TR/Trash.Gen [trojan]

Page 2 of 2 Previous  1, 2

View previous topic View next topic Go down

Solved TR/Trash.Gen [trojan]

Post by vitrola on Sun 08 Aug 2010, 6:53 pm

First topic message reminder :

Hi
Help needed
This is my 1st post.
I have been getting this message from my Avira Anti Virus for a the last days.

Virus or unwanted program 'TR/Trash.Gen [trojan]'
detected in file 'C:\System Volume Information\_restore{59D6C9FD-1AC5-4ADB-81D1-A8E79044010B}\RP10\A0000638.exe.

And I "deny access" or "delete file" every time.

But the point is that I started having a problems with the audio system 1 month and half or maybe more. For example no audio in any kind of form (system,youtube,etc) and I had to change the speakers Usb Port most of the times or reboot the PC 1 or 2 times. And some times my keyboard was locked and I had to change the usb port to get it working. But in the last weeks the sound is coming and going. Now is working fine

And from today there are folders showing (like a SLIDES ).One of them is THUMBS.DB on my desktop, and more inside different folders.

And before of this, in the last month I've bee having some virus

Virus or unwanted program 'HEUR/HTML.Malware [heuristic]' or

The file 'C:\System Volume Information\_restore{59D6C9FD-1AC5-4ADB-81D1-A8E79044010B}\RP97\A0015546.exe'
contained a virus or unwanted program 'TR/PCK.Tdss.Z.6418' [trojan]
Action(s) taken:
The file was moved to '4c6e34c4.qua'!

and few more if "an unwanted ...."Deny access" "Delete file".

OTL logfile created on: 08/08/2010 03:47:02 a.m. - Run 3
OTL by OldTimer - Version 3.2.9.0 Folder = C:\Archivos de programa\OTL
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00002C0A | Country: Argentina | Language: ESS | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 71,00% Memory free
5,00 Gb Paging File | 4,00 Gb Available in Paging File | 88,00% Paging File free
Paging file location(s): C:\pagefile.sys 3055 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Archivos de programa
Drive C: | 232,88 Gb Total Space | 42,60 Gb Free Space | 18,29% Space Free | Partition Type: NTFS
Drive D: | 2,61 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: COMMODORE
Current User Name: yo
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/07/30 02:52:13 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Archivos de programa\OTL\OTL.com
PRC - [2010/07/12 13:32:48 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Archivos de programa\Winamp\winampa.exe
PRC - [2010/07/06 08:57:00 | 000,720,704 | ---- | M] (TuneUp Software) -- C:\Archivos de programa\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
PRC - [2010/07/06 08:55:16 | 001,051,968 | ---- | M] (TuneUp Software) -- C:\Archivos de programa\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
PRC - [2010/05/14 11:44:46 | 000,248,552 | ---- | M] (Sun Microsystems, Inc.) -- C:\Archivos de programa\Archivos comunes\Java\Java Update\jusched.exe
PRC - [2009/07/21 12:34:33 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Archivos de programa\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/05/13 14:48:22 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Archivos de programa\Avira\AntiVir Desktop\sched.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Archivos de programa\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/03/02 11:08:47 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Archivos de programa\Avira\AntiVir Desktop\avgnt.exe
PRC - [2009/01/01 23:48:27 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Archivos de programa\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2008/04/14 06:48:58 | 001,036,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2003/06/19 22:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7DEBUG\MDM.EXE


========== Modules (SafeList) ==========

MOD - [2010/07/30 02:52:13 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Archivos de programa\OTL\OTL.com
MOD - [2008/04/14 06:47:12 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/07/23 12:24:04 | 000,435,008 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Archivos de programa\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2010/07/06 08:55:16 | 001,051,968 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Archivos de programa\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2010/07/06 08:52:04 | 000,030,016 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)
SRV - [2009/07/21 12:34:33 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Archivos de programa\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/05/13 14:48:22 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Archivos de programa\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2007/01/19 11:54:14 | 000,097,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Archivos de programa\MSN Messenger\usnsvc.exe -- (usnjsvc)
SRV - [2003/07/28 19:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Archivos de programa\Archivos comunes\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2003/06/19 22:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM)


========== Driver Services (SafeList) ==========

DRV - File not found [File_System | Boot | Stopped] -- C:\WINDOWS\System32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2010/08/03 12:49:02 | 000,016,608 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\gdrv.sys -- (gdrv)
DRV - [2010/01/25 19:00:36 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/10/14 05:24:44 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Archivos de programa\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2009/05/11 08:12:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/03/30 08:33:07 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2009/02/13 10:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Archivos de programa\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008/04/13 23:15:14 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) Controlador de audio USB (WDM)
DRV - [2008/04/13 21:06:06 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/02/14 06:04:06 | 004,676,096 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/01/03 11:10:16 | 000,105,856 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2007/08/24 00:22:56 | 005,776,928 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKLM\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Archivos de programa\Winamp Toolbar\winamptb.dll (AOL LLC.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Archivos de programa\Winamp Toolbar\winamptb.dll (AOL LLC.)
IE - HKCU\..\URLSearchHook: {9c905b42-976e-43c1-bc30-fc5937017909} - C:\Archivos de programa\shARES\tbshA0.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {c2ed826e-8903-4a9d-b0df-3a8fb8ea918a} - C:\Archivos de programa\Softonic_ES\tbSof1.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {d51d388b-f5dc-471a-a1ce-5e2d671091c0} - C:\Archivos de programa\Mininova-Vuze\tbMin0.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {f592709f-ff4a-4862-b659-4afabda56312} - C:\Archivos de programa\Mininova\tbMin1.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Winamp Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Mininova-Vuze Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query="
FF - prefs.js..browser.search.selectedEngine: "Winamp Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.gooofullsearch.com/"
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:3.4.3.105
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.0
FF - prefs.js..extensions.enabledItems: {181F4BBC-2453-40D2-B42C-3135E3B07C7B}:1.0.18
FF - prefs.js..extensions.enabledItems: {d51d388b-f5dc-471a-a1ce-5e2d671091c0}:2.0.4.1
FF - prefs.js..extensions.enabledItems: {9c905b42-976e-43c1-bc30-fc5937017909}:1.5.47.1
FF - prefs.js..extensions.enabledItems: {c2ed826e-8903-4a9d-b0df-3a8fb8ea918a}:2.5.6.0
FF - prefs.js..extensions.enabledItems: {0b38152b-1b20-484d-a11f-5e04a9b0661f}:5.6.12.1
FF - prefs.js..keyword.URL: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query="


FF - HKLM\software\mozilla\Mozilla Firefox 3.0.3\extensions\\Components: C:\Archivos de programa\Mozilla Firefox\components [2009/07/14 20:16:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.3\extensions\\Plugins: C:\Archivos de programa\Mozilla Firefox\plugins [2010/07/30 02:35:48 | 000,000,000 | ---D | M]

[2009/01/17 18:09:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\yo\Datos de programa\Mozilla\Extensions
[2010/07/17 19:16:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\yo\Datos de programa\Mozilla\Firefox\Profiles\pnydudbk.default\extensions
[2010/07/16 18:45:51 | 000,000,000 | ---D | M] (Winamp Toolbar) -- C:\Documents and Settings\yo\Datos de programa\Mozilla\Firefox\Profiles\pnydudbk.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
[2010/06/20 03:09:47 | 000,000,000 | ---D | M] (Free software Gooofull toolbar) -- C:\Documents and Settings\yo\Datos de programa\Mozilla\Firefox\Profiles\pnydudbk.default\extensions\{181F4BBC-2453-40D2-B42C-3135E3B07C7B}
[2010/02/04 15:52:54 | 000,000,000 | ---D | M] (Softonic ES Toolbar) -- C:\Documents and Settings\yo\Datos de programa\Mozilla\Firefox\Profiles\pnydudbk.default\extensions\{c2ed826e-8903-4a9d-b0df-3a8fb8ea918a}
[2010/05/05 16:58:18 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\yo\Datos de programa\Mozilla\Firefox\Profiles\pnydudbk.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/07/27 19:31:24 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\yo\Datos de programa\Mozilla\Firefox\Profiles\pnydudbk.default\extensions\{d51d388b-f5dc-471a-a1ce-5e2d671091c0}
[2010/07/17 19:15:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\yo\Datos de programa\Mozilla\Firefox\Profiles\pnydudbk.default\extensions\toolbar@ask.com
[2009/09/21 17:54:38 | 000,000,888 | ---- | M] () -- C:\Documents and Settings\yo\Datos de programa\Mozilla\Firefox\Profiles\pnydudbk.default\searchplugins\conduit.xml
[2010/07/17 19:16:24 | 000,001,196 | ---- | M] () -- C:\Documents and Settings\yo\Datos de programa\Mozilla\Firefox\Profiles\pnydudbk.default\searchplugins\winamp-search.xml
[2010/07/30 02:12:24 | 000,000,000 | ---D | M] -- C:\Archivos de programa\Mozilla Firefox\extensions
[2009/04/28 15:41:20 | 000,000,000 | ---D | M] (shARES Toolbar) -- C:\Archivos de programa\Mozilla Firefox\extensions\{9c905b42-976e-43c1-bc30-fc5937017909}
[2010/07/30 02:12:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Archivos de programa\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/07/30 02:11:55 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Archivos de programa\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/05/25 13:09:48 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Archivos de programa\Mozilla Firefox\plugins\npwachk.dll
[2006/12/08 20:53:48 | 000,003,996 | ---- | M] () -- C:\Archivos de programa\Mozilla Firefox\searchplugins\drae.xml
[2006/12/08 20:53:48 | 000,001,048 | ---- | M] () -- C:\Archivos de programa\Mozilla Firefox\searchplugins\eBay-es.xml
[2010/06/20 03:09:49 | 000,001,836 | ---- | M] () -- C:\Archivos de programa\Mozilla Firefox\searchplugins\Goofullsearch.xml
[2008/03/12 20:27:40 | 000,001,178 | ---- | M] () -- C:\Archivos de programa\Mozilla Firefox\searchplugins\wikipedia-es.xml
[2006/12/08 20:53:48 | 000,000,798 | ---- | M] () -- C:\Archivos de programa\Mozilla Firefox\searchplugins\yahoo-es.xml

O1 HOSTS File: ([2001/08/24 07:00:00 | 000,000,792 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Archivos de programa\Archivos comunes\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Archivos de programa\Winamp Toolbar\winamptb.dll (AOL LLC.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Archivos de programa\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (shARES Toolbar) - {9c905b42-976e-43c1-bc30-fc5937017909} - C:\Archivos de programa\shARES\tbshA0.dll (Conduit Ltd.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Archivos de programa\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Archivos de programa\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O2 - BHO: (Softonic ES Toolbar) - {c2ed826e-8903-4a9d-b0df-3a8fb8ea918a} - C:\Archivos de programa\Softonic_ES\tbSof1.dll (Conduit Ltd.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Archivos de programa\Ask.com\GenericAskToolbar.dll (Ask.com)
O2 - BHO: (Mininova-Vuze Toolbar) - {d51d388b-f5dc-471a-a1ce-5e2d671091c0} - C:\Archivos de programa\Mininova-Vuze\tbMin0.dll (Conduit Ltd.)
O2 - BHO: (Mininova Toolbar) - {f592709f-ff4a-4862-b659-4afabda56312} - C:\Archivos de programa\Mininova\tbMin1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Archivos de programa\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (shARES Toolbar) - {9c905b42-976e-43c1-bc30-fc5937017909} - C:\Archivos de programa\shARES\tbshA0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Softonic ES Toolbar) - {c2ed826e-8903-4a9d-b0df-3a8fb8ea918a} - C:\Archivos de programa\Softonic_ES\tbSof1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Archivos de programa\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Mininova-Vuze Toolbar) - {d51d388b-f5dc-471a-a1ce-5e2d671091c0} - C:\Archivos de programa\Mininova-Vuze\tbMin0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Archivos de programa\Winamp Toolbar\winamptb.dll (AOL LLC.)
O3 - HKLM\..\Toolbar: (Mininova Toolbar) - {f592709f-ff4a-4862-b659-4afabda56312} - C:\Archivos de programa\Mininova\tbMin1.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Archivos de programa\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (shARES Toolbar) - {9C905B42-976E-43C1-BC30-FC5937017909} - C:\Archivos de programa\shARES\tbshA0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Softonic ES Toolbar) - {C2ED826E-8903-4A9D-B0DF-3A8FB8EA918A} - C:\Archivos de programa\Softonic_ES\tbSof1.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Archivos de programa\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Mininova-Vuze Toolbar) - {D51D388B-F5DC-471A-A1CE-5E2D671091C0} - C:\Archivos de programa\Mininova-Vuze\tbMin0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Archivos de programa\Winamp Toolbar\winamptb.dll (AOL LLC.)
O3 - HKCU\..\Toolbar\WebBrowser: (Mininova Toolbar) - {F592709F-FF4A-4862-B659-4AFABDA56312} - C:\Archivos de programa\Mininova\tbMin1.dll (Conduit Ltd.)
O4 - HKLM..\Run: [Adobe ARM] C:\Archivos de programa\Archivos comunes\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avgnt] C:\Archivos de programa\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Archivos de programa\Archivos comunes\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Archivos de programa\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Archivos de programa\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [swg] C:\Archivos de programa\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [uTorrent] C:\Archivos de programa\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Datos de programa\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: Google Sidewiki... - C:\Archivos de programa\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Archivos de programa\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} [You must be registered and logged in to see this link.] (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_21)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_21)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 200.49.130.20 200.49.130.21 200.49.130.32 172.20.2.23
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Archivos de programa\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Archivos de programa\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O24 - Desktop Components:0 (Mi página de inicio actual) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Felicidad.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Felicidad.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/12/09 10:52:10 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: UxTuneUp - C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software)
NetSvcs: WmdmPmSp - File not found


SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Generación de gráficos vectoriales (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Enlace dinámico de datos HTML para Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Autoría avanzada
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - Clases Java DirectAnimation
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Carpetas Web
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Programador de tareas
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corp.)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.ffds - C:\Archivos de programa\Combined Community Codec Pack\Filters\FFDShow\ff_vfw.dll ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (56027131116781568)

========== Files/Folders - Created Within 30 Days ==========

[2010/08/06 16:48:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2010/08/06 04:09:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\yo\Datos de programa\Youtube Downloader HD
[2010/08/06 04:09:34 | 000,000,000 | ---D | C] -- C:\Archivos de programa\Youtube Downloader HD
[2010/08/06 04:08:12 | 003,513,989 | ---- | C] (YoutubeDownloaderHD.com ) -- C:\Archivos de programa\youtube_downloader_hd_setup.exe
[2010/08/02 13:01:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\yo\Datos de programa\Malwarebytes
[2010/08/02 13:00:52 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/08/02 13:00:51 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/08/02 13:00:51 | 000,000,000 | ---D | C] -- C:\Archivos de programa\Malwarebytes' Anti-Malware
[2010/08/02 13:00:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Datos de programa\Malwarebytes
[2010/08/02 12:08:57 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\yo\Recent
[2010/07/31 05:11:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Datos de programa\Spybot - Search & Destroy
[2010/07/31 05:11:58 | 000,000,000 | ---D | C] -- C:\Archivos de programa\Spybot - Search & Destroy
[2010/07/30 15:22:53 | 000,000,000 | ---D | C] -- C:\Archivos de programa\OTL
[2010/07/30 02:35:13 | 000,000,000 | ---D | C] -- C:\Archivos de programa\Archivos comunes\Adobe
[2010/07/30 02:35:13 | 000,000,000 | ---D | C] -- C:\Archivos de programa\Adobe
[2010/07/30 02:14:55 | 000,000,000 | ---D | C] -- C:\Archivos de programa\JavaRa
[2010/07/30 02:13:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Datos de programa\Sun
[2010/07/30 02:12:59 | 000,000,000 | ---D | C] -- C:\Archivos de programa\Archivos comunes\Java
[2010/07/30 02:12:07 | 000,423,656 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/07/30 02:12:07 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/07/30 02:12:07 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/07/30 02:12:07 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/07/30 02:12:07 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/07/30 02:11:53 | 000,000,000 | ---D | C] -- C:\Archivos de programa\Java
[2010/07/30 02:11:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\yo\Datos de programa\Sun
[2010/07/30 02:00:06 | 016,062,240 | ---- | C] (Sun Microsystems, Inc.) -- C:\Documents and Settings\yo\Escritorio\jre-6u21-windows-i586.exe
[2010/07/25 01:51:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\yo\Escritorio\Discos
[2010/07/17 20:11:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\yo\Configuración local\Datos de programa\Sunbelt Software
[2010/07/17 20:00:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2010/07/17 19:16:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Datos de programa\WidgetServer
[2010/07/17 02:46:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Datos de programa\Macromedia
[2010/07/16 19:03:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\yo\Configuración local\Datos de programa\Winamp Toolbar
[2010/07/16 18:45:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Datos de programa\Winamp Toolbar
[2010/07/16 18:45:47 | 000,000,000 | ---D | C] -- C:\Archivos de programa\Winamp Toolbar
[2010/07/15 15:11:06 | 000,018,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2010/07/15 15:10:57 | 000,000,000 | ---D | C] -- C:\Archivos de programa\Windows Media Connect 2
[2010/07/15 15:10:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF
[2010/07/15 15:10:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2010/07/14 19:43:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\yo\Datos de programa\vlc
[2010/07/14 19:41:58 | 000,000,000 | ---D | C] -- C:\Archivos de programa\VLC
[2010/07/14 16:49:31 | 000,000,000 | ---D | C] -- C:\Archivos de programa\RealArcade
[2010/07/14 15:47:03 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe
[2010/07/13 00:56:48 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/08/08 03:42:47 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/08/08 03:27:00 | 000,001,038 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/08/08 03:01:00 | 000,000,242 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2010/08/08 01:55:24 | 008,650,752 | -H-- | M] () -- C:\Documents and Settings\yo\NTUSER.DAT
[2010/08/08 01:02:34 | 000,000,268 | -H-- | M] () -- C:\sqmdata07.sqm
[2010/08/08 01:02:34 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2010/08/08 01:00:13 | 000,001,034 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/08/08 01:00:13 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/08 01:00:11 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/08/07 16:17:27 | 000,171,008 | ---- | M] () -- C:\Documents and Settings\yo\Configuración local\Datos de programa\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/07 16:16:05 | 000,000,671 | ---- | M] () -- C:\Documents and Settings\yo\Datos de programa\vso_ts_preview.xml
[2010/08/07 01:09:26 | 000,000,268 | -H-- | M] () -- C:\sqmdata06.sqm
[2010/08/07 01:09:26 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2010/08/07 01:06:29 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/08/07 01:05:35 | 000,000,192 | -HS- | M] () -- C:\Documents and Settings\yo\ntuser.ini
[2010/08/06 04:35:34 | 010,014,027 | ---- | M] () -- C:\Documents and Settings\yo\Mis documentos\Mama Waits-Bryan Scary and the Shredding Tears.mp4
[2010/08/06 04:30:24 | 006,445,976 | ---- | M] () -- C:\Documents and Settings\yo\Mis documentos\Zero Light by Bryan Scary and the Shedding Tears_(480p).avi.mp3
[2010/08/06 04:21:10 | 010,299,006 | ---- | M] () -- C:\Documents and Settings\yo\Mis documentos\Zero Light by Bryan Scary and the Shedding Tears_(480p).avi
[2010/08/06 04:09:35 | 000,000,785 | ---- | M] () -- C:\Documents and Settings\yo\Escritorio\Youtube Downloader HD.lnk
[2010/08/06 04:08:12 | 003,513,989 | ---- | M] (YoutubeDownloaderHD.com ) -- C:\Archivos de programa\youtube_downloader_hd_setup.exe
[2010/08/05 00:44:23 | 000,000,633 | ---- | M] () -- C:\Documents and Settings\yo\Escritorio\Acceso directo a Burrrn.lnk
[2010/08/03 13:12:45 | 000,000,268 | -H-- | M] () -- C:\sqmdata05.sqm
[2010/08/03 13:12:45 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2010/08/03 12:49:02 | 000,016,608 | ---- | M] (Windows (R) 2000 DDK provider) -- C:\WINDOWS\gdrv.sys
[2010/08/03 03:07:30 | 000,000,268 | -H-- | M] () -- C:\sqmdata04.sqm
[2010/08/03 03:07:30 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2010/08/03 03:01:54 | 004,312,768 | -H-- | M] () -- C:\Documents and Settings\yo\Configuración local\Datos de programa\IconCache.db
[2010/08/03 01:00:01 | 000,000,268 | -H-- | M] () -- C:\sqmdata03.sqm
[2010/08/03 01:00:01 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2010/08/02 19:48:10 | 000,000,268 | -H-- | M] () -- C:\sqmdata02.sqm
[2010/08/02 19:48:10 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2010/08/02 13:00:55 | 000,000,731 | ---- | M] () -- C:\Documents and Settings\All Users\Escritorio\Malwarebytes' Anti-Malware.lnk
[2010/07/31 05:12:01 | 000,000,982 | ---- | M] () -- C:\Documents and Settings\yo\Escritorio\Spybot - Search & Destroy.lnk
[2010/07/31 04:24:49 | 000,000,268 | -H-- | M] () -- C:\sqmdata01.sqm
[2010/07/31 04:24:49 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2010/07/30 02:35:48 | 000,001,764 | ---- | M] () -- C:\Documents and Settings\All Users\Escritorio\Adobe Reader 9.lnk
[2010/07/30 02:11:55 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/07/30 02:11:55 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/07/30 02:11:55 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/07/30 02:11:55 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/07/30 02:11:55 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/07/30 02:00:06 | 016,062,240 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\yo\Escritorio\jre-6u21-windows-i586.exe
[2010/07/30 01:09:40 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
[2010/07/30 01:09:40 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2010/07/29 17:44:48 | 000,000,268 | -H-- | M] () -- C:\sqmdata19.sqm
[2010/07/29 17:44:48 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm
[2010/07/28 05:29:08 | 000,001,876 | ---- | M] () -- C:\Documents and Settings\All Users\Escritorio\Google Chrome.lnk
[2010/07/27 18:57:29 | 000,000,268 | -H-- | M] () -- C:\sqmdata18.sqm
[2010/07/27 18:57:29 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm
[2010/07/27 14:38:02 | 000,000,731 | ---- | M] () -- C:\Documents and Settings\yo\Escritorio\CCleaner.lnk
[2010/07/27 03:29:55 | 008,504,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shell32.dll
[2010/07/23 12:24:03 | 000,001,794 | ---- | M] () -- C:\Documents and Settings\All Users\Escritorio\TuneUp 1-Click Maintenance.lnk
[2010/07/23 12:24:03 | 000,001,792 | ---- | M] () -- C:\Documents and Settings\All Users\Escritorio\TuneUp Utilities.lnk
[2010/07/17 23:32:59 | 000,000,703 | ---- | M] () -- C:\Documents and Settings\All Users\Escritorio\Winamp.lnk
[2010/07/17 22:18:39 | 000,000,268 | -H-- | M] () -- C:\sqmdata17.sqm
[2010/07/17 22:18:39 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm
[2010/07/17 20:19:44 | 000,000,268 | -H-- | M] () -- C:\sqmdata16.sqm
[2010/07/17 20:19:44 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
[2010/07/17 20:05:01 | 000,000,268 | -H-- | M] () -- C:\sqmdata15.sqm
[2010/07/17 20:05:01 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
[2010/07/17 09:10:19 | 000,000,268 | -H-- | M] () -- C:\sqmdata14.sqm
[2010/07/17 09:10:19 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
[2010/07/16 02:23:20 | 000,772,234 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/07/16 02:23:20 | 000,362,564 | ---- | M] () -- C:\WINDOWS\System32\perfh00A.dat
[2010/07/16 02:23:20 | 000,311,740 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/07/16 02:23:20 | 000,051,286 | ---- | M] () -- C:\WINDOWS\System32\perfc00A.dat
[2010/07/16 02:23:20 | 000,040,128 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/07/16 02:22:06 | 000,000,268 | -H-- | M] () -- C:\sqmdata13.sqm
[2010/07/16 02:22:06 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2010/07/15 15:42:43 | 000,000,268 | -H-- | M] () -- C:\sqmdata12.sqm
[2010/07/15 15:42:43 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2010/07/15 15:41:42 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/07/15 15:41:42 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/07/15 15:11:00 | 000,000,603 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/07/15 15:10:31 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2010/07/15 15:10:05 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2010/07/14 19:42:30 | 000,000,659 | ---- | M] () -- C:\Documents and Settings\All Users\Escritorio\VLC media player.lnk
[2010/07/14 17:02:12 | 000,056,832 | ---- | M] () -- C:\Documents and Settings\yo\Mis documentos\CV - Sebastián DE RIZ - Luis.doc
[2010/07/14 17:02:12 | 000,056,832 | ---- | M] () -- C:\Documents and Settings\yo\Escritorio\Curriculum Vitae.doc
[2010/07/13 19:30:56 | 000,000,268 | -H-- | M] () -- C:\sqmdata11.sqm
[2010/07/13 19:30:56 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2010/07/12 17:27:03 | 000,003,299 | ---- | M] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp m4a Codec.dat
[2010/07/12 17:26:43 | 000,033,846 | ---- | M] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp m4a Codec.bmp
[2010/07/12 17:26:27 | 000,869,608 | ---- | M] () -- C:\WINDOWS\System32\SpoonUninstall.exe
[2010/07/11 18:40:50 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2010/07/11 18:40:50 | 000,000,232 | -H-- | M] () -- C:\sqmdata10.sqm
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/08/06 04:33:44 | 010,014,027 | ---- | C] () -- C:\Documents and Settings\yo\Mis documentos\Mama Waits-Bryan Scary and the Shredding Tears.mp4
[2010/08/06 04:30:09 | 006,445,976 | ---- | C] () -- C:\Documents and Settings\yo\Mis documentos\Zero Light by Bryan Scary and the Shedding Tears_(480p).avi.mp3
[2010/08/06 04:20:33 | 010,299,006 | ---- | C] () -- C:\Documents and Settings\yo\Mis documentos\Zero Light by Bryan Scary and the Shedding Tears_(480p).avi
[2010/08/06 04:09:35 | 000,000,785 | ---- | C] () -- C:\Documents and Settings\yo\Escritorio\Youtube Downloader HD.lnk
[2010/08/05 00:44:23 | 000,000,633 | ---- | C] () -- C:\Documents and Settings\yo\Escritorio\Acceso directo a Burrrn.lnk
[2010/08/02 13:00:55 | 000,000,731 | ---- | C] () -- C:\Documents and Settings\All Users\Escritorio\Malwarebytes' Anti-Malware.lnk
[2010/07/31 05:12:01 | 000,000,982 | ---- | C] () -- C:\Documents and Settings\yo\Escritorio\Spybot - Search & Destroy.lnk
[2010/07/30 02:35:48 | 000,001,764 | ---- | C] () -- C:\Documents and Settings\All Users\Escritorio\Adobe Reader 9.lnk
[2010/07/27 14:38:01 | 000,000,731 | ---- | C] () -- C:\Documents and Settings\yo\Escritorio\CCleaner.lnk
[2010/07/15 15:10:05 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2010/07/14 19:42:30 | 000,000,659 | ---- | C] () -- C:\Documents and Settings\All Users\Escritorio\VLC media player.lnk
[2010/07/14 17:06:18 | 000,056,832 | ---- | C] () -- C:\Documents and Settings\yo\Escritorio\Curriculum Vitae.doc
[2010/07/12 17:27:03 | 000,033,846 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp m4a Codec.bmp
[2010/07/12 17:27:03 | 000,003,299 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp m4a Codec.dat
[2008/12/09 11:28:41 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/12/09 11:08:14 | 000,000,379 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/12/09 10:59:55 | 000,147,456 | R--- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4864.dll
[2003/04/11 12:14:14 | 000,005,827 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== Custom Scans ==========


< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2010/05/04 14:16:49 | 000,347,136 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2010/05/04 14:16:49 | 000,214,528 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\*.exe /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2008/12/09 18:42:10 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2008/12/09 18:42:10 | 000,667,648 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2008/12/09 18:42:10 | 000,491,520 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\*.sys >
[2001/08/24 07:00:00 | 000,009,035 | ---- | M] () -- C:\WINDOWS\system32\ansi.sys
[2001/08/24 07:00:00 | 000,027,097 | ---- | M] () -- C:\WINDOWS\system32\country.sys
[2001/08/24 07:00:00 | 000,004,960 | ---- | M] () -- C:\WINDOWS\system32\himem.sys
[2001/08/24 07:00:00 | 000,042,809 | ---- | M] () -- C:\WINDOWS\system32\key01.sys
[2004/08/03 17:46:56 | 000,042,537 | ---- | M] () -- C:\WINDOWS\system32\keyboard.sys
[2001/08/24 07:00:00 | 000,027,900 | ---- | M] () -- C:\WINDOWS\system32\ntdos.sys
[2001/08/24 07:00:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos404.sys
[2001/08/24 07:00:00 | 000,029,370 | ---- | M] () -- C:\WINDOWS\system32\ntdos411.sys
[2001/08/24 07:00:00 | 000,029,274 | ---- | M] () -- C:\WINDOWS\system32\ntdos412.sys
[2001/08/24 07:00:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos804.sys
[2004/08/03 17:45:24 | 000,034,016 | ---- | M] () -- C:\WINDOWS\system32\ntio.sys
[2004/08/03 17:45:16 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio404.sys
[2004/08/03 17:45:12 | 000,035,648 | ---- | M] () -- C:\WINDOWS\system32\ntio411.sys
[2004/08/03 17:45:16 | 000,035,424 | ---- | M] () -- C:\WINDOWS\system32\ntio412.sys
[2004/08/03 17:45:14 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio804.sys
[2008/04/13 23:15:00 | 000,017,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\watchdog.sys
[2010/05/02 05:07:58 | 001,851,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\win32k.sys
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\drivers\*.dll >
[2008/04/14 06:48:20 | 000,004,255 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv01nt5.dll
[2008/04/14 06:48:20 | 000,003,967 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv02nt5.dll
[2008/04/14 06:48:20 | 000,003,615 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv05nt5.dll
[2008/04/14 06:48:20 | 000,003,647 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv07nt5.dll
[2008/04/14 06:48:20 | 000,003,135 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv08nt5.dll
[2008/04/14 06:48:20 | 000,003,711 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv09nt5.dll
[2008/04/14 06:48:20 | 000,003,775 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv11nt5.dll
[2008/04/14 06:48:20 | 000,021,183 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv01nt5.dll
[2008/04/14 06:48:20 | 000,011,359 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv02nt5.dll
[2008/04/14 06:48:20 | 000,025,471 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv04nt5.dll
[2008/04/14 06:48:20 | 000,014,143 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv06nt5.dll
[2008/04/14 06:48:20 | 000,017,279 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv10nt5.dll
[2008/04/14 06:48:22 | 000,015,423 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\ch7xxnt5.dll
[2008/04/14 06:48:38 | 000,003,901 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\siint5.dll
[2008/04/14 06:48:46 | 000,011,325 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\vchnt5.dll

< %systemroot%\system32\drivers\*.ini >

< %systemroot%\system32\drivers\*.exe >

< %SYSTEMDRIVE%\*.* >
[2010/07/30 01:08:40 | 000,009,161 | ---- | M] () -- C:\aaw7boot.log
[2008/12/09 10:52:10 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2008/12/09 10:48:20 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2001/08/24 07:00:00 | 000,004,952 | RHS- | M] () -- C:\Bootfont.bin
[2010/06/27 21:49:09 | 000,000,000 | ---- | M] () -- C:\cdrdao
[2008/12/09 10:52:10 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2008/12/09 11:02:16 | 000,000,043 | ---- | M] () -- C:\csb.log
[2008/12/09 10:52:10 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/07/30 02:16:57 | 000,006,079 | ---- | M] () -- C:\JavaRa.log
[2008/12/09 10:52:10 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/03 17:38:34 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/12/09 11:19:40 | 000,251,168 | RHS- | M] () -- C:\ntldr
[2004/02/29 12:44:34 | 000,052,576 | ---- | M] () -- C:\orange.bmp
[2010/08/08 01:00:09 | 3203,399,680 | -HS- | M] () -- C:\pagefile.sys
[2008/12/09 11:00:49 | 000,000,436 | ---- | M] () -- C:\RHDSetup.log
[2010/07/30 01:09:40 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
[2010/07/31 04:24:49 | 000,000,268 | -H-- | M] () -- C:\sqmdata01.sqm
[2010/08/02 19:48:10 | 000,000,268 | -H-- | M] () -- C:\sqmdata02.sqm
[2010/08/03 01:00:01 | 000,000,268 | -H-- | M] () -- C:\sqmdata03.sqm
[2010/08/03 03:07:30 | 000,000,268 | -H-- | M] () -- C:\sqmdata04.sqm
[2010/08/03 13:12:45 | 000,000,268 | -H-- | M] () -- C:\sqmdata05.sqm
[2010/08/07 01:09:26 | 000,000,268 | -H-- | M] () -- C:\sqmdata06.sqm
[2010/08/08 01:02:34 | 000,000,268 | -H-- | M] () -- C:\sqmdata07.sqm
[2010/07/06 21:46:26 | 000,000,268 | -H-- | M] () -- C:\sqmdata08.sqm
[2010/07/07 16:24:02 | 000,000,268 | -H-- | M] () -- C:\sqmdata09.sqm
[2010/07/11 18:40:50 | 000,000,232 | -H-- | M] () -- C:\sqmdata10.sqm
[2010/07/13 19:30:56 | 000,000,268 | -H-- | M] () -- C:\sqmdata11.sqm
[2010/07/15 15:42:43 | 000,000,268 | -H-- | M] () -- C:\sqmdata12.sqm
[2010/07/16 02:22:06 | 000,000,268 | -H-- | M] () -- C:\sqmdata13.sqm
[2010/07/17 09:10:19 | 000,000,268 | -H-- | M] () -- C:\sqmdata14.sqm
[2010/07/17 20:05:01 | 000,000,268 | -H-- | M] () -- C:\sqmdata15.sqm
[2010/07/17 20:19:44 | 000,000,268 | -H-- | M] () -- C:\sqmdata16.sqm
[2010/07/17 22:18:39 | 000,000,268 | -H-- | M] () -- C:\sqmdata17.sqm
[2010/07/27 18:57:29 | 000,000,268 | -H-- | M] () -- C:\sqmdata18.sqm
[2010/07/29 17:44:48 | 000,000,268 | -H-- | M] () -- C:\sqmdata19.sqm
[2010/07/30 01:09:40 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2010/07/31 04:24:49 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2010/08/02 19:48:10 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2010/08/03 01:00:01 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2010/08/03 03:07:30 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2010/08/03 13:12:45 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2010/08/07 01:09:26 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2010/08/08 01:02:34 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2010/07/06 21:46:26 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2010/07/07 16:24:02 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2010/07/11 18:40:50 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2010/07/13 19:30:56 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2010/07/15 15:42:43 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2010/07/16 02:22:06 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2010/07/17 09:10:19 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
[2010/07/17 20:05:01 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
[2010/07/17 20:19:44 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
[2010/07/17 22:18:39 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm
[2010/07/27 18:57:29 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm
[2010/07/29 17:44:48 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm

< %PROGRAMFILES%\*. >
[2010/07/30 02:35:13 | 000,000,000 | ---D | M] -- C:\Archivos de programa\Adobe
[2010/07/30 02:35:13 | 000,000,000 | ---D | M] -- C:\Archivos de programa\Archivos comunes
[2010/08/02 18:26:26 | 000,000,000 | ---D | M] -- C:\Archivos de programa\Ares
[2010/06/02 20:01:19 | 000,000,000 | ---D | M] -- C:\Archivos de programa\Ask.com
[2010/08/02 18:30:55 | 000,000,000 | ---D | M] -- C:\Archivos de programa\Avira
[2010/08/05 00:44:50 | 000,000,000 | ---D | M] -- C:\Archivos de programa\Burrrn
[2010/06/28 00:25:10 | 000,000,000 | ---D | M] -- C:\Archivos de programa\burrrn_1.13
[2010/08/02 18:53:59 | 000,000,000 | ---D | M] -- C:\Archivos de programa\CCleaner
[2008/12/09 11:08:25 | 000,000,000 | ---D | M] -- C:\Archivos de programa\Combined Community Codec Pack
[2008/12/09 10:49:56 | 000,000,000 | ---D | M] -- C:\Archivos de programa\ComPlus Applications
[2009/05/06 02:51:28 | 000,000,000 | ---D | M] -- C:\Archivos de programa\Conduit
[2010/06/20 01:50:59 | 000,000,000 | ---D | M] -- C:\Archivos de programa\cuesplitter_setup
[2010/08/02 18:27:07 | 000,000,000 | ---D | M] -- C:\Archivos de programa\eMule
[2010/08/02 18:50:24 | 000,000,000 | ---D | M] -- C:\Archivos de programa\EVEREST Ultimate Edition
[2010/08/02 18:49:20 | 000,000,000 | ---D | M] -- C:\Archivos de programa\foobar2000
[2010/05/03 12:48:24 | 000,000,000 | ---D | M] -- C:\Archivos de programa\Google
[2010/08/02 18:44:15 | 000,000,000 | ---D | M] -- C:\Archivos de programa\Illustrate
[2008/12/09 11:02:03 | 000,000,000 | -H-D | M] -- C:\Archivos de programa\InstallShield Installation Information
[2008/12/09 10:58:09 | 000,000,000 | ---D | M] -- C:\Archivos de programa\Intel
[2010/06/10 18:45:32 | 000,000,000 | ---D | M] -- C:\Archivos de programa\Internet Explorer
[2010/07/30 02:11:53 | 000,000,000 | ---D | M] -- C:\Archivos de programa\Java
[2010/07/30 02:14:56 | 000,000,000 | ---D | M] -- C:\Archivos de programa\JavaRa
[2010/08/02 18:28:21 | 000,000,000 | ---D | M] -- C:\Archivos de programa\Last.fm
[2010/08/02 18:18:15 | 000,000,000 | ---D | M] -- C:\Archivos de programa\Malwarebytes' Anti-Malware
[2010/06/20 01:51:29 | 000,000,000 | ---D | M] -- C:\Archivos de programa\Medieval Software
[2008/12/26 17:39:36 | 000,000,000 | ---D | M] -- C:\Archivos de programa\Messenger
[2008/12/09 10:52:25 | 000,000,000 | ---D | M] -- C:\Archivos de programa\microsoft frontpage
[2010/01/01 17:54:08 | 000,000,000 | ---D | M] -- C:\Archivos de programa\Microsoft Multimedia
[2008/12/09 11:07:39 | 000,000,000 | ---D | M] -- C:\Archivos de programa\Microsoft Office
[2008/12/09 11:07:35 | 000,000,000 | ---D | M] -- C:\Archivos de programa\Microsoft Visual Studio
[2008/12/09 11:07:37 | 000,000,000 | ---D | M] -- C:\Archivos de programa\Microsoft Works
[2008/12/09 11:07:50 | 000,000,000 | ---D | M] -- C:\Archivos de programa\Microsoft.NET
[2010/02/19 15:33:12 | 000,000,000 | ---D | M] -- C:\Archivos de programa\Mininova
[2010/05/03 13:21:56 | 000,000,000 | ---D | M] -- C:\Archivos de programa\Mininova-Vuze
[2010/08/02 19:01:06 | 000,000,000 | ---D | M] -- C:\Archivos de programa\Monkey's Audio
[2010/03/31 13:16:51 | 000,000,000 | ---D | M] -- C:\Archivos de programa\Movie Maker
[2010/07/17 19:16:16 | 000,000,000 | ---D | M] -- C:\Archivos de programa\Mozilla Firefox
[2008/12/09 10:49:14 | 000,000,000 | ---D | M] -- C:\Archivos de programa\MSN
[2008/12/09 10:49:38 | 000,000,000 | ---D | M] -- C:\Archivos de programa\MSN Gaming Zone
[2009/10/19 20:23:22 | 000,000,000 | ---D | M] -- C:\Archivos de programa\MSN Messenger
[2008/12/09 11:09:31 | 000,000,000 | ---D | M] -- C:\Archivos de programa\Nero
[2008/12/09 11:20:48 | 000,000,000 | ---D | M] -- C:\Archivos de programa\NetMeeting
[2009/09/17 20:12:14 | 000,000,000 | ---D | M] -- C:\Archivos de programa\nTorrent-bin-0.5-win
[2008/12/09 10:49:46 | 000,000,000 | ---D | M] -- C:\Archivos de programa\Online Services
[2010/08/08 03:43:27 | 000,000,000 | ---D | M] -- C:\Archivos de programa\OTL
[2010/06/05 00:49:11 | 000,000,000 | ---D | M] -- C:\Archivos de programa\Outlook Express
[2009/11/19 19:05:04 | 000,000,000 | ---D | M] -- C:\Archivos de programa\Real
[2008/12/09 11:16:42 | 000,000,000 | ---D | M] -- C:\Archivos de programa\Real Alternative
[2010/07/14 17:11:21 | 000,000,000 | ---D | M] -- C:\Archivos de programa\RealArcade
[2008/12/09 11:02:03 | 000,000,000 | ---D | M] -- C:\Archivos de programa\Realtek
[2010/08/02 18:31:13 | 000,000,000 | ---D | M] -- C:\Archivos de programa\RemoveWGA_Victorxxx
[2008/12/09 10:51:18 | 000,000,000 | ---D | M] -- C:\Archivos de programa\Servicios en línea
[2010/01/06 17:40:46 | 000,000,000 | ---D | M] -- C:\Archivos de programa\shARES
[2010/05/10 14:39:04 | 000,000,000 | ---D | M] -- C:\Archivos de programa\Softonic_ES
[2010/08/02 18:56:29 | 000,000,000 | ---D | M] -- C:\Archivos de programa\Spybot - Search & Destroy
[2010/08/02 18:22:03 | 000,000,000 | ---D | M] -- C:\Archivos de programa\TotalAudioConverter
[2010/05/03 12:15:22 | 000,000,000 | ---D | M] -- C:\Archivos de programa\TU.U.10
[2010/07/23 12:24:14 | 000,000,000 | ---D | M] -- C:\Archivos de programa\TuneUp Utilities 2010
[2008/12/09 10:55:12 | 000,000,000 | -H-D | M] -- C:\Archivos de programa\Uninstall Information
[2009/07/15 12:48:57 | 000,000,000 | ---D | M] -- C:\Archivos de programa\uTorrent
[2010/07/30 02:32:44 | 000,000,000 | ---D | M] -- C:\Archivos de programa\VDOWNLOADER
[2010/08/02 18:25:47 | 000,000,000 | ---D | M] -- C:\Archivos de programa\VirtualDub-1.9.8
[2010/08/02 18:51:26 | 000,000,000 | ---D | M] -- C:\Archivos de programa\VLC
[2010/08/02 18:29:16 | 000,000,000 | ---D | M] -- C:\Archivos de programa\VSO
[2010/08/02 18:33:00 | 000,000,000 | ---D | M] -- C:\Archivos de programa\Winamp
[2010/07/16 18:45:51 | 000,000,000 | ---D | M] -- C:\Archivos de programa\Winamp Detect
[2010/07/16 18:45:48 | 000,000,000 | ---D | M] -- C:\Archivos de programa\Winamp Toolbar
[2010/07/15 15:10:57 | 000,000,000 | ---D | M] -- C:\Archivos de programa\Windows Media Connect 2
[2010/07/15 15:10:56 | 000,000,000 | ---D | M] -- C:\Archivos de programa\Windows Media Player
[2008/12/09 11:20:46 | 000,000,000 | ---D | M] -- C:\Archivos de programa\Windows NT
[2008/12/09 10:51:21 | 000,000,000 | -H-D | M] -- C:\Archivos de programa\WindowsUpdate
[2010/08/02 19:14:54 | 000,000,000 | ---D | M] -- C:\Archivos de programa\WinRAR
[2010/06/04 21:50:51 | 000,000,000 | ---D | M] -- C:\Archivos de programa\WXP
[2008/12/09 10:52:25 | 000,000,000 | ---D | M] -- C:\Archivos de programa\xerox
[2010/06/04 19:44:43 | 000,000,000 | ---D | M] -- C:\Archivos de programa\Xp SP3
[2010/08/06 04:09:35 | 000,000,000 | ---D | M] -- C:\Archivos de programa\Youtube Downloader HD

< %appdata%\*.* >
[2008/12/09 17:43:33 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\yo\Datos de programa\desktop.ini
[2010/04/06 16:18:25 | 000,081,920 | ---- | M] () -- C:\Documents and Settings\yo\Datos de programa\ezpinst.exe
[2010/02/03 14:36:34 | 000,087,608 | ---- | M] () -- C:\Documents and Settings\yo\Datos de programa\inst.exe
[2010/04/06 16:18:25 | 000,007,176 | ---- | M] () -- C:\Documents and Settings\yo\Datos de programa\pcouffin.cat
[2010/04/06 16:18:25 | 000,001,144 | ---- | M] () -- C:\Documents and Settings\yo\Datos de programa\pcouffin.inf
[2010/04/06 16:18:32 | 000,000,034 | ---- | M] () -- C:\Documents and Settings\yo\Datos de programa\pcouffin.log
[2010/04/06 16:18:25 | 000,047,360 | ---- | M] (VSO Software) -- C:\Documents and Settings\yo\Datos de programa\pcouffin.sys
[2010/08/07 16:16:05 | 000,000,671 | ---- | M] () -- C:\Documents and Settings\yo\Datos de programa\vso_ts_preview.xml


< MD5 for: AGP440.SYS >
[2004/08/19 10:56:12 | 018,785,875 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/04/14 07:01:54 | 020,100,698 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/04/14 07:01:54 | 020,100,698 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 23:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 23:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 23:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys






vitrola

Newbie Surfer
Newbie Surfer

Posts : 32
Joined : 2010-07-18
Operating System : windows XP professional version 2002

View user profile

Back to top Go down


Solved Re: TR/Trash.Gen [trojan]

Post by vitrola on Wed 18 Aug 2010, 12:54 pm

Hello

very bad
No sound, no keyboard. I had to change the keyboard USB port. And when I try to close or minimize some windows is like not working, like freezing and after a time it works.
I'm very confused.
And Avira found yesterday the TR/Trash. Gen A0006184.exe again, moved to quarantine but it's like coming again?


vitrola

Newbie Surfer
Newbie Surfer

Posts : 32
Joined : 2010-07-18
Operating System : windows XP professional version 2002

View user profile

Back to top Go down

Solved Re: TR/Trash.Gen [trojan]

Post by Belahzur on Thu 19 Aug 2010, 8:52 am

Hello.

We need to make a new restore point.

To turn off System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Click the Turn off System Restore check box (or the Turn off System Restore on all drives check box), and then click OK.
4. Click Yes when you receive the prompt to the turn off System Restore.

Now we need to make a new restore point.
To turn on System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Click the Turn off System Restore check box (To turn on System Restore), and then click OK.

Does Avira still say it now?


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Solved Re: TR/Trash.Gen [trojan]

Post by vitrola on Thu 19 Aug 2010, 12:25 pm

Hello

No, not now.
And the sound and the keyboard are working OK, but from time to time, I have to change the keyboard USB connection to another USB port, and then, the problem is solved, but then, after a time, happen again. And the same with the sound system. Normally if I reboot the PC the sound comes back. It's happening long time ago.

What to do next?
Is the problem solved?

Cheers




vitrola

Newbie Surfer
Newbie Surfer

Posts : 32
Joined : 2010-07-18
Operating System : windows XP professional version 2002

View user profile

Back to top Go down

Solved Re: TR/Trash.Gen [trojan]

Post by Sneakyone on Fri 20 Aug 2010, 2:17 pm

Hi.

Please download ComboFix from BleepingComputer.com

Alternate link: GeeksToGo.com

Alternate link: Forospyware.com

Rename ComboFix.exe to commy.exe before you save it to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
  • Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\commy.exe" /stepdel
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console


Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


  • Click on Yes, to continue scanning for malware.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.


I'm livin' life in the fast lane.


Sneakyone

Tech Officer
Tech Officer

Posts : 2707
Joined : 2010-01-10
Operating System : Windows 7 Ultimate 64-bit

View user profile http://twitter.com/AVerySneakyone

Back to top Go down

Solved Re: TR/Trash.Gen [trojan]

Post by vitrola on Fri 20 Aug 2010, 6:07 pm

Hello

Firstly I run it directly by mistake because I couldn't find the file path, and then as was never finishing to create a log, I thought I did it something wrong and then I tried to stop it, and finally I did it disconnecting energy supply.
But, then, I found the path of the commy file, and I follow your instructions. And this time the log came very quick.


ComboFix 10-08-18.04 - yo 20/08/2010 3:36.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.34.3082.18.2037.1491 [GMT -3:00]
Running from: c:\documents and settings\yo\escritorio\commy.exe
Command switches used :: /stepdel
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\archivos de programa\\setup.exe
c:\archivos de programa\Setup.exe

.
((((((((((((((((((((((((( Files Created from 2010-07-20 to 2010-08-20 )))))))))))))))))))))))))))))))
.

2010-08-19 20:53 . 2010-08-19 20:54 -------- d-----w- c:\archivos de programa\memtest86+-4.10.usb.installer
2010-08-19 20:53 . 2010-08-19 20:53 144308 ----a-w- c:\archivos de programa\memtest86+-4.10.usb.installer.zip
2010-08-18 19:15 . 2010-08-18 19:15 -------- d-----w- c:\documents and settings\All Users\Datos de programa\Apple Computer
2010-08-17 19:43 . 2010-08-17 19:43 -------- d-----w- C:\_OTL
2010-08-17 06:58 . 2010-08-17 06:58 -------- d-----w- c:\documents and settings\Administrador\Datos de programa\Malwarebytes
2010-08-15 20:04 . 2010-08-15 20:04 260384 ----a-w- c:\archivos de programa\SoftonicDownloader22897.exe
2010-08-15 07:27 . 2010-08-15 07:27 -------- d-----w- c:\documents and settings\yo\Datos de programa\.oit
2010-08-15 05:58 . 2010-08-15 05:58 -------- d-----w- c:\documents and settings\yo\Datos de programa\GlarySoft
2010-08-15 05:58 . 2010-08-15 05:58 -------- d-----w- c:\archivos de programa\Glary Undelete
2010-08-15 05:57 . 2010-08-15 05:57 3354016 ----a-w- c:\archivos de programa\gunsetup.exe
2010-08-15 05:54 . 2010-08-15 05:54 260400 ----a-w- c:\archivos de programa\SoftonicDownloader70493.exe
2010-08-15 03:36 . 2010-08-15 03:36 -------- d-----w- c:\archivos de programa\ESET
2010-08-14 19:28 . 2010-08-14 19:28 -------- d-----w- c:\archivos de programa\SoftLogica
2010-08-14 19:27 . 2010-08-14 19:28 1676456 ----a-w- c:\archivos de programa\handyrecovery4.exe
2010-08-14 18:33 . 2010-08-14 18:33 260400 ----a-w- c:\archivos de programa\SoftonicDownloader32483.exe
2010-08-14 17:05 . 2010-08-14 17:05 -------- d-----w- c:\archivos de programa\Kroll Ontrack
2010-08-14 17:01 . 2010-08-14 17:04 45192311 ----a-w- c:\archivos de programa\erprot.exe
2010-08-14 17:00 . 2010-08-14 17:00 260424 ----a-w- c:\archivos de programa\SoftonicDownloader12296.exe
2010-08-14 04:22 . 2010-08-14 04:22 -------- d-----w- c:\documents and settings\yo\Datos de programa\Apple Computer
2010-08-14 03:44 . 2010-08-18 19:15 -------- d-----w- c:\archivos de programa\QuickTime
2010-08-14 03:44 . 2010-08-14 03:44 -------- d-----w- c:\archivos de programa\Archivos comunes\Apple
2010-08-14 03:43 . 2010-08-14 03:44 -------- d-----w- c:\archivos de programa\Apple Software Update
2010-08-14 03:43 . 2010-08-14 03:43 -------- d-----w- c:\documents and settings\All Users\Datos de programa\Apple
2010-08-13 22:18 . 2010-08-13 22:18 388096 ----a-r- c:\documents and settings\yo\Datos de programa\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2010-08-13 22:18 . 2010-08-13 22:18 -------- d-----w- c:\archivos de programa\TrendMicro
2010-08-13 22:15 . 2010-08-13 22:15 1401344 ----a-w- c:\archivos de programa\HijackThis.msi
2010-08-08 22:19 . 2010-04-29 18:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-08 22:18 . 2010-04-29 18:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-08 20:40 . 2010-08-08 20:40 6153352 ----a-w- c:\archivos de programa\mbam-setup-1.46.exe
2010-08-06 19:48 . 2010-08-06 19:48 -------- d-----w- c:\windows\Sun
2010-08-06 07:09 . 2010-08-07 05:09 -------- d-----w- c:\documents and settings\yo\Datos de programa\Youtube Downloader HD
2010-08-06 07:09 . 2010-08-06 07:09 -------- d-----w- c:\archivos de programa\Youtube Downloader HD
2010-08-06 07:08 . 2010-08-06 07:08 3513989 ----a-w- c:\archivos de programa\youtube_downloader_hd_setup.exe
2010-08-05 04:40 . 2010-08-05 04:40 503808 ----a-w- c:\documents and settings\yo\Datos de programa\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-4f72e18e-n\msvcp71.dll
2010-08-05 04:40 . 2010-08-05 04:40 499712 ----a-w- c:\documents and settings\yo\Datos de programa\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-4f72e18e-n\jmc.dll
2010-08-05 04:40 . 2010-08-05 04:40 348160 ----a-w- c:\documents and settings\yo\Datos de programa\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-4f72e18e-n\msvcr71.dll
2010-08-05 04:40 . 2010-08-05 04:40 61440 ----a-w- c:\documents and settings\yo\Datos de programa\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-539a9a21-n\decora-sse.dll
2010-08-05 04:40 . 2010-08-05 04:40 12800 ----a-w- c:\documents and settings\yo\Datos de programa\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-539a9a21-n\decora-d3d.dll
2010-08-02 16:01 . 2010-08-02 16:01 -------- d-----w- c:\documents and settings\yo\Datos de programa\Malwarebytes
2010-08-02 16:00 . 2010-08-08 22:22 -------- d-----w- c:\archivos de programa\Malwarebytes' Anti-Malware
2010-08-02 16:00 . 2010-08-02 16:00 -------- d-----w- c:\documents and settings\All Users\Datos de programa\Malwarebytes
2010-07-31 08:11 . 2010-08-12 01:32 -------- d-----w- c:\documents and settings\All Users\Datos de programa\Spybot - Search & Destroy
2010-07-31 08:11 . 2010-08-02 21:56 -------- d-----w- c:\archivos de programa\Spybot - Search & Destroy
2010-07-30 18:22 . 2010-08-09 04:48 -------- d-----w- c:\archivos de programa\OTL
2010-07-30 05:35 . 2010-07-30 05:35 -------- d-----w- c:\archivos de programa\Archivos comunes\Adobe
2010-07-30 05:14 . 2010-07-30 05:14 -------- d-----w- c:\archivos de programa\JavaRa
2010-07-30 05:12 . 2010-07-30 05:12 -------- d-----w- c:\archivos de programa\Archivos comunes\Java
2010-07-30 05:12 . 2010-07-30 05:12 503808 ----a-w- c:\documents and settings\yo\Datos de programa\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-250f7da7-n\msvcp71.dll
2010-07-30 05:12 . 2010-07-30 05:12 499712 ----a-w- c:\documents and settings\yo\Datos de programa\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-250f7da7-n\jmc.dll
2010-07-30 05:12 . 2010-07-30 05:12 348160 ----a-w- c:\documents and settings\yo\Datos de programa\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-250f7da7-n\msvcr71.dll
2010-07-30 05:12 . 2010-07-30 05:12 61440 ----a-w- c:\documents and settings\yo\Datos de programa\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-3042ecd6-n\decora-sse.dll
2010-07-30 05:12 . 2010-07-30 05:12 12800 ----a-w- c:\documents and settings\yo\Datos de programa\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-3042ecd6-n\decora-d3d.dll
2010-07-30 05:12 . 2010-07-30 05:11 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-30 05:11 . 2010-07-30 05:11 -------- d-----w- c:\archivos de programa\Java
2010-07-30 01:56 . 2010-07-30 01:56 -------- d-----w- c:\documents and settings\NetworkService\Escritorio

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-20 06:37 . 2009-07-14 23:06 -------- d-----w- c:\documents and settings\yo\Datos de programa\uTorrent
2010-08-19 15:32 . 2009-03-13 17:04 -------- d-----w- c:\documents and settings\yo\Datos de programa\dvdcss
2010-08-19 04:49 . 2009-03-13 15:58 -------- d-----w- c:\documents and settings\yo\Datos de programa\Vso
2010-08-17 22:24 . 2008-12-09 14:13 -------- d-----w- c:\documents and settings\yo\Datos de programa\Winamp
2010-08-16 05:10 . 2008-12-09 14:28 -------- d-----w- c:\archivos de programa\eMule
2010-08-14 17:05 . 2008-12-09 14:00 -------- d--h--w- c:\archivos de programa\InstallShield Installation Information
2010-08-14 17:04 . 2008-12-09 14:00 -------- d-----w- c:\archivos de programa\Archivos comunes\InstallShield
2010-08-13 01:20 . 2010-01-06 20:40 -------- d-----w- c:\archivos de programa\Ares
2010-08-12 01:21 . 2009-11-06 19:28 -------- d-----w- c:\archivos de programa\Last.fm
2010-08-11 14:45 . 2010-07-14 22:43 -------- d-----w- c:\documents and settings\yo\Datos de programa\vlc
2010-08-05 17:31 . 2010-06-22 21:21 -------- d-----w- c:\documents and settings\yo\Datos de programa\foobar2000
2010-08-05 03:44 . 2010-06-28 03:25 -------- d-----w- c:\archivos de programa\Burrrn
2010-08-03 15:49 . 2008-12-09 13:57 16608 ----a-w- c:\windows\gdrv.sys
2010-08-02 22:01 . 2010-06-22 04:16 -------- d-----w- c:\archivos de programa\Monkey's Audio
2010-08-02 21:53 . 2008-12-09 14:08 -------- d-----w- c:\archivos de programa\CCleaner
2010-08-02 21:51 . 2010-07-14 22:41 -------- d-----w- c:\archivos de programa\VLC
2010-08-02 21:50 . 2010-07-07 04:10 -------- d-----w- c:\archivos de programa\EVEREST Ultimate Edition
2010-08-02 21:49 . 2010-06-22 21:21 -------- d-----w- c:\archivos de programa\foobar2000
2010-08-02 21:44 . 2010-06-19 07:18 -------- d-----w- c:\archivos de programa\Illustrate
2010-08-02 21:33 . 2008-12-09 14:13 -------- d-----w- c:\archivos de programa\Winamp
2010-08-02 21:31 . 2010-05-03 16:07 -------- d-----w- c:\archivos de programa\RemoveWGA_Victorxxx
2010-08-02 21:30 . 2010-01-24 21:48 -------- d-----w- c:\archivos de programa\Avira
2010-08-02 21:29 . 2009-03-13 15:58 -------- d-----w- c:\archivos de programa\VSO
2010-08-02 21:25 . 2010-02-04 19:01 -------- d-----w- c:\archivos de programa\VirtualDub-1.9.8
2010-08-02 21:22 . 2010-06-19 00:19 -------- d-----w- c:\archivos de programa\TotalAudioConverter
2010-07-31 07:20 . 2008-12-09 14:16 -------- d-----w- c:\documents and settings\All Users\Datos de programa\Lavasoft
2010-07-30 05:32 . 2009-11-02 23:42 -------- d-----w- c:\archivos de programa\VDOWNLOADER
2010-07-23 15:24 . 2010-05-03 15:17 -------- d-----w- c:\archivos de programa\TuneUp Utilities 2010
2010-07-17 22:16 . 2010-07-17 22:16 54744 ----a-w- c:\documents and settings\All Users\Datos de programa\WidgetServer\uninst.exe
2010-07-17 22:16 . 2010-07-17 22:16 -------- d-----w- c:\documents and settings\All Users\Datos de programa\WidgetServer
2010-07-16 21:45 . 2010-06-03 23:51 -------- d-----w- c:\archivos de programa\Winamp Detect
2010-07-16 21:45 . 2010-07-16 21:45 -------- d-----w- c:\documents and settings\All Users\Datos de programa\Winamp Toolbar
2010-07-16 21:45 . 2010-07-16 21:45 -------- d-----w- c:\archivos de programa\Winamp Toolbar
2010-07-16 05:23 . 2001-08-24 10:00 51286 ----a-w- c:\windows\system32\perfc00A.dat
2010-07-16 05:23 . 2001-08-24 10:00 362564 ----a-w- c:\windows\system32\perfh00A.dat
2010-07-15 18:10 . 2010-07-15 18:10 -------- d-----w- c:\archivos de programa\Windows Media Connect 2
2010-07-14 20:11 . 2010-07-14 19:49 -------- d-----w- c:\archivos de programa\RealArcade
2010-07-12 20:27 . 2010-07-12 20:27 3299 ----a-w- c:\windows\system32\SpoonUninstall-dBpoweramp m4a Codec.dat
2010-07-12 20:26 . 2010-06-18 01:31 869608 ----a-w- c:\windows\system32\SpoonUninstall.exe
2010-07-06 11:57 . 2010-05-03 15:18 30528 ----a-w- c:\windows\system32\TURegOpt.exe
2010-07-06 11:52 . 2010-07-02 05:53 30016 ----a-w- c:\windows\system32\uxtuneup.dll
2010-07-02 02:57 . 2010-07-02 02:57 -------- d-----w- c:\documents and settings\All Users\Datos de programa\McAfee
2010-06-30 12:32 . 2004-08-19 13:42 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-28 03:25 . 2010-06-28 03:25 -------- d-----w- c:\archivos de programa\burrrn_1.13
2010-06-25 16:20 . 2010-06-25 16:20 501936 ----a-w- c:\documents and settings\All Users\Datos de programa\Google\Google Toolbar\Update\gtb264.tmp.exe
2010-06-24 20:37 . 2010-06-24 20:37 501936 ----a-w- c:\documents and settings\All Users\Datos de programa\Google\Google Toolbar\Update\gtb22D.tmp.exe
2010-06-24 12:15 . 2004-08-19 13:42 832512 ----a-w- c:\windows\system32\wininet.dll
2010-06-24 12:15 . 2004-08-19 13:42 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-06-24 12:15 . 2004-08-19 13:41 17408 ----a-w- c:\windows\system32\corpol.dll
2010-06-24 09:02 . 2004-08-19 13:30 1852032 ----a-w- c:\windows\system32\win32k.sys
2010-06-23 16:10 . 2010-06-23 16:10 501936 ----a-w- c:\documents and settings\All Users\Datos de programa\Google\Google Toolbar\Update\gtb1C0.tmp.exe
2010-06-23 02:47 . 2010-06-23 02:47 501936 ----a-w- c:\documents and settings\All Users\Datos de programa\Google\Google Toolbar\Update\gtb13B.tmp.exe
2010-06-21 15:27 . 2004-08-03 21:14 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-21 15:05 . 2010-06-21 03:33 3151 ----a-w- c:\windows\system32\SpoonUninstall-dBpoweramp Monkeys Audio Codec.dat
2010-06-21 03:32 . 2010-06-21 03:32 3026 ----a-w- c:\windows\system32\SpoonUninstall-dBpoweramp FLAC Codec.dat
2010-06-21 03:27 . 2010-06-21 03:27 15349 ----a-w- c:\windows\system32\SpoonUninstall-dBpoweramp Music Converter.dat
2010-06-17 14:03 . 2004-08-19 13:42 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 21:35 . 2004-08-03 21:14 361600 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-06-14 21:33 . 2010-06-14 21:33 259072 ----a-w- c:\archivos de programa\Half-open_limit_fix_4.1.exe
2010-06-14 21:06 . 2010-06-14 21:06 260416 ----a-w- c:\archivos de programa\SoftonicDownloader81240.exe
2010-06-14 14:31 . 2008-12-09 13:50 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:42 . 2004-08-19 13:42 1172480 ----a-w- c:\windows\system32\msxml3.dll
2010-06-04 19:31 . 2010-06-04 19:31 299864 ----a-w- c:\archivos de programa\dxwebsetup.exe
.

------- Sigcheck -------

[-] 2010-06-14 . CD00787894008369F56153B91FC28847 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[7] 2008-04-14 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[7] 2008-04-14 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[7] 2004-08-03 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\archivos de programa\Winamp Toolbar\winamptb.dll" [2009-05-06 1262888]
"{c2ed826e-8903-4a9d-b0df-3a8fb8ea918a}"= "c:\archivos de programa\Softonic_ES\tbSof1.dll" [2010-05-10 2515552]

[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]

[HKEY_CLASSES_ROOT\clsid\{c2ed826e-8903-4a9d-b0df-3a8fb8ea918a}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c2ed826e-8903-4a9d-b0df-3a8fb8ea918a}]
2010-05-10 17:39 2515552 ----a-w- c:\archivos de programa\Softonic_ES\tbSof1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{c2ed826e-8903-4a9d-b0df-3a8fb8ea918a}"= "c:\archivos de programa\Softonic_ES\tbSof1.dll" [2010-05-10 2515552]

[HKEY_CLASSES_ROOT\clsid\{c2ed826e-8903-4a9d-b0df-3a8fb8ea918a}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{C2ED826E-8903-4A9D-B0DF-3A8FB8EA918A}"= "c:\archivos de programa\Softonic_ES\tbSof1.dll" [2010-05-10 2515552]

[HKEY_CLASSES_ROOT\clsid\{c2ed826e-8903-4a9d-b0df-3a8fb8ea918a}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\archivos de programa\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-02 68856]
"uTorrent"="c:\archivos de programa\uTorrent\uTorrent.exe" [2009-07-15 288048]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\archivos de programa\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpybotSD TeaTimer"=c:\archivos de programa\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\archivos de programa\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"QuickTime Task"="c:\archivos de programa\QuickTime\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiSpyWareDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Archivos de programa\\Real Alternative\\Media Player Classic\\mplayerc.exe"=
"c:\\Archivos de programa\\uTorrent\\uTorrent.exe"=
"c:\\Archivos de programa\\MSN Messenger\\msnmsgr.exe"=
"c:\\Archivos de programa\\MSN Messenger\\livecall.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Archivos de programa\\eMule\\emule.exe"=
"c:\\Archivos de programa\\VLC\\vlc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"48312:UDP"= 48312:UDP:emule puerto
"45113:TCP"= 45113:TCP:emule puerto

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\archivos de programa\Avira\AntiVir Desktop\sched.exe [24/01/2010 06:48 p.m. 108289]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\archivos de programa\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [06/07/2010 08:55 a.m. 1051968]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\archivos de programa\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [14/10/2009 05:24 a.m. 10064]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S2 gupdate;Servicio de actualización de Google (gupdate);c:\archivos de programa\Google\Update\GoogleUpdate.exe [03/02/2010 02:55 p.m. 135664]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2010-08-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\archivos de programa\Apple Software Update\SoftwareUpdate.exe [2008-07-30 15:34]

2010-08-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\archivos de programa\Google\Update\GoogleUpdate.exe [2010-02-03 17:55]

2010-08-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\archivos de programa\Google\Update\GoogleUpdate.exe [2010-02-03 17:55]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
IE: &Winamp Search - c:\documents and settings\All Users\Datos de programa\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&xportar a Microsoft Excel - c:\archiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\archivos de programa\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
FF - ProfilePath - c:\documents and settings\yo\Datos de programa\Mozilla\Firefox\Profiles\pnydudbk.default\
FF - prefs.js: browser.search.defaulturl - [You must be registered and logged in to see this link.]
FF - prefs.js: browser.search.selectedEngine - Winamp Search
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
FF - plugin: c:\archivos de programa\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\archivos de programa\Mozilla Firefox\plugins\npwachk.dll

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
Notify-WgaLogon - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-08-20 03:38
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2010-08-20 03:39:22
ComboFix-quarantined-files.txt 2010-08-20 06:39

Pre-Run: 111.494.111.232 bytes libres
Post-Run: 111.510.638.592 bytes libres

- - End Of File - - E6986F70A2103C9A126DFB97DB6835E8




vitrola

Newbie Surfer
Newbie Surfer

Posts : 32
Joined : 2010-07-18
Operating System : windows XP professional version 2002

View user profile

Back to top Go down

Solved Re: TR/Trash.Gen [trojan]

Post by Sneakyone on Sat 21 Aug 2010, 2:54 pm

Hi.

Re-running ComboFix to remove infections:

  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:


    KillAll::

    TDL::
    c:\windows\system32\drivers\tcpip.sys

    Reboot::


  4. Save this as CFScript.txt, in the same location as ComboFix.exe



  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.


I'm livin' life in the fast lane.


Sneakyone

Tech Officer
Tech Officer

Posts : 2707
Joined : 2010-01-10
Operating System : Windows 7 Ultimate 64-bit

View user profile http://twitter.com/AVerySneakyone

Back to top Go down

Solved Re: TR/Trash.Gen [trojan]

Post by vitrola on Sat 21 Aug 2010, 6:41 pm

Hello

ComboFix 10-08-18.04 - yo 21/08/2010 2:33.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.34.3082.18.2037.1564 [GMT -3:00]
Running from: c:\documents and settings\yo\Escritorio\commy.exe
Command switches used :: c:\documents and settings\yo\Escritorio\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((( Files Created from 2010-07-21 to 2010-08-21 )))))))))))))))))))))))))))))))
.

2010-08-19 20:53 . 2010-08-19 20:54 -------- d-----w- c:\archivos de programa\memtest86+-4.10.usb.installer
2010-08-19 20:53 . 2010-08-19 20:53 144308 ----a-w- c:\archivos de programa\memtest86+-4.10.usb.installer.zip
2010-08-18 19:15 . 2010-08-18 19:15 -------- d-----w- c:\documents and settings\All Users\Datos de programa\Apple Computer
2010-08-17 19:43 . 2010-08-17 19:43 -------- d-----w- C:\_OTL
2010-08-17 06:58 . 2010-08-17 06:58 -------- d-----w- c:\documents and settings\Administrador\Datos de programa\Malwarebytes
2010-08-15 20:04 . 2010-08-15 20:04 260384 ----a-w- c:\archivos de programa\SoftonicDownloader22897.exe
2010-08-15 07:27 . 2010-08-15 07:27 -------- d-----w- c:\documents and settings\yo\Datos de programa\.oit
2010-08-15 05:58 . 2010-08-15 05:58 -------- d-----w- c:\documents and settings\yo\Datos de programa\GlarySoft
2010-08-15 05:58 . 2010-08-15 05:58 -------- d-----w- c:\archivos de programa\Glary Undelete
2010-08-15 05:57 . 2010-08-15 05:57 3354016 ----a-w- c:\archivos de programa\gunsetup.exe
2010-08-15 05:54 . 2010-08-15 05:54 260400 ----a-w- c:\archivos de programa\SoftonicDownloader70493.exe
2010-08-15 03:36 . 2010-08-15 03:36 -------- d-----w- c:\archivos de programa\ESET
2010-08-14 19:28 . 2010-08-14 19:28 -------- d-----w- c:\archivos de programa\SoftLogica
2010-08-14 19:27 . 2010-08-14 19:28 1676456 ----a-w- c:\archivos de programa\handyrecovery4.exe
2010-08-14 18:33 . 2010-08-14 18:33 260400 ----a-w- c:\archivos de programa\SoftonicDownloader32483.exe
2010-08-14 17:05 . 2010-08-14 17:05 -------- d-----w- c:\archivos de programa\Kroll Ontrack
2010-08-14 17:01 . 2010-08-14 17:04 45192311 ----a-w- c:\archivos de programa\erprot.exe
2010-08-14 17:00 . 2010-08-14 17:00 260424 ----a-w- c:\archivos de programa\SoftonicDownloader12296.exe
2010-08-14 04:22 . 2010-08-14 04:22 -------- d-----w- c:\documents and settings\yo\Datos de programa\Apple Computer
2010-08-14 03:44 . 2010-08-18 19:15 -------- d-----w- c:\archivos de programa\QuickTime
2010-08-14 03:44 . 2010-08-14 03:44 -------- d-----w- c:\archivos de programa\Archivos comunes\Apple
2010-08-14 03:43 . 2010-08-14 03:44 -------- d-----w- c:\archivos de programa\Apple Software Update
2010-08-14 03:43 . 2010-08-14 03:43 -------- d-----w- c:\documents and settings\All Users\Datos de programa\Apple
2010-08-13 22:18 . 2010-08-13 22:18 388096 ----a-r- c:\documents and settings\yo\Datos de programa\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2010-08-13 22:18 . 2010-08-13 22:18 -------- d-----w- c:\archivos de programa\TrendMicro
2010-08-13 22:15 . 2010-08-13 22:15 1401344 ----a-w- c:\archivos de programa\HijackThis.msi
2010-08-08 22:19 . 2010-04-29 18:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-08 22:18 . 2010-04-29 18:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-08 20:40 . 2010-08-08 20:40 6153352 ----a-w- c:\archivos de programa\mbam-setup-1.46.exe
2010-08-06 19:48 . 2010-08-06 19:48 -------- d-----w- c:\windows\Sun
2010-08-06 07:09 . 2010-08-07 05:09 -------- d-----w- c:\documents and settings\yo\Datos de programa\Youtube Downloader HD
2010-08-06 07:09 . 2010-08-06 07:09 -------- d-----w- c:\archivos de programa\Youtube Downloader HD
2010-08-06 07:08 . 2010-08-06 07:08 3513989 ----a-w- c:\archivos de programa\youtube_downloader_hd_setup.exe
2010-08-05 04:40 . 2010-08-05 04:40 503808 ----a-w- c:\documents and settings\yo\Datos de programa\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-4f72e18e-n\msvcp71.dll
2010-08-05 04:40 . 2010-08-05 04:40 499712 ----a-w- c:\documents and settings\yo\Datos de programa\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-4f72e18e-n\jmc.dll
2010-08-05 04:40 . 2010-08-05 04:40 348160 ----a-w- c:\documents and settings\yo\Datos de programa\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-4f72e18e-n\msvcr71.dll
2010-08-05 04:40 . 2010-08-05 04:40 61440 ----a-w- c:\documents and settings\yo\Datos de programa\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-539a9a21-n\decora-sse.dll
2010-08-05 04:40 . 2010-08-05 04:40 12800 ----a-w- c:\documents and settings\yo\Datos de programa\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-539a9a21-n\decora-d3d.dll
2010-08-02 16:01 . 2010-08-02 16:01 -------- d-----w- c:\documents and settings\yo\Datos de programa\Malwarebytes
2010-08-02 16:00 . 2010-08-08 22:22 -------- d-----w- c:\archivos de programa\Malwarebytes' Anti-Malware
2010-08-02 16:00 . 2010-08-02 16:00 -------- d-----w- c:\documents and settings\All Users\Datos de programa\Malwarebytes
2010-07-31 08:11 . 2010-08-12 01:32 -------- d-----w- c:\documents and settings\All Users\Datos de programa\Spybot - Search & Destroy
2010-07-31 08:11 . 2010-08-02 21:56 -------- d-----w- c:\archivos de programa\Spybot - Search & Destroy
2010-07-30 18:22 . 2010-08-09 04:48 -------- d-----w- c:\archivos de programa\OTL
2010-07-30 05:35 . 2010-07-30 05:35 -------- d-----w- c:\archivos de programa\Archivos comunes\Adobe
2010-07-30 05:14 . 2010-07-30 05:14 -------- d-----w- c:\archivos de programa\JavaRa
2010-07-30 05:12 . 2010-07-30 05:12 -------- d-----w- c:\archivos de programa\Archivos comunes\Java
2010-07-30 05:12 . 2010-07-30 05:12 503808 ----a-w- c:\documents and settings\yo\Datos de programa\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-250f7da7-n\msvcp71.dll
2010-07-30 05:12 . 2010-07-30 05:12 499712 ----a-w- c:\documents and settings\yo\Datos de programa\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-250f7da7-n\jmc.dll
2010-07-30 05:12 . 2010-07-30 05:12 348160 ----a-w- c:\documents and settings\yo\Datos de programa\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-250f7da7-n\msvcr71.dll
2010-07-30 05:12 . 2010-07-30 05:12 61440 ----a-w- c:\documents and settings\yo\Datos de programa\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-3042ecd6-n\decora-sse.dll
2010-07-30 05:12 . 2010-07-30 05:12 12800 ----a-w- c:\documents and settings\yo\Datos de programa\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-3042ecd6-n\decora-d3d.dll
2010-07-30 05:12 . 2010-07-30 05:11 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-30 05:11 . 2010-07-30 05:11 -------- d-----w- c:\archivos de programa\Java
2010-07-30 01:56 . 2010-07-30 01:56 -------- d-----w- c:\documents and settings\NetworkService\Escritorio

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-21 05:38 . 2009-07-14 23:06 -------- d-----w- c:\documents and settings\yo\Datos de programa\uTorrent
2010-08-20 21:46 . 2010-02-04 18:52 -------- d-----w- c:\archivos de programa\Softonic_ES
2010-08-20 13:38 . 2010-05-03 15:17 -------- d-----w- c:\archivos de programa\TuneUp Utilities 2010
2010-08-19 15:32 . 2009-03-13 17:04 -------- d-----w- c:\documents and settings\yo\Datos de programa\dvdcss
2010-08-19 04:49 . 2009-03-13 15:58 -------- d-----w- c:\documents and settings\yo\Datos de programa\Vso
2010-08-17 22:24 . 2008-12-09 14:13 -------- d-----w- c:\documents and settings\yo\Datos de programa\Winamp
2010-08-16 05:10 . 2008-12-09 14:28 -------- d-----w- c:\archivos de programa\eMule
2010-08-14 17:05 . 2008-12-09 14:00 -------- d--h--w- c:\archivos de programa\InstallShield Installation Information
2010-08-14 17:04 . 2008-12-09 14:00 -------- d-----w- c:\archivos de programa\Archivos comunes\InstallShield
2010-08-13 01:20 . 2010-01-06 20:40 -------- d-----w- c:\archivos de programa\Ares
2010-08-12 19:26 . 2010-05-03 15:18 30528 ----a-w- c:\windows\system32\TURegOpt.exe
2010-08-12 19:19 . 2010-07-02 05:53 30016 ----a-w- c:\windows\system32\uxtuneup.dll
2010-08-12 01:21 . 2009-11-06 19:28 -------- d-----w- c:\archivos de programa\Last.fm
2010-08-11 14:45 . 2010-07-14 22:43 -------- d-----w- c:\documents and settings\yo\Datos de programa\vlc
2010-08-05 17:31 . 2010-06-22 21:21 -------- d-----w- c:\documents and settings\yo\Datos de programa\foobar2000
2010-08-05 03:44 . 2010-06-28 03:25 -------- d-----w- c:\archivos de programa\Burrrn
2010-08-03 15:49 . 2008-12-09 13:57 16608 ----a-w- c:\windows\gdrv.sys
2010-08-02 22:01 . 2010-06-22 04:16 -------- d-----w- c:\archivos de programa\Monkey's Audio
2010-08-02 21:53 . 2008-12-09 14:08 -------- d-----w- c:\archivos de programa\CCleaner
2010-08-02 21:51 . 2010-07-14 22:41 -------- d-----w- c:\archivos de programa\VLC
2010-08-02 21:50 . 2010-07-07 04:10 -------- d-----w- c:\archivos de programa\EVEREST Ultimate Edition
2010-08-02 21:49 . 2010-06-22 21:21 -------- d-----w- c:\archivos de programa\foobar2000
2010-08-02 21:44 . 2010-06-19 07:18 -------- d-----w- c:\archivos de programa\Illustrate
2010-08-02 21:33 . 2008-12-09 14:13 -------- d-----w- c:\archivos de programa\Winamp
2010-08-02 21:31 . 2010-05-03 16:07 -------- d-----w- c:\archivos de programa\RemoveWGA_Victorxxx
2010-08-02 21:30 . 2010-01-24 21:48 -------- d-----w- c:\archivos de programa\Avira
2010-08-02 21:29 . 2009-03-13 15:58 -------- d-----w- c:\archivos de programa\VSO
2010-08-02 21:25 . 2010-02-04 19:01 -------- d-----w- c:\archivos de programa\VirtualDub-1.9.8
2010-08-02 21:22 . 2010-06-19 00:19 -------- d-----w- c:\archivos de programa\TotalAudioConverter
2010-07-31 07:20 . 2008-12-09 14:16 -------- d-----w- c:\documents and settings\All Users\Datos de programa\Lavasoft
2010-07-30 05:32 . 2009-11-02 23:42 -------- d-----w- c:\archivos de programa\VDOWNLOADER
2010-07-17 22:16 . 2010-07-17 22:16 54744 ----a-w- c:\documents and settings\All Users\Datos de programa\WidgetServer\uninst.exe
2010-07-17 22:16 . 2010-07-17 22:16 -------- d-----w- c:\documents and settings\All Users\Datos de programa\WidgetServer
2010-07-16 21:45 . 2010-06-03 23:51 -------- d-----w- c:\archivos de programa\Winamp Detect
2010-07-16 21:45 . 2010-07-16 21:45 -------- d-----w- c:\documents and settings\All Users\Datos de programa\Winamp Toolbar
2010-07-16 21:45 . 2010-07-16 21:45 -------- d-----w- c:\archivos de programa\Winamp Toolbar
2010-07-16 05:23 . 2001-08-24 10:00 51286 ----a-w- c:\windows\system32\perfc00A.dat
2010-07-16 05:23 . 2001-08-24 10:00 362564 ----a-w- c:\windows\system32\perfh00A.dat
2010-07-15 18:10 . 2010-07-15 18:10 -------- d-----w- c:\archivos de programa\Windows Media Connect 2
2010-07-14 20:11 . 2010-07-14 19:49 -------- d-----w- c:\archivos de programa\RealArcade
2010-07-12 20:27 . 2010-07-12 20:27 3299 ----a-w- c:\windows\system32\SpoonUninstall-dBpoweramp m4a Codec.dat
2010-07-12 20:26 . 2010-06-18 01:31 869608 ----a-w- c:\windows\system32\SpoonUninstall.exe
2010-07-02 02:57 . 2010-07-02 02:57 -------- d-----w- c:\documents and settings\All Users\Datos de programa\McAfee
2010-06-30 12:32 . 2004-08-19 13:42 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-28 03:25 . 2010-06-28 03:25 -------- d-----w- c:\archivos de programa\burrrn_1.13
2010-06-25 16:20 . 2010-06-25 16:20 501936 ----a-w- c:\documents and settings\All Users\Datos de programa\Google\Google Toolbar\Update\gtb264.tmp.exe
2010-06-24 20:37 . 2010-06-24 20:37 501936 ----a-w- c:\documents and settings\All Users\Datos de programa\Google\Google Toolbar\Update\gtb22D.tmp.exe
2010-06-24 12:15 . 2004-08-19 13:42 832512 ----a-w- c:\windows\system32\wininet.dll
2010-06-24 12:15 . 2004-08-19 13:42 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-06-24 12:15 . 2004-08-19 13:41 17408 ----a-w- c:\windows\system32\corpol.dll
2010-06-24 09:02 . 2004-08-19 13:30 1852032 ----a-w- c:\windows\system32\win32k.sys
2010-06-23 16:10 . 2010-06-23 16:10 501936 ----a-w- c:\documents and settings\All Users\Datos de programa\Google\Google Toolbar\Update\gtb1C0.tmp.exe
2010-06-23 02:47 . 2010-06-23 02:47 501936 ----a-w- c:\documents and settings\All Users\Datos de programa\Google\Google Toolbar\Update\gtb13B.tmp.exe
2010-06-21 15:27 . 2004-08-03 21:14 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-21 15:05 . 2010-06-21 03:33 3151 ----a-w- c:\windows\system32\SpoonUninstall-dBpoweramp Monkeys Audio Codec.dat
2010-06-21 03:32 . 2010-06-21 03:32 3026 ----a-w- c:\windows\system32\SpoonUninstall-dBpoweramp FLAC Codec.dat
2010-06-21 03:27 . 2010-06-21 03:27 15349 ----a-w- c:\windows\system32\SpoonUninstall-dBpoweramp Music Converter.dat
2010-06-17 14:03 . 2004-08-19 13:42 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 21:35 . 2004-08-03 21:14 361600 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-06-14 21:33 . 2010-06-14 21:33 259072 ----a-w- c:\archivos de programa\Half-open_limit_fix_4.1.exe
2010-06-14 21:06 . 2010-06-14 21:06 260416 ----a-w- c:\archivos de programa\SoftonicDownloader81240.exe
2010-06-14 14:31 . 2008-12-09 13:50 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:42 . 2004-08-19 13:42 1172480 ----a-w- c:\windows\system32\msxml3.dll
2010-06-04 19:31 . 2010-06-04 19:31 299864 ----a-w- c:\archivos de programa\dxwebsetup.exe
.

------- Sigcheck -------

[-] 2010-06-14 . CD00787894008369F56153B91FC28847 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[7] 2008-04-14 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[7] 2008-04-14 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[7] 2004-08-03 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
.
((((((((((((((((((((((((((((( [You must be registered and logged in to see this link.] )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-08-21 05:37 . 2010-08-21 05:37 16384 c:\windows\temp\Perflib_Perfdata_1d4.dat
- 2010-08-10 20:13 . 2009-05-26 11:40 764280 c:\windows\SoftwareDistribution\Download\a55343ca369382122a33905d7c85c623\update\update.exe
- 2010-08-10 20:13 . 2010-02-22 14:24 764280 c:\windows\SoftwareDistribution\Download\5223781abe26bac8c269db40b449266e\update\update.exe
- 2010-08-10 20:13 . 2009-05-26 11:40 764280 c:\windows\SoftwareDistribution\Download\2e0fac0ea201ad36dd05526d7f006f50\update\update.exe
- 2010-08-10 20:13 . 2009-05-26 11:40 764280 c:\windows\SoftwareDistribution\Download\2a3aa2e80cf03d0dddb69e41a0cb1cec\update\update.exe
- 2010-08-10 20:13 . 2010-02-22 14:24 764280 c:\windows\SoftwareDistribution\Download\0ce8722a568559fda0b0b60725066c1b\update\update.exe
+ 2010-08-13 14:57 . 2010-08-13 14:57 919552 c:\windows\Installer\1bb39bf.msp
+ 2010-08-13 14:57 . 2010-08-13 14:57 547328 c:\windows\Installer\1bb38dd.msp
- 2010-06-14 07:40 . 2010-06-14 07:40 1172480 c:\windows\SoftwareDistribution\Download\2a3aa2e80cf03d0dddb69e41a0cb1cec\sp3qfe\msxml3.dll
- 2010-06-14 07:42 . 2010-06-14 07:42 1172480 c:\windows\SoftwareDistribution\Download\2a3aa2e80cf03d0dddb69e41a0cb1cec\sp3gdr\msxml3.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\archivos de programa\Winamp Toolbar\winamptb.dll" [2009-05-06 1262888]
"{c2ed826e-8903-4a9d-b0df-3a8fb8ea918a}"= "c:\archivos de programa\Softonic_ES\tbSof0.dll" [2010-08-20 2734688]

[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]

[HKEY_CLASSES_ROOT\clsid\{c2ed826e-8903-4a9d-b0df-3a8fb8ea918a}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c2ed826e-8903-4a9d-b0df-3a8fb8ea918a}]
2010-08-20 21:46 2734688 ----a-w- c:\archivos de programa\Softonic_ES\tbSof0.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{c2ed826e-8903-4a9d-b0df-3a8fb8ea918a}"= "c:\archivos de programa\Softonic_ES\tbSof0.dll" [2010-08-20 2734688]

[HKEY_CLASSES_ROOT\clsid\{c2ed826e-8903-4a9d-b0df-3a8fb8ea918a}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{C2ED826E-8903-4A9D-B0DF-3A8FB8EA918A}"= "c:\archivos de programa\Softonic_ES\tbSof0.dll" [2010-08-20 2734688]

[HKEY_CLASSES_ROOT\clsid\{c2ed826e-8903-4a9d-b0df-3a8fb8ea918a}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\archivos de programa\uTorrent\uTorrent.exe" [2009-07-15 288048]
"swg"="c:\archivos de programa\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-02 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\archivos de programa\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"QuickTime Task"="c:\archivos de programa\QuickTime\qttask.exe" [2010-08-10 421888]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WgaLogon]
[BU]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpybotSD TeaTimer"=c:\archivos de programa\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiSpyWareDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Archivos de programa\\Real Alternative\\Media Player Classic\\mplayerc.exe"=
"c:\\Archivos de programa\\uTorrent\\uTorrent.exe"=
"c:\\Archivos de programa\\MSN Messenger\\msnmsgr.exe"=
"c:\\Archivos de programa\\MSN Messenger\\livecall.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Archivos de programa\\eMule\\emule.exe"=
"c:\\Archivos de programa\\VLC\\vlc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"48312:UDP"= 48312:UDP:emule puerto
"45113:TCP"= 45113:TCP:emule puerto

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\archivos de programa\Avira\AntiVir Desktop\sched.exe [24/01/2010 06:48 p.m. 108289]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\archivos de programa\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [12/08/2010 04:23 p.m. 1051968]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\archivos de programa\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [14/10/2009 05:24 a.m. 10064]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S2 gupdate;Servicio de actualización de Google (gupdate);c:\archivos de programa\Google\Update\GoogleUpdate.exe [03/02/2010 02:55 p.m. 135664]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2010-08-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\archivos de programa\Apple Software Update\SoftwareUpdate.exe [2008-07-30 15:34]

2010-08-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\archivos de programa\Google\Update\GoogleUpdate.exe [2010-02-03 17:55]

2010-08-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\archivos de programa\Google\Update\GoogleUpdate.exe [2010-02-03 17:55]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
IE: &Winamp Search - c:\documents and settings\All Users\Datos de programa\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&xportar a Microsoft Excel - c:\archiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\archivos de programa\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
FF - ProfilePath - c:\documents and settings\yo\Datos de programa\Mozilla\Firefox\Profiles\pnydudbk.default\
FF - prefs.js: browser.search.defaulturl - [You must be registered and logged in to see this link.]
FF - prefs.js: browser.search.selectedEngine - Winamp Search
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
FF - plugin: c:\archivos de programa\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\archivos de programa\Mozilla Firefox\plugins\npwachk.dll

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-08-21 02:37
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1652)
c:\windows\system32\WININET.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\archivos de programa\Avira\AntiVir Desktop\avguard.exe
c:\archivos de programa\Java\jre6\bin\jqs.exe
c:\archivos de programa\Archivos comunes\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\wbem\wmiapsrv.exe
c:\archivos de programa\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
.
**************************************************************************
.
Completion time: 2010-08-21 02:39:24 - machine was rebooted
ComboFix-quarantined-files.txt 2010-08-21 05:39
ComboFix2.txt 2010-08-20 06:39

Pre-Run: 110.902.861.824 bytes libres
Post-Run: 111.179.915.264 bytes libres

- - End Of File - - 0E6F39089D3E70C9FD24AE74C43E4985

vitrola

Newbie Surfer
Newbie Surfer

Posts : 32
Joined : 2010-07-18
Operating System : windows XP professional version 2002

View user profile

Back to top Go down

Solved Re: TR/Trash.Gen [trojan]

Post by Sneakyone on Sun 22 Aug 2010, 5:09 am

Hi.

Please go to Kaspersky website and perform an online antivirus scan.

  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post this log in your next reply.


  • I'm livin' life in the fast lane.


    Sneakyone

    Tech Officer
    Tech Officer

    Posts : 2707
    Joined : 2010-01-10
    Operating System : Windows 7 Ultimate 64-bit

    View user profile http://twitter.com/AVerySneakyone

    Back to top Go down

    Solved Re: TR/Trash.Gen [trojan]

    Post by vitrola on Sun 22 Aug 2010, 6:08 pm

    Hello

    KASPERSKY ONLINE SCANNER 7.0: scan report
    Sunday, August 22, 2010
    Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
    Kaspersky Online Scanner version: 7.0.26.13
    Last database update: Saturday, August 21, 2010 10:32:30
    Records in database: 4131719
    --------------------------------------------------------------------------------

    Scan settings:
    scan using the following database: extended
    Scan archives: yes
    Scan e-mail databases: yes

    Scan area - My Computer:
    C:\
    D:\
    E:\
    F:\
    G:\
    H:\

    Scan statistics:
    Objects scanned: 48013
    Threats found: 0
    Infected objects found: 0
    Suspicious objects found: 0
    Scan duration: 02:30:17

    No threats found. Scanned area is clean.

    Selected area has been scanned.

    vitrola

    Newbie Surfer
    Newbie Surfer

    Posts : 32
    Joined : 2010-07-18
    Operating System : windows XP professional version 2002

    View user profile

    Back to top Go down

    Solved Re: TR/Trash.Gen [trojan]

    Post by Sneakyone on Mon 23 Aug 2010, 5:04 am

    Hi.

    How is your machine running now?


    I'm livin' life in the fast lane.


    Sneakyone

    Tech Officer
    Tech Officer

    Posts : 2707
    Joined : 2010-01-10
    Operating System : Windows 7 Ultimate 64-bit

    View user profile http://twitter.com/AVerySneakyone

    Back to top Go down

    Solved Re: TR/Trash.Gen [trojan]

    Post by vitrola on Mon 23 Aug 2010, 8:23 am

    Hello
    It's working fine.
    Thank you very much to you and Belazur for your help, I appreciate all of your help.
    Kindest regards
    Sebastian

    vitrola

    Newbie Surfer
    Newbie Surfer

    Posts : 32
    Joined : 2010-07-18
    Operating System : windows XP professional version 2002

    View user profile

    Back to top Go down

    Solved Re: TR/Trash.Gen [trojan]

    Post by Sneakyone on Mon 23 Aug 2010, 11:23 am

    You're welcome, glad to help.

    Your computer is now clean. Now, time to remove the tools used, and update your computer to prevent vulnerability.

    Updating System Restore
    Now to get you off to a good start we will clean your restore points so that all the bad stuff is gone for good. Then if you need to restore at some stage you will be clean. There are several ways to reset your restore points, but this is my method:
    • Select Start > All Programs > Accessories > System tools > System Restore.
    • On the dialogue box that appears select Create a Restore Point
    • Click NEXT
    • Enter a name e.g. Clean
    • Click CREATE.


    You now have a clean restore point.

    To get rid of the bad ones:
    • Select Start > All Programs > Accessories > System tools > Disk Cleanup.
    • In the Drop down box that appears select your main drive e.g. C
    • Click OK
    • The System will do a calculation of temporary/old files, and then display a dialogue box.
    • Select the More Options Tab.
    • At the bottom will be a System Restore box with a CLEANUP button click this
    • Accept the Warning and select OK again, the program will close and you are done.


    ========

    Removing the tools
    Now, to remove all of the tools we used and the files and folders they created, please do the following:

    Download OTC.exe by OldTimer:
    • Save it to your Desktop.
    • Double click OTC.exe.
    • Click the CleanUp! button.
    • If you are prompted to Reboot during the cleanup, select Yes.
    • The tool will delete itself once it finishes.
      Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.


    ============

    Service Pack upgrade
    Please consider upgrading to Windows XP SP3, because it includes all previously released updates. It also includes a small number of new functionalities. Some of the updates that Service Pack 3 provides, you may not have. It is now available via Windows Update.

    More info about SP3: [You must be registered and logged in to see this link.]

    =====

    Update Programs
    Please download the newest version of Adobe Acrobat Reader from Adobe.com

    Before installing: it is important to remove older versions of Acrobat Reader since it does not do so automatically and old versions still leave you vulnerable.
    Go to the Control Panel and enter Add or Remove Programs.
    Search in the list for all previous installed versions of Adobe Acrobat Reader. Uninstall/Remove each of them.

    Once old versions are gone, please install the newest version.



    Please download the newest version of Java from Java.com.

    Before installing: it is important to remove older versions of Java since it does not do so automatically and old versions still leave you vulnerable.
    Go to the Control Panel and enter Add or Remove Programs.
    Search in the list for all previous installed versions of Java (J2SE Runtime Environment). Please uninstall/remove each of them.

    Once old versions are gone, please install the newest version.

    ===========

    Here are some prevention tips I have provided:

    1. Don't download files from untrusted websites or websites that seem suspious.

    2. Don't use torrents they are a good way to get lots of malware.

    3. Don't download and use cracks/warez/keygens they are illegal and are another good way to contract malware.

    4. Disable autorun XP or Vista/7

    5. Always make sure you have the latest Windows updates. windowsupdate.microsoft.com

    6. Don't ever click on the links inside of a popup.

    7. Make sure you know what you install you can make sure it is not know for being a virus by just simply searching about it on google.

    8. Use a Site Advisor so you don't go to sites that will infect you. Mcafee Siteadvisor

    9. Also there are many holes and flaws in Internet Explorer I recommend using Firefox 3 to keep you more safe.

    10. Always keep your Java and Adobe updated.

    11. Don't fall for the Scareware. What is Scareware? it is a website made to download a rogue Antivirus on your system that will scare you into buying their fake software due to false detections.

    12. Always have a Firewall and a Antivirus.

    Thanks for choosing GeekPolice, see [You must be registered and logged in to see this link.] if you would like to leave feedback or contribute to our site. Do you have any more questions?

    For more information please visit [You must be registered and logged in to see this link.]


    I'm livin' life in the fast lane.


    Sneakyone

    Tech Officer
    Tech Officer

    Posts : 2707
    Joined : 2010-01-10
    Operating System : Windows 7 Ultimate 64-bit

    View user profile http://twitter.com/AVerySneakyone

    Back to top Go down

    Solved Re: TR/Trash.Gen [trojan]

    Post by vitrola on Tue 24 Aug 2010, 3:06 pm

    Hello
    I did every thing you recomend me.
    Thanks a lot.

    Sebastian

    vitrola

    Newbie Surfer
    Newbie Surfer

    Posts : 32
    Joined : 2010-07-18
    Operating System : windows XP professional version 2002

    View user profile

    Back to top Go down

    Solved Re: TR/Trash.Gen [trojan]

    Post by Sneakyone on Wed 25 Aug 2010, 1:47 pm

    You're welcome, glad to help.


    I'm livin' life in the fast lane.


    Sneakyone

    Tech Officer
    Tech Officer

    Posts : 2707
    Joined : 2010-01-10
    Operating System : Windows 7 Ultimate 64-bit

    View user profile http://twitter.com/AVerySneakyone

    Back to top Go down

    Solved Re: TR/Trash.Gen [trojan]

    Post by Sponsored content Today at 9:15 am


    Sponsored content


    Back to top Go down

    Page 2 of 2 Previous  1, 2

    View previous topic View next topic Back to top


     
    Permissions in this forum:
    You cannot reply to topics in this forum