[RESOLVED] W7 Machine w/ a lot of infected files

Printable View

Show 40 post(s) from this thread on one page

September 15th, 2010, 12:45 PM
Waldos

The computer moves so smooth! ComboFix is awsome!
I not belive it. Thank you Broni! :)

Whats the next step ? (let me guess... the ComboFix script?)

I really wanna know how to do that (the ComboFix script and the OTL custom scan) :(
September 15th, 2010, 07:57 PM
Broni
1. Please open Notepad
- Click Start , then Run
- Type notepad .exe in the Run Box.
2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code:

DirLook:: C:\32788R22FWJFW Registry:: [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=-

3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

https://discussions.virtualdr.com/im.../2016/03/2.gif

6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
- Combofix.txt
September 16th, 2010, 07:08 PM
Waldos

ComboFix 10-09-16.04 - Bruno 16/09/2010 17:28:18.2.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.52.3082.18.2047.1120 [GMT -5:00]
Running from: c:\users\Bruno\Desktop\ComboFix.exe
Command switches used :: c:\users\Bruno\Desktop\CFScript.txt
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Bruno\AppData\Local\Temp\SolidWorksLicTemp.0001.dir.0000\~deb294.tmp
c:\users\Bruno\AppData\Local\Temp\SolidWorksLicTemp.0001.dir.0000\~df394b.tmp

.
((((((((((((((((((((((((( Files Created from 2010-08-16 to 2010-09-16 )))))))))))))))))))))))))))))))
.

2010-09-16 22:46 . 2010-09-16 22:46 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2010-09-16 22:46 . 2010-09-16 22:46 -------- d-----w- c:\users\TEMP\AppData\Local\temp
2010-09-16 22:46 . 2010-09-16 22:46 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-09-16 22:46 . 2010-09-16 22:46 -------- d-----w- c:\users\Invitado\AppData\Local\temp
2010-09-16 22:46 . 2010-09-16 22:46 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-09-16 22:46 . 2010-09-16 22:46 -------- d-----w- c:\users\CURRENT_USER\AppData\Local\temp
2010-09-16 22:46 . 2010-09-16 22:46 -------- d-----w- c:\users\Arturo\AppData\Local\temp
2010-09-13 22:14 . 2010-09-13 22:14 -------- d-----w- c:\program files\LogoJet
2010-09-13 19:09 . 2010-09-13 19:09 -------- d-----w- c:\windows\Downloaded Installations
2010-09-08 23:30 . 2010-09-08 23:30 -------- d-----w- c:\users\Bruno\AppData\Roaming\InstallShield
2010-08-28 21:16 . 2010-08-28 21:16 -------- d-----w- c:\program files\Microsoft Synchronization Services
2010-08-28 21:15 . 2010-08-28 21:15 -------- d-----w- c:\windows\PCHEALTH
2010-08-28 21:15 . 2010-08-28 21:15 -------- d-----w- c:\program files\Microsoft Sync Framework
2010-08-28 21:15 . 2010-08-28 21:15 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-08-28 19:19 . 2010-08-28 19:19 -------- d-----w- c:\program files\Microsoft Analysis Services
2010-08-28 19:17 . 2010-08-28 19:17 -------- d-----r- C:\MSOCache
2010-08-27 01:30 . 2010-08-27 02:01 -------- d-----w- C:\temp
2010-08-26 15:01 . 2010-08-26 15:01 -------- d-----w- c:\users\Arturo\AppData\Roaming\Malwarebytes
2010-08-23 15:51 . 2010-08-23 15:51 -------- d-----w- c:\users\Bruno\AppData\Roaming\Malwarebytes
2010-08-23 15:50 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-23 15:50 . 2010-08-23 15:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-23 15:50 . 2010-08-23 15:50 -------- d-----w- c:\programdata\Malwarebytes
2010-08-23 15:50 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-20 12:44 . 2010-09-15 15:49 -------- d-----w- c:\users\TEMP
2010-08-19 22:36 . 2010-08-19 22:36 -------- d-----w- c:\windows\system32\%LOCALAPPDATA%
2010-08-19 22:35 . 2010-08-19 22:35 -------- d-sh--w- c:\windows\system32\%APPDATA%
2010-08-19 22:34 . 2010-08-19 22:34 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Roaming\IM
2010-08-19 22:09 . 2010-08-19 22:09 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Roaming\SolidWorks 2009
2010-08-19 22:09 . 2010-08-20 07:28 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Roaming\SolidWorks
2010-08-19 22:08 . 2010-08-19 22:23 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Roaming\AdobeUM
2010-08-19 22:06 . 2010-08-19 22:08 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\Adobe
2010-08-19 22:05 . 2010-08-19 22:05 -------- d-----w- c:\users\Default\AppData\Local\Symantec

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-16 22:06 . 2009-07-14 08:48 729666 ----a-w- c:\windows\system32\perfh00A.dat
2010-09-16 22:06 . 2009-07-14 08:48 151724 ----a-w- c:\windows\system32\perfc00A.dat
2010-09-16 19:47 . 2010-07-19 18:58 -------- d-----w- c:\users\Bruno\AppData\Roaming\SolidWorks
2010-09-16 18:24 . 2010-07-19 20:47 -------- d-----w- c:\users\Bruno\AppData\Roaming\IM
2010-09-07 17:31 . 2010-07-19 14:23 122088 ----a-w- c:\users\Bruno\AppData\Local\GDIPFONTCACHEV1.DAT
2010-09-07 17:13 . 2010-04-12 13:58 -------- d-----w- c:\programdata\Microsoft Help
2010-09-07 17:09 . 2009-07-14 04:52 -------- d-----w- c:\program files\MSBuild
2010-08-13 15:36 . 2010-04-12 20:15 -------- d-----w- c:\users\Arturo\AppData\Roaming\SolidWorks
2010-08-13 15:33 . 2010-04-10 20:18 -------- d-----w- c:\users\Arturo\AppData\Roaming\IM
2010-08-12 13:57 . 2010-08-12 13:57 -------- d-----w- c:\users\Arturo\AppData\Roaming\AdobeUM
2010-08-09 18:39 . 2010-08-09 18:39 -------- d-----w- c:\programdata\HP
2010-08-09 18:39 . 2010-08-09 18:39 -------- d-----w- c:\programdata\Hewlett-Packard
2010-08-09 18:37 . 2010-08-09 18:37 -------- d-----w- c:\programdata\HPSSUPPLY
2010-08-09 18:37 . 2010-08-07 00:20 -------- d-----w- c:\program files\HP
2010-08-07 00:20 . 2010-08-07 00:20 -------- d-----w- c:\users\Bruno\AppData\Roaming\HP
2010-08-04 16:12 . 2010-08-04 16:12 -------- d-----w- c:\program files\Common Files\Rockwell
2010-08-04 16:12 . 2010-08-04 14:12 -------- d-----w- c:\program files\Rockwell Software
2010-08-03 19:24 . 2010-04-10 20:13 122088 ----a-w- c:\users\Arturo\AppData\Local\GDIPFONTCACHEV1.DAT
2010-08-03 15:46 . 2010-08-03 15:46 -------- d-----w- c:\program files\Microsoft Silverlight
2010-08-03 12:24 . 2010-08-03 12:24 -------- d-----w- c:\users\Bruno\AppData\Roaming\DassaultSystemes
2010-08-03 12:24 . 2010-08-03 12:24 -------- d-----w- c:\programdata\DassaultSystemes
2010-08-03 00:10 . 2010-08-03 00:10 -------- d-----w- c:\program files\Cobian Backup 10
2010-07-30 16:35 . 2010-07-30 16:35 -------- d-----w- c:\users\Bruno\AppData\Roaming\AdobeUM
2010-07-30 15:15 . 2010-07-30 15:15 -------- d-----w- c:\programdata\Adobe Systems
2010-07-30 15:14 . 2010-07-30 15:14 -------- d-----w- c:\program files\Common Files\Adobe Systems Shared
2010-07-30 15:14 . 2010-04-12 13:54 -------- d-----w- c:\program files\Common Files\Adobe
2010-07-29 17:57 . 2010-07-29 17:57 -------- d-----w- c:\program files\TheLearningPit
2010-07-27 21:12 . 2010-07-27 21:12 -------- d-----w- c:\users\Bruno\AppData\Roaming\SolidWorks 2009
2010-07-20 13:55 . 2010-07-20 13:55 0 ----a-w- c:\windows\nsreg.dat
2010-07-19 23:06 . 2010-07-19 23:03 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-07-19 23:05 . 2010-07-19 23:03 -------- d-----w- c:\programdata\Symantec
2010-07-19 23:04 . 2010-07-19 23:03 7456 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-07-19 23:04 . 2010-07-19 23:03 -------- d-----w- c:\program files\Symantec
2010-07-19 23:04 . 2010-07-19 23:03 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-07-19 23:04 . 2010-07-19 23:03 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-07-19 18:22 . 2010-07-19 18:22 -------- d-----w- c:\users\Bruno\AppData\Roaming\DWGeditor
2010-07-17 01:15 . 2009-07-13 23:36 13824 ----a-w- c:\windows\system32\slwga.dll
2010-07-17 01:15 . 2009-07-13 23:24 811520 ----a-w- c:\windows\system32\user32.dll
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of C:\32788R22FWJFW ----

------- Sigcheck -------

[-] 2010-07-17 . 7BD7F45FF37FA0669CD32CA0EF46E22C . 811520 . . [6.1.7600.16385] . . c:\windows\System32\user32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2010-07-19 115560]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 483328]
"Cobian Backup 10 Interface"="c:\program files\Cobian Backup 10\cbInterface.exe" [2010-07-13 3152384]
"HPUsageTrackingLEDM"="c:\program files\HP\HP UT LEDM\bin\hppusg.exe" [2009-08-04 30264]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]

c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Motor del Programador de tareas de SolidWorks.lnk - c:\program files\SolidWorks Corp\SolidWorks\swScheduler\swBOEngine.exe [2008-9-9 841000]

c:\users\Bruno\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Motor del Programador de tareas de SolidWorks.lnk - c:\program files\SolidWorks Corp\SolidWorks\swScheduler\swBOEngine.exe [2008-9-9 841000]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2010-7-30 25214]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"

