Avast malfunctions and maybe trojans!.

Viruses and worms
1

Hi everyone, I’m Epona and i’m in trouble. My avast is malfunctioning and i have trojns i cannot eliminate. My cursor moves alone, and my Hard Disk is filling with I don’t know what!. and my pc crushes often and is slower and slowert. I’ve run an online antivirus that detected even a backdoor but I couldn’t get rid of it. My avast has not detected anything has even had scanning errors ???. Please help me.

2

Lets have a quick look

Download aswMBR.exe ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the “Scan” button to start scan

http://i1224.photobucket.com/albums/ee362/Essexboy3/aswMBR2-1.gif

On completion of the scan click save log, save it to your desktop and post in your next reply

http://public.avast.com/~gmerek/aswMBR2.png

THEN

Download OTL to your Desktop

[*]Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
[*]Select All Users
[*]Under the Custom Scan box paste this in
netsvcs
%SYSTEMDRIVE%*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
CREATERESTOREPOINT
[*]Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
[*]When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
[*]Attach both logs

3

Hi Essexboy:
Thank you in advance for trying to help me today my avast antivirus had a complete crush. Is not working anymore. I’ve already done the first scan and now I’ve the log. And when I tried to install the other application I had and error message saying that framedyn.dll is missing this can be solved installing the application again, I reinstalled it and I had the same alert. Do you know any other link from where I can download OTL again?.

Now here is the first log:

aswMBR version 0.9.8.978 Copyright(c) 2011 AVAST Software
Run date: 2011-08-20 22:07:31

22:07:31.203 OS Version: Windows 5.1.2600 Service Pack 3
22:07:31.218 Number of processors: 1 586 0x401
22:07:31.250 ComputerName: PARTICULAR UserName:
22:08:12.421 Initialize success
22:08:43.406 Disk 0 (boot) \Device\Harddisk0\DR0 → \Device\Ide\IdeDeviceP0T0L0-4
22:08:43.406 Disk 0 Vendor: WDC_WD400BB-00DEA0 05.03E05 Size: 38166MB BusType: 3
22:08:45.453 Disk 0 MBR read successfully
22:08:45.453 Disk 0 MBR scan
22:08:45.453 Disk 0 Windows XP default MBR code
22:08:45.500 Disk 0 scanning sectors +78140160
22:08:45.812 Disk 0 scanning C:\WINDOWS\system32\drivers
22:09:26.765 Service scanning
22:09:31.250 Service sptd C:\WINDOWS\System32\Drivers\sptd.sys LOCKED 32
22:09:32.140 Modules scanning
22:11:01.156 Disk 0 trace - called modules:
22:11:01.515 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spdi.sys >>UNKNOWN [0x82393938]<<
22:11:01.515 1 nt!IofCallDriver → \Device\Harddisk0\DR0[0x823cc7d0]
22:11:01.515 3 CLASSPNP.SYS[f7571fd7] → nt!IofCallDriver → \Device\00000067[0x823cdf18]
22:11:01.578 5 ACPI.sys[f73b0620] → nt!IofCallDriver → \Device\Ide\IdeDeviceP0T0L0-4[0x823d4320]
22:11:01.578 Scan finished successfully
22:18:53.031 Disk 0 MBR has been saved successfully to “C:\Documents and Settings\Administrador\Escritorio\MBR.dat”
22:18:53.031 The log file has been saved successfully to “C:\Documents and Settings\Administrador\Escritorio\aswMBR.txt”

4

The framedyn.dll isn’t actually a part of OTL it is a windows file.

Check out this link, there is a fixit at the end that may be able to resolve it. http://support.microsoft.com/kb/319114.

5

Hi David I used the fix then I tried to install the OTL from the same link here and I get the same error over and over again. ???

6

I don’t really like doing this before I can see what is on the system, but I have little choice - you may have a TDL type infection though

Download and Install CombofixDownload ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop *

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

[*]Double click on ComboFix.exe & follow the prompts.
[*]Accept the disclaimer and allow to update if it asks

http://img.photobucket.com/albums/v706/ried7/NSIS_disclaimer_ENG.png

http://img.photobucket.com/albums/v706/ried7/NSIS_extraction.png

[*]When finished, it shall produce a log for you.
[*]Please include the C:\ComboFix.txt in your next reply.

Notes:

  1. Do not mouse-click Combofix’s window while it is running. That may cause it to stall.
  2. Do not “re-run” Combofix. If you have a problem, reply back for further instructions.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

7

Hi essexboy I’ve already had the combofix so i’ve just updated it and run it and here is the log:
ComboFix 11-08-21.01 - Administrador 21/08/2011 20:55:55.6.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.34.3082.18.367.166 [GMT -3:00]
Running from: c:\documents and settings\Administrador\Escritorio\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrador\vgeixofljc.tmp
c:\windows\iun6002.exe
c:\windows\system32\drivers\RKHit.sys
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NSDLRK250
-------\Legacy_RKHIT
-------\Service_RkHit
.
.
((((((((((((((((((((((((( Files Created from 2011-07-22 to 2011-08-22 )))))))))))))))))))))))))))))))
.
.
2011-08-21 22:15 . 2011-08-21 22:15 -------- d-----w- c:\windows\LastGood.Tmp
2011-08-21 03:28 . 2010-12-06 15:40 185344 ----a-w- c:\windows\system32\dllcache\framedyn.dll
2011-08-21 01:42 . 2011-08-21 01:42 -------- d-----w- c:\documents and settings\Administrador\Datos de programa\OfficeRecovery
2011-08-21 01:42 . 2011-08-21 01:42 -------- d-----w- c:\documents and settings\Administrador\Configuración local\Datos de programa\Apps
2011-08-21 00:37 . 2011-08-21 00:42 -------- d-----w- C:\105c684d3710d44221
2011-08-12 01:40 . 2011-06-24 14:10 139656 ------w- c:\windows\system32\dllcache\rdpwd.sys
2011-08-12 01:39 . 2011-07-08 14:02 10496 ------w- c:\windows\system32\dllcache\ndistapi.sys
2011-08-11 18:35 . 2011-08-14 00:45 -------- d-----w- c:\archivos de programa\PCSafeDoctor
2011-08-08 00:14 . 2011-08-08 00:23 -------- d-----w- C:\4e7937567c809690d222574f787815
2011-08-05 07:14 . 2008-04-14 07:48 221184 ----a-w- c:\windows\system32\wmpns.dll
2011-08-04 07:55 . 2011-08-04 07:55 -------- d-----w- c:\documents and settings\Administrador\Configuración local\Datos de programa\PCHealth
2011-08-04 07:01 . 2011-08-10 05:10 -------- d—a-w- C:\3590F75ABA9E485486C100C1A9D4FF06Z.ZZZ…Z.ZZ…ZZ
2011-08-04 03:27 . 2010-11-09 14:52 180224 ------w- c:\windows\system32\dllcache\msadomd.dll
2011-08-04 03:27 . 2010-11-09 14:52 536576 ------w- c:\windows\system32\dllcache\msado15.dll
2011-08-04 03:27 . 2010-11-09 14:52 143360 ------w- c:\windows\system32\dllcache\msadco.dll
2011-08-04 03:00 . 2011-08-04 03:00 -------- d-----w- c:\archivos de programa\Uniblue
2011-08-04 02:54 . 2011-08-04 02:54 -------- d-----w- c:\documents and settings\Administrador\Configuración local\Datos de programa\PackageAware
2011-08-03 00:47 . 2010-11-02 15:17 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys
2011-08-03 00:41 . 2011-04-21 13:37 105472 ------w- c:\windows\system32\dllcache\mup.sys
2011-08-03 00:17 . 2010-10-11 14:59 45568 ------w- c:\windows\system32\dllcache\wab.exe
2011-08-02 19:25 . 2011-08-02 19:25 -------- d-----w- c:\documents and settings\Administrador\Datos de programa\f-secure
2011-08-02 19:24 . 2011-08-02 19:24 -------- d-----w- c:\documents and settings\All Users\Datos de programa\F-Secure
2011-08-02 19:04 . 2011-08-02 19:04 -------- d-----w- c:\archivos de programa\Archivos comunes\Java
.
.
.

8

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-12 00:51 . 2011-06-06 23:10 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-08 14:02 . 2008-04-14 00:27 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-07-06 22:52 . 2011-04-16 05:29 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-06 22:52 . 2011-04-16 05:29 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-24 14:10 . 2005-02-02 20:35 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-23 18:30 . 2008-05-11 20:54 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-06-23 18:30 . 2008-05-11 20:54 916480 ----a-w- c:\windows\system32\wininet.dll
2011-06-23 18:30 . 2008-05-11 20:28 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-06-23 12:05 . 2008-05-11 20:28 385024 ----a-w- c:\windows\system32\html.iec
2011-06-06 11:35 . 2008-04-14 07:22 1859072 ----a-w- c:\windows\system32\win32k.sys
2011-05-30 18:09 . 2011-04-18 05:23 12568 ----a-w- c:\windows\system32\drivers\PROCEXP111.SYS
2011-05-27 02:24 . 2011-05-27 02:55 175431 ----a-r- C:\MobileHeart.com-The-Mask-of-Zoro-1142-720.zip
2011-04-11 17:38 . 2011-04-15 01:06 299896 ----a-w- c:\archivos de programa\Tcpview.exe
2010-07-28 18:47 . 2011-04-15 01:06 199544 ------w- c:\archivos de programa\Tcpvcon.exe
2010-04-27 14:04 . 2011-04-15 01:11 333176 ----a-w- c:\archivos de programa\PsGetsid.exe
2010-04-27 14:04 . 2011-04-15 01:11 381816 ----a-w- c:\archivos de programa\PsExec.exe
2010-04-27 14:04 . 2011-04-15 01:11 178040 ----a-w- c:\archivos de programa\psloglist.exe
2010-04-27 14:04 . 2011-04-15 01:11 231288 ----a-w- c:\archivos de programa\PsList.exe
2010-04-27 14:04 . 2011-04-15 01:11 390520 ----a-w- c:\archivos de programa\PsInfo.exe
2010-04-27 14:04 . 2011-04-15 01:11 169848 ----a-w- c:\archivos de programa\PsService.exe
2010-04-27 14:04 . 2011-04-15 01:11 183160 ----a-w- c:\archivos de programa\PsLoggedon.exe
2009-12-01 13:52 . 2011-04-15 01:11 621944 ----a-w- c:\archivos de programa\pskill.exe
2008-08-29 18:10 . 2011-04-15 01:11 155960 ----a-w- c:\archivos de programa\pdh.dll
2008-08-29 13:32 . 2011-03-31 22:23 646184 ----a-w- c:\archivos de programa\autoruns.exe
2008-08-29 13:32 . 2011-03-31 22:22 540712 ----a-w- c:\archivos de programa\autorunsc.exe
2008-08-06 20:27 . 2011-04-02 03:26 3520552 ----a-w- c:\archivos de programa\procexp.exe
2006-12-04 20:53 . 2011-04-15 01:11 187184 ----a-w- c:\archivos de programa\pssuspend.exe
2006-12-04 20:53 . 2011-04-15 01:11 207664 ----a-w- c:\archivos de programa\psshutdown.exe
2006-12-04 20:53 . 2011-04-15 01:11 105264 ----a-w- c:\archivos de programa\pspasswd.exe
2006-12-04 20:53 . 2011-04-15 01:10 105264 ----a-w- c:\archivos de programa\psfile.exe
2011-06-24 00:03 . 2011-06-06 23:15 142296 ----a-w- c:\archivos de programa\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren’t necessarily malware.
.
.
.
.

9
  • 2011-08-15 01:34 . 2009-03-08 07:34 105984 c:\windows\ie8updates\KB2559049-IE8\url.dll
  • 2011-08-15 01:37 . 2010-07-05 13:16 401272 c:\windows\ie8updates\KB2559049-IE8\spuninst\updspapi.dll
  • 2011-08-15 01:37 . 2010-02-22 14:24 233848 c:\windows\ie8updates\KB2559049-IE8\spuninst\spuninst.exe
  • 2011-08-15 01:34 . 2011-04-25 16:05 206848 c:\windows\ie8updates\KB2559049-IE8\occache.dll
  • 2011-08-15 01:34 . 2011-04-25 16:05 611840 c:\windows\ie8updates\KB2559049-IE8\mstime.dll
  • 2011-08-15 01:36 . 2011-04-25 16:05 602112 c:\windows\ie8updates\KB2559049-IE8\msfeeds.dll
  • 2011-08-15 01:36 . 2011-04-25 16:05 247808 c:\windows\ie8updates\KB2559049-IE8\ieproxy.dll
  • 2011-08-15 01:36 . 2011-04-25 16:05 184320 c:\windows\ie8updates\KB2559049-IE8\iepeers.dll
  • 2011-08-15 01:36 . 2011-04-25 16:05 743424
10

c:\windows\ie8updates\KB2559049-IE8\iedvtool.dll

  • 2011-08-15 01:36 . 2011-04-25 16:05 387584 c:\windows\ie8updates\KB2559049-IE8\iedkcs32.dll
  • 2011-08-15 01:36 . 2011-04-25 12:01 173568 c:\windows\ie8updates\KB2559049-IE8\ie4uinit.exe
  • 2011-08-04 06:32 . 2009-03-08 07:33 759296 c:\windows\ie8updates\KB2544521-IE8\vgx.dll
  • 2011-08-04 06:32 . 2010-07-05 13:16 401272 c:\windows\ie8updates\KB2544521-IE8\spuninst\updspapi.dll
  • 2011-08-04 06:32 . 2010-07-05 13:16 233848 c:\windows\ie8updates\KB2544521-IE8\spuninst\spuninst.exe
  • 2011-08-04 06:58 . 2010-06-24 12:24 916480 c:\windows\ie8updates\KB2530548-IE8\wininet.dll
11
  • 2011-08-04 06:58 . 2010-07-05 13:16 401272 c:\windows\ie8updates\KB2530548-IE8\spuninst\updspapi.dll
  • 2011-08-04 06:58 . 2010-02-22 14:24 233848 c:\windows\ie8updates\KB2530548-IE8\spuninst\spuninst.exe
  • 2011-08-04 06:58 . 2010-06-24 12:24 206848 c:\windows\ie8updates\KB2530548-IE8\occache.dll
  • 2011-08-04 06:58 . 2010-06-24 12:24 611840 c:\windows\ie8updates\KB2530548-IE8\mstime.dll
  • 2011-08-04 06:58 . 2010-06-24 12:24 599040 c:\windows\ie8updates\KB2530548-IE8\msfeeds.dll
  • 2011-08-04 06:58 . 2010-06-24 12:24 247808 c:\windows\ie8updates\KB2530548-IE8\ieproxy.dll
  • 2011-08-04 06:58 . 2010-06-24 12:24 184320
12

c:\windows\ie8updates\KB2530548-IE8\iepeers.dll

  • 2011-08-04 06:58 . 2010-06-24 12:24 743424 c:\windows\ie8updates\KB2530548-IE8\iedvtool.dll
  • 2011-08-04 06:58 . 2010-06-24 12:24 387584 c:\windows\ie8updates\KB2530548-IE8\iedkcs32.dll
  • 2011-08-04 06:58 . 2010-06-23 12:08 173056 c:\windows\ie8updates\KB2530548-IE8\ie4uinit.exe
  • 2011-08-04 06:33 . 2010-03-10 06:16 420352 c:\windows\ie8updates\KB2510531-IE8\vbscript.dll
  • 2011-08-04 06:33 . 2010-07-05 13:16 401272 c:\windows\ie8updates\KB2510531-IE8\spuninst\updspapi.dll
  • 2011-08-04 06:33 . 2010-07-05 13:16 233848 c:\windows\ie8updates\KB2510531-IE8\spuninst\spuninst.exe
  • 2011-08-04 06:33 . 2009-12-09 05:55 726528
13

c:\windows\ie8updates\KB2510531-IE8\jscript.dll

  • 2010-05-20 00:28 . 2011-04-29 16:19 456320 c:\windows\Driver Cache\i386\mrxsmb.sys
  • 2010-10-08 20:39 . 2010-10-08 20:39 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
  • 2011-08-21 00:57 . 2011-08-21 00:57 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
  • 2010-10-08 20:39 . 2010-10-08 20:39 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
  • 2011-08-21 00:57 . 2011-08-21 00:57 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
  • 2011-08-21 00:59 . 2011-08-21 00:59 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
  • 2010-10-08 20:40 . 2010-10-08 20:40 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
  • 2011-08-21 00:58 . 2011-08-21 00:58 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
  • 2010-10-08 20:40 . 2010-10-08 20:40 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
  • 2011-08-21 00:58 . 2011-08-21 00:58 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
  • 2010-10-08 20:40 . 2010-10-08 20:40 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
  • 2010-10-08 20:40 . 2010-10-08 20:40 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
  • 2011-08-21 00:58 . 2011-08-21 00:58 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
  • 2010-10-08 20:40 . 2010-10-08 20:40 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
  • 2011-08-21 00:58 . 2011-08-21 00:58 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
  • 2011-08-21 00:58 . 2011-08-21 00:58 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
  • 2010-10-08 20:40 . 2010-10-08 20:40 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
  • 2010-10-08 20:40 . 2010-10-08 20:40 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
  • 2011-08-21 00:58 . 2011-08-21 00:58 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
  • 2011-08-21 00:58 . 2011-08-21 00:58 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
  • 2010-10-08 20:40 . 2010-10-08 20:40 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
  • 2011-08-21 00:59 . 2011-08-21 00:59 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
  • 2010-10-08 20:40 . 2010-10-08 20:40 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
  • 2010-10-08 20:40 . 2010-10-08 20:40 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
  • 2011-08-21 00:59 . 2011-08-21 00:59 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
  • 2011-08-21 00:59 . 2011-08-21 00:59 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
  • 2010-10-08 20:40 . 2010-10-08 20:40 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
  • 2010-10-08 20:40 . 2010-10-08 20:40 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
  • 2011-08-21 00:58 . 2011-08-21 00:58 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
  • 2010-10-08 20:40 . 2010-10-08 20:40 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
  • 2011-08-21 00:58 . 2011-08-21 00:58 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
  • 2010-10-08 20:40 . 2010-10-08 20:40 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
  • 2011-08-21 00:58 . 2011-08-21 00:58 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
  • 2010-10-08 20:40 . 2010-10-08 20:40 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
  • 2011-08-21 00:58 . 2011-08-21 00:58 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
14
  • 2010-10-08 20:40 . 2010-10-08 20:40 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
  • 2011-08-21 00:58 . 2011-08-21 00:58 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
  • 2010-10-08 20:40 . 2010-10-08 20:40 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
  • 2011-08-21 00:59 . 2011-08-21 00:59 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
  • 2010-10-08 20:40 . 2010-10-08 20:40 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
  • 2011-08-21 00:58 . 2011-08-21 00:58 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
  • 2011-08-21 00:58 . 2011-08-21 00:58 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
  • 2010-10-08 20:39 . 2010-10-08 20:39 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
  • 2010-10-08 20:40 . 2010-10-08 20:40 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
  • 2011-08-21 00:58 . 2011-08-21 00:58 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
  • 2011-08-21 00:58 . 2011-08-21 00:58 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
  • 2010-10-08 20:40 . 2010-10-08 20:40 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
  • 2010-10-08 20:40 . 2010-10-08 20:40 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
  • 2011-08-21 00:58 . 2011-08-21 00:58 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
  • 2011-08-05 07:13 . 2009-05-26 11:40 401272 c:\windows$hf_mig$\KB982132\update\updspapi.dll
  • 2011-08-05 07:13 . 2009-05-26 11:40 764280 c:\windows$hf_mig$\KB982132\update\update.exe
  • 2011-08-05 07:13 . 2009-05-26 11:40 233848 c:\windows$hf_mig$\KB982132\spuninst.exe
  • 2010-08-27 08:00 . 2010-08-27 08:00 119808 c:\windows$hf_mig$\KB982132\SP3QFE\t2embed.dll
  • 2011-08-05 06:55 . 2010-02-22 14:24 401272 c:\windows$hf_mig$\KB979687\update\updspapi.dll
  • 2011-08-05 06:55 . 2010-02-22 14:24 764280 c:\windows$hf_mig$\KB979687\update\update.exe
  • 2011-08-05 06:55 . 2010-02-22 14:24 233848 c:\windows$hf_mig$\KB979687\spuninst.exe
  • 2010-07-16 11:56 . 2010-07-16 11:56 221696 c:\windows$hf_mig$\KB979687\SP3QFE\wordpad.exe
  • 2011-08-05 07:17 . 2010-02-22 14:24 401272 c:\windows$hf_mig$\KB2345886\update\updspapi.dll
  • 2011-08-05 07:17 . 2010-02-22 14:24 764280 c:\windows$hf_mig$\KB2345886\update\update.exe
  • 2011-08-05 07:17 . 2010-02-22 14:24 233848 c:\windows$hf_mig$\KB2345886\spuninst.exe
  • 2010-08-26 13:37 . 2010-08-26 13:37 357248 c:\windows$hf_mig$\KB2345886\SP3QFE\srv.sys
  • 2011-08-03 00:41 . 2010-10-23 00:47 1748992 c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22509_x-ww_c7dad023\GdiPlus.dll
  • 2010-10-16 06:35 . 2010-08-23 16:12 1054208 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
  • 2011-04-19 01:51 . 2011-04-19 01:51 3781960 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_028bc148\mfc90u.dll
  • 2011-04-19 01:51 . 2011-04-19 01:51 3766600 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_028bc148\mfc90.dll
  • 2011-05-13 23:04 . 2011-05-13 23:04 1093120 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_150c9e8b\mfc80u.dll
  • 2011-05-13 23:04 . 2011-05-13 23:04 1101824 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_150c9e8b\mfc80.dll
  • 2008-05-11 20:54 . 2011-06-23 18:30 1212416 c:\windows\system32\urlmon.dll
  • 2008-04-14 07:48 . 2011-01-21 14:44 8504320 c:\windows\system32\shell32.dll
  • 2008-04-14 07:48 . 2010-07-27 06:29 8504320 c:\windows\system32\shell32.dll
  • 2008-04-14 07:48 . 2010-07-16 12:00 1287680 c:\windows\system32\ole32.dll
  • 2008-04-14 07:27 . 2010-12-09 15:13 2195200 c:\windows\system32\ntoskrnl.exe
  • 2008-04-14 05:27 . 2010-12-09 15:13 2071808 c:\windows\system32\ntkrnlpa.exe
  • 2005-02-02 20:35 . 2011-02-02 07:58 2067456 c:\windows\system32\mstscax.dll
  • 2008-05-11 20:54 . 2011-07-25 15:08 5969920 c:\windows\system32\mshtml.dll
  • 2011-03-19 15:50 . 2003-03-18 21:20 1060864 c:\windows\system32\MFC71.dll
  • 2011-05-10 22:33 . 2011-08-12 00:51 6277280 c:\windows\system32\Macromed\Flash\NPSWF32.dll
  • 2008-05-11 20:54 . 2011-06-23 18:30 1991680 c:\windows\system32\iertutil.dll
  • 2009-08-14 15:14 . 2011-06-06 11:35 1859072 c:\windows\system32\dllcache\win32k.sys
  • 2009-03-08 07:34 . 2011-06-23 18:30 1212416 c:\windows\system32\dllcache\urlmon.dll
  • 2008-06-17 19:02 . 2010-07-27 06:29 8504320 c:\windows\system32\dllcache\shell32.dll
  • 2008-06-17 19:02 . 2011-01-21 14:44 8504320 c:\windows\system32\dllcache\shell32.dll
  • 2010-07-16 12:00 . 2010-07-16 12:00 1287680 c:\windows\system32\dllcache\ole32.dll
  • 2010-05-20 00:17 . 2010-12-09 15:13 2195200 c:\windows\system32\dllcache\ntoskrnl.exe
15
  • 2010-05-20 00:17 . 2010-12-09 15:13 2029568 c:\windows\system32\dllcache\ntkrpamp.exe
  • 2009-02-10 22:06 . 2010-12-09 15:13 2071808 c:\windows\system32\dllcache\ntkrnlpa.exe
  • 2010-05-20 00:17 . 2010-12-09 15:13 2151424 c:\windows\system32\dllcache\ntkrnlmp.exe
  • 2009-03-08 07:41 . 2011-07-25 15:08 5969920 c:\windows\system32\dllcache\mshtml.dll
  • 2011-02-02 07:58 . 2011-02-02 07:58 2067456 c:\windows\system32\dllcache\lhmstscx.dll
  • 2010-05-20 01:12 . 2011-06-23 18:30 1991680 c:\windows\system32\dllcache\iertutil.dll
  • 2011-03-19 15:50 . 2009-11-24 23:54 1280480 c:\windows\system32\aswBoot.exe
  • 2011-01-19 02:36 . 2011-01-19 02:36 2687488 c:\windows\Installer\fe5d1.msp
  • 2011-05-20 20:31 . 2011-05-20 20:31 5518848 c:\windows\Installer\f8b3f8.msp
  • 2011-05-17 21:28 . 2011-05-17 21:28 6862848 c:\windows\Installer\f8b3e2.msp
  • 2011-04-29 16:04 . 2011-04-29 16:04 5053440 c:\windows\Installer\f8b3cc.msp
  • 2011-07-26 16:50 . 2011-07-26 16:50 5522432 c:\windows\Installer\2ec3258.msp
  • 2010-10-02 00:53 . 2010-10-02 00:53 4147712 c:\windows\Installer\2bdc87.msp
  • 2010-10-22 18:45 . 2010-10-22 18:45 8444928 c:\windows\Installer\239748d.msp
  • 2010-08-23 20:09 . 2010-08-23 20:09 7673344 c:\windows\Installer\2397450.msp
  • 2011-04-27 22:51 . 2011-04-27 22:51 6825472 c:\windows\Installer\239743a.msp
  • 2011-05-23 17:15 . 2011-05-23 17:15 3617792 c:\windows\Installer\225d509.msp
  • 2011-03-02 04:01 . 2011-03-02 04:01 9472000 c:\windows\Installer\1184aa6.msi
  • 2011-08-15 01:34 . 2011-04-25 16:05 1211904 c:\windows\ie8updates\KB2559049-IE8\urlmon.dll
16
  • 2011-08-15 01:34 . 2011-05-30 22:12 5964800 c:\windows\ie8updates\KB2559049-IE8\mshtml.dll
  • 2011-08-15 01:36 . 2011-04-25 16:05 1991680 c:\windows\ie8updates\KB2559049-IE8\iertutil.dll
  • 2011-08-04 06:58 . 2010-06-24 12:24 1210368 c:\windows\ie8updates\KB2530548-IE8\urlmon.dll
  • 2011-08-04 06:58 . 2010-06-24 12:24 5951488 c:\windows\ie8updates\KB2530548-IE8\mshtml.dll
  • 2011-08-04 06:58 . 2010-06-24 12:24 1986560 c:\windows\ie8updates\KB2530548-IE8\iertutil.dll
  • 2010-05-20 00:17 . 2010-12-09 15:13 2195200 c:\windows\Driver Cache\i386\ntoskrnl.exe
17
  • 2010-05-20 00:17 . 2010-12-09 15:13 2029568 c:\windows\Driver Cache\i386\ntkrpamp.exe
  • 2009-02-10 22:06 . 2010-12-09 15:13 2071808 c:\windows\Driver Cache\i386\ntkrnlpa.exe
  • 2010-05-20 00:17 . 2010-12-09 15:13 2151424 c:\windows\Driver Cache\i386\ntkrnlmp.exe
  • 2010-10-08 20:39 . 2010-10-08 20:39 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
  • 2011-08-21 00:57 . 2011-08-21 00:58 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
  • 2011-08-21 00:58 . 2011-08-21 00:58 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
  • 2010-10-08 20:39 . 2010-10-08 20:39 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
  • 2011-08-21 00:59 . 2011-08-21 00:59 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
  • 2010-10-08 20:40 . 2010-10-08 20:40 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
  • 2010-07-16 11:59 . 2010-07-16 11:59 1288704
18

c:\windows$hf_mig$\KB979687\SP3QFE\ole32.dll

  • 2008-05-11 20:28 . 2009-07-14 02:43 10841088 c:\windows\system32\wmp.dll
  • 2008-05-11 20:28 . 2010-08-26 02:36 10841088 c:\windows\system32\wmp.dll
  • 2010-05-20 01:02 . 2011-08-21 00:13 52390856 c:\windows\system32\MRT.exe
  • 2008-05-11 20:54 . 2011-06-23 18:30 11081728 c:\windows\system32\ieframe.dll
  • 2009-07-14 02:43 . 2010-08-26 02:36 10841088 c:\windows\system32\dllcache\wmp.dll
  • 2009-07-14 02:43 . 2009-07-14 02:43 10841088 c:\windows\system32\dllcache\wmp.dll
  • 2010-05-20 01:12 . 2011-06-23 18:30 11081728 c:\windows\system32\dllcache\ieframe.dll
  • 2011-03-28 06:27 . 2011-03-28 06:27 15456256 c:\windows\Installer\6a9dd2.msp
  • 2011-03-28 06:27 . 2011-03-28 06:27 15456256 c:\windows\Installer\2397493.msp
  • 2011-08-05 07:11 . 2011-08-05 07:11 20333056 c:\windows\Installer\2397471.msp
  • 2011-02-24 12:38 . 2011-02-24 12:38 10984448 c:\windows\Installer\2397466.msp
  • 2011-08-15 01:36 . 2011-04-26 13:05 11081728 c:\windows\ie8updates\KB2559049-IE8\ieframe.dll
  • 2011-08-04 06:58 . 2010-06-24 20:54 11077120 c:\windows\ie8updates\KB2530548-IE8\ieframe.dll
    .
    – Snapshot reset to current date –
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    Note empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    “NBJ”=“c:\archiv~1\Ahead\NEROBA~1\NBJ.exe” [2005-01-04 1937408]
    “msnmsgr”=“c:\archivos de programa\Windows Live\Messenger\msnmsgr.exe” [2010-04-17 3872080]
    “ares”=“c:\archivos de programa\Ares\Ares.exe” [2008-12-13 882176]
    “ctfmon.exe”=“c:\windows\system32\ctfmon.exe” [2008-04-14 15360]
    .
19

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“avast!”=“c:\archiv~1\ALWILS~1\Avast4\ashDisp.exe” [2009-11-24 81000]
“TkBellExe”=“c:\archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe” [2010-05-23 202256]
“SunJavaUpdateSched”=“c:\archivos de programa\Archivos comunes\Java\Java Update\jusched.exe” [2011-04-08 254696]
“SoundMan”=“SOUNDMAN.EXE” [2004-02-26 65024]
“SiSUSBRG”=“c:\windows\SiSUSBrg.exe” [2002-07-12 106496]
“SiS Windows KeyHook”=“c:\windows\system32\keyhook.exe” [2004-05-12 249856]
“QuickTime Task”=“c:\archivos de programa\QuickTime\QTTask.exe” [2010-11-29 421888]
“pcsafedoctor.exe”=“c:\archivos de programa\PCSafeDoctor\pcsafedoctor.exe” [2011-07-29 2052608]
“PAC207_Monitor”=“c:\windows\PixArt\PAC207\Monitor.exe” [2007-12-10 323584]
“Monitor”=“c:\windows\PixArt\PAC207\Monitor.exe” [2007-12-10 323584]
“Malwarebytes’ Anti-Malware”=“c:\archivos de programa\Malwarebytes’ Anti-Malware\mbamgui.exe” [2011-07-06 449584]
.

20

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“c:\windows\system32\CTFMON.EXE” [2008-04-14 15360]
.
[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
“nltide_2”=“shell32”
“nltide_3”=“advpack.dll” [2009-03-08 128512]
.
[HKEY_USERS.default\software\microsoft\windows\currentversion\policies\explorer]
“ForceClassicControlPanel”= 1 (0x1)
“NoSMHelp”= 1 (0x1)
“NoSMConfigurePrograms”= 1 (0x1)
“NoSMMyPictures”= 1 (0x1)
“NoResolveTrack”= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=“”
.
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
“DisableUnicastResponsesToMulticastBroadcast”= 0 (0x0)
.
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“%windir%\Network Diagnostic\xpnetdiag.exe”=
“%windir%\system32\sessmgr.exe”=
“c:\Archivos de programa\Windows Live\Messenger\wlcsdk.exe”=
“c:\Archivos de programa\Windows Live\Messenger\msnmsgr.exe”=
“c:\Archivos de programa\Windows Live\Sync\WindowsLiveSync.exe”=
“c:\Archivos de programa\Ares\Ares.exe”=
“c:\Archivos de programa\LimeWire\LimeWire.exe”=
“c:\WINDOWS\system32\mmc.exe”=
.
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
“135:TCP”= 135:TCP:DCOM(135)
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [02/02/2005 05:43 p.m. 717296]
R0 tffsport;M-Systems DiskOnChip 2000;c:\windows\system32\drivers\tffsport.sys [03/02/2005 01:50 p.m. 149376]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [19/03/2011 12:51 p.m. 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [19/03/2011 12:51 p.m. 20560]
R2 MBAMService;MBAMService;c:\archivos de programa\Malwarebytes’ Anti-Malware\mbamservice.exe [16/04/2011 02:29 a.m. 366640]
R3 CamSuiteVAC;CamSuite Virtual Audio;c:\windows\system32\drivers\CamSuiteVAC.sys [07/09/2010 12:38 a.m. 37560]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [16/04/2011 02:29 a.m. 22712]
R3 PAC207;PC Camer@;c:\windows\system32\drivers\PFC027.SYS [25/11/2010 12:24 p.m. 618112]
S2 gupdate;Servicio Google Update (gupdate);c:\archivos de programa\Google\Update\GoogleUpdate.exe [07/01/2011 12:51 p.m. 136176]
S3 gupdatem;Servicio de Google Update (gupdatem);c:\archivos de programa\Google\Update\GoogleUpdate.exe [07/01/2011 12:51 p.m. 136176]
S3 RkPavproc1;RkPavproc1;c:\windows\system32\drivers\RkPavproc1.sys [23/06/2010 06:25 a.m. 16648]
.
Contents of the ‘Scheduled Tasks’ folder
.
2010-05-18 c:\windows\Tasks\Administrador de utilidades.job

  • c:\windows\system32\utilman.exe [2008-04-14 07:49]
    .
    2011-08-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cc51385e67cd42.job
  • c:\archivos de programa\Google\Update\GoogleUpdate.exe [2011-01-07 15:44]
    .
    2011-07-29 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1417001333-115176313-1177238915-500.job
  • c:\archivos de programa\Real\RealUpgrade\realupgrade.exe [2010-02-25 01:09]
    .
    2011-07-29 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1417001333-115176313-1177238915-500.job
  • c:\archivos de programa\Real\RealUpgrade\realupgrade.exe [2010-02-25 01:09]
    .
    2011-06-23 c:\windows\Tasks\User_Feed_Synchronization-{5EFF7854-BEDC-4F4F-8518-2AA4FFADE756}.job
  • c:\windows\system32\msfeedssync.exe [2008-05-11 07:31]
    .
    2010-05-26 c:\windows\Tasks\WGASetup.job
  • c:\windows\system32\KB905474\wgasetup.exe [2010-05-20 01:18]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.facebook.com/home.php?ref=hp
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}
    IE: E&xportar a Microsoft Excel - c:\archiv~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
    TCP: DhcpNameServer = 200.115.192.29 200.115.192.30 200.115.192.28
    FF - ProfilePath - c:\documents and settings\Administrador\Datos de programa\Mozilla\Firefox\Profiles\393osf3g.default
    FF - prefs.js: browser.search.selectedEngine -
    FF - prefs.js: network.proxy.type - 4
    .
        • ORPHANS REMOVED - - - -
          .
          AddRemove-{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA} - c:\documents and settings\All Users\Datos de programa{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}\bm_installer.exe
          .
          .
          .

.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-21 21:15
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes …
.
scanning hidden autostart entries …
.
scanning hidden files …
.
scan completed successfully
hidden files: 0
.

.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1417001333-115176313-1177238915-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
“88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977”=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,3c,9c,75,a6,7b,9f,68,4e,a3,c5,24,
“2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81”=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c3,95,d8,df,a7,b2,0e,45,85,de,13,
“6256FFB019F8FDFBD36745B06F4540E9AEAF222A25”=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,17,fa,b8,ec,ce,d1,3f,45,9a,5b,db,
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.

              • ‘explorer.exe’(1792)
                c:\windows\system32\WININET.dll
                c:\windows\system32\msi.dll
                c:\windows\system32\webcheck.dll
                c:\windows\system32\wpdshserviceobj.dll
                c:\windows\system32\portabledevicetypes.dll
                c:\windows\system32\portabledeviceapi.dll
                .
                ------------------------ Other Running Processes ------------------------
                .
                c:\archivos de programa\Alwil Software\Avast4\aswUpdSv.exe
                c:\archivos de programa\Alwil Software\Avast4\ashServ.exe
                c:\windows\system32\WgaTray.exe
                c:\windows\System32\SCardSvr.exe
                c:\archivos de programa\Java\jre6\bin\jqs.exe
                c:\windows\SOUNDMAN.EXE
                c:\archivos de programa\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
                c:\archivos de programa\Yahoo!\SoftwareUpdate\YahooAUService.exe
                c:\archivos de programa\BedtimeHelp\Bedtimehelp.exe
                c:\archivos de programa\Alwil Software\Avast4\ashMaiSv.exe
                c:\windows\system32\wbem\wmiapsrv.exe
                c:\windows\system32\taskmgr.exe
                c:\archivos de programa\Alwil Software\Avast4\ashWebSv.exe
                .

.
Completion time: 2011-08-21 21:39:46 - machine was rebooted
ComboFix-quarantined-files.txt 2011-08-22 00:39
ComboFix2.txt 2010-11-28 13:26
ComboFix3.txt 2010-11-18 05:41
ComboFix4.txt 2010-11-09 03:26
ComboFix5.txt 2011-08-21 23:52
.
Pre-Run: 601.550.848 bytes libres
Post-Run: 750.329.856 bytes libres
.

    • End Of File - - F8218732FCE059BE32EACA23F0DBCC81