WiredWX Hobby Weather ToolsLog in

 


Infected by Nuqel.E, BankerFox.A, unlimited pop-ups

2 posters

descriptionInfected by Nuqel.E, BankerFox.A, unlimited pop-ups - Page 2 EmptyRe: Infected by Nuqel.E, BankerFox.A, unlimited pop-ups

more_horiz
Run MBAM, see if it will run now.

descriptionInfected by Nuqel.E, BankerFox.A, unlimited pop-ups - Page 2 EmptyRe: Infected by Nuqel.E, BankerFox.A, unlimited pop-ups

more_horiz
Cliking Finish


Belahzur wrote:


  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.


An error ocurred>> Error code: 732 (12029, 0)

Anyway MBAM has been automatically launched after clicking Accept and I'm doing the Quick Scan... and being patient

Next post will be the log, I hope :p

descriptionInfected by Nuqel.E, BankerFox.A, unlimited pop-ups - Page 2 EmptyRe: Infected by Nuqel.E, BankerFox.A, unlimited pop-ups

more_horiz
The MBAM log:



Malwarebytes' Anti-Malware 1.44
Versión de la Base de Datos: 3510
Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

20/02/2010 1:34:28
mbam-log-2010-02-20 (01-34-28).txt

Tipo de examen : Examen Rápido
Objetos examinados: 128958
Tiempo transcurrido: 9 minute(s), 28 second(s)

Procesos en Memoria Infectados: 0
Módulos en Memoria Infectados: 0
Claves del Registro Infectadas: 1
Valores del Registro Infectados: 2
Elementos de Datos del Registro Infectados: 1
Carpetas Infectadas: 0
Ficheros Infectados: 1

Procesos en Memoria Infectados:
(No se han detectado elementos maliciosos)

Módulos en Memoria Infectados:
(No se han detectado elementos maliciosos)

Claves del Registro Infectadas:
HKEY_CLASSES_ROOT\CLSID\MADOWN (Worm.Magania) -> Quarantined and deleted successfully.

Valores del Registro Infectados:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\amva (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cdoosoft (Spyware.OnlineGames) -> Quarantined and deleted successfully.

Elementos de Datos del Registro Infectados:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Carpetas Infectadas:
(No se han detectado elementos maliciosos)

Ficheros Infectados:
C:\6phx.com (Spyware.OnlineGames) -> Quarantined and deleted successfully.


If any difficult about the language, I can change the MBAM language to english. I didn't think it before

descriptionInfected by Nuqel.E, BankerFox.A, unlimited pop-ups - Page 2 EmptyRe: Infected by Nuqel.E, BankerFox.A, unlimited pop-ups

more_horiz
No problem with language, I can read almost any log in any language - mainly because the filenames stay the same and are in the same location, so doesn't matter what the language.

You may have a flash drive infection.

Download OTL by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.

descriptionInfected by Nuqel.E, BankerFox.A, unlimited pop-ups - Page 2 EmptyRe: Infected by Nuqel.E, BankerFox.A, unlimited pop-ups

more_horiz
Belahzur wrote:
No problem with language, I can read almost any log in any language - mainly because the filenames stay the same and are in the same location, so doesn't matter what the language


That's what I thought. It's not english or spanish or... it's computing language Open Grin

Scanning. The next, the two logs.

descriptionInfected by Nuqel.E, BankerFox.A, unlimited pop-ups - Page 2 EmptyRe: Infected by Nuqel.E, BankerFox.A, unlimited pop-ups

more_horiz
OTL.exe > Part #1


OTL logfile created on: 20/02/2010 21:54:22 - Run 1
OTL by OldTimer - Version 3.1.30.1 Folder = C:\Documents and Settings\Unique\Escritorio
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C0A | Country: España | Language: ESN | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 70,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 88,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Archivos de programa
Drive C: | 186,19 Gb Total Space | 8,26 Gb Free Space | 4,44% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: D30MPK3J
Current User Name: Unique
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/02/20 21:53:20 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Unique\Escritorio\OTL.exe
PRC - [2010/02/11 19:53:42 | 002,756,488 | ---- | M] (ALWIL Software) -- C:\Archivos de programa\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/02/11 19:53:39 | 000,040,384 | ---- | M] (ALWIL Software) -- C:\Archivos de programa\Alwil Software\Avast5\AvastSvc.exe
PRC - [2009/03/09 04:19:15 | 000,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Archivos de programa\Java\jre6\bin\jqs.exe
PRC - [2008/04/23 01:08:13 | 000,483,328 | ---- | M] (Adobe Systems Inc.) -- C:\Archivos de programa\Adobe\Acrobat 7.0\Distillr\acrotray.exe
PRC - [2008/03/26 10:31:49 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Archivos de programa\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2007/12/18 12:43:34 | 000,274,432 | ---- | M] () -- C:\Archivos de programa\Launchy\Launchy.exe
PRC - [2007/12/05 21:07:38 | 000,405,504 | ---- | M] (SigmaTel, Inc.) -- C:\Archivos de programa\Sigmatel\C-Major Audio\WDM\stsystra.exe
PRC - [2007/12/05 21:07:34 | 000,094,208 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\system32\stacsv.exe
PRC - [2007/11/13 17:51:24 | 002,510,848 | ---- | M] (OpenOffice.org) -- C:\Archivos de programa\OpenOffice.org 2.3\program\soffice.bin
PRC - [2007/11/13 17:49:22 | 002,359,296 | ---- | M] (OpenOffice.org) -- C:\Archivos de programa\OpenOffice.org 2.3\program\soffice.exe
PRC - [2007/11/08 23:50:10 | 001,552,384 | ---- | M] () -- C:\Archivos de programa\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
PRC - [2007/09/23 19:27:38 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Archivos de programa\DellTPad\hidfind.exe
PRC - [2007/09/23 19:27:30 | 000,159,744 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Archivos de programa\DellTPad\Apoint.exe
PRC - [2007/09/23 19:27:28 | 000,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Archivos de programa\DellTPad\ApMsgFwd.exe
PRC - [2007/09/23 19:27:28 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Archivos de programa\DellTPad\ApntEx.exe
PRC - [2007/09/14 11:53:16 | 000,218,424 | ---- | M] (Wave Systems Corp.) -- C:\Archivos de programa\Wave Systems Corp\SecureUpgrade.exe
PRC - [2007/09/10 10:55:04 | 000,092,160 | ---- | M] (Wave Systems Corp.) -- C:\Archivos de programa\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe
PRC - [2007/09/07 18:29:04 | 000,737,280 | ---- | M] (Wave Systems Corp.) -- C:\Archivos de programa\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
PRC - [2007/07/25 17:41:42 | 000,647,168 | ---- | M] (Intel Corporation) -- C:\Archivos de programa\Intel\Wireless\Bin\EvtEng.exe
PRC - [2007/07/25 17:32:50 | 000,823,296 | ---- | M] (Intel Corporation) -- C:\Archivos de programa\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2007/07/25 17:32:34 | 000,294,912 | ---- | M] (Intel(R) Corporation) -- C:\Archivos de programa\Intel\Wireless\Bin\WLKEEPER.exe
PRC - [2007/07/25 17:30:36 | 000,974,848 | ---- | M] (Intel Corporation) -- C:\Archivos de programa\Intel\Wireless\Bin\iFrmewrk.exe
PRC - [2007/07/25 17:29:38 | 000,987,136 | ---- | M] (Intel Corporation ) -- C:\Archivos de programa\Intel\Wireless\Bin\S24EvMon.exe
PRC - [2007/07/25 17:26:14 | 000,491,520 | ---- | M] (Intel Corporation) -- C:\Archivos de programa\Intel\Wireless\Bin\Dot1XCfg.exe
PRC - [2007/07/25 17:22:44 | 000,327,680 | ---- | M] (Intel Corporation) -- C:\Archivos de programa\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2007/07/20 17:53:52 | 000,475,136 | ---- | M] (Dell Inc.) -- C:\Archivos de programa\Dell\QuickSet\NicConfigSvc.exe
PRC - [2007/06/13 14:22:28 | 001,035,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/05/31 16:50:40 | 000,163,908 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
PRC - [2007/04/30 18:43:54 | 003,450,608 | ---- | M] (Stardock) -- C:\Archivos de programa\Stardock\ObjectDock\ObjectDock.exe
PRC - [2007/01/11 21:43:46 | 002,150,400 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Archivos de programa\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
PRC - [2006/12/19 15:21:48 | 000,079,432 | ---- | M] (Broadcom Corporation) -- C:\Archivos de programa\Broadcom\ASFIPMon\AsfIpMon.exe
PRC - [2006/12/18 16:22:14 | 000,278,528 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Archivos de programa\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
PRC - [2006/12/15 12:41:30 | 002,170,880 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Archivos de programa\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
PRC - [2006/11/03 19:02:14 | 000,050,688 | ---- | M] (Avanquest Software ) -- C:\Archivos de programa\Digital Line Detect\DLG.exe
PRC - [2006/11/03 17:20:12 | 000,866,584 | ---- | M] (Microsoft Corporation) -- C:\Archivos de programa\Windows Defender\MSASCui.exe
PRC - [2006/11/03 17:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- C:\Archivos de programa\Windows Defender\MsMpEng.exe
PRC - [2006/11/02 15:05:50 | 000,282,624 | ---- | M] (Knowles Acoustics) -- C:\WINDOWS\system32\KADxMain.exe
PRC - [2006/10/27 21:13:48 | 000,270,336 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Archivos de programa\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
PRC - [2006/10/20 18:23:38 | 000,118,784 | ---- | M] (CyberLink Corp.) -- C:\Archivos de programa\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2006/08/17 10:00:00 | 001,116,920 | ---- | M] (Roxio) -- C:\Archivos de programa\Roxio\Drag-to-Disc\DrgToDsc.exe
PRC - [2006/04/29 06:32:56 | 000,049,152 | ---- | M] (Dassault Systemes) -- C:\Archivos de programa\Dassault Systemes\B17\intel_a\code\bin\CATSysDemon.exe
PRC - [2006/02/07 00:00:20 | 000,311,296 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Archivos de programa\Toshiba\Bluetooth Toshiba Stack\TosOBEX.exe
PRC - [2006/01/24 00:14:10 | 000,069,632 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Archivos de programa\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
PRC - [2005/09/30 18:22:50 | 000,096,341 | ---- | M] (Canon Inc.) -- C:\Archivos de programa\Canon\CAL\CALMAIN.exe
PRC - [2004/07/27 17:50:18 | 000,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Archivos de programa\Archivos comunes\InstallShield\UpdateService\issch.exe


========== Modules (SafeList) ==========

MOD - [2010/02/20 21:53:20 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Unique\Escritorio\OTL.exe
MOD - [2007/04/30 18:18:50 | 000,112,400 | ---- | M] () -- C:\Archivos de programa\Stardock\ObjectDock\DockShellHook.dll
MOD - [2006/08/25 09:46:28 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/02/11 19:53:39 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Archivos de programa\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/02/11 19:53:39 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Archivos de programa\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/02/11 19:53:39 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Archivos de programa\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2009/12/30 12:35:11 | 000,135,664 | ---- | M] (Google Inc.) [Auto | Stopped] -- C:\Archivos de programa\Google\Update\GoogleUpdate.exe -- (gupdate) Servicio Google Update (gupdate)
SRV - [2009/03/27 09:01:34 | 000,183,280 | ---- | M] (Google) [Auto | Stopped] -- C:\Archivos de programa\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2009/03/09 04:19:15 | 000,152,984 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Archivos de programa\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2008/04/18 14:06:01 | 000,085,096 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Archivos de programa\Archivos comunes\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2008/04/11 17:02:53 | 000,072,704 | ---- | M] (Adobe Systems) [On_Demand | Stopped] -- C:\Archivos de programa\Archivos comunes\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)
SRV - [2007/12/05 21:07:34 | 000,094,208 | ---- | M] (SigmaTel, Inc.) [Auto | Running] -- C:\WINDOWS\system32\stacsv.exe -- (STacSV)
SRV - [2007/11/08 23:50:10 | 001,552,384 | ---- | M] () [Auto | Running] -- C:\Archivos de programa\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe -- (tcsd_win32.exe)
SRV - [2007/09/13 15:31:44 | 000,192,512 | ---- | M] (Wave Systems Corp.) [On_Demand | Stopped] -- C:\Archivos de programa\Wave Systems Corp\Authentication Manager\WaveEnrollmentService.exe -- (WaveEnrollmentService)
SRV - [2007/09/07 18:29:04 | 000,737,280 | ---- | M] (Wave Systems Corp.) [Auto | Running] -- C:\Archivos de programa\Wave Systems Corp\Trusted Drive Manager\TdmService.exe -- (TdmService)
SRV - [2007/08/31 18:39:18 | 000,486,400 | ---- | M] (Wave Systems Corp.) [On_Demand | Stopped] -- C:\Archivos de programa\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe -- (SecureStorageService)
SRV - [2007/07/25 17:41:42 | 000,647,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Archivos de programa\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel(R)
SRV - [2007/07/25 17:32:34 | 000,294,912 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Archivos de programa\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER) Intel(R)
SRV - [2007/07/25 17:29:38 | 000,987,136 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\Archivos de programa\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor) Intel(R)
SRV - [2007/07/25 17:22:44 | 000,327,680 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Archivos de programa\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel(R)
SRV - [2007/07/20 17:53:52 | 000,475,136 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Archivos de programa\Dell\QuickSet\NicConfigSvc.exe -- (NICCONFIGSVC)
SRV - [2007/05/31 16:50:40 | 000,163,908 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc)
SRV - [2006/12/19 15:21:48 | 000,079,432 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Archivos de programa\Broadcom\ASFIPMon\AsfIpMon.exe -- (ASFIPmon)
SRV - [2006/11/03 17:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Archivos de programa\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2006/09/14 15:54:34 | 000,073,728 | ---- | M] (MicroVision Development, Inc.) [On_Demand | Stopped] -- C:\Archivos de programa\Archivos comunes\SureThing Shared\stllssvr.exe -- (stllssvr)
SRV - [2006/04/29 06:32:56 | 000,049,152 | ---- | M] (Dassault Systemes) [Auto | Running] -- C:\Archivos de programa\Dassault Systemes\B17\intel_a\code\bin\CATSysDemon.exe -- (BBDemon)
SRV - [2005/09/30 18:22:50 | 000,096,341 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Archivos de programa\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2004/10/22 02:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Archivos de programa\Archivos comunes\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2003/07/28 19:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Archivos de programa\Archivos comunes\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


========== Driver Services (SafeList) ==========

DRV - [2010/02/11 19:42:34 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/02/11 19:42:13 | 000,162,512 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/02/11 19:39:01 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/02/11 19:38:34 | 000,100,432 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/02/11 19:38:23 | 000,019,024 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/02/11 19:38:07 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2009/09/23 16:10:06 | 000,207,280 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2008/03/26 10:17:22 | 000,021,393 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\AegisP.sys -- (AegisP) AEGIS Protocol (IEEE 802.1x)
DRV - [2007/12/05 21:07:36 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2007/12/02 19:26:28 | 000,012,672 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2007/12/02 19:26:22 | 000,989,952 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2007/12/02 19:26:20 | 000,731,136 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2007/12/02 19:26:20 | 000,211,200 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2007/11/28 17:18:24 | 000,062,208 | ---- | M] (O2Micro) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\oz776.sys -- (guardian2)
DRV - [2007/11/13 11:25:53 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2007/09/23 19:27:26 | 000,155,136 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007/09/10 10:55:00 | 000,161,280 | ---- | M] (Wave Systems Corp.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\WavxDMgr.sys -- (WavxDMgr)
DRV - [2007/09/07 10:57:14 | 000,026,608 | ---- | M] (Dell Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\PBADRV.sys -- (PBADRV)
DRV - [2007/09/06 10:18:40 | 000,018,176 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WaveFDE.sys -- (WaveFDE)
DRV - [2007/08/12 19:05:34 | 002,211,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Controlador del adaptador Intel(R)
DRV - [2007/05/31 16:50:20 | 006,727,136 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2007/05/29 16:29:30 | 000,012,416 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2007/04/26 15:29:30 | 000,041,856 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2007/04/26 15:29:28 | 000,073,600 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV - [2007/04/26 15:29:28 | 000,064,896 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2007/04/26 15:29:28 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2007/04/26 15:29:26 | 000,113,920 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfbd.sys -- (tosrfbd)
DRV - [2007/04/26 15:29:26 | 000,036,480 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfbnp.sys -- (tosrfbnp)
DRV - [2007/04/26 15:29:24 | 000,041,600 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosporte.sys -- (tosporte)
DRV - [2007/03/18 16:44:38 | 000,160,256 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2006/12/19 15:21:52 | 000,010,480 | ---- | M] (Broadcom Corporation) [Kernel | Auto | Running] -- C:\Archivos de programa\Broadcom\ASFIPMon\BASFND.sys -- (BASFND)
DRV - [2006/11/02 13:32:32 | 000,097,536 | ---- | M] (Knowles Acoustics) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dxec01.sys -- (DXEC01)
DRV - [2006/08/18 14:18:12 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2006/08/18 14:17:46 | 000,035,096 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2006/08/18 14:17:44 | 000,097,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/08/18 14:17:44 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/08/18 14:17:42 | 000,026,008 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/08/18 14:17:40 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/08/18 14:17:38 | 000,104,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/08/18 14:17:38 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/08/11 12:05:58 | 000,051,768 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2006/08/11 11:35:18 | 000,012,920 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/08/11 11:35:16 | 000,028,184 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2006/07/24 04:00:00 | 000,036,528 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2006/07/21 12:21:26 | 000,099,176 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2005/08/12 18:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2004/08/20 13:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2004/08/20 13:00:00 | 000,005,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rootmdm.sys -- (ROOTMODEM)
DRV - [2004/08/12 18:45:54 | 000,137,728 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
DRV - [2004/08/04 00:07:44 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2004/08/04 00:07:44 | 000,041,088 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2003/07/11 14:22:08 | 000,014,912 | ---- | M] (IBM) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\LUMDriver.sys -- (LUMDriver)
DRV - [2002/12/17 04:41:10 | 000,076,288 | ---- | M] (Rainbow Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\Drivers\SENTINEL.SYS -- (Sentinel)
DRV - [2001/08/22 22:33:56 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 23:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 23:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 23:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 23:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 23:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 22:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 22:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 22:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 22:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 22:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 22:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 22:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 22:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 22:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 21:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\el90xbc5.sys -- (EL90XBC)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.es/ig/dell?hl=es&client=dell-row-rel&channel=es&ibd=1080326
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.es/hws/sb/dell-row-rel/es/side.html?channel=es
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.es/ig/dell?hl=es&client=dell-row-rel&channel=es&ibd=1080326

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.es/ig/dell?hl=es&client=dell-row-rel&channel=es&ibd=1080326
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.es/hws/sb/dell-row-rel/es/side.html?channel=es
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.es/ig/dell?hl=es&client=dell-row-rel&channel=es&ibd=1080326
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.fotolog.com/labruixaavorrida"
FF - prefs.js..extensions.enabledItems: en-GB@dictionaries.addons.mozilla.org:1.19
FF - prefs.js..extensions.enabledItems: ca@dictionaries.addons.mozilla.org:2.1.5
FF - prefs.js..extensions.enabledItems: es-es@dictionaries.addons.mozilla.org:1.2.1
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.6.4
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.5.1


FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Archivos de programa\Mozilla Firefox\components [2010/02/19 15:47:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Archivos de programa\Mozilla Firefox\plugins [2010/02/19 15:47:46 | 000,000,000 | ---D | M]

[2008/10/28 18:32:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Unique\Datos de programa\Mozilla\Extensions
[2010/02/20 21:47:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Unique\Datos de programa\Mozilla\Firefox\Profiles\1dh83251.default\extensions
[2009/10/09 13:11:34 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Unique\Datos de programa\Mozilla\Firefox\Profiles\1dh83251.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009/07/11 13:42:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Unique\Datos de programa\Mozilla\Firefox\Profiles\1dh83251.default\extensions\ca@dictionaries.addons.mozilla.org
[2008/07/03 08:15:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Unique\Datos de programa\Mozilla\Firefox\Profiles\1dh83251.default\extensions\en-GB@dictionaries.addons.mozilla.org
[2009/01/31 12:57:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Unique\Datos de programa\Mozilla\Firefox\Profiles\1dh83251.default\extensions\es-es@dictionaries.addons.mozilla.org
[2010/02/11 19:56:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Unique\Datos de programa\Mozilla\Firefox\Profiles\1dh83251.default\extensions\personas@christopher.beard
[2010/02/20 21:47:01 | 000,000,000 | ---D | M] -- C:\Archivos de programa\Mozilla Firefox\extensions
[2010/01/20 18:04:25 | 000,003,996 | ---- | M] () -- C:\Archivos de programa\Mozilla Firefox\searchplugins\drae.xml
[2010/01/20 18:04:25 | 000,000,751 | ---- | M] () -- C:\Archivos de programa\Mozilla Firefox\searchplugins\eBay-es.xml
[2010/01/20 18:04:25 | 000,001,178 | ---- | M] () -- C:\Archivos de programa\Mozilla Firefox\searchplugins\wikipedia-es.xml
[2010/01/20 18:04:25 | 000,000,798 | ---- | M] () -- C:\Archivos de programa\Mozilla Firefox\searchplugins\yahoo-es.xml

O1 HOSTS File: ([2008/07/13 20:59:01 | 000,000,548 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DIALux 3.1 ULDBrowserHelper Class) - {69AB812A-8CE4-4BF3-B49B-3B60A9F31FB2} - C:\Archivos de programa\DIALux\DLXShellExtension.dll (DIAL GmbH, Germany)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Archivos de programa\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Archivos de programa\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Archivos de programa\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Archivos de programa\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Archivos de programa\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Archivos de programa\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Archivos de programa\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Archivos de programa\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Archivos de programa\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Archivos de programa\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Archivos de programa\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Archivos de programa\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Apoint] C:\Archivos de programa\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [avast5] C:\Archivos de programa\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [ECenter] C:\dell\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [IntelWireless] C:\Archivos de programa\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Archivos de programa\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] c:\Archivos de programa\Archivos comunes\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Archivos de programa\Archivos comunes\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [KADxMain] C:\WINDOWS\system32\KADxMain.exe (Knowles Acoustics)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\WINDOWS\System32\nvhotkey.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PDVDDXSrv] C:\Archivos de programa\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RoxioDragToDisc] C:\Archivos de programa\Roxio\Drag-to-Disc\DrgToDsc.exe (Roxio)
O4 - HKLM..\Run: [SecureUpgrade] C:\Archivos de programa\Wave Systems Corp\SecureUpgrade.exe (Wave Systems Corp.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Archivos de programa\Sigmatel\C-Major Audio\WDM\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [WavXMgr] C:\Archivos de programa\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe (Wave Systems Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Archivos de programa\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [swg] C:\Archivos de programa\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Menú Inicio\Programas\Inicio\Acelerador de inicio de AutoCAD.lnk = C:\Archivos de programa\Archivos comunes\Autodesk Shared\acstart16.exe (Autodesk, Inc)
O4 - Startup: C:\Documents and Settings\All Users\Menú Inicio\Programas\Inicio\Adobe Acrobat Speed Launcher.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Menú Inicio\Programas\Inicio\Adobe Gamma.lnk = C:\Archivos de programa\Archivos comunes\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Menú Inicio\Programas\Inicio\Bluetooth Manager.lnk = C:\Archivos de programa\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
O4 - Startup: C:\Documents and Settings\All Users\Menú Inicio\Programas\Inicio\Digital Line Detect.lnk = C:\Archivos de programa\Digital Line Detect\DLG.exe (Avanquest Software )
O4 - Startup: C:\Documents and Settings\All Users\Menú Inicio\Programas\Inicio\Launchy.lnk = C:\Archivos de programa\Launchy\Launchy.exe ()
O4 - Startup: C:\Documents and Settings\Unique\Menú Inicio\Programas\Inicio\OpenOffice.org 2.3.lnk = C:\Archivos de programa\OpenOffice.org 2.3\program\quickstart.exe ()
O4 - Startup: C:\Documents and Settings\Unique\Menú Inicio\Programas\Inicio\Stardock ObjectDock.lnk = C:\Archivos de programa\Stardock\ObjectDock\ObjectDock.exe (Stardock)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Archivos de programa\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Archivos de programa\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Archivos de programa\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Archivos de programa\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Archivos de programa\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Archivos de programa\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Archivos de programa\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to existing PDF - C:\Archivos de programa\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Google Sidewiki... - C:\Archivos de programa\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 80.58.61.250 80.58.61.254
O18 - Protocol\Handler\dialux {8352FA4C-39C6-11D3-ADBA-00A0244FB1A2} - C:\Archivos de programa\DIALux\DLXToolBox.dll (DIAL GmbH, Germany)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\lledo {54DB67D8-DE43-4362-BDA8-9C574379CAD5} - C:\Archivos de programa\Archivos comunes\Lledo\DatabaseTools.dll ()
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Archivos de programa\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\gemsafe: DllName - C:\Archivos de programa\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll - C:\Archivos de programa\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll (Gemplus)
O24 - Desktop Components:0 (Mi página de inicio actual) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Unique\Configuración local\Datos de programa\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Unique\Configuración local\Datos de programa\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Archivos de programa\Windows Defender\MpShHook.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (wvauth) - C:\WINDOWS\System32\wvauth.dll (Wave Systems Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/09/08 17:04:38 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/10/23 10:41:37 | 000,000,057 | RHS- | M] () - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2009/10/24 17:31:08 | 000,002,352 | ---- | M] () - C:\autorun.PNF -- [ NTFS ]
O33 - MountPoints2\{031e2296-5460-11de-bf60-001e37c4a700}\Shell\AutoRun\command - "" = E:\set21\ago1opa.exe -- File not found
O33 - MountPoints2\{2232c527-f949-11de-80c4-001e37c4a700}\Shell\AutoRun\command - "" = f2kmj.exe
O33 - MountPoints2\{2232c527-f949-11de-80c4-001e37c4a700}\Shell\open\Command - "" = f2kmj.exe
O33 - MountPoints2\{2c1a6a38-6ace-11dd-bdaf-001e37c4a700}\Shell - "" = AutoRun
O33 - MountPoints2\{33513dc6-e67a-11dd-be95-001e37c4a700}\Shell\AutoRun\command - "" = E:\CONFIG\S-1-5-21-1482476501-1644491937-682003330-1013\usr.exe -- File not found
O33 - MountPoints2\{33513dc6-e67a-11dd-be95-001e37c4a700}\Shell\open\command - "" = E:\CONFIG\S-1-5-21-1482476501-1644491937-682003330-1013\usr.exe -- File not found
O33 - MountPoints2\{3ac583c7-1b4d-11dd-bd2a-001e37c4a700}\Shell - "" = AutoRun
O33 - MountPoints2\{3ac583c7-1b4d-11dd-bd2a-001e37c4a700}\Shell\AutoRun\command - "" = D:\LaunchU3.exe -- File not found
O33 - MountPoints2\{568e6c25-f02d-11de-80b0-001e37c4a700}\Shell\AutoRun\command - "" = set21\ago1opa.exe
O33 - MountPoints2\{77e5316e-f434-11dd-beaf-001e37c4a700}\Shell\AutoRun\command - "" = E:\set21\ago1opa.exe -- File not found
O33 - MountPoints2\{7e9b2d28-2360-11de-bf05-001e37c4a700}\Shell\Auto\command - "" = msnmsgr_plus.exe
O33 - MountPoints2\{8024e0fc-e171-11dd-be8c-001e37c4a700}\Shell\AutoRun\command - "" = E:\iqe68o.bat -- File not found
O33 - MountPoints2\{8024e0fc-e171-11dd-be8c-001e37c4a700}\Shell\explore\Command - "" = E:\iqe68o.bat -- File not found
O33 - MountPoints2\{8024e0fc-e171-11dd-be8c-001e37c4a700}\Shell\open\Command - "" = E:\iqe68o.bat -- File not found
O33 - MountPoints2\{92eb5a6f-93dc-11dd-bdf2-001e37c4a700}\Shell\AutoRun\command - "" = u.bat
O33 - MountPoints2\{92eb5a6f-93dc-11dd-bdf2-001e37c4a700}\Shell\explore\Command - "" = u.bat
O33 - MountPoints2\{92eb5a6f-93dc-11dd-bdf2-001e37c4a700}\Shell\open\Command - "" = u.bat
O33 - MountPoints2\{9460c970-0af1-11dd-bcf9-001e37c4a700}\Shell\AutoRun\command - "" = E:\set21\ago1opa.exe -- File not found
O33 - MountPoints2\{99d04404-5897-11de-bf6b-001e37c4a700}\Shell\AutoRun\command - "" = E:\CONFIG\S-1-5-21-1482476501-1644491937-682003330-1013\usr.exe -- File not found
O33 - MountPoints2\{99d04404-5897-11de-bf6b-001e37c4a700}\Shell\open\command - "" = E:\CONFIG\S-1-5-21-1482476501-1644491937-682003330-1013\usr.exe -- File not found
O33 - MountPoints2\{b14b4b24-e186-11de-808a-001e37c4a700}\Shell\AutoRun\command - "" = E:\set21\ago1opa.exe -- File not found
O33 - MountPoints2\{b2932efe-de7e-11dd-be88-001e37c4a700}\Shell - "" = AutoRun
O33 - MountPoints2\{b2932efe-de7e-11dd-be88-001e37c4a700}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{b2932eff-de7e-11dd-be88-001e37c4a700}\Shell\AutoRun\command - "" = G:\601ugf.exe -- File not found
O33 - MountPoints2\{b2932eff-de7e-11dd-be88-001e37c4a700}\Shell\open\Command - "" = G:\601ugf.exe -- File not found
O33 - MountPoints2\{b9db71f4-5115-11dd-bd8d-001e37c4a700}\Shell\AutoRun\command - "" = E:\RECYCLER\S-1-6-21-1254946310-2159485961-600003330-2501\shellopen.exe -- File not found
O33 - MountPoints2\{b9db71f4-5115-11dd-bd8d-001e37c4a700}\Shell\open\command - "" = E:\RECYCLER\S-1-6-21-1254946310-2159485961-600003330-2501\shellopen.exe -- File not found
O33 - MountPoints2\{c67a306f-a740-11dd-be11-001e37c4a700}\Shell\AutoRun\command - "" = G:\q3kku.exe -- File not found
O33 - MountPoints2\{c67a306f-a740-11dd-be11-001e37c4a700}\Shell\open\Command - "" = G:\q3kku.exe -- File not found
O33 - MountPoints2\{d5cb4650-694d-11dd-bdab-001e37c4a700}\Shell - "" = AutoRun
O33 - MountPoints2\{f87b7ea9-dfdc-11dd-be8b-001e37c4a700}\Shell\AutoRun\command - "" = F:\iqe68o.bat -- File not found
O33 - MountPoints2\{f87b7ea9-dfdc-11dd-be8b-001e37c4a700}\Shell\explore\Command - "" = F:\iqe68o.bat -- File not found
O33 - MountPoints2\{f87b7ea9-dfdc-11dd-be8b-001e37c4a700}\Shell\open\Command - "" = F:\iqe68o.bat -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

descriptionInfected by Nuqel.E, BankerFox.A, unlimited pop-ups - Page 2 EmptyRe: Infected by Nuqel.E, BankerFox.A, unlimited pop-ups

more_horiz
OTL.exe> Part #2



========== Files/Folders - Created Within 30 Days ==========

[2010/02/20 21:53:15 | 000,549,376 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Unique\Escritorio\OTL.exe
[2010/02/20 01:36:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Configuración local\Datos de programa\NTRU Cryptosystems
[2010/02/20 01:17:41 | 005,115,824 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Unique\Escritorio\mbam-setup.exe
[2010/02/19 02:48:42 | 000,019,024 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/02/19 02:48:41 | 000,162,512 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/02/19 02:48:40 | 000,023,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/02/19 02:48:39 | 000,046,672 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/02/19 02:48:38 | 000,100,432 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/02/19 02:48:38 | 000,094,800 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/02/19 02:48:38 | 000,028,880 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/02/19 02:48:26 | 000,153,184 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/02/19 02:48:26 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr
[2010/02/18 00:23:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Unique\Escritorio\virus intento carlos
[2010/02/18 00:06:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Unique\Escritorio\IceSword122en
[2010/02/17 22:33:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Unique\Datos de programa\Malwarebytes
[2010/02/17 22:33:50 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/02/17 22:33:48 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/02/17 22:33:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Datos de programa\Malwarebytes
[2010/02/17 22:33:47 | 000,000,000 | ---D | C] -- C:\Archivos de programa\Malwarebytes' Anti-Malware
[2010/02/17 21:47:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Datos de programa\Alwil Software
[2010/02/17 21:32:40 | 000,233,136 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2010/02/17 21:32:35 | 000,207,280 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2010/02/17 21:32:35 | 000,087,784 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2010/02/17 21:32:09 | 000,070,408 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2010/02/17 21:31:35 | 000,000,000 | ---D | C] -- C:\Archivos de programa\Archivos comunes\PC Tools
[2010/02/17 21:31:34 | 000,000,000 | ---D | C] -- C:\Archivos de programa\Spyware Doctor
[2010/02/17 21:31:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Unique\Datos de programa\PC Tools
[2010/02/17 21:31:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Datos de programa\PC Tools
[2010/02/17 21:29:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Datos de programa\TEMP
[2010/02/17 10:06:59 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Unique\PrivacIE
[2010/02/17 09:59:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Unique\Datos de programa\jbkisl
[2010/02/17 09:59:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Unique\Configuración local\Datos de programa\jbkisl
[2010/02/15 01:20:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Unique\Escritorio\Dex T2 + T3
[2010/02/15 01:10:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Unique\Escritorio\D&D
[2010/02/14 00:54:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Unique\Escritorio\Moonlight T1
[2010/02/11 22:15:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Unique\Mis documentos\cançons
[2010/02/11 22:12:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Unique\Mis documentos\dialogues
[2010/02/11 22:09:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Unique\Mis documentos\words
[2010/02/07 14:13:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Unique\Escritorio\2010 París
[2010/02/06 19:47:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Unique\Escritorio\PB T4
[2010/02/05 17:06:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Unique\Escritorio\baberos
[2010/02/05 14:02:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Unique\Escritorio\2010 París _1 104CANON
[2010/02/05 13:52:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Unique\Escritorio\2010 París _3 105CANON
[2010/02/05 13:47:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Unique\Escritorio\2010 París _2 104CANON
[2010/01/29 16:50:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Unique\Escritorio\pariss
[2010/01/23 15:36:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Unique\Mis documentos\Descargas
[2009/12/30 12:40:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Configuración local\Datos de programa\Google
[2009/12/30 12:35:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Configuración local\Datos de programa\Google
[2009/09/17 22:58:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Configuración local\Datos de programa\Microsoft
[2008/12/03 11:14:41 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Datos de programa\Microsoft
[2008/07/18 14:13:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Configuración local\Datos de programa\PCHealth
[2008/03/26 10:17:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Datos de programa\Intel
[2008/03/26 10:17:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Datos de programa\Intel
[2004/09/08 17:11:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Configuración local\Datos de programa\Microsoft
[2004/09/08 16:55:24 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Datos de programa\Microsoft
[48 C:\Documents and Settings\Unique\Escritorio\*.tmp files -> C:\Documents and Settings\Unique\Escritorio\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/02/20 21:53:20 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Unique\Escritorio\OTL.exe
[2010/02/20 21:47:10 | 000,055,944 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2010/02/20 02:20:21 | 000,001,012 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/02/20 01:40:00 | 000,001,088 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/02/20 01:39:19 | 000,000,344 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/02/20 01:37:11 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/02/20 01:36:39 | 000,001,084 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/02/20 01:36:37 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/02/20 01:36:24 | 000,002,363 | ---- | M] () -- C:\Documents and Settings\All Users\Menú Inicio\Programas\Inicio\Adobe Acrobat Speed Launcher.lnk
[2010/02/20 01:36:20 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Unique\Configuración local\Datos de programa\WavXMapDrive.bat
[2010/02/20 01:36:15 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/02/20 01:36:11 | 2145,353,728 | -HS- | M] () -- C:\hiberfil.sys
[2010/02/20 01:35:34 | 012,320,768 | -H-- | M] () -- C:\Documents and Settings\Unique\NTUSER.DAT
[2010/02/20 01:23:38 | 000,077,370 | ---- | M] () -- C:\Documents and Settings\Unique\Escritorio\MBAMimage.JPG
[2010/02/20 01:18:56 | 005,115,824 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Unique\Escritorio\mbam-setup.exe
[2010/02/20 00:57:36 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\Unique\Mis documentos\Cuando accedí a ser tu amante estaba convencida de que mi desdén por tu vulgaridad y tu asombrosa falta de escrúpulos cercenaría cualquier posibilidad de que sintiera algo por ti pero.doc
[2010/02/19 18:35:04 | 000,000,504 | ---- | M] () -- C:\WINDOWS\tasks\Norton Security Scan for Unique.job
[2010/02/19 02:48:39 | 000,002,958 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/02/18 00:03:59 | 002,205,157 | ---- | M] () -- C:\Documents and Settings\Unique\Escritorio\IceSword122en.zip
[2010/02/17 18:22:28 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\Unique\Mis documentos\ensalada parisienne.doc
[2010/02/17 10:17:30 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/02/17 10:17:28 | 000,022,528 | ---- | M] () -- C:\Documents and Settings\Unique\Configuración local\Datos de programa\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/14 16:58:18 | 000,192,557 | ---- | M] () -- C:\Documents and Settings\Unique\Escritorio\12219uv_500.jpg
[2010/02/14 16:51:26 | 000,436,298 | ---- | M] () -- C:\Documents and Settings\Unique\Escritorio\33tjt3a.jpg
[2010/02/14 16:51:06 | 000,438,635 | ---- | M] () -- C:\Documents and Settings\Unique\Escritorio\12219uv.jpg
[2010/02/14 16:50:47 | 000,469,233 | ---- | M] () -- C:\Documents and Settings\Unique\Escritorio\ekgr4o.jpg
[2010/02/14 16:49:39 | 000,268,248 | ---- | M] () -- C:\Documents and Settings\Unique\Escritorio\3610748372_5a5f4d4220.jpg
[2010/02/14 16:48:33 | 000,116,588 | ---- | M] () -- C:\Documents and Settings\Unique\Escritorio\3618591863_bd288563e8.jpg
[2010/02/12 16:07:40 | 000,081,565 | ---- | M] () -- C:\Documents and Settings\Unique\Escritorio\1265361799715_f.jpg
[2010/02/11 23:30:09 | 000,021,504 | ---- | M] () -- C:\Documents and Settings\Unique\Mis documentos\test.doc
[2010/02/11 19:53:57 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr
[2010/02/11 19:53:36 | 000,153,184 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/02/11 19:42:34 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/02/11 19:42:13 | 000,162,512 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/02/11 19:39:01 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/02/11 19:38:34 | 000,100,432 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/02/11 19:38:31 | 000,094,800 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/02/11 19:38:23 | 000,019,024 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/02/11 19:38:07 | 000,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/02/11 01:41:10 | 000,055,944 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat
[2010/02/09 21:03:41 | 000,035,840 | ---- | M] () -- C:\Documents and Settings\Unique\Escritorio\onomatopeia.doc
[2010/02/09 20:53:04 | 000,032,116 | ---- | M] () -- C:\Documents and Settings\Unique\Escritorio\les bessones del carrer de ponent 4.jpg
[2010/02/09 20:52:52 | 000,144,935 | ---- | M] () -- C:\Documents and Settings\Unique\Escritorio\les bessones del carrer de ponent 3.jpg
[2010/02/09 20:52:44 | 000,176,848 | ---- | M] () -- C:\Documents and Settings\Unique\Escritorio\les bessones del carrer de ponent 2.jpg
[2010/02/09 20:52:25 | 000,160,419 | ---- | M] () -- C:\Documents and Settings\Unique\Escritorio\les bessones del carrer de ponent.jpg
[2010/02/05 09:25:38 | 000,070,408 | ---- | M] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2010/02/05 09:17:56 | 000,233,136 | ---- | M] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2010/01/29 17:05:31 | 000,113,213 | ---- | M] () -- C:\Documents and Settings\Unique\Escritorio\xacobeo.jpg
[2010/01/26 08:37:53 | 000,047,835 | ---- | M] () -- C:\Documents and Settings\Unique\Escritorio\Elisa.jpg
[2010/01/23 17:09:37 | 000,119,967 | ---- | M] () -- C:\Documents and Settings\Unique\Escritorio\1264259782313_f.jpg
[48 C:\Documents and Settings\Unique\Escritorio\*.tmp files -> C:\Documents and Settings\Unique\Escritorio\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/02/20 01:23:38 | 000,077,370 | ---- | C] () -- C:\Documents and Settings\Unique\Escritorio\MBAMimage.JPG
[2010/02/20 00:57:35 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\Unique\Mis documentos\Cuando accedí a ser tu amante estaba convencida de que mi desdén por tu vulgaridad y tu asombrosa falta de escrúpulos cercenaría cualquier posibilidad de que sintiera algo por ti pero.doc
[2010/02/18 00:02:17 | 002,205,157 | ---- | C] () -- C:\Documents and Settings\Unique\Escritorio\IceSword122en.zip
[2010/02/17 21:32:40 | 000,007,387 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctgntdi.cat
[2010/02/17 21:32:35 | 000,007,412 | ---- | C] () -- C:\WINDOWS\System32\drivers\PCTAppEvent.cat
[2010/02/17 21:32:35 | 000,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctcore.cat
[2010/02/17 21:32:09 | 000,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctplsg.cat
[2010/02/17 18:22:00 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\Unique\Mis documentos\ensalada parisienne.doc
[2010/02/14 16:58:15 | 000,192,557 | ---- | C] () -- C:\Documents and Settings\Unique\Escritorio\12219uv_500.jpg
[2010/02/14 16:51:26 | 000,436,298 | ---- | C] () -- C:\Documents and Settings\Unique\Escritorio\33tjt3a.jpg
[2010/02/14 16:51:05 | 000,438,635 | ---- | C] () -- C:\Documents and Settings\Unique\Escritorio\12219uv.jpg
[2010/02/14 16:50:47 | 000,469,233 | ---- | C] () -- C:\Documents and Settings\Unique\Escritorio\ekgr4o.jpg
[2010/02/14 16:49:38 | 000,268,248 | ---- | C] () -- C:\Documents and Settings\Unique\Escritorio\3610748372_5a5f4d4220.jpg
[2010/02/14 16:48:29 | 000,116,588 | ---- | C] () -- C:\Documents and Settings\Unique\Escritorio\3618591863_bd288563e8.jpg
[2010/02/12 16:07:38 | 000,081,565 | ---- | C] () -- C:\Documents and Settings\Unique\Escritorio\1265361799715_f.jpg
[2010/02/09 21:03:41 | 000,035,840 | ---- | C] () -- C:\Documents and Settings\Unique\Escritorio\onomatopeia.doc
[2010/02/09 20:53:03 | 000,032,116 | ---- | C] () -- C:\Documents and Settings\Unique\Escritorio\les bessones del carrer de ponent 4.jpg
[2010/02/09 20:52:51 | 000,144,935 | ---- | C] () -- C:\Documents and Settings\Unique\Escritorio\les bessones del carrer de ponent 3.jpg
[2010/02/09 20:52:43 | 000,176,848 | ---- | C] () -- C:\Documents and Settings\Unique\Escritorio\les bessones del carrer de ponent 2.jpg
[2010/02/09 20:52:24 | 000,160,419 | ---- | C] () -- C:\Documents and Settings\Unique\Escritorio\les bessones del carrer de ponent.jpg
[2010/02/05 14:02:38 | 000,345,550 | ---- | C] () -- C:\Documents and Settings\Unique\Escritorio\IMG_2181.JPG
[2010/02/05 14:02:38 | 000,183,817 | ---- | C] () -- C:\Documents and Settings\Unique\Escritorio\IMG_2191.JPG
[2010/02/05 14:02:38 | 000,173,370 | ---- | C] () -- C:\Documents and Settings\Unique\Escritorio\IMG_2183.JPG
[2010/01/29 17:05:29 | 000,113,213 | ---- | C] () -- C:\Documents and Settings\Unique\Escritorio\xacobeo.jpg
[2010/01/26 08:37:50 | 000,047,835 | ---- | C] () -- C:\Documents and Settings\Unique\Escritorio\Elisa.jpg
[2010/01/23 18:02:22 | 002,003,787 | ---- | C] () -- C:\Documents and Settings\Unique\Escritorio\Matea_IMG_1014_superponer x2.jpg
[2010/01/23 17:25:28 | 000,025,230 | ---- | C] () -- C:\Documents and Settings\Unique\Escritorio\1199824150_f.jpg
[2010/01/23 17:25:28 | 000,010,932 | ---- | C] () -- C:\Documents and Settings\Unique\Escritorio\1181048936_f.jpg
[2010/01/23 17:19:45 | 000,014,779 | ---- | C] () -- C:\Documents and Settings\Unique\Escritorio\1209120554_f.jpg
[2010/01/23 17:09:36 | 000,119,967 | ---- | C] () -- C:\Documents and Settings\Unique\Escritorio\1264259782313_f.jpg
[2009/10/09 17:10:18 | 000,000,103 | ---- | C] () -- C:\WINDOWS\Dialux.ini
[2009/06/13 01:14:57 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009/05/20 12:14:34 | 000,000,016 | ---- | C] () -- C:\Documents and Settings\Unique\Datos de programa\applications.log
[2008/10/25 09:30:06 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/07/19 19:14:24 | 000,000,099 | ---- | C] () -- C:\WINDOWS\WirelessFTP.INI
[2008/07/04 14:32:40 | 000,000,379 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/05/12 19:22:59 | 000,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI
[2008/04/16 17:50:38 | 000,638,305 | ---- | C] () -- C:\Archivos de programa\microstation_v8_xm_instruccions_installacio.pdf
[2008/04/12 10:40:54 | 000,022,528 | ---- | C] () -- C:\Documents and Settings\Unique\Configuración local\Datos de programa\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/04/11 17:32:24 | 000,000,615 | ---- | C] () -- C:\WINDOWS\MaxwellRender.ini
[2008/03/31 19:40:07 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\Unique\Configuración local\Datos de programa\fusioncache.dat
[2008/03/31 19:40:07 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Unique\Configuración local\Datos de programa\WavXMapDrive.bat
[2008/03/26 10:34:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\tosOBEX.INI
[2008/03/26 10:34:15 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/03/26 10:31:23 | 000,056,056 | ---- | C] () -- C:\WINDOWS\System32\DLAAPI_W.DLL
[2008/03/26 10:31:23 | 000,000,120 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/03/26 10:24:31 | 000,080,368 | ---- | C] () -- C:\WINDOWS\System32\pbadrvdll.dll
[2008/03/26 10:21:57 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\bioapi_mds300.dll
[2008/03/26 10:21:57 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\bioapi100.dll
[2008/03/26 09:52:34 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/03/26 09:52:34 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/03/26 09:52:33 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/03/26 09:52:32 | 001,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/03/26 09:50:48 | 000,001,417 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2007/09/13 15:42:30 | 000,499,712 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ru.dll
[2007/09/13 15:42:30 | 000,471,040 | ---- | C] () -- C:\WINDOWS\System32\AmRes_pt-BR.dll
[2007/09/13 15:42:28 | 000,487,424 | ---- | C] () -- C:\WINDOWS\System32\AmRes_it.dll
[2007/09/13 15:42:28 | 000,487,424 | ---- | C] () -- C:\WINDOWS\System32\AmRes_fr.dll
[2007/09/13 15:42:28 | 000,462,848 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ko.dll
[2007/09/13 15:42:28 | 000,458,752 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ja.dll
[2007/09/13 15:42:26 | 000,487,424 | ---- | C] () -- C:\WINDOWS\System32\AmRes_es.dll
[2007/09/13 15:42:26 | 000,487,424 | ---- | C] () -- C:\WINDOWS\System32\AmRes_de.dll
[2007/09/13 15:42:26 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\AmRes_en.dll
[2007/09/13 15:42:26 | 000,434,176 | ---- | C] () -- C:\WINDOWS\System32\AmRes_zh-CHT.dll
[2007/09/13 15:36:24 | 000,438,272 | ---- | C] () -- C:\WINDOWS\System32\AmRes_zh-CHS.dll
[2007/09/12 16:05:08 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_pt.dll
[2007/09/12 16:04:46 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_zh-CHT.dll
[2007/09/12 16:04:26 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ko.dll
[2007/09/12 16:04:06 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_es.dll
[2007/09/12 16:03:44 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ru.dll
[2007/09/12 16:03:24 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ja.dll
[2007/09/12 16:03:04 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_it.dll
[2007/09/12 16:02:44 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_de.dll
[2007/09/12 16:02:22 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_fr.dll
[2007/09/12 16:02:02 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_zh-CHS.dll
[2007/09/10 10:53:26 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\wxvault.dll
[2007/06/15 11:19:20 | 000,835,584 | ---- | C] () -- C:\WINDOWS\System32\DemoLicense.dll
[2006/11/07 05:25:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/09/17 00:36:50 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Roxio.dll
[2006/09/17 00:36:50 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll
[2006/08/14 12:02:10 | 000,072,192 | ---- | C] () -- C:\WINDOWS\System32\xltZlib.dll
[2006/06/12 09:01:16 | 000,348,160 | ---- | C] () -- C:\WINDOWS\tsp.dll
[2005/09/02 15:44:08 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2005/07/22 22:30:20 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
[2004/09/10 14:34:00 | 000,917,504 | ---- | C] () -- C:\WINDOWS\System32\lmgr10.dll
[2004/09/10 14:34:00 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ADsSecurity.dll
[2004/09/08 17:00:30 | 000,003,656 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/07/20 18:04:02 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll
[2004/01/15 15:43:28 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll
[2003/04/11 12:14:14 | 000,005,827 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== Alternate Data Streams ==========

@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Datos de programa\TEMP:DFC5A2B2
< End of report >

descriptionInfected by Nuqel.E, BankerFox.A, unlimited pop-ups - Page 2 EmptyRe: Infected by Nuqel.E, BankerFox.A, unlimited pop-ups

more_horiz
Extras.txt


OTL Extras logfile created on: 20/02/2010 21:54:22 - Run 1
OTL by OldTimer - Version 3.1.30.1 Folder = C:\Documents and Settings\Unique\Escritorio
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C0A | Country: España | Language: ESN | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 70,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 88,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Archivos de programa
Drive C: | 186,19 Gb Total Space | 8,26 Gb Free Space | 4,44% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: D30MPK3J
Current User Name: Unique
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] --
.scr [@ = MicroStation Resource] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Archivos de programa\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Archivos de programa\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Archivos de programa\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Archivos de programa\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Archivos de programa\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Archivos de programa\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Archivos de programa\MSN Messenger\livecall.exe" = C:\Archivos de programa\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found
"C:\Archivos de programa\Windows Live\Messenger\wlcsdk.exe" = C:\Archivos de programa\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Archivos de programa\Next Limit\Maxwell\mxcl.exe" = C:\Archivos de programa\Next Limit\Maxwell\mxcl.exe:*:Enabled:mxcl -- ()
"C:\Archivos de programa\Google\Google SketchUp 6\SketchUp.exe" = C:\Archivos de programa\Google\Google SketchUp 6\SketchUp.exe:*:Enabled:SketchUp Application -- (Google, Inc.)
"C:\Archivos de programa\MSN Messenger\livecall.exe" = C:\Archivos de programa\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found
"C:\Archivos de programa\Dassault Systemes\B17\intel_a\code\bin\orbixd.exe" = C:\Archivos de programa\Dassault Systemes\B17\intel_a\code\bin\orbixd.exe:*:Disabled:orbixd -- ()
"C:\Archivos de programa\Dassault Systemes\B17\intel_a\code\bin\CNEXT.exe" = C:\Archivos de programa\Dassault Systemes\B17\intel_a\code\bin\CNEXT.exe:*:Disabled:CATIA -- (Dassault Systemes)
"C:\Archivos de programa\VideoLAN\VLC\vlc.exe" = C:\Archivos de programa\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player -- ()
"C:\Archivos de programa\Spotify\spotify.exe" = C:\Archivos de programa\Spotify\spotify.exe:*:Enabled:Spotify -- (Spotify AB)
"C:\Archivos de programa\Windows Live\Messenger\wlcsdk.exe" = C:\Archivos de programa\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0134A1A1-C283-4A47-91A1-92F19F960372}" = Adobe Creative Suite 2
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}" = mSSO
"{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software
"{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{103906AD-C60E-4E65-BC84-CE980D19CE41}" = Shockwave Player
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ2411" = CanoScan LiDE 70
"{12E75B98-8463-4C1F-8DDA-F6CF31566A55}" = Google SketchUp Pro 6
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1BA838EE-C905-4EC5-BD77-332FDF76D346}" = Bentley MicroStation V8 XM Edition 08.09.04.51
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{236BB7C4-4419-42FD-0C0A-1E257A25E34D}" = Adobe Photoshop CS2
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{24A494F3-5B5F-4183-9F7D-9CE82812C1FC}" = tsp patch
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 13
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.1
"{27E25625-DB51-42E6-BEB7-0C8DC878770C}" = Broadcom ASF Management Applications
"{281ECE39-F043-492B-8337-F2E546B5604A}" = PowerDVD
"{2EAF7E61-068E-11DF-953C-005056806466}" = Google Earth
"{2F29D6D2-824E-4FEF-8AED-7013F39F642A}" = OpenOffice.org 2.3
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{342F5437-C87D-4BB5-89B9-B23E16C6A395}" = Microsoft VC80 Support DLLs
"{350C9C0A-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{3A6BE9F4-5FC8-44BB-BE7B-32A29607FEF6}" = Preboot Manager
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{405C32CF-9C6F-49B3-9436-3F5FDBE7B3CE}" = Microsoft .NET Framework 2.0 Language Pack - ESN
"{40F4ABE2-ED6B-4358-BD18-3A1C97FD6278}" = Maxwell for Rhinoceros 4
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}" = mHlpDell
"{4BF18ED6-C888-4BCF-A4AF-AC7A16305BC1}" = GemSafe Standard Edition 5.1
"{5081528F-5DD5-49BA-8213-9A6A13502497}" = Sentinel System Driver 5.41.1 (32-bit)
"{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2}" = Document Manager Lite
"{53333479-6A52-4816-8497-5C52B67ED339}" = EMBASSY Security Setup
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
"{5783F2D7-0111-0409-0010-0060B0CE6BBA}" = Autodesk CAD Manager Tools
"{5783F2D7-4001-040A-0002-0060B0CE6BBA}" = AutoCAD 2006 - Español
"{5783F2D7-6001-0409-0002-0060B0CE6BBA}" = AutoCAD 2008 - English
"{5C2CBFFD-FC3B-4AA9-993B-CE2B8DA25B87}" = Rhinoceros 4.0
"{5EC5F187-9D2B-4051-8906-88656819A869}" = Dell Drivers MSI
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{6E7DD182-9FC6-4651-0095-2E666CC6AF35}" = Los Sims 2
"{7148F0A8-6813-11D6-A77B-00B0D0142040}" = Java 2 Runtime Environment, SE v1.4.2_04
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = Analizador y SDK de MSXML 4.0 SP2
"{786C5747-1437-443D-B06E-79A00FE45110}" = Adobe Stock Photos 1.0
"{7BA9849D-55BE-498F-8200-732BE70418C8}" = PlugIn Lledó 10 / 2004
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{829CD169-E692-48E8-9BDE-A3E8D8B65538}" = mSCfg
"{83169D43-4660-4347-BC95-E9D6E6BE65CE}" = Microsoft .NET Framework 1.1 Spanish Language Pack
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{8B4AE751-7055-4518-87B0-E148A8D50D0A}" = Macromedia FreeHand MX
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8D7BD6EE-C597-4375-B07F-A91FC78991C7}" = V-Ray for SketchUp 6
"{8EDBA74D-0686-4C99-BFDD-F894678E5103}" = Adobe Common File Installer
"{90110C0A-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{90F50409-6000-11D3-8CFE-0150048383C9}" = Visual Basic for Applications (R) Core
"{90F60C0A-6000-11D3-8CFE-0150048383C9}" = Visual Basic for Applications (R) Core - Spanish
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9593C6E5-205E-45C3-B785-05CF146CA76A}" = biolsp patch
"{98736A65-3C79-49EC-B7E9-A3C77774B0E6}" = Google SketchUp 6
"{9A346205-EA92-4406-B1AB-50379DA3F057}" = Autodesk DWF Viewer 7
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A093D83F-429A-4AB2-A0CD-1F7E9C7B764A}" = Trusted Drive Manager
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{ABBA2EA4-740E-4052-902B-9CA70B081E3F}" = Dell Embassy Trust Suite by Wave Systems
"{AC76BA86-1033-0000-7760-000000000002}" = Adobe Acrobat 7.0 Professional
"{AF4505CB-C93A-4B29-91B9-F15767AF43BE}" = AutoCAD 2008 Network License Activation Utility
"{B74D4E10-6884-0000-0000-000000000103}" = Adobe Bridge 1.0
"{BCBA1B06-0AB4-4FA8-8544-D174FC0B0B12}" = Solid Edge V18
"{BD8A0C60-1AEB-11D6-B8E1-00025521AE60}" = VBA (3821b)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C12D609B-EB71-411B-82C3-9BE6D40435D7}" = Google SketchUp LayOut 6
"{C49DAA9C-5BA8-459A-8244-E57B69DF0F04}" = Suite Specific
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{C99C0593-3B48-41D9-B42F-6E035B320449}" = Broadcom Management Programs
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D1E829E9-88B8-47C6-A75E-0D40E2C09D50}" = Secure Update
"{D7E7EC5E-4349-4E40-B37C-4342188B86EC}" = Monopoly
"{D9FCA292-1186-421F-8D93-9A5D272AD5D0}" = IntelliSonic Speech Enhancement
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E738A392-F690-4A9D-808E-7BAF80E0B398}" = ESC Home Page Plugin
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{E9787678-551D-4478-9682-DBB587257110}" = Adobe Help Center 1.0
"{EB459C2F-41CA-4222-B9CA-F8EBA40B8DAB}" = Google SketchUp 6 Exporters
"{EB4DF30B-102B-4F0C-927A-D50E037A325D}" = AuthenTec Fingerprint Sensor Minimum Install
"{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4}" = Security Wizards
"{ECC22AFA-B905-4A6A-8072-10F52B9E09B7}" = Wave Infrastructure Installer
"{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center
"{EF05BA0F-AC15-4D12-AC5C-276225F5E751}" = Gemalto
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F1802FA6-54E9-4B24-BD2A-B50866819795}" = EMBASSY Trust Suite by Wave Systems
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Herramienta de diagnóstico del módem
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F702E0D5-FA81-48AB-B18F-B2BCC64F572F}" = Google SketchUp 7
"{FBEC50B7-537C-4A0E-8B0B-F7A8F8BF13CE}" = upekmsi
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FE2F2589-96A6-4F38-98F5-DDAC34BD41B9}" = Autodesk Network License Manager
"{FEC193E4-6C5F-40E9-A249-7D8C8404A9EC}" = NTRU TCG Software Stack
"Adobe Acrobat 7.0 Professional" = Adobe Acrobat 7.1.0 Professional
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AutoCAD 2008 - English" = AutoCAD 2008 - English
"avast5" = avast! Free Antivirus
"CAL" = Canon Camera Access Library
"CameraWindowDVC5" = Canon Camera Window DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
"CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"CanoScan Toolbox 5.0" = Canon CanoScan Toolbox 5.0
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
"CSCLIB" = Canon Camera Support Core Library
"Dassault Systemes B17_0" = Dassault Systemes Software B17
"Dev-C++" = Dev-C++ 5 beta 9 release (4.9.9.2)
"DIALux" = DIALux 4.7
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"EOS Utility" = Canon Utilities EOS Utility
"Google Updater" = Google Updater
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software
"InstallShield_{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager
"InstallShield_{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2}" = Document Manager Lite
"InstallShield_{53333479-6A52-4816-8497-5C52B67ED339}" = EMBASSY Security Setup
"InstallShield_{D1E829E9-88B8-47C6-A75E-0D40E2C09D50}" = Secure Update
"InstallShield_{E738A392-F690-4A9D-808E-7BAF80E0B398}" = ESC Home Page Plugin
"InstallShield_{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4}" = Security Wizards
"InstallShield_{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center
"Launchy_21344213_is1" = Launchy 2.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MaxwellExport_is1" = MaxwellExport (Version 1.10)
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0 Language Pack - ESN" = Paquete de idioma de Microsoft .NET Framework 2.0 - ESN
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.8)" = Mozilla Firefox (3.5.8)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nero7_is1" = Nero 7.10.1.0
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NSS" = Norton Security Scan
"NVIDIA Drivers" = NVIDIA Drivers
"ObjectDock" = ObjectDock
"POV-Ray for Windows v3.6" = POV-Ray for Windows v3.6.0
"ProInst" = Software Intel(R) PROSet/Wireless
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX
"SearchAssist" = SearchAssist
"SELPHY ES1 Printer Software Guide1" = Canon Utilities SELPHY Guía del software de la SELPHY ES1
"Spotify" = Spotify
"Spyware Doctor" = Spyware Doctor 7.0
"VLC media player" = VideoLAN VLC media player 0.8.6e
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Reproductor de Windows Media 11
"WinEva6" = WinEva6 6.06
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = Compresor WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 17/02/2010 6:24:33 | Computer Name = D30MPK3J | Source = Application Hang | ID = 1002
Description = Aplicación que no responde: wmplayer.exe, versión 11.0.5721.5145,
módulo que no responde hungapp, versión 0.0.0.0, dirección que no responde 0x00000000.

Error - 17/02/2010 6:32:23 | Computer Name = D30MPK3J | Source = Application Hang | ID = 1002
Description = Aplicación que no responde: wmplayer.exe, versión 11.0.5721.5145,
módulo que no responde hungapp, versión 0.0.0.0, dirección que no responde 0x00000000.

Error - 17/02/2010 13:04:48 | Computer Name = D30MPK3J | Source = Application Hang | ID = 1002
Description = Aplicación que no responde: Nss.exe, versión 2.4.1.29, módulo que
no responde hungapp, versión 0.0.0.0, dirección que no responde 0x00000000.

Error - 17/02/2010 15:26:52 | Computer Name = D30MPK3J | Source = Application Hang | ID = 1002
Description = Aplicación que no responde: wmplayer.exe, versión 11.0.5721.5145,
módulo que no responde hungapp, versión 0.0.0.0, dirección que no responde 0x00000000.

Error - 17/02/2010 15:30:53 | Computer Name = D30MPK3J | Source = PerfNet | ID = 2005
Description = No se puede leer datos de rendimiento del servicio Servidor. No se
devolverán datos de rendimiento del servidor en esta muestra. El código de error
devuelto está en los datos DWORD 0, IOSB.Status es DWORD 1 e IOSB.Information es
DWORD 2.

Error - 17/02/2010 15:30:53 | Computer Name = D30MPK3J | Source = PerfNet | ID = 2006
Description = No se puede leer datos de rendimiento de la cola del servidor del
servicio Servidor. No se devolverán datos de rendimiento de la cola del servidor
en esta muestra. El código de error devuelto está en los datos DWORD 0, IOSB.Status
es DWORD 1 e IOSB.Information es DWORD 2.

Error - 17/02/2010 17:03:58 | Computer Name = D30MPK3J | Source = PerfNet | ID = 2004
Description = No se puede abrir el servicio Servidor. No se devolverán datos de rendimiento
del servidor. El código de error devuelto está en los datos DWORD 0.

Error - 18/02/2010 20:31:18 | Computer Name = D30MPK3J | Source = Broadcom ASF IP and SMBIOS Mailbox Monitor | ID = 0
Description =

Error - 18/02/2010 21:45:15 | Computer Name = D30MPK3J | Source = Broadcom ASF IP and SMBIOS Mailbox Monitor | ID = 0
Description =

Error - 19/02/2010 13:00:21 | Computer Name = D30MPK3J | Source = crypt32 | ID = 131080
Description = Error en la recuperación de actualización automática del número de
secuencia de la lista raíz de terceros de:
con el error: A connection with the server could not be established

[ System Events ]
Error - 17/02/2010 17:03:04 | Computer Name = D30MPK3J | Source = SideBySide | ID = 16842811
Description = Error en Generate Activation Context para C:\ARCHIV~1\ALWILS~1\Avast5\avastUI.exe.
Mensaje
de error referencia: La operación se ha completado correctamente. .

Error - 17/02/2010 17:08:23 | Computer Name = D30MPK3J | Source = SideBySide | ID = 16842784
Description = No se encontró el ensamblaje dependiente Microsoft.VC90.MFC y el error
final fue El ensamblaje referido no está instalado en su sistema.

Error - 17/02/2010 17:08:23 | Computer Name = D30MPK3J | Source = SideBySide | ID = 16842811
Description = Error en Resolve Partial Assembly para Microsoft.VC90.MFC. Mensaje
de error referencia: El ensamblaje referido no está instalado en su sistema. .

Error - 17/02/2010 17:08:23 | Computer Name = D30MPK3J | Source = SideBySide | ID = 16842811
Description = Error en Generate Activation Context para C:\Archivos de programa\Alwil
Software\Avast5\AvastUI.exe. Mensaje de error referencia: La operación se ha completado
correctamente. .

Error - 18/02/2010 20:18:44 | Computer Name = D30MPK3J | Source = SideBySide | ID = 16842784
Description = No se encontró el ensamblaje dependiente Microsoft.VC90.MFC y el error
final fue El ensamblaje referido no está instalado en su sistema.

Error - 18/02/2010 20:18:44 | Computer Name = D30MPK3J | Source = SideBySide | ID = 16842811
Description = Error en Resolve Partial Assembly para Microsoft.VC90.MFC. Mensaje
de error referencia: El ensamblaje referido no está instalado en su sistema. .

Error - 18/02/2010 20:18:44 | Computer Name = D30MPK3J | Source = SideBySide | ID = 16842811
Description = Error en Generate Activation Context para C:\ARCHIV~1\ALWILS~1\Avast5\avastUI.exe.
Mensaje
de error referencia: La operación se ha completado correctamente. .

Error - 18/02/2010 20:30:15 | Computer Name = D30MPK3J | Source = SideBySide | ID = 16842784
Description = No se encontró el ensamblaje dependiente Microsoft.VC90.MFC y el error
final fue El ensamblaje referido no está instalado en su sistema.

Error - 18/02/2010 20:30:15 | Computer Name = D30MPK3J | Source = SideBySide | ID = 16842811
Description = Error en Resolve Partial Assembly para Microsoft.VC90.MFC. Mensaje
de error referencia: El ensamblaje referido no está instalado en su sistema. .

Error - 18/02/2010 20:30:15 | Computer Name = D30MPK3J | Source = SideBySide | ID = 16842811
Description = Error en Generate Activation Context para C:\ARCHIV~1\ALWILS~1\Avast5\avastUI.exe.
Mensaje
de error referencia: La operación se ha completado correctamente. .


< End of report >

descriptionInfected by Nuqel.E, BankerFox.A, unlimited pop-ups - Page 2 EmptyRe: Infected by Nuqel.E, BankerFox.A, unlimited pop-ups

more_horiz
Hello.
Well, there's the flash drive infection I was looking for.

Before we clean this, please plug in any removal media.

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):


    :OTL
    O4 - HKLM..\Run: [] File not found
    O32 - AutoRun File - [2009/10/23 10:41:37 | 000,000,057 | RHS- | M] () - C:\autorun.inf -- [ NTFS ]
    O32 - AutoRun File - [2009/10/24 17:31:08 | 000,002,352 | ---- | M] () - C:\autorun.PNF -- [ NTFS ]
    O33 - MountPoints2\{031e2296-5460-11de-bf60-001e37c4a700}\Shell\AutoRun\command - "" = E:\set21\ago1opa.exe -- File not found
    O33 - MountPoints2\{2232c527-f949-11de-80c4-001e37c4a700}\Shell\AutoRun\command - "" = f2kmj.exe
    O33 - MountPoints2\{2232c527-f949-11de-80c4-001e37c4a700}\Shell\open\Command - "" = f2kmj.exe
    O33 - MountPoints2\{2c1a6a38-6ace-11dd-bdaf-001e37c4a700}\Shell - "" = AutoRun
    O33 - MountPoints2\{33513dc6-e67a-11dd-be95-001e37c4a700}\Shell\AutoRun\command - "" = E:\CONFIG\S-1-5-21-1482476501-1644491937-682003330-1013\usr.exe -- File not found
    O33 - MountPoints2\{33513dc6-e67a-11dd-be95-001e37c4a700}\Shell\open\command - "" = E:\CONFIG\S-1-5-21-1482476501-1644491937-682003330-1013\usr.exe -- File not found
    O33 - MountPoints2\{3ac583c7-1b4d-11dd-bd2a-001e37c4a700}\Shell - "" = AutoRun
    O33 - MountPoints2\{3ac583c7-1b4d-11dd-bd2a-001e37c4a700}\Shell\AutoRun\command - "" = D:\LaunchU3.exe -- File not found
    O33 - MountPoints2\{568e6c25-f02d-11de-80b0-001e37c4a700}\Shell\AutoRun\command - "" = set21\ago1opa.exe
    O33 - MountPoints2\{77e5316e-f434-11dd-beaf-001e37c4a700}\Shell\AutoRun\command - "" = E:\set21\ago1opa.exe -- File not found
    O33 - MountPoints2\{7e9b2d28-2360-11de-bf05-001e37c4a700}\Shell\Auto\command - "" = msnmsgr_plus.exe
    O33 - MountPoints2\{8024e0fc-e171-11dd-be8c-001e37c4a700}\Shell\AutoRun\command - "" = E:\iqe68o.bat -- File not found
    O33 - MountPoints2\{8024e0fc-e171-11dd-be8c-001e37c4a700}\Shell\explore\Command - "" = E:\iqe68o.bat -- File not found
    O33 - MountPoints2\{8024e0fc-e171-11dd-be8c-001e37c4a700}\Shell\open\Command - "" = E:\iqe68o.bat -- File not found
    O33 - MountPoints2\{92eb5a6f-93dc-11dd-bdf2-001e37c4a700}\Shell\AutoRun\command - "" = u.bat
    O33 - MountPoints2\{92eb5a6f-93dc-11dd-bdf2-001e37c4a700}\Shell\explore\Command - "" = u.bat
    O33 - MountPoints2\{92eb5a6f-93dc-11dd-bdf2-001e37c4a700}\Shell\open\Command - "" = u.bat
    O33 - MountPoints2\{9460c970-0af1-11dd-bcf9-001e37c4a700}\Shell\AutoRun\command - "" = E:\set21\ago1opa.exe -- File not found
    O33 - MountPoints2\{99d04404-5897-11de-bf6b-001e37c4a700}\Shell\AutoRun\command - "" = E:\CONFIG\S-1-5-21-1482476501-1644491937-682003330-1013\usr.exe -- File not found
    O33 - MountPoints2\{99d04404-5897-11de-bf6b-001e37c4a700}\Shell\open\command - "" = E:\CONFIG\S-1-5-21-1482476501-1644491937-682003330-1013\usr.exe -- File not found
    O33 - MountPoints2\{b14b4b24-e186-11de-808a-001e37c4a700}\Shell\AutoRun\command - "" = E:\set21\ago1opa.exe -- File not found
    O33 - MountPoints2\{b2932efe-de7e-11dd-be88-001e37c4a700}\Shell - "" = AutoRun
    O33 - MountPoints2\{b2932efe-de7e-11dd-be88-001e37c4a700}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
    O33 - MountPoints2\{b2932eff-de7e-11dd-be88-001e37c4a700}\Shell\AutoRun\command - "" = G:\601ugf.exe -- File not found
    O33 - MountPoints2\{b2932eff-de7e-11dd-be88-001e37c4a700}\Shell\open\Command - "" = G:\601ugf.exe -- File not found
    O33 - MountPoints2\{b9db71f4-5115-11dd-bd8d-001e37c4a700}\Shell\AutoRun\command - "" = E:\RECYCLER\S-1-6-21-1254946310-2159485961-600003330-2501\shellopen.exe -- File not found
    O33 - MountPoints2\{b9db71f4-5115-11dd-bd8d-001e37c4a700}\Shell\open\command - "" = E:\RECYCLER\S-1-6-21-1254946310-2159485961-600003330-2501\shellopen.exe -- File not found
    O33 - MountPoints2\{c67a306f-a740-11dd-be11-001e37c4a700}\Shell\AutoRun\command - "" = G:\q3kku.exe -- File not found
    O33 - MountPoints2\{c67a306f-a740-11dd-be11-001e37c4a700}\Shell\open\Command - "" = G:\q3kku.exe -- File not found
    O33 - MountPoints2\{d5cb4650-694d-11dd-bdab-001e37c4a700}\Shell - "" = AutoRun
    O33 - MountPoints2\{f87b7ea9-dfdc-11dd-be8b-001e37c4a700}\Shell\AutoRun\command - "" = F:\iqe68o.bat -- File not found
    O33 - MountPoints2\{f87b7ea9-dfdc-11dd-be8b-001e37c4a700}\Shell\explore\Command - "" = F:\iqe68o.bat -- File not found
    O33 - MountPoints2\{f87b7ea9-dfdc-11dd-be8b-001e37c4a700}\Shell\open\Command - "" = F:\iqe68o.bat -- File not found



  • Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

descriptionInfected by Nuqel.E, BankerFox.A, unlimited pop-ups - Page 2 EmptyRe: Infected by Nuqel.E, BankerFox.A, unlimited pop-ups

more_horiz
Let's go !


========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
C:\autorun.inf moved successfully.
C:\autorun.PNF moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{031e2296-5460-11de-bf60-001e37c4a700}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{031e2296-5460-11de-bf60-001e37c4a700}\ not found.
File E:\set21\ago1opa.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2232c527-f949-11de-80c4-001e37c4a700}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2232c527-f949-11de-80c4-001e37c4a700}\ not found.
File f2kmj.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2232c527-f949-11de-80c4-001e37c4a700}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2232c527-f949-11de-80c4-001e37c4a700}\ not found.
File f2kmj.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2c1a6a38-6ace-11dd-bdaf-001e37c4a700}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2c1a6a38-6ace-11dd-bdaf-001e37c4a700}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{33513dc6-e67a-11dd-be95-001e37c4a700}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33513dc6-e67a-11dd-be95-001e37c4a700}\ not found.
File E:\CONFIG\S-1-5-21-1482476501-1644491937-682003330-1013\usr.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{33513dc6-e67a-11dd-be95-001e37c4a700}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33513dc6-e67a-11dd-be95-001e37c4a700}\ not found.
File E:\CONFIG\S-1-5-21-1482476501-1644491937-682003330-1013\usr.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3ac583c7-1b4d-11dd-bd2a-001e37c4a700}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3ac583c7-1b4d-11dd-bd2a-001e37c4a700}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3ac583c7-1b4d-11dd-bd2a-001e37c4a700}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3ac583c7-1b4d-11dd-bd2a-001e37c4a700}\ not found.
File D:\LaunchU3.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{568e6c25-f02d-11de-80b0-001e37c4a700}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{568e6c25-f02d-11de-80b0-001e37c4a700}\ not found.
File set21\ago1opa.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{77e5316e-f434-11dd-beaf-001e37c4a700}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{77e5316e-f434-11dd-beaf-001e37c4a700}\ not found.
File E:\set21\ago1opa.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7e9b2d28-2360-11de-bf05-001e37c4a700}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7e9b2d28-2360-11de-bf05-001e37c4a700}\ not found.
File msnmsgr_plus.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8024e0fc-e171-11dd-be8c-001e37c4a700}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8024e0fc-e171-11dd-be8c-001e37c4a700}\ not found.
File E:\iqe68o.bat not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8024e0fc-e171-11dd-be8c-001e37c4a700}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8024e0fc-e171-11dd-be8c-001e37c4a700}\ not found.
File E:\iqe68o.bat not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8024e0fc-e171-11dd-be8c-001e37c4a700}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8024e0fc-e171-11dd-be8c-001e37c4a700}\ not found.
File E:\iqe68o.bat not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{92eb5a6f-93dc-11dd-bdf2-001e37c4a700}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{92eb5a6f-93dc-11dd-bdf2-001e37c4a700}\ not found.
File u.bat not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{92eb5a6f-93dc-11dd-bdf2-001e37c4a700}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{92eb5a6f-93dc-11dd-bdf2-001e37c4a700}\ not found.
File u.bat not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{92eb5a6f-93dc-11dd-bdf2-001e37c4a700}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{92eb5a6f-93dc-11dd-bdf2-001e37c4a700}\ not found.
File u.bat not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9460c970-0af1-11dd-bcf9-001e37c4a700}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9460c970-0af1-11dd-bcf9-001e37c4a700}\ not found.
File E:\set21\ago1opa.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{99d04404-5897-11de-bf6b-001e37c4a700}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99d04404-5897-11de-bf6b-001e37c4a700}\ not found.
File E:\CONFIG\S-1-5-21-1482476501-1644491937-682003330-1013\usr.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{99d04404-5897-11de-bf6b-001e37c4a700}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99d04404-5897-11de-bf6b-001e37c4a700}\ not found.
File E:\CONFIG\S-1-5-21-1482476501-1644491937-682003330-1013\usr.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b14b4b24-e186-11de-808a-001e37c4a700}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b14b4b24-e186-11de-808a-001e37c4a700}\ not found.
File E:\set21\ago1opa.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b2932efe-de7e-11dd-be88-001e37c4a700}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b2932efe-de7e-11dd-be88-001e37c4a700}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b2932efe-de7e-11dd-be88-001e37c4a700}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b2932efe-de7e-11dd-be88-001e37c4a700}\ not found.
File F:\LaunchU3.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b2932eff-de7e-11dd-be88-001e37c4a700}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b2932eff-de7e-11dd-be88-001e37c4a700}\ not found.
File G:\601ugf.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b2932eff-de7e-11dd-be88-001e37c4a700}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b2932eff-de7e-11dd-be88-001e37c4a700}\ not found.
File G:\601ugf.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b9db71f4-5115-11dd-bd8d-001e37c4a700}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b9db71f4-5115-11dd-bd8d-001e37c4a700}\ not found.
File E:\RECYCLER\S-1-6-21-1254946310-2159485961-600003330-2501\shellopen.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b9db71f4-5115-11dd-bd8d-001e37c4a700}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b9db71f4-5115-11dd-bd8d-001e37c4a700}\ not found.
File E:\RECYCLER\S-1-6-21-1254946310-2159485961-600003330-2501\shellopen.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c67a306f-a740-11dd-be11-001e37c4a700}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c67a306f-a740-11dd-be11-001e37c4a700}\ not found.
File G:\q3kku.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c67a306f-a740-11dd-be11-001e37c4a700}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c67a306f-a740-11dd-be11-001e37c4a700}\ not found.
File G:\q3kku.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d5cb4650-694d-11dd-bdab-001e37c4a700}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d5cb4650-694d-11dd-bdab-001e37c4a700}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f87b7ea9-dfdc-11dd-be8b-001e37c4a700}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f87b7ea9-dfdc-11dd-be8b-001e37c4a700}\ not found.
File F:\iqe68o.bat not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f87b7ea9-dfdc-11dd-be8b-001e37c4a700}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f87b7ea9-dfdc-11dd-be8b-001e37c4a700}\ not found.
File F:\iqe68o.bat not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f87b7ea9-dfdc-11dd-be8b-001e37c4a700}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f87b7ea9-dfdc-11dd-be8b-001e37c4a700}\ not found.
File F:\iqe68o.bat not found.

OTL by OldTimer - Version 3.1.30.1 log created on 02212010_005518


That was! And without reboot the computer.

PS.- Do I had to have CONNECTED the external USB HD (the one I think could came the infection)??

descriptionInfected by Nuqel.E, BankerFox.A, unlimited pop-ups - Page 2 EmptyRe: Infected by Nuqel.E, BankerFox.A, unlimited pop-ups

more_horiz
Hello.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

    Java 2 Runtime Environment, SE v1.4.2_04
    J2SE Runtime Environment 5.0 Update 6
    Java(TM) 6 Update 3
    Java(TM) 6 Update 5
    Java(TM) 6 Update 7
    Java(TM) 6 Update 13

Hello.

  • Download combofix from here
    Link 1
    Link 2

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:

    Infected by Nuqel.E, BankerFox.A, unlimited pop-ups - Page 2 CF_download_FF

    Infected by Nuqel.E, BankerFox.A, unlimited pop-ups - Page 2 CF_download_rename

    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See HERE for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.

    Infected by Nuqel.E, BankerFox.A, unlimited pop-ups - Page 2 Cf410

  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes

    Infected by Nuqel.E, BankerFox.A, unlimited pop-ups - Page 2 Cf510

  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

descriptionInfected by Nuqel.E, BankerFox.A, unlimited pop-ups - Page 2 EmptyRe: Infected by Nuqel.E, BankerFox.A, unlimited pop-ups

more_horiz
Did you read my PS.- note?



Here I bring the Combo-Fix log:



ComboFix 10-02-20.03 - Unique 21/02/2010 1:32.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.34.3082.18.2046.1383 [GMT 1:00]
Running from: c:\documents and settings\Unique\Escritorio\Combo-Fix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\AegisP.inf
c:\windows\EventSystem.log
c:\windows\system32\stacsv.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_AVPSYS
-------\Service_AVPsys
-------\Legacy_STacSV
-------\Service_STacSV


((((((((((((((((((((((((( Files Created from 2010-01-21 to 2010-02-21 )))))))))))))))))))))))))))))))
.

2010-02-20 23:55 . 2010-02-20 23:55 -------- d-----w- C:\_OTL
2010-02-19 01:48 . 2010-02-11 18:38 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-02-19 01:48 . 2010-02-11 18:42 162512 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-02-19 01:48 . 2010-02-11 18:39 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-02-19 01:48 . 2010-02-11 18:42 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-02-19 01:48 . 2010-02-11 18:38 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-02-19 01:48 . 2010-02-11 18:38 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-02-19 01:48 . 2010-02-11 18:38 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-02-19 01:48 . 2010-02-11 18:53 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-02-19 01:48 . 2010-02-11 18:53 153184 ----a-w- c:\windows\system32\aswBoot.exe
2010-02-17 21:33 . 2010-02-17 21:33 -------- d-----w- c:\documents and settings\Unique\Datos de programa\Malwarebytes
2010-02-17 21:33 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-17 21:33 . 2010-02-17 21:33 -------- d-----w- c:\documents and settings\All Users\Datos de programa\Malwarebytes
2010-02-17 21:33 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-17 21:33 . 2010-02-20 00:22 -------- d-----w- c:\archivos de programa\Malwarebytes' Anti-Malware
2010-02-17 20:47 . 2010-02-17 20:47 -------- d-----w- c:\documents and settings\All Users\Datos de programa\Alwil Software
2010-02-17 20:32 . 2010-02-05 08:17 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-02-17 20:32 . 2009-10-06 15:31 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-02-17 20:32 . 2009-09-23 15:10 207280 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-02-17 20:32 . 2010-02-05 08:25 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-02-17 20:31 . 2010-02-17 20:32 -------- d-----w- c:\archivos de programa\Archivos comunes\PC Tools
2010-02-17 20:31 . 2010-02-17 20:32 -------- d-----w- c:\archivos de programa\Spyware Doctor
2010-02-17 20:31 . 2010-02-17 20:31 -------- d-----w- c:\documents and settings\Unique\Datos de programa\PC Tools
2010-02-17 20:31 . 2010-02-17 20:31 -------- d-----w- c:\documents and settings\All Users\Datos de programa\PC Tools
2010-02-17 20:29 . 2010-02-19 01:13 -------- d---a-w- c:\documents and settings\All Users\Datos de programa\TEMP
2010-02-17 09:06 . 2010-02-17 09:06 -------- d-sh--w- c:\documents and settings\Unique\PrivacIE
2010-02-17 08:59 . 2010-02-19 01:10 -------- d-----w- c:\documents and settings\Unique\Datos de programa\jbkisl

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-21 00:38 . 2008-04-12 20:15 -------- d-----w- c:\documents and settings\Unique\Datos de programa\OpenOffice.org2
2010-02-21 00:15 . 2008-03-26 09:11 -------- d-----w- c:\archivos de programa\Java
2010-02-20 01:20 . 2008-04-13 13:10 -------- d-----w- c:\documents and settings\All Users\Datos de programa\Google Updater
2010-02-19 17:00 . 2009-09-17 21:29 -------- d-----w- c:\archivos de programa\Archivos comunes\Symantec Shared
2010-02-17 20:48 . 2008-04-01 19:55 -------- d-----w- c:\archivos de programa\Alwil Software
2010-02-17 10:40 . 2009-04-24 18:36 -------- d-----w- c:\documents and settings\Unique\Datos de programa\Spotify
2010-02-11 00:41 . 2008-03-26 08:56 55944 ----a-w- c:\windows\system32\nvModes.dat
2010-02-06 13:44 . 2008-03-26 09:31 -------- d-----w- c:\archivos de programa\Google
2010-01-26 19:27 . 2009-11-24 21:09 79488 ----a-w- c:\documents and settings\Unique\Datos de programa\Sun\Java\jre1.6.0_17\gtapi.dll
2010-01-14 10:12 . 2009-10-03 08:33 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-01 23:21 . 2008-06-15 18:14 664 ----a-w- c:\windows\system32\d3d9caps.dat
2008-04-16 16:50 . 2008-04-16 16:50 638305 ----a-w- c:\archivos de programa\microstation_v8_xm_instruccions_installacio.pdf
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\archivos de programa\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-03-26 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\archivos de programa\DellTPad\Apoint.exe" [2007-09-23 159744]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-05-31 8429568]
"nwiz"="nwiz.exe" [2007-05-31 1626112]
"NVHotkey"="nvHotkey.dll" [2007-05-31 67584]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-05-31 81920]
"SigmatelSysTrayApp"="c:\archivos de programa\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-12-05 405504]
"IntelZeroConfig"="c:\archivos de programa\Intel\Wireless\bin\ZCfgSvc.exe" [2007-07-25 823296]
"IntelWireless"="c:\archivos de programa\Intel\Wireless\Bin\ifrmewrk.exe" [2007-07-25 974848]
"WavXMgr"="c:\archivos de programa\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" [2007-09-10 92160]
"SecureUpgrade"="c:\archivos de programa\Wave Systems Corp\SecureUpgrade.exe" [2007-09-14 218424]
"KADxMain"="c:\windows\system32\KADxMain.exe" [2006-11-02 282624]
"ISUSScheduler"="c:\archivos de programa\Archivos comunes\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"RoxioDragToDisc"="c:\archivos de programa\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-08-17 1116920]
"PDVDDXSrv"="c:\archivos de programa\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 118784]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-05-24 17920]
"Acrobat Assistant 7.0"="c:\archivos de programa\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 483328]
"Windows Defender"="c:\archivos de programa\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"avast5"="c:\archiv~1\ALWILS~1\Avast5\avastUI.exe" [2010-02-11 2756488]
"ISUSPM Startup"="c:\archiv~1\ARCHIV~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-07-27 221184]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-20 15360]
"DWQueuedReporting"="c:\archiv~1\ARCHIV~1\MICROS~1\DW\dwtrig20.exe" [2007-02-25 437160]

c:\documents and settings\Unique\Men£ Inicio\Programas\Inicio\
OpenOffice.org 2.3.lnk - c:\archivos de programa\OpenOffice.org 2.3\program\quickstart.exe [2007-8-17 393216]
Stardock ObjectDock.lnk - c:\archivos de programa\Stardock\ObjectDock\ObjectDock.exe [2008-4-11 3450608]

c:\documents and settings\All Users\Men£ Inicio\Programas\Inicio\
Acelerador de inicio de AutoCAD.lnk - c:\archivos de programa\Archivos comunes\Autodesk Shared\acstart16.exe [2005-3-5 10872]
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2008-4-11 25214]
Adobe Gamma.lnk - c:\archivos de programa\Archivos comunes\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
Bluetooth Manager.lnk - c:\archivos de programa\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-1-11 2150400]
Digital Line Detect.lnk - c:\archivos de programa\Digital Line Detect\DLG.exe [2008-3-26 50688]
Launchy.lnk - c:\archivos de programa\Launchy\Launchy.exe [2008-4-11 274432]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gemsafe]
2006-11-16 15:20 73728 ----a-w- c:\archivos de programa\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 wvauth

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Archivos de programa\\Next Limit\\Maxwell\\mxcl.exe"=
"c:\\Archivos de programa\\Google\\Google SketchUp 6\\SketchUp.exe"=
"c:\\Archivos de programa\\Dassault Systemes\\B17\\intel_a\\code\\bin\\orbixd.exe"=
"c:\\Archivos de programa\\Dassault Systemes\\B17\\intel_a\\code\\bin\\CNEXT.exe"=
"c:\\Archivos de programa\\VideoLAN\\VLC\\vlc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Archivos de programa\\Spotify\\spotify.exe"=
"c:\\Archivos de programa\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Archivos de programa\\Windows Live\\Messenger\\msnmsgr.exe"=

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [17/02/2010 21:32 207280]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [19/02/2010 2:48 162512]
R1 LUMDriver;LUMDriver;c:\windows\system32\drivers\LUMDriver.sys [11/07/2003 14:22 14912]
R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\archivos de programa\Broadcom\ASFIPMon\AsfIpMon.exe [19/12/2006 15:21 79432]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [19/02/2010 2:48 19024]
R2 BBDemon;Backbone Service;c:\archivos de programa\Dassault Systemes\B17\intel_a\code\bin\CATSysDemon.exe [29/04/2006 6:32 49152]
R2 Wave UCSPlus;Wave UCSPlus;c:\windows\system32\dllhost.exe [08/09/2004 16:46 5120]
R2 WinDefend;Windows Defender;c:\archivos de programa\Windows Defender\MsMpEng.exe [03/11/2006 17:19 13592]
R3 DXEC01;DXEC01;c:\windows\system32\drivers\dxec01.sys [02/11/2006 13:32 97536]
S2 gupdate;Servicio Google Update (gupdate);c:\archivos de programa\Google\Update\GoogleUpdate.exe [30/12/2009 12:35 135664]
.
Contents of the 'Scheduled Tasks' folder

2010-02-21 c:\windows\Tasks\Google Software Updater.job
- c:\archivos de programa\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-03-26 08:01]

2010-02-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\archivos de programa\Google\Update\GoogleUpdate.exe [2009-12-30 11:35]

2010-02-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\archivos de programa\Google\Update\GoogleUpdate.exe [2009-12-30 11:35]

2010-02-21 c:\windows\Tasks\MP Scheduled Scan.job
- c:\archivos de programa\Windows Defender\MpCmdRun.exe [2006-11-03 16:20]

2010-02-19 c:\windows\Tasks\Norton Security Scan for Unique.job
- c:\archivos de programa\Norton Security Scan\Engine\2.3.0.44\Nss.exe [2009-10-03 14:45]
.
.
------- Supplementary Scan -------
.
uStart Page = www.google.es/ig/dell?hl=es&client=dell-row-rel&channel=es&ibd=1080326
uInternet Connection Wizard,ShellNext = hxxp://127.0.0.1:4664/&s=vKcy5Qq8fipaAcLaUKkXG_xdFJQ
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride =
IE: Convert link target to Adobe PDF - c:\archivos de programa\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\archivos de programa\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\archivos de programa\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\archivos de programa\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\archivos de programa\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\archivos de programa\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\archivos de programa\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\archivos de programa\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xportar a Microsoft Excel - c:\archiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\archivos de programa\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
Handler: lledo - {54DB67D8-DE43-4362-BDA8-9C574379CAD5} - c:\archivos de programa\Archivos comunes\Lledo\DatabaseTools.dll
FF - ProfilePath - c:\documents and settings\Unique\Datos de programa\Mozilla\Firefox\Profiles\1dh83251.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.fotolog.com/labruixaavorrida
FF - plugin: c:\archivos de programa\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\archivos de programa\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\archivos de programa\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-21 01:39
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\ð•€|ÿÿÿÿ.•€|ù•9~*]
"A0C0110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(1240)
c:\windows\system32\wvauth.dll
c:\windows\system32\biolsp.dll

- - - - - - - > 'explorer.exe'(4684)
c:\windows\system32\WININET.dll
c:\archivos de programa\Stardock\ObjectDock\DockShellHook.dll
c:\archivos de programa\Windows Media Player\wmpband.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\archivos de programa\Roxio\Drag-to-Disc\Shellex.dll
c:\windows\system32\DLAAPI_W.DLL
c:\windows\system32\CDRTC.DLL
c:\archivos de programa\Roxio\Drag-to-Disc\ShellRes.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll

- - - - - - - > 'explorer.exe'(5952)
c:\windows\system32\WININET.dll
c:\archivos de programa\Stardock\ObjectDock\DockShellHook.dll
c:\windows\system32\browselc.dll
c:\archivos de programa\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
c:\windows\system32\PortableDeviceApi.dll
c:\archivos de programa\Microsoft Office\OFFICE11\msohev.dll
c:\archivos de programa\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
.
------------------------ Other Running Processes ------------------------
.
c:\archivos de programa\Intel\Wireless\Bin\S24EvMon.exe
c:\archivos de programa\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\System32\SCardSvr.exe
c:\archivos de programa\DellTPad\ApMsgFwd.exe
c:\archivos de programa\DellTPad\HidFind.exe
c:\archivos de programa\DellTPad\Apntex.exe
c:\archivos de programa\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\archivos de programa\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
c:\archivos de programa\OpenOffice.org 2.3\program\soffice.exe
c:\archivos de programa\OpenOffice.org 2.3\program\soffice.BIN
c:\archivos de programa\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
c:\archivos de programa\Intel\Wireless\Bin\EvtEng.exe
c:\archivos de programa\Dell\QuickSet\NICCONFIGSVC.exe
c:\archivos de programa\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
c:\windows\system32\nvsvc32.exe
c:\archivos de programa\Intel\Wireless\Bin\RegSrvc.exe
c:\archivos de programa\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
c:\archivos de programa\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
c:\archivos de programa\Intel\Wireless\Bin\WLKeeper.exe
c:\archivos de programa\Canon\CAL\CALMAIN.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\msdtc.exe
c:\archivos de programa\Intel\Wireless\Bin\Dot1XCfg.exe
.
**************************************************************************
.
Completion time: 2010-02-21 01:45:59 - machine was rebooted
ComboFix-quarantined-files.txt 2010-02-21 00:45

Pre-Run: 10.060.374.016 bytes libres
Post-Run: 29.704.056.832 bytes libres

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 7F83C9E51E387A51F7F04A0CF7980758


descriptionInfected by Nuqel.E, BankerFox.A, unlimited pop-ups - Page 2 EmptyRe: Infected by Nuqel.E, BankerFox.A, unlimited pop-ups

more_horiz
Hello.
No, just saw your edit now.

Did you have the removal media plugged in when Combofix was run? if so, don't worrry, Combofix didn't find any autorun.inf file present, and Combofix has also switched off autorun/autoplay.

One last leftover to deal with.


  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:

    DDS::
    uInternet Settings,ProxyServer = http=127.0.0.1:5555
    uInternet Settings,ProxyOverride =

  4. Save this as CFScript.txt, in the same location as ComboFix.exe

    Infected by Nuqel.E, BankerFox.A, unlimited pop-ups - Page 2 Cfscriptb4i

  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.

descriptionInfected by Nuqel.E, BankerFox.A, unlimited pop-ups - Page 2 EmptyRe: Infected by Nuqel.E, BankerFox.A, unlimited pop-ups

more_horiz
Belahzur wrote:

No, just saw your edit now.

Did you have the removal media plugged in when Combofix was run? if so, don't worrry, Combofix didn't find any autorun.inf file present, and Combofix has also switched off autorun/autoplay.


I hadn't anything plugged in to the computer. Was absoƖute unplugged from external devices.


Let's go with the log


ComboFix 10-02-20.03 - Unique 21/02/2010 3:17.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.34.3082.18.2046.1429 [GMT 1]
Running from: c:\documents and settings\Unique\Escritorio\Combo-Fix.exe
Command switches used :: c:\documents and settings\Unique\Escritorio\CFScript.txt.txt
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((( Files Created from 2010-01-21 to 2010-02-21 )))))))))))))))))))))))))))))))
.

2010-02-20 23:55 . 2010-02-20 23:55 -------- d-----w- C:\_OTL
2010-02-19 01:48 . 2010-02-11 18:38 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-02-19 01:48 . 2010-02-11 18:42 162512 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-02-19 01:48 . 2010-02-11 18:39 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-02-19 01:48 . 2010-02-11 18:42 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-02-19 01:48 . 2010-02-11 18:38 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-02-19 01:48 . 2010-02-11 18:38 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-02-19 01:48 . 2010-02-11 18:38 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-02-19 01:48 . 2010-02-11 18:53 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-02-19 01:48 . 2010-02-11 18:53 153184 ----a-w- c:\windows\system32\aswBoot.exe
2010-02-17 21:33 . 2010-02-17 21:33 -------- d-----w- c:\documents and settings\Unique\Datos de programa\Malwarebytes
2010-02-17 21:33 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-17 21:33 . 2010-02-17 21:33 -------- d-----w- c:\documents and settings\All Users\Datos de programa\Malwarebytes
2010-02-17 21:33 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-17 21:33 . 2010-02-20 00:22 -------- d-----w- c:\archivos de programa\Malwarebytes' Anti-Malware
2010-02-17 20:47 . 2010-02-17 20:47 -------- d-----w- c:\documents and settings\All Users\Datos de programa\Alwil Software
2010-02-17 20:32 . 2010-02-05 08:17 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-02-17 20:32 . 2009-10-06 15:31 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-02-17 20:32 . 2009-09-23 15:10 207280 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-02-17 20:32 . 2010-02-05 08:25 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-02-17 20:31 . 2010-02-17 20:32 -------- d-----w- c:\archivos de programa\Archivos comunes\PC Tools
2010-02-17 20:31 . 2010-02-17 20:32 -------- d-----w- c:\archivos de programa\Spyware Doctor
2010-02-17 20:31 . 2010-02-17 20:31 -------- d-----w- c:\documents and settings\Unique\Datos de programa\PC Tools
2010-02-17 20:31 . 2010-02-17 20:31 -------- d-----w- c:\documents and settings\All Users\Datos de programa\PC Tools
2010-02-17 20:29 . 2010-02-19 01:13 -------- d---a-w- c:\documents and settings\All Users\Datos de programa\TEMP
2010-02-17 09:06 . 2010-02-17 09:06 -------- d-sh--w- c:\documents and settings\Unique\PrivacIE
2010-02-17 08:59 . 2010-02-19 01:10 -------- d-----w- c:\documents and settings\Unique\Datos de programa\jbkisl

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-21 00:38 . 2008-04-12 20:15 -------- d-----w- c:\documents and settings\Unique\Datos de programa\OpenOffice.org2
2010-02-21 00:15 . 2008-03-26 09:11 -------- d-----w- c:\archivos de programa\Java
2010-02-20 01:20 . 2008-04-13 13:10 -------- d-----w- c:\documents and settings\All Users\Datos de programa\Google Updater
2010-02-19 17:00 . 2009-09-17 21:29 -------- d-----w- c:\archivos de programa\Archivos comunes\Symantec Shared
2010-02-17 20:48 . 2008-04-01 19:55 -------- d-----w- c:\archivos de programa\Alwil Software
2010-02-17 10:40 . 2009-04-24 18:36 -------- d-----w- c:\documents and settings\Unique\Datos de programa\Spotify
2010-02-11 00:41 . 2008-03-26 08:56 55944 ----a-w- c:\windows\system32\nvModes.dat
2010-02-06 13:44 . 2008-03-26 09:31 -------- d-----w- c:\archivos de programa\Google
2010-01-26 19:27 . 2009-11-24 21:09 79488 ----a-w- c:\documents and settings\Unique\Datos de programa\Sun\Java\jre1.6.0_17\gtapi.dll
2010-01-14 10:12 . 2009-10-03 08:33 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-01 23:21 . 2008-06-15 18:14 664 ----a-w- c:\windows\system32\d3d9caps.dat
2008-04-16 16:50 . 2008-04-16 16:50 638305 ----a-w- c:\archivos de programa\microstation_v8_xm_instruccions_installacio.pdf
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\archivos de programa\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-03-26 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\archivos de programa\DellTPad\Apoint.exe" [2007-09-23 159744]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-05-31 8429568]
"nwiz"="nwiz.exe" [2007-05-31 1626112]
"NVHotkey"="nvHotkey.dll" [2007-05-31 67584]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-05-31 81920]
"SigmatelSysTrayApp"="c:\archivos de programa\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-12-05 405504]
"IntelZeroConfig"="c:\archivos de programa\Intel\Wireless\bin\ZCfgSvc.exe" [2007-07-25 823296]
"IntelWireless"="c:\archivos de programa\Intel\Wireless\Bin\ifrmewrk.exe" [2007-07-25 974848]
"WavXMgr"="c:\archivos de programa\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" [2007-09-10 92160]
"SecureUpgrade"="c:\archivos de programa\Wave Systems Corp\SecureUpgrade.exe" [2007-09-14 218424]
"KADxMain"="c:\windows\system32\KADxMain.exe" [2006-11-02 282624]
"ISUSScheduler"="c:\archivos de programa\Archivos comunes\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"RoxioDragToDisc"="c:\archivos de programa\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-08-17 1116920]
"PDVDDXSrv"="c:\archivos de programa\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 118784]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-05-24 17920]
"Acrobat Assistant 7.0"="c:\archivos de programa\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 483328]
"Windows Defender"="c:\archivos de programa\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"avast5"="c:\archiv~1\ALWILS~1\Avast5\avastUI.exe" [2010-02-11 2756488]
"ISUSPM Startup"="c:\archiv~1\ARCHIV~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-07-27 221184]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-20 15360]
"DWQueuedReporting"="c:\archiv~1\ARCHIV~1\MICROS~1\DW\dwtrig20.exe" [2007-02-25 437160]

c:\documents and settings\Unique\Men£ Inicio\Programas\Inicio\
OpenOffice.org 2.3.lnk - c:\archivos de programa\OpenOffice.org 2.3\program\quickstart.exe [2007-8-17 393216]
Stardock ObjectDock.lnk - c:\archivos de programa\Stardock\ObjectDock\ObjectDock.exe [2008-4-11 3450608]

c:\documents and settings\All Users\Men£ Inicio\Programas\Inicio\
Acelerador de inicio de AutoCAD.lnk - c:\archivos de programa\Archivos comunes\Autodesk Shared\acstart16.exe [2005-3-5 10872]
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2008-4-11 25214]
Adobe Gamma.lnk - c:\archivos de programa\Archivos comunes\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
Bluetooth Manager.lnk - c:\archivos de programa\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-1-11 2150400]
Digital Line Detect.lnk - c:\archivos de programa\Digital Line Detect\DLG.exe [2008-3-26 50688]
Launchy.lnk - c:\archivos de programa\Launchy\Launchy.exe [2008-4-11 274432]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gemsafe]
2006-11-16 15:20 73728 ----a-w- c:\archivos de programa\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 wvauth

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Archivos de programa\\Next Limit\\Maxwell\\mxcl.exe"=
"c:\\Archivos de programa\\Google\\Google SketchUp 6\\SketchUp.exe"=
"c:\\Archivos de programa\\Dassault Systemes\\B17\\intel_a\\code\\bin\\orbixd.exe"=
"c:\\Archivos de programa\\Dassault Systemes\\B17\\intel_a\\code\\bin\\CNEXT.exe"=
"c:\\Archivos de programa\\VideoLAN\\VLC\\vlc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Archivos de programa\\Spotify\\spotify.exe"=
"c:\\Archivos de programa\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Archivos de programa\\Windows Live\\Messenger\\msnmsgr.exe"=

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [17/02/2010 21:32 207280]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [19/02/2010 2:48 162512]
R1 LUMDriver;LUMDriver;c:\windows\system32\drivers\LUMDriver.sys [11/07/2003 14:22 14912]
R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\archivos de programa\Broadcom\ASFIPMon\AsfIpMon.exe [19/12/2006 15:21 79432]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [19/02/2010 2:48 19024]
R2 BBDemon;Backbone Service;c:\archivos de programa\Dassault Systemes\B17\intel_a\code\bin\CATSysDemon.exe [29/04/2006 6:32 49152]
R2 Wave UCSPlus;Wave UCSPlus;c:\windows\system32\dllhost.exe [08/09/2004 16:46 5120]
R2 WinDefend;Windows Defender;c:\archivos de programa\Windows Defender\MsMpEng.exe [03/11/2006 17:19 13592]
R3 DXEC01;DXEC01;c:\windows\system32\drivers\dxec01.sys [02/11/2006 13:32 97536]
S2 gupdate;Servicio Google Update (gupdate);c:\archivos de programa\Google\Update\GoogleUpdate.exe [30/12/2009 12:35 135664]
.
Contents of the 'Scheduled Tasks' folder

2010-02-21 c:\windows\Tasks\Google Software Updater.job
- c:\archivos de programa\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-03-26 08:01]

2010-02-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\archivos de programa\Google\Update\GoogleUpdate.exe [2009-12-30 11:35]

2010-02-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\archivos de programa\Google\Update\GoogleUpdate.exe [2009-12-30 11:35]

2010-02-21 c:\windows\Tasks\MP Scheduled Scan.job
- c:\archivos de programa\Windows Defender\MpCmdRun.exe [2006-11-03 16:20]

2010-02-19 c:\windows\Tasks\Norton Security Scan for Unique.job
- c:\archivos de programa\Norton Security Scan\Engine\2.3.0.44\Nss.exe [2009-10-03 14:45]
.
.
------- Supplementary Scan -------
.
uStart Page = www.google.es/ig/dell?hl=es&client=dell-row-rel&channel=es&ibd=1080326
uInternet Connection Wizard,ShellNext = hxxp://127.0.0.1:4664/&s=vKcy5Qq8fipaAcLaUKkXG_xdFJQ
IE: Convert link target to Adobe PDF - c:\archivos de programa\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\archivos de programa\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\archivos de programa\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\archivos de programa\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\archivos de programa\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\archivos de programa\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\archivos de programa\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\archivos de programa\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xportar a Microsoft Excel - c:\archiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\archivos de programa\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
Handler: lledo - {54DB67D8-DE43-4362-BDA8-9C574379CAD5} - c:\archivos de programa\Archivos comunes\Lledo\DatabaseTools.dll
FF - ProfilePath - c:\documents and settings\Unique\Datos de programa\Mozilla\Firefox\Profiles\1dh83251.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.fotolog.com/labruixaavorrida
FF - plugin: c:\archivos de programa\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\archivos de programa\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\archivos de programa\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-21 03:21
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\ð•€|ÿÿÿÿ.•€|ù•9~*]
"A0C0110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(1240)
c:\windows\system32\wvauth.dll
c:\windows\system32\biolsp.dll

- - - - - - - > 'explorer.exe'(3668)
c:\windows\system32\WININET.dll
c:\archivos de programa\Stardock\ObjectDock\DockShellHook.dll
c:\archivos de programa\Windows Media Player\wmpband.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-02-21 03:22:31
ComboFix-quarantined-files.txt 2010-02-21 02:22
ComboFix2.txt 2010-02-21 00:46

Pre-Run: 29.746.659.328 bytes libres
Post-Run: 29.725.458.432 bytes libres

- - End Of File - - 660C809B916F4D31D91C7D02384656C6

descriptionInfected by Nuqel.E, BankerFox.A, unlimited pop-ups - Page 2 EmptyRe: Infected by Nuqel.E, BankerFox.A, unlimited pop-ups

more_horiz
Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /uninstall

This will also reset your restore points.

How is the machine running now?

descriptionInfected by Nuqel.E, BankerFox.A, unlimited pop-ups - Page 2 EmptyRe: Infected by Nuqel.E, BankerFox.A, unlimited pop-ups

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum