1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Malware that causes my computer to crash when I try to remove it...

Discussion in 'Virus & Other Malware Removal' started by Drascin, Apr 18, 2010.

Thread Status:
Not open for further replies.
Advertisement
  1. Drascin

    Drascin Thread Starter

    Joined:
    Apr 18, 2010
    Messages:
    32
    Sorry for the lack of a descriptive title, but I just don't know exactly what kind of malware I actually got. I hope describing it will suffice.

    Anyway, to the details. The problem is thus:

    I had been using the computer during the whole day, connected to the net and certainly downloading stuff by necessity, of course, but I gave them an Avast checks, and they didn't cause a reaction at first. So I did my things, finished the day, and turned the computer off. However, as I then restarted for some work the next day, Avast went positively crazy, detecting an absurd number of viruses in the startup. I eliminated everything it detected, and ran a full Avast checkup of the HD, but I would still get a new "virus detected" warning every five minutes or so - I eliminated every time, but there was always something new in the Temp folder (it created a new tmp folder with apparently random letter designations), as if there was something creating it. So obviously the malware was still there.

    So I went and ran SuperAntiSpyware Free edition. Indeed, it detected somewhere in the vicinity of twenty problems. So I clicked quarantine and remove - and when it was a few seconds into the process, the screen went black, then blue error screen, and restarted. I figured it might be something about the process of the malware being active, so I restarted in safeboot mode and tried again. Same result. I worry about doing much further.

    I'm using Windows XP. Here's a HijackThis log, done just a few seconds after starting the computer:

    Logfile of Trend Micro HijackThis v2.0.3 (BETA)
    Scan saved at 12:15:22, on 18/04/2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Archivos de programa\Internet Explorer\iexplore.exe
    C:\Archivos de programa\Alwil Software\Avast4\aswUpdSv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Archivos de programa\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\ARCHIV~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Archivos de programa\Archivos comunes\Java\Java Update\jusched.exe
    C:\Archivos de programa\Spybot - Search & Destroy\TeaTimer.exe
    C:\Archivos de programa\DAEMON Tools Lite\daemon.exe
    C:\Documents and Settings\David\Configuración local\Datos de programa\Google\Update\GoogleUpdate.exe
    C:\Archivos de programa\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Documents and Settings\David\Configuración local\Datos de programa\Google\Update\1.2.183.23\GoogleCrashHandler.exe
    C:\Archivos de programa\MagicDisc\MagicDisc.exe
    C:\WINDOWS\system32\brsvc01a.exe
    C:\WINDOWS\system32\brss01a.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Archivos de programa\Bonjour\mDNSResponder.exe
    C:\Archivos de programa\Java\jre6\bin\jqs.exe
    C:\Archivos de programa\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Archivos de programa\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\Archivos de programa\TrendMicro\HiJackThis\HiJackThis.exe

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Archivos comunes\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARCHIV~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Archivos de programa\Megaupload\Mega Manager\MegaIEMn.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Archivos de programa\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Archivos de programa\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [avast!] C:\ARCHIV~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Archivos de programa\Archivos comunes\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Archivos de programa\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Archivos de programa\Archivos comunes\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [Regedit32] C:\WINDOWS\system32\regedit.exe
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Archivos de programa\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Archivos de programa\DAEMON Tools Lite\daemon.exe" -autorun
    O4 - HKCU\..\Run: [EvJOWall] C:\Archivos de programa\EvJOSoft\Wallpaper Changer\EvJOWall.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Archivos de programa\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
    O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\David\Configuración local\Datos de programa\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Archivos de programa\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICIO LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Servicio de red')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Impulse Now.lnk = C:\Archivos de programa\Stardock\Impulse\Now\ImpulseNow.exe
    O4 - Startup: MagicDisc.lnk = C:\Archivos de programa\MagicDisc\MagicDisc.exe
    O8 - Extra context menu item: Enlace de descarga usando Mega Manager... - C:\Archivos de programa\Megaupload\Mega Manager\mm_file.htm
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARCHIV~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARCHIV~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
    O9 - Extra button: PDFill PDF Editor - {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Archivos de programa\PlotSoft\PDFill\DownloadPDF.exe
    O17 - HKLM\System\CCS\Services\Tcpip\..\{02C46A71-9ADD-43D5-A6A7-DF94A45B5638}: NameServer = 62.151.2.8,62.151.8.100
    O17 - HKLM\System\CCS\Services\Tcpip\..\{7E19EB13-7095-4389-94B4-AA9ECDEDB683}: NameServer = 62.14.4.64,62.14.4.65
    O17 - HKLM\System\CS1\Services\Tcpip\..\{02C46A71-9ADD-43D5-A6A7-DF94A45B5638}: NameServer = 62.151.2.8,62.151.8.100
    O20 - Winlogon Notify: !SASWinLogon - C:\Archivos de programa\SUPERAntiSpyware\SASWINLO.dll
    O20 - Winlogon Notify: cbssreg - C:\Documents and Settings\All Users\Documentos\Settings\cbss.dll
    O22 - SharedTaskScheduler: Precargador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Demonio de caché de las categorías de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Archivos de programa\Archivos comunes\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Archivos de programa\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Archivos de programa\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Archivos de programa\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Archivos de programa\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Archivos de programa\Bonjour\mDNSResponder.exe
    O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
    O23 - Service: Dragon Age: Origins - Programa de actualización de contenido (DAUpdaterSvc) - BioWare - C:\Archivos de programa\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
    O23 - Service: Servicio del administrador de discos lógicos (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
    O23 - Service: Registro de sucesos (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Archivos de programa\Archivos comunes\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Archivos de programa\NOS\bin\getPlus_HelperSvc.exe
    O23 - Service: Servicio COM de grabación de CD de IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Archivos de programa\Java\jre6\bin\jqs.exe
    O23 - Service: Escritorio remoto compartido de NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
    O23 - Service: Administrador de sesión de Ayuda de escritorio remoto (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
    O23 - Service: Tarjeta inteligente (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Archivos de programa\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Archivos de programa\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    O23 - Service: Registros y alertas de rendimiento (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
    O23 - Service: Instantáneas de volumen (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
    O23 - Service: Adaptador de rendimiento de WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe

    --
    End of file - 9908 bytes
     
  2. Drascin

    Drascin Thread Starter

    Joined:
    Apr 18, 2010
    Messages:
    32
    Sorry for being insistent, but this being my main computer, I do desperately need help, and this thread had sunk to page 4 already...
     
  3. JSntgRvr

    JSntgRvr Retired Moderator and Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,552
    First Name:
    José
    Hi, Drascin :)

    [​IMG]

    Download the GMER Rootkit Scanner. Unzip it to your Desktop.

    Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.
    • Double click GMER.exe.
      [​IMG]
    • If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..
    • In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED ...
      • IAT/EAT
      • Drives/Partition other than Systemdrive (typically C:\)
      • Show All (don't miss this one)
        [​IMG]
        Click the image to enlarge it
    • Then click the Scan button & wait for it to finish.
    • Once done click on the [Save..] button, and in the File name area, type in "ark.txt"
    • Save the log where you can easily find it, such as your desktop.
    **Caution**
    Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

    Please copy and paste the report into your Post.

    ======================================================

    Download OTL to your Desktop
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • OTL should now start. Change the following settings
      • Change Drivers to All
      • Change Standard Registry to All
      • Under File Scans, change File age to 30
    • Under the Custom Scan box paste this in

      netsvcs
      %SYSTEMDRIVE%\*.*
      /md5start
      eventlog.dll
      scecli.dll
      netlogon.dll
      cngaudit.dll
      sceclt.dll
      ntelogon.dll
      logevent.dll
      iaStor.sys
      nvstor.sys
      atapi.sys
      IdeChnDr.sys
      viasraid.sys
      AGP440.sys
      vaxscsi.sys
      nvatabus.sys
      viamraid.sys
      nvata.sys
      nvgts.sys
      iastorv.sys
      ViPrt.sys
      eNetHook.dll
      ahcix86.sys
      KR10N.sys
      nvstor32.sys
      ahcix86s.sys
      nvrd32.sys
      /md5stop
      %systemroot%\*. /mp /s
      CREATERESTOREPOINT
      %systemroot%\System32\config\*.sav
      %systemroot%\system32\*.dll /lockedfiles
      %systemroot%\Tasks\*.job /lockedfiles

    • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
      • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt (first run only). These are saved in the same location as OTL.
      • Please post the contents of these files in your next reply.
     
  4. Drascin

    Drascin Thread Starter

    Joined:
    Apr 18, 2010
    Messages:
    32
    Many thanks for answering.

    So, I booted up the computer in safe mode, and did what you said. First, I tried to run GMER - but after a long time of analyzing it caused the computer to crash in the exact same way SuperAntiSpyware did (black sreen and instant restart).

    OTL did run, though, so here are the texts:

    OTL.txt

    OTL logfile created on: 19/04/2010 12:52:49 - Run 1
    OTL by OldTimer - Version 3.2.1.3 Folder = C:\Documents and Settings\David\Escritorio
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 6.0.2900.5512)
    Locale: 00000C0A | Country: España | Language: ESN | Date Format: dd/MM/yyyy

    1.023,00 Mb Total Physical Memory | 791,00 Mb Available Physical Memory | 77,00% Memory free
    2,00 Gb Paging File | 2,00 Gb Available in Paging File | 97,00% Paging File free
    Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Archivos de programa
    Drive C: | 189,91 Gb Total Space | 23,19 Gb Free Space | 12,21% Space Free | Partition Type: NTFS
    Drive D: | 35,15 Gb Total Space | 6,53 Gb Free Space | 18,58% Space Free | Partition Type: NTFS
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    Drive H: | 502,48 Mb Total Space | 281,59 Mb Free Space | 56,04% Space Free | Partition Type: FAT32
    I: Drive not present or media not loaded
    Drive P: | 232,88 Gb Total Space | 120,65 Gb Free Space | 51,81% Space Free | Partition Type: NTFS

    Computer Name: DAVID-EQUIPO1
    Current User Name: David
    Logged in as Administrator.

    Current Boot Mode: SafeMode
    Scan Mode: Current user
    Company Name Whitelist: Off
    Skip Microsoft Files: Off
    File Age = 30 Days
    Output = Standard

    ========== Processes (SafeList) ==========

    PRC - [2010/04/19 08:03:18 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\David\Escritorio\OTL.exe
    PRC - [2008/04/14 07:48:58 | 001,036,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


    ========== Modules (SafeList) ==========

    MOD - [2010/04/19 08:03:18 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\David\Escritorio\OTL.exe


    ========== Win32 Services (SafeList) ==========

    SRV - [2009/11/25 01:51:35 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Stopped] -- C:\Archivos de programa\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
    SRV - [2009/11/25 01:51:21 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Archivos de programa\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
    SRV - [2009/11/25 01:48:48 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Archivos de programa\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
    SRV - [2009/11/25 01:43:56 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Stopped] -- C:\Archivos de programa\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
    SRV - [2009/07/26 07:43:14 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- C:\Archivos de programa\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
    SRV - [2008/12/01 12:01:02 | 000,033,752 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Archivos de programa\NOS\bin\getPlus_HelperSvc.exe -- (getPlus(R) Helper) getPlus(R)
    SRV - [2008/07/20 21:30:49 | 000,072,704 | ---- | M] (Adobe Systems) [On_Demand | Stopped] -- C:\Archivos de programa\Archivos comunes\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)
    SRV - [2008/07/08 09:07:28 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Archivos de programa\Archivos comunes\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2007/10/25 15:27:54 | 000,266,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Archivos de programa\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc)
    SRV - [2007/10/18 11:31:54 | 000,098,328 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Archivos de programa\Windows Live\Messenger\usnsvc.exe -- (usnjsvc)
    SRV - [2007/05/28 18:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Stopped] -- C:\Archivos de programa\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
    SRV - [2007/03/26 13:06:24 | 000,292,864 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Archivos de programa\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
    SRV - [2002/04/12 00:00:00 | 000,057,344 | ---- | M] (brother Industries Ltd) [Auto | Stopped] -- C:\WINDOWS\system32\brsvc01a.exe -- (Brother XP spl Service)


    ========== Driver Services (All) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (ZD1211U(3COM Corporation)) 3COM OfficeConnect Wireless 11g Compact USB Adapter(3COM Corporation)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
    DRV - File not found [Kernel | Disabled | Stopped] -- -- (ViaIde)
    DRV - File not found [Kernel | Disabled | Stopped] -- -- (ultra)
    DRV - File not found [Kernel | Disabled | Stopped] -- -- (TosIde)
    DRV - File not found [Kernel | Disabled | Stopped] -- -- (symc8xx)
    DRV - File not found [Kernel | Disabled | Stopped] -- -- (symc810)
    DRV - File not found [Kernel | Disabled | Stopped] -- -- (sym_u3)
    DRV - File not found [Kernel | Disabled | Stopped] -- -- (sym_hi)
    DRV - File not found [Kernel | Disabled | Stopped] -- -- (Sparrow)
    DRV - File not found [Kernel | Disabled | Stopped] -- -- (Simbad)
    DRV - File not found [Kernel | Disabled | Stopped] -- -- (ql1280)
    DRV - File not found [Kernel | Disabled | Stopped] -- -- (ql1240)
    DRV - File not found [Kernel | Disabled | Stopped] -- -- (ql12160)
    DRV - File not found [Kernel | Disabled | Stopped] -- -- (Ql10wnt)
    DRV - File not found [Kernel | Disabled | Stopped] -- -- (ql1080)
    DRV - File not found [Kernel | Disabled | Stopped] -- -- (perc2hib)
    DRV - File not found [Kernel | Disabled | Stopped] -- -- (perc2)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
    DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
    DRV - File not found [Kernel | Disabled | Stopped] -- -- (mraid35x)
    DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
    DRV - File not found [Kernel | Disabled | Stopped] -- -- (IntelIde)
    DRV - File not found [Kernel | Disabled | Stopped] -- -- (ini910u)
    DRV - File not found [Kernel | Disabled | Stopped] -- -- (i2omp)
    DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
    DRV - File not found [Kernel | Disabled | Stopped] -- -- (hpn)
    DRV - File not found [Kernel | Disabled | Stopped] -- -- (dpti2o)
    DRV - File not found [Kernel | Disabled | Stopped] -- -- (dac960nt)
    DRV - File not found [Kernel | Disabled | Stopped] -- -- (Cpqarray)
    DRV - File not found [Kernel | Disabled | Stopped] -- -- (CmdIde)
    DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
    DRV - File not found [Kernel | Disabled | Stopped] -- -- (cd20xrnt)
    DRV - File not found [Kernel | Disabled | Stopped] -- -- (Atdisk)
    DRV - File not found [Kernel | Disabled | Stopped] -- -- (asc3550)
    DRV - File not found [Kernel | Disabled | Stopped] -- -- (asc3350p)
    DRV - File not found [Kernel | Disabled | Stopped] -- -- (asc)
    DRV - File not found [Kernel | Disabled | Stopped] -- -- (amsint)
    DRV - File not found [Kernel | Disabled | Stopped] -- -- (AliIde)
    DRV - File not found [Kernel | Disabled | Stopped] -- -- (aic78xx)
    DRV - File not found [Kernel | Disabled | Stopped] -- -- (aic78u2)
    DRV - File not found [Kernel | Disabled | Stopped] -- -- (Aha154x)
    DRV - File not found [Kernel | Disabled | Stopped] -- -- (adpu160m)
    DRV - File not found [Kernel | Disabled | Stopped] -- -- (abp480n5)
    DRV - File not found [Kernel | Disabled | Stopped] -- -- (Abiosdsk)
    DRV - [2010/02/17 11:25:50 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Archivos de programa\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
    DRV - [2010/02/17 11:15:58 | 000,066,632 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Archivos de programa\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
    DRV - [2010/02/17 11:15:58 | 000,012,872 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Archivos de programa\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
    DRV - [2010/01/31 15:35:37 | 000,721,904 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
    DRV - [2009/12/10 21:54:46 | 000,011,904 | ---- | M] (TigerGame.,Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Maypro.sys -- (MayPro)
    DRV - [2009/11/25 01:50:59 | 000,094,160 | ---- | M] (ALWIL Software) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
    DRV - [2009/11/25 01:50:12 | 000,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
    DRV - [2009/11/25 01:50:00 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
    DRV - [2009/11/25 01:49:07 | 000,048,560 | ---- | M] (ALWIL Software) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
    DRV - [2009/11/25 01:48:57 | 000,023,120 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
    DRV - [2009/11/25 01:47:54 | 000,027,408 | ---- | M] (ALWIL Software) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
    DRV - [2009/10/04 10:49:17 | 000,281,760 | ---- | M] () [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)
    DRV - [2009/10/04 10:49:17 | 000,025,888 | ---- | M] () [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)
    DRV - [2009/09/04 17:08:00 | 000,016,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\pwdrvio.sys -- (pwdrvio)
    DRV - [2009/09/04 17:07:56 | 000,011,088 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\pwdspio.sys -- (pwdspio)
    DRV - [2009/06/10 06:03:00 | 008,087,712 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
    DRV - [2009/02/25 19:55:00 | 000,009,088 | ---- | M] () [Kernel | On_Demand | Stopped] -- P:\Archivos de programa\RivaTuner v2.24\RivaTuner32.sys -- (RivaTuner32)
    DRV - [2008/11/28 00:15:44 | 000,027,136 | ---- | M] (NCH Swift Sound) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nchssvad.sys -- (NCHSSVAD)
    DRV - [2008/10/02 10:52:34 | 000,047,360 | ---- | M] (VSO Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pcouffin.sys -- (pcouffin)
    DRV - [2008/07/28 18:19:28 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus)
    DRV - [2008/04/14 07:49:46 | 000,139,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rdpwd.sys -- (RDPWD)
    DRV - [2008/04/14 07:49:44 | 000,040,840 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\termdd.sys -- (TermDD)
    DRV - [2008/04/14 07:49:44 | 000,021,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tdtcp.sys -- (TDTCP)
    DRV - [2008/04/14 07:49:44 | 000,012,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tdpipe.sys -- (TDPIPE)
    DRV - [2008/04/14 07:28:44 | 000,120,448 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\pcmcia.sys -- (Pcmcia)
    DRV - [2008/04/14 07:28:44 | 000,073,472 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sr.sys -- (sr)
    DRV - [2008/04/14 07:28:42 | 000,068,992 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\pci.sys -- (PCI)
    DRV - [2008/04/14 07:28:38 | 000,080,256 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\parport.sys -- (Parport)
    DRV - [2008/04/14 07:25:46 | 000,154,240 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\dmio.sys -- (dmio)
    DRV - [2008/04/14 07:25:44 | 000,800,256 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\dmboot.sys -- (dmboot)
    DRV - [2008/04/14 07:25:10 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kbdclass.sys -- (Kbdclass)
    DRV - [2008/04/14 07:24:48 | 000,037,760 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\isapnp.sys -- (isapnp)
    DRV - [2008/04/14 07:23:18 | 000,065,792 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\serial.sys -- (Serial)
    DRV - [2008/04/14 07:22:36 | 000,053,504 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\i8042prt.sys -- (i8042prt)
    DRV - [2008/04/14 07:21:32 | 000,058,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\redbook.sys -- (redbook)
    DRV - [2008/04/14 07:21:18 | 000,053,248 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\volsnap.sys -- (VolSnap)
    DRV - [2008/04/14 07:20:18 | 000,040,064 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\processr.sys -- (Processor)
    DRV - [2008/04/14 07:20:14 | 000,044,672 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\fips.sys -- (Fips)
    DRV - [2008/04/14 07:19:14 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mouclass.sys -- (Mouclass)
    DRV - [2008/04/14 07:19:08 | 000,030,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\modem.sys -- (Modem)
    DRV - [2008/04/14 07:18:48 | 000,189,056 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ACPI.sys -- (ACPI)
    DRV - [2008/04/14 00:58:40 | 000,175,744 | ---- | M] (Microsoft Corporation) [File_System | System | Stopped] -- C:\WINDOWS\system32\drivers\rdbss.sys -- (Rdbss)
    DRV - [2008/04/14 00:51:02 | 000,162,816 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\netbt.sys -- (NetBT)
    DRV - [2008/04/14 00:50:44 | 000,091,520 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ndiswan.sys -- (NdisWan)
    DRV - [2008/04/14 00:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\ndis.sys -- (NDIS)
    DRV - [2008/04/14 00:50:18 | 000,361,344 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\tcpip.sys -- (Tcpip)
    DRV - [2008/04/14 00:49:50 | 000,048,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\raspptp.sys -- (PptpMiniport) Minipuerto WAN (PPTP)
    DRV - [2008/04/14 00:49:44 | 000,075,264 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\ipsec.sys -- (IPSec)
    DRV - [2008/04/14 00:49:44 | 000,051,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rasl2tp.sys -- (Rasl2tp) Minipuerto WAN (L2TP)
    DRV - [2008/04/14 00:49:24 | 000,138,112 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\afd.sys -- (AFD)
    DRV - [2008/04/14 00:47:20 | 000,083,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wdmaud.sys -- (wdmaud)
    DRV - [2008/04/14 00:47:06 | 000,105,344 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\mup.sys -- (Mup)
    DRV - [2008/04/14 00:47:02 | 000,456,576 | ---- | M] (Microsoft Corporation) [File_System | System | Stopped] -- C:\WINDOWS\system32\drivers\mrxsmb.sys -- (MRxSmb)
    DRV - [2008/04/14 00:45:56 | 000,060,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sysaudio.sys -- (sysaudio)
    DRV - [2008/04/14 00:45:54 | 000,574,976 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Running] -- C:\WINDOWS\system32\drivers\ntfs.sys -- (Ntfs)
    DRV - [2008/04/14 00:45:12 | 000,334,848 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\srv.sys -- (Srv)
    DRV - [2008/04/14 00:44:30 | 000,143,744 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Running] -- C:\WINDOWS\system32\drivers\fastfat.sys -- (Fastfat)
    DRV - [2008/04/14 00:44:22 | 000,063,744 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Running] -- C:\WINDOWS\system32\drivers\cdfs.sys -- (Cdfs)
    DRV - [2008/04/14 00:27:34 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\raspppoe.sys -- (RasPppoe)
    DRV - [2008/04/14 00:27:30 | 000,040,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ndproxy.sys -- (NDProxy)
    DRV - [2008/04/14 00:27:28 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\asyncmac.sys -- (AsyncMac)
    DRV - [2008/04/14 00:27:28 | 000,010,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ndistapi.sys -- (NdisTapi)
    DRV - [2008/04/14 00:27:22 | 000,034,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wanarp.sys -- (Wanarp)
    DRV - [2008/04/14 00:27:16 | 000,152,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ipnat.sys -- (IpNat)
    DRV - [2008/04/14 00:27:08 | 000,020,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ipinip.sys -- (IpInIp)
    DRV - [2008/04/14 00:26:40 | 000,069,120 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\psched.sys -- (PSched)
    DRV - [2008/04/14 00:26:34 | 000,035,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\msgpc.sys -- (Gpc)
    DRV - [2008/04/14 00:26:04 | 000,034,688 | ---- | M] (Microsoft Corporation) [File_System | System | Stopped] -- C:\WINDOWS\system32\drivers\netbios.sys -- (NetBIOS)
    DRV - [2008/04/14 00:26:00 | 000,014,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ndisuio.sys -- (Ndisuio)
    DRV - [2008/04/14 00:24:30 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\irenum.sys -- (IRENUM)
    DRV - [2008/04/14 00:23:54 | 000,264,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\http.sys -- (HTTP)
    DRV - [2008/04/14 00:23:36 | 000,036,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ip6fw.sys -- (Ip6Fw)
    DRV - [2008/04/14 00:21:26 | 000,061,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nic1394.sys -- (NIC1394)
    DRV - [2008/04/14 00:21:26 | 000,060,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\arp1394.sys -- (Arp1394)
    DRV - [2008/04/14 00:21:26 | 000,059,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atmarpc.sys -- (Atmarpc)
    DRV - [2008/04/14 00:17:38 | 000,025,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbprint.sys -- (usbprint)
    DRV - [2008/04/14 00:16:20 | 000,061,696 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ohci1394.sys -- (ohci1394)
    DRV - [2008/04/14 00:15:40 | 000,032,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbccgp.sys -- (usbccgp)
    DRV - [2008/04/14 00:15:40 | 000,026,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbstor.sys -- (USBSTOR)
    DRV - [2008/04/14 00:15:38 | 000,059,520 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbhub.sys -- (usbhub)
    DRV - [2008/04/14 00:15:36 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbehci.sys -- (usbehci)
    DRV - [2008/04/14 00:15:36 | 000,017,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbohci.sys -- (usbohci)
    DRV - [2008/04/14 00:15:28 | 000,010,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hidusb.sys -- (hidusb)
    DRV - [2008/04/14 00:15:14 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\drmkaud.sys -- (drmkaud)
    DRV - [2008/04/14 00:15:10 | 000,172,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\kmixer.sys -- (kmixer)
    DRV - [2008/04/14 00:15:10 | 000,056,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\swmidi.sys -- (swmidi)
    DRV - [2008/04/14 00:15:08 | 000,006,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\splitter.sys -- (splitter)
    DRV - [2008/04/14 00:15:02 | 000,052,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\dmusic.sys -- (DMusic)
    DRV - [2008/04/14 00:14:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\vga.sys -- (VgaSave)
    DRV - [2008/04/14 00:11:00 | 000,042,112 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\imapi.sys -- (Imapi)
    DRV - [2008/04/14 00:10:50 | 000,019,712 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\partmgr.sys -- (PartMgr)
    DRV - [2008/04/14 00:10:50 | 000,011,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\sfloppy.sys -- (Sfloppy)
    DRV - [2008/04/14 00:10:48 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cdrom.sys -- (Cdrom)
    DRV - [2008/04/14 00:10:48 | 000,036,352 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\disk.sys -- (Disk)
    DRV - [2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\atapi.sys -- (atapi)
    DRV - [2008/04/14 00:10:26 | 000,027,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\fdc.sys -- (Fdc)
    DRV - [2008/04/14 00:10:26 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\flpydisk.sys -- (Flpydisk)
    DRV - [2008/04/14 00:10:14 | 000,015,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\serenum.sys -- (serenum)
    DRV - [2008/04/14 00:09:54 | 000,007,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mskssrv.sys -- (MSKSSRV)
    DRV - [2008/04/14 00:09:54 | 000,004,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\swenum.sys -- (swenum)
    DRV - [2008/04/14 00:09:52 | 000,005,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mspclock.sys -- (MSPCLOCK)
    DRV - [2008/04/14 00:09:52 | 000,004,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mspqm.sys -- (MSPQM)
    DRV - [2008/04/14 00:09:48 | 000,384,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\update.sys -- (Update)
    DRV - [2008/04/14 00:09:48 | 000,042,368 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mountmgr.sys -- (MountMgr)
    DRV - [2008/04/14 00:06:48 | 000,015,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mssmbios.sys -- (mssmbios)
    DRV - [2008/04/14 00:03:00 | 000,129,792 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\fltmgr.sys -- (FltMgr)
    DRV - [2008/04/14 00:02:52 | 000,196,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rdpdr.sys -- (rdpdr)
    DRV - [2008/04/14 00:02:46 | 000,180,608 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mrxdav.sys -- (MRxDAV)
    DRV - [2008/04/14 00:02:40 | 000,030,848 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\npfs.sys -- (Npfs)
    DRV - [2008/04/14 00:02:40 | 000,019,072 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\msfs.sys -- (Msfs)
    DRV - [2008/04/14 00:02:38 | 000,066,048 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\udfs.sys -- (Udfs)
    DRV - [2008/04/14 00:01:44 | 000,092,288 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\ksecdd.sys -- (KSecDD)
    DRV - [2008/04/13 22:09:24 | 000,142,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\aec.sys -- (aec)
    DRV - [2008/04/13 22:09:16 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
    DRV - [2007/11/27 01:12:18 | 000,013,824 | ---- | M] (TigerGame.,Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pnx.sys -- (pnx)
    DRV - [2007/10/20 02:00:00 | 000,125,952 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ftdisk.sys -- (Ftdisk)
    DRV - [2007/10/20 02:00:00 | 000,032,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ipfltdrv.sys -- (IpFilterDriver)
    DRV - [2007/10/20 02:00:00 | 000,032,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwlnkfwd.sys -- (NwlnkFwd)
    DRV - [2007/10/20 02:00:00 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\cdaudio.sys -- (Cdaudio)
    DRV - [2007/10/20 02:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
    DRV - [2007/10/20 02:00:00 | 000,016,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\raspti.sys -- (Raspti)
    DRV - [2007/10/20 02:00:00 | 000,013,952 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\cbidf2k.sys -- (cbidf2k)
    DRV - [2007/10/20 02:00:00 | 000,012,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwlnkflt.sys -- (NwlnkFlt)
    DRV - [2007/10/20 02:00:00 | 000,012,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mouhid.sys -- (mouhid)
    DRV - [2007/10/20 02:00:00 | 000,012,416 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\fsvga.sys -- (FsVga)
    DRV - [2007/10/20 02:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\acpiec.sys -- (ACPIEC)
    DRV - [2007/10/20 02:00:00 | 000,008,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\rasacd.sys -- (RasAcd)
    DRV - [2007/10/20 02:00:00 | 000,007,040 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\parvdm.sys -- (ParVdm)
    DRV - [2007/10/20 02:00:00 | 000,005,888 | ---- | M] (Microsoft Corp., Veritas Software.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\dmload.sys -- (dmload)
    DRV - [2007/10/20 02:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\rdpcdd.sys -- (RDPCDD)
    DRV - [2007/10/20 02:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\mnmdd.sys -- (mnmdd)
    DRV - [2007/10/20 02:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\beep.sys -- (Beep)
    DRV - [2007/10/20 02:00:00 | 000,003,456 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\pciide.sys -- (PCIIde)
    DRV - [2007/10/20 02:00:00 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\null.sys -- (Null)
    DRV - [2007/09/25 16:59:46 | 000,015,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Archivos de programa\MediaCoder\SysInfo.sys -- (CrystalSysInfo)
    DRV - [2006/01/13 13:39:48 | 003,844,288 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
    DRV - [2005/08/18 10:52:06 | 000,093,568 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata)
    DRV - [2005/08/14 19:14:56 | 000,003,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\audstub.sys -- (audstub)
    DRV - [2005/05/31 00:58:52 | 000,028,160 | ---- | M] (W1zzard) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\ATITool.sys -- (ATITool)
    DRV - [2005/04/05 20:22:30 | 000,012,928 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
    DRV - [2005/04/05 20:22:28 | 000,033,536 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
    DRV - [2005/03/09 15:53:00 | 000,043,008 | ---- | M] (Advanced Micro Devices) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
    DRV - [2004/10/15 12:50:20 | 000,015,295 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrScnUsb.sys -- (BrScnUsb)
    DRV - [2004/01/14 11:30:00 | 000,017,151 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\ZDPNDIS5.sys -- (ZDPNDIS5)
    DRV - [2002/07/17 10:05:10 | 000,016,512 | ---- | M] (Adaptec) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (ASPI)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========


    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.addSBtoToolbar: false
    FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
    FF - prefs.js..extensions.enabledItems: {097d3191-e6fa-4728-9826-b533d755359d}:0.7.11
    FF - prefs.js..extensions.enabledItems: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2}:0.9.86
    FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.8
    FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.3
    FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.9
    FF - prefs.js..extensions.enabledItems: {c50ca3c4-5656-43c2-a061-13e717f73fc8}:3.0.8
    FF - prefs.js..extensions.enabledItems: {472f4ef0-a825-11da-a746-0800200c9a66}:1.2
    FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.7
    FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.1.21
    FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
    FF - prefs.js..extensions.enabledItems: [email protected]:1.0
    FF - prefs.js..extensions.enabledItems: {35106bca-6c78-48c7-ac28-56df30b51d2a}:1.3.8
    FF - prefs.js..extensions.enabledItems: {566D6332-1439-43bf-857E-7AD5F137AD0C}:1.10
    FF - prefs.js..extensions.enabledItems: {655397ca-4766-496b-b7a8-3a5b176ee4c2}:1.4.5
    FF - prefs.js..extensions.enabledItems: [email protected]:1.2.1
    FF - prefs.js..extensions.enabledItems: [email protected]:1.2.5
    FF - prefs.js..extensions.enabledItems: [email protected]:3.6.2
    FF - prefs.js..extensions.enabledItems: [email protected]:1.0.6
    FF - prefs.js..extensions.enabledItems: {c9c58820-7bd4-11da-a72b-0800200c9a66}:3.20100306
    FF - prefs.js..extensions.enabledItems: {36C13C8F-54F1-412e-8177-2E411719162D}:4.1.1


    FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Archivos de programa\Mozilla Firefox\components [2010/01/23 16:18:44 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Archivos de programa\Mozilla Firefox\plugins [2010/04/13 21:44:39 | 000,000,000 | ---D | M]

    [2009/10/01 20:00:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Datos de programa\Mozilla\Extensions
    [2009/10/01 20:00:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Datos de programa\Mozilla\Extensions\MediaCoder-Setup-Wizard
    [2010/04/17 20:21:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Datos de programa\Mozilla\Firefox\Profiles\2nt5v8yv.default\extensions
    [2010/03/08 11:25:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\David\Datos de programa\Mozilla\Firefox\Profiles\2nt5v8yv.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
    [2010/01/19 11:01:26 | 000,000,000 | ---D | M] (All-in-One Sidebar) -- C:\Documents and Settings\David\Datos de programa\Mozilla\Firefox\Profiles\2nt5v8yv.default\extensions\{097d3191-e6fa-4728-9826-b533d755359d}
    [2010/01/31 22:52:35 | 000,000,000 | ---D | M] (Rikaichan) -- C:\Documents and Settings\David\Datos de programa\Mozilla\Firefox\Profiles\2nt5v8yv.default\extensions\{0AA9101C-D3C1-4129-A9B7-D778C6A17F82}
    [2010/04/12 09:26:00 | 000,000,000 | ---D | M] (FlashGot) -- C:\Documents and Settings\David\Datos de programa\Mozilla\Firefox\Profiles\2nt5v8yv.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
    [2008/06/30 21:56:46 | 000,000,000 | ---D | M] (Abstract Classic) -- C:\Documents and Settings\David\Datos de programa\Mozilla\Firefox\Profiles\2nt5v8yv.default\extensions\{2fbc1200-ad13-11db-abbd-0800200c9a66}
    [2010/02/18 10:22:30 | 000,000,000 | ---D | M] (Linkification) -- C:\Documents and Settings\David\Datos de programa\Mozilla\Firefox\Profiles\2nt5v8yv.default\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2a}
    [2010/03/27 10:40:58 | 000,000,000 | ---D | M] (Qute) -- C:\Documents and Settings\David\Datos de programa\Mozilla\Firefox\Profiles\2nt5v8yv.default\extensions\{36C13C8F-54F1-412e-8177-2E411719162D}
    [2009/10/15 15:24:42 | 000,000,000 | ---D | M] (PDF Download) -- C:\Documents and Settings\David\Datos de programa\Mozilla\Firefox\Profiles\2nt5v8yv.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
    [2008/06/30 22:07:13 | 000,000,000 | ---D | M] (FavLoc) -- C:\Documents and Settings\David\Datos de programa\Mozilla\Firefox\Profiles\2nt5v8yv.default\extensions\{472f4ef0-a825-11da-a746-0800200c9a66}
    [2008/06/30 21:56:59 | 000,000,000 | ---D | M] (Aquatint Redone) -- C:\Documents and Settings\David\Datos de programa\Mozilla\Firefox\Profiles\2nt5v8yv.default\extensions\{47e5a66c-0e35-11dc-8314-0800200c9a66}
    [2009/06/24 18:50:25 | 000,000,000 | ---D | M] (Names Dictionary for rikaichan) -- C:\Documents and Settings\David\Datos de programa\Mozilla\Firefox\Profiles\2nt5v8yv.default\extensions\{566D6332-1439-43bf-857E-7AD5F137AD0C}
    [2009/12/18 16:23:57 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Documents and Settings\David\Datos de programa\Mozilla\Firefox\Profiles\2nt5v8yv.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
    [2010/02/18 10:22:31 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\David\Datos de programa\Mozilla\Firefox\Profiles\2nt5v8yv.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
    [2009/11/09 20:00:02 | 000,000,000 | ---D | M] (Searchbar Autosizer) -- C:\Documents and Settings\David\Datos de programa\Mozilla\Firefox\Profiles\2nt5v8yv.default\extensions\{655397ca-4766-496b-b7a8-3a5b176ee4c2}
    [2009/12/13 22:35:53 | 000,000,000 | ---D | M] (Japanese-English Dictionary for rikaichan) -- C:\Documents and Settings\David\Datos de programa\Mozilla\Firefox\Profiles\2nt5v8yv.default\extensions\{6D898772-AD34-4c16-86BB-9DE787A5DEA0}
    [2009/12/08 00:30:33 | 000,000,000 | ---D | M] (Phoenity Modern) -- C:\Documents and Settings\David\Datos de programa\Mozilla\Firefox\Profiles\2nt5v8yv.default\extensions\{8181B740-5255-11D9-9FF6-0090995D2DCA}
    [2009/12/13 10:32:09 | 000,000,000 | ---D | M] (FireFTP) -- C:\Documents and Settings\David\Datos de programa\Mozilla\Firefox\Profiles\2nt5v8yv.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
    [2010/04/17 09:39:40 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\David\Datos de programa\Mozilla\Firefox\Profiles\2nt5v8yv.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
    [2009/11/22 00:43:45 | 000,000,000 | ---D | M] (Fast Video Download (with SearchMenu)) -- C:\Documents and Settings\David\Datos de programa\Mozilla\Firefox\Profiles\2nt5v8yv.default\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}
    [2010/03/12 10:36:40 | 000,000,000 | ---D | M] (iPox) -- C:\Documents and Settings\David\Datos de programa\Mozilla\Firefox\Profiles\2nt5v8yv.default\extensions\{c9c58820-7bd4-11da-a72b-0800200c9a66}
    [2009/02/17 18:59:25 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Documents and Settings\David\Datos de programa\Mozilla\Firefox\Profiles\2nt5v8yv.default\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}
    [2010/01/11 16:14:58 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\David\Datos de programa\Mozilla\Firefox\Profiles\2nt5v8yv.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
    [2010/04/13 09:16:57 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Documents and Settings\David\Datos de programa\Mozilla\Firefox\Profiles\2nt5v8yv.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
    [2010/03/28 10:24:56 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Documents and Settings\David\Datos de programa\Mozilla\Firefox\Profiles\2nt5v8yv.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
    [2010/04/10 09:27:05 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\David\Datos de programa\Mozilla\Firefox\Profiles\2nt5v8yv.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
    [2009/02/18 08:42:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Datos de programa\Mozilla\Firefox\Profiles\2nt5v8yv.default\extensions\[email protected]
    [2009/05/06 08:02:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Datos de programa\Mozilla\Firefox\Profiles\2nt5v8yv.default\extensions\[email protected]
    [2009/11/01 08:46:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Datos de programa\Mozilla\Firefox\Profiles\2nt5v8yv.default\extensions\[email protected]
    [2010/01/26 10:26:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Datos de programa\Mozilla\Firefox\Profiles\2nt5v8yv.default\extensions\[email protected]
    [2010/03/11 10:26:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Datos de programa\Mozilla\Firefox\Profiles\2nt5v8yv.default\extensions\[email protected]
    [2010/03/12 10:36:40 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\David\Datos de programa\Mozilla\Firefox\Profiles\2nt5v8yv.default\extensions\{c9c58820-7bd4-11da-a72b-0800200c9a66}\chrome\mozapps\extensions
    [2010/03/12 10:36:40 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\David\Datos de programa\Mozilla\Firefox\Profiles\2nt5v8yv.default\extensions\{c9c58820-7bd4-11da-a72b-0800200c9a66}\chrome\mozapps\extensions\CVS
    [2010/04/17 20:21:32 | 000,000,000 | ---D | M] -- C:\Archivos de programa\Mozilla Firefox\extensions
    [2010/02/20 13:12:42 | 000,072,960 | ---- | M] (Foxit Software Company) -- C:\Archivos de programa\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
    [2010/01/23 16:18:37 | 000,003,996 | ---- | M] () -- C:\Archivos de programa\Mozilla Firefox\searchplugins\drae.xml
    [2010/01/23 16:18:37 | 000,000,751 | ---- | M] () -- C:\Archivos de programa\Mozilla Firefox\searchplugins\eBay-es.xml
    [2010/01/23 16:18:37 | 000,001,178 | ---- | M] () -- C:\Archivos de programa\Mozilla Firefox\searchplugins\wikipedia-es.xml
    [2010/01/23 16:18:37 | 000,000,798 | ---- | M] () -- C:\Archivos de programa\Mozilla Firefox\searchplugins\yahoo-es.xml

    O1 HOSTS File: ([2010/04/18 09:12:00 | 000,257,940 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: 127.0.0.1 007guard.com
    O1 - Hosts: 127.0.0.1 www.007guard.com
    O1 - Hosts: 127.0.0.1 008i.com
    O1 - Hosts: 127.0.0.1 008k.com
    O1 - Hosts: 127.0.0.1 www.008k.com
    O1 - Hosts: 127.0.0.1 00hq.com
    O1 - Hosts: 127.0.0.1 www.00hq.com
    O1 - Hosts: 127.0.0.1 010402.com
    O1 - Hosts: 127.0.0.1 032439.com
    O1 - Hosts: 127.0.0.1 www.032439.com
    O1 - Hosts: 127.0.0.1 1001-search.info
    O1 - Hosts: 127.0.0.1 www.1001-search.info
    O1 - Hosts: 127.0.0.1 100888290cs.com
    O1 - Hosts: 127.0.0.1 www.100888290cs.com
    O1 - Hosts: 127.0.0.1 100sexlinks.com
    O1 - Hosts: 127.0.0.1 www.100sexlinks.com
    O1 - Hosts: 127.0.0.1 10sek.com
    O1 - Hosts: 127.0.0.1 www.10sek.com
    O1 - Hosts: 127.0.0.1 123topsearch.com
    O1 - Hosts: 127.0.0.1 www.123topsearch.com
    O1 - Hosts: 127.0.0.1 132.com
    O1 - Hosts: 127.0.0.1 www.132.com
    O1 - Hosts: 127.0.0.1 136136.net
    O1 - Hosts: 127.0.0.1 www.136136.net
    O1 - Hosts: 8961 more lines...
    O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Archivos comunes\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Archivos de programa\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (IeMonitorBho Class) - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Archivos de programa\Megaupload\Mega Manager\MegaIEMn.dll (Megaupload Limited)
    O4 - HKLM..\Run: [Adobe ARM] C:\Archivos de programa\Archivos comunes\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Archivos de programa\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [avast!] C:\Archivos de programa\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
    O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
    O4 - HKLM..\Run: [KernelFaultCheck] File not found
    O4 - HKLM..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
    O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
    O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
    O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
    O4 - HKLM..\Run: [Regedit32] C:\WINDOWS\System32\regedit.exe File not found
    O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
    O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Archivos de programa\Archivos comunes\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
    O4 - HKCU..\Run: [AlcoholAutomount] C:\Archivos de programa\Alcohol Soft\Alcohol 120\axcmd.exe (Alcohol Soft Development Team)
    O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Archivos de programa\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
    O4 - HKCU..\Run: [EvJOWall] C:\Archivos de programa\EvJOSoft\Wallpaper Changer\EvJOWall.exe (EvJOSoft)
    O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Archivos de programa\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
    O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Archivos de programa\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
    O4 - Startup: C:\Documents and Settings\David\Menú Inicio\Programas\Inicio\Impulse Now.lnk = C:\Archivos de programa\Stardock\Impulse\Now\ImpulseNow.exe File not found
    O4 - Startup: C:\Documents and Settings\David\Menú Inicio\Programas\Inicio\MagicDisc.lnk = C:\Archivos de programa\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O8 - Extra context menu item: Enlace de descarga usando Mega Manager... - C:\Archivos de programa\Megaupload\Mega Manager\mm_file.htm ()
    O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Archivos de programa\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O9 - Extra Button: PDFill PDF Editor - {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Archivos de programa\PlotSoft\PDFill\DownloadPDF.exe (PlotSoft LLC)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Archivos de programa\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
    O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\msdaipp.dll (Microsoft Corporation)
    O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\msdaipp.dll (Microsoft Corporation)
    O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\msdaipp.dll (Microsoft Corporation)
    O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\msdaipp.dll (Microsoft Corporation)
    O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\msdaipp.dll (Microsoft Corporation)
    O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Archivos de programa\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\msdaipp.dll (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\msdaipp.dll (Microsoft Corporation)
    O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Archivos de programa\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Archivos de programa\SUPERAntiSpyware\SASWINLO.dll - C:\Archivos de programa\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
    O20 - Winlogon\Notify\cbssreg: DllName - C:\Documents and Settings\All Users\Documentos\Settings\cbss.dll - C:\Documents and Settings\All Users\Documentos\Settings\cbss.dll ()
    O24 - Desktop WallPaper: C:\Documents and Settings\David\Configuración local\Datos de programa\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\David\Configuración local\Datos de programa\Microsoft\Wallpaper1.bmp
    O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Archivos de programa\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2008/06/25 08:48:38 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - AutoRun File - [2009/03/20 17:42:25 | 000,000,024 | ---- | M] () - D:\autoexec.bat -- [ NTFS ]
    O33 - MountPoints2\{762834d3-37c5-11de-8e72-0016e6176efb}\Shell\AutoRun\command - "" = M:\q.com -- File not found
    O33 - MountPoints2\{762834d3-37c5-11de-8e72-0016e6176efb}\Shell\explore\Command - "" = M:\q.com -- File not found
    O33 - MountPoints2\{762834d3-37c5-11de-8e72-0016e6176efb}\Shell\open\Command - "" = M:\q.com -- File not found
    O33 - MountPoints2\{a2ddc7ca-f8d0-11dd-8e23-0016e6176efb}\Shell\AutoRun\command - "" = RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe
    O33 - MountPoints2\{a2ddc7ca-f8d0-11dd-8e23-0016e6176efb}\Shell\open\command - "" = RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: 6to4 - File not found
    NetSvcs: Ias - C:\WINDOWS\system32\ias [2008/06/25 08:48:05 | 000,000,000 | ---D | M]
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: WmdmPmSp - File not found

    CREATERESTOREPOINT
    Error starting restore point: The function was called in safe mode.
    Error closing restore point: The sequence number is invalid.

    ========== Files/Folders - Created Within 30 Days ==========

    [2010/04/19 08:45:11 | 000,562,176 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\David\Escritorio\OTL.exe
    [2010/04/18 12:14:53 | 000,000,000 | ---D | C] -- C:\Archivos de programa\TrendMicro
    [2010/04/18 09:34:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Datos de programa\SUPERAntiSpyware.com
    [2010/04/18 09:34:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David\Datos de programa\SUPERAntiSpyware.com
    [2010/04/18 09:34:02 | 000,000,000 | ---D | C] -- C:\Archivos de programa\SUPERAntiSpyware
    [2010/04/18 09:09:03 | 000,289,144 | ---- | C] (S!Ri) -- C:\WINDOWS\System32\VCCLSID.exe
    [2010/04/18 09:09:03 | 000,288,417 | ---- | C] (S!Ri) -- C:\WINDOWS\System32\SrchSTS.exe
    [2010/04/18 09:09:03 | 000,135,168 | ---- | C] (SteelWerX) -- C:\WINDOWS\System32\swreg.exe
    [2010/04/18 09:09:03 | 000,087,552 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\VACFix.exe
    [2010/04/18 09:09:03 | 000,082,944 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\IEDFix.exe
    [2010/04/18 09:09:03 | 000,082,944 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\IEDFix.C.exe
    [2010/04/18 09:09:03 | 000,082,432 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\404Fix.exe
    [2010/04/18 09:09:03 | 000,080,384 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\o4Patch.exe
    [2010/04/18 09:09:03 | 000,079,360 | ---- | C] (SteelWerX) -- C:\WINDOWS\System32\swxcacls.exe
    [2010/04/18 09:09:03 | 000,078,336 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\Agent.OMZ.Fix.exe
    [2010/04/18 09:09:03 | 000,053,248 | ---- | C] (http://www.beyondlogic.org) -- C:\WINDOWS\System32\Process.exe
    [2010/04/18 09:08:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David\Escritorio\SmitfraudFix
    [2010/04/17 20:26:17 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Documentos\Settings
    [2010/04/17 09:43:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Datos de programa\Macromedia
    [2010/04/17 09:43:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Datos de programa\Adobe
    [2010/04/17 09:42:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Configuración local\Datos de programa\Microsoft
    [2010/04/17 09:37:27 | 000,094,208 | ---- | C] (pqzJEixQkDy) -- C:\WINDOWS\System32\mssrv32.exe
    [2010/04/16 17:53:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David\Datos de programa\Stardock
    [2010/04/16 17:52:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Datos de programa\Stardock
    [2010/04/16 17:52:49 | 000,000,000 | ---D | C] -- C:\Archivos de programa\Stardock
    [2010/04/16 17:52:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Men&#12539;Inicio
    [2010/04/16 17:52:13 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Datos de programa\{0D3F1181-2990-450C-9561-37F58E771480}
    [2010/04/16 17:51:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David\Configuración local\Datos de programa\PackageAware
    [2010/04/09 15:51:52 | 000,036,864 | ---- | C] (TOSHIBA/MEI) -- C:\WINDOWS\System32\SDDEVMGR.dll
    [2010/04/07 17:50:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David\Configuración local\Datos de programa\Temp
    [2010/03/31 19:23:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Datos de programa\Sun
    [2010/03/31 19:19:41 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
    [2010/03/31 19:19:41 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
    [2010/03/31 19:19:41 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
    [2010/03/24 16:06:59 | 000,299,008 | ---- | C] (TigerGame) -- C:\WINDOWS\System32\Projoycpl.dll
    [2010/03/24 16:06:59 | 000,011,904 | ---- | C] (TigerGame.,Ltd) -- C:\WINDOWS\System32\drivers\Maypro.sys
    [2010/03/24 16:06:59 | 000,009,728 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\WINDOWS\Wii DriverLoader.exe
    [2010/03/24 16:06:59 | 000,000,000 | ---D | C] -- C:\Archivos de programa\Mayflash Wii Classic Controller Box
    [2010/03/22 11:43:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David\Escritorio\lameboy_ds-012
    [2010/03/20 14:04:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David\Datos de programa\UFOAI
    [2010/02/20 13:12:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Datos de programa\Foxit Software
    [2008/10/02 10:52:34 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\David\Datos de programa\pcouffin.sys
    [2008/06/28 13:19:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Configuración local\Datos de programa\Microsoft
    [2008/06/25 08:51:56 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Datos de programa\Microsoft
    [2008/06/25 08:51:44 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Datos de programa\Microsoft
    [5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2010/04/19 12:50:01 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2010/04/19 08:03:18 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\David\Escritorio\OTL.exe
    [2010/04/19 00:21:46 | 022,282,240 | -H-- | M] () -- C:\Documents and Settings\David\NTUSER.DAT
    [2010/04/19 00:21:46 | 000,000,192 | -HS- | M] () -- C:\Documents and Settings\David\ntuser.ini
    [2010/04/18 12:23:16 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
    [2010/04/18 12:15:09 | 000,002,485 | ---- | M] () -- C:\Documents and Settings\David\Escritorio\HiJackThis.lnk
    [2010/04/18 12:09:36 | 000,050,292 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
    [2010/04/18 10:55:01 | 000,001,178 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-343818398-1292428093-839522115-1003UA.job
    [2010/04/18 09:34:18 | 000,000,829 | ---- | M] () -- C:\Documents and Settings\All Users\Escritorio\SUPERAntiSpyware Free Edition.lnk
    [2010/04/18 09:14:12 | 000,003,348 | ---- | M] () -- C:\WINDOWS\System32\tmp.reg
    [2010/04/18 08:59:43 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2010/04/17 20:34:32 | 000,000,477 | ---- | M] () -- C:\WINDOWS\win.ini
    [2010/04/17 20:34:32 | 000,000,340 | -H-- | M] () -- C:\boot.ini
    [2010/04/17 20:34:32 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
    [2010/04/17 17:55:00 | 000,001,126 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-343818398-1292428093-839522115-1003Core.job
    [2010/04/17 09:37:10 | 000,094,208 | ---- | M] (pqzJEixQkDy) -- C:\WINDOWS\System32\mssrv32.exe
    [2010/04/17 09:36:55 | 000,127,488 | ---- | M] () -- C:\WINDOWS\System32\wcardspc.exe
    [2010/04/17 01:12:24 | 001,279,569 | ---- | M] () -- C:\Documents and Settings\David\Mis documentos\Abyssal.pdf
    [2010/04/16 23:48:25 | 000,047,293 | ---- | M] () -- C:\Documents and Settings\David\Escritorio\Oblivion Guard2.jpg
    [2010/04/16 23:38:10 | 000,043,386 | ---- | M] () -- C:\Documents and Settings\David\Escritorio\Oblivion Guard.jpg
    [2010/04/16 23:31:01 | 000,041,583 | ---- | M] () -- C:\Documents and Settings\David\Escritorio\Suicidal Overconfidence.jpg
    [2010/04/16 23:29:02 | 000,138,612 | ---- | M] () -- C:\Documents and Settings\David\Escritorio\1271453050661.gif
    [2010/04/16 23:27:16 | 000,038,294 | ---- | M] () -- C:\Documents and Settings\David\Escritorio\Mimiga.jpg
    [2010/04/16 22:49:41 | 000,040,970 | ---- | M] () -- C:\Documents and Settings\David\Escritorio\Ganondorf, Eternal Evil.jpg
    [2010/04/16 22:49:32 | 000,042,799 | ---- | M] () -- C:\Documents and Settings\David\Escritorio\Yukari, Mistress of Boundaries.jpg
    [2010/04/16 17:53:13 | 000,000,943 | ---- | M] () -- C:\Documents and Settings\David\Menú Inicio\Programas\Inicio\Impulse Now.lnk
    [2010/04/16 17:53:07 | 000,000,880 | ---- | M] () -- C:\Documents and Settings\All Users\Escritorio\Impulse.lnk
    [2010/04/16 10:01:44 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2010/04/15 10:24:14 | 000,524,288 | ---- | M] () -- C:\Documents and Settings\David\Escritorio\4749 - Pokemon SoulSilver (U)(Xenophobia).sav
    [2010/04/13 18:58:42 | 000,033,280 | ---- | M] () -- C:\Documents and Settings\David\Configuración local\Datos de programa\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/04/10 20:03:51 | 000,002,347 | ---- | M] () -- C:\Documents and Settings\All Users\Escritorio\LOST PLANET COLONIES.lnk
    [2010/04/10 14:36:05 | 000,060,031 | ---- | M] () -- C:\Documents and Settings\David\Escritorio\personajes.JPG
    [2010/04/08 15:09:57 | 000,250,580 | ---- | M] () -- C:\Documents and Settings\David\Escritorio\1270731126447.png
    [2010/04/05 12:35:50 | 000,000,668 | ---- | M] () -- C:\Documents and Settings\David\Datos de programa\vso_ts_preview.xml
    [2010/04/05 09:58:32 | 000,524,288 | ---- | M] () -- C:\Documents and Settings\David\Escritorio\B-SMTSJU.SAV
    [2010/03/31 01:25:13 | 001,420,961 | ---- | M] () -- C:\Documents and Settings\David\Escritorio\Maryn.pdf
    [2010/03/28 10:25:46 | 001,121,952 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
    [2010/03/28 10:25:46 | 000,505,430 | ---- | M] () -- C:\WINDOWS\System32\perfh00A.dat
    [2010/03/28 10:25:46 | 000,441,960 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2010/03/28 10:25:46 | 000,090,852 | ---- | M] () -- C:\WINDOWS\System32\perfc00A.dat
    [2010/03/28 10:25:46 | 000,071,530 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2010/04/19 08:45:11 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\David\Escritorio\gmer.exe
    [2010/04/18 13:26:58 | 000,524,288 | ---- | C] () -- C:\Documents and Settings\David\Escritorio\4749 - Pokemon SoulSilver (U)(Xenophobia).sav
    [2010/04/18 12:14:53 | 000,002,485 | ---- | C] () -- C:\Documents and Settings\David\Escritorio\HiJackThis.lnk
    [2010/04/18 09:34:18 | 000,000,829 | ---- | C] () -- C:\Documents and Settings\All Users\Escritorio\SUPERAntiSpyware Free Edition.lnk
    [2010/04/18 09:12:03 | 000,003,348 | ---- | C] () -- C:\WINDOWS\System32\tmp.reg
    [2010/04/18 09:09:03 | 000,075,776 | ---- | C] () -- C:\WINDOWS\System32\WS2Fix.exe
    [2010/04/18 09:09:03 | 000,051,200 | ---- | C] () -- C:\WINDOWS\System32\dumphive.exe
    [2010/04/18 09:09:03 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\swsc.exe
    [2010/04/18 08:59:41 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2010/04/17 09:36:53 | 000,127,488 | ---- | C] () -- C:\WINDOWS\System32\wcardspc.exe
    [2010/04/16 23:48:25 | 000,047,293 | ---- | C] () -- C:\Documents and Settings\David\Escritorio\Oblivion Guard2.jpg
    [2010/04/16 23:38:10 | 000,043,386 | ---- | C] () -- C:\Documents and Settings\David\Escritorio\Oblivion Guard.jpg
    [2010/04/16 23:31:01 | 000,041,583 | ---- | C] () -- C:\Documents and Settings\David\Escritorio\Suicidal Overconfidence.jpg
    [2010/04/16 23:29:01 | 000,138,612 | ---- | C] () -- C:\Documents and Settings\David\Escritorio\1271453050661.gif
    [2010/04/16 23:27:16 | 000,038,294 | ---- | C] () -- C:\Documents and Settings\David\Escritorio\Mimiga.jpg
    [2010/04/16 22:49:41 | 000,040,970 | ---- | C] () -- C:\Documents and Settings\David\Escritorio\Ganondorf, Eternal Evil.jpg
    [2010/04/16 22:49:32 | 000,042,799 | ---- | C] () -- C:\Documents and Settings\David\Escritorio\Yukari, Mistress of Boundaries.jpg
    [2010/04/16 17:53:13 | 000,000,943 | ---- | C] () -- C:\Documents and Settings\David\Menú Inicio\Programas\Inicio\Impulse Now.lnk
    [2010/04/16 17:53:07 | 000,000,880 | ---- | C] () -- C:\Documents and Settings\All Users\Escritorio\Impulse.lnk
    [2010/04/13 21:42:50 | 001,279,569 | ---- | C] () -- C:\Documents and Settings\David\Mis documentos\Abyssal.pdf
    [2010/04/10 14:36:05 | 000,060,031 | ---- | C] () -- C:\Documents and Settings\David\Escritorio\personajes.JPG
    [2010/04/08 15:09:53 | 000,250,580 | ---- | C] () -- C:\Documents and Settings\David\Escritorio\1270731126447.png
    [2010/04/07 17:50:46 | 000,001,178 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-343818398-1292428093-839522115-1003UA.job
    [2010/04/07 17:50:45 | 000,001,126 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-343818398-1292428093-839522115-1003Core.job
    [2010/04/07 13:54:49 | 000,524,288 | ---- | C] () -- C:\Documents and Settings\David\Escritorio\B-SMTSJU.SAV
    [2010/03/27 02:20:32 | 001,420,961 | ---- | C] () -- C:\Documents and Settings\David\Escritorio\Maryn.pdf
    [2010/03/24 16:06:59 | 000,004,905 | ---- | C] () -- C:\WINDOWS\Propad2.inf
    [2010/01/31 14:32:00 | 000,000,071 | ---- | C] () -- C:\WINDOWS\EMP.INI
    [2009/10/22 20:16:59 | 000,016,456 | ---- | C] () -- C:\WINDOWS\System32\pwdrvio.sys
    [2009/10/22 20:16:59 | 000,011,088 | ---- | C] () -- C:\WINDOWS\System32\pwdspio.sys
    [2009/07/05 08:54:03 | 000,512,480 | ---- | C] () -- C:\Documents and Settings\LocalService\Configuración local\Datos de programa\FontCache3.0.0.0.dat
    [2009/06/25 18:23:50 | 000,281,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
    [2009/06/25 18:23:49 | 000,025,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
    [2009/06/10 08:29:34 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
    [2009/06/10 08:29:34 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
    [2009/06/10 08:29:34 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
    [2009/06/10 08:29:32 | 001,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
    [2009/04/22 00:19:06 | 000,172,173 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
    [2009/04/21 16:34:43 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
    [2009/04/21 16:34:43 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
    [2009/04/13 14:45:42 | 000,000,269 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
    [2009/03/06 17:47:47 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
    [2008/12/29 13:00:58 | 000,000,540 | ---- | C] () -- C:\Documents and Settings\David\Datos de programa\AutoGK.ini
    [2008/11/25 00:19:26 | 000,000,218 | ---- | C] () -- C:\Documents and Settings\David\.recently-used.xbel
    [2008/11/22 12:41:38 | 000,721,904 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
    [2008/11/10 20:30:54 | 000,000,056 | ---- | C] () -- C:\WINDOWS\kgt2k.INI
    [2008/10/15 17:33:30 | 000,000,030 | ---- | C] () -- C:\WINDOWS\wininit.ini
    [2008/10/11 20:38:24 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
    [2008/10/07 09:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
    [2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
    [2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
    [2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
    [2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
    [2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
    [2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
    [2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
    [2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
    [2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
    [2008/10/02 10:52:49 | 000,000,668 | ---- | C] () -- C:\Documents and Settings\David\Datos de programa\vso_ts_preview.xml
    [2008/10/02 10:52:39 | 000,000,034 | ---- | C] () -- C:\Documents and Settings\David\Datos de programa\pcouffin.log
    [2008/10/02 10:52:34 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\David\Datos de programa\inst.exe
    [2008/10/02 10:52:34 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\David\Datos de programa\pcouffin.cat
    [2008/10/02 10:52:34 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\David\Datos de programa\pcouffin.inf
    [2008/10/02 10:34:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Irremote.ini
    [2008/09/12 19:25:20 | 000,000,050 | ---- | C] () -- C:\WINDOWS\MegaManager.INI
    [2008/07/20 11:00:57 | 000,197,120 | ---- | C] () -- C:\WINDOWS\patchw32.dll
    [2008/07/17 20:45:25 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
    [2008/07/17 20:45:25 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
    [2008/07/17 20:45:25 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
    [2008/07/14 17:18:38 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
    [2008/07/14 15:59:02 | 000,001,024 | ---- | C] () -- C:\Documents and Settings\David\.rnd
    [2008/07/13 11:20:17 | 000,000,134 | ---- | C] () -- C:\Documents and Settings\David\Configuración local\Datos de programa\fusioncache.dat
    [2008/06/27 22:15:29 | 000,000,431 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
    [2008/06/27 22:15:29 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\brss01a.ini
    [2008/06/27 22:15:29 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
    [2008/06/27 22:13:10 | 000,000,219 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
    [2008/06/27 22:13:10 | 000,000,092 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
    [2008/06/26 17:59:08 | 000,033,280 | ---- | C] () -- C:\Documents and Settings\David\Configuración local\Datos de programa\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2008/06/25 11:57:11 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD.dll
    [2008/06/25 10:34:03 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
    [2008/06/25 10:33:55 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
    [2008/06/25 08:52:51 | 000,000,192 | -HS- | C] () -- C:\Documents and Settings\David\ntuser.ini
    [2008/06/25 08:52:50 | 000,712,704 | -H-- | C] () -- C:\Documents and Settings\David\ntuser.dat.LOG
    [2008/06/25 08:52:49 | 022,282,240 | -H-- | C] () -- C:\Documents and Settings\David\NTUSER.DAT
    [2007/07/25 15:24:28 | 001,559,040 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
    [2007/06/07 12:54:08 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\cdrip32.dll
    [2007/03/10 13:51:48 | 000,282,624 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
    [2006/04/16 16:18:50 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
    [2006/04/16 16:18:49 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
    [2002/10/16 00:54:04 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll

    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2008/07/11 18:06:32 | 000,000,388 | ---- | M] () -- C:\AlphaDiscLog.txt
    [2008/06/25 08:48:38 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
    [2010/04/17 20:34:32 | 000,000,340 | -H-- | M] () -- C:\boot.ini
    [2007/10/20 02:00:00 | 000,004,952 | RHS- | M] () -- C:\Bootfont.bin
    [2008/06/25 08:48:38 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
    [2008/06/25 08:48:38 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2008/06/25 08:48:38 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2007/10/20 02:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
    [2008/06/28 13:06:13 | 000,251,168 | RHS- | M] () -- C:\ntldr
    [2010/04/19 12:49:54 | 1610,612,736 | -HS- | M] () -- C:\pagefile.sys
    [2010/04/18 09:14:40 | 000,004,043 | ---- | M] () -- C:\rapport.txt
    [1996/09/16 04:00:00 | 000,202,240 | -H-- | M] (DreamWorks Interactive) -- C:\setup95.exe
    [2010/01/20 02:29:42 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
    [2010/01/20 18:52:21 | 000,000,268 | -H-- | M] () -- C:\sqmdata01.sqm
    [2010/01/21 01:38:35 | 000,000,268 | -H-- | M] () -- C:\sqmdata02.sqm
    [2010/01/26 01:42:56 | 000,000,268 | -H-- | M] () -- C:\sqmdata03.sqm
    [2010/01/27 02:23:40 | 000,000,268 | -H-- | M] () -- C:\sqmdata04.sqm
    [2010/01/28 10:14:41 | 000,000,268 | -H-- | M] () -- C:\sqmdata05.sqm
    [2010/01/31 15:39:25 | 000,000,268 | -H-- | M] () -- C:\sqmdata06.sqm
    [2010/01/31 18:04:46 | 000,000,268 | -H-- | M] () -- C:\sqmdata07.sqm
    [2009/12/13 01:37:50 | 000,000,268 | -H-- | M] () -- C:\sqmdata08.sqm
    [2009/12/14 08:19:35 | 000,000,268 | -H-- | M] () -- C:\sqmdata09.sqm
    [2009/12/15 11:45:01 | 000,000,268 | -H-- | M] () -- C:\sqmdata10.sqm
    [2009/12/18 08:13:18 | 000,000,268 | -H-- | M] () -- C:\sqmdata11.sqm
    [2009/12/18 18:35:30 | 000,000,268 | -H-- | M] () -- C:\sqmdata12.sqm
    [2009/12/18 20:52:05 | 000,000,268 | -H-- | M] () -- C:\sqmdata13.sqm
    [2010/01/11 02:59:19 | 000,000,268 | -H-- | M] () -- C:\sqmdata14.sqm
    [2010/01/12 11:45:19 | 000,000,268 | -H-- | M] () -- C:\sqmdata15.sqm
    [2010/01/13 19:31:09 | 000,000,268 | -H-- | M] () -- C:\sqmdata16.sqm
    [2010/01/14 14:04:33 | 000,000,268 | -H-- | M] () -- C:\sqmdata17.sqm
    [2010/01/15 02:13:17 | 000,000,268 | -H-- | M] () -- C:\sqmdata18.sqm
    [2010/01/19 03:19:27 | 000,000,268 | -H-- | M] () -- C:\sqmdata19.sqm
    [2010/01/20 02:29:42 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
    [2010/01/20 18:52:21 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
    [2010/01/21 01:38:34 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
    [2010/01/26 01:42:56 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
    [2010/01/27 02:23:40 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
    [2010/01/28 10:14:41 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
    [2010/01/31 15:39:25 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
    [2010/01/31 18:04:45 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
    [2009/12/13 01:37:50 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
    [2009/12/14 08:19:35 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
    [2009/12/15 11:45:01 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
    [2009/12/18 08:13:18 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
    [2009/12/18 18:35:30 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
    [2009/12/18 20:52:05 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
    [2010/01/11 02:59:19 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
    [2010/01/12 11:45:19 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
    [2010/01/13 19:31:09 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
    [2010/01/14 14:04:33 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm
    [2010/01/15 02:13:17 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm
    [2010/01/19 03:19:27 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm


    < MD5 for: AGP440.SYS >
    [2007/10/20 02:00:00 | 016,714,839 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
    [2008/04/14 08:01:54 | 020,100,698 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
    [2008/04/14 08:01:54 | 020,100,698 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
    [2008/04/14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
    [2008/04/14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

    < MD5 for: ATAPI.SYS >
    [2007/10/20 02:00:00 | 016,714,839 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
    [2008/04/14 08:01:54 | 020,100,698 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
    [2008/04/14 08:01:54 | 020,100,698 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
    [2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
    [2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
    [2007/10/20 02:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\i386\atapi.sys
    [2007/10/20 02:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\i386\atapi.sys

    < MD5 for: EVENTLOG.DLL >
    [2008/04/14 07:48:22 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2744C713F0217BD8FFD13E2EF731371C -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
    [2008/04/14 07:48:22 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2744C713F0217BD8FFD13E2EF731371C -- C:\WINDOWS\system32\eventlog.dll

    < MD5 for: NETLOGON.DLL >
    [2008/04/14 07:48:30 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=CD2BBB52DFAAB666B812A51B1E96F2A0 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
    [2008/04/14 07:48:30 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=CD2BBB52DFAAB666B812A51B1E96F2A0 -- C:\WINDOWS\system32\netlogon.dll

    < MD5 for: NVATA.SYS >
    [2005/08/18 10:52:06 | 000,093,568 | R--- | M] (NVIDIA Corporation) MD5=0344AA9113DC16EEC379F4652020849D -- C:\WINDOWS\system32\drivers\nvata.sys

    < MD5 for: SCECLI.DLL >
    [2008/04/14 07:48:36 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=B6BE3C96CD33336A551DB3F2299A8E69 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
    [2008/04/14 07:48:36 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=B6BE3C96CD33336A551DB3F2299A8E69 -- C:\WINDOWS\system32\scecli.dll

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2008/06/25 10:35:06 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
    [2008/06/25 10:35:06 | 000,667,648 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
    [2008/06/25 10:35:06 | 000,479,232 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

    < %systemroot%\system32\*.dll /lockedfiles >
    [5 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

    < %systemroot%\Tasks\*.job /lockedfiles >

    ========== Files - Unicode (All) ==========
    [2008/08/16 13:27:15 | 000,000,000 | ---D | M](C:\Archivos de programa\???????) -- C:\Archivos de programa\&#19978;&#28023;&#12450;&#12522;&#12473;&#24187;&#27138;
    [2008/08/16 13:27:15 | 000,000,000 | ---D | M](C:\Archivos de programa\???????) -- C:\Archivos de programa\&#19978;&#28023;&#12450;&#12522;&#12473;&#24187;&#27138;
    (C:\Archivos de programa\???????) -- C:\Archivos de programa\&#19978;&#28023;&#12450;&#12522;&#12473;&#24187;&#27138;
    < End of report >
     
  5. Drascin

    Drascin Thread Starter

    Joined:
    Apr 18, 2010
    Messages:
    32
    Thanks for the reply.

    I booted the computer in safemode and tried what you said. GMER, however, after about an hour or so of analysis caused the same kind of computer crash as SuperAntiSpyware did - black screen and instant restart.

    Okay, so for some reason when I try to post with the pasted logs I get a 503 error. May be the length - the camputer is also the main gaming computer of the whole house, so there's a serious lot of stuff in it.

    I attached the two txts to this post instead. Sorry for the bother.

    EDIT: oh, so it did post at least the one where I posted one document despite the 503. Good. Here's the Extras file:
    =========================

    OTL Extras logfile created on: 19/04/2010 12:52:49 - Run 1
    OTL by OldTimer - Version 3.2.1.3 Folder = C:\Documents and Settings\David\Escritorio
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 6.0.2900.5512)
    Locale: 00000C0A | Country: España | Language: ESN | Date Format: dd/MM/yyyy

    1.023,00 Mb Total Physical Memory | 791,00 Mb Available Physical Memory | 77,00% Memory free
    2,00 Gb Paging File | 2,00 Gb Available in Paging File | 97,00% Paging File free
    Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Archivos de programa
    Drive C: | 189,91 Gb Total Space | 23,19 Gb Free Space | 12,21% Space Free | Partition Type: NTFS
    Drive D: | 35,15 Gb Total Space | 6,53 Gb Free Space | 18,58% Space Free | Partition Type: NTFS
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    Drive H: | 502,48 Mb Total Space | 281,59 Mb Free Space | 56,04% Space Free | Partition Type: FAT32
    I: Drive not present or media not loaded
    Drive P: | 232,88 Gb Total Space | 120,65 Gb Free Space | 51,81% Space Free | Partition Type: NTFS

    Computer Name: DAVID-EQUIPO1
    Current User Name: David
    Logged in as Administrator.

    Current Boot Mode: SafeMode
    Scan Mode: Current user
    Company Name Whitelist: Off
    Skip Microsoft Files: Off
    File Age = 30 Days
    Output = Standard

    ========== Extra Registry (All) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
    .cpl [@ = cplfile] -- C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
    .hlp [@ = hlpfile] -- C:\WINDOWS\System32\winhlp32.exe (Microsoft Corporation)
    .hta [@ = htafile] -- C:\WINDOWS\System32\mshta.exe (Microsoft Corporation)
    .html [@ = htmlfile] -- C:\Archivos de programa\Internet Explorer\iexplore.exe (Microsoft Corporation)
    .inf [@ = inffile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
    .ini [@ = inifile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
    .url [@ = InternetShortcut] -- C:\WINDOWS\System32\shdocvw.dll (Microsoft Corporation)
    .js [@ = jsfile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
    .jse [@ = JSEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
    .reg [@ = regfile] -- C:\WINDOWS\regedit.exe (Microsoft Corporation)
    .txt [@ = txtfile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
    .vbe [@ = VBEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
    .vbs [@ = VBSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
    .wsf [@ = WSFFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
    .wsh [@ = WSHFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Archivos de programa\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
    batfile [open] -- "%1" %*
    batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    chm.file [open] -- "C:\WINDOWS\hh.exe" %1 (Microsoft Corporation)
    cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
    cmdfile [open] -- "%1" %*
    cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- winhlp32.exe %1 (Microsoft Corporation)
    hlpfile [open] -- %SystemRoot%\System32\winhlp32.exe %1 (Microsoft Corporation)
    htafile [open] -- C:\WINDOWS\system32\mshta.exe "%1" %* (Microsoft Corporation)
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Archivos de programa\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Archivos de programa\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    http [open] -- "C:\Archivos de programa\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
    https [open] -- "C:\Archivos de programa\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
    inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
    inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
    inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
    inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
    jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
    jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
    jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
    jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
    jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
    regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
    regfile [merge] -- Reg Error: Key error.
    regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
    txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
    vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
    vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
    vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
    vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
    vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
    vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
    wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
    wsffile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
    wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
    wshfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Archivos de programa\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Archivos de programa\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Applications\iexplore.exe [open] -- "C:\Archivos de programa\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Archivos de programa\Internet Explorer\iexplore.exe" (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0
    "UACDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "1900:UDP" = 1900:UDP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22008

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "C:\Archivos de programa\Windows Live\Messenger\livecall.exe" = C:\Archivos de programa\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) -- (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Archivos de programa\uTorrent\uTorrent.exe" = C:\Archivos de programa\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
    "C:\Archivos de programa\Windows Live\Messenger\livecall.exe" = C:\Archivos de programa\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) -- (Microsoft Corporation)
    "C:\Archivos de programa\Mozilla Firefox\firefox.exe" = C:\Archivos de programa\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
    "C:\Archivos de programa\LucasArts\Star Wars JK II Jedi Outcast\GameData\jk2mp.exe" = C:\Archivos de programa\LucasArts\Star Wars JK II Jedi Outcast\GameData\jk2mp.exe:*:Enabled:jk2mp -- File not found
    "C:\Games\FreeSpace2\fs2_open_3_6_9.exe" = C:\Games\FreeSpace2\fs2_open_3_6_9.exe:*:Enabled:FreeSpace -- (Volition Inc.)
    "C:\Archivos de programa\OrangeBox\hl2.exe" = C:\Archivos de programa\OrangeBox\hl2.exe:*:Enabled:hl2 -- ()
    "C:\Archivos de programa\Valve\Steam\SteamApps\User\Half-Life 2\hl2.exe" = C:\Archivos de programa\Valve\Steam\SteamApps\User\Half-Life 2\hl2.exe:*:Enabled:hl2 -- ()
    "C:\Archivos de programa\bmoworld\BomberMan.exe" = C:\Archivos de programa\bmoworld\BomberMan.exe:*:Enabled:BomberMan -- (Wizgate)
    "C:\Archivos de programa\Worms 4\WORMS 4 MAYHEM.EXE" = C:\Archivos de programa\Worms 4\WORMS 4 MAYHEM.EXE:*:Enabled:Worms 4 Mayhem -- (Team 17 Ltd)
    "C:\Archivos de programa\Atari\Neverwinter Nights 2\nwn2main.exe" = C:\Archivos de programa\Atari\Neverwinter Nights 2\nwn2main.exe:*:Enabled:Neverwinter Nights 2 Main -- File not found
    "C:\Archivos de programa\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe" = C:\Archivos de programa\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe:*:Enabled:Neverwinter Nights 2 AMD -- File not found
    "C:\Archivos de programa\Atari\Neverwinter Nights 2\nwupdate.exe" = C:\Archivos de programa\Atari\Neverwinter Nights 2\nwupdate.exe:*:Enabled:Neverwinter Nights 2 Updater -- File not found
    "C:\Archivos de programa\Atari\Neverwinter Nights 2\nwn2server.exe" = C:\Archivos de programa\Atari\Neverwinter Nights 2\nwn2server.exe:*:Enabled:Neverwinter Nights 2 Server -- File not found
    "C:\Program Files\Fantasy Grounds II\FantasyGrounds.exe" = C:\Program Files\Fantasy Grounds II\FantasyGrounds.exe:*:Enabled:FantasyGrounds -- ()
    "J:\Juegos\GUILTY GEAR XX #RELOAD\ggxx.exe" = J:\Juegos\GUILTY GEAR XX #RELOAD\ggxx.exe:*:Enabled:GUILTYGEAR XX #RELOAD -- File not found
    "C:\Documents and Settings\David\Escritorio\Utilidades\eclipse\eclipse.exe" = C:\Documents and Settings\David\Escritorio\Utilidades\eclipse\eclipse.exe:*:Enabled:eclipse -- ()
    "C:\CS1.6 pod-Bot\hl.exe" = C:\CS1.6 pod-Bot\hl.exe:*:Enabled:Half-Life Launcher -- File not found
    "C:\Archivos de programa\Ventrilo\Ventrilo.exe" = C:\Archivos de programa\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe -- ()
    "C:\Archivos de programa\VentSrv\ventrilo_srv.exe" = C:\Archivos de programa\VentSrv\ventrilo_srv.exe:*:Enabled:ventrilo_srv -- ()
    "C:\Archivos de programa\Valve\Steam\SteamApps\drascin\team fortress 2\hl2.exe" = C:\Archivos de programa\Valve\Steam\SteamApps\drascin\team fortress 2\hl2.exe:*:Enabled:hl2 -- ()
    "C:\Archivos de programa\THQ\Dawn of War - Dark Crusade\DarkCrusade.exe" = C:\Archivos de programa\THQ\Dawn of War - Dark Crusade\DarkCrusade.exe:*:Enabled:DarkCrusade -- File not found
    "C:\Archivos de programa\CAPCOM\STREETFIGHTERIV\StreetFighterIV.exe" = C:\Archivos de programa\CAPCOM\STREETFIGHTERIV\StreetFighterIV.exe:*:Enabled:STREET FIGHTER IV -- (CAPCOM U.S.A., INC.)
    "C:\Archivos de programa\Java\jre6\bin\javaw.exe" = C:\Archivos de programa\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
    "C:\Archivos de programa\Java\jre6\bin\java.exe" = C:\Archivos de programa\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
    "C:\Archivos de programa\mIRC\mirc.exe" = C:\Archivos de programa\mIRC\mirc.exe:*:Enabled:mIRC -- (mIRC Co. Ltd.)
    "C:\Archivos de programa\Dragon Age\bin_ship\daorigins.exe" = C:\Archivos de programa\Dragon Age\bin_ship\daorigins.exe:*:Enabled:Dragon Age Origins Juego -- (BioWare)
    "C:\Archivos de programa\Dragon Age\DAOriginsLauncher.exe" = C:\Archivos de programa\Dragon Age\DAOriginsLauncher.exe:*:Enabled:Dragon Age Origins Ejecutar -- (BioWare)
    "C:\Archivos de programa\Dragon Age\bin_ship\daupdatersvc.service.exe" = C:\Archivos de programa\Dragon Age\bin_ship\daupdatersvc.service.exe:*:Enabled:Dragon Age Origins Actualización -- (BioWare)
    "C:\Archivos de programa\Valve\Steam\SteamApps\common\baboinvasion\BaboInvasion.exe" = C:\Archivos de programa\Valve\Steam\SteamApps\common\baboinvasion\BaboInvasion.exe:*:Enabled:Madballs in... Babo:Invasion -- ()
    "C:\Archivos de programa\Valve\Steam\SteamApps\common\deus ex\System\DeusEx.exe" = C:\Archivos de programa\Valve\Steam\SteamApps\common\deus ex\System\DeusEx.exe:*:Enabled:Deus Ex: Game of the Year Edition -- ()
    "C:\Archivos de programa\Valve\Steam\SteamApps\common\defensegridtheawakening\DefenseGrid.exe" = C:\Archivos de programa\Valve\Steam\SteamApps\common\defensegridtheawakening\DefenseGrid.exe:*:Enabled:Defense Grid: The Awakening -- ()
    "J:\Steam\Steam.exe" = J:\Steam\Steam.exe:*:Enabled:Steam -- File not found
    "J:\Steam\steamapps\drascin\team fortress 2\hl2.exe" = J:\Steam\steamapps\drascin\team fortress 2\hl2.exe:*:Enabled:hl2 -- File not found
    "P:\Archivos de programa\GreedyTorrent\GTor.exe" = P:\Archivos de programa\GreedyTorrent\GTor.exe:*:Enabled:GTor -- ()
    "J:\Steam\steamapps\common\medieval ii total war\Launcher.exe" = J:\Steam\steamapps\common\medieval ii total war\Launcher.exe:*:Enabled:Medieval II: Total War -- File not found
    "J:\Steam\steamapps\common\dawn of war gold\W40kWA.exe" = J:\Steam\steamapps\common\dawn of war gold\W40kWA.exe:*:Enabled:Warhammer 40,000: Dawn of War - Winter Assault -- File not found
    "J:\Steam\steamapps\common\audiosurf\engine\QuestViewer.exe" = J:\Steam\steamapps\common\audiosurf\engine\QuestViewer.exe:*:Enabled:Audiosurf -- File not found
    "J:\Steam\steamapps\common\swkotor\swkotor.exe" = J:\Steam\steamapps\common\swkotor\swkotor.exe:*:Enabled:Star Wars: Knights of the Old Republic -- File not found
    "J:\Steam\steamapps\common\evil genius\EvilGeniusLauncher.exe" = J:\Steam\steamapps\common\evil genius\EvilGeniusLauncher.exe:*:Enabled:Evil Genius -- File not found
    "J:\Steam\steamapps\common\shadowgrounds survivor\survivor.exe" = J:\Steam\steamapps\common\shadowgrounds survivor\survivor.exe:*:Enabled:Shadowgrounds Survivor -- File not found
    "J:\Steam\steamapps\common\shadowgrounds survivor\Shadowgrounds Survivor Launcher.exe" = J:\Steam\steamapps\common\shadowgrounds survivor\Shadowgrounds Survivor Launcher.exe:*:Enabled:Shadowgrounds Survivor -- File not found
    "J:\Steam\steamapps\common\shadowgrounds\Shadowgrounds.exe" = J:\Steam\steamapps\common\shadowgrounds\Shadowgrounds.exe:*:Enabled:Shadowgrounds -- File not found
    "J:\Steam\steamapps\common\shadowgrounds\ShadowgroundsLauncher.exe" = J:\Steam\steamapps\common\shadowgrounds\ShadowgroundsLauncher.exe:*:Enabled:Shadowgrounds -- File not found
    "J:\Steam\steamapps\common\dawn of war gold\W40k.exe" = J:\Steam\steamapps\common\dawn of war gold\W40k.exe:*:Enabled:Warhammer 40,000: Dawn of War -- File not found
    "J:\Steam\steamapps\common\dawn of war dark crusade\darkcrusade.exe" = J:\Steam\steamapps\common\dawn of war dark crusade\darkcrusade.exe:*:Enabled:Warhammer 40,000: Dawn of War - Dark Crusade -- File not found
    "J:\Steam\steamapps\common\machinarium\machinarium.exe" = J:\Steam\steamapps\common\machinarium\machinarium.exe:*:Enabled:Machinarium -- File not found
    "J:\Steam\steamapps\common\deus ex\System\DeusEx.exe" = J:\Steam\steamapps\common\deus ex\System\DeusEx.exe:*:Enabled:Deus Ex: Game of the Year Edition -- File not found
    "J:\Steam\steamapps\common\jedi academy\GameData\jasp.exe" = J:\Steam\steamapps\common\jedi academy\GameData\jasp.exe:*:Enabled:Star Wars Jedi Knight: Jedi Academy -- File not found
    "J:\Steam\steamapps\common\jedi academy\GameData\jamp.exe" = J:\Steam\steamapps\common\jedi academy\GameData\jamp.exe:*:Enabled:Star Wars Jedi Knight: Jedi Academy -- File not found
    "J:\Steam\steamapps\common\defensegridtheawakening\DefenseGrid.exe" = J:\Steam\steamapps\common\defensegridtheawakening\DefenseGrid.exe:*:Enabled:Defense Grid: The Awakening -- File not found
    "P:\Archivos de programa\CAPCOM\LOSTPLANETCOLONIES\LostPlanetColoniesDX9.exe" = P:\Archivos de programa\CAPCOM\LOSTPLANETCOLONIES\LostPlanetColoniesDX9.exe:*:Enabled:LOSTPLANETCOLONIES_DX9 -- (CAPCOM CO., LTD.)
    "P:\Archivos de programa\CAPCOM\LOSTPLANETCOLONIES\LostPlanetColoniesDX10.exe" = P:\Archivos de programa\CAPCOM\LOSTPLANETCOLONIES\LostPlanetColoniesDX10.exe:*:Enabled:LOSTPLANETCOLONIES_DX10 -- (CAPCOM CO., LTD.)
    "J:\Steam\steamapps\common\baboinvasion\BaboInvasion.exe" = J:\Steam\steamapps\common\baboinvasion\BaboInvasion.exe:*:Enabled:Madballs in... Babo:Invasion -- File not found
    "J:\Steam\steamapps\common\space giraffe\SpaceGiraffePC.exe" = J:\Steam\steamapps\common\space giraffe\SpaceGiraffePC.exe:*:Enabled:Space Giraffe -- File not found


