Jump to content

Google malware


Recommended Posts

Hello,

I have problem with google. It does'nt open with windows internet explorer (7 and 8) nither with google chrone.

I have scaned the pc with: Malwarebyte Anti-ware, Spybot and SuperAntispyware. This programs find some malware, i removed it, but the problem continue.

I have attached the next two files after runing DDS.

attach.txt

dds.txt

Many thanks,

David

Link to post
Share on other sites

Welcome to the forum.

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system (don't run any other options)

Post back the report.

MrC

Link to post
Share on other sites

Hello, Thanks for your answer.

I attach the report as follows:

David

RogueKiller V7.3.3 [04/22/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version

Started in : Normal mode

User: Casa [Admin rights]

Mode: Scan -- Date: 04/23/2012 22:56:12

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 1 ¤¤¤

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

[FAKED] acpi.sys : c:\windows\system32\drivers\acpi.sys --> CANNOT FIX

¤¤¤ Driver: [LOADED] ¤¤¤

IRP[iRP_MJ_INTERNAL_DEVICE_CONTROL] : atapi.sys -> HOOKED ([iNLINE] atapi.sys @ 0xB9710852)

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

127.0.0.1 localhost

::1 localhost #[iPv6]

127.0.0.1 fr.a2dfp.net

127.0.0.1 m.fr.a2dfp.net

127.0.0.1 ad.a8.net

127.0.0.1 asy.a8ww.net

127.0.0.1 abcstats.com

127.0.0.1 a.abv.bg

127.0.0.1 adserver.abv.bg

127.0.0.1 adv.abv.bg

127.0.0.1 bimg.abv.bg

127.0.0.1 ca.abv.bg

127.0.0.1 www2.a-counter.kiev.ua

127.0.0.1 track.acclaimnetwork.com

127.0.0.1 accuserveadsystem.com

127.0.0.1 www.accuserveadsystem.com

127.0.0.1 achmedia.com

127.0.0.1 aconti.net

127.0.0.1 secure.aconti.net

127.0.0.1 www.aconti.net #[Dialer.Aconti]

[...]

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST380815AS +++++

--- User ---

[MBR] c11311e3c09c71569f13acd4020c4bee

[bSP] f83b504241d914579053c94390d1cd68 : Windows XP MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 40154 Mo

1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 82236735 | Size: 36138 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1].txt >>

RKreport[1].txt

Link to post
Share on other sites

Please don't use italicized font, It's too hard to read.

Use the default font!

---------------------------------------------

Please make sure system restore is running and create a new restore point before continuing.

XP users > please back up the registry using ERUNT.

-----------------------------------------

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

tdss_1.jpg

-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

tdss_2.jpg

------------------------

Click the Start Scan button.

tdss_3.jpg

-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose delete.

tdss_4.jpg

----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

tdss_5.jpg

--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

-------------------

Here's a summary of what to do if you would like to print it out:

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose delete.

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

MrC

Link to post
Share on other sites

Here are the results.

Thanks,

David

PD: I hope font is ok now.

01:46:50.0906 1896 TDSS rootkit removing tool 2.7.32.0 Apr 23 2012 19:12:34

01:46:51.0171 1896 ============================================================

01:46:51.0171 1896 Current date / time: 2012/04/24 01:46:51.0171

01:46:51.0171 1896 SystemInfo:

01:46:51.0171 1896

01:46:51.0171 1896 OS Version: 5.1.2600 ServicePack: 3.0

01:46:51.0171 1896 Product type: Workstation

01:46:51.0171 1896 ComputerName: IMAN

01:46:51.0171 1896 UserName: Casa

01:46:51.0171 1896 Windows directory: C:\WINDOWS

01:46:51.0171 1896 System windows directory: C:\WINDOWS

01:46:51.0171 1896 Processor architecture: Intel x86

01:46:51.0171 1896 Number of processors: 2

01:46:51.0171 1896 Page size: 0x1000

01:46:51.0171 1896 Boot type: Normal boot

01:46:51.0171 1896 ============================================================

01:46:52.0843 1896 Drive \Device\Harddisk0\DR0 - Size: 0x12A05F2000 (74.51 Gb), SectorSize: 0x200, Cylinders: 0x25FE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054

01:46:52.0843 1896 ============================================================

01:46:52.0843 1896 \Device\Harddisk0\DR0:

01:46:52.0843 1896 MBR partitions:

01:46:52.0843 1896 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4E6D500

01:46:52.0875 1896 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x4E6D57E, BlocksNum 0x4695300

01:46:52.0875 1896 ============================================================

01:46:53.0015 1896 C: <-> \Device\Harddisk0\DR0\Partition0

01:46:53.0046 1896 D: <-> \Device\Harddisk0\DR0\Partition1

01:46:53.0046 1896 ============================================================

01:46:53.0046 1896 Initialize success

01:46:53.0046 1896 ============================================================

01:47:45.0625 2052 ============================================================

01:47:45.0625 2052 Scan started

01:47:45.0625 2052 Mode: Manual; SigCheck; TDLFS;

01:47:45.0625 2052 ============================================================

01:47:46.0250 2052 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Archivos de programa\SUPERAntiSpyware\SASCORE.EXE

01:47:46.0640 2052 !SASCORE - ok

01:47:46.0734 2052 Abiosdsk - ok

01:47:46.0734 2052 abp480n5 - ok

01:47:46.0781 2052 ACPI (c6811f0f6a149516ba6fb048566bfc91) C:\WINDOWS\system32\DRIVERS\ACPI.sys

01:47:46.0781 2052 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\ACPI.sys. Real md5: c6811f0f6a149516ba6fb048566bfc91, Fake md5: cf2a07e1751a2d612d7e13aa431ab057

01:47:46.0781 2052 ACPI ( Virus.Win32.Rloader.a ) - infected

01:47:46.0781 2052 ACPI - detected Virus.Win32.Rloader.a (0)

01:47:46.0812 2052 ACPIEC (1c905333c0b9f3d7c68ddf25e54b00f9) C:\WINDOWS\system32\drivers\ACPIEC.sys

01:47:48.0250 2052 ACPIEC - ok

01:47:48.0296 2052 ADIHdAudAddService (307f5e03b02a3022d664c36d1ea25f2c) C:\WINDOWS\system32\drivers\ADIHdAud.sys

01:47:48.0359 2052 ADIHdAudAddService - ok

01:47:48.0375 2052 adpu160m - ok

01:47:48.0390 2052 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

01:47:48.0500 2052 aec - ok

01:47:48.0515 2052 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys

01:47:48.0546 2052 AFD - ok

01:47:48.0562 2052 Aha154x - ok

01:47:48.0562 2052 aic78u2 - ok

01:47:48.0562 2052 aic78xx - ok

01:47:48.0593 2052 Alerter (fedca791a089d4e15084da10f38bce45) C:\WINDOWS\system32\alrsvc.dll

01:47:48.0656 2052 Alerter - ok

01:47:48.0671 2052 ALG (764b7a1e6ae2d70416a7932f3b97ac99) C:\WINDOWS\System32\alg.exe

01:47:48.0750 2052 ALG - ok

01:47:48.0750 2052 AliIde - ok

01:47:48.0750 2052 amsint - ok

01:47:48.0781 2052 AppMgmt (30cd42bfcdafefe8567b9e527dd3ae08) C:\WINDOWS\System32\appmgmts.dll

01:47:48.0875 2052 AppMgmt - ok

01:47:48.0875 2052 asc - ok

01:47:48.0875 2052 asc3350p - ok

01:47:48.0875 2052 asc3550 - ok

01:47:48.0953 2052 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

01:47:48.0953 2052 aspnet_state - ok

01:47:48.0984 2052 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

01:47:49.0062 2052 AsyncMac - ok

01:47:49.0078 2052 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

01:47:49.0140 2052 atapi - ok

01:47:49.0156 2052 Atdisk - ok

01:47:49.0187 2052 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

01:47:49.0265 2052 Atmarpc - ok

01:47:49.0281 2052 AudioSrv (a37f6480b06c37db69bbff045cf9f55b) C:\WINDOWS\System32\audiosrv.dll

01:47:49.0359 2052 AudioSrv - ok

01:47:49.0390 2052 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

01:47:49.0468 2052 audstub - ok

01:47:49.0546 2052 Autodesk Licensing Service (7cc8cd6f86054c563e47e7f063ce7a61) C:\Archivos de programa\Archivos comunes\Autodesk Shared\Service\AdskScSrv.exe