R3 CoordinatorServiceHost;SW Distributed TS Coordinator Service;c:\program files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe [2008-09-09 79144]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R3 WatAdminSvc;Servicio de tecnologías de activación de Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-12 1343400]
R3 WSDPrintDevice;Soporte de impresión WSD a través de UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 17920]
R4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2005-09-23 2799808]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-18 176128]
S2 cbVSCService;Cobian Backup 10 Volume Shadow Copy service;c:\program files\Cobian Backup 10\cbVSCService.exe [2010-07-13 67584]
S2 CobianBackup10;Cobian Backup 10;c:\program files\Cobian Backup 10\cbService.exe [2010-07-13 1125376]
S2 HP LaserJet Service;HP LaserJet Service;c:\program files\HP\HPLaserJetService\HPLaserJetService.exe [2009-06-24 136704]
S2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe [2009-11-10 99896]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-07-19 102448]
S3 netr28u;Compact Wireless-G USB Network Adapter;c:\windows\system32\DRIVERS\netr28u.sys [2010-04-10 734208]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-08-19 189440]
S3 VST_DPV;VST_DPV;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
S3 VSTHWBS2;VSTHWBS2;c:\windows\system32\DRIVERS\VSTBS23.SYS [2009-07-13 266752]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]

.
.
------- Supplementary Scan -------
.
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
FF - ProfilePath - c:\users\Bruno\AppData\Roaming\Mozilla\Firefox\Profiles\wudjiduz.default\
FF - prefs.js: network.proxy.http - 206.64.92.16
FF - prefs.js: network.proxy.http_port - 8000
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\progra~1\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\MICROS~2\Office14\NPSPWRAP.DLL

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(1756)
c:\program files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\atieclxx.exe
c:\program files\Symantec\Symantec Endpoint Protection\Smc.exe
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
c:\windows\system32\taskhost.exe
c:\program files\Symantec\Symantec Endpoint Protection\SmcGui.exe
c:\windows\system32\conhost.exe
c:\users\Bruno\AppData\Local\Temp\SolidWorksLicTemp.0001
c:\program files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2010-09-16 18:03:19 - machine was rebooted
ComboFix-quarantined-files.txt 2010-09-16 23:03
ComboFix2.txt 2010-09-15 15:49

Pre-Run: 106,225,799,168 bytes libres
Post-Run: 106,242,646,016 bytes libres

- - End Of File - - 7E2266DC190DB51E2A894E8D58095901
September 16th, 2010, 07:14 PM
Waldos

Woow... how do you do that? :D
I really wanna know jeje *-*

And now the next step is the OTL? :p (jajaja im a big fan ._.)
September 16th, 2010, 09:31 PM
Broni
Quote:

how do you do that?
I really wanna know jeje *-*

Just years of practice :)

Quote:

And now the next step is the OTL? (jajaja im a big fan ._.)

Hahaha....

Download OTL to your Desktop.
- Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
- Under the Custom Scan box paste this in:
netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop
- Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
September 17th, 2010, 10:47 AM
Waldos

OTL 1st part

OTL logfile created on: 17/09/2010 09:09:32 a.m. - Run 1
OTL by OldTimer - Version 3.2.12.1 Folder = C:\Users\Bruno\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 0000080a | Country: MÃ©xico | Language: ESM | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 62.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 148.95 Gb Total Space | 98.19 Gb Free Space | 65.92% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 7.45 Gb Total Space | 4.56 Gb Free Space | 61.13% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive R: | 149.05 Gb Total Space | 67.22 Gb Free Space | 45.10% Space Free | Partition Type: NTFS

Computer Name: INGENIERIA05
Current User Name: Bruno
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/09/17 09:05:27 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Bruno\Desktop\OTL.exe
PRC - [2010/09/17 07:00:21 | 000,059,964 | ---- | M] (Macrovision Europe Ltd.) -- C:\Users\Bruno\AppData\Local\Temp\SolidWorksLicTemp.0001
PRC - [2010/07/19 11:37:26 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Archivos de programa\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2010/07/19 11:37:24 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Archivos de programa\Common Files\Symantec Shared\ccApp.exe
PRC - [2010/07/19 11:37:22 | 001,831,024 | ---- | M] (Symantec Corporation) -- C:\Archivos de programa\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2010/07/13 10:53:20 | 003,152,384 | ---- | M] (Luis Cobian, CobianSoft) -- C:\Archivos de programa\Cobian Backup 10\cbInterface.exe
PRC - [2010/07/13 10:53:18 | 001,125,376 | ---- | M] (Luis Cobian, CobianSoft) -- C:\Archivos de programa\Cobian Backup 10\cbService.exe
PRC - [2010/07/13 10:45:40 | 000,067,584 | ---- | M] (CobianSoft, Luis Cobian) -- C:\Archivos de programa\Cobian Backup 10\cbVSCService.exe
PRC - [2010/04/10 15:20:01 | 000,079,360 | ---- | M] (SolidWorks) -- C:\Archivos de programa\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
PRC - [2010/01/09 21:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) -- C:\Archivos de programa\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
PRC - [2009/11/09 21:57:54 | 000,099,896 | R--- | M] (HP) -- C:\Windows\System32\HPSIsvc.exe
PRC - [2009/10/31 00:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/08/18 02:36:36 | 000,348,160 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2009/08/18 02:36:08 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2009/07/13 20:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) -- C:\Archivos de programa\Windows Media Player\wmpnetwk.exe
PRC - [2009/07/13 20:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/13 20:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sppsvc.exe
PRC - [2009/07/13 20:14:12 | 000,100,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe
PRC - [2009/06/24 10:57:04 | 000,136,704 | ---- | M] (HP) -- C:\Archivos de programa\HP\HPLaserJetService\HPLaserJetService.exe
PRC - [2008/09/09 06:01:34 | 000,841,000 | ---- | M] (Dassault SystÃ¨mes SolidWorks Corp.) -- C:\Archivos de programa\SolidWorks Corp\SolidWorks\swScheduler\swBOEngine.exe
PRC - [2004/12/14 02:12:02 | 000,483,328 | ---- | M] (Adobe Systems Inc.) -- C:\Archivos de programa\Adobe\Acrobat 7.0\Distillr\acrotray.exe

========== Modules (SafeList) ==========

MOD - [2010/09/17 09:05:27 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Bruno\Desktop\OTL.exe
MOD - [2010/07/19 11:37:28 | 000,353,608 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\sysfer.dll
MOD - [2009/07/13 20:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009/07/13 20:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009/07/13 20:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009/07/13 20:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009/07/13 20:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009/07/13 20:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009/07/13 20:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009/07/13 20:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
MOD - [2009/07/13 20:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
MOD - [2009/07/13 20:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - [2010/07/19 11:37:26 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2010/07/19 11:37:26 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2010/07/19 11:37:22 | 001,881,368 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2010/07/19 11:37:22 | 001,831,024 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2010/07/19 11:37:22 | 000,349,512 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC)
SRV - [2010/07/13 10:53:18 | 001,125,376 | ---- | M] (Luis Cobian, CobianSoft) [Auto | Running] -- C:\Archivos de programa\Cobian Backup 10\cbService.exe -- (CobianBackup10)
SRV - [2010/07/13 10:45:40 | 000,067,584 | ---- | M] (CobianSoft, Luis Cobian) [Auto | Running] -- C:\Archivos de programa\Cobian Backup 10\cbVSCService.exe -- (cbVSCService)
SRV - [2010/04/12 16:43:46 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/04/10 15:20:01 | 000,079,360 | ---- | M] (SolidWorks) [On_Demand | Running] -- C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service)
SRV - [2010/03/25 10:25:22 | 030,969,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2010/02/17 10:53:18 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Archivos de programa\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2010/01/09 21:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009/11/09 21:57:54 | 000,099,896 | R--- | M] (HP) [Auto | Running] -- C:\Windows\System32\HPSIsvc.exe -- (HPSIService)
SRV - [2009/08/18 02:36:08 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009/07/13 20:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009/07/13 20:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009/07/13 20:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009/07/13 20:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009/07/13 20:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009/07/13 20:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 20:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 20:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009/07/13 20:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009/07/13 20:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/13 20:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009/07/13 20:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Archivos de programa\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/13 20:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009/07/13 20:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/07/13 20:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/13 20:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009/07/13 20:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009/07/13 20:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) Instalador de ActiveX (AxInstSV)
SRV - [2009/07/13 20:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009/07/13 20:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
SRV - [2009/06/24 10:57:04 | 000,136,704 | ---- | M] (HP) [Auto | Running] -- C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe -- (HP LaserJet Service)
SRV - [2008/09/09 06:01:32 | 000,079,144 | ---- | M] (Dassault SystÃ¨mes SolidWorks Corp.) [On_Demand | Stopped] -- C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe -- (CoordinatorServiceHost)
SRV - [2005/09/23 07:01:16 | 002,799,808 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon80)
September 17th, 2010, 11:29 AM
Waldos

OTL 2nd part

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Bruno\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2010/09/02 13:06:08 | 001,362,608 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20100916.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/09/02 13:06:08 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Archivos de programa\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/09/02 13:06:08 | 000,085,424 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20100916.002\NAVENG.SYS -- (NAVENG)
DRV - [2010/07/19 18:33:17 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Archivos de programa\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/07/19 18:04:07 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/07/19 11:37:26 | 000,320,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2010/07/19 11:37:26 | 000,283,184 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP)
DRV - [2010/07/19 11:37:26 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2010/07/19 11:37:26 | 000,043,336 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\WPSDRVnt.sys -- (WPS)
DRV - [2010/07/19 11:37:24 | 000,097,096 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SYSTEM32\Drivers\SysPlant.sys -- (SysPlant)
DRV - [2010/07/19 11:37:24 | 000,067,472 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Teefer2.sys -- (Teefer2)
DRV - [2010/07/19 11:37:16 | 000,421,424 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Archivos de programa\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2010/07/19 11:37:16 | 000,188,080 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2010/07/19 11:37:16 | 000,026,416 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2010/06/02 19:59:06 | 000,161,920 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wpshelper.sys -- (WpsHelper)
DRV - [2010/04/10 15:23:11 | 000,734,208 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netr28u.sys -- (netr28u)
DRV - [2009/12/11 02:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2009/08/19 09:04:54 | 000,189,440 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rt86win7.sys -- (RTL8167)
DRV - [2009/08/18 03:48:06 | 004,994,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009/07/13 20:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
DRV - [2009/07/13 20:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
DRV - [2009/07/13 20:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
DRV - [2009/07/13 20:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV - [2009/07/13 20:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2009/07/13 20:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
DRV - [2009/07/13 20:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
DRV - [2009/07/13 20:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
DRV - [2009/07/13 20:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)
DRV - [2009/07/13 20:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
DRV - [2009/07/13 20:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
DRV - [2009/07/13 20:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
DRV - [2009/07/13 20:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV - [2009/07/13 20:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
DRV - [2009/07/13 20:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
DRV - [2009/07/13 20:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
DRV - [2009/07/13 20:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2009/07/13 20:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
DRV - [2009/07/13 20:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV - [2009/07/13 20:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV - [2009/07/13 20:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
DRV - [2009/07/13 20:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV - [2009/07/13 20:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
DRV - [2009/07/13 20:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
DRV - [2009/07/13 20:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
DRV - [2009/07/13 20:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV - [2009/07/13 20:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
DRV - [2009/07/13 20:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009/07/13 20:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
DRV - [2009/07/13 20:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009/07/13 20:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
DRV - [2009/07/13 20:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/13 20:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
DRV - [2009/07/13 20:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV - [2009/07/13 20:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV - [2009/07/13 20:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
DRV - [2009/07/13 20:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
DRV - [2009/07/13 20:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
DRV - [2009/07/13 20:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
DRV - [2009/07/13 20:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV - [2009/07/13 20:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
DRV - [2009/07/13 19:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2009/07/13 19:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2009/07/13 19:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus)
DRV - [2009/07/13 19:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV - [2009/07/13 18:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV - [2009/07/13 18:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV - [2009/07/13 18:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV - [2009/07/13 18:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/13 18:52:04 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vwififlt.sys -- (vwififlt)
DRV - [2009/07/13 18:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009/07/13 18:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\1394ohci.sys -- (1394ohci)
DRV - [2009/07/13 18:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)
DRV - [2009/07/13 18:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV - [2009/07/13 18:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV - [2009/07/13 18:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
DRV - [2009/07/13 18:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
DRV - [2009/07/13 18:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV - [2009/07/13 18:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 18:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/13 18:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2009/07/13 18:19:21 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HidBatt.sys -- (HidBatt)
DRV - [2009/07/13 18:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
DRV - [2009/07/13 18:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)
DRV - [2009/07/13 17:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 17:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2009/07/13 17:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2009/07/13 17:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2009/07/13 17:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
DRV - [2009/07/13 17:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
DRV - [2009/07/13 17:13:47 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VSTBS23.SYS -- (VSTHWBS2)
DRV - [2009/07/13 17:13:46 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VSTDPV3.SYS -- (VST_DPV)
DRV - [2009/07/13 17:13:45 | 000,661,504 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VSTCNXT3.SYS -- (winachsf)
DRV - [2009/07/13 17:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2009/07/13 17:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
DRV - [2009/07/13 17:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
DRV - [2007/03/30 14:41:54 | 012,033,024 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\snp2sxp.sys -- (SNP2STD)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = es-mx
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 70 88 7D EA 12 28 CB 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
September 17th, 2010, 11:33 AM
Waldos

OTL 3th part

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.7
FF - prefs.js..extensions.enabledItems: {BB080420-8088-F650-3D47-13799CCD6159}:1.33
FF - prefs.js..network.proxy.http: "206.64.92.16"
FF - prefs.js..network.proxy.http_port: 8000
FF - prefs.js..network.proxy.socks_version: 4
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/09/09 14:41:06 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/09/09 14:41:08 | 000,000,000 | ---D | M]

[2010/07/20 08:55:30 | 000,000,000 | ---D | M] -- C:\Users\Bruno\AppData\Roaming\mozilla\Extensions
[2010/09/15 11:30:01 | 000,000,000 | ---D | M] -- C:\Users\Bruno\AppData\Roaming\mozilla\Firefox\Profiles\wudjiduz.default\extensions
[2010/08/24 16:49:45 | 000,000,000 | ---D | M] (Multiproxy Switch) -- C:\Users\Bruno\AppData\Roaming\mozilla\Firefox\Profiles\wudjiduz.default\extensions\{BB080420-8088-F650-3D47-13799CCD6159}
[2010/07/29 12:41:16 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\Bruno\AppData\Roaming\mozilla\Firefox\Profiles\wudjiduz.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2010/07/20 08:55:09 | 000,000,000 | ---D | M] -- C:\Archivos de programa\Mozilla Firefox\extensions
[2010/06/26 02:47:12 | 000,003,996 | ---- | M] () -- C:\Archivos de programa\Mozilla Firefox\searchplugins\drae.xml
[2010/06/26 02:47:12 | 000,000,751 | ---- | M] () -- C:\Archivos de programa\Mozilla Firefox\searchplugins\eBay-es.xml
[2010/06/26 02:47:12 | 000,001,178 | ---- | M] () -- C:\Archivos de programa\Mozilla Firefox\searchplugins\wikipedia-es.xml
[2010/06/26 02:47:12 | 000,001,102 | ---- | M] () -- C:\Archivos de programa\Mozilla Firefox\searchplugins\yahoo-es.xml

O1 HOSTS File: ([2010/09/16 17:50:26 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Archivos de programa\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Archivos de programa\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Archivos de programa\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Archivos de programa\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Archivos de programa\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [Cobian Backup 10 Interface] C:\Program Files\Cobian Backup 10\cbInterface.exe (Luis Cobian, CobianSoft)
O4 - HKLM..\Run: [HPUsageTrackingLEDM] C:\Program Files\HP\HP UT LEDM\bin\hppusg.exe (Hewlett-Packard Company)
O4 - Startup: C:\Users\Bruno\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Motor del Programador de tareas de SolidWorks.lnk = C:\Archivos de programa\SolidWorks Corp\SolidWorks\swScheduler\swBOEngine.exe (Dassault SystÃ¨mes SolidWorks Corp.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Archivos de programa\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Archivos de programa\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Archivos de programa\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Archivos de programa\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Notas &vinculadas de OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Archivos de programa\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Notas &vinculadas de OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Archivos de programa\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/ge...sh/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Archivos de programa\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Archivos de programa\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Archivos de programa\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Archivos de programa\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation)
NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation)

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
September 17th, 2010, 11:36 AM
Waldos

OTL 4th part

========== Files/Folders - Created Within 90 Days ==========

[2010/09/17 09:05:25 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Bruno\Desktop\OTL.exe
[2010/09/16 19:35:55 | 000,000,000 | ---D | C] -- C:\Users\Bruno\Desktop\Sunshines
[2010/09/16 18:03:24 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010/09/16 17:54:52 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/09/16 17:18:25 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/09/15 21:43:23 | 000,000,000 | ---D | C] -- C:\Users\Bruno\Desktop\Sunshine 130x63704_1 - copia
[2010/09/15 21:42:30 | 000,000,000 | ---D | C] -- C:\Users\Bruno\Desktop\Sunshine 130x63704_1
[2010/09/15 18:55:28 | 000,000,000 | ---D | C] -- C:\Users\Bruno\Desktop\FLINX
[2010/09/15 09:25:40 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/09/15 09:25:40 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/09/15 09:25:40 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/09/15 09:25:25 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/09/15 09:24:48 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/09/14 11:01:49 | 000,000,000 | ---D | C] -- C:\Users\Bruno\Documents\Etiquetas
[2010/09/13 17:14:08 | 000,000,000 | ---D | C] -- C:\Archivos de programa\LogoJet
[2010/09/13 14:09:27 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations
[2010/09/10 14:27:25 | 000,000,000 | ---D | C] -- C:\Users\Bruno\Desktop\fotos
[2010/09/08 18:38:37 | 000,000,000 | ---D | C] -- C:\Users\Bruno\Documents\Dados
[2010/09/08 18:30:53 | 000,000,000 | ---D | C] -- C:\Users\Bruno\AppData\Roaming\InstallShield
[2010/09/08 14:48:42 | 000,000,000 | ---D | C] -- C:\Users\Bruno\Desktop\Bastones
[2010/09/01 09:12:54 | 000,000,000 | ---D | C] -- C:\Users\Bruno\Documents\Marcadora
[2010/08/31 16:10:53 | 000,000,000 | ---D | C] -- C:\Users\Bruno\Desktop\LINX
[2010/08/30 16:33:09 | 000,000,000 | ---D | C] -- C:\Users\Bruno\Desktop\Nueva carpeta
[2010/08/28 18:35:12 | 000,000,000 | ---D | C] -- C:\Users\Bruno\Desktop\trif_mix
[2010/08/28 18:34:11 | 000,000,000 | ---D | C] -- C:\Users\Bruno\Documents\trif_mix - copia
[2010/08/28 18:33:19 | 000,000,000 | ---D | C] -- C:\Users\Bruno\Documents\trif_mix
[2010/08/28 16:16:03 | 000,000,000 | ---D | C] -- C:\Archivos de programa\Microsoft Synchronization Services
[2010/08/28 16:15:27 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2010/08/28 16:15:27 | 000,000,000 | ---D | C] -- C:\Archivos de programa\Microsoft Sync Framework
[2010/08/28 16:15:27 | 000,000,000 | ---D | C] -- C:\Archivos de programa\Microsoft SQL Server Compact Edition
[2010/08/28 15:08:06 | 000,000,000 | ---D | C] -- C:\Users\Bruno\Desktop\8. Office 2010
[2010/08/28 14:19:02 | 000,000,000 | ---D | C] -- C:\Archivos de programa\Microsoft Analysis Services
[2010/08/28 14:17:35 | 000,000,000 | R--D | C] -- C:\MSOCache
[2010/08/26 20:30:02 | 000,000,000 | ---D | C] -- C:\temp
[2010/08/26 13:08:47 | 000,000,000 | ---D | C] -- C:\Users\Bruno\Desktop\Canon Inkjet iP1900 series
[2010/08/23 19:42:47 | 000,000,000 | ---D | C] -- C:\Users\Bruno\Documents\Engranes
[2010/08/23 17:49:41 | 000,000,000 | ---D | C] -- C:\Users\Bruno\Documents\Inventarios
[2010/08/23 11:44:23 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010/08/23 10:51:29 | 000,000,000 | ---D | C] -- C:\Users\Bruno\AppData\Roaming\Malwarebytes
[2010/08/23 10:50:59 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/08/23 10:50:57 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/08/23 10:50:57 | 000,000,000 | ---D | C] -- C:\Archivos de programa\Malwarebytes' Anti-Malware
[2010/08/23 10:50:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/08/19 17:36:17 | 000,000,000 | ---D | C] -- C:\Windows\System32\%LOCALAPPDATA%
[2010/08/19 17:35:38 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
[2010/08/12 19:14:55 | 000,000,000 | ---D | C] -- C:\Users\Bruno\Documents\Fotos
[2010/08/09 13:39:42 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2010/08/09 13:39:37 | 000,000,000 | -HSD | C] -- C:\Windows\ftpcache
[2010/08/09 13:39:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Hewlett-Packard
[2010/08/09 13:37:02 | 000,000,000 | ---D | C] -- C:\ProgramData\HPSSUPPLY
[2010/08/06 19:20:52 | 000,000,000 | ---D | C] -- C:\Archivos de programa\HP
[2010/08/06 19:20:18 | 000,000,000 | ---D | C] -- C:\Users\Bruno\AppData\Roaming\HP
[2010/08/04 16:51:34 | 000,000,000 | ---D | C] -- C:\Users\Bruno\Documents\Manuales
[2010/08/04 11:12:12 | 000,000,000 | ---D | C] -- C:\Archivos de programa\Common Files\Rockwell
[2010/08/04 09:25:47 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt
[2010/08/04 09:12:30 | 000,000,000 | ---D | C] -- C:\Archivos de programa\Rockwell Software
[2010/08/03 10:46:32 | 000,000,000 | ---D | C] -- C:\Archivos de programa\Microsoft Silverlight
[2010/08/03 07:24:35 | 000,000,000 | ---D | C] -- C:\Users\Bruno\AppData\Roaming\DassaultSystemes
[2010/08/03 07:24:35 | 000,000,000 | ---D | C] -- C:\Users\Bruno\AppData\Local\DassaultSystemes
[2010/08/03 07:24:35 | 000,000,000 | ---D | C] -- C:\ProgramData\DassaultSystemes
[2010/08/02 19:10:09 | 000,000,000 | ---D | C] -- C:\Archivos de programa\Cobian Backup 10
[2010/08/02 19:03:43 | 015,427,584 | ---- | C] (Luis Cobian, CobianSoft) -- C:\Users\Bruno\Desktop\cbSetup.exe
[2010/07/30 16:16:47 | 000,000,000 | ---D | C] -- C:\Users\Bruno\Documents\EspÃ¡tulas
[2010/07/30 11:35:42 | 000,000,000 | ---D | C] -- C:\Users\Bruno\AppData\Roaming\AdobeUM
[2010/07/30 10:15:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe Systems
[2010/07/30 10:14:54 | 000,000,000 | ---D | C] -- C:\Archivos de programa\Common Files\Adobe Systems Shared
[2010/07/30 10:06:16 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Adobe PDF
[2010/07/29 14:38:50 | 000,000,000 | ---D | C] -- C:\Users\Bruno\AppData\Local\Dassault_SystÃ¨mes_SolidWo
[2010/07/29 12:58:19 | 000,000,000 | ---D | C] -- C:\Windows\lhsp
[2010/07/29 12:58:14 | 000,000,000 | ---D | C] -- C:\Windows\msagent
[2010/07/29 12:57:50 | 000,000,000 | ---D | C] -- C:\Archivos de programa\TheLearningPit
[2010/07/29 12:41:51 | 000,000,000 | ---D | C] -- C:\Users\Bruno\AppData\Roaming\WinRAR
[2010/07/27 16:12:28 | 000,000,000 | ---D | C] -- C:\Users\Bruno\AppData\Roaming\SolidWorks 2009
[2010/07/26 15:35:52 | 000,000,000 | ---D | C] -- C:\Users\Bruno\Documents\Curso
[2010/07/26 15:31:13 | 000,000,000 | --SD | C] -- C:\Users\Bruno\Documents\My Data Sources
[2010/07/26 13:25:10 | 000,000,000 | ---D | C] -- C:\Users\Bruno\AppData\Local\Microsoft Help
[2010/07/24 13:18:37 | 000,000,000 | ---D | C] -- C:\Users\Bruno\Documents\Base_pruebas
[2010/07/22 13:09:41 | 000,000,000 | ---D | C] -- C:\Users\Bruno\Documents\Chillers
[2010/07/22 11:58:40 | 000,000,000 | ---D | C] -- C:\Users\Bruno\Documents\Luminarias
[2010/07/22 10:53:17 | 000,000,000 | ---D | C] -- C:\Users\Bruno\Documents\Outlook Files
[2010/07/20 19:07:40 | 000,000,000 | ---D | C] -- C:\Users\Bruno\Documents\Calificaciones Norberto
[2010/07/20 16:07:06 | 000,000,000 | ---D | C] -- C:\Users\Bruno\Documents\Cortadora
[2010/07/20 13:20:26 | 000,000,000 | ---D | C] -- C:\Users\Bruno\Documents\Residuos peligrosos
[2010/07/20 13:14:19 | 000,000,000 | ---D | C] -- C:\Users\Bruno\Desktop\Etiquetas de Residuos
[2010/07/20 10:43:55 | 000,000,000 | ---D | C] -- C:\Users\Bruno\Documents\Trampas
[2010/07/20 08:55:20 | 000,000,000 | ---D | C] -- C:\Users\Bruno\AppData\Roaming\Mozilla
[2010/07/20 08:55:20 | 000,000,000 | ---D | C] -- C:\Users\Bruno\AppData\Local\Mozilla
[2010/07/20 08:55:07 | 000,000,000 | ---D | C] -- C:\Archivos de programa\Mozilla Firefox
[2010/07/20 08:53:24 | 000,000,000 | ---D | C] -- C:\Users\Bruno\AppData\Roaming\Macromedia
[2010/07/19 18:05:54 | 000,000,000 | ---D | C] -- C:\Users\Bruno\AppData\Local\Symantec
[2010/07/19 18:05:46 | 000,161,920 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\wpshelper.sys
[2010/07/19 18:04:22 | 000,097,096 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SysPlant.sys
[2010/07/19 18:03:49 | 000,124,976 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2010/07/19 18:03:06 | 000,000,000 | ---D | C] -- C:\Archivos de programa\Common Files\Symantec Shared
[2010/07/19 18:03:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec
[2010/07/19 18:03:06 | 000,000,000 | ---D | C] -- C:\Archivos de programa\Symantec
[2010/07/19 16:35:36 | 000,000,000 | ---D | C] -- C:\Users\Bruno\Documents\Documentos Mauro
[2010/07/19 15:59:27 | 000,000,000 | ---D | C] -- C:\Users\Bruno\Documents\CAD
[2010/07/19 15:47:44 | 000,000,000 | ---D | C] -- C:\Users\Bruno\AppData\Roaming\IM
[2010/07/19 13:58:49 | 000,000,000 | ---D | C] -- C:\Users\Bruno\AppData\Roaming\SolidWorks
[2010/07/19 13:22:55 | 000,000,000 | ---D | C] -- C:\Users\Bruno\AppData\Roaming\DWGeditor
[2010/07/19 13:22:21 | 000,000,000 | ---D | C] -- C:\Users\Bruno\AppData\Local\Adobe
[2010/07/19 13:22:16 | 000,000,000 | ---D | C] -- C:\Users\Bruno\AppData\Roaming\Adobe
[2010/07/19 13:18:43 | 000,000,000 | R--D | C] -- C:\Users\Bruno\Documents\Documents
[2010/07/19 13:11:20 | 000,000,000 | ---D | C] -- C:\Users\Bruno\AppData\Local\ElevatedDiagnostics
[2010/07/19 11:37:28 | 000,353,608 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\sysfer.dll
[2010/07/19 11:37:28 | 000,107,848 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\SymVPN.dll
[2010/07/19 11:37:28 | 000,087,368 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\FwsVpn.dll
[2010/07/19 11:37:26 | 000,320,944 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\srtspl.sys
[2010/07/19 11:37:26 | 000,283,184 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\srtsp.sys
[2010/07/19 11:37:26 | 000,043,696 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\srtspx.sys
[2010/07/19 11:37:26 | 000,043,336 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\WPSDRVnt.sys
[2010/07/19 11:37:24 | 000,067,472 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\Teefer2.sys
[2010/07/19 11:37:16 | 000,188,080 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\symtdi.sys
[2010/07/19 11:37:16 | 000,145,968 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\symfw.sys
[2010/07/19 11:37:16 | 000,039,856 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\symids.sys
[2010/07/19 11:37:16 | 000,038,448 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\symndisv.sys
[2010/07/19 11:37:16 | 000,026,416 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\symredrv.sys
[2010/07/19 11:37:16 | 000,012,720 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\symdns.sys
[2010/07/19 09:23:02 | 000,000,000 | R--D | C] -- C:\Users\Bruno\Searches
[2010/07/19 09:22:53 | 000,000,000 | ---D | C] -- C:\Users\Bruno\AppData\Roaming\Identities
[2010/07/19 09:22:50 | 000,000,000 | R--D | C] -- C:\Users\Bruno\Contacts
[2010/07/19 09:22:40 | 000,000,000 | --SD | C] -- C:\Users\Bruno\AppData\Roaming\Microsoft
[2010/07/19 09:22:40 | 000,000,000 | R--D | C] -- C:\Users\Bruno\Videos
[2010/07/19 09:22:40 | 000,000,000 | R--D | C] -- C:\Users\Bruno\Saved Games
[2010/07/19 09:22:40 | 000,000,000 | R--D | C] -- C:\Users\Bruno\Pictures
[2010/07/19 09:22:40 | 000,000,000 | R--D | C] -- C:\Users\Bruno\Music
[2010/07/19 09:22:40 | 000,000,000 | R--D | C] -- C:\Users\Bruno\Links
[2010/07/19 09:22:40 | 000,000,000 | R--D | C] -- C:\Users\Bruno\Favorites
[2010/07/19 09:22:40 | 000,000,000 | R--D | C] -- C:\Users\Bruno\Downloads
[2010/07/19 09:22:40 | 000,000,000 | R--D | C] -- C:\Users\Bruno\Documents
[2010/07/19 09:22:40 | 000,000,000 | R--D | C] -- C:\Users\Bruno\Desktop
[2010/07/19 09:22:40 | 000,000,000 | -HSD | C] -- C:\Users\Bruno\SendTo
[2010/07/19 09:22:40 | 000,000,000 | -HSD | C] -- C:\Users\Bruno\Reciente
[2010/07/19 09:22:40 | 000,000,000 | -HSD | C] -- C:\Users\Bruno\Plantillas
[2010/07/19 09:22:40 | 000,000,000 | -HSD | C] -- C:\Users\Bruno\Documents\Mis vÃ*deos
[2010/07/19 09:22:40 | 000,000,000 | -HSD | C] -- C:\Users\Bruno\Documents\Mis imÃ¡genes
[2010/07/19 09:22:40 | 000,000,000 | -HSD | C] -- C:\Users\Bruno\Mis documentos
[2010/07/19 09:22:40 | 000,000,000 | -HSD | C] -- C:\Users\Bruno\Documents\Mi mÃºsica
[2010/07/19 09:22:40 | 000,000,000 | -HSD | C] -- C:\Users\Bruno\MenÃº Inicio
[2010/07/19 09:22:40 | 000,000,000 | -HSD | C] -- C:\Users\Bruno\Impresoras
[2010/07/19 09:22:40 | 000,000,000 | -HSD | C] -- C:\Users\Bruno\AppData\Local\Historial
[2010/07/19 09:22:40 | 000,000,000 | -HSD | C] -- C:\Users\Bruno\Entorno de red
[2010/07/19 09:22:40 | 000,000,000 | -HSD | C] -- C:\Users\Bruno\Datos de programa
[2010/07/19 09:22:40 | 000,000,000 | -HSD | C] -- C:\Users\Bruno\AppData\Local\Datos de programa
[2010/07/19 09:22:40 | 000,000,000 | -HSD | C] -- C:\Users\Bruno\Cookies
[2010/07/19 09:22:40 | 000,000,000 | -HSD | C] -- C:\Users\Bruno\ConfiguraciÃ³n local
[2010/07/19 09:22:40 | 000,000,000 | -HSD | C] -- C:\Users\Bruno\AppData\Local\Archivos temporales de Internet
[2010/07/19 09:22:40 | 000,000,000 | -H-D | C] -- C:\Users\Bruno\AppData
[2010/07/19 09:22:40 | 000,000,000 | ---D | C] -- C:\Users\Bruno\AppData\Local\Temp
[2010/07/19 09:22:40 | 000,000,000 | ---D | C] -- C:\Users\Bruno\AppData\Local\Microsoft
[2010/07/19 09:22:40 | 000,000,000 | ---D | C] -- C:\Users\Bruno\AppData\Roaming\Media Center Programs
[2010/05/21 12:44:21 | 000,151,552 | ---- | C] ( ) -- C:\Windows\rsnp2std.dll
[2010/05/21 12:44:21 | 000,077,824 | ---- | C] ( ) -- C:\Windows\System32\csnp2std.dll
September 17th, 2010, 11:37 AM
Waldos

OTL 5th part

========== Files - Modified Within 90 Days ==========

[2010/09/17 09:09:54 | 004,456,448 | -HS- | M] () -- C:\Users\Bruno\NTUSER.DAT
[2010/09/17 09:08:03 | 000,018,144 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/09/17 09:08:03 | 000,018,144 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/09/17 09:06:26 | 001,639,908 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/09/17 09:06:26 | 000,729,666 | ---- | M] () -- C:\Windows\System32\perfh00A.dat
[2010/09/17 09:06:26 | 000,642,510 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/09/17 09:06:26 | 000,151,724 | ---- | M] () -- C:\Windows\System32\perfc00A.dat
[2010/09/17 09:06:26 | 000,120,852 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/09/17 09:05:27 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Bruno\Desktop\OTL.exe
[2010/09/17 06:59:41 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/09/17 06:59:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/09/17 06:59:23 | 1609,814,016 | -HS- | M] () -- C:\hiberfil.sys
[2010/09/16 21:50:05 | 002,097,519 | -H-- | M] () -- C:\Users\Bruno\AppData\Local\IconCache.db
[2010/09/16 19:16:24 | 246,750,950 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/09/16 19:07:34 | 000,018,782 | ---- | M] () -- C:\Users\Bruno\Desktop\Trif_mix_1.pdf
[2010/09/16 17:55:10 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010/09/16 17:50:26 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/09/16 17:17:33 | 003,846,241 | R--- | M] () -- C:\Users\Bruno\Desktop\ComboFix.exe
[2010/09/16 16:38:40 | 001,550,539 | ---- | M] () -- C:\Users\Bruno\Desktop\sunshine_1.job
[2010/09/16 14:27:27 | 003,932,184 | ---- | M] () -- C:\snp2sxp-001.raw
[2010/09/15 16:02:27 | 000,039,936 | ---- | M] () -- C:\Users\Bruno\Documents\Acuse de Recibo.doc
[2010/09/15 09:17:10 | 000,080,384 | ---- | M] () -- C:\Users\Bruno\Desktop\MBRCheck.exe
[2010/09/07 12:31:19 | 000,122,088 | ---- | M] () -- C:\Users\Bruno\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/09/07 12:18:52 | 000,433,656 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/09/07 12:01:10 | 000,000,536 | ---- | M] () -- C:\Windows\win.ini
[2010/09/06 16:02:38 | 000,525,824 | ---- | M] () -- C:\Users\Bruno\Desktop\dds.scr
[2010/09/06 16:01:28 | 000,293,376 | ---- | M] () -- C:\Users\Bruno\Desktop\5etmlxdc.exe
[2010/09/06 12:22:56 | 000,023,778 | ---- | M] () -- C:\Users\Bruno\Documents\Lista de daÃ±os_ Servin.xlsx
[2010/09/06 12:22:44 | 000,023,363 | ---- | M] () -- C:\Users\Bruno\Documents\Lista de daÃ±os_ Servin_DESC.xlsx
[2010/09/04 15:25:36 | 000,002,907 | ---- | M] () -- C:\Users\Bruno\Desktop\Microsoft Office Picture Manager.lnk
[2010/09/01 11:56:47 | 001,802,240 | ---- | M] () -- C:\Users\Bruno\Documents\Norberto.accdb
[2010/08/28 16:14:53 | 000,672,768 | ---- | M] () -- C:\Users\Bruno\Desktop\MicrosoftFixit50450(2).msi
[2010/08/28 16:14:19 | 000,672,768 | ---- | M] () -- C:\Users\Bruno\Desktop\MicrosoftFixit50450.msi
[2010/08/26 11:47:24 | 000,000,476 | RHS- | M] () -- C:\Users\Bruno\ntuser.pol
[2010/08/24 19:13:27 | 000,034,304 | ---- | M] () -- C:\Users\Bruno\Documents\Acuse de Recibo2.doc
[2010/08/23 11:56:14 | 000,001,989 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Acrobat 7.0 Professional.lnk
[2010/08/23 11:56:13 | 000,002,453 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2010/08/23 10:53:56 | 000,001,984 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/08/23 10:51:10 | 000,000,971 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/18 23:40:51 | 000,000,000 | ---- | M] () -- C:\Users\Bruno\AppData\Local\Temptable.xml
[2010/08/09 13:37:04 | 000,002,057 | ---- | M] () -- C:\Users\Public\Desktop\Shop for HP Supplies.lnk
[2010/08/04 11:12:18 | 000,000,051 | ---- | M] () -- C:\Windows\Rocksoft.ini
[2010/08/03 14:15:47 | 000,038,341 | ---- | M] () -- C:\Users\Bruno\Documents\FRequisiciones.xlsm
[2010/08/03 12:55:12 | 000,034,816 | ---- | M] () -- C:\Users\Bruno\Documents\Acuse de Recibo1.doc
[2010/08/02 19:07:53 | 015,427,584 | ---- | M] (Luis Cobian, CobianSoft) -- C:\Users\Bruno\Desktop\cbSetup.exe
[2010/07/27 16:12:30 | 000,002,315 | ---- | M] () -- C:\Users\Bruno\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Motor del Programador de tareas de SolidWorks.lnk
[2010/07/24 14:32:21 | 002,314,936 | ---- | M] () -- C:\Users\Bruno\Desktop\TeamViewerQS.exe
[2010/07/20 08:55:21 | 000,000,000 | ---- | M] () -- C:\Windows\nsreg.dat
[2010/07/20 08:55:12 | 000,001,877 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/07/19 18:08:37 | 000,524,288 | -HS- | M] () -- C:\Users\Bruno\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
[2010/07/19 18:08:37 | 000,524,288 | -HS- | M] () -- C:\Users\Bruno\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
[2010/07/19 18:08:37 | 000,065,536 | -HS- | M] () -- C:\Users\Bruno\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
[2010/07/19 18:04:08 | 000,007,456 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2010/07/19 18:04:07 | 000,124,976 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2010/07/19 18:04:07 | 000,000,806 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2010/07/19 11:37:28 | 000,353,608 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\sysfer.dll
[2010/07/19 11:37:28 | 000,107,848 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\SymVPN.dll
[2010/07/19 11:37:28 | 000,087,368 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\FwsVpn.dll
[2010/07/19 11:37:26 | 000,320,944 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\srtspl.sys
[2010/07/19 11:37:26 | 000,283,184 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\srtsp.sys
[2010/07/19 11:37:26 | 000,043,696 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\srtspx.sys
[2010/07/19 11:37:26 | 000,043,336 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\WPSDRVnt.sys
[2010/07/19 11:37:26 | 000,007,442 | ---- | M] () -- C:\Windows\System32\drivers\srtspx.cat
[2010/07/19 11:37:26 | 000,007,442 | ---- | M] () -- C:\Windows\System32\drivers\srtspl.cat
[2010/07/19 11:37:26 | 000,007,438 | ---- | M] () -- C:\Windows\System32\drivers\srtsp.cat
[2010/07/19 11:37:26 | 000,001,430 | ---- | M] () -- C:\Windows\System32\drivers\srtspl.inf
[2010/07/19 11:37:26 | 000,001,421 | ---- | M] () -- C:\Windows\System32\drivers\srtspx.inf
[2010/07/19 11:37:26 | 000,001,415 | ---- | M] () -- C:\Windows\System32\drivers\srtsp.inf
[2010/07/19 11:37:24 | 000,097,096 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SysPlant.sys
[2010/07/19 11:37:24 | 000,067,472 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\Teefer2.sys
[2010/07/19 11:37:16 | 000,188,080 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\symtdi.sys
[2010/07/19 11:37:16 | 000,145,968 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\symfw.sys
[2010/07/19 11:37:16 | 000,039,856 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\symids.sys
[2010/07/19 11:37:16 | 000,038,448 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\symndisv.sys
[2010/07/19 11:37:16 | 000,026,416 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\symredrv.sys
[2010/07/19 11:37:16 | 000,012,720 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\symdns.sys
[2010/07/19 11:37:16 | 000,009,892 | ---- | M] () -- C:\Windows\System32\drivers\SymRedir.cat
[2010/07/19 11:37:16 | 000,001,356 | ---- | M] () -- C:\Windows\System32\drivers\SymRedir.inf
[2010/07/19 09:22:40 | 000,000,020 | -HS- | M] () -- C:\Users\Bruno\ntuser.ini
[2010/07/16 19:21:41 | 000,113,629 | ---- | M] () -- C:\Windows\System32\slmgr.vbs.removewat
September 17th, 2010, 11:39 AM
Waldos

OTL 6th part

========== Files Created - No Company Name ==========

[2010/09/16 14:54:21 | 000,018,782 | ---- | C] () -- C:\Users\Bruno\Desktop\Trif_mix_1.pdf
[2010/09/15 22:06:23 | 001,550,539 | ---- | C] () -- C:\Users\Bruno\Desktop\sunshine_1.job
[2010/09/15 09:25:40 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/09/15 09:25:40 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/09/15 09:25:40 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/09/15 09:25:40 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/09/15 09:25:40 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/09/15 09:21:00 | 003,846,241 | R--- | C] () -- C:\Users\Bruno\Desktop\ComboFix.exe
[2010/09/15 09:20:47 | 000,080,384 | ---- | C] () -- C:\Users\Bruno\Desktop\MBRCheck.exe
[2010/09/06 16:05:18 | 000,293,376 | ---- | C] () -- C:\Users\Bruno\Desktop\5etmlxdc.exe
[2010/09/06 16:05:11 | 000,525,824 | ---- | C] () -- C:\Users\Bruno\Desktop\dds.scr
[2010/09/04 15:25:36 | 000,002,907 | ---- | C] () -- C:\Users\Bruno\Desktop\Microsoft Office Picture Manager.lnk
[2010/09/03 07:50:05 | 000,023,363 | ---- | C] () -- C:\Users\Bruno\Documents\Lista de daÃ±os_ Servin_DESC.xlsx
[2010/09/01 08:34:42 | 000,023,778 | ---- | C] () -- C:\Users\Bruno\Documents\Lista de daÃ±os_ Servin.xlsx
[2010/08/28 16:14:52 | 000,672,768 | ---- | C] () -- C:\Users\Bruno\Desktop\MicrosoftFixit50450(2).msi
[2010/08/28 16:13:53 | 000,672,768 | ---- | C] () -- C:\Users\Bruno\Desktop\MicrosoftFixit50450.msi
[2010/08/26 11:47:24 | 000,000,476 | RHS- | C] () -- C:\Users\Bruno\ntuser.pol
[2010/08/24 18:05:13 | 000,034,304 | ---- | C] () -- C:\Users\Bruno\Documents\Acuse de Recibo2.doc
[2010/08/23 11:44:10 | 246,750,950 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/08/23 10:51:10 | 000,000,971 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/18 08:57:31 | 001,802,240 | ---- | C] () -- C:\Users\Bruno\Documents\Norberto.accdb
[2010/08/09 13:39:00 | 000,052,736 | R--- | C] () -- C:\Windows\System32\HP1100SMs.dll
[2010/08/09 13:38:58 | 001,486,848 | ---- | C] () -- C:\Windows\System32\HP1100SM.EXE
[2010/08/09 13:38:58 | 000,284,160 | ---- | C] () -- C:\Windows\System32\mvhlewsi.DLL
[2010/08/09 13:38:58 | 000,151,552 | ---- | C] () -- C:\Windows\System32\HP1100LM.DLL
[2010/08/09 13:37:04 | 000,002,057 | ---- | C] () -- C:\Users\Public\Desktop\Shop for HP Supplies.lnk
[2010/08/04 09:12:40 | 000,000,051 | ---- | C] () -- C:\Windows\Rocksoft.ini
[2010/08/03 12:55:11 | 000,034,816 | ---- | C] () -- C:\Users\Bruno\Documents\Acuse de Recibo1.doc
[2010/07/30 10:10:21 | 000,002,453 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2010/07/30 10:10:21 | 000,001,989 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Acrobat 7.0 Professional.lnk
[2010/07/30 09:32:13 | 000,039,936 | ---- | C] () -- C:\Users\Bruno\Documents\Acuse de Recibo.doc
[2010/07/27 16:16:42 | 000,000,000 | ---- | C] () -- C:\Users\Bruno\AppData\Local\Temptable.xml
[2010/07/27 16:12:30 | 000,002,315 | ---- | C] () -- C:\Users\Bruno\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Motor del Programador de tareas de SolidWorks.lnk
[2010/07/26 15:21:13 | 000,038,341 | ---- | C] () -- C:\Users\Bruno\Documents\FRequisiciones.xlsm
[2010/07/24 14:32:11 | 002,314,936 | ---- | C] () -- C:\Users\Bruno\Desktop\TeamViewerQS.exe
[2010/07/20 08:55:21 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/07/20 08:55:12 | 000,001,877 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/07/19 18:03:49 | 000,007,456 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2010/07/19 18:03:49 | 000,000,806 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2010/07/19 11:37:26 | 000,007,442 | ---- | C] () -- C:\Windows\System32\drivers\srtspx.cat
[2010/07/19 11:37:26 | 000,007,442 | ---- | C] () -- C:\Windows\System32\drivers\srtspl.cat
[2010/07/19 11:37:26 | 000,007,438 | ---- | C] () -- C:\Windows\System32\drivers\srtsp.cat
[2010/07/19 11:37:26 | 000,001,430 | ---- | C] () -- C:\Windows\System32\drivers\srtspl.inf
[2010/07/19 11:37:26 | 000,001,421 | ---- | C] () -- C:\Windows\System32\drivers\srtspx.inf
[2010/07/19 11:37:26 | 000,001,415 | ---- | C] () -- C:\Windows\System32\drivers\srtsp.inf
[2010/07/19 11:37:16 | 000,009,892 | ---- | C] () -- C:\Windows\System32\drivers\SymRedir.cat
[2010/07/19 11:37:16 | 000,001,356 | ---- | C] () -- C:\Windows\System32\drivers\SymRedir.inf
[2010/07/19 09:22:40 | 004,456,448 | -HS- | C] () -- C:\Users\Bruno\NTUSER.DAT
[2010/07/19 09:22:40 | 000,524,288 | -HS- | C] () -- C:\Users\Bruno\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
[2010/07/19 09:22:40 | 000,524,288 | -HS- | C] () -- C:\Users\Bruno\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
[2010/07/19 09:22:40 | 000,262,144 | -HS- | C] () -- C:\Users\Bruno\ntuser.dat.LOG1
[2010/07/19 09:22:40 | 000,065,536 | -HS- | C] () -- C:\Users\Bruno\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
[2010/07/19 09:22:40 | 000,000,020 | -HS- | C] () -- C:\Users\Bruno\ntuser.ini
[2010/07/19 09:22:40 | 000,000,000 | -HS- | C] () -- C:\Users\Bruno\ntuser.dat.LOG2
[2010/07/16 19:21:41 | 000,113,629 | ---- | C] () -- C:\Windows\System32\slmgr.vbs.removewat
[2010/07/16 18:47:18 | 000,001,984 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/05/21 12:44:22 | 000,015,497 | ---- | C] () -- C:\Windows\snp2std.ini
[2010/05/21 12:44:21 | 012,033,024 | ---- | C] () -- C:\Windows\System32\drivers\snp2sxp.sys
[2010/05/21 12:44:21 | 000,025,472 | ---- | C] () -- C:\Windows\System32\drivers\sncamd.sys
[2010/05/05 13:38:38 | 000,000,936 | ---- | C] () -- C:\Windows\ARPR.INI
[2010/05/03 09:57:56 | 000,129,024 | ---- | C] () -- C:\Windows\System32\AVERM.dll
[2010/05/03 09:57:56 | 000,028,672 | ---- | C] () -- C:\Windows\System32\AVEQT.dll
[2010/04/12 14:55:24 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2010/04/10 15:20:01 | 000,000,000 | ---- | C] () -- C:\Windows\eDrawingOfficeAutomator.INI
[2010/04/10 15:16:23 | 000,094,208 | ---- | C] () -- C:\Windows\System32\GTW32N50.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/07/13 18:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/07/13 18:36:08 | 000,193,024 | ---- | C] () -- C:\Windows\System32\sppcomapi.dll
[2009/04/01 10:48:16 | 000,053,478 | ---- | C] () -- C:\Windows\mvtcpui.ini
[2009/03/03 23:54:58 | 000,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2007/08/21 20:46:34 | 000,059,160 | ---- | C] () -- C:\Windows\System32\zlib.dll

========== LOP Check ==========

[2010/08/03 07:24:35 | 000,000,000 | ---D | M] -- C:\Users\Bruno\AppData\Roaming\DassaultSystemes
[2010/07/19 13:22:55 | 000,000,000 | ---D | M] -- C:\Users\Bruno\AppData\Roaming\DWGeditor
[2010/09/16 13:24:12 | 000,000,000 | ---D | M] -- C:\Users\Bruno\AppData\Roaming\IM
[2010/09/08 12:24:50 | 000,032,588 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
September 17th, 2010, 11:39 AM
Waldos

OTL 7th part

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2009/06/10 16:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2010/09/16 18:03:22 | 000,015,662 | ---- | M] () -- C:\ComboFix.txt
[2009/06/10 16:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
[2008/09/09 05:37:04 | 016,823,592 | ---- | M] (Dassault SystÃ¨mes SolidWorks Corp.) -- C:\DwgDocumentMgrNET.dll
[2010/09/17 06:59:23 | 1609,814,016 | -HS- | M] () -- C:\hiberfil.sys
[2010/04/12 12:30:07 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/04/12 12:30:07 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/09/17 06:59:28 | 2146,422,784 | -HS- | M] () -- C:\pagefile.sys
[2010/09/16 14:27:27 | 003,932,184 | ---- | M] () -- C:\snp2sxp-001.raw
[2010/05/31 10:36:47 | 003,932,184 | ---- | M] () -- C:\snp2sxp-002.raw
[2010/05/31 11:23:45 | 003,932,184 | ---- | M] () -- C:\snp2sxp-003.raw

< %systemroot%\Fonts\*.com >
[2009/07/13 23:52:25 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/13 23:52:25 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/13 23:52:25 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/13 23:52:25 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/10 16:31:19 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2009/07/13 20:15:05 | 000,071,168 | ---- | M] (CANON INC.) -- C:\Windows\System32\spool\prtprocs\w32x86\CNBPP4.DLL
[2009/10/23 11:18:14 | 000,069,632 | ---- | M] () -- C:\Windows\System32\spool\prtprocs\w32x86\HP1100PP.dll
[2009/07/13 20:15:35 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
[2009/07/13 20:16:19 | 000,029,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\winprint.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/07/13 23:41:57 | 000,000,174 | -HS- | M] () -- C:\Archivos de programa\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2010/07/19 13:01:27 | 000,000,221 | -HS- | M] () -- C:\Users\Bruno\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2010/09/06 16:01:28 | 000,293,376 | ---- | M] () -- C:\Users\Bruno\Desktop\5etmlxdc.exe
[2010/08/02 19:07:53 | 015,427,584 | ---- | M] (Luis Cobian, CobianSoft) -- C:\Users\Bruno\Desktop\cbSetup.exe
[2010/09/16 17:17:33 | 003,846,241 | R--- | M] () -- C:\Users\Bruno\Desktop\ComboFix.exe
[2010/09/15 09:17:10 | 000,080,384 | ---- | M] () -- C:\Users\Bruno\Desktop\MBRCheck.exe
[2010/09/17 09:05:27 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Bruno\Desktop\OTL.exe
[2010/07/24 14:32:21 | 002,314,936 | ---- | M] () -- C:\Users\Bruno\Desktop\TeamViewerQS.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >
[2004/12/09 17:23:46 | 000,013,022 | ---- | M] () -- C:\Windows\snp2std.src

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2009/06/10 16:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\addins\FXSEXT.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2010/08/04 07:04:20 | 000,000,402 | -HS- | M] () -- C:\Users\Bruno\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-08-03 15:48:23

========== Alternate Data Streams ==========

@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:63238B95

< End of report >
September 17th, 2010, 11:42 AM
Waldos

Extras

OTL Extras logfile created on: 17/09/2010 09:09:32 a.m. - Run 1
OTL by OldTimer - Version 3.2.12.1 Folder = C:\Users\Bruno\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 0000080a | Country: MÃ©xico | Language: ESM | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 62.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 148.95 Gb Total Space | 98.19 Gb Free Space | 65.92% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 7.45 Gb Total Space | 4.56 Gb Free Space | 61.13% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive R: | 149.05 Gb Total Space | 67.22 Gb Free Space | 45.10% Space Free | Partition Type: NTFS

Computer Name: INGENIERIA05
Current User Name: Bruno
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06379784-4648-46BF-9426-0B10817F0AF5}" = PhotoView 360
"{0E448256-D515-4C3E-A5BE-0A7B76CED5D4}" = hppP1100P1560P1600SeriesLaserJetService
"{15D7ECFC-B252-4990-A6BC-1C550A046FE5}" = SolidWorks eDrawings 2009
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{18A5DFF2-8A95-49F3-873F-743CB5549F3D}" = Canon ScanGear Starter
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 15
"{29E58280-6B01-4B4C-BE86-86F46F1C2E45}" = LogoJet 1.1 Demo
"{325CC540-F105-4074-BFC0-B8E26BFFE1D5}" = SolidWorks Explorer 2009 sp0
"{3C1AE512-3C37-44FA-BA42-ABB721EC5B1D}" = Symantec Endpoint Protection
"{62625BB0-A3F6-409F-82F9-A6FF54ED587B}" = SolidWorks 2009 SP0
"{6284454D-E936-41AB-ACFC-D15424407268}" = Cognex In-Sight Software 4.4.0
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7902E313-FF0F-4493-ACB1-A8147B78DCD0}" = HPSSupply
"{853F464A-B2B8-404E-BA3E-B98FF6862C41}" = hppusgP1100P1560P1600Series
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-00A4-0409-0000-0000000FF1CE}" = Microsoft Office 2003 Web Components
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0C0A-0000-0000000FF1CE}" = Microsoft Office Access MUI (Spanish) 2010
"{90140000-0016-0C0A-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Spanish) 2010
"{90140000-0018-0C0A-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Spanish) 2010
"{90140000-0019-0C0A-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Spanish) 2010
"{90140000-001A-0C0A-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Spanish) 2010
"{90140000-001B-0C0A-0000-0000000FF1CE}" = Microsoft Office Word MUI (Spanish) 2010
"{90140000-001F-0403-0000-0000000FF1CE}" = Microsoft Office Proof (Catalan) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0416-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Brazil)) 2010
"{90140000-001F-042D-0000-0000000FF1CE}" = Microsoft Office Proof (Basque) 2010
"{90140000-001F-0456-0000-0000000FF1CE}" = Microsoft Office Proof (Galician) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0C0A-0000-0000000FF1CE}" = Microsoft Office Proofing (Spanish) 2010
"{90140000-0044-0C0A-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Spanish) 2010
"{90140000-006E-0C0A-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Spanish) 2010
"{90140000-00A1-0C0A-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Spanish) 2010
"{90140000-00BA-0C0A-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Spanish) 2010
"{AC76BA86-1033-0000-7760-000000000002}" = Adobe Acrobat 7.0 Professional
"{AC76BA86-7AD7-1034-7B44-A93000000001}" = Adobe Reader 9.3.4 - EspaÃ±ol
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{CA9BCD4D-B782-4637-8F1F-F9A328D3C244}" = CanoScan Toolbox Ver4.9
"{D371F551-0DB9-4CEC-844B-4C90CE91EA0B}" = hppLaserJetService
"{D481EA96-2313-4A7C-98EE-710D1AF884AC}" = Microsoft Visual Studio 2005 Tools for Applications - ENU
"{EE1671E1-ECB2-446B-A278-E8C56CFC839E}" = DWGeditor
"{EFDCE57C-A7C0-4111-9965-E9D21A89BC35}" = RSLogix 500 English 7.00.00 (CPR 7)
"Adobe Acrobat 7.0 Professional" = Adobe Acrobat 7.0 Professional
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Advanced RAR Password Recovery" = Advanced RAR Password Recovery (remove only)
"CobBackup10" = Cobian Backup 10
"HP LaserJet Professional P1100-P1560-P1600 Series" = HP LaserJet Professional P1100-P1560-P1600 Series
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft Visual Studio 2005 Tools for Applications - ENU" = Microsoft Visual Studio 2005 Tools for Applications - ENU
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Recover My Files_is1" = Recover My Files
"SolidWorks Installation Manager 20090-40000-1100-200" = SolidWorks 2009 SP0
"tv_enua" = Lernout & Hauspie TruVoice American English TTS Engine
"Ultra MPEG-4 Converter_is1" = Ultra MPEG-4 Converter 3.9.1120
"WinRAR archiver" = Compresor WinRAR
"WorldUnlock Codes Calculator" = WorldUnlock Codes Calculator

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 30/08/2010 09:01:17 a.m. | Computer Name = Ingenieria05 | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Trojan Horse in File: C:\Users\Bruno\AppData\Local\Temp\DWH2895.tmp
by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description:
The file was quarantined successfully.

Error - 30/08/2010 09:01:43 a.m. | Computer Name = Ingenieria05 | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Trojan Horse in File: C:\Users\Bruno\AppData\Local\Temp\DWH40F6.tmp
by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description:
The file was quarantined successfully.

Error - 30/08/2010 09:02:07 a.m. | Computer Name = Ingenieria05 | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Trojan Horse in File: C:\Users\Bruno\AppData\Local\Temp\DWH5A50.tmp
by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description:
The file was quarantined successfully.

Error - 30/08/2010 09:02:32 a.m. | Computer Name = Ingenieria05 | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Trojan Horse in File: C:\Users\Bruno\AppData\Local\Temp\DWH76B7.tmp
by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description:
The file was quarantined successfully.

Error - 30/08/2010 09:02:56 a.m. | Computer Name = Ingenieria05 | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Trojan Horse in File: C:\Users\Bruno\AppData\Local\Temp\DWH8BCE.tmp
by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description:
The file was quarantined successfully.

Error - 30/08/2010 09:03:08 a.m. | Computer Name = Ingenieria05 | Source = Application Error | ID = 1000
Description = Nombre de la aplicaciÃ³n con errores: Rtvscan.exe, versiÃ³n: 11.0.6070.422,
marca de tiempo: 0x4bd1409a Nombre del mÃ³dulo con errores: Rtvscan.exe, versiÃ³n:
11.0.6070.422, marca de tiempo: 0x4bd1409a CÃ³digo de excepciÃ³n: 0xc0000005 Desplazamiento
de errores: 0x00087565 Id. del proceso con errores: 0x44c Hora de inicio de la aplicaciÃ³n
con errores: 0x01cb4839e48aba87 Ruta de acceso de la aplicaciÃ³n con errores: C:\Program
Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe Ruta de acceso del mÃ³dulo
con errores: C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
Id.
del informe: eef95012-b436-11df-a130-0024e800d4af

Error - 30/08/2010 09:04:22 a.m. | Computer Name = Ingenieria05 | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Trojan Horse in File: C:\Users\Bruno\AppData\Local\Temp\DWH5AEB.tmp
by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description:
The file was quarantined successfully.

Error - 30/08/2010 09:32:19 a.m. | Computer Name = Ingenieria05 | Source = SideBySide | ID = 16842785
Description = Error al generar el contexto de activaciÃ³n para "C:\Program Files\Microsoft
Visual Studio 8\Common7\IDE\Remote Debugger\x64\msvsmon.exe". No se encontrÃ³ el
ensamblado dependiente Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0".
Use
sxstrace.exe para obtener un diagnÃ³stico detallado.

Error - 30/08/2010 09:32:19 a.m. | Computer Name = Ingenieria05 | Source = SideBySide | ID = 16842785
Description = Error al generar el contexto de activaciÃ³n para "C:\Program Files\Microsoft
Visual Studio 8\Common7\IDE\Remote Debugger\ia64\msvsmon.exe". No se encontrÃ³ el
ensamblado dependiente Microsoft.Windows.Common-Controls,language="*",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0".
Use
sxstrace.exe para obtener un diagnÃ³stico detallado.

Error - 30/08/2010 12:32:12 p.m. | Computer Name = Ingenieria05 | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Trojan Horse in File: C:\Users\Bruno\AppData\Local\Temp\DWHE036.tmp
by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description:
The file was quarantined successfully.

[ System Events ]
Error - 04/09/2010 03:45:32 p.m. | Computer Name = Ingenieria05 | Source = DCOM | ID = 10016
Description =

Error - 04/09/2010 03:55:32 p.m. | Computer Name = Ingenieria05 | Source = DCOM | ID = 10016
Description =

Error - 04/09/2010 04:05:32 p.m. | Computer Name = Ingenieria05 | Source = DCOM | ID = 10016
Description =

Error - 04/09/2010 04:15:32 p.m. | Computer Name = Ingenieria05 | Source = DCOM | ID = 10016
Description =

Error - 04/09/2010 04:25:32 p.m. | Computer Name = Ingenieria05 | Source = DCOM | ID = 10016
Description =

Error - 04/09/2010 04:35:32 p.m. | Computer Name = Ingenieria05 | Source = DCOM | ID = 10016
Description =

Error - 04/09/2010 04:45:32 p.m. | Computer Name = Ingenieria05 | Source = DCOM | ID = 10016
Description =

Error - 04/09/2010 04:55:32 p.m. | Computer Name = Ingenieria05 | Source = DCOM | ID = 10016
Description =

Error - 04/09/2010 04:59:07 p.m. | Computer Name = Ingenieria05 | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter

Error - 04/09/2010 04:59:07 p.m. | Computer Name = Ingenieria05 | Source = atikmdag | ID = 43029
Description = Display is not active

< End of report >
September 17th, 2010, 05:39 PM
Broni
Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder
- Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
- Accept any prompts.
================================================================

Make sure, Windows firewall is OFF, since you're running Norton AV + firewall.

===============================================================

Run OTL
- Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  Code:
  
  :OTL O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:63238B95 :Services :Reg :Files :Commands [purity] [emptytemp] [emptyflash] [Reboot]
- Then click the Run Fix button at the top
- Let the program run unhindered, reboot the PC when it is done
- You will get a log that shows the results of the fix. Please post it.
==============================================================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.
- Double-click SecurityCheck.exe
- Follow the onscreen instructions inside of the black box.
- A Notepad document should open automatically called checkup.txt; please post the contents of that document.
2. Download Temp File Cleaner (TFC)
- Double click on TFC.exe to run the program.
- Click on Start button to begin cleaning process.
- TFC will close all running programs, and it may ask you to restart computer.
3. Go to Kaspersky website and perform an online antivirus scan.
- Disable your active antivirus program.
- Read through the requirements and privacy statement and click on Accept button.
- It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
- When the downloads have finished, click on Settings.
- Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
  - Spyware, Adware, Dialers, and other potentially dangerous programs
  - Archives
  - Mail databases
- Click on My Computer under Scan.
- Once the scan is complete, it will display the results. Click on View Scan Report.
- You will see a list of infected items there. Click on Save Report As....
- Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.
September 17th, 2010, 06:55 PM
Waldos

You are online !!! :D niceee....

Broni... finished this topic can you help me with my personal computer :$ ?

I dont use antivirus but i made a scan with kaspersky internet security and it said that i had some virus can u help me plissss ?? ^.^
September 17th, 2010, 07:06 PM
Broni

Finish this topic first, then start another topic regarding different computer.
September 18th, 2010, 11:31 AM
Waldos

Broni just one thing :(

Before the custom repair with OTL, the Symantec Endpoint Protection has stopped working. If i try to start again the antivirus, Windows says that the process can not be started. :(

I post the logs here in a couple of minutes.
September 18th, 2010, 11:35 AM
Waldos

JavaRa.log

JavaRa 1.16 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Fri Sep 17 18:29:00 2010

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBB}

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}

------------------------------------

Finished reporting.
September 18th, 2010, 11:37 AM
Waldos

OTL custom repair.log

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
ADS C:\ProgramData\TEMP:63238B95 deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Arturo
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 18417242 bytes
->Java cache emptied: 12121533 bytes
->Flash cache emptied: 56939 bytes

User: Bruno
->Temp folder emptied: 8582890 bytes
->Temporary Internet Files folder emptied: 24851139 bytes
->Java cache emptied: 2027 bytes
->FireFox cache emptied: 39978080 bytes
->Flash cache emptied: 695 bytes

User: CURRENT_USER
->Temp folder emptied: 0 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Invitado
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 294871 bytes
->Flash cache emptied: 434 bytes

User: Public
->Temp folder emptied: 0 bytes

User: TEMP
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 58106 bytes
RecycleBin emptied: 1942970 bytes

Total Files Cleaned = 101.00 mb

[EMPTYFLASH]

User: All Users

User: Arturo
->Flash cache emptied: 0 bytes

User: Bruno
->Flash cache emptied: 0 bytes

User: CURRENT_USER

User: Default

User: Default User

User: Invitado
->Flash cache emptied: 0 bytes

User: Public

User: TEMP

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.12.1 log created on 09172010_183111

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
September 18th, 2010, 11:38 AM
Waldos

checkup.txt

Results of screen317's Security Check version 0.99.5
Windows 7 (UAC is disabled!)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Symantec Endpoint Protection
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Java(TM) 6 Update 21
Adobe Flash Player 10.1.82.76
Adobe Reader 9.3.4 - EspaÃ±ol
Mozilla Firefox (3.6.8)
````````````````````````````````
Process Check:
objlist.exe by Laurent
Norton ccSvcHst.exe
````````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````
September 18th, 2010, 11:58 AM
Broni

Looks good, so far.

I suggest, you reinstall Norton.
September 18th, 2010, 12:04 PM
Waldos

Ok! Kaspersky Scan is runnig meanwhile

wiii C:
September 18th, 2010, 12:09 PM
Broni

Cool :)
September 18th, 2010, 12:20 PM
Waldos

I've searched for GMER, DDS, OTL and Combofix tutorials but i only have found the OTL tutorial and is a little dificult to understand but sometimes i don't see the code of what you see ... i really wanna help people to fix their machine. u.u
I hope in the future I can do this
September 18th, 2010, 12:29 PM
Broni

If you're really interested, you may want to try one of free schools: http://www.uniteagainstmalware.com/schools.php
September 18th, 2010, 12:32 PM
Waldos

Which of all web sites do you recommend?

That was looking for, thanks indeed!
September 18th, 2010, 12:40 PM
Broni

It really doesn't matter.
Not all of them have always openings, so you may try a couple of them.
September 20th, 2010, 12:06 PM
Waldos

Hi, Broni. Sorry for the delay.
I have good and bad news!
I finished the scan with kaspersky but i forgot to save the report... i only know that the computer has 22,397 infected files and 1 threat.

At this time, i am running the scan again for the final report

BTW i im still wating for get my enrollment at geeks.

Best Regards!
September 20th, 2010, 05:14 PM
Broni

OK :)
September 20th, 2010, 06:54 PM
Waldos

Broni, is the longest log in this threat, iÂ´ll attach the log.
is more than 1 million of characters.
September 20th, 2010, 06:56 PM
Broni

If it won't let you attach....

Upload the file(s) here: http://www.filedropper.com/
Post download link (copy URL: link).
September 20th, 2010, 06:58 PM
Waldos

Here is: http://www.filedropper.com/kv
September 20th, 2010, 07:04 PM
Broni
Hahaha....you scared me to death...LOL

All found files are in Norton's quarantine folder, not dangerous anymore.
You can safely empty Norton's vault.

Your computer is clean https://discussions.virtualdr.com/

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL
- Under the Custom Scans/Fixes box at the bottom, paste in the following:
Code:

:OTL :Commands [purity] [emptytemp] [EMPTYFLASH] [CLEARALLRESTOREPOINTS] [Reboot]
- Then click the Run Fix button at the top
- Let the program run unhindered, reboot the PC when it is done
- Post resulting log.
2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:
- Double-click OTL.exe to start the program.
- Close all other programs apart from OTL as this step will require a reboot
- On the OTL main screen, press the CLEANUP button
- Say Yes to the prompt and then allow the program to reboot your computer.
If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. Run defrag at your convenience.

11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

12. Please, let me know, how is your computer doing.
September 20th, 2010, 07:09 PM
Waldos

haha thats rigth, how can i empty my quarantine folder ??

Aahhmm and, tanks you very much for everything!!

:)

Just another thing, the tools, how i remove them, or only white delete, or combofix uninstall and OTL clean up..

THX!
September 20th, 2010, 07:16 PM
Broni

Most tools will be removed with OTL Cleanup.
Whatever is left, you can delete.

See here, regarding Norton: http://www.symantec.com/business/sup...4&locale=en_US
September 20th, 2010, 07:35 PM
Waldos

Thx Broni, i put the topic as resolved
September 20th, 2010, 07:36 PM
Broni

Way to go!! https://discussions.virtualdr.com/
Good luck and stay safe :)

Show 40 post(s) from this thread on one page