Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Some malware/trojan downloading other malicious file

Started by fedlerner , Jan 08 2010 06:35 PM

  • Please log in to reply

#1
fedlerner
Posted 08 January 2010 - 06:35 PM

fedlerner

    New Member

  • Member
  • Pip
  • 6 posts
Hi,
I opened a .exe which after opening it dissapeared. After this, I my ESET Smart Security started detecting:

08/01/2010 09:22:28 p.m. Filtro HTTP archivo http://91.212.226.180/51.exe una variante de Win32/Kryptik.BPX Troyano conexión finalizada - puesto en Cuarentena NT AUTHORITY\SYSTEM Se ha detectado una amenaza accediendo a un sitio de Internet a través de esta aplicación: C:\Windows\System32\svchost.exe.


I'm sorry it's in spanish. It says that detects a download http://91.212.226.180/51.exe which is a variant of Win32/Kryptik.BPX Troyan, coming from C:\Windows\System32\svchost.exe and it's ESET is blocking it and putting the file on Quarantine.

I've tried everything.. Doing scans with ESET, Malwarebytes' Anti-Malware, SpyBot, Ad-Aware.. I even tried some online antivirus scanners, but nothing has changed... So here I am.

I have performed the steps of this thread: http://www.geekstogo...uide-t2852.html and here are the logs..

Malwarebytes' Anti-Malware LOG

Malwarebytes' Anti-Malware 1.44
Versión de la Base de Datos: 3522
Windows 6.1.7600
Internet Explorer 8.0.7600.16385

08/01/2010 09:24:26 p.m.
mbam-log-2010-01-08 (21-24-26).txt

Tipo de examen : Examen Rápido
Objetos examinados: 95390
Tiempo transcurrido: 4 minute(s), 36 second(s)

Procesos en Memoria Infectados: 0
Módulos en Memoria Infectados: 0
Claves del Registro Infectadas: 0
Valores del Registro Infectados: 0
Elementos de Datos del Registro Infectados: 0
Carpetas Infectadas: 0
Ficheros Infectados: 0

Procesos en Memoria Infectados:
(No se han detectado elementos maliciosos)

Módulos en Memoria Infectados:
(No se han detectado elementos maliciosos)

Claves del Registro Infectadas:
(No se han detectado elementos maliciosos)

Valores del Registro Infectados:
(No se han detectado elementos maliciosos)

Elementos de Datos del Registro Infectados:
(No se han detectado elementos maliciosos)

Carpetas Infectadas:
(No se han detectado elementos maliciosos)

Ficheros Infectados:
(No se han detectado elementos maliciosos)


GMER Rootkit Scanner LOG

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-01-08 21:01:45
Windows 6.1.7600
Running: gmer.exe; Driver: C:\Users\Fede\AppData\Local\Temp\axrcapob.sys


---- System - GMER 1.0.15 ----

INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E43AF8
INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E43104
INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E433F4
INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E2B634
INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E2B898
INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E431DC
INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E43958
INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E436F8
INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E43F2C
INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E441A8

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)

Device \Driver\BTHUSB \Device\0000008e bthport.sys (Controlador de bus Bluetooth/Microsoft Corporation)
Device \Driver\ACPI_HAL \Device\00000051 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device \Driver\BTHUSB \Device\0000008c bthport.sys (Controlador de bus Bluetooth/Microsoft Corporation)

---- Threads - GMER 1.0.15 ----

Thread System [4:248] 85D22930

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00247e43c5fa
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00247e43c5fa (not active ControlSet)

---- EOF - GMER 1.0.15 ----


OTL LOG

OTL logfile created on: 08/01/2010 09:04:00 p.m. - Run 1
OTL by OldTimer - Version 3.1.21.2 Folder = C:\Users\Fede\Downloads
An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00002c0a | Country: Argentina | Language: ESS | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 54,00% Memory free
3,00 Gb Paging File | 2,00 Gb Available in Paging File | 69,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222,66 Gb Total Space | 154,39 Gb Free Space | 69,34% Space Free | Partition Type: NTFS
Drive D: | 10,22 Gb Total Space | 1,75 Gb Free Space | 17,15% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: FEDENOTEBOOK
Current User Name: Fede
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/01/08 21:02:29 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Users\Fede\Downloads\OTL.exe
PRC - [2010/01/07 16:07:10 | 00,236,368 | ---- | M] (Malwarebytes Corporation) -- C:\Archivos de programa\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2009/12/01 13:37:48 | 00,322,624 | ---- | M] (DigitalPersona, Inc.) -- C:\Archivos de programa\DigitalPersona\Bin\DpHostW.exe
PRC - [2009/12/01 13:37:46 | 00,842,816 | ---- | M] (DigitalPersona, Inc.) -- C:\Archivos de programa\DigitalPersona\Bin\DpAgent.exe
PRC - [2009/11/24 11:07:18 | 00,323,640 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Archivos de programa\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
PRC - [2009/11/16 09:04:30 | 00,735,960 | ---- | M] (ESET) -- C:\Archivos de programa\ESET\ESET Smart Security\ekrn.exe
PRC - [2009/11/16 09:03:32 | 02,054,360 | ---- | M] (ESET) -- C:\Archivos de programa\ESET\ESET Smart Security\egui.exe
PRC - [2009/11/02 21:24:58 | 00,257,440 | R--- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10d.exe
PRC - [2009/10/15 10:11:32 | 00,120,832 | ---- | M] (Hewlett-Packard) -- C:\Archivos de programa\Hewlett-Packard\HP Health Check\HPHC_Service.exe
PRC - [2009/09/16 17:42:30 | 00,210,216 | ---- | M] (CyberLink) -- c:\Archivos de programa\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2009/09/09 16:38:34 | 00,128,296 | ---- | M] (CyberLink Corp.) -- c:\Archivos de programa\Hewlett-Packard\Media\DVD\DVDAgent.exe
PRC - [2009/08/20 13:34:04 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Archivos de programa\Common Files\LightScribe\LSSrvc.exe
PRC - [2009/08/20 13:25:58 | 02,363,392 | ---- | M] (Hewlett-Packard Company) -- C:\Archivos de programa\Common Files\LightScribe\LightScribeControlPanel.exe
PRC - [2009/08/04 20:45:12 | 00,348,160 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2009/08/04 20:44:44 | 00,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2009/08/03 02:35:50 | 02,613,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/07/23 11:04:42 | 00,498,744 | ---- | M] (Hewlett-Packard) -- C:\Archivos de programa\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
PRC - [2009/07/22 09:33:32 | 00,458,844 | ---- | M] (IDT, Inc.) -- C:\Archivos de programa\IDT\WDM\sttray.exe
PRC - [2009/07/22 09:33:32 | 00,221,266 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_8e7d5b9d3a91d8c5\stacsv.exe
PRC - [2009/07/13 22:17:29 | 00,673,048 | ---- | M] (Microsoft Corporation) -- C:\Archivos de programa\Internet Explorer\iexplore.exe
PRC - [2009/07/13 22:14:47 | 01,121,280 | ---- | M] (Microsoft Corporation) -- C:\Archivos de programa\Windows Media Player\wmpnetwk.exe
PRC - [2009/07/13 22:14:42 | 00,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/13 22:14:15 | 00,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2009/07/01 15:44:34 | 00,632,888 | ---- | M] () -- C:\Archivos de programa\Hewlett-Packard\Shared\HpqToaster.exe
PRC - [2009/06/03 02:12:50 | 00,599,344 | ---- | M] (Validity Sensors, Inc.) -- C:\Windows\System32\vfsFPService.exe
PRC - [2009/05/15 11:25:30 | 00,282,624 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Archivos de programa\Apoint2K\Apoint.exe
PRC - [2009/05/05 09:11:50 | 00,228,408 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Archivos de programa\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
PRC - [2009/04/30 15:58:44 | 00,229,944 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Archivos de programa\Hewlett-Packard\Shared\hpqWmiEx.exe
PRC - [2009/04/22 17:38:50 | 00,065,536 | ---- | M] (Advanced Micro Devices Inc.) -- c:\Archivos de programa\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
PRC - [2009/04/22 17:37:16 | 00,065,536 | ---- | M] (ATI Technologies Inc.) -- C:\Archivos de programa\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
PRC - [2009/03/03 05:43:08 | 00,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_8e7d5b9d3a91d8c5\AEstSrv.exe
PRC - [2009/02/01 16:15:38 | 00,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Archivos de programa\Apoint2K\ApntEx.exe
PRC - [2009/01/26 15:31:10 | 01,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Archivos de programa\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/11/25 05:56:46 | 00,054,568 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Archivos de programa\Apoint2K\ApMsgFwd.exe


========== Modules (SafeList) ==========

MOD - [2010/01/08 21:02:29 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Users\Fede\Downloads\OTL.exe
MOD - [2009/07/13 22:16:15 | 00,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009/07/13 22:16:13 | 00,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009/07/13 22:16:13 | 00,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
MOD - [2009/07/13 22:16:12 | 00,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009/07/13 22:16:03 | 00,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
MOD - [2009/07/13 22:15:35 | 00,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009/07/13 22:15:13 | 00,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009/07/13 22:15:11 | 00,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009/07/13 22:15:07 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009/07/13 22:15:02 | 00,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
MOD - [2009/07/13 22:03:50 | 01,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/01/07 16:07:10 | 00,236,368 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/01/07 06:19:19 | 01,028,432 | ---- | M] (Lavasoft) [Auto | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2009/12/01 13:37:48 | 00,322,624 | ---- | M] (DigitalPersona, Inc.) [Auto | Running] -- C:\Archivos de programa\DigitalPersona\Bin\DpHostW.exe -- (DpHost)
SRV - [2009/11/16 09:12:54 | 00,020,680 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv)
SRV - [2009/11/16 09:04:30 | 00,735,960 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn)
SRV - [2009/10/15 10:11:32 | 00,120,832 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe -- (HP Health Check Service)
SRV - [2009/08/20 13:34:04 | 00,073,728 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2009/08/04 20:44:44 | 00,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009/07/22 09:33:32 | 00,221,266 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_8e7d5b9d3a91d8c5\stacsv.exe -- (STacSV)
SRV - [2009/07/13 22:16:21 | 00,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009/07/13 22:16:17 | 00,151,552 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009/07/13 22:16:17 | 00,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009/07/13 22:16:16 | 00,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009/07/13 22:16:15 | 00,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009/07/13 22:16:15 | 00,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 22:16:13 | 00,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009/07/13 22:16:13 | 00,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 22:16:12 | 01,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 22:16:12 | 00,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009/07/13 22:16:12 | 00,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009/07/13 22:16:12 | 00,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/13 22:16:12 | 00,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009/07/13 22:15:41 | 00,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Archivos de programa\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/13 22:15:36 | 00,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009/07/13 22:15:21 | 00,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/07/13 22:15:11 | 00,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/13 22:15:10 | 00,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009/07/13 22:14:59 | 00,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009/07/13 22:14:58 | 00,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) Instalador de ActiveX (AxInstSV)
SRV - [2009/07/13 22:14:53 | 00,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009/07/13 22:14:29 | 03,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
SRV - [2009/06/03 02:12:50 | 00,599,344 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\System32\vfsFPService.exe -- (vfsFPService)
SRV - [2009/05/05 09:11:50 | 00,228,408 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Running] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe -- (Com4QLBEx)
SRV - [2009/04/30 15:58:44 | 00,229,944 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Running] -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe -- (hpqwmiex)
SRV - [2009/03/03 05:43:08 | 00,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_8e7d5b9d3a91d8c5\AEstSrv.exe -- (AESTFilters)
SRV - [2009/01/26 15:31:10 | 01,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Archivos de programa\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ar.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = es-ar
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 9A 95 83 2D 45 87 CA 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.60
FF - prefs.js..extensions.enabledItems: [email protected]:1.19
FF - prefs.js..extensions.enabledItems: [email protected]:1.1.1
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.7
FF - prefs.js..extensions.enabledItems: {76063e7f-3558-4b68-8287-54eb6512adc0}:2.4.1
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20091209.4
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.464
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.9.35

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\DigitalPersona\Bin\FirefoxExt\ [2009/12/28 00:14:21 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/06 01:26:29 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/08 20:36:05 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2009/12/28 00:02:13 | 00,000,000 | ---D | M]

[2009/12/27 23:44:27 | 00,000,000 | ---D | M] -- C:\Users\Fede\AppData\Roaming\mozilla\Extensions
[2009/12/27 23:44:27 | 00,000,000 | ---D | M] -- C:\Users\Fede\AppData\Roaming\mozilla\Extensions\[email protected]
[2010/01/08 20:36:06 | 00,000,000 | ---D | M] -- C:\Users\Fede\AppData\Roaming\mozilla\Firefox\Profiles\8ykwrfiw.default\extensions
[2010/01/07 01:54:43 | 00,000,000 | ---D | M] (NoScript) -- C:\Users\Fede\AppData\Roaming\mozilla\Firefox\Profiles\8ykwrfiw.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2009/12/28 03:00:54 | 00,000,000 | ---D | M] (Gladiatus Tools) -- C:\Users\Fede\AppData\Roaming\mozilla\Firefox\Profiles\8ykwrfiw.default\extensions\{76063e7f-3558-4b68-8287-54eb6512adc0}
[2010/01/08 01:37:16 | 00,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Fede\AppData\Roaming\mozilla\Firefox\Profiles\8ykwrfiw.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/01/03 19:48:13 | 00,000,000 | ---D | M] (DownThemAll!) -- C:\Users\Fede\AppData\Roaming\mozilla\Firefox\Profiles\8ykwrfiw.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2009/12/27 22:28:53 | 00,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Fede\AppData\Roaming\mozilla\Firefox\Profiles\8ykwrfiw.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010/01/06 13:35:27 | 00,000,000 | ---D | M] -- C:\Users\Fede\AppData\Roaming\mozilla\Firefox\Profiles\8ykwrfiw.default\extensions\[email protected]
[2010/01/06 13:35:27 | 00,000,000 | ---D | M] -- C:\Users\Fede\AppData\Roaming\mozilla\Firefox\Profiles\8ykwrfiw.default\extensions\[email protected]
[2009/12/28 01:03:38 | 00,000,000 | ---D | M] -- C:\Users\Fede\AppData\Roaming\mozilla\Firefox\Profiles\8ykwrfiw.default\extensions\[email protected]
[2009/12/28 10:43:31 | 00,000,000 | ---D | M] -- C:\Archivos de programa\Mozilla Firefox\extensions
[2009/12/02 05:41:52 | 00,004,080 | ---- | M] () -- C:\Archivos de programa\Mozilla Firefox\searchplugins\drae.xml
[2009/12/02 05:41:52 | 00,002,480 | ---- | M] () -- C:\Archivos de programa\Mozilla Firefox\searchplugins\mercadolibre-ar.xml
[2009/12/02 05:41:52 | 00,001,178 | ---- | M] () -- C:\Archivos de programa\Mozilla Firefox\searchplugins\wikipedia-es.xml
[2009/12/02 05:41:52 | 00,000,838 | ---- | M] () -- C:\Archivos de programa\Mozilla Firefox\searchplugins\yahoo-ar.xml

O1 HOSTS File: (371907 bytes) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 12817 more lines...
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Archivos de programa\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (DigitalPersona Personal Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Archivos de programa\DigitalPersona\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live Aplicación auxiliar de inicio de sesión) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Archivos de programa\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Archivos de programa\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Ad-Watch] C:\Archivos de programa\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [Apoint] C:\Archivos de programa\Apoint2K\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [DpAgent] C:\Archivos de programa\DigitalPersona\Bin\DpAgent.exe (DigitalPersona, Inc.)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe ( Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [StartCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SysTrayApp] C:\Archivos de programa\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [WirelessAssistant] C:\Archivos de programa\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Hewlett-Packard)
O4 - HKCU..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra 'Tools' menuitem : Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe ()
O13 - gopher Prefix: missing
O15 - HKLM\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitd...can8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2....re/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.h...tDetection2.cab (GMNRev Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} http://download.mcaf...854/mcfscan.cab (McFreeScan Class)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Archivos de programa\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Archivos de programa\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 18:42:20 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2009/07/13 23:37:08 | 00,000,000 | ---D | M]
NetSvcs: Irmon - C:\Windows\System32\irmon.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation)
NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation)

========== Files/Folders - Created Within 14 Days ==========

[2010/01/08 20:40:13 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/01/08 20:39:25 | 00,000,000 | ---D | C] -- C:\Archivos de programa\ERUNT
[2010/01/08 20:10:49 | 00,000,000 | ---D | C] -- C:\Archivos de programa\HijackThis
[2010/01/08 17:06:37 | 00,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2010/01/08 17:06:30 | 00,000,000 | ---D | C] -- C:\Archivos de programa\Common Files\Adobe
[2010/01/08 17:06:30 | 00,000,000 | ---D | C] -- C:\Archivos de programa\Adobe
[2010/01/08 17:04:57 | 00,000,000 | ---D | C] -- C:\Users\Public\Desktop\Programa de instalación de Adobe Reader 9
[2010/01/08 17:03:22 | 00,000,000 | ---D | C] -- C:\Users\Fede\AppData\Local\Adobe
[2010/01/08 01:36:19 | 00,000,000 | ---D | C] -- C:\Users\Fede\AppData\Local\LogMeIn
[2010/01/08 01:36:19 | 00,000,000 | ---D | C] -- C:\ProgramData\LogMeIn
[2010/01/07 23:27:14 | 00,000,000 | ---D | C] -- C:\Users\Fede\AppData\Roaming\Malwarebytes
[2010/01/07 23:27:08 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/01/07 23:27:06 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/01/07 23:27:04 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/01/07 23:27:03 | 00,000,000 | ---D | C] -- C:\Archivos de programa\Malwarebytes' Anti-Malware
[2010/01/07 20:07:50 | 00,000,000 | ---D | C] -- C:\Windows\McAfee.com
[2010/01/07 16:49:49 | 00,000,000 | ---D | C] -- C:\Windows\BDOSCAN8
[2010/01/07 06:02:58 | 00,000,000 | -H-D | C] -- C:\ProgramData\{83C91755-2546-441D-AC40-9A6B4B860800}
[2010/01/07 06:02:50 | 00,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2010/01/07 06:02:50 | 00,000,000 | ---D | C] -- C:\Archivos de programa\Lavasoft
[2010/01/07 04:47:16 | 00,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010/01/07 04:47:16 | 00,000,000 | ---D | C] -- C:\Archivos de programa\Spybot - Search & Destroy
[2010/01/07 02:42:35 | 00,000,000 | ---D | C] -- C:\Users\Public\Documents\Backups CCleaner
[2010/01/07 02:33:58 | 00,000,000 | ---D | C] -- C:\Archivos de programa\CCleaner
[2010/01/05 23:42:21 | 00,000,000 | ---D | C] -- C:\Users\Fede\AppData\Local\Rockstar Games
[2010/01/05 23:40:08 | 00,000,000 | RH-D | C] -- C:\Users\Fede\AppData\Roaming\SecuROM
[2010/01/05 23:39:44 | 00,107,888 | ---- | C] (Sony DADC Austria AG.) -- C:\Windows\System32\CmdLineExt.dll
[2010/01/05 23:38:20 | 00,000,000 | ---D | C] -- C:\Windows\System32\xlive
[2010/01/05 23:38:20 | 00,000,000 | ---D | C] -- C:\Archivos de programa\Microsoft Games for Windows - LIVE
[2010/01/05 23:00:44 | 00,000,000 | ---D | C] -- C:\Archivos de programa\Rockstar Games
[2010/01/04 00:12:12 | 00,000,000 | ---D | C] -- C:\Archivos de programa\WinRAR
[2010/01/03 04:14:08 | 00,000,000 | ---D | C] -- C:\Archivos de programa\uTorrent
[2010/01/03 04:12:38 | 00,000,000 | ---D | C] -- C:\Users\Fede\AppData\Roaming\uTorrent
[2010/01/02 23:02:24 | 00,000,000 | ---D | C] -- C:\Users\Fede\AppData\Local\Deployment
[2010/01/02 23:02:24 | 00,000,000 | ---D | C] -- C:\Users\Fede\AppData\Local\Apps
[2010/01/02 19:24:44 | 00,000,000 | ---D | C] -- C:\Archivos de programa\Validity Sensors, Inc
[2010/01/02 17:33:21 | 00,000,000 | ---D | C] -- C:\Users\Fede\AppData\Roaming\acccore
[2010/01/02 17:33:20 | 00,000,000 | ---D | C] -- C:\Users\Fede\AppData\Local\AOL
[2010/01/02 17:33:20 | 00,000,000 | ---D | C] -- C:\Users\Fede\AppData\Local\AIM
[2010/01/02 17:33:06 | 00,000,000 | ---D | C] -- C:\ProgramData\AIM
[2010/01/02 17:32:57 | 00,000,000 | ---D | C] -- C:\Archivos de programa\AIM
[2010/01/02 17:32:56 | 00,000,000 | ---D | C] -- C:\Archivos de programa\Common Files\Software Update Utility
[2010/01/02 17:32:54 | 00,000,000 | ---D | C] -- C:\Archivos de programa\Common Files\AOL
[2010/01/02 17:03:44 | 00,000,000 | ---D | C] -- C:\Users\Fede\AppData\Local\GlobalSCAPE
[2010/01/02 17:03:44 | 00,000,000 | ---D | C] -- C:\ProgramData\GlobalSCAPE
[2010/01/02 17:03:36 | 00,000,000 | ---D | C] -- C:\Users\Fede\AppData\Roaming\GlobalSCAPE
[2010/01/02 17:02:45 | 00,000,000 | ---D | C] -- C:\Archivos de programa\GlobalSCAPE
[2010/01/02 17:01:47 | 00,000,000 | ---D | C] -- C:\Archivos de programa\Common Files\InstallShield
[2010/01/02 17:00:50 | 00,000,000 | ---D | C] -- C:\Users\Fede\AppData\Roaming\KeePass
[2010/01/02 16:56:23 | 00,000,000 | ---D | C] -- C:\Archivos de programa\KeePass Password Safe 2
[2010/01/02 16:05:15 | 00,000,000 | ---D | C] -- C:\Users\Fede\AppData\Local\ElevatedDiagnostics
[2010/01/01 01:23:47 | 00,000,000 | ---D | C] -- C:\Users\Fede\AppData\Roaming\CyberLink
[2009/12/31 05:10:37 | 00,000,000 | ---D | C] -- C:\Users\Fede\AppData\Roaming\WinRAR
[2009/12/28 10:43:41 | 00,000,000 | ---D | C] -- C:\Archivos de programa\JDownloader
[2009/12/28 10:43:05 | 00,000,000 | ---D | C] -- C:\Archivos de programa\Java
[2009/12/28 10:28:09 | 00,000,000 | ---D | C] -- C:\Users\Fede\AppData\Roaming\Macromedia
[2009/12/28 10:28:09 | 00,000,000 | ---D | C] -- C:\Users\Fede\AppData\Roaming\Adobe
[2009/12/28 10:28:00 | 00,000,000 | ---D | C] -- C:\Windows\System32\Macromed
[2009/12/28 00:22:28 | 00,000,000 | ---D | C] -- C:\Users\Fede\Documents\Mis archivos recibidos
[2009/12/28 00:20:56 | 00,000,000 | ---D | C] -- C:\Users\Fede\Documents\Mis historiales de conversación
[2009/12/28 00:16:56 | 00,000,000 | ---D | C] -- C:\ProgramData\Messenger Plus!
[2009/12/28 00:14:24 | 00,000,000 | ---D | C] -- C:\Windows\System32\tr
[2009/12/28 00:14:24 | 00,000,000 | ---D | C] -- C:\Windows\System32\sv
[2009/12/28 00:14:24 | 00,000,000 | ---D | C] -- C:\Windows\System32\ru
[2009/12/28 00:14:24 | 00,000,000 | ---D | C] -- C:\Windows\System32\no
[2009/12/28 00:14:24 | 00,000,000 | ---D | C] -- C:\Windows\System32\da
[2009/12/28 00:14:22 | 00,000,000 | ---D | C] -- C:\Windows\System32\ko
[2009/12/28 00:14:22 | 00,000,000 | ---D | C] -- C:\Windows\System32\ja
[2009/12/28 00:14:22 | 00,000,000 | ---D | C] -- C:\Windows\System32\it
[2009/12/28 00:14:22 | 00,000,000 | ---D | C] -- C:\Windows\System32\fr
[2009/12/28 00:14:22 | 00,000,000 | ---D | C] -- C:\Windows\System32\de
[2009/12/28 00:14:20 | 00,000,000 | ---D | C] -- C:\Windows\DPDrv
[2009/12/28 00:06:01 | 00,000,000 | ---D | C] -- C:\Archivos de programa\Messenger Plus! Live
[2009/12/27 23:44:26 | 00,000,000 | ---D | C] -- C:\Users\Fede\AppData\Roaming\Postbox
[2009/12/27 23:44:26 | 00,000,000 | ---D | C] -- C:\Users\Fede\AppData\Local\Postbox
[2009/12/27 23:44:15 | 00,000,000 | ---D | C] -- C:\Archivos de programa\Postbox
[2009/12/27 23:31:26 | 00,000,000 | ---D | C] -- C:\Users\Fede\AppData\Local\CyberLink
[2009/12/27 23:31:25 | 00,000,000 | ---D | C] -- C:\Users\Fede\AppData\Local\PowerCinema
[2009/12/27 23:19:37 | 00,000,000 | ---D | C] -- C:\Users\Fede\Tracing
[2009/12/27 23:12:08 | 00,000,000 | ---D | C] -- C:\Archivos de programa\Microsoft Silverlight
[2009/12/27 23:10:39 | 00,000,000 | ---D | C] -- C:\Archivos de programa\Microsoft SQL Server Compact Edition
[2009/12/27 23:10:02 | 00,000,000 | ---D | C] -- C:\Archivos de programa\Microsoft
[2009/12/27 23:09:48 | 00,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2009/12/27 23:09:41 | 00,000,000 | ---D | C] -- C:\Archivos de programa\Windows Live SkyDrive
[2009/12/27 23:09:17 | 00,000,000 | ---D | C] -- C:\Archivos de programa\Windows Live
[2009/12/27 23:08:52 | 00,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2009/12/27 23:04:13 | 00,000,000 | ---D | C] -- C:\mIRC
[2009/12/27 23:01:49 | 00,000,000 | ---D | C] -- C:\Users\Fede\Documents\x10
[2009/12/27 23:00:14 | 00,000,000 | ---D | C] -- C:\AL BACKUP
[2009/12/27 22:58:09 | 00,000,000 | ---D | C] -- C:\mIRCBACKUP
[2009/12/27 22:54:14 | 00,000,000 | ---D | C] -- C:\Archivos de programa\Validity Sensors
[2009/12/27 22:52:20 | 00,000,000 | ---D | C] -- C:\Archivos de programa\Common Files\Windows Live
[2009/12/27 22:47:59 | 00,000,000 | ---D | C] -- C:\Users\Fede\AppData\Roaming\ESET
[2009/12/27 22:46:49 | 00,000,000 | ---D | C] -- C:\ProgramData\ESET
[2009/12/27 22:46:49 | 00,000,000 | ---D | C] -- C:\Archivos de programa\ESET
[2009/12/27 22:38:49 | 00,000,000 | ---D | C] -- C:\Archivos de programa\MSXML 4.0
[2009/12/27 22:33:50 | 00,000,000 | ---D | C] -- C:\ProgramData\{657095DF-DBDB-4B17-8245-B38845C97069}
[2009/12/27 22:27:48 | 00,000,000 | ---D | C] -- C:\Archivos de programa\Common Files\LightScribe
[2009/12/27 22:24:58 | 00,000,000 | ---D | C] -- C:\Users\Fede\AppData\Roaming\Macrovision
[2009/12/27 22:23:54 | 00,000,000 | ---D | C] -- C:\Users\Fede\AppData\Roaming\DigitalPersona
[2009/12/27 22:23:54 | 00,000,000 | ---D | C] -- C:\Users\Fede\AppData\Local\DigitalPersona
[2009/12/27 22:21:32 | 00,000,000 | ---D | C] -- C:\Users\Fede\AppData\Local\Programs
[2009/12/27 22:21:12 | 00,000,000 | ---D | C] -- C:\ProgramData\Macrovision
[2009/12/27 22:21:12 | 00,000,000 | ---D | C] -- C:\Archivos de programa\DigitalPersona
[2009/12/27 22:19:55 | 00,000,000 | ---D | C] -- C:\ProgramData\Downloaded Installations
[2009/12/27 22:14:08 | 00,000,000 | ---D | C] -- C:\Users\Fede\AppData\Local\Diagnostics
[2009/12/27 21:35:45 | 00,000,000 | ---D | C] -- C:\Users\Fede\AppData\Roaming\Hewlett-Packard
[2009/12/27 21:34:36 | 00,000,000 | ---D | C] -- C:\Windows\Driver Cache
[2009/12/27 21:34:33 | 00,000,000 | ---D | C] -- C:\Archivos de programa\AVerMedia
[2009/12/27 21:31:33 | 00,000,000 | ---D | C] -- C:\ProgramData\Hewlett-Packard
[2009/12/27 21:22:58 | 00,000,000 | ---D | C] -- C:\Users\Fede\AppData\Local\Hewlett-Packard
[2009/12/27 21:22:56 | 00,000,000 | ---D | C] -- C:\ProgramData\CyberLink
[2009/12/27 21:18:48 | 00,000,000 | ---D | C] -- C:\ProgramData\Temp
[2009/12/27 21:18:14 | 00,000,000 | ---D | C] -- C:\HP
[2009/12/27 21:11:32 | 00,000,000 | ---D | C] -- C:\Users\Fede\AppData\Roaming\Mozilla
[2009/12/27 21:11:32 | 00,000,000 | ---D | C] -- C:\Users\Fede\AppData\Local\Mozilla
[2009/12/27 21:11:24 | 00,000,000 | ---D | C] -- C:\Archivos de programa\Mozilla Firefox
[2009/12/27 20:37:45 | 00,000,000 | ---D | C] -- C:\Archivos de programa\Apoint2K
[2009/12/27 20:33:58 | 00,036,921 | ---- | C] (Hauppauge Computer Works) -- C:\Windows\System32\hcwutl32.dll
[2009/12/27 20:33:48 | 00,000,000 | ---D | C] -- C:\Archivos de programa\HP USB TV Tuner
[2009/12/27 20:16:48 | 00,000,000 | ---D | C] -- C:\Users\Fede\AppData\Roaming\ATI
[2009/12/27 20:16:48 | 00,000,000 | ---D | C] -- C:\Users\Fede\AppData\Local\ATI
[2009/12/27 20:16:48 | 00,000,000 | ---D | C] -- C:\ProgramData\ATI
[2009/12/27 20:13:46 | 00,000,000 | ---D | C] -- C:\Archivos de programa\Hewlett-Packard
[2009/12/27 20:13:45 | 00,000,000 | ---D | C] -- C:\Users\Fede\AppData\Roaming\hpqLog
[2009/12/27 20:11:55 | 00,167,936 | ---- | C] (Realtek ) -- C:\Windows\System32\drivers\Rt86win7.sys
[2009/12/27 20:11:55 | 00,000,000 | ---D | C] -- C:\Archivos de programa\Realtek
[2009/12/27 20:11:06 | 00,000,000 | ---D | C] -- C:\Archivos de programa\DIFX
[2009/12/27 20:11:04 | 00,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2009/12/27 20:11:04 | 00,000,000 | ---D | C] -- C:\Archivos de programa\AMD
[2009/12/27 20:09:10 | 00,000,000 | ---D | C] -- C:\Archivos de programa\ATI Technologies
[2009/12/27 19:50:42 | 00,536,576 | ---- | C] (IDT, Inc.) -- C:\Windows\System32\idtmini1.exe
[2009/12/27 19:50:41 | 12,030,044 | ---- | C] (IDT, Inc.) -- C:\Windows\System32\idtcpl.cpl
[2009/12/27 19:50:41 | 03,600,384 | ---- | C] (IDT, Inc.) -- C:\Windows\System32\stlang.dll
[2009/12/27 19:50:41 | 00,458,844 | ---- | C] (IDT, Inc.) -- C:\Windows\sttray.exe
[2009/12/27 19:50:37 | 00,175,616 | ---- | C] (IDT, Inc.) -- C:\Windows\System32\staco.dll
[2009/12/27 19:49:34 | 00,000,000 | -H-D | C] -- C:\Archivos de programa\InstallShield Installation Information
[2009/12/27 19:45:55 | 00,000,000 | ---D | C] -- C:\Windows\System32\SDA
[2009/12/27 19:45:55 | 00,000,000 | ---D | C] -- C:\Archivos de programa\JMicron
[2009/12/27 19:43:53 | 00,000,000 | ---D | C] -- C:\Archivos de programa\ATI
[2009/12/27 19:43:41 | 00,000,000 | ---D | C] -- C:\SYSTEM.SAV
[2009/12/27 19:43:39 | 00,000,000 | ---D | C] -- C:\swsetup
[2009/12/27 19:40:16 | 00,000,000 | ---D | C] -- C:\Archivos de programa\HP
[2009/12/27 19:40:11 | 00,000,000 | -HSD | C] -- C:\Windows\Installer
[2009/12/27 19:40:11 | 00,000,000 | ---D | C] -- C:\Windows\Downloaded Installations
[2009/12/27 19:33:33 | 00,000,000 | ---D | C] -- C:\Archivos de programa\Synaptics
[2009/12/27 19:31:34 | 00,915,456 | ---- | C] (IDT, Inc.) -- C:\Windows\System32\stapo.dll
[2009/12/27 19:31:34 | 00,490,496 | ---- | C] (IDT, Inc.) -- C:\Windows\System32\stapi32.dll
[2009/12/27 19:31:34 | 00,409,088 | ---- | C] (IDT, Inc.) -- C:\Windows\System32\drivers\stwrt.sys
[2009/12/27 19:31:34 | 00,405,504 | ---- | C] (IDT, Inc.) -- C:\Windows\System32\stcplx.dll
[2009/12/27 19:31:34 | 00,000,000 | ---D | C] -- C:\Archivos de programa\IDT
[2009/12/27 19:31:28 | 00,000,000 | ---D | C] -- C:\Windows\System32\SRSLabs
[2009/12/27 18:23:11 | 00,000,000 | R--D | C] -- C:\Users\Fede\Searches
[2009/12/27 18:23:01 | 00,000,000 | ---D | C] -- C:\Users\Fede\AppData\Roaming\Identities
[2009/12/27 18:22:59 | 00,000,000 | R--D | C] -- C:\Users\Fede\Contacts
[2009/12/27 18:22:53 | 00,000,000 | ---D | C] -- C:\Users\Fede\AppData\Local\VirtualStore
[2009/12/27 18:22:51 | 00,000,000 | --SD | C] -- C:\Users\Fede\AppData\Roaming\Microsoft
[2009/12/27 18:22:51 | 00,000,000 | R--D | C] -- C:\Users\Fede\Videos
[2009/12/27 18:22:51 | 00,000,000 | R--D | C] -- C:\Users\Fede\Saved Games
[2009/12/27 18:22:51 | 00,000,000 | R--D | C] -- C:\Users\Fede\Pictures
[2009/12/27 18:22:51 | 00,000,000 | R--D | C] -- C:\Users\Fede\Music
[2009/12/27 18:22:51 | 00,000,000 | R--D | C] -- C:\Users\Fede\Links
[2009/12/27 18:22:51 | 00,000,000 | R--D | C] -- C:\Users\Fede\Favorites
[2009/12/27 18:22:51 | 00,000,000 | R--D | C] -- C:\Users\Fede\Downloads
[2009/12/27 18:22:51 | 00,000,000 | R--D | C] -- C:\Users\Fede\Documents
[2009/12/27 18:22:51 | 00,000,000 | R--D | C] -- C:\Users\Fede\Desktop
[2009/12/27 18:22:51 | 00,000,000 | -HSD | C] -- C:\Users\Fede\SendTo
[2009/12/27 18:22:51 | 00,000,000 | -HSD | C] -- C:\Users\Fede\Reciente
[2009/12/27 18:22:51 | 00,000,000 | -HSD | C] -- C:\Users\Fede\Plantillas
[2009/12/27 18:22:51 | 00,000,000 | -HSD | C] -- C:\Users\Fede\Documents\Mis vídeos
[2009/12/27 18:22:51 | 00,000,000 | -HSD | C] -- C:\Users\Fede\Documents\Mis imágenes
[2009/12/27 18:22:51 | 00,000,000 | -HSD | C] -- C:\Users\Fede\Mis documentos
[2009/12/27 18:22:51 | 00,000,000 | -HSD | C] -- C:\Users\Fede\Documents\Mi música
[2009/12/27 18:22:51 | 00,000,000 | -HSD | C] -- C:\Users\Fede\Menú Inicio
[2009/12/27 18:22:51 | 00,000,000 | -HSD | C] -- C:\Users\Fede\Impresoras
[2009/12/27 18:22:51 | 00,000,000 | -HSD | C] -- C:\Users\Fede\AppData\Local\Historial
[2009/12/27 18:22:51 | 00,000,000 | -HSD | C] -- C:\Users\Fede\Entorno de red
[2009/12/27 18:22:51 | 00,000,000 | -HSD | C] -- C:\Users\Fede\Datos de programa
[2009/12/27 18:22:51 | 00,000,000 | -HSD | C] -- C:\Users\Fede\AppData\Local\Datos de programa
[2009/12/27 18:22:51 | 00,000,000 | -HSD | C] -- C:\Users\Fede\Cookies
[2009/12/27 18:22:51 | 00,000,000 | -HSD | C] -- C:\Users\Fede\Configuración local
[2009/12/27 18:22:51 | 00,000,000 | -HSD | C] -- C:\Users\Fede\AppData\Local\Archivos temporales de Internet
[2009/12/27 18:22:51 | 00,000,000 | -H-D | C] -- C:\Users\Fede\AppData
[2009/12/27 18:22:51 | 00,000,000 | ---D | C] -- C:\Users\Fede\AppData\Local\Temp
[2009/12/27 18:22:51 | 00,000,000 | ---D | C] -- C:\Users\Fede\AppData\Local\Microsoft
[2009/12/27 18:22:51 | 00,000,000 | ---D | C] -- C:\Users\Fede\AppData\Roaming\Media Center Programs
[2009/12/27 18:22:34 | 00,000,000 | -HSD | C] -- C:\Recovery
[2009/12/27 18:22:33 | 00,000,000 | -HSD | C] -- C:\ProgramData\Plantillas
[2009/12/27 18:22:33 | 00,000,000 | -HSD | C] -- C:\Users\Public\Documents\Mis vídeos
[2009/12/27 18:22:33 | 00,000,000 | -HSD | C] -- C:\Users\Public\Documents\Mis imágenes
[2009/12/27 18:22:33 | 00,000,000 | -HSD | C] -- C:\Users\Public\Documents\Mi música
[2009/12/27 18:22:33 | 00,000,000 | -HSD | C] -- C:\ProgramData\Menú Inicio
[2009/12/27 18:22:33 | 00,000,000 | -HSD | C] -- C:\ProgramData\Favoritos
[2009/12/27 18:22:33 | 00,000,000 | -HSD | C] -- C:\ProgramData\Escritorio
[2009/12/27 18:22:33 | 00,000,000 | -HSD | C] -- C:\ProgramData\Documentos
[2009/12/27 18:22:33 | 00,000,000 | -HSD | C] -- C:\ProgramData\Datos de programa
[2009/12/27 18:22:33 | 00,000,000 | -HSD | C] -- C:\Archivos de programa
[2009/12/27 18:22:33 | 00,000,000 | -HSD | C] -- C:\Archivos de programa\Archivos comunes
[2009/12/27 18:15:52 | 00,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2009/12/27 18:13:17 | 00,000,000 | ---D | C] -- C:\Windows\Prefetch
[2009/12/27 18:12:58 | 00,000,000 | -HSD | C] -- C:\System Volume Information
[2009/12/27 15:12:14 | 00,000,000 | ---D | C] -- C:\Windows\Panther
[2009/12/27 15:12:04 | 00,000,000 | -HSD | C] -- C:\Boot

========== Files - Modified Within 14 Days ==========

[2010/01/08 21:06:10 | 05,242,880 | -HS- | M] () -- C:\Users\Fede\ntuser.dat
[2010/01/08 20:39:31 | 00,000,898 | ---- | M] () -- C:\Users\Fede\Desktop\NTREGOPT.lnk
[2010/01/08 20:39:31 | 00,000,879 | ---- | M] () -- C:\Users\Fede\Desktop\ERUNT.lnk
[2010/01/08 20:39:18 | 00,013,248 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/01/08 20:39:18 | 00,013,248 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/01/08 20:32:00 | 00,000,474 | ---- | M] () -- C:\Windows\tasks\Malwarebytes' Scheduled Update for Fede.job
[2010/01/08 20:32:00 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/01/08 20:31:51 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/01/08 20:31:47 | 14,075,74016 | -HS- | M] () -- C:\hiberfil.sys
[2010/01/08 20:10:53 | 00,002,979 | ---- | M] () -- C:\Users\Fede\Desktop\HiJackThis.lnk
[2010/01/08 17:06:59 | 00,001,984 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/01/08 05:59:38 | 02,712,428 | -H-- | M] () -- C:\Users\Fede\AppData\Local\IconCache.db
[2010/01/07 23:27:12 | 00,000,983 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/07 21:55:24 | 00,000,376 | ---- | M] () -- C:\Users\Fede\Desktop\Desktop Client.appref-ms
[2010/01/07 16:07:14 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/01/07 16:07:04 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/01/07 15:05:17 | 00,000,036 | ---- | M] () -- C:\Users\Fede\AppData\Local\housecall.guid.cache
[2010/01/07 06:20:44 | 00,015,688 | ---- | M] () -- C:\Windows\System32\lsdelete.exe
[2010/01/07 06:02:57 | 00,001,108 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2010/01/07 04:59:22 | 00,371,907 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/01/07 04:47:33 | 00,001,220 | ---- | M] () -- C:\Users\Fede\Desktop\Spybot - Search & Destroy.lnk
[2010/01/06 16:12:23 | 00,000,600 | ---- | M] () -- C:\Users\Fede\AppData\Local\PUTTY.RND
[2010/01/05 23:40:31 | 00,107,888 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\System32\CmdLineExt.dll
[2010/01/04 15:47:09 | 00,159,236 | ---- | M] () -- C:\Users\Fede\Desktop\[bleep].jpg
[2010/01/02 19:24:56 | 00,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_WinUSB_01007.Wdf
[2010/01/02 17:33:20 | 00,000,346 | -H-- | M] () -- C:\IPH.PH
[2010/01/02 17:33:06 | 00,001,861 | ---- | M] () -- C:\Users\Public\Desktop\AIM.lnk
[2010/01/02 14:57:22 | 00,632,710 | ---- | M] () -- C:\Users\Fede\Desktop\ticket.png
[2010/01/02 00:14:14 | 00,043,341 | ---- | M] () -- C:\Users\Fede\Desktop\batallaaaaa.png
[2010/01/01 18:54:43 | 00,838,073 | ---- | M] () -- C:\Users\Fede\Desktop\batalladize.png
[2009/12/28 10:44:15 | 00,000,991 | ---- | M] () -- C:\Users\Fede\Desktop\JDownloader.lnk
[2009/12/27 23:44:23 | 00,001,815 | ---- | M] () -- C:\Users\Public\Desktop\Postbox.lnk
[2009/12/27 22:59:00 | 00,001,390 | ---- | M] () -- C:\Users\Fede\Desktop\IRcap 8.5.lnk
[2009/12/27 22:58:10 | 00,000,550 | ---- | M] () -- C:\Users\Fede\Desktop\mIRC.lnk
[2009/12/27 22:54:51 | 00,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_wbvfs201_01_09_00.Wdf
[2009/12/27 22:34:43 | 00,001,067 | ---- | M] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk
[2009/12/27 22:22:25 | 00,524,288 | -HS- | M] () -- C:\Users\Fede\ntuser.dat{e668f911-f34d-11de-87b7-00247e43c5fa}.TMContainer00000000000000000002.regtrans-ms
[2009/12/27 22:22:25 | 00,524,288 | -HS- | M] () -- C:\Users\Fede\ntuser.dat{e668f911-f34d-11de-87b7-00247e43c5fa}.TMContainer00000000000000000001.regtrans-ms
[2009/12/27 22:22:25 | 00,065,536 | -HS- | M] () -- C:\Users\Fede\ntuser.dat{e668f911-f34d-11de-87b7-00247e43c5fa}.TM.blf
[2009/12/27 21:11:28 | 00,001,889 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2009/12/27 20:57:44 | 01,530,242 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/12/27 20:57:44 | 00,694,386 | ---- | M] () -- C:\Windows\System32\perfh00A.dat
[2009/12/27 20:57:44 | 00,607,190 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/12/27 20:57:44 | 00,134,448 | ---- | M] () -- C:\Windows\System32\perfc00A.dat
[2009/12/27 20:57:44 | 00,103,568 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/12/27 20:39:51 | 00,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_enecir_01009.Wdf
[2009/12/27 20:37:51 | 00,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_Apfiltr_01005.Wdf
[2009/12/27 20:18:53 | 00,057,560 | ---- | M] () -- C:\Users\Fede\AppData\Local\GDIPFONTCACHEV1.DAT
[2009/12/27 19:35:02 | 00,265,944 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/12/27 19:33:50 | 00,524,288 | -HS- | M] () -- C:\Users\Fede\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
[2009/12/27 19:33:50 | 00,524,288 | -HS- | M] () -- C:\Users\Fede\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
[2009/12/27 19:33:50 | 00,065,536 | -HS- | M] () -- C:\Users\Fede\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
[2009/12/27 19:33:38 | 00,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01000.Wdf
[2009/12/27 18:22:51 | 00,000,020 | -HS- | M] () -- C:\Users\Fede\ntuser.ini
[2009/12/27 18:16:50 | 00,052,717 | ---- | M] () -- C:\Windows\System32\license.rtf
[2009/12/27 18:15:27 | 00,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
[2009/12/27 15:12:06 | 00,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK

========== Files Created - No Company Name ==========

[2010/01/08 20:39:31 | 00,000,898 | ---- | C] () -- C:\Users\Fede\Desktop\NTREGOPT.lnk
[2010/01/08 20:39:31 | 00,000,879 | ---- | C] () -- C:\Users\Fede\Desktop\ERUNT.lnk
[2010/01/08 20:10:53 | 00,002,979 | ---- | C] () -- C:\Users\Fede\Desktop\HiJackThis.lnk
[2010/01/08 19:59:04 | 00,000,474 | ---- | C] () -- C:\Windows\tasks\Malwarebytes' Scheduled Update for Fede.job
[2010/01/08 17:06:59 | 00,001,984 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/01/07 23:27:12 | 00,000,983 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/07 21:55:24 | 00,000,376 | ---- | C] () -- C:\Users\Fede\Desktop\Desktop Client.appref-ms
[2010/01/07 15:05:17 | 00,000,036 | ---- | C] () -- C:\Users\Fede\AppData\Local\housecall.guid.cache
[2010/01/07 14:57:52 | 00,015,688 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
[2010/01/07 06:02:57 | 00,001,108 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2010/01/07 04:47:33 | 00,001,220 | ---- | C] () -- C:\Users\Fede\Desktop\Spybot - Search & Destroy.lnk
[2010/01/04 15:47:04 | 00,159,236 | ---- | C] () -- C:\Users\Fede\Desktop\[bleep].jpg
[2010/01/02 19:24:56 | 00,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_WinUSB_01007.Wdf
[2010/01/02 17:33:06 | 00,001,861 | ---- | C] () -- C:\Users\Public\Desktop\AIM.lnk
[2010/01/02 17:30:22 | 00,000,346 | -H-- | C] () -- C:\IPH.PH
[2010/01/02 14:57:22 | 00,632,710 | ---- | C] () -- C:\Users\Fede\Desktop\ticket.png
[2010/01/02 00:14:14 | 00,043,341 | ---- | C] () -- C:\Users\Fede\Desktop\batallaaaaa.png
[2010/01/01 20:12:41 | 00,000,600 | ---- | C] () -- C:\Users\Fede\AppData\Local\PUTTY.RND
[2010/01/01 18:54:42 | 00,838,073 | ---- | C] () -- C:\Users\Fede\Desktop\batalladize.png
[2009/12/28 10:44:15 | 00,000,991 | ---- | C] () -- C:\Users\Fede\Desktop\JDownloader.lnk
[2009/12/27 23:44:23 | 00,001,815 | ---- | C] () -- C:\Users\Public\Desktop\Postbox.lnk
[2009/12/27 22:59:00 | 00,001,390 | ---- | C] () -- C:\Users\Fede\Desktop\IRcap 8.5.lnk
[2009/12/27 22:58:10 | 00,000,550 | ---- | C] () -- C:\Users\Fede\Desktop\mIRC.lnk
[2009/12/27 22:54:51 | 00,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_wbvfs201_01_09_00.Wdf
[2009/12/27 22:34:43 | 00,001,067 | ---- | C] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk
[2009/12/27 22:11:53 | 00,524,288 | -HS- | C] () -- C:\Users\Fede\ntuser.dat{e668f911-f34d-11de-87b7-00247e43c5fa}.TMContainer00000000000000000002.regtrans-ms
[2009/12/27 22:11:53 | 00,524,288 | -HS- | C] () -- C:\Users\Fede\ntuser.dat{e668f911-f34d-11de-87b7-00247e43c5fa}.TMContainer00000000000000000001.regtrans-ms
[2009/12/27 22:11:53 | 00,065,536 | -HS- | C] () -- C:\Users\Fede\ntuser.dat{e668f911-f34d-11de-87b7-00247e43c5fa}.TM.blf
[2009/12/27 21:11:28 | 00,001,889 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2009/12/27 20:39:51 | 00,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_enecir_01009.Wdf
[2009/12/27 20:37:51 | 00,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_Apfiltr_01005.Wdf
[2009/12/27 20:29:52 | 00,000,000 | ---- | C] () -- C:\Users\Fede\AppData\Local\QSwitch.txt
[2009/12/27 20:29:52 | 00,000,000 | ---- | C] () -- C:\Users\Fede\AppData\Local\DSwitch.txt
[2009/12/27 20:29:52 | 00,000,000 | ---- | C] () -- C:\Users\Fede\AppData\Local\AtStart.txt
[2009/12/27 20:16:46 | 00,000,195 | ---- | C] () -- C:\ProgramData\HPWALog.txt
[2009/12/27 20:11:55 | 00,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009/12/27 19:33:38 | 00,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01000.Wdf
[2009/12/27 19:31:30 | 00,015,222 | ---- | C] () -- C:\Windows\System32\nbspkrs.ico
[2009/12/27 19:31:30 | 00,003,774 | ---- | C] () -- C:\Windows\System32\bltinmic.ico
[2009/12/27 19:31:30 | 00,003,774 | ---- | C] () -- C:\Windows\System32\2hps.ico
[2009/12/27 18:22:51 | 05,242,880 | -HS- | C] () -- C:\Users\Fede\ntuser.dat
[2009/12/27 18:22:51 | 00,524,288 | -HS- | C] () -- C:\Users\Fede\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
[2009/12/27 18:22:51 | 00,524,288 | -HS- | C] () -- C:\Users\Fede\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
[2009/12/27 18:22:51 | 00,065,536 | -HS- | C] () -- C:\Users\Fede\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
[2009/12/27 18:22:51 | 00,000,020 | -HS- | C] () -- C:\Users\Fede\ntuser.ini
[2009/12/27 18:15:27 | 00,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/12/27 18:12:58 | 14,075,74016 | -HS- | C] () -- C:\hiberfil.sys
[2009/12/27 15:12:06 | 00,008,192 | RHS- | C] () -- C:\BOOTSECT.BAK
[2009/12/27 15:12:05 | 00,383,562 | RHS- | C] () -- C:\bootmgr
[2009/07/13 20:51:43 | 00,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 20:42:10 | 00,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/05/13 08:39:12 | 00,020,480 | ---- | C] () -- C:\Windows\System32\wbvfsinst.dll
[2009/01/05 15:44:10 | 00,000,453 | ---- | C] () -- C:\Windows\bdoscandellang.ini
[2008/10/22 05:29:06 | 00,173,550 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2007/11/14 16:17:34 | 00,204,800 | ---- | C] () -- C:\Windows\System32\CogentBioSDK.dll

========== LOP Check ==========

[2010/01/02 17:33:35 | 00,000,000 | ---D | M] -- C:\Users\Fede\AppData\Roaming\acccore
[2009/12/27 22:23:54 | 00,000,000 | ---D | M] -- C:\Users\Fede\AppData\Roaming\DigitalPersona
[2009/12/27 22:47:59 | 00,000,000 | ---D | M] -- C:\Users\Fede\AppData\Roaming\ESET
[2010/01/02 17:03:36 | 00,000,000 | ---D | M] -- C:\Users\Fede\AppData\Roaming\GlobalSCAPE
[2010/01/02 17:00:50 | 00,000,000 | ---D | M] -- C:\Users\Fede\AppData\Roaming\KeePass
[2009/12/27 23:44:26 | 00,000,000 | ---D | M] -- C:\Users\Fede\AppData\Roaming\Postbox
[2010/01/05 20:44:06 | 00,000,000 | ---D | M] -- C:\Users\Fede\AppData\Roaming\uTorrent
[2009/07/14 01:53:46 | 00,010,200 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2009/07/13 22:26:15 | 00,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009/07/13 22:26:15 | 00,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys
[2009/07/13 22:26:15 | 00,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/07/13 22:26:15 | 00,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009/07/13 22:26:15 | 00,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009/07/13 22:26:15 | 00,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2009/07/13 22:15:06 | 00,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009/07/13 22:15:06 | 00,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

< MD5 for: IASTORV.SYS >
[2009/07/13 22:20:36 | 00,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\drivers\iaStorV.sys
[2009/07/13 22:20:36 | 00,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/13 22:20:36 | 00,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009/07/13 22:16:02 | 00,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll
[2009/07/13 22:16:02 | 00,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2009/07/13 22:20:44 | 00,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\drivers\nvstor.sys
[2009/07/13 22:20:44 | 00,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/13 22:20:44 | 00,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys

< MD5 for: SCECLI.DLL >
[2009/07/13 22:16:13 | 00,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll
[2009/07/13 22:16:13 | 00,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/08/04 20:45:38 | 00,442,368 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\Windows\System32\ATIDEMGX.dll
[2009/07/13 22:15:13 | 00,346,112 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll
[2009/07/13 22:15:13 | 00,215,552 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< End of report >


OTL Extras LOG

OTL Extras logfile created on: 08/01/2010 09:04:00 p.m. - Run 1
OTL by OldTimer - Version 3.1.21.2 Folder = C:\Users\Fede\Downloads
An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00002c0a | Country: Argentina | Language: ESS | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 54,00% Memory free
3,00 Gb Paging File | 2,00 Gb Available in Paging File | 69,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222,66 Gb Total Space | 154,39 Gb Free Space | 69,34% Space Free | Partition Type: NTFS
Drive D: | 10,22 Gb Total Space | 1,75 Gb Free Space | 17,15% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: FEDENOTEBOOK
Current User Name: Fede
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}" = HiJackThis
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club
"{0A172790-D5B6-26A5-8547-90299D24217B}" = CCC Help Polish
"{0ADFE5AD-8554-EFF6-15D2-617DAD521BCA}" = CCC Help Thai
"{1924F478-7572-FEBD-2F81-58B844867A73}" = CCC Help Finnish
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Herramienta de carga de Windows Live
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{25F6A201-C40C-4669-936D-473877CFEB4C}" = Galería fotográfica de Windows Live
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{266D0EEA-E5A6-4A08-A0EE-5391D4EA44A7}" = Catalyst Control Center - Branding
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java™ 6 Update 15
"{288F40F3-62DB-869E-B94A-20363CD2E53F}" = CCC Help German
"{3023EBDA-BF1B-4831-B347-E5018555F26E}" = HP MediaSmart Movie Themes
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{35F49926-9C54-F7C8-A3E0-36E3D439E216}" = ccc-utility
"{385F4954-2ECF-75CC-2503-30CD274C6B7C}" = Catalyst Control Center InstallProxy
"{38A0481D-544D-4C01-BB32-39332391D012}" = Windows Live Call
"{3A4E0984-2369-38F3-B2B4-DAF64350E86D}" = CCC Help Dutch
"{42E59E3C-546E-1478-9D69-FA3A5FA5BE03}" = CCC Help Swedish
"{47F3EDF5-C821-49E6-B9B3-D00BF0A9BAB8}" = DigitalPersona Personal 4.11
"{495A8A3C-8FD0-4C46-9979-95C26181A1AB}" = HP Support Assistant
"{4F1E93EA-04F2-8CA2-1DCC-BB2DDBCD04C1}" = CCC Help Chinese Traditional
"{537B409E-768F-B000-7DED-CF11105E83FC}" = ATI Catalyst Install Manager
"{54CC7901-804D-4155-B353-21F0CC9112AB}" = HP Wireless Assistant
"{570463EB-8903-21EB-836F-4626ACE3B182}" = CCC Help Norwegian
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{599D8442-C766-0EA8-5916-12620B390B1F}" = CCC Help Italian
"{59E4543A-D49D-4489-B445-473D763C79AF}" = Microsoft Games for Windows - LIVE Redistributable
"{61FFBE12-E3AD-442A-B261-A086041DB37A}" = Validity WinBio DDK
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{69E8D61E-958D-0520-EECF-0E7FCFA2199B}" = CCC Help Chinese Standard
"{6C46C04E-0C61-643F-82E0-E523E6D1B0B1}" = CCC Help Turkish
"{7104E5FC-0C37-81AE-D16E-131DB784A034}" = CCC Help Danish
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7593234B-2AEB-4FC9-B02D-C9B30D86084C}" = Windows Live Asistente para el inicio de sesión
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{775646F7-D78C-15FE-D8F5-BEF090ED46AD}" = CCC Help Spanish
"{8175C186-272C-5A77-9732-E6599E9D56AA}" = CCC Help Russian
"{82809116-D1EE-443C-AE31-F19E709DDF7A}" = AMD USB Filter Driver
"{87CF1DC8-D378-432D-D2C0-D97154D07A91}" = CCC Help Czech
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8F94D5AC-C1C6-432D-8924-2F5EEBC28446}" = Windows Live Essentials
"{90AB5B56-1B17-FCCD-E7A9-23FB3394E218}" = ccc-core-static
"{90F8D8C3-41A1-A567-82A5-C07FB5687CEF}" = CCC Help Japanese
"{91F34319-08DE-457a-99C0-0BCDFAC145B9}" = CuteFTP 8 Professional
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{953D4586-9A16-495E-BA1F-EE5AA66604DB}" = Windows Live Sync
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Alps Touch Pad Driver
"{A92550A5-E547-CCEE-BF18-0650BBA6ED9C}" = CCC Help Korean
"{AC76BA86-7AD7-1034-7B44-A92000000001}" = Adobe Reader 9.2 - Español
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BBA2D424-04D8-DF59-9EC0-5D62D938A640}" = Catalyst Control Center Graphics Previews Vista
"{BBF5B57A-3A78-4A46-855C-766EB333F989}" = DigitalPersona Enrollment 1.0.0
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CC8E94A2-55C7-4460-953C-2A790180578C}" = LightScribe System Software
"{CE8F5661-E593-B6BF-5A29-18AD890E476F}" = CCC Help Hungarian
"{DB5EE5C0-DB00-4F22-8C40-C35AD3B5B981}" = Windows Live Movie Maker
"{DB661E7C-9CA1-A0C9-5D49-9062C646B6C4}" = Catalyst Control Center Graphics Light
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E6BB8835-0E9F-A0F1-F397-79755C30B9D6}" = Catalyst Control Center Localization All
"{EC831877-9222-CC80-7658-0FACF3DB2FA5}" = Catalyst Control Center Graphics Full New
"{ECC69DCE-F419-FE45-78E1-B852DDFFB51D}" = CCC Help Greek
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{ED627D6A-BC6C-A984-AC79-8AD7C375D493}" = CCC Help English
"{EED28E7B-0C97-40F7-9BAF-43E02979910D}" = ESET Smart Security
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{F264C55C-B48B-544C-5F01-E2DA9A24438C}" = Catalyst Control Center Graphics Previews Common
"{F2FFEEAA-0B48-4342-9B67-12ABB0B58F24}" = Windows Live Messenger
"{F65AD023-74BD-C648-A0E3-FA6B18249932}" = CCC Help Portuguese
"{F65B8208-5221-43D9-AA12-DDEA64EC4AF6}" = Validity Sensors software
"{F830A576-A236-1EB6-3926-5905E9C839F0}" = Catalyst Control Center Graphics Full Existing
"{FD5E7DF2-BD3B-F1FF-743B-7C82D6F805A1}" = CCC Help French
"{FFDB79F5-F4FC-14D0-728C-8A9B539C9967}" = Catalyst Control Center Core Implementation
"5B73F775A90397BAF80173B8A6C0B327BE3872FB" = ENE CIR Receiver Driver
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AIM_7" = AIM 7
"AVerMedia TV Tuner Card" = AVerMedia TV Tuner Card 1.0.0.4
"CCleaner" = CCleaner
"ERUNT_is1" = ERUNT 1.1j
"InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = HP MediaSmart Movie Themes
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"JDownloader" = JDownloader
"KeePassPasswordSafe2_is1" = KeePass Password Safe 2.09
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Messenger Plus! Live" = Messenger Plus! Live
"mIRC" = mIRC
"Mozilla Firefox (3.5.7)" = Mozilla Firefox (3.5.7)
"Postbox (1.1.0)" = Postbox (1.1.0)
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"uTorrent" = µTorrent
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"f3d94d7734a0b690" = Desktop Client

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 07/01/2010 01:18:19 p.m. | Computer Name = FedeNotebook | Source = VSS | ID = 8193
Description =

Error - 07/01/2010 01:18:20 p.m. | Computer Name = FedeNotebook | Source = VSS | ID = 8193
Description =

Error - 07/01/2010 03:54:02 p.m. | Computer Name = FedeNotebook | Source = Application Error | ID = 1000
Description = Nombre de la aplicación con errores: iexplore.exe, versión: 8.0.7600.16385,
marca de tiempo: 0x4a5bc69e Nombre del módulo con errores: oscan82.ocx, versión:
2.0.0.1, marca de tiempo: 0x4a02e886 Código de excepción: 0xc0000005 Desplazamiento
de errores: 0x0000ea20 Id. del proceso con errores: 0xf00 Hora de inicio de la aplicación
con errores: 0x01ca8fd2dcca2db5 Ruta de acceso de la aplicación con errores: C:\Program
Files\Internet Explorer\iexplore.exe Ruta de acceso del módulo con errores: C:\Windows\DOWNLO~1\oscan82.ocx
Id.
del informe: 66ce7fff-fbc6-11de-872b-00247e43c5fa

Error - 07/01/2010 09:32:31 p.m. | Computer Name = FedeNotebook | Source = VSS | ID = 8193
Description =

Error - 08/01/2010 12:37:06 a.m. | Computer Name = FedeNotebook | Source = LogMeIn Guardian | ID = 131172
Description =

Error - 08/01/2010 02:15:15 a.m. | Computer Name = FedeNotebook | Source = LogMeIn Guardian | ID = 131172
Description =

Error - 08/01/2010 04:02:30 p.m. | Computer Name = FedeNotebook | Source = Application Error | ID = 1000
Description = Nombre de la aplicación con errores: iexplore.exe, versión: 8.0.7600.16385,
marca de tiempo: 0x4a5bc69e Nombre del módulo con errores: ntdll.dll, versión: 6.1.7600.16385,
marca de tiempo: 0x4a5bdadb Código de excepción: 0xc0000374 Desplazamiento de errores:
0x000c283b Id. del proceso con errores: 0x12fc Hora de inicio de la aplicación con
errores: 0x01ca909d6c2e69ea Ruta de acceso de la aplicación con errores: C:\Program
Files\Internet Explorer\iexplore.exe Ruta de acceso del módulo con errores: C:\Windows\SYSTEM32\ntdll.dll
Id.
del informe: bfc0315c-fc90-11de-9483-00247e43c5fa

Error - 08/01/2010 04:05:21 p.m. | Computer Name = FedeNotebook | Source = VSS | ID = 8193
Description =

Error - 08/01/2010 06:58:07 p.m. | Computer Name = FedeNotebook | Source = LogMeIn Guardian | ID = 131172
Description =

Error - 08/01/2010 07:10:16 p.m. | Computer Name = FedeNotebook | Source = VSS | ID = 8193
Description =

[ System Events ]
Error - 07/01/2010 02:30:06 a.m. | Computer Name = FedeNotebook | Source = NetBT | ID = 4321
Description = No se pudo registrar el nombre "WORKGROUP :1d" en la interfaz
con dirección IP 192.168.0.199. El equipo la con dirección IP 192.168.0.103 no admite
el nombre reclamado por este equipo.

Error - 07/01/2010 02:35:18 a.m. | Computer Name = FedeNotebook | Source = NetBT | ID = 4321
Description = No se pudo registrar el nombre "WORKGROUP :1d" en la interfaz
con dirección IP 192.168.0.199. El equipo la con dirección IP 192.168.0.103 no admite
el nombre reclamado por este equipo.

Error - 07/01/2010 02:35:19 a.m. | Computer Name = FedeNotebook | Source = BROWSER | ID = 8009
Description =

Error - 07/01/2010 05:03:11 a.m. | Computer Name = FedeNotebook | Source = Service Control Manager | ID = 7030
Description = El servicio Lavasoft Ad-Aware Service ha sido marcado como servicio
interactivo. Sin embargo, el sistema está configurado para no permitir servicios
interactivos. Este servicio puede tener un funcionamiento incorrecto.

Error - 07/01/2010 01:03:45 p.m. | Computer Name = FedeNotebook | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter

Error - 08/01/2010 01:45:06 p.m. | Computer Name = FedeNotebook | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter

Error - 08/01/2010 01:45:21 p.m. | Computer Name = FedeNotebook | Source = Service Control Manager | ID = 7023
Description = El servicio Publicación de recurso de detección de función se cerró
con el siguiente error: %%-2147014847

Error - 08/01/2010 07:27:16 p.m. | Computer Name = FedeNotebook | Source = Service Control Manager | ID = 7034
Description = El servicio AMD External Events Utility se terminó de manera inesperada.
Esto ha sucedido 1 veces.

Error - 08/01/2010 07:31:51 p.m. | Computer Name = FedeNotebook | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter

Error - 08/01/2010 07:32:03 p.m. | Computer Name = FedeNotebook | Source = Service Control Manager | ID = 7023
Description = El servicio Publicación de recurso de detección de función se cerró
con el siguiente error: %%-2147014847


< End of report >




I really need help with this. Help would be really appreciated.

Regards,
Federico.-

PD: I've attached the logs in case the thread is too long and someone would like to check it from there.

Attached Files


  • 0

Advertisements

#2
fedlerner
Posted 09 January 2010 - 01:05 PM

fedlerner

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Sorry to bump the thread..
Any help with this.. ? :)
  • 0

#3
RKinner
Posted 30 January 2010 - 04:42 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
Bumping takes you off of the list since we look for unanswered posts and a bump makes it look like it's answered.

Download but do not yet run ComboFix
:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Rename this file -- (call it george.exe ) to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Doubleclick on george to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.


A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Re-activate your protection programs at this time :!:

Ron
  • 0

#4
fedlerner
Posted 02 February 2010 - 11:35 AM

fedlerner

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Hi,
First of all, thank you very much for helping me with this problem.
I've followed your steps. I first run TFC to clean all temp and close all active programs (which worked). I then started george.exe (ComboFix), which reboot the system to disable the CD emulation software. After it, it started scanning and asked for a reboot as it found some Rootkit activity. After the reboot it asked again for a reboot to disable the CD emulation soft, and after reboot it finished all the other steps, and removed some files. It then asked for a reboot and windows started again. It then started generating the log (Note: It said that I should not open any program, but the startup programs did started. I tried to stop them as they were starting).

ComboFix 10-02-01.05 - Fede 02/02/2010 13:53:34.1.2 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1252.54.3082.18.1790.872 [GMT -3:00]
Running from: c:\users\Fede\Desktop\george.exe
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Spyware Terminator *disabled* (Updated) {55EE49A8-16BE-4601-BBE6-607B7F7317DE}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
c:\users\Fede\Documents\RegistroBackup.reg
c:\windows\system32\tmp.reg
c:\windows\system32\Vbshell.tlb

Infected copy of c:\windows\system32\DRIVERS\amdsata.sys was found and disinfected
Restored copy from - Kitty ate it :)
.
((((((((((((((((((((((((( Files Created from 2010-01-02 to 2010-02-02 )))))))))))))))))))))))))))))))
.

2010-02-02 17:04 . 2010-02-02 17:08 -------- d-----w- c:\users\Fede\AppData\Local\temp
2010-02-02 17:04 . 2010-02-02 17:04 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-02-02 00:31 . 2010-02-02 02:36 -------- d-----w- c:\program files\Crawler
2010-02-01 08:27 . 2010-02-01 08:27 27656 ----a-w- c:\windows\system32\drivers\pxsec.sys
2010-02-01 07:19 . 2006-06-19 15:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2010-02-01 07:19 . 2006-05-25 17:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2010-02-01 07:19 . 2005-08-26 03:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2010-02-01 07:19 . 2003-02-02 22:06 153088 ----a-w- c:\windows\system32\UNRAR3.dll
2010-02-01 07:19 . 2002-03-06 03:00 75264 ----a-w- c:\windows\system32\unacev2.dll
2010-02-01 07:19 . 2010-02-01 07:19 -------- d-----w- c:\users\Fede\AppData\Roaming\Simply Super Software
2010-02-01 07:19 . 2010-02-01 07:19 -------- d-----w- c:\programdata\Simply Super Software
2010-02-01 07:19 . 2010-02-01 07:22 -------- d-----w- c:\program files\Trojan Remover
2010-02-01 07:06 . 2010-02-02 09:53 -------- d-----w- c:\program files\WinClamAVShield
2010-02-01 07:04 . 2010-02-01 07:04 6144 ----a-w- c:\programdata\Spyware Terminator\sp_rsdel.exe
2010-02-01 07:04 . 2010-02-01 07:04 5632 ----a-w- c:\programdata\Spyware Terminator\fileobjinfo.sys
2010-02-01 07:04 . 2010-02-01 07:04 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2010-02-01 07:04 . 2010-02-02 07:48 -------- d-----w- c:\users\Fede\AppData\Roaming\Spyware Terminator
2010-02-01 07:04 . 2010-02-02 09:53 -------- d-----w- c:\programdata\Spyware Terminator
2010-02-01 07:04 . 2010-02-02 09:51 -------- d-----w- c:\program files\Spyware Terminator
2010-02-01 06:18 . 2010-02-01 06:18 53136 ----a-w- c:\windows\system32\PxSecure.dll
2010-02-01 06:18 . 2010-02-01 08:27 22024 ----a-w- c:\windows\system32\drivers\pxscan.sys
2010-02-01 06:18 . 2010-02-01 06:18 47664 ----a-w- c:\windows\system32\drivers\pxrts.sys
2010-02-01 06:18 . 2010-02-01 06:18 24496 ----a-w- c:\windows\system32\drivers\pxkbf.sys
2010-02-01 06:18 . 2010-02-01 06:18 -------- d-----w- c:\program files\wonpanof
2010-02-01 06:12 . 2010-02-01 21:56 -------- d-----w- c:\programdata\PrevxCSI
2010-02-01 03:14 . 2009-06-30 12:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2010-02-01 03:14 . 2010-02-01 03:14 -------- d-----w- c:\program files\Panda Security
2010-01-30 08:22 . 2010-01-30 09:13 -------- d-----w- c:\users\Fede\AppData\Local\AIM
2010-01-30 08:22 . 2010-01-30 08:22 -------- d-----w- c:\users\Fede\AppData\Local\AOL
2010-01-30 04:22 . 2004-05-10 16:14 118272 ----a-w- c:\windows\system32\SX5363S.DLL
2010-01-30 04:22 . 2004-05-10 16:14 102400 ----a-w- c:\windows\system32\RV32RTP.dll
2010-01-30 04:22 . 2010-01-30 04:22 -------- d-----w- c:\program files\Gameforge4D
2010-01-28 17:36 . 2010-01-28 17:36 -------- d-----w- c:\users\Fede\AppData\Local\Apps
2010-01-28 08:44 . 2010-01-28 08:44 -------- d-----w- c:\users\Fede\AppData\Local\Sunbelt Software
2010-01-28 08:34 . 2010-01-28 08:34 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-01-28 08:34 . 2010-01-28 08:34 93360 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Drivers\SBREDrv.sys
2010-01-28 08:33 . 2010-01-28 08:33 283944 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\vipre.dll
2010-01-28 08:33 . 2010-01-28 08:33 8 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\unacev2.dll
2010-01-28 08:33 . 2010-01-28 08:33 8 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\msvcp71.dll
2010-01-28 08:33 . 2010-01-28 08:33 218824 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\VipreBridge.dll
2010-01-28 08:33 . 2010-01-28 08:33 1228584 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\SBTE.dll
2010-01-28 08:33 . 2010-01-28 08:33 247080 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\SBRE.dll
2010-01-27 16:34 . 2009-10-31 05:45 2614272 ----a-w- c:\windows\explorer.exe
2010-01-27 16:33 . 2009-10-28 06:17 285696 ----a-w- c:\windows\system32\winlogon.exe
2010-01-26 02:10 . 2010-01-22 14:49 8520 ----a-w- c:\users\Fede\AppData\Roaming\Mozilla\Firefox\Profiles\8ykwrfiw.default\extensions\[email protected]\plugins\ractrlkeyhook.dll
2010-01-26 02:10 . 2010-01-22 14:46 574768 ----a-w- c:\users\Fede\AppData\Roaming\Mozilla\Firefox\Profiles\8ykwrfiw.default\extensions\[email protected]\plugins\LMIGuardianDll.dll
2010-01-26 02:10 . 2010-01-22 14:46 83256 ----a-w- c:\users\Fede\AppData\Roaming\Mozilla\Firefox\Profiles\8ykwrfiw.default\extensions\[email protected]\plugins\LMIGuardian.exe
2010-01-26 02:10 . 2010-01-22 14:46 15664 ----a-w- c:\users\Fede\AppData\Roaming\Mozilla\Firefox\Profiles\8ykwrfiw.default\extensions\[email protected]\plugins\LMIGuardianEvt.dll
2010-01-26 02:10 . 2010-01-22 15:13 3858432 ----a-w- c:\users\Fede\AppData\Roaming\Mozilla\Firefox\Profiles\8ykwrfiw.default\extensions\[email protected]\plugins\npRACtrl.dll
2010-01-26 02:10 . 2010-01-22 14:49 70984 ----a-w- c:\users\Fede\AppData\Roaming\Mozilla\Firefox\Profiles\8ykwrfiw.default\extensions\[email protected]\plugins\LMIProxyHelper.exe
2010-01-24 19:26 . 2010-01-24 19:26 36864 ----a-w- c:\programdata\Temp\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\PostBuild.exe
2010-01-24 19:14 . 2010-01-24 19:14 -------- d-----w- c:\users\Fede\AppData\Local\Broadcom
2010-01-24 19:13 . 2009-09-17 14:54 18472 ----a-w- c:\windows\system32\drivers\btwrchid.sys
2010-01-24 19:13 . 2009-09-17 14:54 29472 ----a-w- c:\windows\system32\drivers\btwl2cap.sys
2010-01-24 19:13 . 2009-09-17 14:54 108072 ----a-w- c:\windows\system32\drivers\btwavdt.sys
2010-01-24 19:13 . 2009-09-17 14:54 86056 ----a-w- c:\windows\system32\drivers\btwaudio.sys
2010-01-24 19:12 . 2010-01-24 19:12 -------- d-----w- c:\program files\WIDCOMM
2010-01-22 21:33 . 2010-01-22 21:34 -------- d-----w- C:\ProcessExplorer
2010-01-22 21:33 . 2010-01-22 21:33 1615732 ----a-w- C:\ProcessExplorer.zip
2010-01-22 19:51 . 2010-01-29 10:02 -------- d-----w- c:\program files\SpywareGuard
2010-01-22 19:45 . 2009-09-23 12:55 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-01-22 19:45 . 2010-01-28 08:34 537576 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\aawapi.dll
2010-01-22 19:42 . 2010-01-22 19:42 -------- dc-h--w- c:\programdata\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2010-01-22 19:42 . 2009-10-03 08:15 2924848 -c--a-w- c:\programdata\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe
2010-01-22 11:56 . 2009-09-28 22:34 47416 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2010-01-22 11:56 . 2009-09-28 22:34 28984 ----a-w- c:\windows\system32\LMIport.dll
2010-01-22 11:56 . 2009-09-28 22:34 83288 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2010-01-22 11:56 . 2008-08-11 15:41 47640 ----a-w- c:\windows\system32\drivers\LMIRfsDriver.sys
2010-01-22 11:56 . 2009-09-28 22:34 87352 ----a-w- c:\windows\system32\LMIinit.dll
2010-01-22 11:55 . 2010-02-02 06:18 -------- d-----w- c:\program files\LogMeIn
2010-01-21 19:14 . 2009-12-19 09:02 977920 ----a-w- c:\windows\system32\wininet.dll
2010-01-21 18:18 . 2010-01-21 18:12 38784 ----a-w- c:\users\Fede\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-01-21 18:13 . 2010-01-21 18:12 38784 ----a-w- c:\users\Default\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-01-21 18:13 . 2010-01-21 18:13 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-01-21 18:10 . 2010-01-21 18:18 -------- d-----w- c:\programdata\Electronic Arts
2010-01-21 16:06 . 2010-01-21 16:06 10134 ----a-r- c:\users\Fede\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
2010-01-21 16:06 . 2010-01-21 16:06 -------- d-----w- c:\program files\Microsoft WSE
2010-01-21 15:50 . 2010-01-22 03:13 -------- d-----w- c:\program files\Electronic Arts
2010-01-20 02:15 . 2010-01-20 02:15 -------- d-----w- c:\windows\system32\Adobe
2010-01-19 22:25 . 2010-01-19 22:25 -------- d-----w- c:\users\Fede\AppData\Local\ESET
2010-01-18 03:25 . 2010-02-01 06:11 1982464 ----a-w- c:\programdata\Microsoft\Windows Defender\LocalCopy\{544A77D6-7227-1F26-B329-53134F02AE53}-PWO.exe
2010-01-16 17:56 . 2010-01-16 17:56 -------- d-----w- C:\mIRCBACKUP
2010-01-16 17:19 . 2010-02-02 09:34 -------- d-----w- C:\mIRC
2010-01-16 15:21 . 2010-01-16 15:21 -------- d-sh--w- c:\windows\system32\%APPDATA%
2010-01-16 15:08 . 2010-01-16 15:08 -------- d-----w- c:\program files\Microsoft Synchronization Services
2010-01-16 15:08 . 2010-01-16 15:08 -------- d-----w- c:\program files\Microsoft.NET
2010-01-16 15:05 . 2010-01-16 15:05 -------- d-----w- c:\program files\Microsoft Analysis Services
2010-01-16 15:04 . 2010-01-16 15:04 -------- d-----w- c:\users\Fede\AppData\Local\Microsoft Help
2010-01-16 15:03 . 2010-01-16 15:03 -------- d-----w- C:\FILES
2010-01-16 15:03 . 2010-01-16 15:21 -------- d-----w- c:\programdata\Microsoft Help
2010-01-16 15:02 . 2010-01-16 15:02 -------- d-----r- C:\MSOCache
2010-01-16 13:46 . 2010-01-16 13:46 -------- d-----w- c:\programdata\Virtualized Applications
2010-01-16 10:17 . 2010-01-16 10:23 -------- d-----w- c:\users\Fede\AppData\Local\IceChat
2010-01-16 09:01 . 2010-01-16 09:01 -------- d-----w- c:\users\Fede\AppData\Local\SoftGrid Client
2010-01-16 09:01 . 2010-01-16 14:19 -------- d-----w- c:\users\Fede\AppData\Roaming\SoftGrid Client
2010-01-16 08:55 . 2010-01-16 13:45 -------- d-----w- c:\users\Fede\AppData\Roaming\TP
2010-01-14 17:44 . 2010-01-14 17:44 52224 ----a-w- c:\users\Fede\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-01-14 17:44 . 2010-02-02 05:10 117760 ----a-w- c:\users\Fede\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-01-14 17:44 . 2010-01-14 17:44 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2010-01-14 17:44 . 2010-01-14 21:58 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-01-14 17:44 . 2010-01-14 17:44 -------- d-----w- c:\users\Fede\AppData\Roaming\SUPERAntiSpyware.com
2010-01-14 17:43 . 2010-01-14 17:43 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-01-14 08:24 . 2010-01-14 08:24 -------- d-----w- c:\programdata\LightScribe
2010-01-14 01:54 . 2010-01-26 23:03 -------- d-----w- c:\users\Fede\AppData\Roaming\skypePM
2010-01-14 01:52 . 2010-01-26 23:11 -------- d-----w- c:\users\Fede\AppData\Roaming\Skype
2010-01-14 01:51 . 2010-01-14 01:51 -------- d-----w- c:\program files\Common Files\Skype
2010-01-14 01:51 . 2010-01-14 01:52 -------- d-----r- c:\program files\Skype
2010-01-14 01:51 . 2010-01-14 01:51 -------- d-----w- c:\programdata\Skype
2010-01-12 23:08 . 2009-10-19 14:10 108544 ----a-w- c:\windows\system32\t2embed.dll
2010-01-12 23:08 . 2009-10-19 14:10 70656 ----a-w- c:\windows\system32\fontsub.dll
2010-01-12 21:09 . 2010-01-12 21:09 -------- d-----w- c:\program files\IceChat7
2010-01-12 08:52 . 2010-01-12 08:52 -------- d-----w- c:\users\Fede\AppData\Local\Growl
2010-01-12 08:52 . 2010-01-12 17:47 -------- d-----w- c:\program files\Growl for Windows
2010-01-12 07:46 . 2010-01-12 07:46 -------- d-----w- c:\users\Fede\Script SMS
2010-01-12 06:07 . 1996-10-15 13:40 291600 ----a-w- c:\windows\system\WININET.DLL
2010-01-12 06:07 . 2010-01-12 06:07 -------- d-----w- C:\SIERRA
2010-01-12 05:48 . 2006-10-17 01:16 1227264 ----a-w- c:\windows\system32\dx8vb.dll
2010-01-12 05:47 . 2010-01-26 19:11 -------- d-----w- c:\program files\Pokemon World Online
2010-01-11 18:49 . 2005-08-25 22:18 118784 ----a-w- c:\windows\system32\MSSTDFMT.DLL
2010-01-11 18:49 . 2010-02-01 06:57 -------- d-----w- c:\program files\SpywareBlaster
2010-01-11 08:44 . 2010-01-11 08:44 -------- d-----w- c:\program files\Alcohol Soft
2010-01-11 08:38 . 2010-01-11 08:38 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-01-10 11:35 . 2010-01-10 17:21 -------- d-----w- c:\program files\sXe Injected
2010-01-10 11:27 . 2010-01-10 12:34 -------- d-----w- c:\program files\Valve
2010-01-08 23:39 . 2010-01-08 23:39 -------- d-----w- c:\program files\ERUNT

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-28 14:39 . 2010-01-28 08:43 3495248 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Defs\Extended\vcore.dll
2010-01-28 08:34 . 2010-01-07 09:20 862040 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\threatwork.exe
2010-01-28 08:34 . 2010-01-07 09:20 15880 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\lsdelete.exe
2010-01-28 08:34 . 2010-01-07 09:20 206944 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\lavamessage.dll
2010-01-28 08:34 . 2010-01-07 09:20 390288 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\lavalicense.dll
2010-01-28 08:34 . 2010-01-07 09:20 389272 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2010-01-28 08:34 . 2010-01-07 09:20 163728 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\ShellExt.dll
2010-01-25 00:17 . 2010-01-01 04:23 -------- d-----w- c:\users\Fede\AppData\Roaming\CyberLink
2010-01-24 19:57 . 2009-12-28 00:30 36864 ----a-w- c:\programdata\Temp\{DCCAD079-F92C-44DA-B258-624FC6517A5A}\PostBuild.exe
2010-01-24 19:28 . 2009-12-27 22:49 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-24 19:12 . 2009-12-27 23:11 -------- d-----w- c:\program files\DIFX
2010-01-24 19:11 . 2009-07-14 08:48 694386 ----a-w- c:\windows\system32\perfh00A.dat
2010-01-24 19:11 . 2009-07-14 08:48 134448 ----a-w- c:\windows\system32\perfc00A.dat
2010-01-20 18:38 . 2009-12-28 02:12 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-20 12:10 . 2010-01-28 08:43 259408 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Defs\Extended\remediation.dll
2010-01-18 04:04 . 2009-12-28 13:43 -------- d-----w- c:\program files\JDownloader
2010-01-16 15:24 . 2009-12-27 23:16 108824 ----a-w- c:\users\Fede\AppData\Local\GDIPFONTCACHEV1.DAT
2010-01-16 15:08 . 2009-12-28 02:10 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-01-16 09:37 . 2010-01-02 20:00 -------- d-----w- c:\users\Fede\AppData\Roaming\KeePass
2010-01-14 14:12 . 2009-12-27 22:32 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-14 01:54 . 2010-01-14 01:54 56 ---ha-w- c:\programdata\ezsidmv.dat
2010-01-11 08:56 . 2010-01-03 07:12 -------- d-----w- c:\users\Fede\AppData\Roaming\uTorrent
2010-01-11 04:49 . 2010-01-11 04:49 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
2010-01-10 11:27 . 2010-01-02 20:01 -------- d-----w- c:\program files\Common Files\InstallShield
2010-01-07 09:21 . 2010-01-07 09:21 131072 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\pcre.dll
2010-01-07 09:21 . 2010-01-07 09:21 11776 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\libavll.dll
2010-01-07 09:21 . 2010-01-07 09:21 192512 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\libaprutil-1.dll
2010-01-07 09:21 . 2010-01-07 09:21 139264 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\libapr-1.dll
2010-01-07 09:21 . 2010-01-07 09:21 102400 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\avpal.dll
2010-01-07 09:20 . 2010-01-07 09:20 17632 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\WSCUpdate.dll
2010-01-07 09:20 . 2010-01-07 09:20 68640 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Drivers\64\lbd.sys
2010-01-07 09:20 . 2010-01-07 09:20 303976 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Drivers\64\AAWDriverTool.exe
2010-01-07 09:20 . 2010-01-07 09:20 64160 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Drivers\32\lbd.sys
2010-01-06 13:44 . 2010-01-28 08:43 226640 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Defs\Extended\libZip.dll
2010-01-06 13:44 . 2010-01-28 08:43 390480 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Defs\Extended\libVvs.dll
2010-01-06 13:44 . 2010-01-28 08:43 173392 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Defs\Extended\LIBTD.DLL
2010-01-06 13:44 . 2010-01-28 08:43 296272 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Defs\Extended\libRar.dll
2010-01-06 13:44 . 2010-01-28 08:43 365904 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Defs\Extended\Libolea.dll
2010-01-06 13:44 . 2010-01-28 08:43 206160 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Defs\Extended\libNSIS.dll
2010-01-06 13:44 . 2010-01-28 08:43 202064 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Defs\Extended\libMsi.dll
2010-01-06 13:44 . 2010-01-28 08:43 283984 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Defs\Extended\LIBEMAIL.DLL
2010-01-06 13:44 . 2010-01-28 08:43 206160 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Defs\Extended\libCHM.dll
2010-01-06 02:40 . 2010-01-06 02:39 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-01-06 02:38 . 2010-01-06 02:38 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2010-01-03 07:14 . 2010-01-03 07:14 -------- d-----w- c:\program files\uTorrent
2010-01-02 22:24 . 2010-01-02 22:24 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_WinUSB_01007.Wdf
2010-01-02 22:24 . 2010-01-02 22:24 -------- d-----w- c:\program files\Validity Sensors, Inc
2010-01-02 20:33 . 2010-01-02 20:33 -------- d-----w- c:\users\Fede\AppData\Roaming\acccore
2010-01-02 20:33 . 2010-01-02 20:33 -------- d-----w- c:\programdata\AIM
2010-01-02 20:33 . 2010-01-02 20:32 -------- d-----w- c:\program files\AIM
2010-01-02 20:32 . 2010-01-02 20:32 -------- d-----w- c:\program files\Common Files\Software Update Utility
2010-01-02 20:32 . 2010-01-02 20:32 -------- d-----w- c:\program files\Common Files\AOL
2010-01-02 20:03 . 2010-01-02 20:03 -------- d-----w- c:\programdata\GlobalSCAPE
2010-01-02 20:03 . 2010-01-02 20:03 -------- d-----w- c:\users\Fede\AppData\Roaming\GlobalSCAPE
2010-01-02 20:02 . 2010-01-02 20:02 -------- d-----w- c:\program files\GlobalSCAPE
2010-01-02 19:56 . 2010-01-02 19:56 -------- d-----w- c:\program files\KeePass Password Safe 2
2009-12-30 18:59 . 2009-12-28 03:16 -------- d-----w- c:\programdata\Messenger Plus!
2009-12-28 13:43 . 2009-12-28 13:43 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-28 13:43 . 2009-12-28 13:43 -------- d-----w- c:\program files\Java
2009-12-28 03:14 . 2009-12-28 01:21 -------- d-----w- c:\program files\DigitalPersona
2009-12-28 03:06 . 2009-12-28 00:35 -------- d-----w- c:\users\Fede\AppData\Roaming\Hewlett-Packard
2009-12-28 03:06 . 2009-12-28 03:06 -------- d-----w- c:\program files\Messenger Plus! Live
2009-12-28 02:44 . 2009-12-28 02:44 -------- d-----w- c:\users\Fede\AppData\Roaming\Postbox
2009-12-28 02:44 . 2009-12-28 02:44 -------- d-----w- c:\program files\Postbox
2009-12-28 02:11 . 2009-12-28 02:09 -------- d-----w- c:\program files\Windows Live
2009-12-28 02:10 . 2009-12-28 02:10 -------- d-----w- c:\program files\Microsoft
2009-12-28 02:09 . 2009-12-28 02:09 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-12-28 01:54 . 2009-12-28 01:54 0 ---ha-w- c:\windows\system32\drivers\Msft_User_wbvfs201_01_09_00.Wdf
2009-12-28 01:54 . 2009-12-28 01:54 -------- d-----w- c:\program files\Validity Sensors
2009-12-28 01:52 . 2009-12-28 01:52 -------- d-----w- c:\program files\Common Files\Windows Live
2009-12-28 01:46 . 2009-12-28 01:46 -------- d-----w- c:\program files\ESET
2009-12-28 01:38 . 2009-12-28 01:38 -------- d-----w- c:\program files\MSXML 4.0
2009-12-28 01:36 . 2009-12-28 00:31 -------- d-----w- c:\programdata\Hewlett-Packard
2009-12-28 01:36 . 2009-12-27 23:13 -------- d-----w- c:\program files\Hewlett-Packard
2009-12-28 01:33 . 2009-12-28 01:33 -------- d-----w- c:\programdata\{657095DF-DBDB-4B17-8245-B38845C97069}
2009-12-28 01:27 . 2009-12-28 01:27 -------- d-----w- c:\program files\Common Files\LightScribe
2009-12-28 01:24 . 2009-12-28 01:24 -------- d-----w- c:\users\Fede\AppData\Roaming\Macrovision
2009-12-28 01:23 . 2009-12-28 01:23 -------- d-----w- c:\users\Fede\AppData\Roaming\DigitalPersona
2009-12-28 01:21 . 2009-12-28 01:21 -------- d-----w- c:\programdata\Macrovision
2009-12-28 01:19 . 2009-12-28 01:19 -------- d-----w- c:\programdata\Downloaded Installations
2009-12-28 00:34 . 2009-12-28 00:34 -------- d-----w- c:\program files\AVerMedia
2009-12-28 00:22 . 2009-12-28 00:22 -------- d-----w- c:\programdata\CyberLink
2009-12-28 00:20 . 2009-12-28 00:20 36864 ----a-w- c:\programdata\Temp\{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}\PostBuild.exe
2009-12-28 00:18 . 2009-12-28 00:18 36864 ----a-w- c:\programdata\Temp\{3023EBDA-BF1B-4831-B347-E5018555F26E}\PostBuild.exe
2009-12-27 23:39 . 2009-12-27 23:39 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_enecir_01009.Wdf
2009-12-27 23:37 . 2009-12-27 23:37 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_Apfiltr_01005.Wdf
2009-12-27 23:37 . 2009-12-27 23:37 -------- d-----w- c:\program files\Apoint2K
2009-12-27 23:33 . 2009-12-27 23:33 -------- d-----w- c:\program files\HP USB TV Tuner
2009-12-27 23:26 . 2009-12-27 23:13 -------- d-----w- c:\users\Fede\AppData\Roaming\hpqLog
2009-12-27 23:16 . 2009-12-27 23:16 -------- d-----w- c:\users\Fede\AppData\Roaming\ATI
2009-12-27 23:16 . 2009-12-27 23:16 -------- d-----w- c:\programdata\ATI
2009-12-27 23:11 . 2009-12-27 23:11 -------- d-----w- c:\program files\Realtek
2009-12-27 23:11 . 2009-12-27 23:11 -------- d-----w- c:\program files\AMD
2009-12-27 23:10 . 2009-12-27 23:09 -------- d-----w- c:\program files\ATI Technologies
2009-12-27 23:09 . 2009-12-27 23:09 10134 ----a-r- c:\users\Fede\AppData\Roaming\Microsoft\Installer\{385F4954-2ECF-75CC-2503-30CD274C6B7C}\ARPPRODUCTICON.exe
2009-12-27 22:51 . 2009-12-27 22:31 -------- d-----w- c:\program files\IDT
2009-12-27 22:45 . 2009-12-27 22:45 -------- d-----w- c:\program files\JMicron
2009-12-27 22:43 . 2009-12-27 22:43 -------- d-----w- c:\program files\ATI
2009-12-27 22:40 . 2009-12-27 22:40 10134 ----a-r- c:\users\Fede\AppData\Roaming\Microsoft\Installer\{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}\ARPPRODUCTICON.exe
2009-12-27 22:40 . 2009-12-27 22:40 -------- d-----w- c:\program files\HP
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
2009-11-04 00:12 556432 ----a-w- c:\progra~1\MIF5BA~1\Office14\URLREDIR.DLL

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-08-20 2363392]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-01-05 2002160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-07-22 458844]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-08-05 98304]
"WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-11-24 323640]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-05-15 282624]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-11-16 2054360]
"DpAgent"="c:\program files\DigitalPersona\Bin\dpagent.exe" [2009-12-01 842816]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-01-07 429392]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-01-07 1394000]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2009-09-27 83312]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-08-11 63048]
"HPCam_Menu"="c:\program files\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" [2009-02-25 218408]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2010-02-01 2166784]
"TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2009-10-17 1070984]

c:\users\Fede\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
SpywareGuard.lnk - c:\program files\SpywareGuard\sgmain.exe [2003-8-29 360448]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 17:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli DPPWDFLT

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys]
@="FSFilter System Recovery"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch]
2010-01-28 08:33 788880 ----a-w- c:\program files\Lavasoft\Ad-Aware\AAWTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-12-11 18:57 948672 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [22/01/2010 16:45 64288]
R0 pavboot;pavboot;c:\windows\System32\drivers\pavboot.sys [01/02/2010 00:14 28552]
R0 pxscan;pxscan;c:\windows\System32\drivers\pxscan.sys [01/02/2010 03:18 22024]
R0 pxsec;pxsec;c:\windows\System32\drivers\pxsec.sys [01/02/2010 05:27 27656]
R1 ehdrv;ehdrv;c:\windows\System32\drivers\ehdrv.sys [16/11/2009 09:03 108792]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [05/01/2010 07:56 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [05/01/2010 07:56 74480]
R1 SBRE;SBRE;c:\windows\System32\drivers\SBREDrv.sys [28/01/2010 05:34 93360]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\System32\drivers\sp_rsdrv2.sys [01/02/2010 04:04 142592]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\System32\drivers\vwififlt.sys [13/07/2009 20:52 48128]
R2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2010/01/24 17:00];c:\program files\Hewlett-Packard\Media\DVD\000.fcl [24/01/2010 16:59 87536]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_8e7d5b9d3a91d8c5\AEstSrv.exe [27/12/2009 19:31 81920]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\System32\atiesrxx.exe [04/08/2009 20:44 176128]
R2 CSIScanner;CSIScanner;c:\program files\wonpanof\wonpanof.exe [01/02/2010 03:18 4368952]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [16/11/2009 09:04 735960]
R2 epfwwfp;epfwwfp;c:\windows\System32\drivers\epfwwfp.sys [16/11/2009 09:06 38240]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\System32\drivers\LMIRfsDriver.sys [22/01/2010 08:56 47640]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [12/01/2010 14:23 236368]
R2 pxrts;pxrts;c:\windows\System32\drivers\pxrts.sys [01/02/2010 03:18 47664]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [07/01/2010 04:47 1153368]
R2 vfsFPService;Validity Fingerprint Service;c:\windows\System32\vfsFPService.exe [03/06/2009 02:12 599344]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [27/12/2009 20:27 228408]
R3 enecir;ENE CIR Receiver;c:\windows\System32\drivers\enecir.sys [20/05/2009 14:08 59904]
R3 MBAMProtector;MBAMProtector;c:\windows\System32\drivers\mbam.sys [07/01/2010 23:27 19160]
R3 pxkbf;pxkbf;c:\windows\System32\drivers\pxkbf.sys [01/02/2010 03:18 24496]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\System32\drivers\Rt86win7.sys [27/12/2009 20:11 167936]
R3 usbfilter;AMD USB Filter Driver;c:\windows\System32\drivers\usbfilter.sys [27/12/2009 20:11 27320]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [24/09/2009 08:17 1181328]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [11/08/2008 12:41 12856]
S2 xynifsgs;Processor Controller;c:\windows\System32\svchost.exe -k netsvcs [13/07/2009 20:19 20992]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\System32\drivers\btwl2cap.sys [24/01/2010 16:13 29472]
S3 JMCR;JMCR;c:\windows\System32\drivers\jmcr.sys [29/07/2009 05:28 116064]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [26/09/2009 04:28 4639136]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [05/01/2010 07:56 7408]
S4 sptd;sptd;c:\windows\System32\drivers\sptd.sys [11/01/2010 05:38 721904]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
xynifsgs

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-08-20 16:24 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2010-02-01 c:\windows\Tasks\Malwarebytes' Scheduled Scan for Fede.job
- c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2010-01-08 19:07]

2010-02-02 c:\windows\Tasks\Malwarebytes' Scheduled Update for Fede.job
- c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2010-01-08 19:07]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: &Enviar a OneNote - c:\progra~1\MIF5BA~1\Office14\ONBttnIE.dll/105
IE: Crawler Search - tbr:iemenu
IE: E&xportar a Microsoft Excel - c:\progra~1\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Enviar imagen al dispositivo &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Enviar página al dispositivo &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: {A17FC596-11F9-4EF0-A62C-67590169FC2B} = 192.168.0.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\ctbr.dll
FF - ProfilePath - c:\users\Fede\AppData\Roaming\Mozilla\Firefox\Profiles\8ykwrfiw.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: c:\progra~1\MIF5BA~1\Office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\MIF5BA~1\Office14\NPSPWRAP.DLL
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\Fede\AppData\Roaming\Mozilla\Firefox\Profiles\8ykwrfiw.default\extensions\[email protected]\plugins\npRACtrl.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-dmboot.sys
SafeBoot-dmio.sys
SafeBoot-dmload.sys
SafeBoot-dmadmin
SafeBoot-dmserver
SafeBoot-SRService



[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{55662437-DA8C-40c0-AADA-2C816A897A49}]
"ImagePath"="\??\c:\program files\Hewlett-Packard\Media\DVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d1,af,c4,04,c8,ec,44,45,a9,19,db,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d1,af,c4,04,c8,ec,44,45,a9,19,db,\

[HKEY_USERS\S-1-5-21-2141358843-2114022783-2833494768-1001\Software\SecuROM\License information*]
"datasecu"=hex:3b,99,fb,a0,e9,94,fa,0a,83,6b,e6,c2,13,73,c7,9f,30,dd,9b,5e,f1,
de,c4,ec,1d,f6,f9,34,c3,a7,43,78,21,47,a3,9b,50,9a,74,8d,60,8a,fe,fd,66,35,\
"rkeysecu"=hex:85,26,92,16,23,5b,07,ba,6e,16,43,fe,fa,ac,17,fd

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(552)
c:\windows\system32\DPPWDFLT.DLL

- - - - - - - > 'Explorer.exe'(5304)
c:\program files\DigitalPersona\Bin\DpoFeedb.dll
c:\program files\DigitalPersona\Bin\DpoSet.dll
c:\program files\WIDCOMM\Bluetooth Software\btncopy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_8e7d5b9d3a91d8c5\STacSV.exe
c:\windows\system32\atieclxx.exe
c:\program files\DigitalPersona\Bin\DpHostW.exe
c:\program files\WIDCOMM\Bluetooth Software\btwdins.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Spyware Terminator\sp_rsser.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\program files\Hewlett-Packard\Shared\hpqToaster.exe
c:\program files\Apoint2K\ApMsgFwd.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\program files\Apoint2K\Apntex.exe
c:\windows\system32\conhost.exe
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2010-02-02 14:13:44 - machine was rebooted
ComboFix-quarantined-files.txt 2010-02-02 17:13

Pre-Run: 102.885.113.856 bytes libres
Post-Run: 102.792.495.104 bytes libres

- - End Of File - - CAF612B41823559571DB261E7900D668


Good thing is that I'm not getting the ESET Olmarik troyan warning (which couldn't be disinfected), and it now seems that the system is clean, as it's not trying to download anymore more trojans or trying to open a malicious svchost.exe (Spyware Terminator was showing me this, and fortunately I was able to block it when it happened).

Let me know if you want me to do another thing.

Regards and thanks for your help,
Federico.-
  • 0

#5
RKinner
Posted 02 February 2010 - 12:43 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
There is something called
xynifsgs

which looks very suspicious. Let's try to get rid of it.

Copy the text between the lines of stars by highlighting and Ctrl + c.

******************************************

Killall:



Driver::
xynifsgs


******************************************

Now open notepad (Start, Run, notepad, OK) and Ctrl + V to paste the text into Notepad. Make sure you got it all then File, SAVE AS, (to your Desktop), CFScript , OK. Close notepad. (Overwrite the old one if it's still there.) You should see a file CFScript.txt on your desktop.

Drag it over to george and let it start as before.

Post the new log.

Ron
  • 0

#6
fedlerner
Posted 02 February 2010 - 02:37 PM

fedlerner

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Here we go.

ComboFix 10-02-01.05 - Fede 02/02/2010 16:52:48.2.2 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1252.54.3082.18.1790.949 [GMT -3:00]
Running from: c:\users\Fede\Desktop\george.exe
Command switches used :: c:\users\Fede\Desktop\CFScript.txt
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Spyware Terminator *disabled* (Updated) {55EE49A8-16BE-4601-BBE6-607B7F7317DE}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_xynifsgs


((((((((((((((((((((((((( Files Created from 2010-01-02 to 2010-02-02 )))))))))))))))))))))))))))))))
.

2010-02-02 20:04 . 2010-02-02 20:04 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-02-02 20:04 . 2010-02-02 20:04 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-02-02 18:58 . 2010-02-02 18:59 -------- d-----w- c:\users\Fede\AppData\Local\Adobe
2010-02-02 17:04 . 2010-02-02 20:08 -------- d-----w- c:\users\Fede\AppData\Local\temp
2010-02-02 00:31 . 2010-02-02 02:36 -------- d-----w- c:\program files\Crawler
2010-02-01 08:27 . 2010-02-01 08:27 27656 ----a-w- c:\windows\system32\drivers\pxsec.sys
2010-02-01 07:19 . 2006-06-19 15:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2010-02-01 07:19 . 2006-05-25 17:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2010-02-01 07:19 . 2005-08-26 03:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2010-02-01 07:19 . 2003-02-02 22:06 153088 ----a-w- c:\windows\system32\UNRAR3.dll
2010-02-01 07:19 . 2002-03-06 03:00 75264 ----a-w- c:\windows\system32\unacev2.dll
2010-02-01 07:19 . 2010-02-01 07:19 -------- d-----w- c:\users\Fede\AppData\Roaming\Simply Super Software
2010-02-01 07:19 . 2010-02-01 07:19 -------- d-----w- c:\programdata\Simply Super Software
2010-02-01 07:19 . 2010-02-01 07:22 -------- d-----w- c:\program files\Trojan Remover
2010-02-01 07:06 . 2010-02-02 09:53 -------- d-----w- c:\program files\WinClamAVShield
2010-02-01 07:04 . 2010-02-01 07:04 6144 ----a-w- c:\programdata\Spyware Terminator\sp_rsdel.exe
2010-02-01 07:04 . 2010-02-01 07:04 5632 ----a-w- c:\programdata\Spyware Terminator\fileobjinfo.sys
2010-02-01 07:04 . 2010-02-01 07:04 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2010-02-01 07:04 . 2010-02-02 07:48 -------- d-----w- c:\users\Fede\AppData\Roaming\Spyware Terminator
2010-02-01 07:04 . 2010-02-02 09:53 -------- d-----w- c:\programdata\Spyware Terminator
2010-02-01 07:04 . 2010-02-02 19:43 -------- d-----w- c:\program files\Spyware Terminator
2010-02-01 06:18 . 2010-02-01 06:18 53136 ----a-w- c:\windows\system32\PxSecure.dll
2010-02-01 06:18 . 2010-02-01 08:27 22024 ----a-w- c:\windows\system32\drivers\pxscan.sys
2010-02-01 06:18 . 2010-02-01 06:18 47664 ----a-w- c:\windows\system32\drivers\pxrts.sys
2010-02-01 06:18 . 2010-02-01 06:18 24496 ----a-w- c:\windows\system32\drivers\pxkbf.sys
2010-02-01 06:18 . 2010-02-01 06:18 -------- d-----w- c:\program files\wonpanof
2010-02-01 06:12 . 2010-02-01 21:56 -------- d-----w- c:\programdata\PrevxCSI
2010-02-01 03:14 . 2009-06-30 12:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2010-02-01 03:14 . 2010-02-01 03:14 -------- d-----w- c:\program files\Panda Security
2010-01-30 08:22 . 2010-01-30 09:13 -------- d-----w- c:\users\Fede\AppData\Local\AIM
2010-01-30 08:22 . 2010-01-30 08:22 -------- d-----w- c:\users\Fede\AppData\Local\AOL
2010-01-30 04:22 . 2004-05-10 16:14 118272 ----a-w- c:\windows\system32\SX5363S.DLL
2010-01-30 04:22 . 2004-05-10 16:14 102400 ----a-w- c:\windows\system32\RV32RTP.dll
2010-01-30 04:22 . 2010-01-30 04:22 -------- d-----w- c:\program files\Gameforge4D
2010-01-28 17:36 . 2010-01-28 17:36 -------- d-----w- c:\users\Fede\AppData\Local\Apps
2010-01-28 08:44 . 2010-01-28 08:44 -------- d-----w- c:\users\Fede\AppData\Local\Sunbelt Software
2010-01-28 08:34 . 2010-01-28 08:34 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-01-28 08:34 . 2010-01-28 08:34 93360 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Drivers\SBREDrv.sys
2010-01-28 08:33 . 2010-01-28 08:33 283944 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\vipre.dll
2010-01-28 08:33 . 2010-01-28 08:33 8 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\unacev2.dll
2010-01-28 08:33 . 2010-01-28 08:33 8 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\msvcp71.dll
2010-01-28 08:33 . 2010-01-28 08:33 218824 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\VipreBridge.dll
2010-01-28 08:33 . 2010-01-28 08:33 1228584 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\SBTE.dll
2010-01-28 08:33 . 2010-01-28 08:33 247080 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\SBRE.dll
2010-01-27 16:34 . 2009-10-31 05:45 2614272 ----a-w- c:\windows\explorer.exe
2010-01-27 16:33 . 2009-10-28 06:17 285696 ----a-w- c:\windows\system32\winlogon.exe
2010-01-26 02:10 . 2010-01-22 14:49 8520 ----a-w- c:\users\Fede\AppData\Roaming\Mozilla\Firefox\Profiles\8ykwrfiw.default\extensions\[email protected]\plugins\ractrlkeyhook.dll
2010-01-26 02:10 . 2010-01-22 14:46 574768 ----a-w- c:\users\Fede\AppData\Roaming\Mozilla\Firefox\Profiles\8ykwrfiw.default\extensions\[email protected]\plugins\LMIGuardianDll.dll
2010-01-26 02:10 . 2010-01-22 14:46 83256 ----a-w- c:\users\Fede\AppData\Roaming\Mozilla\Firefox\Profiles\8ykwrfiw.default\extensions\[email protected]\plugins\LMIGuardian.exe
2010-01-26 02:10 . 2010-01-22 14:46 15664 ----a-w- c:\users\Fede\AppData\Roaming\Mozilla\Firefox\Profiles\8ykwrfiw.default\extensions\[email protected]\plugins\LMIGuardianEvt.dll
2010-01-26 02:10 . 2010-01-22 15:13 3858432 ----a-w- c:\users\Fede\AppData\Roaming\Mozilla\Firefox\Profiles\8ykwrfiw.default\extensions\[email protected]\plugins\npRACtrl.dll
2010-01-26 02:10 . 2010-01-22 14:49 70984 ----a-w- c:\users\Fede\AppData\Roaming\Mozilla\Firefox\Profiles\8ykwrfiw.default\extensions\[email protected]\plugins\LMIProxyHelper.exe
2010-01-24 19:26 . 2010-01-24 19:26 36864 ----a-w- c:\programdata\Temp\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\PostBuild.exe
2010-01-24 19:14 . 2010-01-24 19:14 -------- d-----w- c:\users\Fede\AppData\Local\Broadcom
2010-01-24 19:13 . 2009-09-17 14:54 18472 ----a-w- c:\windows\system32\drivers\btwrchid.sys
2010-01-24 19:13 . 2009-09-17 14:54 29472 ----a-w- c:\windows\system32\drivers\btwl2cap.sys
2010-01-24 19:13 . 2009-09-17 14:54 108072 ----a-w- c:\windows\system32\drivers\btwavdt.sys
2010-01-24 19:13 . 2009-09-17 14:54 86056 ----a-w- c:\windows\system32\drivers\btwaudio.sys
2010-01-24 19:12 . 2010-01-24 19:12 -------- d-----w- c:\program files\WIDCOMM
2010-01-22 21:33 . 2010-01-22 21:34 -------- d-----w- C:\ProcessExplorer
2010-01-22 21:33 . 2010-01-22 21:33 1615732 ----a-w- C:\ProcessExplorer.zip
2010-01-22 19:51 . 2010-01-29 10:02 -------- d-----w- c:\program files\SpywareGuard
2010-01-22 19:45 . 2009-09-23 12:55 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-01-22 19:45 . 2010-01-28 08:34 537576 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\aawapi.dll
2010-01-22 19:42 . 2010-01-22 19:42 -------- dc-h--w- c:\programdata\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2010-01-22 19:42 . 2009-10-03 08:15 2924848 -c--a-w- c:\programdata\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe
2010-01-22 11:56 . 2009-09-28 22:34 47416 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2010-01-22 11:56 . 2009-09-28 22:34 28984 ----a-w- c:\windows\system32\LMIport.dll
2010-01-22 11:56 . 2009-09-28 22:34 83288 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2010-01-22 11:56 . 2008-08-11 15:41 47640 ----a-w- c:\windows\system32\drivers\LMIRfsDriver.sys
2010-01-22 11:56 . 2009-09-28 22:34 87352 ----a-w- c:\windows\system32\LMIinit.dll
2010-01-22 11:55 . 2010-02-02 06:18 -------- d-----w- c:\program files\LogMeIn
2010-01-21 19:14 . 2009-12-19 09:02 977920 ----a-w- c:\windows\system32\wininet.dll
2010-01-21 18:18 . 2010-01-21 18:12 38784 ----a-w- c:\users\Fede\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-01-21 18:13 . 2010-01-21 18:12 38784 ----a-w- c:\users\Default\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-01-21 18:13 . 2010-01-21 18:13 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-01-21 18:10 . 2010-01-21 18:18 -------- d-----w- c:\programdata\Electronic Arts
2010-01-21 16:06 . 2010-01-21 16:06 10134 ----a-r- c:\users\Fede\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
2010-01-21 16:06 . 2010-01-21 16:06 -------- d-----w- c:\program files\Microsoft WSE
2010-01-21 15:50 . 2010-01-22 03:13 -------- d-----w- c:\program files\Electronic Arts
2010-01-20 02:15 . 2010-01-20 02:15 -------- d-----w- c:\windows\system32\Adobe
2010-01-19 22:25 . 2010-01-19 22:25 -------- d-----w- c:\users\Fede\AppData\Local\ESET
2010-01-18 03:25 . 2010-02-01 06:11 1982464 ----a-w- c:\programdata\Microsoft\Windows Defender\LocalCopy\{544A77D6-7227-1F26-B329-53134F02AE53}-PWO.exe
2010-01-16 17:56 . 2010-01-16 17:56 -------- d-----w- C:\mIRCBACKUP
2010-01-16 17:19 . 2010-02-02 19:21 -------- d-----w- C:\mIRC
2010-01-16 15:21 . 2010-01-16 15:21 -------- d-sh--w- c:\windows\system32\%APPDATA%
2010-01-16 15:08 . 2010-01-16 15:08 -------- d-----w- c:\program files\Microsoft Synchronization Services
2010-01-16 15:08 . 2010-01-16 15:08 -------- d-----w- c:\program files\Microsoft.NET
2010-01-16 15:05 . 2010-01-16 15:05 -------- d-----w- c:\program files\Microsoft Analysis Services
2010-01-16 15:04 . 2010-01-16 15:04 -------- d-----w- c:\users\Fede\AppData\Local\Microsoft Help
2010-01-16 15:03 . 2010-01-16 15:03 -------- d-----w- C:\FILES
2010-01-16 15:03 . 2010-01-16 15:21 -------- d-----w- c:\programdata\Microsoft Help
2010-01-16 15:02 . 2010-01-16 15:02 -------- d-----r- C:\MSOCache
2010-01-16 13:46 . 2010-01-16 13:46 -------- d-----w- c:\programdata\Virtualized Applications
2010-01-16 10:17 . 2010-01-16 10:23 -------- d-----w- c:\users\Fede\AppData\Local\IceChat
2010-01-16 09:01 . 2010-01-16 09:01 -------- d-----w- c:\users\Fede\AppData\Local\SoftGrid Client
2010-01-16 09:01 . 2010-01-16 14:19 -------- d-----w- c:\users\Fede\AppData\Roaming\SoftGrid Client
2010-01-16 08:55 . 2010-01-16 13:45 -------- d-----w- c:\users\Fede\AppData\Roaming\TP
2010-01-14 17:44 . 2010-01-14 17:44 52224 ----a-w- c:\users\Fede\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-01-14 17:44 . 2010-02-02 17:24 117760 ----a-w- c:\users\Fede\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-01-14 17:44 . 2010-01-14 17:44 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2010-01-14 17:44 . 2010-01-14 21:58 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-01-14 17:44 . 2010-01-14 17:44 -------- d-----w- c:\users\Fede\AppData\Roaming\SUPERAntiSpyware.com
2010-01-14 17:43 . 2010-01-14 17:43 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-01-14 08:24 . 2010-01-14 08:24 -------- d-----w- c:\programdata\LightScribe
2010-01-14 01:54 . 2010-01-26 23:03 -------- d-----w- c:\users\Fede\AppData\Roaming\skypePM
2010-01-14 01:52 . 2010-01-26 23:11 -------- d-----w- c:\users\Fede\AppData\Roaming\Skype
2010-01-14 01:51 . 2010-01-14 01:51 -------- d-----w- c:\program files\Common Files\Skype
2010-01-14 01:51 . 2010-01-14 01:52 -------- d-----r- c:\program files\Skype
2010-01-14 01:51 . 2010-01-14 01:51 -------- d-----w- c:\programdata\Skype
2010-01-12 23:08 . 2009-10-19 14:10 108544 ----a-w- c:\windows\system32\t2embed.dll
2010-01-12 23:08 . 2009-10-19 14:10 70656 ----a-w- c:\windows\system32\fontsub.dll
2010-01-12 21:09 . 2010-01-12 21:09 -------- d-----w- c:\program files\IceChat7
2010-01-12 08:52 . 2010-01-12 08:52 -------- d-----w- c:\users\Fede\AppData\Local\Growl
2010-01-12 08:52 . 2010-01-12 17:47 -------- d-----w- c:\program files\Growl for Windows
2010-01-12 07:46 . 2010-01-12 07:46 -------- d-----w- c:\users\Fede\Script SMS
2010-01-12 06:07 . 1996-10-15 13:40 291600 ----a-w- c:\windows\system\WININET.DLL
2010-01-12 06:07 . 2010-01-12 06:07 -------- d-----w- C:\SIERRA
2010-01-12 05:48 . 2006-10-17 01:16 1227264 ----a-w- c:\windows\system32\dx8vb.dll
2010-01-12 05:47 . 2010-01-26 19:11 -------- d-----w- c:\program files\Pokemon World Online
2010-01-11 18:49 . 2005-08-25 22:18 118784 ----a-w- c:\windows\system32\MSSTDFMT.DLL
2010-01-11 18:49 . 2010-02-01 06:57 -------- d-----w- c:\program files\SpywareBlaster
2010-01-11 08:44 . 2010-01-11 08:44 -------- d-----w- c:\program files\Alcohol Soft
2010-01-11 08:38 . 2010-01-11 08:38 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-01-10 11:35 . 2010-01-10 17:21 -------- d-----w- c:\program files\sXe Injected

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-28 14:39 . 2010-01-28 08:43 3495248 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Defs\Extended\vcore.dll
2010-01-28 08:34 . 2010-01-07 09:20 862040 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\threatwork.exe
2010-01-28 08:34 . 2010-01-07 09:20 15880 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\lsdelete.exe
2010-01-28 08:34 . 2010-01-07 09:20 206944 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\lavamessage.dll
2010-01-28 08:34 . 2010-01-07 09:20 390288 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\lavalicense.dll
2010-01-28 08:34 . 2010-01-07 09:20 389272 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2010-01-28 08:34 . 2010-01-07 09:20 163728 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\ShellExt.dll
2010-01-25 00:17 . 2010-01-01 04:23 -------- d-----w- c:\users\Fede\AppData\Roaming\CyberLink
2010-01-24 19:57 . 2009-12-28 00:30 36864 ----a-w- c:\programdata\Temp\{DCCAD079-F92C-44DA-B258-624FC6517A5A}\PostBuild.exe
2010-01-24 19:28 . 2009-12-27 22:49 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-24 19:12 . 2009-12-27 23:11 -------- d-----w- c:\program files\DIFX
2010-01-24 19:11 . 2009-07-14 08:48 694386 ----a-w- c:\windows\system32\perfh00A.dat
2010-01-24 19:11 . 2009-07-14 08:48 134448 ----a-w- c:\windows\system32\perfc00A.dat
2010-01-20 18:38 . 2009-12-28 02:12 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-20 12:10 . 2010-01-28 08:43 259408 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Defs\Extended\remediation.dll
2010-01-18 04:04 . 2009-12-28 13:43 -------- d-----w- c:\program files\JDownloader
2010-01-16 15:24 . 2009-12-27 23:16 108824 ----a-w- c:\users\Fede\AppData\Local\GDIPFONTCACHEV1.DAT
2010-01-16 15:08 . 2009-12-28 02:10 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-01-16 09:37 . 2010-01-02 20:00 -------- d-----w- c:\users\Fede\AppData\Roaming\KeePass
2010-01-14 14:12 . 2009-12-27 22:32 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-14 01:54 . 2010-01-14 01:54 56 ---ha-w- c:\programdata\ezsidmv.dat
2010-01-11 08:56 . 2010-01-03 07:12 -------- d-----w- c:\users\Fede\AppData\Roaming\uTorrent
2010-01-11 04:49 . 2010-01-11 04:49 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
2010-01-10 11:27 . 2010-01-02 20:01 -------- d-----w- c:\program files\Common Files\InstallShield
2010-01-07 09:21 . 2010-01-07 09:21 131072 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\pcre.dll
2010-01-07 09:21 . 2010-01-07 09:21 11776 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\libavll.dll
2010-01-07 09:21 . 2010-01-07 09:21 192512 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\libaprutil-1.dll
2010-01-07 09:21 . 2010-01-07 09:21 139264 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\libapr-1.dll
2010-01-07 09:21 . 2010-01-07 09:21 102400 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\avpal.dll
2010-01-07 09:20 . 2010-01-07 09:20 17632 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\WSCUpdate.dll
2010-01-07 09:20 . 2010-01-07 09:20 68640 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Drivers\64\lbd.sys
2010-01-07 09:20 . 2010-01-07 09:20 303976 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Drivers\64\AAWDriverTool.exe
2010-01-07 09:20 . 2010-01-07 09:20 64160 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Drivers\32\lbd.sys
2010-01-06 13:44 . 2010-01-28 08:43 226640 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Defs\Extended\libZip.dll
2010-01-06 13:44 . 2010-01-28 08:43 390480 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Defs\Extended\libVvs.dll
2010-01-06 13:44 . 2010-01-28 08:43 173392 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Defs\Extended\LIBTD.DLL
2010-01-06 13:44 . 2010-01-28 08:43 296272 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Defs\Extended\libRar.dll
2010-01-06 13:44 . 2010-01-28 08:43 365904 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Defs\Extended\Libolea.dll
2010-01-06 13:44 . 2010-01-28 08:43 206160 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Defs\Extended\libNSIS.dll
2010-01-06 13:44 . 2010-01-28 08:43 202064 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Defs\Extended\libMsi.dll
2010-01-06 13:44 . 2010-01-28 08:43 283984 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Defs\Extended\LIBEMAIL.DLL
2010-01-06 13:44 . 2010-01-28 08:43 206160 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Defs\Extended\libCHM.dll
2010-01-06 02:40 . 2010-01-06 02:39 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-01-06 02:38 . 2010-01-06 02:38 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2010-01-03 07:14 . 2010-01-03 07:14 -------- d-----w- c:\program files\uTorrent
2010-01-02 22:24 . 2010-01-02 22:24 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_WinUSB_01007.Wdf
2010-01-02 22:24 . 2010-01-02 22:24 -------- d-----w- c:\program files\Validity Sensors, Inc
2010-01-02 20:33 . 2010-01-02 20:33 -------- d-----w- c:\users\Fede\AppData\Roaming\acccore
2010-01-02 20:33 . 2010-01-02 20:33 -------- d-----w- c:\programdata\AIM
2010-01-02 20:33 . 2010-01-02 20:32 -------- d-----w- c:\program files\AIM
2010-01-02 20:32 . 2010-01-02 20:32 -------- d-----w- c:\program files\Common Files\Software Update Utility
2010-01-02 20:32 . 2010-01-02 20:32 -------- d-----w- c:\program files\Common Files\AOL
2010-01-02 20:03 . 2010-01-02 20:03 -------- d-----w- c:\programdata\GlobalSCAPE
2010-01-02 20:03 . 2010-01-02 20:03 -------- d-----w- c:\users\Fede\AppData\Roaming\GlobalSCAPE
2010-01-02 20:02 . 2010-01-02 20:02 -------- d-----w- c:\program files\GlobalSCAPE
2010-01-02 19:56 . 2010-01-02 19:56 -------- d-----w- c:\program files\KeePass Password Safe 2
2009-12-30 18:59 . 2009-12-28 03:16 -------- d-----w- c:\programdata\Messenger Plus!
2009-12-28 13:43 . 2009-12-28 13:43 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-28 13:43 . 2009-12-28 13:43 -------- d-----w- c:\program files\Java
2009-12-28 03:14 . 2009-12-28 01:21 -------- d-----w- c:\program files\DigitalPersona
2009-12-28 03:06 . 2009-12-28 00:35 -------- d-----w- c:\users\Fede\AppData\Roaming\Hewlett-Packard
2009-12-28 03:06 . 2009-12-28 03:06 -------- d-----w- c:\program files\Messenger Plus! Live
2009-12-28 02:44 . 2009-12-28 02:44 -------- d-----w- c:\users\Fede\AppData\Roaming\Postbox
2009-12-28 02:44 . 2009-12-28 02:44 -------- d-----w- c:\program files\Postbox
2009-12-28 02:11 . 2009-12-28 02:09 -------- d-----w- c:\program files\Windows Live
2009-12-28 02:10 . 2009-12-28 02:10 -------- d-----w- c:\program files\Microsoft
2009-12-28 02:09 . 2009-12-28 02:09 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-12-28 01:54 . 2009-12-28 01:54 0 ---ha-w- c:\windows\system32\drivers\Msft_User_wbvfs201_01_09_00.Wdf
2009-12-28 01:54 . 2009-12-28 01:54 -------- d-----w- c:\program files\Validity Sensors
2009-12-28 01:52 . 2009-12-28 01:52 -------- d-----w- c:\program files\Common Files\Windows Live
2009-12-28 01:46 . 2009-12-28 01:46 -------- d-----w- c:\program files\ESET
2009-12-28 01:38 . 2009-12-28 01:38 -------- d-----w- c:\program files\MSXML 4.0
2009-12-28 01:36 . 2009-12-28 00:31 -------- d-----w- c:\programdata\Hewlett-Packard
2009-12-28 01:36 . 2009-12-27 23:13 -------- d-----w- c:\program files\Hewlett-Packard
2009-12-28 01:33 . 2009-12-28 01:33 -------- d-----w- c:\programdata\{657095DF-DBDB-4B17-8245-B38845C97069}
2009-12-28 01:27 . 2009-12-28 01:27 -------- d-----w- c:\program files\Common Files\LightScribe
2009-12-28 01:24 . 2009-12-28 01:24 -------- d-----w- c:\users\Fede\AppData\Roaming\Macrovision
2009-12-28 01:23 . 2009-12-28 01:23 -------- d-----w- c:\users\Fede\AppData\Roaming\DigitalPersona
2009-12-28 01:21 . 2009-12-28 01:21 -------- d-----w- c:\programdata\Macrovision
2009-12-28 01:19 . 2009-12-28 01:19 -------- d-----w- c:\programdata\Downloaded Installations
2009-12-28 00:34 . 2009-12-28 00:34 -------- d-----w- c:\program files\AVerMedia
2009-12-28 00:22 . 2009-12-28 00:22 -------- d-----w- c:\programdata\CyberLink
2009-12-28 00:20 . 2009-12-28 00:20 36864 ----a-w- c:\programdata\Temp\{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}\PostBuild.exe
2009-12-28 00:18 . 2009-12-28 00:18 36864 ----a-w- c:\programdata\Temp\{3023EBDA-BF1B-4831-B347-E5018555F26E}\PostBuild.exe
2009-12-27 23:39 . 2009-12-27 23:39 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_enecir_01009.Wdf
2009-12-27 23:37 . 2009-12-27 23:37 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_Apfiltr_01005.Wdf
2009-12-27 23:37 . 2009-12-27 23:37 -------- d-----w- c:\program files\Apoint2K
2009-12-27 23:33 . 2009-12-27 23:33 -------- d-----w- c:\program files\HP USB TV Tuner
2009-12-27 23:26 . 2009-12-27 23:13 -------- d-----w- c:\users\Fede\AppData\Roaming\hpqLog
2009-12-27 23:16 . 2009-12-27 23:16 -------- d-----w- c:\users\Fede\AppData\Roaming\ATI
2009-12-27 23:16 . 2009-12-27 23:16 -------- d-----w- c:\programdata\ATI
2009-12-27 23:11 . 2009-12-27 23:11 -------- d-----w- c:\program files\Realtek
2009-12-27 23:11 . 2009-12-27 23:11 -------- d-----w- c:\program files\AMD
2009-12-27 23:10 . 2009-12-27 23:09 -------- d-----w- c:\program files\ATI Technologies
2009-12-27 23:09 . 2009-12-27 23:09 10134 ----a-r- c:\users\Fede\AppData\Roaming\Microsoft\Installer\{385F4954-2ECF-75CC-2503-30CD274C6B7C}\ARPPRODUCTICON.exe
2009-12-27 22:51 . 2009-12-27 22:31 -------- d-----w- c:\program files\IDT
2009-12-27 22:45 . 2009-12-27 22:45 -------- d-----w- c:\program files\JMicron
2009-12-27 22:43 . 2009-12-27 22:43 -------- d-----w- c:\program files\ATI
2009-12-27 22:40 . 2009-12-27 22:40 10134 ----a-r- c:\users\Fede\AppData\Roaming\Microsoft\Installer\{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}\ARPPRODUCTICON.exe
2009-12-27 22:40 . 2009-12-27 22:40 -------- d-----w- c:\program files\HP
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
2009-11-04 00:12 556432 ----a-w- c:\progra~1\MIF5BA~1\Office14\URLREDIR.DLL

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-08-20 2363392]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-01-05 2002160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-07-22 458844]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-08-05 98304]
"WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-11-24 323640]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-05-15 282624]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-11-16 2054360]
"DpAgent"="c:\program files\DigitalPersona\Bin\dpagent.exe" [2009-12-01 842816]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-01-07 429392]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-01-07 1394000]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2009-09-27 83312]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-08-11 63048]
"HPCam_Menu"="c:\program files\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" [2009-02-25 218408]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2010-02-01 2166784]
"TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2009-10-17 1070984]

c:\users\Fede\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
SpywareGuard.lnk - c:\program files\SpywareGuard\sgmain.exe [2003-8-29 360448]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 17:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli DPPWDFLT

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys]
@="FSFilter System Recovery"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch]
2010-01-28 08:33 788880 ----a-w- c:\program files\Lavasoft\Ad-Aware\AAWTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-12-11 18:57 948672 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [22/01/2010 16:45 64288]
R0 pavboot;pavboot;c:\windows\System32\drivers\pavboot.sys [01/02/2010 00:14 28552]
R0 pxscan;pxscan;c:\windows\System32\drivers\pxscan.sys [01/02/2010 03:18 22024]
R0 pxsec;pxsec;c:\windows\System32\drivers\pxsec.sys [01/02/2010 05:27 27656]
R1 ehdrv;ehdrv;c:\windows\System32\drivers\ehdrv.sys [16/11/2009 09:03 108792]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [05/01/2010 07:56 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [05/01/2010 07:56 74480]
R1 SBRE;SBRE;c:\windows\System32\drivers\SBREDrv.sys [28/01/2010 05:34 93360]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\System32\drivers\sp_rsdrv2.sys [01/02/2010 04:04 142592]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\System32\drivers\vwififlt.sys [13/07/2009 20:52 48128]
R2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2010/01/24 17:00];c:\program files\Hewlett-Packard\Media\DVD\000.fcl [24/01/2010 16:59 87536]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_8e7d5b9d3a91d8c5\AEstSrv.exe [27/12/2009 19:31 81920]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\System32\atiesrxx.exe [04/08/2009 20:44 176128]
R2 CSIScanner;CSIScanner;c:\program files\wonpanof\wonpanof.exe [01/02/2010 03:18 4368952]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [16/11/2009 09:04 735960]
R2 epfwwfp;epfwwfp;c:\windows\System32\drivers\epfwwfp.sys [16/11/2009 09:06 38240]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\System32\drivers\LMIRfsDriver.sys [22/01/2010 08:56 47640]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [12/01/2010 14:23 236368]
R2 pxrts;pxrts;c:\windows\System32\drivers\pxrts.sys [01/02/2010 03:18 47664]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [07/01/2010 04:47 1153368]
R2 vfsFPService;Validity Fingerprint Service;c:\windows\System32\vfsFPService.exe [03/06/2009 02:12 599344]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [27/12/2009 20:27 228408]
R3 enecir;ENE CIR Receiver;c:\windows\System32\drivers\enecir.sys [20/05/2009 14:08 59904]
R3 MBAMProtector;MBAMProtector;c:\windows\System32\drivers\mbam.sys [07/01/2010 23:27 19160]
R3 pxkbf;pxkbf;c:\windows\System32\drivers\pxkbf.sys [01/02/2010 03:18 24496]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\System32\drivers\Rt86win7.sys [27/12/2009 20:11 167936]
R3 usbfilter;AMD USB Filter Driver;c:\windows\System32\drivers\usbfilter.sys [27/12/2009 20:11 27320]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [24/09/2009 08:17 1181328]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [11/08/2008 12:41 12856]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\System32\drivers\btwl2cap.sys [24/01/2010 16:13 29472]
S3 JMCR;JMCR;c:\windows\System32\drivers\jmcr.sys [29/07/2009 05:28 116064]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [26/09/2009 04:28 4639136]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [05/01/2010 07:56 7408]
S4 sptd;sptd;c:\windows\System32\drivers\sptd.sys [11/01/2010 05:38 721904]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-08-20 16:24 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2010-02-02 c:\windows\Tasks\Malwarebytes' Scheduled Scan for Fede.job
- c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2010-01-08 19:07]

2010-02-02 c:\windows\Tasks\Malwarebytes' Scheduled Update for Fede.job
- c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2010-01-08 19:07]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: &Enviar a OneNote - c:\progra~1\MIF5BA~1\Office14\ONBttnIE.dll/105
IE: Crawler Search - tbr:iemenu
IE: E&xportar a Microsoft Excel - c:\progra~1\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Enviar imagen al dispositivo &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Enviar página al dispositivo &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: {A17FC596-11F9-4EF0-A62C-67590169FC2B} = 192.168.0.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\ctbr.dll
FF - ProfilePath - c:\users\Fede\AppData\Roaming\Mozilla\Firefox\Profiles\8ykwrfiw.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: c:\progra~1\MIF5BA~1\Office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\MIF5BA~1\Office14\NPSPWRAP.DLL
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\Fede\AppData\Roaming\Mozilla\Firefox\Profiles\8ykwrfiw.default\extensions\[email protected]\plugins\npRACtrl.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{55662437-DA8C-40c0-AADA-2C816A897A49}]
"ImagePath"="\??\c:\program files\Hewlett-Packard\Media\DVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d1,af,c4,04,c8,ec,44,45,a9,19,db,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d1,af,c4,04,c8,ec,44,45,a9,19,db,\

[HKEY_USERS\S-1-5-21-2141358843-2114022783-2833494768-1001\Software\SecuROM\License information*]
"datasecu"=hex:3b,99,fb,a0,e9,94,fa,0a,83,6b,e6,c2,13,73,c7,9f,30,dd,9b,5e,f1,
de,c4,ec,1d,f6,f9,34,c3,a7,43,78,21,47,a3,9b,50,9a,74,8d,60,8a,fe,fd,66,35,\
"rkeysecu"=hex:85,26,92,16,23,5b,07,ba,6e,16,43,fe,fa,ac,17,fd

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(556)
c:\windows\system32\DPPWDFLT.DLL

- - - - - - - > 'Explorer.exe'(5516)
c:\program files\DigitalPersona\Bin\DpoFeedb.dll
c:\program files\DigitalPersona\Bin\DpoSet.dll
c:\program files\WIDCOMM\Bluetooth Software\btncopy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_8e7d5b9d3a91d8c5\STacSV.exe
c:\windows\system32\atieclxx.exe
c:\program files\DigitalPersona\Bin\DpHostW.exe
c:\program files\WIDCOMM\Bluetooth Software\btwdins.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Spyware Terminator\sp_rsser.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\program files\Apoint2K\ApMsgFwd.exe
c:\program files\Apoint2K\Apntex.exe
c:\windows\system32\conhost.exe
c:\program files\Hewlett-Packard\Shared\hpqToaster.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2010-02-02 17:12:54 - machine was rebooted
ComboFix-quarantined-files.txt 2010-02-02 20:12
ComboFix2.txt 2010-02-02 17:13

Pre-Run: 102.856.437.760 bytes libres
Post-Run: 102.812.856.320 bytes libres

- - End Of File - - E8E588A4ECBADD8255C6D167955AD8B0


Thank for your assistance :)
  • 0

#7
RKinner
Posted 02 February 2010 - 07:21 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
Looks better.

I see you have Messenger Plus! installed. In the past this program used to install a sponsor program along with itself and the sponsor program was very nasty adware. There was an option to opt out of the sponsor program in later versions and after many protests uninstalling Messenger Plus! also uninstalled the sponsor. Haven't seen it much recently so don't know if it still carries the nasty payload. Don't see any sign of the old payload anyway.

e need to clean up System Restore. Follow Jim's procedure here:
http://forum.aumha.o...581099691bf108f


I usually recommend a free BitDefender online scan as a final check to see if we missed anything. http://www.bitdefend...nline/free.html
It takes a while (hours) and you have to turn off your antivirus while you are running it but it is pretty thorough. It doesn't fix anything so if it finds something (that is not in SDFix, Qoobox, or your antivirus's subfolders) you should save the log and post it in a reply.
If windows blocks the active x then try putting Bitdefender in your trusted sites: In IE, Tool, Internet Options, Security, Trusted Sites, Sites. Then uncheck the HTTPS box and put in *.bitdefender.com then ADD. OK.

If BitDefender comes back clean then you can uninstall or delete any tools we had you download and their logs. You can manually remove C:\george, C:\qoobox then put your system back the way it was (tho i would leave the hide extensions option unchecked.)


You do not have the latest Java. Get the latest at:

http://www.java.com/...nload/index.jsp


Once you install it, go into Control Panel, Add/Remove Software and remove any old versions (which may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE)
(I see Java™ 6 Update 15)

Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat. Adobe is fond of foisting GetPlus on you. You can let them install it and then afterwards, go into Control Panel, Add/Remove Software and remove it. It probably doesn't hurt to leave it but I don't see the need for it and it has caused problems in the past.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program. It's the same for Foxit reader except you uncheck Enable Javascript Actions.

I recommend you install the free WinPatrol 2010 from http://www.winpatrol.com/download.html

It's a small program that will sit in your systray and warn you if something tries to make changes to your system.

Ron
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP