System Report
*************

Run on 27/03/2008 at 11:19

Microsoft Windows XP [Versi¢n 5.1.2600]

Current user is an administrator

Running Processes:

\SystemRoot\System32\smss.exe [636]
\??\C:\WINDOWS\system32\csrss.exe [712]
\??\C:\WINDOWS\system32\winlogon.exe [736]
C:\WINDOWS\system32\services.exe [780]
C:\WINDOWS\system32\lsass.exe [792]
C:\WINDOWS\system32\svchost.exe [980]
C:\WINDOWS\system32\svchost.exe [1024]
C:\WINDOWS\Explorer.EXE [1420]
C:\WINDOWS\system32\svchost.exe [452]


Drivers - Running:

ACPI
ACPIEC
AFD
AgereSoftModem
ALCXWDM
AMON
ApfiltrService
Arp1394
atapi
audstub
Beep
Cdfs
Cdrom
CmBatt
Compbatt
Disk
drvmcdb
drvnddm
Fips
FltMgr
Ftdisk
GEARAspiWDM
Gpc
HidUsb
i8042prt
ialm
Imapi
IntelIde
intelppm
IPSec
isapnp
Iviaspi
Kbdclass
KSecDD
mnmdd
Modem
Mouclass
mouhid
MountMgr
MRxSmb
Msfs
mssmbios
Mup
NDIS
NdisTapi
NdisWan
NDProxy
NetBIOS
NetBT
Netdevio
NIC1394
nod32drv
Npfs
Ntfs
Null
ohci1394
PartMgr
PCI
PCIIde
Pcmcia
Pfc
PptpMiniport
PSched
Ptilink
PxHelp20
RasAcd
Rasl2tp
RasPppoe
Raspti
Rdbss
RDPCDD
redbook
RTL8023xp
SASDIFSV
SASKUTIL
SAVOnAccess
SAVOnAccess
sdbus
sr
SrvcSSIOMngr
sscdbhk5
SSFS0509
SSHRMD
SSIDRV
SSKBFD
ssrtln
swenum
Tcpip
TermDD
tfsnboio
tfsncofs
tfsndrct
tfsndres
tfsnifs
tfsnopio
tfsnpool
tfsnudf
tfsnudfa
tifm21
TPwSav
Tvs
Update
usbehci
usbhub
usbuhci
VgaSave
VolSnap
w29n51
Wanarp
WS2IFSL
WudfPf


Drivers - Stopped:

Abiosdsk
abp480n5
adpu160m
aec
Aha154x
aic78u2
aic78xx
AliIde
amsint
asc
asc3350p
asc3550
AsyncMac
Atdisk
Atmarpc
catchme
cbidf2k
CCDECODE
cd20xrnt
Cdaudio
Changer
CmdIde
Cpqarray
dac960nt
dmboot
dmio
dmload
DMusic
dpti2o
drmkaud
Fastfat
Fdc
Flpydisk
hpn
HTTP
i2omgmt
i2omp
IKFileSec
IKSysFlt
IKSysSec
InCDFs
InCDPass
InCDRm
ini910u
Ip6Fw
IpFilterDriver
IpInIp
IpNat
IRENUM
kbdhid
kmixer
lbrtfdc
mraid35x
MRxDAV
MSKSSRV
MSPCLOCK
MSPQM
MSTEE
NABTSFEC
NdisIP
Ndisuio
NwlnkFlt
NwlnkFwd
Parport
ParVdm
PCIDump
PDCOMP
PDFRAME
PDRELI
PDRFRAME
perc2
perc2hib
ql1080
Ql10wnt
ql12160
ql1240
ql1280
RDPWD
rtl8139
SASENUM
Secdrv
Serial
Sfloppy
Simbad
SLIP
SONYPVU1
Sparrow
splitter
Srv
streamip
swmidi
symc810
symc8xx
sym_hi
sym_u3
sysaudio
TDPIPE
TDTCP
TosIde
tosrfec
Udfs
ultra
usbccgp
USBSTOR
ViaIde
WDICA
wdmaud
WpdUsb
WSTCODEC
WudfRd
ZSMC301b


Services - Running:

DcomLaunch
EventSystem
RpcSs
SENS
winmgmt


Services - Stopped:

aawservice
Adobe
Adobe
Alerter
ALG
Apple
AppMgmt
aspnet_state
AudioSrv
BITS
Browser
CFSvcs
CiSvc
ClipSrv
clr_optimization_v2.0.50727_32
COMSysApp
CryptSvc
Dhcp
dmadmin
dmserver
Dnscache
ERSvc
Eventlog
FastUserSwitchingCompatibility
g35b7z8f6
GoogleDesktopManager
gusvc
helpsvc
HidServ
HTTPFilter
ImapiService
iPod
l65r3r5c0
lanmanserver
lanmanworkstation
LmHosts
MDM
Messenger
mnmsrvc
MSDTC
MSIServer
NetDDE
NetDDEdsdm
Netlogon
Netman
Nla
NOD32krn
NtLmSsp
NtmsSvc
ose
PlugPlay
PolicyAgent
Programador
ProtectedStorage
RasAuto
RasMan
RDSessMgr
RemoteAccess
RpcLocator
RSVP
SamSs
SAVAdminService
SAVService
SCardSvr
Schedule
sdAuxService
sdCoreService
seclogon
SharedAccess
ShellHWDetection
Sophos
Spooler
srservice
SSDPSRV
stisvc
SwPrv
SysmonLog
TapiSrv
TermService
Themes
TrkWks
upnphost
UPS
usnjsvc
VSS
W32Time
WebClient
WebrootSpySweeperService
WLSetupSvc
WmdmPmSN
WmiApSrv
wscsvc
WSearch
wuauserv
WudfSvc
WZCSVC
xmlprov


Files Created/Modified - 60 Days:


C:\

27 Mar 2008 11:17:04 211 A.SHR "C:\boot.ini"
26 Mar 2008 1:16:34 21.543 A.... "C:\ComboFix.txt"
27 Mar 2008 11:12:10 1.063.768.064 A.SH. "C:\hiberfil.sys"
27 Mar 2008 11:12:08 1.598.029.824 A.SH. "C:\pagefile.sys"
27 Mar 2008 11:05:34 1.414.077 A.... "C:\SDFix.exe"


C:\WINDOWS\

27 Mar 2008 11:01:44 0 A.... "C:\WINDOWS\0.log"
25 Mar 2008 13:02:34 1.380 A.... "C:\WINDOWS\BM47cfb3e6.txt"
27 Mar 2008 11:12:12 2.048 A.S.. "C:\WINDOWS\bootstat.dat"
9 Mar 2008 21:18:20 4.096 A.... "C:\WINDOWS\d3dx.dat"
1 Feb 2008 15:46:42 729.088 A.... "C:\WINDOWS\iun6002.exe"
25 Mar 2008 1:29:10 37.376 A.... "C:\WINDOWS\mrofinu1188.exe.tmp"
27 Mar 2008 1:42:56 116 A.... "C:\WINDOWS\NeroDigital.ini"
20 Feb 2008 23:49:16 10 A.... "C:\WINDOWS\popcinfo.dat"
25 Mar 2008 14:36:12 1.409 A.... "C:\WINDOWS\QTFont.for"
27 Mar 2008 11:03:00 54.156 A..H. "C:\WINDOWS\QTFont.qfn"
26 Mar 2008 3:16:06 1.393 A.... "C:\WINDOWS\setupapi.log"
24 Mar 2008 19:41:42 0 A.... "C:\WINDOWS\Sti_Trace.log"
27 Mar 2008 11:17:04 227 A.... "C:\WINDOWS\system.ini"
27 Mar 2008 11:11:14 216 A.... "C:\WINDOWS\wiadebug.log"
27 Mar 2008 11:11:14 50 A.... "C:\WINDOWS\wiaservc.log"
27 Mar 2008 11:17:04 715 A.... "C:\WINDOWS\win.ini"
27 Mar 2008 11:11:10 139.112 A.... "C:\WINDOWS\WindowsUpdate.log"
1 Feb 2008 11:17:36 587.264 A.... "C:\WINDOWS\WLXPGSS.SCR"
12 Mar 2008 1:09:26 81.920 A.... "C:\WINDOWS\A4CFA95FE042481FAC5CDEAC1E6BD0ED.TMP\W iseCustomCalla2.dll"
12 Mar 2008 1:09:28 294.912 A.... "C:\WINDOWS\A4CFA95FE042481FAC5CDEAC1E6BD0ED.TMP\W iseCustomCalla3.dll"
27 Mar 2008 11:12:12 0 A.... "C:\WINDOWS\Debug\PASSWD.LOG"
6 Feb 2008 038 317.208 A.... "C:\WINDOWS\Downloaded Program Files\SearchEngineQuery.dll"
26 Mar 2008 1:06:28 110 A.... "C:\WINDOWS\erdnt\CFrecovery.bat"
16 Mar 2008 13:32:34 4.100 A.... "C:\WINDOWS\inf\branches.PNF"
16 Mar 2008 13:32:34 4.684 A.... "C:\WINDOWS\inf\Erma.PNF"
16 Mar 2008 13:32:34 1.564.400 A.... "C:\WINDOWS\inf\INFCACHE.1"
25 Mar 2008 19:54:14 6.336 A.... "C:\WINDOWS\inf\oem16.PNF"
27 Mar 2008 11:07:24 211 ..... "C:\WINDOWS\pss\boot.ini.backup"
24 Mar 2008 0:40:00 2.387 ..... "C:\WINDOWS\pss\Inicio r*pido de Adobe Acrobat.lnkCommon Startup"
23 Mar 2008 14:18:54 2.200 ..... "C:\WINDOWS\pss\iWin Desktop Alerts.lnkStartup"
12 Mar 2008 21:41:46 16.832 A.... "C:\WINDOWS\system32\amcompat.tlb"
25 Mar 2008 23:59:58 133.280 A.... "C:\WINDOWS\system32\FNTCACHE.DAT"
25 Mar 2008 14:28:40 298.104 A.... "C:\WINDOWS\system32\imon.dll"
21 Mar 2008 21:29:38 30.720 ..SHR "C:\WINDOWS\system32\lcss.exe"
5 Mar 2008 17:30:54 19.148.408 A.... "C:\WINDOWS\system32\MRT.exe"
12 Mar 2008 21:41:46 23.392 A.... "C:\WINDOWS\system32\nscompat.tlb"
25 Mar 2008 13:02:16 354 ..SH. "C:\WINDOWS\system32\otydsqcv.ini"
31 Jan 2008 23:13:18 57.344 A.... "C:\WINDOWS\system32\QuickTime.qts"
31 Jan 2008 23:13:18 90.112 A.... "C:\WINDOWS\system32\QuickTimeVR.qtx"
21 Mar 2008 21:34:10 147.456 A.... "C:\WINDOWS\system32\vbzip10.dll"
2 Mar 2008 20:42:34 1.158 A.... "C:\WINDOWS\system32\wpa.dbl"
24 Mar 2008 11:06:06 298 A.... "C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
27 Mar 2008 10:00:02 256 A..H. "C:\WINDOWS\Tasks\B2CC68AE942C1BEE.job"
26 Mar 2008 21:18:26 430 A.... "C:\WINDOWS\Tasks\Norton Security Scan.job"
27 Mar 2008 11:11:14 6 A..H. "C:\WINDOWS\Tasks\SA.DAT"
27 Mar 2008 11:11:14 32.628 A.... "C:\WINDOWS\Tasks\SCHEDLGU.TXT"
26 Mar 2008 15:15:46 0 A.... "C:\WINDOWS\Temp\expFC1.tmp"
27 Mar 2008 10:39:22 0 A.... "C:\WINDOWS\Temp\ib10"
27 Mar 2008 11:01:46 0 A.... "C:\WINDOWS\Temp\ib11"
27 Mar 2008 11:01:46 0 A.... "C:\WINDOWS\Temp\ib12"
27 Mar 2008 11:01:48 0 A.... "C:\WINDOWS\Temp\ib13"
26 Mar 2008 100 0 A.... "C:\WINDOWS\Temp\ib2"
26 Mar 2008 100 0 A.... "C:\WINDOWS\Temp\ib3"
26 Mar 2008 102 0 A.... "C:\WINDOWS\Temp\ib4"
26 Mar 2008 3:13:20 0 A.... "C:\WINDOWS\Temp\ib5"
26 Mar 2008 3:13:20 0 A.... "C:\WINDOWS\Temp\ib6"
26 Mar 2008 3:13:24 0 A.... "C:\WINDOWS\Temp\ib7"
27 Mar 2008 10:39:18 0 A.... "C:\WINDOWS\Temp\ib8"
27 Mar 2008 10:39:18 0 A.... "C:\WINDOWS\Temp\ib9"
27 Mar 2008 11:17:50 42.304 A.... "C:\WINDOWS\Temp\scs3.tmp"
27 Mar 2008 11:18:38 0 A.... "C:\WINDOWS\Temp\scs6.tmp"
26 Mar 2008 1:03:02 307.200 A.... "C:\WINDOWS\erdnt\Hiv-backup\default"
26 Mar 2008 1:03:04 673 A.... "C:\WINDOWS\erdnt\Hiv-backup\ERDNT.CON"
26 Mar 2008 1:03:04 1.233 A.... "C:\WINDOWS\erdnt\Hiv-backup\ERDNT.INF"
26 Mar 2008 1:03:04 32.768 A.... "C:\WINDOWS\erdnt\Hiv-backup\SAM"
26 Mar 2008 1:03:00 45.056 A.... "C:\WINDOWS\erdnt\Hiv-backup\SECURITY"
26 Mar 2008 1:03:02 33.210.368 A.... "C:\WINDOWS\erdnt\Hiv-backup\software"
26 Mar 2008 1:16:24 6.291.456 A.... "C:\WINDOWS\erdnt\Hiv-backup\system"
26 Mar 2008 1:06:40 307.200 A.... "C:\WINDOWS\erdnt\subs\default"
26 Mar 2008 1:06:40 673 A.... "C:\WINDOWS\erdnt\subs\ERDNT.CON"
26 Mar 2008 1:06:40 460 A.... "C:\WINDOWS\erdnt\subs\ERDNT.INF"
26 Mar 2008 1:06:40 32.768 A.... "C:\WINDOWS\erdnt\subs\SAM"
26 Mar 2008 1:06:28 45.056 A.... "C:\WINDOWS\erdnt\subs\SECURITY"
26 Mar 2008 1:06:32 33.263.616 A.... "C:\WINDOWS\erdnt\subs\software"
26 Mar 2008 1:07:14 1.024 A..H. "C:\WINDOWS\erdnt\subs\software.LOG"
26 Mar 2008 1:06:40 6.217.728 A.... "C:\WINDOWS\erdnt\subs\system"
26 Mar 2008 1:07:12 1.024 A..H. "C:\WINDOWS\erdnt\subs\system.LOG"
17 Feb 2008 3:02:56 8.192 A.... "C:\WINDOWS\ie7updates\KB944533-IE7\reg00002"
17 Feb 2008 3:02:56 8.192 A.... "C:\WINDOWS\ie7updates\KB944533-IE7\reg00003"
17 Feb 2008 3:02:56 1.077.248 A.... "C:\WINDOWS\ie7updates\KB944533-IE7\reg00004"
17 Feb 2008 3:02:56 8.192 A.... "C:\WINDOWS\ie7updates\KB944533-IE7\reg00005"
17 Feb 2008 3:02:56 8.192 A.... "C:\WINDOWS\ie7updates\KB944533-IE7\reg00006"
17 Feb 2008 3:02:58 8.192 A.... "C:\WINDOWS\ie7updates\KB944533-IE7\reg00007"
17 Feb 2008 3:02:58 8.192 A.... "C:\WINDOWS\ie7updates\KB944533-IE7\reg00008"
17 Feb 2008 3:02:58 8.192 A.... "C:\WINDOWS\ie7updates\KB944533-IE7\reg00009"
17 Feb 2008 3:02:58 8.192 A.... "C:\WINDOWS\ie7updates\KB944533-IE7\reg00010"
17 Feb 2008 3:02:58 8.192 A.... "C:\WINDOWS\ie7updates\KB944533-IE7\reg00011"
17 Feb 2008 3:02:58 8.192 A.... "C:\WINDOWS\ie7updates\KB944533-IE7\reg00012"
17 Feb 2008 3:02:58 8.192 A.... "C:\WINDOWS\ie7updates\KB944533-IE7\reg00013"
17 Feb 2008 3:02:58 8.192 A.... "C:\WINDOWS\ie7updates\KB944533-IE7\reg00014"
17 Feb 2008 3:02:58 8.192 A.... "C:\WINDOWS\ie7updates\KB944533-IE7\reg00015"
17 Feb 2008 3:02:58 12.288 A.... "C:\WINDOWS\ie7updates\KB944533-IE7\reg00016"
27 Mar 2008 11:02:44 329 A.... "C:\WINDOWS\system32\dla\DLA.INI"
25 Mar 2008 14:28:40 512.096 A.... "C:\WINDOWS\system32\drivers\amon.sys"
23 Mar 2008 16:22:46 16.560 A.... "C:\WINDOWS\system32\drivers\hosts"
25 Mar 2008 14:28:38 15.424 A.... "C:\WINDOWS\system32\drivers\nod32drv.sys"
27 Mar 2008 11:01:44 78 A.... "C:\WINDOWS\system32\Restore\MachineGuid.txt"
22 Mar 2008 0:04:20 491.596 A.... "C:\WINDOWS\system32\Restore\rstrlog.dat"
27 Mar 2008 11:01:42 16.384 A.... "C:\WINDOWS\Temp\hsperfdata_SYSTEM\336"
25 Mar 2008 19:54:42 7.239 A.... "C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.MSXML2_ 6bd6b9abf345378f_4.20.9818.0_x-ww_8ff50c5d.cat"
25 Mar 2008 20:03:22 3.478 A.... "C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.MSXML2_ 6bd6b9abf345378f_4.20.9818.0_x-ww_8ff50c5d.Manifest"
25 Mar 2008 19:54:42 7.243 A.... "C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.MSXML2R _6bd6b9abf345378f_4.1.0.0_x-ww_29c3ad6a.cat"
25 Mar 2008 20:03:22 500 A.... "C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.MSXML2R _6bd6b9abf345378f_4.1.0.0_x-ww_29c3ad6a.Manifest"
25 Mar 2008 19:54:42 1.233.920 A.... "C:\WINDOWS\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf3 45378f_4.20.9818.0_x-ww_8ff50c5d\msxml4.dll"
25 Mar 2008 19:54:42 82.432 A.... "C:\WINDOWS\WinSxS\x86_Microsoft.MSXML2R_6bd6b9abf 345378f_4.1.0.0_x-ww_29c3ad6a\msxml4r.dll"
17 Feb 2008 3:03:18 23.372 A.... "C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.inf"
17 Feb 2008 3:02:58 7.818 A.... "C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.txt"
2 Mar 2008 22:46:54 8 A.... "C:\WINDOWS\system32\CatRoot\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\TimeStamp"
25 Mar 2008 19:54:14 8 A.... "C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\TimeStamp"
26 Mar 2008 134 27 A.... "C:\WINDOWS\system32\drivers\etc\hosts"
25 Mar 2008 19:55:48 17.245 A.... "C:\WINDOWS\system32\drivers\etc\hosts.ctf"
24 Mar 2008 1:39:06 16.560 A.... "C:\WINDOWS\system32\drivers\etc\hosts.msn"
27 Mar 2008 11:11:24 12.288 A.... "C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.e tl"
25 Mar 2008 1:16:02 14.231 A.... "C:\WINDOWS\system32\Macromed\Flash\install.lo g"
25 Mar 2008 1:16:02 74.649 A.... "C:\WINDOWS\system32\Macromed\Flash\uninstall_acti veX.exe"
26 Mar 2008 1:03:04 229.376 A.... "C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT"
26 Mar 2008 1:03:04 8.192 A.... "C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat"
26 Mar 2008 1:03:04 229.376 A.... "C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT"
26 Mar 2008 1:03:04 8.192 A.... "C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat"
26 Mar 2008 1:03:04 6.299.648 A.... "C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT"
26 Mar 2008 1:03:04 16.384 A.... "C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat"


(sigue...)