01:47:49.0562 2052 Autodesk Licensing Service - ok

01:47:49.0593 2052 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

01:47:49.0671 2052 Beep - ok

01:47:49.0984 2052 BHDrvx86 (a503d32ae26f77cb942aed530112edaa) C:\Documents and Settings\All Users\Datos de programa\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\BASHDefs\20120413.001\BHDrvx86.sys

01:47:50.0046 2052 BHDrvx86 - ok

01:47:50.0093 2052 BITS (8ee9639c01b92490e09638caa1b16c3c) C:\WINDOWS\system32\qmgr.dll

01:47:50.0234 2052 BITS - ok

01:47:50.0250 2052 Browser (e28818bd591f8af8fbe9897472b9665e) C:\WINDOWS\System32\browser.dll

01:47:50.0328 2052 Browser - ok

01:47:50.0375 2052 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

01:47:50.0468 2052 cbidf2k - ok

01:47:50.0546 2052 ccSet_NAV (599e7f6259a127c174c49938d2aa6a60) C:\WINDOWS\system32\drivers\NAV\1306020.00A\ccSetx86.sys

01:47:50.0562 2052 ccSet_NAV - ok

01:47:50.0578 2052 cd20xrnt - ok

01:47:50.0578 2052 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

01:47:50.0671 2052 Cdaudio - ok

01:47:50.0703 2052 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

01:47:50.0781 2052 Cdfs - ok

01:47:50.0796 2052 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

01:47:50.0859 2052 Cdrom - ok

01:47:50.0890 2052 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys

01:47:50.0906 2052 cercsr6 ( UnsignedFile.Multi.Generic ) - warning

01:47:50.0906 2052 cercsr6 - detected UnsignedFile.Multi.Generic (1)

01:47:50.0906 2052 Changer - ok

01:47:50.0921 2052 CiSvc (b0e3fec4ee7b935a7387fd6ef31ea780) C:\WINDOWS\system32\cisvc.exe

01:47:51.0000 2052 CiSvc - ok

01:47:51.0015 2052 ClipSrv (0c3bf68ab94cefd64b333b326f84510e) C:\WINDOWS\system32\clipsrv.exe

01:47:51.0093 2052 ClipSrv - ok

01:47:51.0156 2052 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

01:47:51.0171 2052 clr_optimization_v2.0.50727_32 - ok

01:47:51.0171 2052 CmdIde - ok

01:47:51.0171 2052 COMSysApp - ok

01:47:51.0171 2052 Cpqarray - ok

01:47:51.0187 2052 CryptSvc (e423c9c1946c656e0e4840210a0a8681) C:\WINDOWS\System32\cryptsvc.dll

01:47:51.0265 2052 CryptSvc - ok

01:47:51.0281 2052 cvintdrv (dbd89bc0dbe00dcd245be8f61dbee291) C:\WINDOWS\system32\drivers\cvintdrv.sys

01:47:51.0296 2052 cvintdrv ( UnsignedFile.Multi.Generic ) - warning

01:47:51.0296 2052 cvintdrv - detected UnsignedFile.Multi.Generic (1)

01:47:51.0296 2052 dac2w2k - ok

01:47:51.0296 2052 dac960nt - ok

01:47:51.0343 2052 DcomLaunch (97869c55f562b777987100ea30ad8108) C:\WINDOWS\system32\rpcss.dll

01:47:51.0437 2052 DcomLaunch - ok

01:47:51.0484 2052 Dhcp (2ddfb3a5679fa02366686ecb1af622f0) C:\WINDOWS\System32\dhcpcsvc.dll

01:47:51.0562 2052 Dhcp - ok

01:47:51.0578 2052 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

01:47:51.0656 2052 Disk - ok

01:47:51.0703 2052 DLABMFSM (0659e6e0a95564f958d9df7313f7701e) C:\WINDOWS\system32\DLA\DLABMFSM.SYS

01:47:51.0718 2052 DLABMFSM - ok

01:47:51.0734 2052 DLABOIOM (8691c78908f0bd66170669db268369f2) C:\WINDOWS\system32\DLA\DLABOIOM.SYS

01:47:51.0750 2052 DLABOIOM - ok

01:47:51.0750 2052 DLACDBHM (76167b5eb2dffc729edc36386876b40b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS

01:47:51.0750 2052 DLACDBHM - ok

01:47:51.0765 2052 DLADResM (ca69e4c7d09bef6cf44d3407cc2aca44) C:\WINDOWS\system32\DLA\DLADResM.SYS

01:47:51.0765 2052 DLADResM - ok

01:47:51.0781 2052 DLAIFS_M (1aeca2afa5005ce4a550cf8eb55a8c88) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS

01:47:51.0796 2052 DLAIFS_M - ok

01:47:51.0796 2052 DLAOPIOM (840e7f6abb885c72b9ffddb022ef5b6d) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS

01:47:51.0812 2052 DLAOPIOM - ok

01:47:51.0812 2052 DLAPoolM (0294d18731ac05da80132ce88f8a876b) C:\WINDOWS\system32\DLA\DLAPoolM.SYS

01:47:51.0828 2052 DLAPoolM - ok

01:47:51.0828 2052 DLARTL_M (91886fed52a3f9966207bce46cfd794f) C:\WINDOWS\system32\Drivers\DLARTL_M.SYS

01:47:51.0843 2052 DLARTL_M - ok

01:47:51.0859 2052 DLAUDFAM (cca4e121d599d7d1706a30f603731e59) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS

01:47:51.0875 2052 DLAUDFAM - ok

01:47:51.0890 2052 DLAUDF_M (7dab85c33135df24419951da4e7d38e5) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS

01:47:51.0906 2052 DLAUDF_M - ok

01:47:51.0906 2052 dmadmin - ok

01:47:51.0968 2052 dmboot (c252a99c0a78b39faa2e2d1d048b1050) C:\WINDOWS\system32\drivers\dmboot.sys

01:47:52.0078 2052 dmboot - ok

01:47:52.0078 2052 dmio (33b4d4039cd2cb25351a7bf13b2988d9) C:\WINDOWS\system32\drivers\dmio.sys

01:47:52.0171 2052 dmio - ok

01:47:52.0171 2052 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

01:47:52.0265 2052 dmload - ok

01:47:52.0296 2052 dmserver (40d0520ddaa9312c5dddd8c7c99d8325) C:\WINDOWS\System32\dmserver.dll

01:47:52.0375 2052 dmserver - ok

01:47:52.0406 2052 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

01:47:52.0468 2052 DMusic - ok

01:47:52.0515 2052 Dnscache (2e6d76cab5a402af257a963916fe05e7) C:\WINDOWS\System32\dnsrslvr.dll

01:47:52.0578 2052 Dnscache - ok

01:47:52.0625 2052 Dot3svc (412134c50e2063d882ef1634676e2b25) C:\WINDOWS\System32\dot3svc.dll

01:47:52.0703 2052 Dot3svc - ok

01:47:52.0703 2052 dpti2o - ok

01:47:52.0734 2052 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

01:47:52.0812 2052 drmkaud - ok

01:47:52.0828 2052 DRVMCDB (c00440385cf9f3d142917c63f989e244) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS

01:47:52.0843 2052 DRVMCDB - ok

01:47:52.0859 2052 DRVNDDM (6e6ab29d3c06e64ce81feacda85394b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS

01:47:52.0875 2052 DRVNDDM - ok

01:47:52.0906 2052 e1kexpress (8bed3dbbb13d2c8e1c1c9decec309826) C:\WINDOWS\system32\DRIVERS\e1k5132.sys

01:47:52.0921 2052 e1kexpress - ok

01:47:52.0937 2052 EapHost (fc3fe3654588e597fff395c305062c46) C:\WINDOWS\System32\eapsvc.dll

01:47:53.0015 2052 EapHost - ok

01:47:53.0109 2052 eeCtrl (579a6b6135d32b857faf0e3a974535d8) C:\Archivos de programa\Archivos comunes\Symantec Shared\EENGINE\eeCtrl.sys

01:47:53.0140 2052 eeCtrl - ok

01:47:53.0171 2052 EraserUtilDrv11122 (028d50f059bd0d2ccb209e9011b9a9a4) C:\Archivos de programa\Archivos comunes\Symantec Shared\EENGINE\EraserUtilDrv11122.sys

01:47:53.0187 2052 EraserUtilDrv11122 - ok

01:47:53.0218 2052 ERSvc (d96623dd7ce1ea9e4de7285d740e14f6) C:\WINDOWS\System32\ersvc.dll

01:47:53.0296 2052 ERSvc - ok

01:47:53.0343 2052 Eventlog (953df7327510df0de048b8e80e504ef9) C:\WINDOWS\system32\services.exe

01:47:53.0375 2052 Eventlog - ok

01:47:53.0406 2052 EventSystem (a225dd0d0489bd580781d19524a10b19) C:\WINDOWS\system32\es.dll

01:47:53.0453 2052 EventSystem - ok

01:47:53.0484 2052 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

01:47:53.0578 2052 Fastfat - ok

01:47:53.0625 2052 FastUserSwitchingCompatibility (1f617c5a76215c380478d750ce92cc73) C:\WINDOWS\System32\shsvcs.dll

01:47:53.0656 2052 FastUserSwitchingCompatibility - ok

01:47:53.0656 2052 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys

01:47:53.0734 2052 Fdc - ok

01:47:53.0734 2052 Fips (e5e61f2c07344e91dbfb7eafde549ab4) C:\WINDOWS\system32\drivers\Fips.sys

01:47:53.0812 2052 Fips - ok

01:47:53.0812 2052 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys

01:47:53.0890 2052 Flpydisk - ok

01:47:53.0921 2052 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

01:47:54.0000 2052 FltMgr - ok

01:47:54.0093 2052 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

01:47:54.0093 2052 FontCache3.0.0.0 - ok

01:47:54.0125 2052 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

01:47:54.0203 2052 Fs_Rec - ok

01:47:54.0218 2052 Ftdisk (cc5f3af5711a1c7c8fa1d43bb16b401a) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

01:47:54.0296 2052 Ftdisk - ok

01:47:54.0343 2052 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

01:47:54.0421 2052 Gpc - ok

01:47:54.0453 2052 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

01:47:54.0515 2052 HDAudBus - ok

01:47:54.0578 2052 helpsvc (6b5e1788abf15177a20c6c76c11382bb) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll

01:47:54.0656 2052 helpsvc - ok

01:47:54.0687 2052 HidServ (158aedf024cd58fea03be2d7d62abc9c) C:\WINDOWS\System32\hidserv.dll

01:47:54.0750 2052 HidServ - ok

01:47:54.0781 2052 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

01:47:55.0187 2052 hidusb - ok

01:47:55.0218 2052 hkmsvc (8f80b5fb68e1e767d872cb9a8cad5b5d) C:\WINDOWS\System32\kmsvc.dll

01:47:55.0281 2052 hkmsvc - ok

01:47:55.0281 2052 hpn - ok

01:47:55.0328 2052 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys

01:47:55.0375 2052 HPZid412 - ok

01:47:55.0406 2052 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys

01:47:55.0437 2052 HPZipr12 - ok

01:47:55.0468 2052 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys

01:47:55.0500 2052 HPZius12 - ok

01:47:55.0531 2052 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

01:47:55.0546 2052 HTTP - ok

01:47:55.0593 2052 HTTPFilter (0406b351908a8c143b6b6bb8834d4920) C:\WINDOWS\System32\w3ssl.dll

01:47:55.0656 2052 HTTPFilter - ok

01:47:55.0671 2052 i2omgmt - ok

01:47:55.0671 2052 i2omp - ok

01:47:55.0687 2052 i8042prt (4a2490a66e8271901e89dd5fb79748ae) C:\WINDOWS\system32\drivers\i8042prt.sys

01:47:55.0765 2052 i8042prt - ok

01:47:55.0843 2052 ialm (f0484b3da09aa0e0916febd9549d4a03) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys

01:47:55.0984 2052 ialm - ok

01:47:56.0093 2052 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

01:47:56.0125 2052 idsvc - ok

01:47:56.0390 2052 IDSxpx86 (cfbc1ce72e5353d428704659199147b1) C:\Documents and Settings\All Users\Datos de programa\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\IPSDefs\20120420.001\IDSxpx86.sys

01:47:56.0421 2052 IDSxpx86 - ok

01:47:56.0546 2052 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

01:47:56.0625 2052 Imapi - ok

01:47:56.0656 2052 ImapiService (e50abd04ca0c015017722014d1d9251e) C:\WINDOWS\system32\imapi.exe

01:47:56.0734 2052 ImapiService - ok

01:47:56.0734 2052 ini910u - ok

01:47:56.0734 2052 IntelIde - ok

01:47:56.0765 2052 intelppm (49a060498c09db18c3ea9939789005ab) C:\WINDOWS\system32\DRIVERS\intelppm.sys

01:47:56.0843 2052 intelppm - ok

01:47:56.0859 2052 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

01:47:56.0921 2052 Ip6Fw - ok

01:47:56.0937 2052 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

01:47:57.0015 2052 IpFilterDriver - ok

01:47:57.0031 2052 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

01:47:57.0093 2052 IpInIp - ok

01:47:57.0109 2052 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

01:47:57.0187 2052 IpNat - ok

01:47:57.0203 2052 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

01:47:57.0265 2052 IPSec - ok

01:47:57.0296 2052 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

01:47:57.0390 2052 IRENUM - ok

01:47:57.0406 2052 isapnp (0f3d281b0410fe5d482aada37d20524b) C:\WINDOWS\system32\DRIVERS\isapnp.sys

01:47:57.0484 2052 isapnp - ok

01:47:57.0609 2052 JavaQuickStarterService (0a5709543986843d37a92290b7838340) C:\Archivos de programa\Java\jre6\bin\jqs.exe

01:47:57.0625 2052 JavaQuickStarterService - ok

01:47:57.0656 2052 Kbdclass (188ddd286bc0daea6984858c6a4d7bbf) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

01:47:57.0718 2052 Kbdclass - ok

01:47:57.0718 2052 kbdhid (72efebecf76eb1dccc5ba9ea746d90e8) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

01:47:57.0796 2052 kbdhid - ok

01:47:57.0828 2052 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

01:47:57.0906 2052 kmixer - ok

01:47:57.0937 2052 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

01:47:57.0968 2052 KSecDD - ok

01:47:58.0000 2052 lanmanserver (ccfc469efd7ecddc8fc887bae7b8563f) C:\WINDOWS\System32\srvsvc.dll

01:47:58.0046 2052 lanmanserver - ok

01:47:58.0078 2052 lanmanworkstation (3db7b764f5066587dae58a71ae51292e) C:\WINDOWS\System32\wkssvc.dll

01:47:58.0109 2052 lanmanworkstation - ok

01:47:58.0109 2052 lbrtfdc - ok

01:47:58.0156 2052 LkCitadelServer (20cdb07017497c94a0bad253c4bafcbc) C:\WINDOWS\system32\lkcitdl.exe

01:47:58.0187 2052 LkCitadelServer - ok

01:47:58.0203 2052 lkClassAds (78b0a5aa493995c7409b3168e8be3e90) C:\WINDOWS\system32\lkads.exe

01:47:58.0218 2052 lkClassAds - ok

01:47:58.0218 2052 lkTimeSync (53a2a034aa22696b05a1ec722187e811) C:\WINDOWS\system32\lktsrv.exe

01:47:58.0234 2052 lkTimeSync - ok

01:47:58.0250 2052 LmHosts (01af2112ff79aa613b6621a75c4e9277) C:\WINDOWS\System32\lmhsvc.dll

01:47:58.0328 2052 LmHosts - ok

01:47:58.0406 2052 LMS (41b093f838bfb8c38a7bfa4668a3bc11) C:\Archivos de programa\Intel\AMT\LMS.exe

01:47:58.0421 2052 LMS - ok

01:47:58.0468 2052 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\WINDOWS\system32\drivers\mbam.sys

01:47:58.0484 2052 MBAMProtector - ok

01:47:58.0546 2052 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Archivos de programa\Malwarebytes' Anti-Malware\mbamservice.exe

01:47:58.0593 2052 MBAMService - ok

01:47:58.0625 2052 Messenger (047e70b04b288439245ddc8dd1a31982) C:\WINDOWS\System32\msgsvc.dll

01:47:58.0718 2052 Messenger - ok

01:47:58.0750 2052 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

01:47:58.0828 2052 mnmdd - ok

01:47:58.0859 2052 mnmsrvc (85ada209695a677c9d60962cde10696b) C:\WINDOWS\system32\mnmsrvc.exe

01:47:58.0937 2052 mnmsrvc - ok

01:47:58.0968 2052 Modem (9024556e739b8469d2b8f5f0e4c9bc9f) C:\WINDOWS\system32\drivers\Modem.sys

01:47:59.0046 2052 Modem - ok

01:47:59.0046 2052 Mouclass (6fd36b4994a2363659a65c9f970cfdb7) C:\WINDOWS\system32\DRIVERS\mouclass.sys

01:47:59.0125 2052 Mouclass - ok

01:47:59.0156 2052 mouhid (8ee532e516b2d23d686cfc1cc0a15c25) C:\WINDOWS\system32\DRIVERS\mouhid.sys

01:47:59.0234 2052 mouhid - ok

01:47:59.0250 2052 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

01:47:59.0328 2052 MountMgr - ok

01:47:59.0328 2052 mraid35x - ok

01:47:59.0328 2052 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

01:47:59.0421 2052 MRxDAV - ok

01:47:59.0468 2052 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

01:47:59.0515 2052 MRxSmb - ok

01:47:59.0546 2052 MSDTC (975bd2762bf355a572597cc54d97ba93) C:\WINDOWS\system32\msdtc.exe

01:47:59.0625 2052 MSDTC - ok

01:47:59.0640 2052 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

01:47:59.0718 2052 Msfs - ok

01:47:59.0718 2052 MSIServer - ok

01:47:59.0750 2052 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

01:47:59.0828 2052 MSKSSRV - ok

01:47:59.0828 2052 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

01:47:59.0906 2052 MSPCLOCK - ok

01:47:59.0921 2052 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

01:47:59.0984 2052 MSPQM - ok

01:48:00.0015 2052 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

01:48:00.0078 2052 mssmbios - ok

01:48:00.0171 2052 MSSQL$SQLEXPRESS - ok

01:48:00.0187 2052 MSSQLServerADHelper (adaf062116b4e6d96e44d26486a87af6) c:\Archivos de programa\Microsoft SQL Server\90\Shared\sqladhlp90.exe

01:48:00.0203 2052 MSSQLServerADHelper - ok

01:48:00.0234 2052 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

01:48:00.0265 2052 Mup - ok

01:48:00.0312 2052 napagent (fd578fcc03bbd76af1e62202e6670d29) C:\WINDOWS\System32\qagentrt.dll

01:48:00.0406 2052 napagent - ok

01:48:00.0578 2052 NAV (7a02f128a454bb22e300f3f80bc1bd22) C:\Archivos de programa\Norton AntiVirus\Engine\19.6.2.10\ccSvcHst.exe

01:48:00.0578 2052 NAV - ok

01:48:00.0796 2052 NAVENG (862f55824ac81295837b0ab63f91071f) C:\Documents and Settings\All Users\Datos de programa\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\VirusDefs\20120423.002\NAVENG.SYS

01:48:00.0812 2052 NAVENG - ok

01:48:00.0890 2052 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\Documents and Settings\All Users\Datos de programa\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\VirusDefs\20120423.002\NAVEX15.SYS

01:48:00.0984 2052 NAVEX15 - ok

01:48:01.0109 2052 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

01:48:01.0187 2052 NDIS - ok

01:48:01.0218 2052 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

01:48:01.0250 2052 NdisTapi - ok

01:48:01.0250 2052 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

01:48:01.0328 2052 Ndisuio - ok

01:48:01.0359 2052 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

01:48:01.0437 2052 NdisWan - ok

01:48:01.0468 2052 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

01:48:01.0500 2052 NDProxy - ok

01:48:01.0531 2052 Net Driver HPZ12 (a081cb6fb9a12668f233eb5414be3a0e) C:\WINDOWS\system32\HPZinw12.dll

01:48:01.0531 2052 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning

01:48:01.0531 2052 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)

01:48:01.0562 2052 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

01:48:01.0640 2052 NetBIOS - ok

01:48:01.0656 2052 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

01:48:01.0734 2052 NetBT - ok

01:48:01.0765 2052 NetDDE (96b009e5b163850cf94dc333ed2bee93) C:\WINDOWS\system32\netdde.exe

01:48:01.0859 2052 NetDDE - ok

01:48:01.0859 2052 NetDDEdsdm (96b009e5b163850cf94dc333ed2bee93) C:\WINDOWS\system32\netdde.exe

01:48:01.0921 2052 NetDDEdsdm - ok

01:48:01.0984 2052 Netlogon (671aca589da3733fac878a751c5bf0ed) C:\WINDOWS\system32\lsass.exe

01:48:02.0109 2052 Netlogon - ok

01:48:02.0218 2052 Netman (a48884c9359ee9f1fc8f3f0d93fb1d95) C:\WINDOWS\System32\netman.dll

01:48:02.0296 2052 Netman - ok

01:48:02.0375 2052 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

01:48:02.0390 2052 NetTcpPortSharing - ok

01:48:02.0515 2052 NIDomainService (69ab64ad87fc57004dd7e28aa0270c7b) C:\Archivos de programa\National Instruments\Shared\Security\nidmsrv.exe

01:48:02.0531 2052 NIDomainService - ok

01:48:02.0656 2052 NILM License Manager (b17093b9a2c5f874975c732c1a8ba771) C:\Archivos de programa\National Instruments\Shared\License Manager\Bin\lmgrd.exe

01:48:02.0703 2052 NILM License Manager ( UnsignedFile.Multi.Generic ) - warning

01:48:02.0703 2052 NILM License Manager - detected UnsignedFile.Multi.Generic (1)

01:48:02.0750 2052 niSvcLoc - ok

01:48:02.0781 2052 Nla (5e11d375c92a0dda7ac4d487fc4e1978) C:\WINDOWS\System32\mswsock.dll

01:48:02.0812 2052 Nla - ok

01:48:02.0843 2052 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

01:48:02.0921 2052 Npfs - ok

01:48:02.0953 2052 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

01:48:03.0062 2052 Ntfs - ok

01:48:03.0093 2052 NtLmSsp (671aca589da3733fac878a751c5bf0ed) C:\WINDOWS\system32\lsass.exe

01:48:03.0156 2052 NtLmSsp - ok

01:48:03.0187 2052 NtmsSvc (d60c40d71a4d874c903255e4827afa0c) C:\WINDOWS\system32\ntmssvc.dll

01:48:03.0281 2052 NtmsSvc - ok

01:48:03.0312 2052 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

01:48:03.0390 2052 Null - ok

01:48:03.0421 2052 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

01:48:03.0703 2052 NwlnkFlt - ok

01:48:03.0718 2052 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

01:48:03.0796 2052 NwlnkFwd - ok

01:48:03.0796 2052 OMCI - ok

01:48:03.0875 2052 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Archivos de programa\Archivos comunes\Microsoft Shared\Source Engine\OSE.EXE

01:48:03.0890 2052 ose - ok

01:48:03.0921 2052 Parport (e7855cbd8bd1fda085a3f92cff7906e2) C:\WINDOWS\system32\DRIVERS\parport.sys

01:48:03.0984 2052 Parport - ok

01:48:04.0000 2052 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

01:48:04.0062 2052 PartMgr - ok

01:48:04.0093 2052 ParVdm (fad44d704ecd7d39ad01415b8bb34204) C:\WINDOWS\system32\drivers\ParVdm.sys

01:48:04.0171 2052 ParVdm - ok

01:48:04.0187 2052 PCI (f11bc84ae6c7b003b5e0c8eeb4a1f444) C:\WINDOWS\system32\DRIVERS\pci.sys

01:48:04.0265 2052 PCI - ok

01:48:04.0265 2052 PCIDump - ok

01:48:04.0296 2052 PCIIde (33d63f0a9021acb4d75d83b646b93a30) C:\WINDOWS\system32\DRIVERS\pciide.sys

01:48:04.0359 2052 PCIIde - ok

01:48:04.0390 2052 Pcmcia (f50c27cca56dc97b3a45e7f0059bd2ba) C:\WINDOWS\system32\drivers\Pcmcia.sys

01:48:04.0468 2052 Pcmcia - ok

01:48:04.0468 2052 PDCOMP - ok

01:48:04.0468 2052 PDFRAME - ok

01:48:04.0468 2052 PDRELI - ok

01:48:04.0468 2052 PDRFRAME - ok

01:48:04.0468 2052 perc2 - ok

01:48:04.0468 2052 perc2hib - ok

01:48:04.0500 2052 PlugPlay (953df7327510df0de048b8e80e504ef9) C:\WINDOWS\system32\services.exe

01:48:04.0531 2052 PlugPlay - ok

01:48:04.0562 2052 Pml Driver HPZ12 (65bc271f337637731d3c71455ae1f476) C:\WINDOWS\system32\HPZipm12.dll

01:48:04.0578 2052 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning

01:48:04.0578 2052 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)

01:48:04.0578 2052 PolicyAgent (671aca589da3733fac878a751c5bf0ed) C:\WINDOWS\system32\lsass.exe

01:48:04.0640 2052 PolicyAgent - ok

01:48:04.0671 2052 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

01:48:04.0734 2052 PptpMiniport - ok

01:48:04.0750 2052 ProtectedStorage (671aca589da3733fac878a751c5bf0ed) C:\WINDOWS\system32\lsass.exe

01:48:04.0812 2052 ProtectedStorage - ok

01:48:04.0812 2052 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

01:48:04.0875 2052 PSched - ok

01:48:04.0906 2052 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

01:48:04.0984 2052 Ptilink - ok

01:48:05.0015 2052 PxHelp20 (feffcfdc528764a04c8ed63d5fa6e711) C:\WINDOWS\system32\Drivers\PxHelp20.sys

01:48:05.0015 2052 PxHelp20 ( UnsignedFile.Multi.Generic ) - warning

01:48:05.0015 2052 PxHelp20 - detected UnsignedFile.Multi.Generic (1)

01:48:05.0015 2052 ql1080 - ok

01:48:05.0031 2052 Ql10wnt - ok

01:48:05.0031 2052 ql12160 - ok

01:48:05.0031 2052 ql1240 - ok

01:48:05.0031 2052 ql1280 - ok

01:48:05.0046 2052 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

01:48:05.0125 2052 RasAcd - ok

01:48:05.0156 2052 RasAuto (8345c6f52f38a95b950b9b3d064ae3ee) C:\WINDOWS\System32\rasauto.dll

01:48:05.0234 2052 RasAuto - ok

01:48:05.0250 2052 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

01:48:05.0312 2052 Rasl2tp - ok

01:48:05.0343 2052 RasMan (b279f6a9ea3acb5844c103ed2db65b44) C:\WINDOWS\System32\rasmans.dll

01:48:05.0437 2052 RasMan - ok

01:48:05.0453 2052 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

01:48:05.0531 2052 RasPppoe - ok

01:48:05.0546 2052 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

01:48:05.0609 2052 Raspti - ok

01:48:05.0640 2052 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

01:48:05.0718 2052 Rdbss - ok

01:48:05.0718 2052 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

01:48:05.0796 2052 RDPCDD - ok

01:48:05.0812 2052 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

01:48:05.0890 2052 rdpdr - ok

01:48:05.0906 2052 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys

01:48:05.0937 2052 RDPWD - ok

01:48:05.0968 2052 RDSessMgr (6193e6b05336c277ea4db39afa46bc23) C:\WINDOWS\system32\sessmgr.exe

01:48:06.0046 2052 RDSessMgr - ok

01:48:06.0062 2052 redbook (20950948970a0ea329b4254052bcf093) C:\WINDOWS\system32\DRIVERS\redbook.sys

01:48:06.0140 2052 redbook - ok

01:48:06.0156 2052 RemoteAccess (1b7481d377bd7997452352f82f4cffed) C:\WINDOWS\System32\mprdim.dll

01:48:06.0234 2052 RemoteAccess - ok

01:48:06.0265 2052 RemoteRegistry (e424f05b07ac4357dc08d06218d76c7c) C:\WINDOWS\system32\regsvc.dll

01:48:06.0328 2052 RemoteRegistry - ok

01:48:06.0375 2052 RpcLocator (9fccbdbaa0cf915aac0132de1c9566b3) C:\WINDOWS\system32\locator.exe

01:48:06.0453 2052 RpcLocator - ok

01:48:06.0484 2052 RpcSs (97869c55f562b777987100ea30ad8108) C:\WINDOWS\system32\rpcss.dll

01:48:06.0531 2052 RpcSs - ok

01:48:06.0562 2052 RSVP (5e38212c2c00dc342e2281d2f6bfb746) C:\WINDOWS\system32\rsvp.exe

01:48:06.0656 2052 RSVP - ok

01:48:06.0687 2052 SamSs (671aca589da3733fac878a751c5bf0ed) C:\WINDOWS\system32\lsass.exe

01:48:06.0750 2052 SamSs - ok

01:48:06.0843 2052 SASDIFSV (39763504067962108505bff25f024345) C:\Archivos de programa\SUPERAntiSpyware\SASDIFSV.SYS

01:48:06.0859 2052 SASDIFSV - ok

01:48:06.0859 2052 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Archivos de programa\SUPERAntiSpyware\SASKUTIL.SYS

01:48:06.0875 2052 SASKUTIL - ok

01:48:06.0890 2052 SCardSvr (a50e4dd0e2a9df762807c84153b4953a) C:\WINDOWS\System32\SCardSvr.exe

01:48:06.0968 2052 SCardSvr - ok

01:48:07.0015 2052 Schedule (51be25c404d3dd344c6079de715e4977) C:\WINDOWS\system32\schedsvc.dll

01:48:07.0093 2052 Schedule - ok

01:48:07.0125 2052 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

01:48:07.0203 2052 Secdrv - ok

01:48:07.0218 2052 seclogon (b62c489373a1e1b949fc0faa90f3b47a) C:\WINDOWS\System32\seclogon.dll

01:48:07.0281 2052 seclogon - ok

01:48:07.0296 2052 SENS (a95a27c874b0931a6f8f656924f4a14a) C:\WINDOWS\system32\sens.dll

01:48:07.0359 2052 SENS - ok

01:48:07.0375 2052 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

01:48:07.0453 2052 serenum - ok

01:48:07.0468 2052 Serial (f41b42b92ae9c1191858c3f80cc24a9c) C:\WINDOWS\system32\DRIVERS\serial.sys

01:48:07.0578 2052 Serial - ok

01:48:07.0609 2052 SFAUDIO (b6401608579b6431994425ba7653f774) C:\WINDOWS\system32\drivers\sfaudio.sys

01:48:07.0625 2052 SFAUDIO - ok

01:48:07.0640 2052 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

01:48:07.0718 2052 Sfloppy - ok

01:48:07.0765 2052 SharedAccess (4a4ef3ee166fad4a04b1d767ad986329) C:\WINDOWS\System32\ipnathlp.dll

01:48:07.0843 2052 SharedAccess - ok

01:48:07.0875 2052 ShellHWDetection (1f617c5a76215c380478d750ce92cc73) C:\WINDOWS\System32\shsvcs.dll

01:48:07.0890 2052 ShellHWDetection - ok

01:48:07.0890 2052 Simbad - ok

01:48:07.0921 2052 SkypeUpdate (db0405d9aad62f0762e0876ac142b7e1) C:\Archivos de programa\Skype\Updater\Updater.exe

01:48:07.0937 2052 SkypeUpdate - ok

01:48:07.0937 2052 Sparrow - ok

01:48:07.0968 2052 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

01:48:08.0046 2052 splitter - ok

01:48:08.0062 2052 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe

01:48:08.0093 2052 Spooler - ok

01:48:08.0156 2052 SQLBrowser (d2b096cd2f56fac6eeeed9a77ddf6dc8) c:\Archivos de programa\Microsoft SQL Server\90\Shared\sqlbrowser.exe

01:48:08.0171 2052 SQLBrowser - ok

01:48:08.0187 2052 SQLWriter (54902536aad0e9b99bc65f89c0caf93f) c:\Archivos de programa\Microsoft SQL Server\90\Shared\sqlwriter.exe

01:48:08.0203 2052 SQLWriter - ok

01:48:08.0203 2052 sr (ccb3065c3ee63a4515fe84af9e78d1dd) C:\WINDOWS\system32\DRIVERS\sr.sys

01:48:08.0281 2052 sr - ok

01:48:08.0328 2052 srservice (0f30eec6013fcf76693405ec4a7df899) C:\WINDOWS\system32\srsvc.dll

01:48:08.0406 2052 srservice - ok

01:48:10.0765 2052 SRTSP (c16d048faf2978d2121f9f40594a6bdc) C:\WINDOWS\system32\drivers\NAV\1305000.091\SRTSP.SYS

01:48:10.0796 2052 SRTSP - ok

01:48:10.0859 2052 SRTSPX (f0d02c2e25970c9c72a5cd278c17cdb6) C:\WINDOWS\system32\drivers\NAV\1306020.00A\SRTSPX.SYS

01:48:10.0875 2052 SRTSPX - ok

01:48:10.0906 2052 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

01:48:10.0937 2052 Srv - ok

01:48:10.0968 2052 SSDPSRV (b622a432ef02895de4aa38ac8b85fa4c) C:\WINDOWS\System32\ssdpsrv.dll

01:48:11.0046 2052 SSDPSRV - ok

01:48:11.0078 2052 stisvc (7226422c95fdf8aa6092ee964912b0df) C:\WINDOWS\system32\wiaservc.dll

01:48:11.0156 2052 stisvc - ok

01:48:11.0281 2052 stllssvr (51778fd315c9882f1cbd932743e62a72) C:\Archivos de programa\Archivos comunes\SureThing Shared\stllssvr.exe

01:48:11.0281 2052 stllssvr ( UnsignedFile.Multi.Generic ) - warning

01:48:11.0281 2052 stllssvr - detected UnsignedFile.Multi.Generic (1)

01:48:11.0328 2052 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

01:48:11.0406 2052 swenum - ok

01:48:11.0437 2052 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

01:48:11.0515 2052 swmidi - ok

01:48:11.0515 2052 SwPrv - ok

01:48:11.0515 2052 symc810 - ok

01:48:11.0515 2052 symc8xx - ok

01:48:11.0562 2052 SymDS (690fa0e61b90084c4d9a721bd4f3d779) C:\WINDOWS\system32\drivers\NAV\1306020.00A\SYMDS.SYS

01:48:11.0593 2052 SymDS - ok

01:48:11.0656 2052 SymEFA (4e55148a2e044d02245cbcdbb266b98c) C:\WINDOWS\system32\drivers\NAV\1306020.00A\SYMEFA.SYS

01:48:11.0703 2052 SymEFA - ok

01:48:11.0750 2052 SymEvent (74e2521e96176a4449570e50be91954d) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS

01:48:11.0765 2052 SymEvent - ok

01:48:11.0796 2052 SymIRON (2c356cca706505cf63cbe39d532b9236) C:\WINDOWS\system32\drivers\NAV\1306020.00A\Ironx86.SYS

01:48:11.0812 2052 SymIRON - ok

01:48:11.0890 2052 SYMTDI (508bd882040f9cb12319e3a4fc78edb9) C:\WINDOWS\system32\drivers\NAV\1305000.091\SYMTDI.SYS

01:48:11.0906 2052 SYMTDI - ok

01:48:11.0921 2052 sym_hi - ok

01:48:11.0921 2052 sym_u3 - ok

01:48:11.0968 2052 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

01:48:12.0046 2052 sysaudio - ok

01:48:12.0078 2052 SysmonLog (f1f6ee807f0112aae2259b253b6ddf89) C:\WINDOWS\system32\smlogsvc.exe

01:48:12.0140 2052 SysmonLog - ok

01:48:12.0171 2052 TapiSrv (04a5b8ea326951db27df60a14f2999ff) C:\WINDOWS\System32\tapisrv.dll

01:48:12.0250 2052 TapiSrv - ok

01:48:12.0296 2052 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

01:48:12.0343 2052 Tcpip - ok

01:48:12.0390 2052 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

01:48:12.0468 2052 TDPIPE - ok

01:48:12.0484 2052 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

01:48:12.0546 2052 TDTCP - ok

01:48:12.0562 2052 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

01:48:12.0640 2052 TermDD - ok

01:48:12.0671 2052 TermService (288b20d56d5f0ec4bcc77fbfa5a81740) C:\WINDOWS\System32\termsrv.dll

01:48:12.0750 2052 TermService - ok

01:48:12.0781 2052 Themes (1f617c5a76215c380478d750ce92cc73) C:\WINDOWS\System32\shsvcs.dll

01:48:12.0781 2052 Themes - ok

01:48:12.0828 2052 TlntSvr (65bf170815c0df302be038fd8891c722) C:\WINDOWS\system32\tlntsvr.exe

01:48:12.0906 2052 TlntSvr - ok

01:48:12.0906 2052 TosIde - ok

01:48:12.0921 2052 TrkWks (321761d0d12ee5285ce79ac175cba672) C:\WINDOWS\system32\trkwks.dll

01:48:13.0015 2052 TrkWks - ok

01:48:13.0031 2052 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

01:48:13.0109 2052 Udfs - ok

01:48:13.0109 2052 ultra - ok

01:48:13.0250 2052 UNS (9b229de91d9fbab10cb53f0e1ffab88d) C:\Archivos de programa\Archivos comunes\Intel\Privacy Icon\UNS\UNS.exe

01:48:13.0328 2052 UNS - ok

01:48:13.0437 2052 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

01:48:13.0531 2052 Update - ok

01:48:13.0593 2052 upnphost (7594203f459abdb5fe53c08d6b1bd53b) C:\WINDOWS\System32\upnphost.dll

01:48:13.0687 2052 upnphost - ok

01:48:13.0703 2052 UPS (575bafeb33af057b13a10579d0dc884a) C:\WINDOWS\System32\ups.exe

01:48:13.0765 2052 UPS - ok

01:48:13.0781 2052 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

01:48:13.0859 2052 usbccgp - ok

01:48:13.0875 2052 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

01:48:13.0937 2052 usbehci - ok

01:48:13.0953 2052 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

01:48:14.0031 2052 usbhub - ok

01:48:14.0046 2052 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

01:48:14.0125 2052 usbprint - ok

01:48:14.0140 2052 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

01:48:14.0203 2052 usbscan - ok

01:48:14.0218 2052 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

01:48:14.0296 2052 USBSTOR - ok

01:48:14.0312 2052 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

01:48:14.0375 2052 usbuhci - ok

01:48:14.0390 2052 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

01:48:14.0468 2052 VgaSave - ok

01:48:14.0468 2052 ViaIde - ok

01:48:14.0484 2052 VolSnap (c41ffdc191e6c832e2e53c967eae0a16) C:\WINDOWS\system32\drivers\VolSnap.sys

01:48:14.0546 2052 VolSnap - ok

01:48:14.0593 2052 VSS (60f28de3fae525d026e4d66405b80db8) C:\WINDOWS\System32\vssvc.exe

01:48:14.0687 2052 VSS - ok

01:48:14.0703 2052 W32Time (c71cfacdbfadd819736f61f5738bddc1) C:\WINDOWS\system32\w32time.dll

01:48:14.0781 2052 W32Time - ok

01:48:14.0796 2052 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

01:48:14.0875 2052 Wanarp - ok

01:48:14.0875 2052 WDICA - ok

01:48:14.0890 2052 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

01:48:14.0968 2052 wdmaud - ok

01:48:15.0000 2052 WebClient (340a4fd9017d1ebd1f6dc435282a39dc) C:\WINDOWS\System32\webclnt.dll

01:48:15.0078 2052 WebClient - ok

01:48:15.0140 2052 winmgmt (a5fc75cab140cf6a78e16c3681001872) C:\WINDOWS\system32\wbem\WMIsvc.dll

01:48:15.0218 2052 winmgmt - ok

01:48:15.0265 2052 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll

01:48:15.0312 2052 WmdmPmSN - ok

01:48:15.0359 2052 Wmi (c40a0af014d54da0e729066845a2a6dc) C:\WINDOWS\System32\advapi32.dll

01:48:15.0406 2052 Wmi - ok

01:48:15.0421 2052 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys

01:48:15.0500 2052 WmiAcpi - ok

01:48:15.0546 2052 WmiApSrv (ca1a5270acc0062b13f62ca5a0cd8da8) C:\WINDOWS\system32\wbem\wmiapsrv.exe

01:48:15.0625 2052 WmiApSrv - ok

01:48:15.0734 2052 WMPNetworkSvc (6782482a8ca4b5b5dab4ef0ad78db08f) C:\Archivos de programa\Windows Media Player\WMPNetwk.exe

01:48:15.0781 2052 WMPNetworkSvc - ok

01:48:15.0812 2052 wscsvc (8cd684fd248dfe208c2f8f5052838a81) C:\WINDOWS\system32\wscsvc.dll

01:48:15.0875 2052 wscsvc - ok

01:48:15.0890 2052 wuauserv (0b8fc4d0f9d6964713e81ad558b50a71) C:\WINDOWS\system32\wuauserv.dll

01:48:15.0968 2052 wuauserv - ok

01:48:16.0000 2052 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

01:48:16.0031 2052 WudfPf - ok

01:48:16.0046 2052 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

01:48:16.0062 2052 WudfRd - ok

01:48:16.0093 2052 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll

01:48:16.0109 2052 WudfSvc - ok

01:48:16.0156 2052 WZCSVC (d2caf9ff9da12f0cc6398c6e331015e4) C:\WINDOWS\System32\wzcsvc.dll

01:48:16.0250 2052 WZCSVC - ok

01:48:16.0265 2052 xmlprov (14fdadcf05a37582399daf1da1de1c7b) C:\WINDOWS\System32\xmlprov.dll

01:48:16.0343 2052 xmlprov - ok

01:48:16.0359 2052 MBR (0x1B8) (792f61657fece3d17a9122b4ee282847) \Device\Harddisk0\DR0

01:48:16.0593 2052 \Device\Harddisk0\DR0 - ok

01:48:16.0609 2052 Boot (0x1200) (5c7cad6c0ff329cf8fdb37d314fa466b) \Device\Harddisk0\DR0\Partition0

01:48:16.0609 2052 \Device\Harddisk0\DR0\Partition0 - ok

01:48:16.0625 2052 Boot (0x1200) (b87c7a17aff02b75446e7502669063e3) \Device\Harddisk0\DR0\Partition1

01:48:16.0625 2052 \Device\Harddisk0\DR0\Partition1 - ok

01:48:16.0625 2052 ============================================================

01:48:16.0625 2052 Scan finished

01:48:16.0625 2052 ============================================================

01:48:16.0750 3024 Detected object count: 8

01:48:16.0750 3024 Actual detected object count: 8

01:51:38.0234 3024 C:\WINDOWS\system32\DRIVERS\ACPI.sys - copied to quarantine

01:51:38.0375 3024 Backup copy found, using it..

01:51:38.0656 3024 C:\WINDOWS\system32\DRIVERS\ACPI.sys - will be cured on reboot

01:51:38.0656 3024 ACPI ( Virus.Win32.Rloader.a ) - User select action: Cure

01:51:38.0656 3024 cercsr6 ( UnsignedFile.Multi.Generic ) - skipped by user

01:51:38.0656 3024 cercsr6 ( UnsignedFile.Multi.Generic ) - User select action: Skip

01:51:38.0656 3024 cvintdrv ( UnsignedFile.Multi.Generic ) - skipped by user

01:51:38.0656 3024 cvintdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip

01:51:38.0656 3024 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user

01:51:38.0656 3024 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip

01:51:38.0656 3024 NILM License Manager ( UnsignedFile.Multi.Generic ) - skipped by user

01:51:38.0656 3024 NILM License Manager ( UnsignedFile.Multi.Generic ) - User select action: Skip

01:51:38.0656 3024 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user

01:51:38.0656 3024 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip

01:51:38.0656 3024 PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user

01:51:38.0656 3024 PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip

01:51:38.0656 3024 stllssvr ( UnsignedFile.Multi.Generic ) - skipped by user

01:51:38.0656 3024 stllssvr ( UnsignedFile.Multi.Generic ) - User select action: Skip

01:52:03.0453 2680 Deinitialize success

Link to post
Share on other sites

TDSSKiller found one forged file:

01:51:38.0234 3024 C:\WINDOWS\system32\DRIVERS\ACPI.sys - copied to quarantine

01:51:38.0375 3024 Backup copy found, using it..

01:51:38.0656 3024 C:\WINDOWS\system32\DRIVERS\ACPI.sys - will be cured on reboot

01:51:38.0656 3024 ACPI ( Virus.Win32.Rloader.a ) - User select action: Cure

------------------------------------

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Please include the C:\ComboFix.txt in your next reply for further review.

Note:

If you get the message Illegal operation attempted on registry key that has been marked for deletion. after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Link to post
Share on other sites

OK, you didn't run ComboFix??

Please download OTL from one of the links below:

http://oldtimer.geekstogo.com/OTL.exe

http://oldtimer.geekstogo.com/OTL.com

Save it to your desktop.

Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)

Any other programs or logs you can manually delete.

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

Link to post
Share on other sites

Here are the result of CoboFix:

ComboFix 12-04-23.02 - Casa 24/04/2012 2:43.2.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.34.3082.18.1980.1423 [GMT 2:00]

Running from: c:\documents and settings\Casa\Escritorio\ComboFix.exe

AV: Norton AntiVirus *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

---- Previous Run -------

.

c:\documents and settings\All Users\Datos de programa\abynaaa.tmp

c:\documents and settings\All Users\Datos de programa\bbynaaa.tmp

c:\documents and settings\All Users\Datos de programa\cbynaaa.tmp

c:\documents and settings\All Users\Datos de programa\cpcoaaa.tmp

c:\documents and settings\All Users\Datos de programa\dpcoaaa.tmp

c:\documents and settings\All Users\Datos de programa\epcoaaa.tmp

c:\documents and settings\All Users\Datos de programa\fpcoaaa.tmp

c:\documents and settings\All Users\Datos de programa\gpcoaaa.tmp

c:\documents and settings\All Users\Datos de programa\ioznaaa.tmp

c:\documents and settings\All Users\Datos de programa\joznaaa.tmp

c:\documents and settings\All Users\Datos de programa\koznaaa.tmp

c:\documents and settings\All Users\Datos de programa\loznaaa.tmp

c:\documents and settings\All Users\Datos de programa\moznaaa.tmp

c:\documents and settings\All Users\Datos de programa\onwnaaa.tmp

c:\documents and settings\All Users\Datos de programa\pnwnaaa.tmp

c:\documents and settings\All Users\Datos de programa\qnwnaaa.tmp

c:\documents and settings\All Users\Datos de programa\rnwnaaa.tmp

c:\documents and settings\All Users\Datos de programa\snwnaaa.tmp

c:\documents and settings\All Users\Datos de programa\yaynaaa.tmp

c:\documents and settings\All Users\Datos de programa\zaynaaa.tmp

c:\windows\system32\dllcache\dlimport.exe

c:\windows\system32\SETED.tmp

c:\windows\system32\SETF1.tmp

c:\windows\system32\SETF9.tmp

c:\windows\system32\urttemp

c:\windows\system32\urttemp\regtlib.exe

.

.

((((((((((((((((((((((((( Files Created from 2012-03-24 to 2012-04-24 )))))))))))))))))))))))))))))))

.

.

2012-04-23 23:51 . 2012-04-23 23:51 -------- d-----w- C:\TDSSKiller_Quarantine

2012-04-23 23:45 . 2012-04-23 23:45 -------- d-----w- c:\archivos de programa\ERUNT

2012-04-23 21:20 . 2012-04-23 21:56 -------- d-----w- c:\archivos de programa\Archivos comunes\Symantec Shared

2012-04-23 21:20 . 2012-04-23 21:20 -------- d-----w- c:\archivos de programa\Symantec

2012-04-23 21:20 . 2012-04-23 21:20 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL

2012-04-23 21:20 . 2012-04-23 21:20 141944 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS

2012-04-23 21:19 . 2012-04-23 23:53 -------- d-----w- c:\windows\system32\drivers\NAV

2012-04-23 21:19 . 2012-04-23 21:19 -------- d-----w- c:\archivos de programa\Norton AntiVirus

2012-04-23 21:19 . 2012-04-23 21:19 -------- d-----w- c:\archivos de programa\Windows Sidebar

2012-04-23 21:18 . 2012-04-23 21:19 -------- d-----w- c:\documents and settings\All Users\Datos de programa\Norton

2012-04-23 21:14 . 2012-04-23 23:53 -------- d-----w- c:\archivos de programa\NortonInstaller

2012-04-22 20:37 . 2012-04-22 20:37 -------- d-----w- c:\documents and settings\Casa\Configuración local\Datos de programa\ESET

2012-04-22 19:39 . 2012-04-22 19:39 -------- d-----w- c:\archivos de programa\Archivos comunes\Java

2012-04-22 19:38 . 2012-04-22 19:38 73728 ----a-w- c:\windows\system32\javacpl.cpl

2012-04-22 09:07 . 2012-04-22 09:07 -------- d-----w- c:\documents and settings\Casa\Datos de programa\Malwarebytes

2012-04-22 09:07 . 2012-04-22 09:07 -------- d-----w- c:\archivos de programa\Malwarebytes' Anti-Malware

2012-04-22 09:07 . 2012-04-22 09:07 -------- d-----w- c:\documents and settings\All Users\Datos de programa\Malwarebytes

2012-04-22 09:07 . 2012-04-04 13:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-04-22 09:07 . 2012-04-22 09:07 388096 ----a-r- c:\documents and settings\Casa\Datos de programa\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-04-22 09:07 . 2012-04-22 09:07 -------- d-----w- c:\archivos de programa\Trend Micro

2012-04-22 07:57 . 2012-04-22 07:57 -------- d-----w- C:\Progra~1

2012-04-22 07:55 . 2012-04-22 07:57 -------- d-----w- c:\documents and settings\Casa\Configuración local\Datos de programa\Google

2012-04-14 14:48 . 2012-04-14 14:48 -------- d-----w- c:\documents and settings\Casa\Datos de programa\National Instruments

2012-04-14 13:54 . 2012-04-22 07:57 -------- d-----w- c:\documents and settings\All Users\Datos de programa\National Instruments

2012-04-14 13:54 . 2012-04-22 07:51 -------- d-----w- c:\windows\system32\cvirte

2012-04-14 13:54 . 2012-04-22 07:51 -------- d-----w- c:\archivos de programa\Archivos comunes\Merge Modules

2012-04-14 13:54 . 2012-04-14 13:56 -------- d-----w- c:\archivos de programa\National Instruments

2012-04-14 13:53 . 2012-04-14 13:53 -------- d-----w- C:\National Instruments Downloads

2012-03-31 15:35 . 2012-03-31 15:35 -------- d-----w- c:\documents and settings\Casa\Datos de programa\Media Player Classic

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-04-23 23:52 . 2004-08-20 10:00 189056 ----a-w- c:\windows\system32\drivers\acpi.sys

2012-04-22 19:38 . 2011-02-12 11:07 472808 ----a-w- c:\windows\system32\deployJava1.dll

2012-03-01 01:14 . 2006-03-04 03:35 832512 ----a-w- c:\windows\system32\wininet.dll

2012-03-01 01:14 . 2004-08-20 10:00 1830912 ----a-w- c:\windows\system32\inetcpl.cpl

2012-03-01 01:14 . 2012-03-18 10:30 78336 ----a-w- c:\windows\system32\ieencode.dll

2012-03-01 01:14 . 2004-08-20 10:00 17408 ----a-w- c:\windows\system32\corpol.dll

2012-02-29 14:09 . 2004-08-20 10:00 177664 ----a-w- c:\windows\system32\wintrust.dll

2012-02-29 14:09 . 2004-08-20 10:00 148480 ----a-w- c:\windows\system32\imagehlp.dll

2012-02-03 09:57 . 2004-08-20 10:00 1860224 ----a-w- c:\windows\system32\win32k.sys

2007-02-08 08:48 . 2007-02-08 08:48 133920 ----a-w- c:\archivos de programa\internet explorer\plugins\LV82ActiveXControl.dll

.

.

------- Sigcheck -------

Note: Unsigned files aren't necessarily malware.

.

[7] 2008-04-14 . DA8898129E0075C7DE4DEE457514A73C . 579584 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\user32.dll

[-] 2008-04-14 . C79C4AE0CE1641F8AADAE3B3CBEA63F8 . 579584 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll

[7] 2004-08-20 . 5D5C9CC377A70D036816E7EA55F3CA73 . 578048 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\user32.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"="c:\archivos de programa\Archivos comunes\Java\Java Update\jusched.exe" [2012-01-18 254696]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10c.exe" [2009-07-18 257440]

.

c:\documents and settings\Casa\Menú Inicio\Programas\Inicio\

ERUNT AutoBackup.lnk - c:\archivos de programa\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\archivos de programa\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2011-05-04 17:54 551296 ----a-w- c:\archivos de programa\SUPERAntiSpyware\SASWINLO.DLL

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menú Inicio^Programas^Inicio^Acelerador de inicio de AutoCAD.lnk]

path=c:\documents and settings\All Users\Menú Inicio\Programas\Inicio\Acelerador de inicio de AutoCAD.lnk

backup=c:\windows\pss\Acelerador de inicio de AutoCAD.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menú Inicio^Programas^Inicio^Adobe Reader Synchronizer.lnk]

path=c:\documents and settings\All Users\Menú Inicio\Programas\Inicio\Adobe Reader Synchronizer.lnk

backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menú Inicio^Programas^Inicio^Inicio rápido de Adobe Reader.lnk]

path=c:\documents and settings\All Users\Menú Inicio\Programas\Inicio\Inicio rápido de Adobe Reader.lnk

backup=c:\windows\pss\Inicio rápido de Adobe Reader.lnkCommon Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]

2008-04-14 02:18 15360 ----a-w- c:\windows\system32\ctfmon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]

2011-01-21 17:56 170008 ----a-w- c:\windows\system32\hkcmd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]

2011-01-21 17:56 136216 ----a-w- c:\windows\system32\igfxtray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]

2004-07-27 14:50 221184 ----a-w- c:\archiv~1\ARCHIV~1\INSTAL~1\UPDATE~1\ISUSPM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]

2004-07-27 14:50 81920 ----a-w- c:\archivos de programa\Archivos comunes\InstallShield\UpdateService\issch.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]

2012-04-04 13:56 462408 ----a-w- c:\archivos de programa\Malwarebytes' Anti-Malware\mbamgui.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

2008-04-14 02:19 1695232 ------w- c:\archivos de programa\Messenger\msmsgs.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]

2011-01-21 17:56 145432 ----a-w- c:\windows\system32\igfxpers.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\picon]

2010-05-21 12:28 111640 ----a-w- c:\archivos de programa\Archivos comunes\Intel\Privacy Icon\PIconStartup.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]

2006-08-17 07:00 1116920 ----a-w- c:\archivos de programa\Roxio\Drag-to-Disc\DrgToDsc.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

2012-02-29 07:55 17148552 ----a-r- c:\archivos de programa\Skype\Phone\Skype.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]

2009-06-22 13:21 1044480 ----a-w- c:\archivos de programa\Analog Devices\Core\smax4pnp.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2012-01-18 12:02 254696 ----a-w- c:\archivos de programa\Archivos comunes\Java\Java Update\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]

2012-03-24 08:26 3905920 ----a-w- c:\archivos de programa\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"Dnscache"=2 (0x2)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Archivos de programa\\BitTorrent\\BitTorrent.exe"=

"c:\\Archivos de programa\\Skype\\Phone\\Skype.exe"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

.

R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [18/02/2012 13:08 24064]

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAV\1306020.00A\symds.sys [23/04/2012 23:24 340088]

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1306020.00A\symefa.sys [23/04/2012 23:24 905336]

R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Datos de programa\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\BASHDefs\20120413.001\BHDrvx86.sys [13/04/2012 1:34 821880]

R1 ccSet_NAV;Norton AntiVirus Settings Manager;c:\windows\system32\drivers\NAV\1306020.00A\ccsetx86.sys [23/04/2012 23:24 132744]

R1 SASDIFSV;SASDIFSV;c:\archivos de programa\SUPERAntiSpyware\sasdifsv.sys [22/07/2011 18:27 12880]

R1 SASKUTIL;SASKUTIL;c:\archivos de programa\SUPERAntiSpyware\SASKUTIL.SYS [12/07/2011 23:55 67664]

R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAV\1306020.00A\ironx86.sys [23/04/2012 23:24 149624]

R2 !SASCORE;SAS Core Service;c:\archivos de programa\SUPERAntiSpyware\SASCore.exe [12/08/2011 1:38 116608]

R2 MBAMService;MBAMService;c:\archivos de programa\Malwarebytes' Anti-Malware\mbamservice.exe [22/04/2012 11:07 654408]

R2 NAV;Norton AntiVirus;c:\archivos de programa\Norton AntiVirus\Engine\19.6.2.10\ccsvchst.exe [23/04/2012 23:24 138232]

R2 UNS;Intel® Management and Security Application User Notification Service;c:\archivos de programa\Archivos comunes\Intel\Privacy Icon\UNS\UNS.exe [18/02/2012 13:19 2071064]

R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k5132.sys [13/10/2009 12:26 168616]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\archivos de programa\Archivos comunes\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [23/04/2012 23:24 106104]

R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Datos de programa\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\IPSDefs\20120420.001\IDSXpx86.sys [20/04/2012 6:33 356280]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [22/04/2012 11:07 22344]

S2 SkypeUpdate;Skype Updater;c:\archivos de programa\Skype\Updater\Updater.exe [15/02/2012 14:30 158856]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.es/

uInternet Settings,ProxyOverride = <local>

TCP: DhcpNameServer = 192.168.0.1

.

.

------- File Associations -------

.

.scr=AutoCADScriptFile

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

SafeBoot-05900231.sys

MSConfigStartUp-ares - c:\archivos de programa\Ares\Ares.exe

MSConfigStartUp-Google Update - c:\documents and settings\Casa\Configuración local\Datos de programa\Google\Update\GoogleUpdate.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-04-24 02:46

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NAV]

"ImagePath"="\"c:\archivos de programa\Norton AntiVirus\Engine\19.6.2.10\ccSvcHst.exe\" /s \"NAV\" /m \"c:\archivos de programa\Norton AntiVirus\Engine\19.6.2.10\diMaster.dll\" /prefetch:1"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\•€|ÿÿÿÿ"•€|þ»Ñw*]

"A0C0110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(700)

c:\archivos de programa\SUPERAntiSpyware\SASWINLO.DLL

c:\windows\system32\WININET.dll

.

- - - - - - - > 'explorer.exe'(808)

c:\windows\system32\WININET.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Completion time: 2012-04-24 02:48:05

ComboFix-quarantined-files.txt 2012-04-24 00:48

.

Pre-Run: 17.634.910.208 bytes libres

Post-Run: 17.593.475.072 bytes libres

.

- - End Of File - - E0E1A124E6DBDCCBDEB0ACBB434CBA3D

Link to post
Share on other sites

OK....lokks good, you can uninstall ComboFix:

Please Uninstall ComboFix:

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

cf2.jpg

Then hit enter.

This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

MrC

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.