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
    "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
    "{05B49229-22A2-4F88-842A-BBC2EBE1CCF6}" = Microsoft Games for Windows - LIVE Redistributable
    "{066D65EA-ED53-44E4-A96A-F81B6E409D2E}" = PC Connectivity Solution
    "{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}" = HiJackThis
    "{0C9C323B-395D-4483-A444-F7E11EE5B610}_is1" = BMO WORLD 4.4.0
    "{15F52B39-04CB-4EDB-9A8C-496C4A5588E2}" = Rayman 3
    "{183B7569-90FB-4C56-9761-0EEB002CAB83}" = Adobe Camera Raw 4.0
    "{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
    "{1D46A3A0-B37D-423A-91C2-101A49E2FF80}" = Ventrilo Server
    "{1E99F5D7-4262-4C7C-9135-F066E7485811}" = System Requirements Lab
    "{20B83B31-09C4-4F0E-9774-EF8A12A0A527}" = Adobe Device Central CS3
    "{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
    "{262C7F33-8251-432E-88C1-E9F42A53F8F0}" = PDFill PDF Editor with FREE PDF Writer and Tools
    "{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java(TM) 6 Update 19
    "{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
    "{2A539CD9-0F75-4875-9A32-E06DD93C4114}" = Adobe Extension Manager CS3
    "{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(TM) 6 Update 6
    "{32A3A4F4-B792-11D6-A78A-00B0D0160100}" = Java(TM) SE Development Kit 6 Update 10
    "{34E89C10-3E14-4396-A58C-72047CD458AD}" = TMPGEnc 4.0 XPress
    "{350C9C0A-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
    "{394BE3D9-7F57-4638-A8D1-1D88671913B7}" = Microsoft AppLocale
    "{3A12C952-61D5-4C3B-B68B-8CFBE47E22F1}" = Adobe Setup
    "{3B6E3FC6-274C-4B6C-BC85-5C3B15DE18E2}" = Mega Manager
    "{405C32CF-9C6F-49B3-9436-3F5FDBE7B3CE}" = Microsoft .NET Framework 2.0 Language Pack - ESN
    "{41C3C974-EC5E-494C-AFE6-E31D92E2E6CB}" = Adobe Version Cue CS3 Client
    "{43EA256F-5B76-4E44-AD8B-B892717A10D8}_is1" = Final Fantasy XII Config Patch LOW-SSE2-DX9 v0.04
    "{4448ABF6-786D-4C3D-A49D-7BB237E6DD17}" = Foxit PDF IFilter
    "{492B042A-70D0-4046-B0B8-27B446027695}_is1" = Final Fantasy XII International ZJS English Patched v0.18
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4D243BA7-9AC4-46D1-90E5-EEB88974F501}" = Microsoft Games for Windows - LIVE
    "{4DF98D0B-637E-42B4-B9D6-EB7693D2FBF8}" = Adobe ExtendScript Toolkit 2
    "{51F86E9B-0D0D-4080-BD70-9B0C275ABD5E}" = OpenOffice.org 2.2
    "{5668914A-431C-4910-94E7-F6673615B538}" = Windows Presentation Foundation Language Pack (ESN)
    "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
    "{58E9CBFD-28BD-445E-919D-BCB6CB0A5747}" = Art of Magic
    "{59ABBDF0-E1E5-48AF-85FB-F523A08C3490}" = STREET FIGHTER IV
    "{5A347920-4AFC-11D5-9FB0-800649886934}" = SDFormatter
    "{68CF6DD2-8BA3-4A70-81D8-7CC5F24C9BA2}" = Adobe Bridge CS3
    "{69726588-5D15-4EEC-9CC6-AA122D9F5154}" = Windows Communication Foundation Language Pack - ESN
    "{6A6DCB18-3ECB-46DC-894B-5EFE08C0BD9B}" = Mega Manager
    "{6BF81CE7-3D5A-497F-8912-2A65A0253E1B}" = Beyond Good & Evil
    "{6FCFA783-CE7B-4018-AC48-0E6EEAAEA322}" = LOST PLANET COLONIES
    "{7206C548-7CBC-439D-83B0-69FE16A68D0F}" = Aces of the Galaxy
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{733D84D6-AAFD-4368-A1D0-F2734F6B9082}" = Adobe Help Viewer CS3
    "{76C24F39-B161-498F-BD8B-C64789812D13}_is1" = ConvertXtoDVD 3.2.1.55b
    "{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
    "{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
    "{7F3A2319-79CF-4701-95FB-034E99281808}" = Adobe Bridge Start Meeting
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{870F1750-BA89-11DA-A94D-0800200C9A66}_is1" = VSO CopyToDVD 4
    "{8BC84ECC-EA87-49C0-93C0-2B5DF62745CD}" = Adobe Asset Services CS3
    "{8E5CFA2B-8CC5-4C8D-88CB-C4A1D4AD9790}_is1" = &#26481;&#26041;&#38750;&#24819;&#22825;&#21063; Ver1.01&#12450;&#12483;&#12503;&#12487;&#12540;&#12488;
    "{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
    "{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
    "{8EFF2EC4-F6F0-4A9B-91A5-92E2EEE93F35}" = &#32005;&#39764;&#22478;&#20253;&#35500; &#32203;&#33394;&#12398;&#20132;&#38911;&#26354;
    "{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
    "{907B4640-266B-4A21-92FB-CD1A86CD0F63}" = RollerCoaster Tycoon® 3
    "{93099B48-E36A-46C9-A03F-C85201D9B1C1}" = Foxit PDF IFilter
    "{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
    "{998D6972-F58E-479D-9248-8F179E55AE38}" = Java DB 10.4.1.3
    "{9A200E68-D5F4-4E70-910F-2871753A0E2B}" = Worms World Party
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9E1BAB75-EB78-440D-94C0-A3857BE2E733}" = System Requirements Lab
    "{9E1DDBE7-BF44-4AC8-87CA-3D25FC63C6E1}" = Windows Live installer
    "{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A5B5B6D8-DE44-44A3-90C4-8C07A1E0FAD4}" = WBFS Manager 2.5
    "{AA468551-1794-42FE-B504-C41D75EEBDF2}_is1" = Partition Wizard Home Edition 4.1
    "{AB588DC0-FC95-42D2-908F-BCAD99596282}" = Windows Workflow Foundation ES Language Pack
    "{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.2
    "{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
    "{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
    "{B83FC356-B7C0-441F-8A4D-D71E088E7974}" = NVIDIA PhysX
    "{B8672913-A995-4C4A-AA0F-DE5D83549FA0}" = Project64 1.7.0.55
    "{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
    "{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C151CE54-E7EA-4804-854B-F515368B0798}" = Athlon 64 Processor Driver
    "{C580908C-B3BA-4C19-BD60-16F02F272201}" = BattleForge
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CC870764-5AB2-4801-9F16-8E577AD0EE27}" = Redshark 3.30
    "{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}" = WinZip 11.1
    "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{CE7CB214-DB11-4B5D-A6AF-3B4ED47C68B7}" = Microsoft Game Studios Common Redistributables Pack 1
    "{D1C59F81-66FD-4E8E-B9F7-F4B2442D5222}" = Adobe Update Manager CS3
    "{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
    "{D45EC259-4A19-4656-B588-C2C360DD18EA}" = Half-Life(R) 2
    "{D4E5A687-797D-44B1-8F96-4FD7A24166A9}" = DEVIL MAY CRY 4
    "{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb" = Microsoft Windows Application Compatibility Database
    "{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
    "{EA450D5D-95EA-4FD0-B8B0-6D8E68FBE2C7}" = Impulse
    "{EA926717-CE5A-4CB4-AB21-9E6E9565A458}" = RCT3 Soaked
    "{EBDFE185-7DDD-4687-9EBA-1B24FF7FF496}" = Microsoft .NET Framework 3.0 Spanish Language Pack
    "{F01D5ED5-D53A-4468-B428-149DC2CB3110}" = Adobe Dreamweaver CS3
    "{F3C514B0-F676-4D4E-91F7-A7EE89878593}" = Livestream Procaster
    "{F91D4524-844F-4B4E-9C30-C33B16A05DDC}" = ƒ}ƒWƒJƒ‹ƒoƒgƒ‹ƒAƒŠ[ƒiE–‚–@*—•“¬Õ
    "{F9942587-59C1-43CC-8B6A-A5DB09CBA735}_is1" = “Œ•û”ê‘z“V Ver1.06
    "{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
    "{FC411B47-30BF-428C-9C1E-F6C54A94EA7E}" = Windows Live Messenger
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "0C5EDC3653FED5B121F464339EAC12534D253B25" = Windows Driver Package - Nokia Modem (02/15/2007 3.1)
    "Abe's Exoddus" = Abe's Exoddus
    "Abe's Oddysee" = Abe's Oddysee
    "Action Replay Code Manager_is1" = Action Replay Code Manager
    "Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.5
    "Adobe_435a6af7459cb02a9c1138113a26e93" = Adobe Dreamweaver CS3
    "Advanced PDF Password Remover" = Advanced PDF Password Remover 5.0
    "AIMP2" = AIMP2
    "Ashampoo Music Studio 3" = Ashampoo Music Studio 3
    "Aspell English Dictionary_is1" = Aspell English Dictionary-0.50-2
    "Aspell Spanish Dictionary_is1" = Aspell Spanish Dictionary-0.50-2
    "ATITool" = ATITool Overclocking Utility
    "avast!" = avast! Antivirus
    "AviSynth" = AviSynth 2.5
    "Bootfighter Windom XP sp-2.NET_is1" = Bootfighter Windom XP sp-2.NET v1.030
    "CamStudio" = CamStudio
    "Cave Story Deluxe" = Cave Story Deluxe
    "CD Audio Reader Filter" = CD Audio Reader Filter (remove only)
    "CDisplay_is1" = CDisplay 1.8
    "Combined Community Codec Pack_is1" = Combined Community Codec Pack 2008-09-21 16:18
    "Crayon Physics Deluxe_is1" = Crayon Physics Deluxe - release 51
    "Crimson Editor" = Crimson Editor (remove only)
    "CutePDF Writer Installation" = CutePDF Writer 2.7
    "Darwinia" = Darwinia
    "DC-Bass Source" = DC-Bass Source 1.1.1
    "Diablo II" = Diablo II
    "DirectVobSub" = DirectVobSub (remove only)
    "Dominions3" = Dominions 3 (remove only)
    "Download Manager" = Download Manager 2.3.9
    "DScaler 5 Mpeg Decoders_is1" = DScaler 5 Mpeg Decoders
    "EFFEEIEFFCCAFGEBFAEPFC" = ETHER VAPOR
    "EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v4.50
    "EvJO Wallpaper Changer_is1" = EvJO Wallpaper Changer v2.0
    "F064B256B4A20996EA9E333B5E0F14B61AB3333D" = Windows Driver Package - Nokia (WUDFRd) WPD (03/19/2007 6.83.31.1)
    "ffdshow_is1" = ffdshow [rev 2527] [2008-12-19]
    "foobar2000" = foobar2000 v0.9.6
    "Foxit Creator" = Foxit Creator
    "Foxit PDF Editor" = Foxit PDF Editor
    "Foxit Phantom" = Foxit Phantom
    "Foxit Reader" = Foxit Reader
    "Fraps" = Fraps (remove only)
    "Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2
    "Free Mp3 Wma Converter_is1" = Free Mp3 Wma Converter V 1.7.2
    "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.2
    "GNU Aspell_is1" = GNU Aspell 0.50-3
    "GrabIt_is1" = GrabIt 1.7.2 Beta 4 (build 997)
    "GreedyTorrent_is1" = GreedyTorrent v1.01 beta build 170
    "GTK 2.0" = Ejecutable GTK+ 2.12.8 rev a (sólo para eliminar)
    "Gyromancer - Desinstalar" = Gyromancer - Desinstalar
    "HaaliMkx" = Haali Media Splitter
    "Hero Lab V3.6" = Hero Lab V3.6
    "ImgBurn" = ImgBurn
    "Impulse" = Impulse
    "KC Softwares AudioGrail_is1" = KC Softwares AudioGrail
    "KC Softwares AVIToolbox_is1" = KC Softwares AVIToolbox
    "KCVDS BETA 1.15 A" = KCVDS BETA 1.15 A
    "Keeper" = Dungeon Keeper Gold
    "Lightning Warrior Raidy" = Lightning Warrior Raidy
    "Magic ISO Maker v5.5 (build 0261)" = Magic ISO Maker v5.5 (build 0261)
    "Magic Set Editor 2_is1" = Magic Set Editor 2 - 0.3.8 beta
    "MagicDisc 2.7.105" = MagicDisc 2.7.105
    "Mayflash Wii Classic Controller Box_is1" = Mayflash Wii Classic Controller Box
    "MediaCoder" = MediaCoder 0.7.2.4522
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 2.0 Language Pack - ESN" = Paquete de idioma de Microsoft .NET Framework 2.0 - ESN
    "Microsoft .NET Framework 3.0 Spanish Language Pack" = Reg Error: Invalid data type.
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "mIRC" = mIRC
    "MONOGRAM AMR Splitter/Decoder" = MONOGRAM AMR Splitter/Decoder (remove only)
    "Mozilla Firefox (3.6)" = Mozilla Firefox (3.6)
    "NVIDIA Drivers" = NVIDIA Drivers
    "OpenAL" = OpenAL
    "OpenSource Flash Video Splitter" = OpenSource Flash Video Splitter (remove only)
    "OrangeBox_is1" = 10.10.07 Compilation Date
    "osu!" = osu!
    "PDFCanvas V1.4" = PDFCanvas V1.4
    "Peggle Nights Deluxe 1.0" = Peggle Nights Deluxe 1.0
    "Pidgin" = Pidgin
    "Prism" = Prism Video Converter
    "PSP Video 9" = PSP Video 9 5.03
    "Puzzle Quest Galactrix1.00" = Puzzle Quest Galactrix
    "Puzzle Quest1.01" = Puzzle Quest
    "Rayman_is1" = Rayman
    "rayman2" = rayman2
    "RealMedia" = RealMedia (remove only)
    "RealPlayer 6.0" = RealPlayer
    "RivaTuner" = RivaTuner v2.24
    "RPG Maker VX" = RPG Maker VX 1.0
    "RPGƒcƒN[ƒ‹VX RTP_is1" = RPGƒcƒN[ƒ‹VX RTP
    "Runic Games Torchlight" = Torchlight
    "ScummVM_is1" = ScummVM 0.11.1
    "SHOUTcast Source" = SHOUTcast Source (remove only)
    "SoundTap" = SoundTap Streaming Audio Recorder
    "Steam App 11200" = Shadowgrounds Survivor
    "Steam App 12900" = Audiosurf
    "Steam App 18500" = Defense Grid: The Awakening
    "Steam App 2500" = Shadowgrounds
    "Steam App 25700" = Madballs in... Babo:Invasion
    "Steam App 26800" = Braid
    "Steam App 27800" = Space Giraffe
    "Steam App 32370" = Star Wars: Knights of the Old Republic
    "Steam App 32410" = Lucidity
    "Steam App 3720" = Evil Genius
    "Steam App 40700" = Machinarium
    "Steam App 440" = Team Fortress 2
    "Steam App 4570" = Warhammer 40,000: Dawn of War
    "Steam App 4580" = Warhammer 40,000: Dawn of War - Dark Crusade
    "Steam App 4700" = Medieval II: Total War
    "Steam App 6020" = Star Wars Jedi Knight: Jedi Academy
    "Steam App 6910" = Deus Ex: Game of the Year Edition
    "StepMania" = StepMania (remove only)
    "Switch" = Switch Sound File Converter
    "SWR English" = NSIS SWR English
    "SystemRequirementsLab" = System Requirements Lab
    "TigerGame XBOX+PS2+GC Game Controller Adapter" = TigerGame XBOX+PS2+GC Game Controller Adapter
    "UFO:Alien Invasion" = UFO:AI 2.2.1
    "Uninstall_is1" = Uninstall 1.0.0.1
    "VeryPDF PDF2TXT v3.2_is1" = VeryPDF PDF2TXT v3.2
    "VisiPics_is1" = VisiPics V1.30
    "VLC media player" = VLC media player 1.0.1
    "WavePad" = WavePad Sound Editor
    "Windows Media Format Runtime" = Windows Media Format Runtime
    "WinRAR archiver" = Compresor WinRAR
    "X-Com UFO Defense" = X-Com UFO Defense
    "XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
    "XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
    "XviD MPEG4 Video Codec" = XviD MPEG4 Video Codec (remove only)
    "YouTube Downloader App" = YouTube Downloader App 2.03
    "Ž®_‚̏éIII_is1" = Ž®_‚̏éIII
    "ZoomPlayer" = Zoom Player (remove only)
    "&#24335;&#31070;&#12398;&#22478;&#8545;_is1" = &#24335;&#31070;&#12398;&#22478;&#8545; 1.00
    "&#26089;&#33495;&#12398;&#22934;&#24618;&#36864;&#27835;&#25351;&#21335;" = &#26089;&#33495;&#12398;&#22934;&#24618;&#36864;&#27835;&#25351;&#21335;

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "DoW40K:Firestorm over Kronus Beta 3.5" = DoW40K:Firestorm over Kronus Beta 3.5
    "Google Chrome" = Google Chrome
    "QUICKMEDIACONVERTER" = Converter
    "uTorrent" = µTorrent

    ========== Last 10 Event Log Errors ==========

    [ Antivirus Events ]
    Error - 07/04/2010 11:55:28 | Computer Name = DAVID-EQUIPO1 | Source = avast! | ID = 33554522
    Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
    C:\Documents and Settings\David\Configuración local\Temp\scoped_dir15141\TEMP_INSTALL\filters.js
    failed, 00000005.

    Error - 07/04/2010 11:55:28 | Computer Name = DAVID-EQUIPO1 | Source = avast! | ID = 33554522
    Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
    C:\Documents and Settings\David\Configuración local\Temp\scoped_dir15141\TEMP_INSTALL\adblock.js
    failed, 00000005.

    Error - 07/04/2010 11:55:28 | Computer Name = DAVID-EQUIPO1 | Source = avast! | ID = 33554522
    Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
    C:\Documents and Settings\David\Configuración local\Temp\scoped_dir15141\TEMP_INSTALL\adblock_start.js
    failed, 00000005.

    Error - 07/04/2010 11:55:28 | Computer Name = DAVID-EQUIPO1 | Source = avast! | ID = 33554522
    Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
    C:\Documents and Settings\David\Configuración local\Temp\scoped_dir15141\TEMP_INSTALL\filtering\filterset.js
    failed, 00000005.

    Error - 07/04/2010 11:55:28 | Computer Name = DAVID-EQUIPO1 | Source = avast! | ID = 33554522
    Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
    C:\Documents and Settings\David\Configuración local\Temp\scoped_dir15141\TEMP_INSTALL\filtering\filtertypes.js
    failed, 00000005.

    Error - 07/04/2010 11:55:28 | Computer Name = DAVID-EQUIPO1 | Source = avast! | ID = 33554522
    Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
    C:\Documents and Settings\David\Configuración local\Temp\scoped_dir15141\TEMP_INSTALL\filtering\myfilters.js
    failed, 00000005.

    Error - 17/04/2010 14:49:03 | Computer Name = DAVID-EQUIPO1 | Source = avast! | ID = 33554522
    Description = Error in aswChestC: chestOpenList Error 1753.

    Error - 17/04/2010 14:49:03 | Computer Name = DAVID-EQUIPO1 | Source = avast! | ID = 33554522
    Description = aswChestInterface - Program error description: CChestListView::LoadFiles()
    chestOpenList() failed: 2147422219.

    Error - 17/04/2010 14:49:15 | Computer Name = DAVID-EQUIPO1 | Source = avast! | ID = 33554522
    Description = aswChestInterface - Program error description: CChestListView::OnCreate()
    !m_strErrorWnd.IsEmpty().

    Error - 17/04/2010 14:53:03 | Computer Name = DAVID-EQUIPO1 | Source = avast! | ID = 33554522
    Description = Internal error has occurred in module aswar scan function failed!,
    function 00000002.

    [ Application Events ]
    Error - 22/05/2009 6:54:04 | Computer Name = DAVID-EQUIPO1 | Source = Application Hang | ID = 1002
    Description = Aplicación que no responde: hl2.exe, versión 0.0.0.0, módulo que no
    responde hungapp, versión 0.0.0.0, dirección que no responde 0x00000000.

    Error - 24/05/2009 6:36:50 | Computer Name = DAVID-EQUIPO1 | Source = Application Error | ID = 1000
    Description = Aplicación con errores: explorer.exe, versión: 6.0.2900.5512, módulo
    con error: unknown, versión 0.0.0.0, dirección de error 0x04638d60.

    Error - 24/05/2009 6:50:37 | Computer Name = DAVID-EQUIPO1 | Source = Application Error | ID = 1000
    Description = Aplicación con errores: hl2.exe, versión: 0.0.0.0, módulo con error:
    unknown, versión 0.0.0.0, dirección de error 0x0cea3111.

    Error - 27/05/2009 10:54:46 | Computer Name = DAVID-EQUIPO1 | Source = Application Hang | ID = 1002
    Description = Aplicación que no responde: realplay.exe, versión 11.0.0.446, módulo
    que no responde hungapp, versión 0.0.0.0, dirección que no responde 0x00000000.

    Error - 03/06/2009 2:47:35 | Computer Name = DAVID-EQUIPO1 | Source = Application Error | ID = 1000
    Description = Aplicación con errores: hl2.exe, versión: 0.0.0.0, módulo con error:
    unknown, versión 0.0.0.0, dirección de error 0x0cea3111.

    Error - 07/06/2009 10:37:20 | Computer Name = DAVID-EQUIPO1 | Source = Application Error | ID = 1000
    Description = Aplicación con errores: th11e.exe, versión: 0.0.0.0, módulo con error:
    th11e.exe, versión 0.0.0.0, dirección de error 0x00037a7a.

    Error - 16/06/2009 12:38:56 | Computer Name = DAVID-EQUIPO1 | Source = Application Error | ID = 1000
    Description = Aplicación con errores: vlc.exe, versión: 0.8.6.0, módulo con error:
    libffmpeg_plugin.dll, versión 0.0.0.0, dirección de error 0x002164b0.

    Error - 18/06/2009 16:58:20 | Computer Name = DAVID-EQUIPO1 | Source = Application Error | ID = 1000
    Description = Aplicación con errores: explorer.exe, versión: 6.0.2900.5512, módulo
    con error: unknown, versión 0.0.0.0, dirección de error 0x042c54f0.

    Error - 04/07/2009 6:10:15 | Computer Name = DAVID-EQUIPO1 | Source = Application Error | ID = 1000
    Description = Aplicación con errores: imagineclient.exe, versión: 0.0.0.0, módulo
    con error: mss32.dll, versión 7.0.12.0, dirección de error 0x0004242d.

    Error - 05/07/2009 2:48:42 | Computer Name = DAVID-EQUIPO1 | Source = MsiInstaller | ID = 11931
    Description = Product: MSXML 6.0 Parser (KB925673) -- Error 1931. The Windows Installer
    service cannot update the system file C:\WINDOWS\system32\msxml6r.dll because the
    file is protected by Windows. You may need to update your operating system for
    this program to work correctly. Package version: 6.0.3883.0, OS Protected version:
    6.0.3883.0

    [ System Events ]
    Error - 19/04/2010 6:50:17 | Computer Name = DAVID-EQUIPO1 | Source = Ftdisk | ID = 262189
    Description = El sistema no pudo cargar el controlador del archivo de volcado.

    Error - 19/04/2010 6:50:17 | Computer Name = DAVID-EQUIPO1 | Source = Ftdisk | ID = 262193
    Description = Error en la configuración del archivo de paginación para el volcado.
    Asegúrese de que hay un archivo de paginación en la partición de inicio y de que
    ésta sea suficientemente grande como para contener toda la memoria física.

    Error - 19/04/2010 6:50:39 | Computer Name = DAVID-EQUIPO1 | Source = DCOM | ID = 10005
    Description = DCOM ha obtenido un error "%1084" al intentar iniciar el servicio
    EventSystem con argumentos "" para ejecutar el servidor: {1BE1F766-5536-11D1-B726-00C04FB926AF}

    Error - 19/04/2010 6:51:39 | Computer Name = DAVID-EQUIPO1 | Source = Service Control Manager | ID = 7001
    Description = El servicio Cliente DHCP depende del servicio NetBios a través de
    Tcpip, el cual no pudo iniciarse debido al siguiente error: %%31

    Error - 19/04/2010 6:51:39 | Computer Name = DAVID-EQUIPO1 | Source = Service Control Manager | ID = 7001
    Description = El servicio Cliente DNS depende del servicio Controlador de protocolo
    TCP/IP, el cual no pudo iniciarse debido al siguiente error: %%31

    Error - 19/04/2010 6:51:39 | Computer Name = DAVID-EQUIPO1 | Source = Service Control Manager | ID = 7001
    Description = El servicio Ayuda de NetBIOS sobre TCP/IP depende del servicio AFD,
    el cual no pudo iniciarse debido al siguiente error: %%31

    Error - 19/04/2010 6:51:39 | Computer Name = DAVID-EQUIPO1 | Source = Service Control Manager | ID = 7001
    Description = El servicio ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## depende
    del servicio Controlador de protocolo TCP/IP, el cual no pudo iniciarse debido
    al siguiente error: %%31

    Error - 19/04/2010 6:51:39 | Computer Name = DAVID-EQUIPO1 | Source = Service Control Manager | ID = 7001
    Description = El servicio Servicios IPSEC depende del servicio Controlador IPSEC,
    el cual no pudo iniciarse debido al siguiente error: %%31

    Error - 19/04/2010 6:51:39 | Computer Name = DAVID-EQUIPO1 | Source = Service Control Manager | ID = 7026
    Description = El controlador de inicialización siguiente no se cargó correctamente:
    Aavmker4 AFD AmdK8 aswSP aswTdi ATITool Fips IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV
    SASKUTIL
    Tcpip

    Error - 19/04/2010 6:51:59 | Computer Name = DAVID-EQUIPO1 | Source = DCOM | ID = 10005
    Description = DCOM ha obtenido un error "%1084" al intentar iniciar el servicio
    StiSvc con argumentos "" para ejecutar el servidor: {A1F4E726-8CF1-11D1-BF92-0060081ED811}


    < End of report >
     

    Attached Files:

  6. JSntgRvr

    JSntgRvr Retired Moderator and Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,552
    First Name:
    José
    Hi, Drascin :)

    • Please double-click OTL.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
    • Copy the lines in the quote below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    • Return to OTL, right click in the "Custom Scans/Fixes" window and choose Paste.
    • Click the red Run Fix button.
    • The computer will restart
    • A report will be produced and saved in the C:\_OTL\MovedFiles folder. Open that report and post its contents in a reply.
    Lets chck for file signatures.

    First verify that you can logon to the Windows Recovery Console.

    To do so, you must have the Recovery Console installed or use the Windows XP installation cd.

    How to install and use the Windows XP Recovery Console


    1. Next, please download maxlook, saving the file to your desktop.
    2. Double click maxlook.exe to run it. Note - you must run it only once!
    3. Restart the computer and logon to the Recovery Console.
    4. Execute the following bolded command at the x:\windows> prompt <--- the red x represents your operating system drive letter, usually C
    5. batch look.bat
      [​IMG]
    6. You will see 1 file copied many times then return to the x:\windows> prompt.
    7. Type Exit to restart your computer then logon in normal mode.
    8. Once in Windows, obtain an Internet Connection. This program must download a tool to check files' signatures.
    9. Then go to Start -> Run, copy and paste the following command in the run Box and Click OK
      "%Userprofile%\Desktop\maxlook.exe" -sig
    10. It will produce looklog.txt in the C:\ folder.
    11. Please post the results here.
     
  7. Drascin

    Drascin Thread Starter

    Joined:
    Apr 18, 2010
    Messages:
    32
    Again, thanks for all the help. You're a lifesaver :).

    Did all you said (had to do the maxlook thing twice because Avast intercepted it the first time, but otherwise no trouble). However, even after this Avast detects a virus in system memory (prompted me to reboot and do a boot scan).

    Anyway, here are the results:

    OTL:

    All processes killed
    ========== FILES ==========
    C:\WINDOWS\System32\mssrv32.exe moved successfully.
    C:\sqmdata00.sqm moved successfully.
    C:\sqmdata01.sqm moved successfully.
    C:\sqmdata02.sqm moved successfully.
    C:\sqmdata03.sqm moved successfully.
    C:\sqmdata04.sqm moved successfully.
    C:\sqmdata05.sqm moved successfully.
    C:\sqmdata06.sqm moved successfully.
    C:\sqmdata07.sqm moved successfully.
    C:\sqmdata08.sqm moved successfully.
    C:\sqmdata09.sqm moved successfully.
    C:\sqmdata10.sqm moved successfully.
    C:\sqmdata11.sqm moved successfully.
    C:\sqmdata12.sqm moved successfully.
    C:\sqmdata13.sqm moved successfully.
    C:\sqmdata14.sqm moved successfully.
    C:\sqmdata15.sqm moved successfully.
    C:\sqmdata16.sqm moved successfully.
    C:\sqmdata17.sqm moved successfully.
    C:\sqmdata18.sqm moved successfully.
    C:\sqmdata19.sqm moved successfully.
    C:\sqmnoopt00.sqm moved successfully.
    C:\sqmnoopt01.sqm moved successfully.
    C:\sqmnoopt02.sqm moved successfully.
    C:\sqmnoopt03.sqm moved successfully.
    C:\sqmnoopt04.sqm moved successfully.
    C:\sqmnoopt05.sqm moved successfully.
    C:\sqmnoopt06.sqm moved successfully.
    C:\sqmnoopt07.sqm moved successfully.
    C:\sqmnoopt08.sqm moved successfully.
    C:\sqmnoopt09.sqm moved successfully.
    C:\sqmnoopt10.sqm moved successfully.
    C:\sqmnoopt11.sqm moved successfully.
    C:\sqmnoopt12.sqm moved successfully.
    C:\sqmnoopt13.sqm moved successfully.
    C:\sqmnoopt14.sqm moved successfully.
    C:\sqmnoopt15.sqm moved successfully.
    C:\sqmnoopt16.sqm moved successfully.
    C:\sqmnoopt17.sqm moved successfully.
    C:\sqmnoopt18.sqm moved successfully.
    C:\sqmnoopt19.sqm moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: David
    ->Temp folder emptied: 247631 bytes
    ->Java cache emptied: 71160611 bytes
    ->FireFox cache emptied: 50803450 bytes
    ->Google Chrome cache emptied: 6922115 bytes
    ->Flash cache emptied: 145973 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes

    User: LocalService
    ->Temp folder emptied: 65984 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Flash cache emptied: 1203 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 2289873 bytes
    %systemroot%\System32 .tmp files removed: 3132253 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 120320 bytes
    RecycleBin emptied: 3618024 bytes

    Total Files Cleaned = 132,00 mb

    C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
    HOSTS file reset successfully

    OTL by OldTimer - Version 3.2.1.3 log created on 04192010_192808

    Files\Folders moved on Reboot...

    Registry entries deleted on Reboot...

    ==========================================

    Maxlook

    Code:
    Run from C:\Documents and Settings\David\Escritorio\maxlook.exe on 19/04/2010 at 19:49:09,73
    
    --------- maxlook unsigned files ---------
    
    c:\windows\maxdriver\ASPI32.SYS:
        Verified:    Unsigned
        File date:    10:05 17/07/2002
        Publisher:    Adaptec
        Description:    ASPI for WIN32 Kernel Driver
        Product:    Adaptec's ASPI Layer
        Version:    4.71 (0002)
        File version:    4.71 (0002) built by: WinDDK
    c:\windows\maxdriver\ATITool.sys:
        Verified:    Unsigned
        File date:    0:58 31/05/2005
        Publisher:    W1zzard
        Description:    ATITool Low-Level Driver
        Product:    ATITool Driver
        Version:    1.10
        File version:    1.10
    c:\windows\maxdriver\BrScnUsb.sys:
        Verified:    Unsigned
        File date:    12:50 15/10/2004
        Publisher:    Brother Industries Ltd.
        Description:    Brother USB Scanner Driver
        Product:    Brother MFC Scanner
        Version:    5.00.2195.1620
        File version:    1,0,2,1
    c:\windows\maxdriver\kbdclass.sys:
        Verified:    Unsigned
        File date:    7:25 14/04/2008
        Publisher:    n/a
        Description:    n/a
        Product:    n/a
        Version:    n/a
        File version:    n/a
    c:\windows\maxdriver\Maypro.sys:
        Verified:    Unsigned
        File date:    21:54 10/12/2009
        Publisher:    TigerGame.,Ltd
        Description:    Programmable Psx Pad Filter Driver
        Product:    
        Version:    1, 0, 0, 0
        File version:    1, 0, 0, 1
    c:\windows\maxdriver\mcdbus.sys:
        Verified:    Unsigned
        File date:    18:19 28/07/2008
        Publisher:    MagicISO, Inc.
        Description:    MagicISO SCSI Host Controller
        Product:    MagicISO SCSI Host Controller
        Version:    2.7.105.132
        File version:    2.7.105.132
    c:\windows\maxdriver\nchssvad.sys:
        Verified:    Unsigned
        File date:    0:15 28/11/2008
        Publisher:    NCH Swift Sound
        Description:    Virtual Audio Device
        Product:    NCH Swift Sound Virtual Audio Device
        Version:    1.0.0.0
        File version:    1.0.0.0
    c:\windows\maxdriver\pcouffin.sys:
        Verified:    Unsigned
        File date:    10:52 02/10/2008
        Publisher:    VSO Software
        Description:    low level access layer for CD/DVD/BD devices
        Product:    Patin couffin engine
        Version:    1.37
        File version:    1.37
    c:\windows\maxdriver\pnx.sys:
        Verified:    Unsigned
        File date:    1:12 27/11/2007
        Publisher:    TigerGame.,Ltd
        Description:    Programmable Psx Pad Filter Driver
        Product:    
        Version:    1, 0, 0, 0
        File version:    1, 0, 0, 1
    c:\windows\maxdriver\Xpad.sys:
        Verified:    Unsigned
        File date:    18:04 11/05/2006
        Publisher:    Beijing WiseGrup.,Ltd (gamepad.yeah.net)
        Description:    Xbox Gamepad USB Driver
        Product:    Xbox Gamepad USB Driver
        Version:    1.00
        File version:    1.00 built by: WinDDK
    
    --------- system32\drivers unsigned files ---------
    
    c:\windows\system32\drivers\ASPI32.SYS:
        Verified:    Unsigned
        File date:    10:05 17/07/2002
        Publisher:    Adaptec
        Description:    ASPI for WIN32 Kernel Driver
        Product:    Adaptec's ASPI Layer
        Version:    4.71 (0002)
        File version:    4.71 (0002) built by: WinDDK
    c:\windows\system32\drivers\ATITool.sys:
        Verified:    Unsigned
        File date:    0:58 31/05/2005
        Publisher:    W1zzard
        Description:    ATITool Low-Level Driver
        Product:    ATITool Driver
        Version:    1.10
        File version:    1.10
    c:\windows\system32\drivers\BrScnUsb.sys:
        Verified:    Unsigned
        File date:    12:50 15/10/2004
        Publisher:    Brother Industries Ltd.
        Description:    Brother USB Scanner Driver
        Product:    Brother MFC Scanner
        Version:    5.00.2195.1620
        File version:    1,0,2,1
    c:\windows\system32\drivers\Maypro.sys:
        Verified:    Unsigned
        File date:    21:54 10/12/2009
        Publisher:    TigerGame.,Ltd
        Description:    Programmable Psx Pad Filter Driver
        Product:    
        Version:    1, 0, 0, 0
        File version:    1, 0, 0, 1
    c:\windows\system32\drivers\mcdbus.sys:
        Verified:    Unsigned
        File date:    18:19 28/07/2008
        Publisher:    MagicISO, Inc.
        Description:    MagicISO SCSI Host Controller
        Product:    MagicISO SCSI Host Controller
        Version:    2.7.105.132
        File version:    2.7.105.132
    c:\windows\system32\drivers\nchssvad.sys:
        Verified:    Unsigned
        File date:    0:15 28/11/2008
        Publisher:    NCH Swift Sound
        Description:    Virtual Audio Device
        Product:    NCH Swift Sound Virtual Audio Device
        Version:    1.0.0.0
        File version:    1.0.0.0
    c:\windows\system32\drivers\pcouffin.sys:
        Verified:    Unsigned
        File date:    10:52 02/10/2008
        Publisher:    VSO Software
        Description:    low level access layer for CD/DVD/BD devices
        Product:    Patin couffin engine
        Version:    1.37
        File version:    1.37
    c:\windows\system32\drivers\pnx.sys:
        Verified:    Unsigned
        File date:    1:12 27/11/2007
        Publisher:    TigerGame.,Ltd
        Description:    Programmable Psx Pad Filter Driver
        Product:    
        Version:    1, 0, 0, 0
        File version:    1, 0, 0, 1
    c:\windows\system32\drivers\sptd.sys:
        Verified:    Error accessing file
        Publisher:    n/a
        Description:    n/a
        Product:    n/a
        Version:    n/a
        File version:    n/a
    c:\windows\system32\drivers\Xpad.sys:
        Verified:    Unsigned
        File date:    18:04 11/05/2006
        Publisher:    Beijing WiseGrup.,Ltd (gamepad.yeah.net)
        Description:    Xbox Gamepad USB Driver
        Product:    Xbox Gamepad USB Driver
        Version:    1.00
        File version:    1.00 built by: WinDDK
    
     
  8. JSntgRvr

    JSntgRvr Retired Moderator and Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,552
    First Name:
    José
    Hi, Drascin :)

    Lets try Combofix.

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      -----------------------------------------------------------​
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
        -----------------------------------------------------------​
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      -----------------------------------------------------------​
      • Copy the entire contents of the Quote Box below to Notepad.
      • Name the file as CFScript.txt
      • Change the Save as Type to All Files
      • and Save it on the desktop
      [​IMG]

      Once saved, referring to the picture above, drag CFScript.txt into ComboFix.exe.
    4. Install the Recovery Console if prompted.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt" .
    **Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

    Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
    Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.

    Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version.
     
  9. Drascin

    Drascin Thread Starter

    Joined:
    Apr 18, 2010
    Messages:
    32
    Thanks for the continued assistance :).

    Anyway, before I post the log, I feel I should tell you something, being I'm the newbie here. As I said, after previous reboot Avast asked for a boot scan. I gave it to it, not all that hopeful that it'd find anything it'd missed, but under the impression that it couldn't hurt. Well, I was suprised, since it did find and exterminate quite a bit of stuff... including that kbdclass.sys you mentioned in the script. So given I don't know whether it was part of the malware or something important, I felt I should mention it.

    In any case, Combofix just finished running right now. Here's the log:

    ComboFix 10-04-18.04 - David 19/04/2010 23:54:12.1.1 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.44.3082.18.1023.605 [GMT 2:00]
    Running from: c:\documents and settings\David\Escritorio\ComboFix.exe
    Command switches used :: c:\documents and settings\David\Escritorio\CFScript.txt
    AV: avast! antivirus 4.8.1368 [VPS 100419-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\$recycle.bin\S-1-5-21-841475680-113059695-924246174-1000
    c:\documents and settings\All Users\Documentos\Settings
    c:\documents and settings\All Users\Documentos\Settings\cbss.dll
    c:\documents and settings\David\Datos de programa\inst.exe
    c:\windows\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb
    c:\windows\look.bat
    c:\windows\system\olepro32.dll
    c:\windows\system32\404Fix.exe
    c:\windows\system32\Agent.OMZ.Fix.exe
    c:\windows\system32\dumphive.exe
    c:\windows\system32\IEDFix.C.exe
    c:\windows\system32\IEDFix.exe
    c:\windows\system32\o4Patch.exe
    c:\windows\system32\Process.exe
    c:\windows\system32\skinboxer43.dll
    c:\windows\system32\SrchSTS.exe
    c:\windows\system32\tmp.reg
    c:\windows\system32\uZQEtNDuIS.dll
    c:\windows\system32\VACFix.exe
    c:\windows\system32\VCCLSID.exe
    c:\windows\system32\WS2Fix.exe

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_MSUPDATE


    ((((((((((((((((((((((((( Files Created from 2010-03-19 to 2010-04-19 )))))))))))))))))))))))))))))))
    .

    2010-04-19 17:47 . 2010-02-26 15:26 220024 ----a-w- c:\windows\sigcheck.exe
    2010-04-19 17:32 . 2010-04-19 21:38 -------- d-----w- c:\windows\maxdriver
    2010-04-19 17:28 . 2010-04-19 17:28 -------- d-----w- C:\_OTL
    2010-04-18 10:14 . 2010-04-18 10:14 -------- d-----w- c:\archivos de programa\TrendMicro
    2010-04-18 07:34 . 2010-04-18 07:34 -------- d-----w- c:\documents and settings\All Users\Datos de programa\SUPERAntiSpyware.com
    2010-04-18 07:34 . 2010-04-18 07:34 -------- d-----w- c:\archivos de programa\SUPERAntiSpyware
    2010-04-18 07:34 . 2010-04-18 07:34 -------- d-----w- c:\documents and settings\David\Datos de programa\SUPERAntiSpyware.com
    2010-04-18 06:59 . 2010-04-18 06:59 664 ----a-w- c:\windows\system32\d3d9caps.dat
    2010-04-17 07:43 . 2010-04-17 07:43 -------- d-s---w- c:\documents and settings\NetworkService\UserData
    2010-04-17 07:36 . 2010-04-17 07:36 127488 ----a-w- c:\windows\system32\wcardspc.exe
    2010-04-16 15:53 . 2010-04-16 15:59 -------- d-----w- c:\documents and settings\David\Datos de programa\Stardock
    2010-04-16 15:52 . 2010-04-16 15:52 -------- d-----w- c:\documents and settings\All Users\Men?Inicio
    2010-04-16 15:52 . 2010-04-16 15:52 -------- d-----w- c:\documents and settings\All Users\Datos de programa\Stardock
    2010-04-16 15:52 . 2010-04-16 15:52 -------- d-----w- c:\archivos de programa\Stardock
    2010-04-16 15:52 . 2010-04-16 15:53 -------- dc-h--w- c:\documents and settings\All Users\Datos de programa\{0D3F1181-2990-450C-9561-37F58E771480}
    2010-04-09 13:51 . 2006-02-27 09:45 36864 ----a-w- c:\windows\system32\SDDEVMGR.dll
    2010-03-24 14:06 . 2010-03-24 14:06 -------- d-----w- c:\archivos de programa\Mayflash Wii Classic Controller Box
    2010-03-24 14:06 . 2009-12-10 19:54 11904 ----a-w- c:\windows\system32\drivers\Maypro.sys
    2010-03-24 14:06 . 2009-12-08 21:04 299008 ----a-w- c:\windows\system32\Projoycpl.dll
    2010-03-24 14:06 . 2009-12-07 21:02 9728 ----a-w- c:\windows\Wii DriverLoader.exe

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-04-18 10:14 . 2010-04-18 10:14 388096 ----a-r- c:\documents and settings\David\Datos de programa\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
    2010-04-18 07:35 . 2010-04-18 07:35 52224 ----a-w- c:\documents and settings\David\Datos de programa\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
    2010-04-18 07:35 . 2010-04-18 07:35 117760 ----a-w- c:\documents and settings\David\Datos de programa\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
    2010-04-16 20:25 . 2008-06-25 14:47 -------- d-----w- c:\documents and settings\David\Datos de programa\uTorrent
    2010-04-15 16:24 . 2009-04-21 14:33 -------- d-----w- c:\archivos de programa\Zoom Player
    2010-04-15 16:21 . 2009-09-07 08:25 -------- d-----w- c:\documents and settings\David\Datos de programa\vlc
    2010-04-14 17:44 . 2010-04-16 15:53 3145736 -c--a-w- c:\documents and settings\All Users\Datos de programa\{0D3F1181-2990-450C-9561-37F58E771480}\Impulse_setup.exe
    2010-04-13 18:36 . 2010-04-16 15:51 1119536 -c--a-w- c:\documents and settings\All Users\Datos de programa\{0D3F1181-2990-450C-9561-37F58E771480}\OFFLINE\86D01CB6\12FD35EB\impulse.dll
    2010-04-13 18:35 . 2010-04-16 15:51 30000 -c--a-w- c:\documents and settings\All Users\Datos de programa\{0D3F1181-2990-450C-9561-37F58E771480}\OFFLINE\86D01CB6\757C30BC\SDSecurity.dll
    2010-04-13 18:35 . 2010-04-16 15:51 468272 -c--a-w- c:\documents and settings\All Users\Datos de programa\{0D3F1181-2990-450C-9561-37F58E771480}\OFFLINE\86D01CB6\757C30BC\ImpulseNow.exe
    2010-04-13 18:34 . 2010-04-16 15:51 868144 -c--a-w- c:\documents and settings\All Users\Datos de programa\{0D3F1181-2990-450C-9561-37F58E771480}\OFFLINE\86D01CB6\597810BF\7z.dll
    2010-04-13 18:31 . 2010-04-16 15:51 9072 -c--a-w- c:\documents and settings\All Users\Datos de programa\{0D3F1181-2990-450C-9561-37F58E771480}\OFFLINE\86D01CB6\7A63466D\Sd.Irc.resources.dll
    2010-04-12 07:26 . 2008-06-30 19:53 181096 ----a-w- c:\documents and settings\David\Datos de programa\Mozilla\Firefox\Profiles\2nt5v8yv.default\FlashGot.exe
    2010-04-09 13:51 . 2008-06-25 08:32 -------- d--h--w- c:\archivos de programa\InstallShield Installation Information
    2010-04-05 10:35 . 2008-10-02 08:52 -------- d-----w- c:\documents and settings\David\Datos de programa\Vso
    2010-04-03 19:23 . 2008-10-30 21:31 -------- d-----w- c:\documents and settings\David\Datos de programa\AIMP
    2010-04-01 23:04 . 2008-12-15 12:54 -------- d-----w- c:\documents and settings\David\Datos de programa\foobar2000
    2010-03-31 17:23 . 2008-06-25 13:29 -------- d-----w- c:\archivos de programa\Archivos comunes\Java
    2010-03-31 17:19 . 2010-03-31 17:19 503808 ----a-w- c:\documents and settings\David\Datos de programa\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-7729c4e3-n\msvcp71.dll
    2010-03-31 17:19 . 2010-03-31 17:19 499712 ----a-w- c:\documents and settings\David\Datos de programa\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-7729c4e3-n\jmc.dll
    2010-03-31 17:19 . 2010-03-31 17:19 348160 ----a-w- c:\documents and settings\David\Datos de programa\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-7729c4e3-n\msvcr71.dll
    2010-03-31 17:19 . 2010-03-31 17:19 61440 ----a-w- c:\documents and settings\David\Datos de programa\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-15d67811-n\decora-sse.dll
    2010-03-31 17:19 . 2010-03-31 17:19 12800 ----a-w- c:\documents and settings\David\Datos de programa\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-15d67811-n\decora-d3d.dll
    2010-03-31 17:19 . 2008-06-25 13:32 -------- d-----w- c:\archivos de programa\Java
    2010-03-28 08:25 . 2007-10-20 00:00 90852 ----a-w- c:\windows\system32\perfc00A.dat
    2010-03-28 08:25 . 2007-10-20 00:00 505430 ----a-w- c:\windows\system32\perfh00A.dat
    2010-03-20 12:04 . 2010-03-20 12:04 -------- d-----w- c:\documents and settings\David\Datos de programa\UFOAI
    2010-03-17 16:08 . 2010-04-16 15:51 87344 -c--a-w- c:\documents and settings\All Users\Datos de programa\{0D3F1181-2990-450C-9561-37F58E771480}\OFFLINE\86D01CB6\597810BF\Microsoft.WindowsAPICodePack.dll
    2010-03-17 16:08 . 2010-04-16 15:51 491312 -c--a-w- c:\documents and settings\All Users\Datos de programa\{0D3F1181-2990-450C-9561-37F58E771480}\OFFLINE\86D01CB6\597810BF\Microsoft.WindowsAPICodePack.Shell.dll
    2010-03-14 11:11 . 2010-03-14 11:11 -------- d-----w- c:\documents and settings\David\Datos de programa\ShanghaiAlice
    2010-03-11 17:01 . 2010-03-11 17:01 136 ----a-w- c:\windows\UNlock.dat
    2010-03-11 16:33 . 2010-02-20 11:13 -------- d-----w- c:\documents and settings\David\Datos de programa\Foxit Software
    2010-03-11 08:24 . 2008-06-25 14:47 -------- d-----w- c:\archivos de programa\uTorrent
    2010-03-10 11:45 . 2008-08-28 07:48 -------- d-----w- c:\archivos de programa\SystemRequirementsLab
    2010-03-09 02:28 . 2008-10-13 05:36 411368 ----a-w- c:\windows\system32\deploytk.dll
    2010-02-21 11:27 . 2010-02-21 11:27 -------- d-----w- c:\windows\system32\config\systemprofile\Datos de programa\Foxit Software
    2010-02-20 11:12 . 2010-02-20 11:12 -------- d-----w- c:\documents and settings\LocalService\Datos de programa\Foxit Software
    2010-02-17 22:46 . 2010-04-16 15:51 38192 -c--a-w- c:\documents and settings\All Users\Datos de programa\{0D3F1181-2990-450C-9561-37F58E771480}\OFFLINE\86D01CB6\597810BF\Interop.ShockwaveFlashObjects.dll
    2010-02-17 22:45 . 2010-04-16 15:51 34096 -c--a-w- c:\documents and settings\All Users\Datos de programa\{0D3F1181-2990-450C-9561-37F58E771480}\OFFLINE\86D01CB6\597810BF\AxInterop.ShockwaveFlashObjects.dll
    2010-02-12 21:17 . 2010-02-12 21:17 152576 ----a-w- c:\documents and settings\David\Datos de programa\Sun\Java\jre1.6.0_17\lzma.dll
    2010-02-12 21:17 . 2009-11-09 17:56 79488 ----a-w- c:\documents and settings\David\Datos de programa\Sun\Java\jre1.6.0_17\gtapi.dll
    2010-02-04 09:01 . 2010-03-16 10:44 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
    2010-02-04 09:01 . 2010-03-16 10:44 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
    2010-02-04 09:01 . 2010-03-16 10:44 238936 ----a-w- c:\windows\system32\xactengine3_6.dll
    2010-02-04 09:01 . 2010-03-16 10:44 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
    2010-01-31 13:35 . 2008-11-22 10:41 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SpybotSD TeaTimer"="c:\archivos de programa\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
    "DAEMON Tools Lite"="c:\archivos de programa\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]
    "EvJOWall"="c:\archivos de programa\EvJOSoft\Wallpaper Changer\EvJOWall.exe" [2008-05-26 3908608]
    "AlcoholAutomount"="c:\archivos de programa\Alcohol Soft\Alcohol 120\axcmd.exe" [2009-04-24 203928]
    "Google Update"="c:\documents and settings\David\Configuración local\Datos de programa\Google\Update\GoogleUpdate.exe" [2010-04-07 136176]
    "SUPERAntiSpyware"="c:\archivos de programa\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-04-01 2010864]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SoundMan"="SOUNDMAN.EXE" [2006-01-11 577536]
    "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2007-10-20 208952]
    "MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2007-10-20 59392]
    "avast!"="c:\archiv~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-10 13758464]
    "nwiz"="nwiz.exe" [2009-06-10 1657376]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-06-10 86016]
    "SunJavaUpdateSched"="c:\archivos de programa\Archivos comunes\Java\Java Update\jusched.exe" [2010-02-18 248040]
    "Adobe Reader Speed Launcher"="c:\archivos de programa\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-04-02 40368]
    "Adobe ARM"="c:\archivos de programa\Archivos comunes\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\archivos de programa\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2009-09-03 13:21 548352 ----a-w- c:\archivos de programa\SUPERAntiSpyware\SASWINLO.dll

    [HKLM\~\startupfolder\C:^Documents and Settings^David^Menú Inicio^Programas^Inicio^Adobe Gamma.lnk]
    path=c:\documents and settings\David\Menú Inicio\Programas\Inicio\Adobe Gamma.lnk
    backup=c:\windows\pss\Adobe Gamma.lnkStartup

    [HKLM\~\startupfolder\C:^Documents and Settings^David^Menú Inicio^Programas^Inicio^RollerCoaster Tycoon 3 Registration.lnk]
    path=c:\documents and settings\David\Menú Inicio\Programas\Inicio\RollerCoaster Tycoon 3 Registration.lnk
    backup=c:\windows\pss\RollerCoaster Tycoon 3 Registration.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
    c:\windows\system32\dumprep 0 -k [X]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2010-03-24 18:17 952768 ----a-w- c:\archivos de programa\Archivos comunes\Adobe\ARM\1.0\AdobeARM.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2010-04-02 18:05 40368 ----a-w- c:\archivos de programa\Adobe\Reader 8.0\Reader\reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
    2007-10-18 09:34 5724184 ----a-w- c:\archivos de programa\Windows Live\Messenger\msnmsgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
    2007-10-20 00:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
    2007-10-20 00:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "NMIndexingService"=3 (0x3)
    "Nero BackItUp Scheduler 3"=2 (0x2)
    "ekrn"=2 (0x2)
    "EhttpSrv"=3 (0x3)
    "usnjsvc"=3 (0x3)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "Adobe Reader Speed Launcher"="c:\archivos de programa\Adobe\Reader 8.0\Reader\Reader_sl.exe"

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Archivos de programa\\uTorrent\\uTorrent.exe"=
    "c:\\Archivos de programa\\Messenger\\msmsgs.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Archivos de programa\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Archivos de programa\\Windows Live\\Messenger\\livecall.exe"=
    "c:\\Archivos de programa\\Mozilla Firefox\\firefox.exe"=
    "c:\\Archivos de programa\\Bonjour\\mDNSResponder.exe"=
    "c:\\Games\\FreeSpace2\\fs2_open_3_6_9.exe"=
    "c:\\Archivos de programa\\OrangeBox\\hl2.exe"=
    "c:\\Archivos de programa\\Valve\\Steam\\SteamApps\\User\\Half-Life 2\\hl2.exe"=
    "c:\\Archivos de programa\\bmoworld\\BomberMan.exe"=
    "c:\\Archivos de programa\\Worms 4\\WORMS 4 MAYHEM.EXE"=
    "c:\\Program Files\\Fantasy Grounds II\\FantasyGrounds.exe"=
    "c:\\Documents and Settings\\David\\Escritorio\\Utilidades\\eclipse\\eclipse.exe"=
    "c:\\Archivos de programa\\Ventrilo\\Ventrilo.exe"=
    "c:\\Archivos de programa\\VentSrv\\ventrilo_srv.exe"=
    "c:\\Archivos de programa\\Valve\\Steam\\SteamApps\\drascin\\team fortress 2\\hl2.exe"=
    "c:\\Archivos de programa\\CAPCOM\\STREETFIGHTERIV\\StreetFighterIV.exe"=
    "c:\\Archivos de programa\\Java\\jre6\\bin\\javaw.exe"=
    "c:\\Archivos de programa\\Java\\jre6\\bin\\java.exe"=
    "c:\\Archivos de programa\\mIRC\\mirc.exe"=
    "c:\\Archivos de programa\\Dragon Age\\bin_ship\\daorigins.exe"=
    "c:\\Archivos de programa\\Dragon Age\\DAOriginsLauncher.exe"=
    "c:\\Archivos de programa\\Dragon Age\\bin_ship\\daupdatersvc.service.exe"=
    "c:\\Archivos de programa\\Valve\\Steam\\SteamApps\\common\\baboinvasion\\BaboInvasion.exe"=
    "c:\\Archivos de programa\\Valve\\Steam\\SteamApps\\common\\deus ex\\System\\DeusEx.exe"=
    "c:\\Archivos de programa\\Valve\\Steam\\SteamApps\\common\\defensegridtheawakening\\DefenseGrid.exe"=
    "p:\\Archivos de programa\\GreedyTorrent\\GTor.exe"=
    "p:\\Archivos de programa\\CAPCOM\\LOSTPLANETCOLONIES\\LostPlanetColoniesDX9.exe"=
    "p:\\Archivos de programa\\CAPCOM\\LOSTPLANETCOLONIES\\LostPlanetColoniesDX10.exe"=

    R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [22/11/2008 12:41 721904]
    R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [30/06/2008 10:19 114768]
    R1 SASDIFSV;SASDIFSV;c:\archivos de programa\SUPERAntiSpyware\sasdifsv.sys [17/02/2010 11:25 12872]
    R1 SASKUTIL;SASKUTIL;c:\archivos de programa\SUPERAntiSpyware\SASKUTIL.SYS [17/02/2010 11:15 66632]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [30/06/2008 10:19 20560]
    R3 MayPro;TigerGame SuperJoy Box Pro Filter Service;c:\windows\system32\drivers\Maypro.sys [24/03/2010 16:06 11904]
    R3 SASENUM;SASENUM;c:\archivos de programa\SUPERAntiSpyware\SASENUM.SYS [17/02/2010 11:15 12872]
    S2 hklkqgnd;USB Bus rd908 Controller;c:\windows\System32\svchost.exe -k netsvcs [20/10/2007 2:00 14336]
    S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [28/11/2008 0:04 16512]
    S3 DAUpdaterSvc;Dragon Age: Origins - Programa de actualización de contenido;c:\archivos de programa\Dragon Age\bin_ship\daupdatersvc.service.exe [06/11/2009 20:07 25832]
    S3 pnx;PS NGC XBOX Filter Service;c:\windows\system32\drivers\pnx.sys [04/02/2010 13:49 13824]
    S3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [22/10/2009 20:16 16456]
    S3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [22/10/2009 20:16 11088]
    S3 ZD1211U(3COM Corporation);3COM OfficeConnect Wireless 11g Compact USB Adapter(3COM Corporation);c:\windows\system32\DRIVERS\zd1211u.sys --> c:\windows\system32\DRIVERS\zd1211u.sys [?]

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    hklkqgnd
    .
    Contents of the 'Scheduled Tasks' folder
    .
    .
    ------- Supplementary Scan -------
    .
    uInternet Settings,ProxyOverride = *.local
    IE: Enlace de descarga usando Mega Manager... - c:\archivos de programa\Megaupload\Mega Manager\mm_file.htm
    TCP: {02C46A71-9ADD-43D5-A6A7-DF94A45B5638} = 62.151.2.8,62.151.8.100
    TCP: {7E19EB13-7095-4389-94B4-AA9ECDEDB683} = 62.14.4.64,62.14.4.65
    FF - ProfilePath - c:\documents and settings\David\Datos de programa\Mozilla\Firefox\Profiles\2nt5v8yv.default\
    FF - component: c:\documents and settings\David\Datos de programa\Mozilla\Firefox\Profiles\2nt5v8yv.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
    FF - plugin: c:\archivos de programa\Download Manager\npfpdlm.dll
    FF - plugin: c:\archivos de programa\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
    FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nppl3260.dll
    FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprjplug.dll
    FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprpjplug.dll

    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.homepage.dontask - truec:\archivos de programa\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
    c:\archivos de programa\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
    c:\archivos de programa\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
    c:\archivos de programa\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
    c:\archivos de programa\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
    c:\archivos de programa\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
    c:\archivos de programa\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
    c:\archivos de programa\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
    c:\archivos de programa\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
    c:\archivos de programa\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
    c:\archivos de programa\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
    c:\archivos de programa\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
    c:\archivos de programa\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
    c:\archivos de programa\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
    c:\archivos de programa\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
    c:\archivos de programa\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
    c:\archivos de programa\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
    c:\archivos de programa\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
    c:\archivos de programa\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
    c:\archivos de programa\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
    c:\archivos de programa\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
    c:\archivos de programa\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
    c:\archivos de programa\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
    c:\archivos de programa\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
    c:\archivos de programa\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
    c:\archivos de programa\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
    c:\archivos de programa\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
    c:\archivos de programa\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
    c:\archivos de programa\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
    c:\archivos de programa\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
    c:\archivos de programa\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
    c:\archivos de programa\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
    .
    - - - - ORPHANS REMOVED - - - -

    BHO-{639E374D-0FC4-466E-9C9C-32010A87088F} - c:\windows\system32\sumfkax.dll
    ShellIconOverlayIdentifiers-{639E374D-0FC4-466E-9C9C-32010A87088F} - c:\windows\system32\sumfkax.dll
    Notify-cbssreg - (no file)
    MSConfigStartUp-Steam - j:\steam\steam.exe
    AddRemove-Steam App 11200 - j:\steam\steam.exe
    AddRemove-Steam App 12900 - j:\steam\steam.exe
    AddRemove-Steam App 18500 - c:\archivos de programa\Valve\Steam\steam.exe
    AddRemove-Steam App 2500 - j:\steam\steam.exe
    AddRemove-Steam App 25700 - c:\archivos de programa\Valve\Steam\steam.exe
    AddRemove-Steam App 26800 - c:\archivos de programa\Valve\Steam\steam.exe
    AddRemove-Steam App 27800 - j:\steam\steam.exe
    AddRemove-Steam App 32370 - j:\steam\steam.exe
    AddRemove-Steam App 32410 - j:\steam\steam.exe
    AddRemove-Steam App 3720 - j:\steam\steam.exe
    AddRemove-Steam App 40700 - j:\steam\steam.exe
    AddRemove-Steam App 440 - c:\archivos de programa\Valve\Steam\steam.exe
    AddRemove-Steam App 4570 - j:\steam\steam.exe
    AddRemove-Steam App 4580 - j:\steam\steam.exe
    AddRemove-Steam App 4700 - j:\steam\steam.exe
    AddRemove-Steam App 6020 - j:\steam\steam.exe
    AddRemove-Steam App 6910 - c:\archivos de programa\Valve\Steam\steam.exe
    AddRemove-DoW40K:Firestorm over Kronus Beta 3.5 - j:\steam\steamapps\common\dawn of war dark crusade\Uninstal FoK Beta 3point5.exe



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-04-20 00:07
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

    device: opened successfully
    user: MBR read successfully
    called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spes.sys >>UNKNOWN [0x86592938]<<
    kernel: MBR read successfully
    detected MBR rootkit hooks:
    \Driver\Disk -> CLASSPNP.SYS @ 0xf74ebf28
    \Driver\ACPI -> ACPI.sys @ 0xf7233cb8
    \Driver\atapi -> atapi.sys @ 0xf71d9b40
    IoDeviceObjectType -> SecurityProcedure -> ntkrnlpa.exe @ 0x80579188
    \Device\Harddisk0\DR0 -> SecurityProcedure -> ntkrnlpa.exe @ 0x80579188
    NDIS: NVIDIA nForce Networking Controller -> SendCompleteHandler -> NDIS.sys @ 0xf70cbbb0
    PacketIndicateHandler -> NDIS.sys @ 0xf70baa0d
    SendHandler -> NDIS.sys @ 0xf70ceb40
    user & kernel MBR OK
    copy of MBR has been found in sector 61 !

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(752)
    c:\archivos de programa\SUPERAntiSpyware\SASWINLO.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\nvsvc32.exe
    c:\archivos de programa\Alwil Software\Avast4\aswUpdSv.exe
    c:\archivos de programa\Alwil Software\Avast4\ashServ.exe
    c:\windows\SOUNDMAN.EXE
    c:\windows\system32\brss01a.exe
    c:\windows\system32\RUNDLL32.EXE
    c:\archivos de programa\Bonjour\mDNSResponder.exe
    c:\archivos de programa\Java\jre6\bin\jqs.exe
    c:\archivos de programa\MagicDisc\MagicDisc.exe
    c:\documents and settings\David\Configuración local\Datos de programa\Google\Update\1.2.183.23\GoogleCrashHandler.exe
    c:\archivos de programa\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    c:\windows\system32\wdfmgr.exe
    c:\windows\system32\wscntfy.exe
    c:\windows\system32\wbem\wmiapsrv.exe
    .
    **************************************************************************
    .
    Completion time: 2010-04-20 00:15:52 - machine was rebooted
    ComboFix-quarantined-files.txt 2010-04-19 22:15

    Pre-Run: 27.932.065.792 bytes libres
    Post-Run: 27.799.482.368 bytes libres

    - - End Of File - - B5FC1C23EAA590D6044B516D7E3466BF
     
  10. JSntgRvr

    JSntgRvr Retired Moderator and Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,552
    First Name:
    José
    Lets check that again.

    First go to Start -> Run, copy and paste the following command in the run Box and Click OK

    "%Userprofile%\Desktop\maxlook.exe" -cleanup

    It will remove the maxlook files. Then proceed as follows:
    1. Double click maxlook.exe to run it. Note - you must run it only once!
    2. Restart the computer and logon to the Recovery Console.
    3. Execute the following bolded command at the x:\windows> prompt <--- the red x represents your operating system drive letter, usually C
    4. batch look.bat
      [​IMG]
    5. You will see 1 file copied many times then return to the x:\windows> prompt.
    6. Type Exit to restart your computer then logon in normal mode.
    7. Once in Windows, obtain an Internet Connection. This program must download a tool to check files' signatures.
    8. Then go to Start -> Run, copy and paste the following command in the run Box and Click OK
      "%Userprofile%\Desktop\maxlook.exe" -sig
    9. It will produce looklog.txt in the C:\ folder.
    10. Please post the results here.
     
  11. Drascin

    Drascin Thread Starter

    Joined:
    Apr 18, 2010
    Messages:
    32
    Alright, did it. Here's the log:


    Code:
    Run from C:\Documents and Settings\David\Escritorio\maxlook.exe on 20/04/2010 at 10:32:10,84
    
    --------- maxlook unsigned files ---------
    
    c:\windows\maxdriver\ASPI32.SYS:
        Verified:    Unsigned
        File date:    10:05 17/07/2002
        Publisher:    Adaptec
        Description:    ASPI for WIN32 Kernel Driver
        Product:    Adaptec's ASPI Layer
        Version:    4.71 (0002)
        File version:    4.71 (0002) built by: WinDDK
    c:\windows\maxdriver\ATITool.sys:
        Verified:    Unsigned
        File date:    0:58 31/05/2005
        Publisher:    W1zzard
        Description:    ATITool Low-Level Driver
        Product:    ATITool Driver
        Version:    1.10
        File version:    1.10
    c:\windows\maxdriver\BrScnUsb.sys:
        Verified:    Unsigned
        File date:    12:50 15/10/2004
        Publisher:    Brother Industries Ltd.
        Description:    Brother USB Scanner Driver
        Product:    Brother MFC Scanner
        Version:    5.00.2195.1620
        File version:    1,0,2,1
    c:\windows\maxdriver\kbdclass.sys:
        Verified:    Unsigned
        File date:    7:25 14/04/2008
        Publisher:    n/a
        Description:    n/a
        Product:    n/a
        Version:    n/a
        File version:    n/a
    c:\windows\maxdriver\Maypro.sys:
        Verified:    Unsigned
        File date:    21:54 10/12/2009
        Publisher:    TigerGame.,Ltd
        Description:    Programmable Psx Pad Filter Driver
        Product:    
        Version:    1, 0, 0, 0
        File version:    1, 0, 0, 1
    c:\windows\maxdriver\mcdbus.sys:
        Verified:    Unsigned
        File date:    18:19 28/07/2008
        Publisher:    MagicISO, Inc.
        Description:    MagicISO SCSI Host Controller
        Product:    MagicISO SCSI Host Controller
        Version:    2.7.105.132
        File version:    2.7.105.132
    c:\windows\maxdriver\nchssvad.sys:
        Verified:    Unsigned
        File date:    0:15 28/11/2008
        Publisher:    NCH Swift Sound
        Description:    Virtual Audio Device
        Product:    NCH Swift Sound Virtual Audio Device
        Version:    1.0.0.0
        File version:    1.0.0.0
    c:\windows\maxdriver\pcouffin.sys:
        Verified:    Unsigned
        File date:    10:52 02/10/2008
        Publisher:    VSO Software
        Description:    low level access layer for CD/DVD/BD devices
        Product:    Patin couffin engine
        Version:    1.37
        File version:    1.37
    c:\windows\maxdriver\pnx.sys:
        Verified:    Unsigned
        File date:    1:12 27/11/2007
        Publisher:    TigerGame.,Ltd
        Description:    Programmable Psx Pad Filter Driver
        Product:    
        Version:    1, 0, 0, 0
        File version:    1, 0, 0, 1
    c:\windows\maxdriver\Xpad.sys:
        Verified:    Unsigned
        File date:    18:04 11/05/2006
        Publisher:    Beijing WiseGrup.,Ltd (gamepad.yeah.net)
        Description:    Xbox Gamepad USB Driver
        Product:    Xbox Gamepad USB Driver
        Version:    1.00
        File version:    1.00 built by: WinDDK
    
    --------- system32\drivers unsigned files ---------
    
    c:\windows\system32\drivers\ASPI32.SYS:
        Verified:    Unsigned
        File date:    10:05 17/07/2002
        Publisher:    Adaptec
        Description:    ASPI for WIN32 Kernel Driver
        Product:    Adaptec's ASPI Layer
        Version:    4.71 (0002)
        File version:    4.71 (0002) built by: WinDDK
    c:\windows\system32\drivers\ATITool.sys:
        Verified:    Unsigned
        File date:    0:58 31/05/2005
        Publisher:    W1zzard
        Description:    ATITool Low-Level Driver
        Product:    ATITool Driver
        Version:    1.10
        File version:    1.10
    c:\windows\system32\drivers\BrScnUsb.sys:
        Verified:    Unsigned
        File date:    12:50 15/10/2004
        Publisher:    Brother Industries Ltd.
        Description:    Brother USB Scanner Driver
        Product:    Brother MFC Scanner
        Version:    5.00.2195.1620
        File version:    1,0,2,1
    c:\windows\system32\drivers\Maypro.sys:
        Verified:    Unsigned
        File date:    21:54 10/12/2009
        Publisher:    TigerGame.,Ltd
        Description:    Programmable Psx Pad Filter Driver
        Product:    
        Version:    1, 0, 0, 0
        File version:    1, 0, 0, 1
    c:\windows\system32\drivers\mcdbus.sys:
        Verified:    Unsigned
        File date:    18:19 28/07/2008
        Publisher:    MagicISO, Inc.
        Description:    MagicISO SCSI Host Controller
        Product:    MagicISO SCSI Host Controller
        Version:    2.7.105.132
        File version:    2.7.105.132
    c:\windows\system32\drivers\nchssvad.sys:
        Verified:    Unsigned
        File date:    0:15 28/11/2008
        Publisher:    NCH Swift Sound
        Description:    Virtual Audio Device
        Product:    NCH Swift Sound Virtual Audio Device
        Version:    1.0.0.0
        File version:    1.0.0.0
    c:\windows\system32\drivers\pcouffin.sys:
        Verified:    Unsigned
        File date:    10:52 02/10/2008
        Publisher:    VSO Software
        Description:    low level access layer for CD/DVD/BD devices
        Product:    Patin couffin engine
        Version:    1.37
        File version:    1.37
    c:\windows\system32\drivers\pnx.sys:
        Verified:    Unsigned
        File date:    1:12 27/11/2007
        Publisher:    TigerGame.,Ltd
        Description:    Programmable Psx Pad Filter Driver
        Product:    
        Version:    1, 0, 0, 0
        File version:    1, 0, 0, 1
    c:\windows\system32\drivers\sptd.sys:
        Verified:    Error accessing file
        Publisher:    n/a
        Description:    n/a
        Product:    n/a
        Version:    n/a
        File version:    n/a
    c:\windows\system32\drivers\Xpad.sys:
        Verified:    Unsigned
        File date:    18:04 11/05/2006
        Publisher:    Beijing WiseGrup.,Ltd (gamepad.yeah.net)
        Description:    Xbox Gamepad USB Driver
        Product:    Xbox Gamepad USB Driver
        Version:    1.00
        File version:    1.00 built by: WinDDK
    
    EDIT: also, I tried turning the computer on without safeboot to do this and then left it on, to see if it kept causing the same warnings. It worked fine for very long, which is a certain improvement over the previous "new virus found in the temp folder every five minutes" paradigm... but a while afterwards, it found kbdclass.sys as infected with Win32/Alureon-FZ, and moving it to the chest only caused it to remake itself and cause a warning again.
     
  12. JSntgRvr

    JSntgRvr Retired Moderator and Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,552
    First Name:
    José
    Still patched.

    Lets identify the instances of this file.
    • Launch OTL.exe. Make sure all other windows are closed and to let it run uninterrupted.
    • OTL should now start.
      • Leave settings as they appear as default.
    • Under the Custom Scan box paste this in


      /md5start
      kbdclass.sys
      /md5stop

    • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
      • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt (first run only). These are saved in the same location as OTL.
      • Please post the contents of these files in your next reply.
     
  13. Drascin

    Drascin Thread Starter

    Joined:
    Apr 18, 2010
    Messages:
    32
    Alright, doing it right now.

    Here is the OTL file that opened up. However, I feel I should mention my keyboard doesn't work now, apparently.


    OTL logfile created on: 20/04/2010 17:52:30 - Run 2
    OTL by OldTimer - Version 3.2.1.3 Folder = C:\Documents and Settings\David\Escritorio
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 6.0.2900.5512)
    Locale: 00000C0A | Country: España | Language: ESN | Date Format: dd/MM/yyyy

    1.023,00 Mb Total Physical Memory | 796,00 Mb Available Physical Memory | 78,00% Memory free
    2,00 Gb Paging File | 2,00 Gb Available in Paging File | 97,00% Paging File free
    Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Archivos de programa
    Drive C: | 189,91 Gb Total Space | 25,77 Gb Free Space | 13,57% Space Free | Partition Type: NTFS
    Drive D: | 35,15 Gb Total Space | 6,60 Gb Free Space | 18,79% Space Free | Partition Type: NTFS
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    Drive H: | 502,48 Mb Total Space | 276,56 Mb Free Space | 55,04% Space Free | Partition Type: FAT32
    I: Drive not present or media not loaded
    Drive P: | 232,88 Gb Total Space | 120,83 Gb Free Space | 51,89% Space Free | Partition Type: NTFS

    Computer Name: DAVID-EQUIPO1
    Current User Name: David
    Logged in as Administrator.

    Current Boot Mode: SafeMode
    Scan Mode: Current user
    Company Name Whitelist: Off
    Skip Microsoft Files: Off
    File Age = 30 Days
    Output = Standard

    ========== Processes (SafeList) ==========

    PRC - [2010/04/19 08:03:18 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\David\Escritorio\OTL.exe
    PRC - [2008/04/14 07:48:58 | 001,036,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


    ========== Modules (SafeList) ==========

    MOD - [2010/04/19 08:03:18 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\David\Escritorio\OTL.exe


    ========== Win32 Services (SafeList) ==========

    SRV - [2009/11/25 01:51:35 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Stopped] -- C:\Archivos de programa\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
    SRV - [2009/11/25 01:51:21 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Archivos de programa\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
    SRV - [2009/11/25 01:48:48 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Archivos de programa\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
    SRV - [2009/11/25 01:43:56 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Stopped] -- C:\Archivos de programa\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
    SRV - [2009/07/26 07:43:14 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- C:\Archivos de programa\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
    SRV - [2008/12/01 12:01:02 | 000,033,752 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Archivos de programa\NOS\bin\getPlus_HelperSvc.exe -- (getPlus(R) Helper) getPlus(R)
    SRV - [2008/07/20 21:30:49 | 000,072,704 | ---- | M] (Adobe Systems) [On_Demand | Stopped] -- C:\Archivos de programa\Archivos comunes\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)
    SRV - [2008/07/08 09:07:28 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Archivos de programa\Archivos comunes\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2007/10/25 15:27:54 | 000,266,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Archivos de programa\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc)
    SRV - [2007/10/18 11:31:54 | 000,098,328 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Archivos de programa\Windows Live\Messenger\usnsvc.exe -- (usnjsvc)
    SRV - [2007/05/28 18:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Stopped] -- C:\Archivos de programa\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
    SRV - [2007/03/26 13:06:24 | 000,292,864 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Archivos de programa\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
    SRV - [2002/04/12 00:00:00 | 000,057,344 | ---- | M] (brother Industries Ltd) [Auto | Stopped] -- C:\WINDOWS\system32\brsvc01a.exe -- (Brother XP spl Service)


    ========== Driver Services (SafeList) ==========

    DRV - [2010/02/17 11:25:50 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Archivos de programa\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
    DRV - [2010/02/17 11:15:58 | 000,066,632 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Archivos de programa\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
    DRV - [2010/02/17 11:15:58 | 000,012,872 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Archivos de programa\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
    DRV - [2010/01/31 15:35:37 | 000,721,904 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
    DRV - [2009/12/10 21:54:46 | 000,011,904 | ---- | M] (TigerGame.,Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Maypro.sys -- (MayPro)
    DRV - [2009/11/25 01:50:59 | 000,094,160 | ---- | M] (ALWIL Software) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
    DRV - [2009/11/25 01:50:12 | 000,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
    DRV - [2009/11/25 01:50:00 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
    DRV - [2009/11/25 01:49:07 | 000,048,560 | ---- | M] (ALWIL Software) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
    DRV - [2009/11/25 01:48:57 | 000,023,120 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
    DRV - [2009/11/25 01:47:54 | 000,027,408 | ---- | M] (ALWIL Software) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
    DRV - [2009/10/04 10:49:17 | 000,281,760 | ---- | M] () [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)
    DRV - [2009/10/04 10:49:17 | 000,025,888 | ---- | M] () [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)
    DRV - [2009/09/04 17:08:00 | 000,016,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\pwdrvio.sys -- (pwdrvio)
    DRV - [2009/09/04 17:07:56 | 000,011,088 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\pwdspio.sys -- (pwdspio)
    DRV - [2009/06/10 06:03:00 | 008,087,712 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
    DRV - [2009/02/25 19:55:00 | 000,009,088 | ---- | M] () [Kernel | On_Demand | Stopped] -- P:\Archivos de programa\RivaTuner v2.24\RivaTuner32.sys -- (RivaTuner32)
    DRV - [2008/11/28 00:15:44 | 000,027,136 | ---- | M] (NCH Swift Sound) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nchssvad.sys -- (NCHSSVAD)
    DRV - [2008/07/28 18:19:28 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus)
    DRV - [2007/11/27 01:12:18 | 000,013,824 | ---- | M] (TigerGame.,Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pnx.sys -- (pnx)
    DRV - [2007/10/20 02:00:00 | 000,012,416 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\fsvga.sys -- (FsVga)
    DRV - [2007/09/25 16:59:46 | 000,015,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Archivos de programa\MediaCoder\SysInfo.sys -- (CrystalSysInfo)
    DRV - [2006/01/13 13:39:48 | 003,844,288 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
    DRV - [2005/08/18 10:52:06 | 000,093,568 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata)
    DRV - [2005/05/31 00:58:52 | 000,028,160 | ---- | M] (W1zzard) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\ATITool.sys -- (ATITool)
    DRV - [2005/04/05 20:22:30 | 000,012,928 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
    DRV - [2005/04/05 20:22:28 | 000,033,536 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
    DRV - [2005/03/09 15:53:00 | 000,043,008 | ---- | M] (Advanced Micro Devices) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
    DRV - [2004/10/15 12:50:20 | 000,015,295 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrScnUsb.sys -- (BrScnUsb)
    DRV - [2004/01/14 11:30:00 | 000,017,151 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\ZDPNDIS5.sys -- (ZDPNDIS5)
    DRV - [2002/07/17 10:05:10 | 000,016,512 | ---- | M] (Adaptec) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (ASPI)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========


    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.addSBtoToolbar: false
    FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
    FF - prefs.js..extensions.enabledItems: {097d3191-e6fa-4728-9826-b533d755359d}:0.7.11
    FF - prefs.js..extensions.enabledItems: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2}:0.9.86
    FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.8
    FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.3
    FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.9
    FF - prefs.js..extensions.enabledItems: {c50ca3c4-5656-43c2-a061-13e717f73fc8}:3.0.8
    FF - prefs.js..extensions.enabledItems: {472f4ef0-a825-11da-a746-0800200c9a66}:1.2
    FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.7
    FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.1.21
    FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
    FF - prefs.js..extensions.enabledItems: [email protected]:1.0
    FF - prefs.js..extensions.enabledItems: {35106bca-6c78-48c7-ac28-56df30b51d2a}:1.3.8
    FF - prefs.js..extensions.enabledItems: {566D6332-1439-43bf-857E-7AD5F137AD0C}:1.10
    FF - prefs.js..extensions.enabledItems: {655397ca-4766-496b-b7a8-3a5b176ee4c2}:1.4.5
    FF - prefs.js..extensions.enabledItems: [email protected]:1.2.1
    FF - prefs.js..extensions.enabledItems: [email protected]:1.2.5
    FF - prefs.js..extensions.enabledItems: [email protected]:3.6.2
    FF - prefs.js..extensions.enabledItems: [email protected]:1.0.6
    FF - prefs.js..extensions.enabledItems: {c9c58820-7bd4-11da-a72b-0800200c9a66}:3.20100306
    FF - prefs.js..extensions.enabledItems: {36C13C8F-54F1-412e-8177-2E411719162D}:4.1.1


    FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Archivos de programa\Mozilla Firefox\components [2010/01/23 16:18:44 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Archivos de programa\Mozilla Firefox\plugins [2010/04/13 21:44:39 | 000,000,000 | ---D | M]

