7 (KB938127-v2)
Actualización de seguridad para Windows Internet Explorer 7 (KB958215)
Actualización de seguridad para Windows Internet Explorer 7 (KB960714)
Actualización de seguridad para Windows Internet Explorer 7 (KB972260)
Actualización de seguridad para Windows Internet Explorer 7 (KB978207)
Actualización de seguridad para Windows Internet Explorer 7 (KB982381)
Actualización de seguridad para Windows XP (KB2229593)
Actualización de seguridad para Windows XP (KB2286198)
Actualización de seguridad para Windows XP (KB923561)
Actualización de seguridad para Windows XP (KB938464)
Actualización de seguridad para Windows XP (KB941569)
Actualización de seguridad para Windows XP (KB946648)
Actualización de seguridad para Windows XP (KB950762)
Actualización de seguridad para Windows XP (KB950974)
Actualización de seguridad para Windows XP (KB951066)
Actualización de seguridad para Windows XP (KB951376-v2)
Actualización de seguridad para Windows XP (KB951698)
Actualización de seguridad para Windows XP (KB951748)
Actualización de seguridad para Windows XP (KB952004)
Actualización de seguridad para Windows XP (KB952954)
Actualización de seguridad para Windows XP (KB954211)
Actualización de seguridad para Windows XP (KB954459)
Actualización de seguridad para Windows XP (KB954600)
Actualización de seguridad para Windows XP (KB955069)
Actualización de seguridad para Windows XP (KB956391)
Actualización de seguridad para Windows XP (KB956572)
Actualización de seguridad para Windows XP (KB956744)
Actualización de seguridad para Windows XP (KB956802)
Actualización de seguridad para Windows XP (KB956803)
Actualización de seguridad para Windows XP (KB956841)
Actualización de seguridad para Windows XP (KB956844)
Actualización de seguridad para Windows XP (KB957095)
Actualización de seguridad para Windows XP (KB957097)
Actualización de seguridad para Windows XP (KB958644)
Actualización de seguridad para Windows XP (KB958687)
Actualización de seguridad para Windows XP (KB958869)
Actualización de seguridad para Windows XP (KB959426)
Actualización de seguridad para Windows XP (KB960225)
Actualización de seguridad para Windows XP (KB960803)
Actualización de seguridad para Windows XP (KB960859)
Actualización de seguridad para Windows XP (KB961371-v2)
Actualización de seguridad para Windows XP (KB961373)
Actualización de seguridad para Windows XP (KB961501)
Actualización de seguridad para Windows XP (KB968537)
Actualización de seguridad para Windows XP (KB969059)
Actualización de seguridad para Windows XP (KB969947)
Actualización de seguridad para Windows XP (KB970238)
Actualización de seguridad para Windows XP (KB970430)
Actualización de seguridad para Windows XP (KB971468)
Actualización de seguridad para Windows XP (KB971486)
Actualización de seguridad para Windows XP (KB971557)
Actualización de seguridad para Windows XP (KB971633)
Actualización de seguridad para Windows XP (KB971657)
Actualización de seguridad para Windows XP (KB971961)
Actualización de seguridad para Windows XP (KB972270)
Actualización de seguridad para Windows XP (KB973346)
Actualización de seguridad para Windows XP (KB973354)
Actualización de seguridad para Windows XP (KB973507)
Actualización de seguridad para Windows XP (KB973525)
Actualización de seguridad para Windows XP (KB973869)
Actualización de seguridad para Windows XP (KB973904)
Actualización de seguridad para Windows XP (KB974112)
Actualización de seguridad para Windows XP (KB974318)
Actualización de seguridad para Windows XP (KB974392)
Actualización de seguridad para Windows XP (KB974571)
Actualización de seguridad para Windows XP (KB975025)
Actualización de seguridad para Windows XP (KB975467)
Actualización de seguridad para Windows XP (KB975560)
Actualización de seguridad para Windows XP (KB975561)
Actualización de seguridad para Windows XP (KB975562)
Actualización de seguridad para Windows XP (KB975713)
Actualización de seguridad para Windows XP (KB977165-v2)
Actualización de seguridad para Windows XP (KB977816)
Actualización de seguridad para Windows XP (KB977914)
Actualización de seguridad para Windows XP (KB978037)
Actualización de seguridad para Windows XP (KB978251)
Actualización de seguridad para Windows XP (KB978262)
Actualización de seguridad para Windows XP (KB978338)
Actualización de seguridad para Windows XP (KB978542)
Actualización de seguridad para Windows XP (KB978601)
Actualización de seguridad para Windows XP (KB978706)
Actualización de seguridad para Windows XP (KB979309)
Actualización de seguridad para Windows XP (KB979482)
Actualización de seguridad para Windows XP (KB979559)
Actualización de seguridad para Windows XP (KB979683)
Actualización de seguridad para Windows XP (KB980195)
Actualización de seguridad para Windows XP (KB980218)
Actualización de seguridad para Windows XP (KB980232)
Actualización de seguridad para Windows XP (KB981349)
Actualización para Windows Internet Explorer 7 (KB980182)
Actualización para Windows XP (KB898461)
Actualización para Windows XP (KB951978)
Actualización para Windows XP (KB955759)
Actualización para Windows XP (KB955839)
Actualización para Windows XP (KB967715)
Actualización para Windows XP (KB968389)
Actualización para Windows XP (KB971737)
Actualización para Windows XP (KB973687)
Actualización para Windows XP (KB973815)
Adobe Flash Player 10 ActiveX
Adobe Reader 9.3.3
Ares 2.1.2
Ask Toolbar
Avira AntiVir Personal - Free Antivirus
CCleaner
Combined Community Codec Pack 2008-01-24
Compresor WinRAR
ConvertXtoDVD 3.2.8.92
dBpoweramp FLAC Codec
dBpoweramp m4a Codec
dBpoweramp Monkeys Audio Codec
dBpoweramp Music Converter
eMule
EVEREST Ultimate Edition v5.50
foobar2000 v1.0.3
Google Chrome
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Google Update Helper
High Definition Audio Driver Package - KB888111
HiJackThis
Intel(R) Graphics Media Accelerator Driver
Java(TM) 6 Update 21
Last.fm 1.5.4.24567
Malwarebytes' Anti-Malware
Medieval CUE Splitter
Microsoft Cinemania 96
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Mininova Toolbar
Mininova-Vuze Toolbar
Monkey's Audio
Mozilla Firefox (3.0.3)
Nero 7.10.1.0
Real Alternative 1.9.0
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Realtek High Definition Audio Driver
Reproductor de Windows Media 11
Revisión para el Reproductor de Windows Media 11 (KB939683)
Revisión para Windows XP (KB952287)
Revisión para Windows XP (KB970653-v3)
Revisión para Windows XP (KB976098-v2)
Revisión para Windows XP (KB979306)
Revisión para Windows XP (KB981793)
shARES Toolbar
Softonic_ES Toolbar
Spybot - Search & Destroy
TuneUp Utilities
VDownloader 1.1
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VLC media player 1.1.0
Winamp
Winamp Toolbar
Windows Live Messenger
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
Youtube Downloader HD v. 2.2

Thanks!

**vitrola** · **vitrola** on 11th August 2010, 9:32 pm

Hello
Is this OK?
The audio system is working continuosly, but I still have folders added (they look like slides).

Thanks

**Belahzur** · **Belahzur** on 12th August 2010, 11:55 pm

Hello.

I see that you are running eMule.
P2P(Peer to peer) applications are designed to help you easily share and distribute files between you and a group of people. But they can also be used to distribute malware, and thus are not considered safe.
The removal of these programs is optional, but highly recommended.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

Download combofix from here
Link 1
Link 2

1. If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

2. During the download, rename Combofix to Combo-Fix as follows:

3. It is important you rename Combofix during the download, but not after.
4. Please do not rename Combofix to other names, but only to the one indicated.
5. Close any open browsers.
6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
We need to disable your local AV (Anti-virus) before running Combofix.
See HERE for how to disable your AV.
Double click on ComboFix.exe.
Follow the prompts. NOTE:
ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.
The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.
Allow ComboFix to download the Recovery Console.
Accept the End-User License Agreement.
The Recovery Console will be installed.
You will then get this next prompt that asks if you want to continue the malware scan, select yes
Allow combofix to run
Post C:\combofix.txt back here.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.