    [2009/10/01 20:00:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Datos de programa\Mozilla\Extensions
    [2009/10/01 20:00:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Datos de programa\Mozilla\Extensions\MediaCoder-Setup-Wizard
    [2010/04/20 13:53:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Datos de programa\Mozilla\Firefox\Profiles\2nt5v8yv.default\extensions
    [2010/03/08 11:25:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\David\Datos de programa\Mozilla\Firefox\Profiles\2nt5v8yv.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
    [2010/01/19 11:01:26 | 000,000,000 | ---D | M] (All-in-One Sidebar) -- C:\Documents and Settings\David\Datos de programa\Mozilla\Firefox\Profiles\2nt5v8yv.default\extensions\{097d3191-e6fa-4728-9826-b533d755359d}
    [2010/01/31 22:52:35 | 000,000,000 | ---D | M] (Rikaichan) -- C:\Documents and Settings\David\Datos de programa\Mozilla\Firefox\Profiles\2nt5v8yv.default\extensions\{0AA9101C-D3C1-4129-A9B7-D778C6A17F82}
    [2010/04/12 09:26:00 | 000,000,000 | ---D | M] (FlashGot) -- C:\Documents and Settings\David\Datos de programa\Mozilla\Firefox\Profiles\2nt5v8yv.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
    [2008/06/30 21:56:46 | 000,000,000 | ---D | M] (Abstract Classic) -- C:\Documents and Settings\David\Datos de programa\Mozilla\Firefox\Profiles\2nt5v8yv.default\extensions\{2fbc1200-ad13-11db-abbd-0800200c9a66}
    [2010/02/18 10:22:30 | 000,000,000 | ---D | M] (Linkification) -- C:\Documents and Settings\David\Datos de programa\Mozilla\Firefox\Profiles\2nt5v8yv.default\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2a}
    [2010/03/27 10:40:58 | 000,000,000 | ---D | M] (Qute) -- C:\Documents and Settings\David\Datos de programa\Mozilla\Firefox\Profiles\2nt5v8yv.default\extensions\{36C13C8F-54F1-412e-8177-2E411719162D}
    [2009/10/15 15:24:42 | 000,000,000 | ---D | M] (PDF Download) -- C:\Documents and Settings\David\Datos de programa\Mozilla\Firefox\Profiles\2nt5v8yv.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
    [2008/06/30 22:07:13 | 000,000,000 | ---D | M] (FavLoc) -- C:\Documents and Settings\David\Datos de programa\Mozilla\Firefox\Profiles\2nt5v8yv.default\extensions\{472f4ef0-a825-11da-a746-0800200c9a66}
    [2008/06/30 21:56:59 | 000,000,000 | ---D | M] (Aquatint Redone) -- C:\Documents and Settings\David\Datos de programa\Mozilla\Firefox\Profiles\2nt5v8yv.default\extensions\{47e5a66c-0e35-11dc-8314-0800200c9a66}
    [2009/06/24 18:50:25 | 000,000,000 | ---D | M] (Names Dictionary for rikaichan) -- C:\Documents and Settings\David\Datos de programa\Mozilla\Firefox\Profiles\2nt5v8yv.default\extensions\{566D6332-1439-43bf-857E-7AD5F137AD0C}
    [2009/12/18 16:23:57 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Documents and Settings\David\Datos de programa\Mozilla\Firefox\Profiles\2nt5v8yv.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
    [2010/02/18 10:22:31 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\David\Datos de programa\Mozilla\Firefox\Profiles\2nt5v8yv.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
    [2009/11/09 20:00:02 | 000,000,000 | ---D | M] (Searchbar Autosizer) -- C:\Documents and Settings\David\Datos de programa\Mozilla\Firefox\Profiles\2nt5v8yv.default\extensions\{655397ca-4766-496b-b7a8-3a5b176ee4c2}
    [2009/12/13 22:35:53 | 000,000,000 | ---D | M] (Japanese-English Dictionary for rikaichan) -- C:\Documents and Settings\David\Datos de programa\Mozilla\Firefox\Profiles\2nt5v8yv.default\extensions\{6D898772-AD34-4c16-86BB-9DE787A5DEA0}
    [2009/12/08 00:30:33 | 000,000,000 | ---D | M] (Phoenity Modern) -- C:\Documents and Settings\David\Datos de programa\Mozilla\Firefox\Profiles\2nt5v8yv.default\extensions\{8181B740-5255-11D9-9FF6-0090995D2DCA}
    [2009/12/13 10:32:09 | 000,000,000 | ---D | M] (FireFTP) -- C:\Documents and Settings\David\Datos de programa\Mozilla\Firefox\Profiles\2nt5v8yv.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
    [2010/04/17 09:39:40 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\David\Datos de programa\Mozilla\Firefox\Profiles\2nt5v8yv.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
    [2009/11/22 00:43:45 | 000,000,000 | ---D | M] (Fast Video Download (with SearchMenu)) -- C:\Documents and Settings\David\Datos de programa\Mozilla\Firefox\Profiles\2nt5v8yv.default\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}
    [2010/03/12 10:36:40 | 000,000,000 | ---D | M] (iPox) -- C:\Documents and Settings\David\Datos de programa\Mozilla\Firefox\Profiles\2nt5v8yv.default\extensions\{c9c58820-7bd4-11da-a72b-0800200c9a66}
    [2009/02/17 18:59:25 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Documents and Settings\David\Datos de programa\Mozilla\Firefox\Profiles\2nt5v8yv.default\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}
    [2010/01/11 16:14:58 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\David\Datos de programa\Mozilla\Firefox\Profiles\2nt5v8yv.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
    [2010/04/13 09:16:57 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Documents and Settings\David\Datos de programa\Mozilla\Firefox\Profiles\2nt5v8yv.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
    [2010/03/28 10:24:56 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Documents and Settings\David\Datos de programa\Mozilla\Firefox\Profiles\2nt5v8yv.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
    [2010/04/10 09:27:05 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\David\Datos de programa\Mozilla\Firefox\Profiles\2nt5v8yv.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
    [2009/02/18 08:42:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Datos de programa\Mozilla\Firefox\Profiles\2nt5v8yv.default\extensions\[email protected]
    [2009/05/06 08:02:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Datos de programa\Mozilla\Firefox\Profiles\2nt5v8yv.default\extensions\[email protected]
    [2009/11/01 08:46:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Datos de programa\Mozilla\Firefox\Profiles\2nt5v8yv.default\extensions\[email protected]
    [2010/01/26 10:26:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Datos de programa\Mozilla\Firefox\Profiles\2nt5v8yv.default\extensions\[email protected]
    [2010/03/11 10:26:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Datos de programa\Mozilla\Firefox\Profiles\2nt5v8yv.default\extensions\[email protected]
    [2010/03/12 10:36:40 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\David\Datos de programa\Mozilla\Firefox\Profiles\2nt5v8yv.default\extensions\{c9c58820-7bd4-11da-a72b-0800200c9a66}\chrome\mozapps\extensions
    [2010/03/12 10:36:40 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\David\Datos de programa\Mozilla\Firefox\Profiles\2nt5v8yv.default\extensions\{c9c58820-7bd4-11da-a72b-0800200c9a66}\chrome\mozapps\extensions\CVS
    [2010/04/20 13:53:27 | 000,000,000 | ---D | M] -- C:\Archivos de programa\Mozilla Firefox\extensions
    [2010/02/20 13:12:42 | 000,072,960 | ---- | M] (Foxit Software Company) -- C:\Archivos de programa\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
    [2010/01/23 16:18:37 | 000,003,996 | ---- | M] () -- C:\Archivos de programa\Mozilla Firefox\searchplugins\drae.xml
    [2010/01/23 16:18:37 | 000,000,751 | ---- | M] () -- C:\Archivos de programa\Mozilla Firefox\searchplugins\eBay-es.xml
    [2010/01/23 16:18:37 | 000,001,178 | ---- | M] () -- C:\Archivos de programa\Mozilla Firefox\searchplugins\wikipedia-es.xml
    [2010/01/23 16:18:37 | 000,000,798 | ---- | M] () -- C:\Archivos de programa\Mozilla Firefox\searchplugins\yahoo-es.xml

    O1 HOSTS File: ([2010/04/20 00:05:55 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Archivos comunes\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Archivos de programa\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (no name) - {639E374D-0FC4-466E-9C9C-32010A87088F} - No CLSID value found.
    O2 - BHO: (IeMonitorBho Class) - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Archivos de programa\Megaupload\Mega Manager\MegaIEMn.dll (Megaupload Limited)
    O4 - HKLM..\Run: [Adobe ARM] C:\Archivos de programa\Archivos comunes\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Archivos de programa\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [avast!] C:\Archivos de programa\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
    O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
    O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
    O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
    O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
    O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
    O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
    O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Archivos de programa\Archivos comunes\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
    O4 - HKCU..\Run: [AlcoholAutomount] C:\Archivos de programa\Alcohol Soft\Alcohol 120\axcmd.exe (Alcohol Soft Development Team)
    O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Archivos de programa\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
    O4 - HKCU..\Run: [EvJOWall] C:\Archivos de programa\EvJOSoft\Wallpaper Changer\EvJOWall.exe (EvJOSoft)
    O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Archivos de programa\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
    O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Archivos de programa\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
    O4 - Startup: C:\Documents and Settings\David\Menú Inicio\Programas\Inicio\Impulse Now.lnk = C:\Archivos de programa\Stardock\Impulse\Now\ImpulseNow.exe File not found
    O4 - Startup: C:\Documents and Settings\David\Menú Inicio\Programas\Inicio\MagicDisc.lnk = C:\Archivos de programa\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: Enlace de descarga usando Mega Manager... - C:\Archivos de programa\Megaupload\Mega Manager\mm_file.htm ()
    O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Archivos de programa\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O9 - Extra Button: PDFill PDF Editor - {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Archivos de programa\PlotSoft\PDFill\DownloadPDF.exe (PlotSoft LLC)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Archivos de programa\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
    O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\msdaipp.dll (Microsoft Corporation)
    O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\msdaipp.dll (Microsoft Corporation)
    O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\msdaipp.dll (Microsoft Corporation)
    O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\msdaipp.dll (Microsoft Corporation)
    O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\msdaipp.dll (Microsoft Corporation)
    O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Archivos de programa\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\msdaipp.dll (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\msdaipp.dll (Microsoft Corporation)
    O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Archivos de programa\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Archivos de programa\SUPERAntiSpyware\SASWINLO.dll - C:\Archivos de programa\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
    O20 - Winlogon\Notify\cbssreg: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
    O24 - Desktop WallPaper: C:\Documents and Settings\David\Configuración local\Datos de programa\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\David\Configuración local\Datos de programa\Microsoft\Wallpaper1.bmp
    O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Archivos de programa\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2008/06/25 08:48:38 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - AutoRun File - [2009/03/20 17:42:25 | 000,000,024 | ---- | M] () - D:\autoexec.bat -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2010/04/20 16:57:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
    [2010/04/20 10:25:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\maxdriver
    [2010/04/20 00:40:53 | 000,000,000 | -HSD | C] -- C:\RECYCLER
    [2010/04/19 23:52:36 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2010/04/19 23:52:36 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2010/04/19 23:52:36 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2010/04/19 23:52:36 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2010/04/19 23:52:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2010/04/19 23:49:52 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2010/04/19 19:47:45 | 000,220,024 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\WINDOWS\sigcheck.exe
    [2010/04/19 19:39:04 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2010/04/19 19:39:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\setup.pss
    [2010/04/19 19:38:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\setupupd
    [2010/04/19 19:28:09 | 000,000,000 | ---D | C] -- C:\_OTL
    [2010/04/19 08:45:11 | 000,562,176 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\David\Escritorio\OTL.exe
    [2010/04/18 12:14:53 | 000,000,000 | ---D | C] -- C:\Archivos de programa\TrendMicro
    [2010/04/18 09:34:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Datos de programa\SUPERAntiSpyware.com
    [2010/04/18 09:34:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David\Datos de programa\SUPERAntiSpyware.com
    [2010/04/18 09:34:02 | 000,000,000 | ---D | C] -- C:\Archivos de programa\SUPERAntiSpyware
    [2010/04/17 09:43:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Datos de programa\Macromedia
    [2010/04/17 09:43:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Datos de programa\Adobe
    [2010/04/17 09:42:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Configuración local\Datos de programa\Microsoft
    [2010/04/16 17:53:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David\Datos de programa\Stardock
    [2010/04/16 17:52:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Datos de programa\Stardock
    [2010/04/16 17:52:49 | 000,000,000 | ---D | C] -- C:\Archivos de programa\Stardock
    [2010/04/16 17:52:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Men&#12539;Inicio
    [2010/04/16 17:52:13 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Datos de programa\{0D3F1181-2990-450C-9561-37F58E771480}
    [2010/04/16 17:51:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David\Configuración local\Datos de programa\PackageAware
    [2010/04/09 15:51:52 | 000,036,864 | ---- | C] (TOSHIBA/MEI) -- C:\WINDOWS\System32\SDDEVMGR.dll
    [2010/04/07 17:50:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David\Configuración local\Datos de programa\Temp
    [2010/03/31 19:23:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Datos de programa\Sun
    [2010/03/31 19:19:41 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
    [2010/03/31 19:19:41 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
    [2010/03/31 19:19:41 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
    [2010/03/24 16:06:59 | 000,299,008 | ---- | C] (TigerGame) -- C:\WINDOWS\System32\Projoycpl.dll
    [2010/03/24 16:06:59 | 000,011,904 | ---- | C] (TigerGame.,Ltd) -- C:\WINDOWS\System32\drivers\Maypro.sys
    [2010/03/24 16:06:59 | 000,009,728 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\WINDOWS\Wii DriverLoader.exe
    [2010/03/24 16:06:59 | 000,000,000 | ---D | C] -- C:\Archivos de programa\Mayflash Wii Classic Controller Box
    [2010/03/22 11:43:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David\Escritorio\lameboy_ds-012
    [2010/02/20 13:12:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Datos de programa\Foxit Software
    [2008/10/02 10:52:34 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\David\Datos de programa\pcouffin.sys
    [2008/06/28 13:19:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Configuración local\Datos de programa\Microsoft
    [2008/06/25 08:51:56 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Datos de programa\Microsoft
    [2008/06/25 08:51:44 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Datos de programa\Microsoft

    ========== Files - Modified Within 30 Days ==========

    [2010/04/20 17:51:06 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2010/04/20 16:58:42 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
    [2010/04/20 16:58:37 | 022,282,240 | -H-- | M] () -- C:\Documents and Settings\David\NTUSER.DAT
    [2010/04/20 16:58:37 | 000,000,192 | -HS- | M] () -- C:\Documents and Settings\David\ntuser.ini
    [2010/04/20 16:58:24 | 000,025,088 | ---- | M] () -- C:\WINDOWS\System32\drivers\Kbdclass.sys
    [2010/04/20 16:57:27 | 000,025,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdclass.sys
    [2010/04/20 11:54:41 | 000,050,292 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
    [2010/04/20 10:25:06 | 000,012,611 | ---- | M] () -- C:\WINDOWS\look.bat
    [2010/04/20 00:07:23 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
    [2010/04/20 00:05:55 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2010/04/19 23:40:10 | 003,920,290 | R--- | M] () -- C:\Documents and Settings\David\Escritorio\ComboFix.exe
    [2010/04/19 19:39:17 | 000,000,424 | RHS- | M] () -- C:\boot.ini
    [2010/04/19 19:26:54 | 001,138,992 | ---- | M] () -- C:\Documents and Settings\David\Escritorio\maxlook.exe
    [2010/04/19 08:03:18 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\David\Escritorio\OTL.exe
    [2010/04/18 12:15:09 | 000,002,485 | ---- | M] () -- C:\Documents and Settings\David\Escritorio\HiJackThis.lnk
    [2010/04/18 09:34:18 | 000,000,829 | ---- | M] () -- C:\Documents and Settings\All Users\Escritorio\SUPERAntiSpyware Free Edition.lnk
    [2010/04/18 08:59:43 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2010/04/17 20:34:32 | 000,000,477 | ---- | M] () -- C:\WINDOWS\win.ini
    [2010/04/17 20:34:32 | 000,000,340 | -H-- | M] () -- C:\BOOT.BAK
    [2010/04/17 09:36:55 | 000,127,488 | ---- | M] () -- C:\WINDOWS\System32\wcardspc.exe
    [2010/04/17 01:12:24 | 001,279,569 | ---- | M] () -- C:\Documents and Settings\David\Mis documentos\Abyssal.pdf
    [2010/04/16 17:53:13 | 000,000,943 | ---- | M] () -- C:\Documents and Settings\David\Menú Inicio\Programas\Inicio\Impulse Now.lnk
    [2010/04/16 17:53:07 | 000,000,880 | ---- | M] () -- C:\Documents and Settings\All Users\Escritorio\Impulse.lnk
    [2010/04/16 10:01:44 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2010/04/15 10:24:14 | 000,524,288 | ---- | M] () -- C:\Documents and Settings\David\Escritorio\4749 - Pokemon SoulSilver (U)(Xenophobia).sav
    [2010/04/13 18:58:42 | 000,033,280 | ---- | M] () -- C:\Documents and Settings\David\Configuración local\Datos de programa\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/04/10 20:03:51 | 000,002,347 | ---- | M] () -- C:\Documents and Settings\All Users\Escritorio\LOST PLANET COLONIES.lnk
    [2010/04/10 14:36:05 | 000,060,031 | ---- | M] () -- C:\Documents and Settings\David\Escritorio\personajes.JPG
    [2010/04/08 15:09:57 | 000,250,580 | ---- | M] () -- C:\Documents and Settings\David\Escritorio\1270731126447.png
    [2010/04/05 12:35:50 | 000,000,668 | ---- | M] () -- C:\Documents and Settings\David\Datos de programa\vso_ts_preview.xml
    [2010/04/05 09:58:32 | 000,524,288 | ---- | M] () -- C:\Documents and Settings\David\Escritorio\B-SMTSJU.SAV
    [2010/03/31 01:25:13 | 001,420,961 | ---- | M] () -- C:\Documents and Settings\David\Escritorio\Maryn.pdf
    [2010/03/28 10:25:46 | 001,121,952 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
    [2010/03/28 10:25:46 | 000,505,430 | ---- | M] () -- C:\WINDOWS\System32\perfh00A.dat
    [2010/03/28 10:25:46 | 000,441,960 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2010/03/28 10:25:46 | 000,090,852 | ---- | M] () -- C:\WINDOWS\System32\perfc00A.dat
    [2010/03/28 10:25:46 | 000,071,530 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

    ========== Files Created - No Company Name ==========

    [2010/04/20 10:25:06 | 000,012,611 | ---- | C] () -- C:\WINDOWS\look.bat
    [2010/04/19 23:52:36 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2010/04/19 23:52:36 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2010/04/19 23:52:36 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2010/04/19 23:52:36 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2010/04/19 23:52:36 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2010/04/19 23:49:10 | 003,920,290 | R--- | C] () -- C:\Documents and Settings\David\Escritorio\ComboFix.exe
    [2010/04/19 19:47:27 | 001,138,992 | ---- | C] () -- C:\Documents and Settings\David\Escritorio\maxlook.exe
    [2010/04/19 19:39:16 | 000,000,340 | -H-- | C] () -- C:\BOOT.BAK
    [2010/04/19 19:39:15 | 000,261,904 | RHS- | C] () -- C:\cmldr
    [2010/04/19 08:45:11 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\David\Escritorio\gmer.exe
    [2010/04/18 13:26:58 | 000,524,288 | ---- | C] () -- C:\Documents and Settings\David\Escritorio\4749 - Pokemon SoulSilver (U)(Xenophobia).sav
    [2010/04/18 12:14:53 | 000,002,485 | ---- | C] () -- C:\Documents and Settings\David\Escritorio\HiJackThis.lnk
    [2010/04/18 09:34:18 | 000,000,829 | ---- | C] () -- C:\Documents and Settings\All Users\Escritorio\SUPERAntiSpyware Free Edition.lnk
    [2010/04/18 08:59:41 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2010/04/17 09:36:53 | 000,127,488 | ---- | C] () -- C:\WINDOWS\System32\wcardspc.exe
    [2010/04/16 17:53:13 | 000,000,943 | ---- | C] () -- C:\Documents and Settings\David\Menú Inicio\Programas\Inicio\Impulse Now.lnk
    [2010/04/16 17:53:07 | 000,000,880 | ---- | C] () -- C:\Documents and Settings\All Users\Escritorio\Impulse.lnk
    [2010/04/13 21:42:50 | 001,279,569 | ---- | C] () -- C:\Documents and Settings\David\Mis documentos\Abyssal.pdf
    [2010/04/10 14:36:05 | 000,060,031 | ---- | C] () -- C:\Documents and Settings\David\Escritorio\personajes.JPG
    [2010/04/08 15:09:53 | 000,250,580 | ---- | C] () -- C:\Documents and Settings\David\Escritorio\1270731126447.png
    [2010/04/07 13:54:49 | 000,524,288 | ---- | C] () -- C:\Documents and Settings\David\Escritorio\B-SMTSJU.SAV
    [2010/03/27 02:20:32 | 001,420,961 | ---- | C] () -- C:\Documents and Settings\David\Escritorio\Maryn.pdf
    [2010/03/24 16:06:59 | 000,004,905 | ---- | C] () -- C:\WINDOWS\Propad2.inf
    [2010/01/31 14:32:00 | 000,000,071 | ---- | C] () -- C:\WINDOWS\EMP.INI
    [2009/10/22 20:16:59 | 000,016,456 | ---- | C] () -- C:\WINDOWS\System32\pwdrvio.sys
    [2009/10/22 20:16:59 | 000,011,088 | ---- | C] () -- C:\WINDOWS\System32\pwdspio.sys
    [2009/07/05 08:54:03 | 000,512,480 | ---- | C] () -- C:\Documents and Settings\LocalService\Configuración local\Datos de programa\FontCache3.0.0.0.dat
    [2009/06/25 18:23:50 | 000,281,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
    [2009/06/25 18:23:49 | 000,025,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
    [2009/06/10 08:29:34 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
    [2009/06/10 08:29:34 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
    [2009/06/10 08:29:34 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
    [2009/06/10 08:29:32 | 001,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
    [2009/04/22 00:19:06 | 000,172,173 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
    [2009/04/21 16:34:43 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
    [2009/04/21 16:34:43 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
    [2009/04/13 14:45:42 | 000,000,269 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
    [2009/03/06 17:47:47 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
    [2008/12/29 13:00:58 | 000,000,540 | ---- | C] () -- C:\Documents and Settings\David\Datos de programa\AutoGK.ini
    [2008/11/25 00:19:26 | 000,000,218 | ---- | C] () -- C:\Documents and Settings\David\.recently-used.xbel
    [2008/11/22 12:41:38 | 000,721,904 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
    [2008/11/10 20:30:54 | 000,000,056 | ---- | C] () -- C:\WINDOWS\kgt2k.INI
    [2008/10/15 17:33:30 | 000,000,030 | ---- | C] () -- C:\WINDOWS\wininit.ini
    [2008/10/11 20:38:24 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
    [2008/10/07 09:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
    [2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
    [2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
    [2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
    [2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
    [2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
    [2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
    [2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
    [2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
    [2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
    [2008/10/02 10:52:49 | 000,000,668 | ---- | C] () -- C:\Documents and Settings\David\Datos de programa\vso_ts_preview.xml
    [2008/10/02 10:52:39 | 000,000,034 | ---- | C] () -- C:\Documents and Settings\David\Datos de programa\pcouffin.log
    [2008/10/02 10:52:34 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\David\Datos de programa\pcouffin.cat
    [2008/10/02 10:52:34 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\David\Datos de programa\pcouffin.inf
    [2008/10/02 10:34:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Irremote.ini
    [2008/09/12 19:25:20 | 000,000,050 | ---- | C] () -- C:\WINDOWS\MegaManager.INI
    [2008/07/20 11:00:57 | 000,197,120 | ---- | C] () -- C:\WINDOWS\patchw32.dll
    [2008/07/17 20:45:25 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
    [2008/07/17 20:45:25 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
    [2008/07/17 20:45:25 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
    [2008/07/14 17:18:38 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
    [2008/07/14 15:59:02 | 000,001,024 | ---- | C] () -- C:\Documents and Settings\David\.rnd
    [2008/07/13 11:20:17 | 000,000,134 | ---- | C] () -- C:\Documents and Settings\David\Configuración local\Datos de programa\fusioncache.dat
    [2008/06/27 22:15:29 | 000,000,431 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
    [2008/06/27 22:15:29 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\brss01a.ini
    [2008/06/27 22:15:29 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
    [2008/06/27 22:13:10 | 000,000,219 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
    [2008/06/27 22:13:10 | 000,000,092 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
    [2008/06/26 17:59:08 | 000,033,280 | ---- | C] () -- C:\Documents and Settings\David\Configuración local\Datos de programa\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2008/06/25 11:57:11 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD.dll
    [2008/06/25 10:34:03 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
    [2008/06/25 10:33:55 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
    [2008/06/25 08:52:51 | 000,000,192 | -HS- | C] () -- C:\Documents and Settings\David\ntuser.ini
    [2008/06/25 08:52:50 | 000,491,520 | -H-- | C] () -- C:\Documents and Settings\David\ntuser.dat.LOG
    [2008/06/25 08:52:49 | 022,282,240 | -H-- | C] () -- C:\Documents and Settings\David\NTUSER.DAT
    [2007/10/20 02:00:00 | 000,025,088 | ---- | C] () -- C:\WINDOWS\System32\drivers\Kbdclass.sys
    [2007/07/25 15:24:28 | 001,559,040 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
    [2007/06/07 12:54:08 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\cdrip32.dll
    [2007/03/10 13:51:48 | 000,282,624 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
    [2006/04/16 16:18:50 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
    [2006/04/16 16:18:49 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
    [2002/10/16 00:54:04 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll

    ========== Custom Scans ==========



    < MD5 for: KBDCLASS.SYS >
    [2007/10/20 02:00:00 | 016,714,839 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:kbdclass.sys
    [2008/04/14 08:01:54 | 020,100,698 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:kbdclass.sys
    [2008/04/14 08:01:54 | 020,100,698 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:kbdclass.sys
    [2008/04/14 07:25:10 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=188DDD286BC0DAEA6984858C6A4D7BBF -- C:\WINDOWS\ERDNT\cache\kbdclass.sys
    [2008/04/14 07:25:10 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=188DDD286BC0DAEA6984858C6A4D7BBF -- C:\WINDOWS\LastGood\system32\drivers\kbdclass.sys
    [2008/04/14 07:25:10 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=188DDD286BC0DAEA6984858C6A4D7BBF -- C:\WINDOWS\ServicePackFiles\i386\kbdclass.sys
    [2010/04/20 16:57:27 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=188DDD286BC0DAEA6984858C6A4D7BBF -- C:\WINDOWS\system32\dllcache\kbdclass.sys
    [2008/04/14 07:25:10 | 000,025,088 | ---- | M] () MD5=70CD2245A6EF19C6B0D2E059FFF2488A -- C:\WINDOWS\maxdriver\kbdclass.sys
    [2010/04/20 16:58:24 | 000,025,088 | ---- | M] () MD5=70CD2245A6EF19C6B0D2E059FFF2488A -- C:\WINDOWS\system32\drivers\Kbdclass.sys

    ========== Files - Unicode (All) ==========
    [2008/08/16 13:27:15 | 000,000,000 | ---D | M](C:\Archivos de programa\???????) -- C:\Archivos de programa\&#19978;&#28023;&#12450;&#12522;&#12473;&#24187;&#27138;
    [2008/08/16 13:27:15 | 000,000,000 | ---D | M](C:\Archivos de programa\???????) -- C:\Archivos de programa\&#19978;&#28023;&#12450;&#12522;&#12473;&#24187;&#27138;
    (C:\Archivos de programa\???????) -- C:\Archivos de programa\&#19978;&#28023;&#12450;&#12522;&#12473;&#24187;&#27138;
    < End of report >
     
  14. JSntgRvr

    JSntgRvr Retired Moderator and Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,552
    First Name:
    José
    Hi, Drascin :)

    That file deals with your keyboard.

    Combofix has been updated. Remove your copy from the desktop and download a fresh copy as follows:

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      -----------------------------------------------------------​
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
        -----------------------------------------------------------​
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      -----------------------------------------------------------​
    4. Double click on combofix.exe & follow the prompts.
    5. Install the Recovery Console if prompted.
    6. When finished, it will produce a report for you.
    7. Please post the "C:\ComboFix.txt" .
    **Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

    Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
    Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.

    Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version.

    If that does not resolve the issue, boot to the Recovery Console. At the C:\Windows prompt type the following and press enter after each line:

    cd system32
    cd drivers
    ren kbdclass.sys kbdclass.sys.vir
    Copy C:\WINDOWS\ServicePackFiles\i386\kbdclass.sys


    If successful, type Exit to restart the computer.

    Follow the steps in Post #10 to confirm.
     
  15. Drascin

    Drascin Thread Starter

    Joined:
    Apr 18, 2010
    Messages:
    32
    Ran Combofix, it ran correctly but didn't seem to fix anything. then tried the operation in the console you suggested and it told me 1 archive copied, but the keyboard still doesn't work.

    Here's the Combo log:


    ComboFix 10-04-19.08 - David 20/04/2010 21:14:22.2.1 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.44.3082.18.1023.608 [GMT 2:00]
    Running from: c:\documents and settings\David\Escritorio\ComboFix.exe
    AV: avast! antivirus 4.8.1368 [VPS 100420-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\windows\look.bat

    .
    ((((((((((((((((((((((((( Files Created from 2010-03-20 to 2010-04-20 )))))))))))))))))))))))))))))))
    .

    2010-04-20 08:25 . 2010-04-20 10:28 -------- d-----w- c:\windows\maxdriver
    2010-04-19 17:47 . 2010-02-26 15:26 220024 ----a-w- c:\windows\sigcheck.exe
    2010-04-19 17:28 . 2010-04-19 17:28 -------- d-----w- C:\_OTL
    2010-04-18 10:14 . 2010-04-18 10:14 388096 ----a-r- c:\documents and settings\David\Datos de programa\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
    2010-04-18 10:14 . 2010-04-18 10:14 -------- d-----w- c:\archivos de programa\TrendMicro
    2010-04-18 07:35 . 2010-04-18 07:35 52224 ----a-w- c:\documents and settings\David\Datos de programa\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
    2010-04-18 07:35 . 2010-04-18 07:35 117760 ----a-w- c:\documents and settings\David\Datos de programa\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
    2010-04-18 07:34 . 2010-04-18 07:34 -------- d-----w- c:\documents and settings\All Users\Datos de programa\SUPERAntiSpyware.com
    2010-04-18 07:34 . 2010-04-18 07:34 -------- d-----w- c:\archivos de programa\SUPERAntiSpyware
    2010-04-18 07:34 . 2010-04-18 07:34 -------- d-----w- c:\documents and settings\David\Datos de programa\SUPERAntiSpyware.com
    2010-04-18 06:59 . 2010-04-18 06:59 664 ----a-w- c:\windows\system32\d3d9caps.dat
    2010-04-17 07:43 . 2010-04-17 07:43 -------- d-s---w- c:\documents and settings\NetworkService\UserData
    2010-04-17 07:36 . 2010-04-17 07:36 127488 ----a-w- c:\windows\system32\wcardspc.exe
    2010-04-16 15:53 . 2010-04-16 15:59 -------- d-----w- c:\documents and settings\David\Datos de programa\Stardock
    2010-04-16 15:53 . 2010-04-14 17:44 3145736 -c--a-w- c:\documents and settings\All Users\Datos de programa\{0D3F1181-2990-450C-9561-37F58E771480}\Impulse_setup.exe
    2010-04-16 15:52 . 2010-04-16 15:52 -------- d-----w- c:\documents and settings\All Users\Men?Inicio
    2010-04-16 15:52 . 2010-04-16 15:52 -------- d-----w- c:\documents and settings\All Users\Datos de programa\Stardock
    2010-04-16 15:52 . 2010-04-16 15:52 -------- d-----w- c:\archivos de programa\Stardock
    2010-04-16 15:52 . 2010-04-16 15:53 -------- dc-h--w- c:\documents and settings\All Users\Datos de programa\{0D3F1181-2990-450C-9561-37F58E771480}
    2010-04-09 13:51 . 2006-02-27 09:45 36864 ----a-w- c:\windows\system32\SDDEVMGR.dll
    2010-03-31 17:19 . 2010-03-31 17:19 503808 ----a-w- c:\documents and settings\David\Datos de programa\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-7729c4e3-n\msvcp71.dll
    2010-03-31 17:19 . 2010-03-31 17:19 499712 ----a-w- c:\documents and settings\David\Datos de programa\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-7729c4e3-n\jmc.dll
    2010-03-31 17:19 . 2010-03-31 17:19 348160 ----a-w- c:\documents and settings\David\Datos de programa\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-7729c4e3-n\msvcr71.dll
    2010-03-31 17:19 . 2010-03-31 17:19 61440 ----a-w- c:\documents and settings\David\Datos de programa\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-15d67811-n\decora-sse.dll
    2010-03-31 17:19 . 2010-03-31 17:19 12800 ----a-w- c:\documents and settings\David\Datos de programa\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-15d67811-n\decora-d3d.dll
    2010-03-24 14:06 . 2010-03-24 14:06 -------- d-----w- c:\archivos de programa\Mayflash Wii Classic Controller Box
    2010-03-24 14:06 . 2009-12-10 19:54 11904 ----a-w- c:\windows\system32\drivers\Maypro.sys
    2010-03-24 14:06 . 2009-12-08 21:04 299008 ----a-w- c:\windows\system32\Projoycpl.dll
    2010-03-24 14:06 . 2009-12-07 21:02 9728 ----a-w- c:\windows\Wii DriverLoader.exe

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-04-20 14:58 . 2007-10-20 00:00 25088 ----a-w- c:\windows\system32\drivers\Kbdclass.sys
    2010-04-16 20:25 . 2008-06-25 14:47 -------- d-----w- c:\documents and settings\David\Datos de programa\uTorrent
    2010-04-15 16:24 . 2009-04-21 14:33 -------- d-----w- c:\archivos de programa\Zoom Player
    2010-04-15 16:21 . 2009-09-07 08:25 -------- d-----w- c:\documents and settings\David\Datos de programa\vlc
    2010-04-13 18:36 . 2010-04-16 15:51 1119536 -c--a-w- c:\documents and settings\All Users\Datos de programa\{0D3F1181-2990-450C-9561-37F58E771480}\OFFLINE\86D01CB6\12FD35EB\impulse.dll
    2010-04-13 18:35 . 2010-04-16 15:51 30000 -c--a-w- c:\documents and settings\All Users\Datos de programa\{0D3F1181-2990-450C-9561-37F58E771480}\OFFLINE\86D01CB6\757C30BC\SDSecurity.dll
    2010-04-13 18:35 . 2010-04-16 15:51 468272 -c--a-w- c:\documents and settings\All Users\Datos de programa\{0D3F1181-2990-450C-9561-37F58E771480}\OFFLINE\86D01CB6\757C30BC\ImpulseNow.exe
    2010-04-13 18:34 . 2010-04-16 15:51 868144 -c--a-w- c:\documents and settings\All Users\Datos de programa\{0D3F1181-2990-450C-9561-37F58E771480}\OFFLINE\86D01CB6\597810BF\7z.dll
    2010-04-13 18:31 . 2010-04-16 15:51 9072 -c--a-w- c:\documents and settings\All Users\Datos de programa\{0D3F1181-2990-450C-9561-37F58E771480}\OFFLINE\86D01CB6\7A63466D\Sd.Irc.resources.dll
    2010-04-12 07:26 . 2008-06-30 19:53 181096 ----a-w- c:\documents and settings\David\Datos de programa\Mozilla\Firefox\Profiles\2nt5v8yv.default\FlashGot.exe
    2010-04-09 13:51 . 2008-06-25 08:32 -------- d--h--w- c:\archivos de programa\InstallShield Installation Information
    2010-04-05 10:35 . 2008-10-02 08:52 -------- d-----w- c:\documents and settings\David\Datos de programa\Vso
    2010-04-03 19:23 . 2008-10-30 21:31 -------- d-----w- c:\documents and settings\David\Datos de programa\AIMP
    2010-04-01 23:04 . 2008-12-15 12:54 -------- d-----w- c:\documents and settings\David\Datos de programa\foobar2000
    2010-03-31 17:23 . 2008-06-25 13:29 -------- d-----w- c:\archivos de programa\Archivos comunes\Java
    2010-03-31 17:19 . 2008-06-25 13:32 -------- d-----w- c:\archivos de programa\Java
    2010-03-28 08:25 . 2007-10-20 00:00 90852 ----a-w- c:\windows\system32\perfc00A.dat
    2010-03-28 08:25 . 2007-10-20 00:00 505430 ----a-w- c:\windows\system32\perfh00A.dat
    2010-03-20 12:04 . 2010-03-20 12:04 -------- d-----w- c:\documents and settings\David\Datos de programa\UFOAI
    2010-03-17 16:08 . 2010-04-16 15:51 87344 -c--a-w- c:\documents and settings\All Users\Datos de programa\{0D3F1181-2990-450C-9561-37F58E771480}\OFFLINE\86D01CB6\597810BF\Microsoft.WindowsAPICodePack.dll
    2010-03-17 16:08 . 2010-04-16 15:51 491312 -c--a-w- c:\documents and settings\All Users\Datos de programa\{0D3F1181-2990-450C-9561-37F58E771480}\OFFLINE\86D01CB6\597810BF\Microsoft.WindowsAPICodePack.Shell.dll
    2010-03-14 11:11 . 2010-03-14 11:11 -------- d-----w- c:\documents and settings\David\Datos de programa\ShanghaiAlice
    2010-03-11 17:01 . 2010-03-11 17:01 136 ----a-w- c:\windows\UNlock.dat
    2010-03-11 16:33 . 2010-02-20 11:13 -------- d-----w- c:\documents and settings\David\Datos de programa\Foxit Software
    2010-03-11 08:24 . 2008-06-25 14:47 -------- d-----w- c:\archivos de programa\uTorrent
    2010-03-10 11:45 . 2008-08-28 07:48 -------- d-----w- c:\archivos de programa\SystemRequirementsLab
    2010-03-09 02:28 . 2008-10-13 05:36 411368 ----a-w- c:\windows\system32\deploytk.dll
    2010-02-20 11:12 . 2010-02-20 11:12 -------- d-----w- c:\documents and settings\LocalService\Datos de programa\Foxit Software
    2010-02-17 22:46 . 2010-04-16 15:51 38192 -c--a-w- c:\documents and settings\All Users\Datos de programa\{0D3F1181-2990-450C-9561-37F58E771480}\OFFLINE\86D01CB6\597810BF\Interop.ShockwaveFlashObjects.dll
    2010-02-17 22:45 . 2010-04-16 15:51 34096 -c--a-w- c:\documents and settings\All Users\Datos de programa\{0D3F1181-2990-450C-9561-37F58E771480}\OFFLINE\86D01CB6\597810BF\AxInterop.ShockwaveFlashObjects.dll
    2010-02-12 21:17 . 2010-02-12 21:17 152576 ----a-w- c:\documents and settings\David\Datos de programa\Sun\Java\jre1.6.0_17\lzma.dll
    2010-02-12 21:17 . 2009-11-09 17:56 79488 ----a-w- c:\documents and settings\David\Datos de programa\Sun\Java\jre1.6.0_17\gtapi.dll
    2010-02-04 09:01 . 2010-03-16 10:44 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
    2010-02-04 09:01 . 2010-03-16 10:44 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
    2010-02-04 09:01 . 2010-03-16 10:44 238936 ----a-w- c:\windows\system32\xactengine3_6.dll
    2010-02-04 09:01 . 2010-03-16 10:44 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
    2010-01-31 13:35 . 2008-11-22 10:41 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
    .

    ------- Sigcheck -------

    [-] 2010-04-20 14:58 . 70CD2245A6EF19C6B0D2E059FFF2488A . 25088 . . [------] . . c:\windows\system32\drivers\Kbdclass.sys
    [7] 2010-04-20 . 188DDD286BC0DAEA6984858C6A4D7BBF . 25088 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\kbdclass.sys
    [7] 2008-04-14 . 188DDD286BC0DAEA6984858C6A4D7BBF . 25088 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\kbdclass.sys
    [-] 2008-04-14 05:25 . 70CD2245A6EF19C6B0D2E059FFF2488A . 25088 . . [------] . . c:\windows\maxdriver\kbdclass.sys
    [7] 2008-04-14 . 188DDD286BC0DAEA6984858C6A4D7BBF . 25088 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kbdclass.sys
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SpybotSD TeaTimer"="c:\archivos de programa\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
    "DAEMON Tools Lite"="c:\archivos de programa\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]
    "EvJOWall"="c:\archivos de programa\EvJOSoft\Wallpaper Changer\EvJOWall.exe" [2008-05-26 3908608]
    "AlcoholAutomount"="c:\archivos de programa\Alcohol Soft\Alcohol 120\axcmd.exe" [2009-04-24 203928]
    "Google Update"="c:\documents and settings\David\Configuración local\Datos de programa\Google\Update\GoogleUpdate.exe" [2010-04-07 136176]
    "SUPERAntiSpyware"="c:\archivos de programa\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-04-01 2010864]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SoundMan"="SOUNDMAN.EXE" [2006-01-11 577536]
    "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2007-10-20 208952]
    "MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2007-10-20 59392]
    "avast!"="c:\archiv~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-10 13758464]
    "nwiz"="nwiz.exe" [2009-06-10 1657376]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-06-10 86016]
    "SunJavaUpdateSched"="c:\archivos de programa\Archivos comunes\Java\Java Update\jusched.exe" [2010-02-18 248040]
    "Adobe Reader Speed Launcher"="c:\archivos de programa\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-04-02 40368]
    "Adobe ARM"="c:\archivos de programa\Archivos comunes\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\archivos de programa\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2009-09-03 13:21 548352 ----a-w- c:\archivos de programa\SUPERAntiSpyware\SASWINLO.dll

    [HKLM\~\startupfolder\C:^Documents and Settings^David^Menú Inicio^Programas^Inicio^Adobe Gamma.lnk]
    path=c:\documents and settings\David\Menú Inicio\Programas\Inicio\Adobe Gamma.lnk
    backup=c:\windows\pss\Adobe Gamma.lnkStartup

    [HKLM\~\startupfolder\C:^Documents and Settings^David^Menú Inicio^Programas^Inicio^RollerCoaster Tycoon 3 Registration.lnk]
    path=c:\documents and settings\David\Menú Inicio\Programas\Inicio\RollerCoaster Tycoon 3 Registration.lnk
    backup=c:\windows\pss\RollerCoaster Tycoon 3 Registration.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
    c:\windows\system32\dumprep 0 -k [X]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2010-03-24 18:17 952768 ----a-w- c:\archivos de programa\Archivos comunes\Adobe\ARM\1.0\AdobeARM.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2010-04-02 18:05 40368 ----a-w- c:\archivos de programa\Adobe\Reader 8.0\Reader\reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
    2007-10-18 09:34 5724184 ----a-w- c:\archivos de programa\Windows Live\Messenger\msnmsgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
    2007-10-20 00:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
    2007-10-20 00:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "NMIndexingService"=3 (0x3)
    "Nero BackItUp Scheduler 3"=2 (0x2)
    "ekrn"=2 (0x2)
    "EhttpSrv"=3 (0x3)
    "usnjsvc"=3 (0x3)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "Adobe Reader Speed Launcher"="c:\archivos de programa\Adobe\Reader 8.0\Reader\Reader_sl.exe"

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Archivos de programa\\uTorrent\\uTorrent.exe"=
    "c:\\Archivos de programa\\Messenger\\msmsgs.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Archivos de programa\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Archivos de programa\\Windows Live\\Messenger\\livecall.exe"=
    "c:\\Archivos de programa\\Mozilla Firefox\\firefox.exe"=
    "c:\\Archivos de programa\\Bonjour\\mDNSResponder.exe"=
    "c:\\Games\\FreeSpace2\\fs2_open_3_6_9.exe"=
    "c:\\Archivos de programa\\OrangeBox\\hl2.exe"=
    "c:\\Archivos de programa\\Valve\\Steam\\SteamApps\\User\\Half-Life 2\\hl2.exe"=
    "c:\\Archivos de programa\\bmoworld\\BomberMan.exe"=
    "c:\\Archivos de programa\\Worms 4\\WORMS 4 MAYHEM.EXE"=
    "c:\\Program Files\\Fantasy Grounds II\\FantasyGrounds.exe"=
    "c:\\Documents and Settings\\David\\Escritorio\\Utilidades\\eclipse\\eclipse.exe"=
    "c:\\Archivos de programa\\Ventrilo\\Ventrilo.exe"=
    "c:\\Archivos de programa\\VentSrv\\ventrilo_srv.exe"=
    "c:\\Archivos de programa\\Valve\\Steam\\SteamApps\\drascin\\team fortress 2\\hl2.exe"=
    "c:\\Archivos de programa\\CAPCOM\\STREETFIGHTERIV\\StreetFighterIV.exe"=
    "c:\\Archivos de programa\\Java\\jre6\\bin\\javaw.exe"=
    "c:\\Archivos de programa\\Java\\jre6\\bin\\java.exe"=
    "c:\\Archivos de programa\\mIRC\\mirc.exe"=
    "c:\\Archivos de programa\\Dragon Age\\bin_ship\\daorigins.exe"=
    "c:\\Archivos de programa\\Dragon Age\\DAOriginsLauncher.exe"=
    "c:\\Archivos de programa\\Dragon Age\\bin_ship\\daupdatersvc.service.exe"=
    "c:\\Archivos de programa\\Valve\\Steam\\SteamApps\\common\\baboinvasion\\BaboInvasion.exe"=
    "c:\\Archivos de programa\\Valve\\Steam\\SteamApps\\common\\deus ex\\System\\DeusEx.exe"=
    "c:\\Archivos de programa\\Valve\\Steam\\SteamApps\\common\\defensegridtheawakening\\DefenseGrid.exe"=
    "p:\\Archivos de programa\\GreedyTorrent\\GTor.exe"=
    "p:\\Archivos de programa\\CAPCOM\\LOSTPLANETCOLONIES\\LostPlanetColoniesDX9.exe"=
    "p:\\Archivos de programa\\CAPCOM\\LOSTPLANETCOLONIES\\LostPlanetColoniesDX10.exe"=

    R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [30/06/2008 10:19 114768]
    R1 SASDIFSV;SASDIFSV;c:\archivos de programa\SUPERAntiSpyware\sasdifsv.sys [17/02/2010 11:25 12872]
    R1 SASKUTIL;SASKUTIL;c:\archivos de programa\SUPERAntiSpyware\SASKUTIL.SYS [17/02/2010 11:15 66632]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [30/06/2008 10:19 20560]
    R3 MayPro;TigerGame SuperJoy Box Pro Filter Service;c:\windows\system32\drivers\Maypro.sys [24/03/2010 16:06 11904]
    S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [22/11/2008 12:41 721904]
    S2 hklkqgnd;USB Bus rd908 Controller;c:\windows\System32\svchost.exe -k netsvcs [20/10/2007 2:00 14336]
    S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [28/11/2008 0:04 16512]
    S3 DAUpdaterSvc;Dragon Age: Origins - Programa de actualización de contenido;c:\archivos de programa\Dragon Age\bin_ship\daupdatersvc.service.exe [06/11/2009 20:07 25832]
    S3 pnx;PS NGC XBOX Filter Service;c:\windows\system32\drivers\pnx.sys [04/02/2010 13:49 13824]
    S3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [22/10/2009 20:16 16456]
    S3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [22/10/2009 20:16 11088]
    S3 SASENUM;SASENUM;c:\archivos de programa\SUPERAntiSpyware\SASENUM.SYS [17/02/2010 11:15 12872]
    S3 ZD1211U(3COM Corporation);3COM OfficeConnect Wireless 11g Compact USB Adapter(3COM Corporation);c:\windows\system32\DRIVERS\zd1211u.sys --> c:\windows\system32\DRIVERS\zd1211u.sys [?]

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    hklkqgnd
    .
    .
    ------- Supplementary Scan -------
    .
    uInternet Settings,ProxyOverride = *.local
    IE: Enlace de descarga usando Mega Manager... - c:\archivos de programa\Megaupload\Mega Manager\mm_file.htm
    TCP: {02C46A71-9ADD-43D5-A6A7-DF94A45B5638} = 62.151.2.8,62.151.8.100
    TCP: {7E19EB13-7095-4389-94B4-AA9ECDEDB683} = 62.14.4.64,62.14.4.65
    FF - ProfilePath - c:\documents and settings\David\Datos de programa\Mozilla\Firefox\Profiles\2nt5v8yv.default\
    FF - component: c:\documents and settings\David\Datos de programa\Mozilla\Firefox\Profiles\2nt5v8yv.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
    FF - plugin: c:\archivos de programa\Download Manager\npfpdlm.dll
    FF - plugin: c:\archivos de programa\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
    FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nppl3260.dll
    FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprjplug.dll
    FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprpjplug.dll

    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.homepage.dontask - truec:\archivos de programa\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
    c:\archivos de programa\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
    c:\archivos de programa\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
    c:\archivos de programa\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
    c:\archivos de programa\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
    c:\archivos de programa\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
    c:\archivos de programa\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
    c:\archivos de programa\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
    c:\archivos de programa\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
    c:\archivos de programa\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
    c:\archivos de programa\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
    c:\archivos de programa\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
    c:\archivos de programa\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
    c:\archivos de programa\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
    c:\archivos de programa\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
    c:\archivos de programa\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
    c:\archivos de programa\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
    c:\archivos de programa\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
    c:\archivos de programa\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
    c:\archivos de programa\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
    c:\archivos de programa\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
    c:\archivos de programa\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
    c:\archivos de programa\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
    c:\archivos de programa\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
    c:\archivos de programa\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
    c:\archivos de programa\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
    c:\archivos de programa\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
    c:\archivos de programa\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
    c:\archivos de programa\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
    c:\archivos de programa\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
    c:\archivos de programa\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
    c:\archivos de programa\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
    .
    - - - - ORPHANS REMOVED - - - -

    BHO-{639E374D-0FC4-466E-9C9C-32010A87088F} - (no file)



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-04-20 21:22
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(732)
    c:\archivos de programa\SUPERAntiSpyware\SASWINLO.dll
    .
    Completion time: 2010-04-20 21:26:20
    ComboFix-quarantined-files.txt 2010-04-20 19:26
    ComboFix2.txt 2010-04-19 22:15

    Pre-Run: 27.631.054.848 bytes libres
    Post-Run: 27.601.117.184 bytes libres

    - - End Of File - - 03517EEE1F5068F057D1FDAD61CC3C24


    =============================================0

    And here's the Maxlook log

    Code:
    Run from C:\Documents and Settings\David\Escritorio\maxlook.exe on 20/04/2010 at 21:46:52,89
    
    --------- maxlook unsigned files ---------
    
    c:\windows\maxdriver\ASPI32.SYS:
        Verified:    Unsigned
        File date:    10:05 17/07/2002
        Publisher:    Adaptec
        Description:    ASPI for WIN32 Kernel Driver
        Product:    Adaptec's ASPI Layer
        Version:    4.71 (0002)
        File version:    4.71 (0002) built by: WinDDK
    c:\windows\maxdriver\ATITool.sys:
        Verified:    Unsigned
        File date:    0:58 31/05/2005
        Publisher:    W1zzard
        Description:    ATITool Low-Level Driver
        Product:    ATITool Driver
        Version:    1.10
        File version:    1.10
    c:\windows\maxdriver\BrScnUsb.sys:
        Verified:    Unsigned
        File date:    12:50 15/10/2004
        Publisher:    Brother Industries Ltd.
        Description:    Brother USB Scanner Driver
        Product:    Brother MFC Scanner
        Version:    5.00.2195.1620
        File version:    1,0,2,1
    c:\windows\maxdriver\Maypro.sys:
        Verified:    Unsigned
        File date:    21:54 10/12/2009
        Publisher:    TigerGame.,Ltd
        Description:    Programmable Psx Pad Filter Driver
        Product:    
        Version:    1, 0, 0, 0
        File version:    1, 0, 0, 1
    c:\windows\maxdriver\mcdbus.sys:
        Verified:    Unsigned
        File date:    18:19 28/07/2008
        Publisher:    MagicISO, Inc.
        Description:    MagicISO SCSI Host Controller
        Product:    MagicISO SCSI Host Controller
        Version:    2.7.105.132
        File version:    2.7.105.132
    c:\windows\maxdriver\nchssvad.sys:
        Verified:    Unsigned
        File date:    0:15 28/11/2008
        Publisher:    NCH Swift Sound
        Description:    Virtual Audio Device
        Product:    NCH Swift Sound Virtual Audio Device
        Version:    1.0.0.0
        File version:    1.0.0.0
    c:\windows\maxdriver\pcouffin.sys:
        Verified:    Unsigned
        File date:    10:52 02/10/2008
        Publisher:    VSO Software
        Description:    low level access layer for CD/DVD/BD devices
        Product:    Patin couffin engine
        Version:    1.37
        File version:    1.37
    c:\windows\maxdriver\pnx.sys:
        Verified:    Unsigned
        File date:    1:12 27/11/2007
        Publisher:    TigerGame.,Ltd
        Description:    Programmable Psx Pad Filter Driver
        Product:    
        Version:    1, 0, 0, 0
        File version:    1, 0, 0, 1
    c:\windows\maxdriver\Xpad.sys:
        Verified:    Unsigned
        File date:    18:04 11/05/2006
        Publisher:    Beijing WiseGrup.,Ltd (gamepad.yeah.net)
        Description:    Xbox Gamepad USB Driver
        Product:    Xbox Gamepad USB Driver
        Version:    1.00
        File version:    1.00 built by: WinDDK
    
    --------- system32\drivers unsigned files ---------
    
    c:\windows\system32\drivers\ASPI32.SYS:
        Verified:    Unsigned
        File date:    10:05 17/07/2002
        Publisher:    Adaptec
        Description:    ASPI for WIN32 Kernel Driver
        Product:    Adaptec's ASPI Layer
        Version:    4.71 (0002)
        File version:    4.71 (0002) built by: WinDDK
    c:\windows\system32\drivers\ATITool.sys:
        Verified:    Unsigned
        File date:    0:58 31/05/2005
        Publisher:    W1zzard
        Description:    ATITool Low-Level Driver
        Product:    ATITool Driver
        Version:    1.10
        File version:    1.10
    c:\windows\system32\drivers\BrScnUsb.sys:
        Verified:    Unsigned
        File date:    12:50 15/10/2004
        Publisher:    Brother Industries Ltd.
        Description:    Brother USB Scanner Driver
        Product:    Brother MFC Scanner
        Version:    5.00.2195.1620
        File version:    1,0,2,1
    c:\windows\system32\drivers\Maypro.sys:
        Verified:    Unsigned
        File date:    21:54 10/12/2009
        Publisher:    TigerGame.,Ltd
        Description:    Programmable Psx Pad Filter Driver
        Product:    
        Version:    1, 0, 0, 0
        File version:    1, 0, 0, 1
    c:\windows\system32\drivers\mcdbus.sys:
        Verified:    Unsigned
        File date:    18:19 28/07/2008
        Publisher:    MagicISO, Inc.
        Description:    MagicISO SCSI Host Controller
        Product:    MagicISO SCSI Host Controller
        Version:    2.7.105.132
        File version:    2.7.105.132
    c:\windows\system32\drivers\nchssvad.sys:
        Verified:    Unsigned
        File date:    0:15 28/11/2008
        Publisher:    NCH Swift Sound
        Description:    Virtual Audio Device
        Product:    NCH Swift Sound Virtual Audio Device
        Version:    1.0.0.0
        File version:    1.0.0.0
    c:\windows\system32\drivers\pcouffin.sys:
        Verified:    Unsigned
        File date:    10:52 02/10/2008
        Publisher:    VSO Software
        Description:    low level access layer for CD/DVD/BD devices
        Product:    Patin couffin engine
        Version:    1.37
        File version:    1.37
    c:\windows\system32\drivers\pnx.sys:
        Verified:    Unsigned
        File date:    1:12 27/11/2007
        Publisher:    TigerGame.,Ltd
        Description:    Programmable Psx Pad Filter Driver
        Product:    
        Version:    1, 0, 0, 0
        File version:    1, 0, 0, 1
    c:\windows\system32\drivers\sptd.sys:
        Verified:    Error accessing file
        Publisher:    n/a
        Description:    n/a
        Product:    n/a
        Version:    n/a
        File version:    n/a
    c:\windows\system32\drivers\Xpad.sys:
        Verified:    Unsigned
        File date:    18:04 11/05/2006
        Publisher:    Beijing WiseGrup.,Ltd (gamepad.yeah.net)
        Description:    Xbox Gamepad USB Driver
        Product:    Xbox Gamepad USB Driver
        Version:    1.00
        File version:    1.00 built by: WinDDK
    
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/917629

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice