[Millielin]

Hello,

I previously posted in the Software forum about this issue but was told to post here instead to see if it helped more. Lately, I've been having issues with using Microsoft and Open Office. About a week ago by Microsoft program stopped working and a message started popping up saying that the program is not genuine. However, I know this is not true since I bought it legally a few years back from a retail store. Whenever I try to validate it online it always says "validation interrupted" and tries to get me to buy new products. I can't even click on the Start button since it entirely disappears whenever I log in normally and if I try to exit out of my internet browser my computer logs me off.

The only times I can somewhat access it normally is during safe mode were Microsoft word will slightly work but I can't install anything that might help. Also, when in either mode, I can't access my computer protection software(along with Open Office) which says it is currently unavailable but before the validation messages began showing up it worked just fine. If it helps with solving the issue I used to have Norton before it expired and I switched to Defender Pro 15 in 1.

[Advertisements]

Hello Millielin and welcome to my office here at G2G!

My nick is maliprog and I'll will be your technical support on this issue. Before we start please read my notes carefully:

NOTE:

• Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
• Absence of symptoms does not always mean the computer is clean
• Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
• Please DO NOT run any scans or fix on your own without my direction.
• Please read all of my response through at least once before attempting to follow the procedures described.
• If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
• Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply.
• You must reply within 3 days or your topic will be closed

OK. Let's see if there is anything hiding from us

Step 1

Download OTL to your Desktop

• Double click on the icon to run it (If running Vista or Windows 7, right click on it and select "Run as an Administrator")
  . Make sure all other windows are closed and to let it run uninterrupted.
  
• Under the Custom Scan box paste this in

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
CREATERESTOREPOINT

• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them if you need to start a new topic.

Step 2

Download GMER from Here. Note the file's name and save it to your root folder, such as C:.

• Disconnect from the Internet and close all running programs.
• Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
• Click on this link to see a list of programs that should be disabled.
• Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
• Allow the driver to load if asked.
• You may be prompted to scan immediately if it detects rootkit activity.
• If you are prompted to scan your system click "No", save the log and post back the results.
• If not prompted, click the "Rootkit/Malware" tab.
• On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
• Select all drives that are connected to your system to be scanned.
• Click the Scan button to begin. (Please be patient as it can take some time to complete)
• When the scan is finished, click Save to save the scan results to your Desktop.
• Save the file as Results.log and copy/paste the contents in your next reply.
• Exit the program and re-enable all active protection when done.

Step 3

Please don't forget to include these items in your reply:

• OTL log
• OTL Extras log
• GMER log

It would be helpful if you could post each log in separate post

[maliprog]

Hello Millielin and welcome to my office here at G2G!

My nick is maliprog and I'll will be your technical support on this issue. Before we start please read my notes carefully:

NOTE:

• Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
• Absence of symptoms does not always mean the computer is clean
• Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
• Please DO NOT run any scans or fix on your own without my direction.
• Please read all of my response through at least once before attempting to follow the procedures described.
• If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
• Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply.
• You must reply within 3 days or your topic will be closed

OK. Let's see if there is anything hiding from us

Step 1

Download OTL to your Desktop

• Double click on the icon to run it (If running Vista or Windows 7, right click on it and select "Run as an Administrator")
  . Make sure all other windows are closed and to let it run uninterrupted.
  
• Under the Custom Scan box paste this in

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
CREATERESTOREPOINT

• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them if you need to start a new topic.

Step 2

Download GMER from Here. Note the file's name and save it to your root folder, such as C:.

• Disconnect from the Internet and close all running programs.
• Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
• Click on this link to see a list of programs that should be disabled.
• Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
• Allow the driver to load if asked.
• You may be prompted to scan immediately if it detects rootkit activity.
• If you are prompted to scan your system click "No", save the log and post back the results.
• If not prompted, click the "Rootkit/Malware" tab.
• On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
• Select all drives that are connected to your system to be scanned.
• Click the Scan button to begin. (Please be patient as it can take some time to complete)
• When the scan is finished, click Save to save the scan results to your Desktop.
• Save the file as Results.log and copy/paste the contents in your next reply.
• Exit the program and re-enable all active protection when done.

Step 3

Please don't forget to include these items in your reply:

• OTL log
• OTL Extras log
• GMER log

It would be helpful if you could post each log in separate post

[Millielin]

Thank you for the help, it's greatly appreciated. Here are the results for the OTL.


OTL logfile created on: 1/20/2012 6:32:59 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Erendira Jimenez\Documents
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.94 Gb Total Physical Memory | 1.24 Gb Available Physical Memory | 64.14% Memory free
4.10 Gb Paging File | 3.61 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 455.72 Gb Total Space | 341.46 Gb Free Space | 74.93% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 3.80 Gb Free Space | 37.97% Space Free | Partition Type: NTFS
Drive E: | 496.34 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: MEDUSA | User Name: Erendira Jimenez | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/18 17:52:17 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Erendira Jimenez\Documents\OTL.scr
PRC - [2012/01/14 12:49:32 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/08/11 17:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2008/10/29 00:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2012/01/14 12:49:32 | 002,124,760 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/11/07 18:49:48 | 008,522,400 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
MOD - [2011/07/22 12:37:56 | 000,202,032 | ---- | M] () -- C:\Program Files\Defender Pro\Defender Pro\txmlutil.dll
MOD - [2010/06/29 10:31:12 | 000,652,800 | ---- | M] () -- C:\Program Files\IZArc\IZArcCM.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/08/11 17:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/08/02 13:21:52 | 001,506,536 | ---- | M] (Defender Pro) [Auto | Stopped] -- C:\Program Files\Defender Pro\Defender Pro\vsserv.exe -- (VSSERV)
SRV - [2011/08/02 13:21:48 | 000,050,128 | ---- | M] (Defender Pro) [Auto | Stopped] -- C:\Program Files\Defender Pro\Defender Pro\updatesrv.exe -- (UPDATESRV)
SRV - [2011/08/02 13:19:54 | 000,307,544 | ---- | M] (Defender Pro) [On_Demand | Stopped] -- C:\Program Files\Common Files\Defender Pro\Defender Pro Arrakis Server\bin\arrakis3.exe -- (Update Server)
SRV - [2009/03/24 13:11:44 | 000,415,024 | ---- | M] (BitDefender SRL) [Auto | Stopped] -- C:\livesrv.exe -- (LIVESRV)
SRV - [2009/01/26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Stopped] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Disabled | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2007/03/19 11:44:44 | 000,070,656 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2006/10/23 06:50:35 | 000,046,640 | ---- | M] (AOL LLC) [Disabled | Stopped] -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS)


========== Driver Services (SafeList) ==========

DRV - [2011/07/22 20:20:05 | 000,311,248 | ---- | M] (BitDefender S.R.L.) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\trufos.sys -- (trufos)
DRV - [2011/07/22 10:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/15 16:11:48 | 000,451,864 | ---- | M] (BitDefender) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\avckf.sys -- (avckf)
DRV - [2011/07/15 16:11:46 | 000,596,600 | ---- | M] (BitDefender) [File_System | Boot | Stopped] -- C:\Windows\system32\DRIVERS\avc3.sys -- (avc3)
DRV - [2011/07/15 16:11:46 | 000,240,184 | ---- | M] (BitDefender) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avchv.sys -- (avchv)
DRV - [2011/07/12 15:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/06/17 19:54:44 | 000,063,568 | ---- | M] (Windows ® Win 7 DDK provider) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\bdsandbox.sys -- (bdsandbox)
DRV - [2011/04/14 08:24:14 | 000,075,264 | ---- | M] () [File_System | Unknown | Running] -- C:\Windows\System32\drivers\dfsc.sys -- (DfsC)
DRV - [2011/03/24 15:36:18 | 000,353,096 | ---- | M] (BitDefender) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\bdfsfltr.sys -- (bdfsfltr)
DRV - [2011/03/01 17:45:36 | 000,074,320 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- c:\Program Files\Common Files\Defender Pro\Defender Pro Firewall\bdfndisf6.sys -- (BdfNdisf)
DRV - [2011/03/01 17:45:32 | 000,130,640 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Program Files\Common Files\Defender Pro\Defender Pro Firewall\bdftdif.sys -- (bdftdif)
DRV - [2010/01/19 19:32:40 | 000,085,128 | ---- | M] (BitDefender) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\bdvedisk.sys -- (BDVEDISK)
DRV - [2009/08/14 07:45:24 | 000,021,248 | -H-- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2009/08/14 07:45:24 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2009/07/14 17:54:00 | 009,557,216 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/01/18 23:55:27 | 000,066,560 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\smb.sys -- (Smb) Message-oriented TCP/IP and TCP/IPv6 Protocol (SMB session)
DRV - [2007/03/15 07:57:30 | 001,059,112 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2007/02/25 11:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2006/11/02 01:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/11/02 01:30:55 | 000,200,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2006/11/01 14:18:15 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2006/10/18 12:08:18 | 000,258,048 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/08/04 18:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=us&ibd=3071018
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Motive, Inc.)
FF - HKLM\Software\MozillaPlugins\[email protected]/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Yahoo!\Common\npyaxmpb.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/14 12:49:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/03 14:18:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\Defender Pro\Defender Pro\bdtbext\ [2012/01/03 14:31:39 | 000,000,000 | ---D | M]

[2011/02/23 22:46:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Erendira Jimenez\AppData\Roaming\Mozilla\Extensions
[2011/12/12 21:07:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Erendira Jimenez\AppData\Roaming\Mozilla\Firefox\Profiles\db8lrqx1.default\extensions
[2011/02/25 09:00:34 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Erendira Jimenez\AppData\Roaming\Mozilla\Firefox\Profiles\db8lrqx1.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/12/12 21:07:10 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Erendira Jimenez\AppData\Roaming\Mozilla\Firefox\Profiles\db8lrqx1.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/03/21 13:12:22 | 000,000,000 | ---D | M] (Search Toolbar) -- C:\Users\Erendira Jimenez\AppData\Roaming\Mozilla\Firefox\Profiles\db8lrqx1.default\extensions\[email protected]
[2011/03/21 13:12:22 | 000,001,919 | ---- | M] () -- C:\Users\Erendira Jimenez\AppData\Roaming\Mozilla\Firefox\Profiles\db8lrqx1.default\searchplugins\bing-zugo.xml
[2012/01/14 12:49:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
() (No name found) -- C:\USERS\ERENDIRA JIMENEZ\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DB8LRQX1.DEFAULT\EXTENSIONS\[email protected]
[2012/01/14 12:49:33 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/10/06 19:18:35 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2011/05/04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/10/06 19:18:37 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2011/12/26 23:10:21 | 000,003,747 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/01/14 12:49:30 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/01/14 12:49:30 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========


O1 HOSTS File: ([2011/08/10 12:40:04 | 000,435,610 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 15019 more lines...
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - No CLSID value found.
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers Client\YontooIEClient.dll (Yontoo LLC)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BDAgent] C:\Program Files\Defender Pro\Defender Pro\bdagent.exe (Defender Pro)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil11c_Plugin.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\Erendira Jimenez\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} http://download.micr...helpcontrol.cab (Microsoft Genuine Advantage Self Support Tool)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail....NPUplden-us.cab (MSN Photo Upload Tool)
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} http://cdnimg.piczo....st_uploader.cab (Image Uploader Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx2.hotmail....NPUplden-us.cab (Windows Live Hotmail Photo Upload Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2417E80F-3348-4F93-8BFF-9691FF0E00A4}: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop BackupWallPaper: C:\Users\Erendira Jimenez\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 15:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2011/08/11 12:22:22 | 000,000,036 | R--- | M] () - E:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{035ae00c-7d6a-11dc-8cfa-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{035ae00c-7d6a-11dc-8cfa-806e6f6e6963}\Shell\AutoRun\command - "" = E:\DefenderPro15in1.exe -- [2011/08/03 08:57:44 | 000,803,840 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 30 Days ==========

[2012/01/20 18:25:37 | 000,000,000 | ---D | C] -- C:\Users\Erendira Jimenez\Documents\F
[2012/01/19 21:13:04 | 000,000,000 | ---D | C] -- C:\Users\Erendira Jimenez\Documents\images
[2012/01/18 18:15:33 | 000,000,000 | ---D | C] -- C:\Users\Erendira Jimenez\AppData\Local\CrashDumps
[2012/01/18 17:52:16 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Erendira Jimenez\Documents\OTL.scr
[2012/01/16 17:34:32 | 000,000,000 | ---D | C] -- C:\Users\Erendira Jimenez\Documents\bootloader
[2012/01/15 19:21:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Windows Genuine Advantage
[2012/01/13 19:01:14 | 000,000,000 | ---D | C] -- C:\Users\Erendira Jimenez\Documents\Shimeji Halloween
[2012/01/13 16:53:35 | 000,000,000 | ---D | C] -- C:\Program Files\Magical Jelly Bean
[2012/01/13 16:53:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeyFinder
[2012/01/13 16:52:41 | 001,174,617 | ---- | C] (Magical Jelly Bean ) -- C:\Users\Erendira Jimenez\Documents\KeyFinderInstaller.exe
[2012/01/04 18:31:39 | 000,000,000 | ---D | C] -- C:\Users\Erendira Jimenez\AppData\Local\Proxure
[2012/01/04 18:30:36 | 000,000,000 | ---D | C] -- C:\ProgramData\ClubSanDisk
[2012/01/03 14:59:39 | 000,038,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\WdfLdr.sys
[2012/01/03 14:52:43 | 000,933,888 | ---- | C] (BitDefender S.R.L.) -- C:\bdsubwiz.exe
[2012/01/03 14:52:43 | 000,933,888 | ---- | C] (BitDefender S.R.L.) -- C:\bdGUICtl.dll
[2012/01/03 14:52:43 | 000,593,920 | ---- | C] (BitDefender S.R.L. http://www.bitdefender.com) -- C:\WSLib.dll
[2012/01/03 14:52:43 | 000,415,024 | ---- | C] (BitDefender SRL) -- C:\livesrv.exe
[2012/01/03 14:52:43 | 000,139,264 | ---- | C] (BitDefender SRL) -- C:\upgrepl.exe
[2012/01/03 14:52:43 | 000,094,208 | ---- | C] (BitDefender S.R.L. http://www.bitdefender.com) -- C:\WSPack.dll
[2012/01/03 14:52:43 | 000,086,016 | ---- | C] (BitDefender S.R.L.) -- C:\txmlx.dll
[2012/01/03 14:52:43 | 000,086,016 | ---- | C] (BitDefender S.R.L. http://www.bitdefender.com) -- C:\WSUtils.dll
[2012/01/03 14:52:43 | 000,077,824 | ---- | C] (BitDefender S.R.L.) -- C:\BDUtils.dll
[2012/01/03 14:52:43 | 000,040,960 | ---- | C] (BitDefender LLC) -- C:\npcomm.dll
[2012/01/03 14:52:43 | 000,024,576 | ---- | C] (BitDefender S.R.L.) -- C:\bdch.dll
[2012/01/03 14:52:42 | 000,192,512 | ---- | C] (BitDefender S.R.L.) -- C:\bdsubmit.dll
[2012/01/03 14:52:42 | 000,102,400 | ---- | C] (BitDefender) -- C:\bdcore.dll
[2012/01/03 14:52:42 | 000,092,160 | ---- | C] (SOFTWIN SRL) -- C:\bdc.exe
[2012/01/03 14:52:27 | 000,000,000 | ---D | C] -- C:\Plugins
[2012/01/03 14:52:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\BitDefender
[2012/01/03 14:31:21 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/01/02 15:13:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Office Genuine Advantage
[2012/01/01 19:43:05 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\sun
[2012/01/01 19:30:47 | 000,000,000 | ---D | C] -- C:\Users\Erendira Jimenez\Desktop\OpenOffice.org 3.3 (en-US) Installation Files
[2011/12/30 13:56:21 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\EA Games
[2011/12/30 13:38:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES
[2011/12/30 13:21:57 | 000,000,000 | ---D | C] -- C:\Program Files\EA GAMES
[2011/12/27 14:17:13 | 000,000,000 | ---D | C] -- C:\Users\Erendira Jimenez\AppData\Roaming\BitDefender
[2011/12/27 14:14:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Bitdefender
[2011/12/27 14:12:31 | 000,000,000 | ---D | C] -- C:\Users\Erendira Jimenez\{67261125-7228-4c07-84ae-eaff1bc24e84}
[2011/12/27 14:11:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Defender Pro
[2011/12/27 14:11:18 | 000,000,000 | ---D | C] -- C:\Users\Erendira Jimenez\AppData\Roaming\Defender Pro
[2011/12/27 14:10:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Defender Pro
[2011/12/27 14:09:34 | 000,000,000 | ---D | C] -- C:\Users\Erendira Jimenez\AppData\Roaming\QuickScan
[2011/12/27 14:08:14 | 000,311,248 | ---- | C] (BitDefender S.R.L.) -- C:\Windows\System32\drivers\trufos.sys
[2011/12/27 14:08:10 | 000,000,000 | ---D | C] -- C:\Program Files\Defender Pro
[2011/12/27 14:08:09 | 000,353,096 | ---- | C] (BitDefender) -- C:\Windows\System32\drivers\bdfsfltr.sys
[2011/12/27 14:07:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Defender Pro
[2011/12/26 22:37:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011/12/26 22:37:35 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/12/26 22:28:06 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2011/12/26 22:27:07 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2011/12/23 14:18:02 | 000,000,000 | ---D | C] -- C:\Users\Erendira Jimenez\Documents\Symantec
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/20 15:57:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/19 21:38:49 | 005,184,104 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/01/19 21:38:49 | 001,693,866 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/01/18 18:17:56 | 219,991,544 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/01/18 17:53:00 | 000,302,592 | ---- | M] () -- C:\vhx17wux.exe
[2012/01/18 17:52:17 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Erendira Jimenez\Documents\OTL.scr
[2012/01/16 22:19:35 | 000,004,164 | ---- | M] () -- C:\Users\Erendira Jimenez\AppData\Roaming\wklnhst.dat
[2012/01/16 17:52:01 | 000,000,414 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{9CE2503E-15EB-4F2D-AE89-2D349FCBCB7A}.job
[2012/01/16 17:51:59 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/16 17:51:59 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/16 17:35:53 | 000,000,680 | ---- | M] () -- C:\Users\Erendira Jimenez\AppData\Local\d3d9caps.dat
[2012/01/16 17:34:13 | 000,132,466 | ---- | M] () -- C:\Users\Erendira Jimenez\Documents\bootloader.zip
[2012/01/16 16:23:08 | 000,005,300 | ---- | M] () -- C:\history.xml
[2012/01/16 16:22:28 | 000,001,456 | ---- | M] () -- C:\v_live_s.xml
[2012/01/15 19:30:35 | 001,439,447 | ---- | M] () -- C:\Users\Erendira Jimenez\Documents\Windows6.1-KB971033-x86.MSU
[2012/01/15 18:35:49 | 000,003,120 | ---- | M] () -- C:\Windows\System32\FEHXUQ9Q.ocx
[2012/01/13 19:00:55 | 006,308,636 | ---- | M] () -- C:\Users\Erendira Jimenez\Documents\Shimeji Halloween.rar
[2012/01/13 16:52:57 | 001,174,617 | ---- | M] (Magical Jelly Bean ) -- C:\Users\Erendira Jimenez\Documents\KeyFinderInstaller.exe
[2012/01/04 18:32:25 | 000,000,288 | ---- | M] () -- C:\Users\Erendira Jimenez\AppData\Roaming\.backup.dm
[2012/01/03 20:08:37 | 000,011,196 | -HS- | M] () -- C:\ProgramData\r05y6ic803q5dt00144apah48uul122qh4v8
[2012/01/03 15:01:08 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_avchv_01009.Wdf
[2012/01/03 15:01:07 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2012/01/03 15:00:32 | 000,003,120 | ---- | M] () -- C:\Windows\FDK47J7J.ocx
[2012/01/03 14:58:47 | 000,000,385 | ---- | M] () -- C:\Windows\System32\user_gensett.xml
[2012/01/03 14:53:59 | 000,000,584 | ---- | M] () -- C:\bdc.ini
[2012/01/03 14:35:18 | 000,150,317 | ---- | M] () -- C:\ProgramData\1325622406.bdinstall.bin
[2012/01/03 14:34:15 | 000,000,268 | -H-- | M] () -- C:\bdr-conf
[2012/01/03 14:31:55 | 000,001,984 | ---- | M] () -- C:\Users\Public\Desktop\Defender Pro 15-in-1.lnk
[2011/12/31 23:22:18 | 000,023,706 | ---- | M] () -- C:\Users\Erendira Jimenez\Documents\100 books to read before you die.odt
[2011/12/29 12:42:16 | 000,010,272 | ---- | M] () -- C:\Users\Erendira Jimenez\Documents\Anu.odt
[2011/12/27 14:15:44 | 000,152,909 | ---- | M] () -- C:\ProgramData\1325016466.bdinstall.bin
[2011/12/26 22:37:39 | 000,001,802 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/12/26 21:56:00 | 000,000,448 | ---- | M] () -- C:\ProgramData\gxdqgnX3qzcjYy
[2011/12/26 21:53:03 | 000,000,312 | ---- | M] () -- C:\ProgramData\~gxdqgnX3qzcjYy
[2011/12/26 21:53:02 | 000,000,224 | ---- | M] () -- C:\ProgramData\~gxdqgnX3qzcjYyr
[2011/12/24 03:40:48 | 000,004,918 | ---- | M] () -- C:\Users\Erendira Jimenez\Documents\index.html
[2011/12/23 13:41:18 | 000,001,940 | ---- | M] () -- C:\Users\Erendira Jimenez\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/19 21:13:04 | 000,004,918 | ---- | C] () -- C:\Users\Erendira Jimenez\Documents\index.html
[2012/01/18 18:17:28 | 219,991,544 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/01/18 17:53:00 | 000,302,592 | ---- | C] () -- C:\vhx17wux.exe
[2012/01/16 17:34:11 | 000,132,466 | ---- | C] () -- C:\Users\Erendira Jimenez\Documents\bootloader.zip
[2012/01/15 19:30:20 | 001,439,447 | ---- | C] () -- C:\Users\Erendira Jimenez\Documents\Windows6.1-KB971033-x86.MSU
[2012/01/15 18:35:49 | 000,003,120 | ---- | C] () -- C:\Windows\System32\FEHXUQ9Q.ocx
[2012/01/13 18:59:29 | 006,308,636 | ---- | C] () -- C:\Users\Erendira Jimenez\Documents\Shimeji Halloween.rar
[2012/01/12 21:24:16 | 000,000,414 | -H-- | C] () -- C:\Windows\tasks\User_Feed_Synchronization-{9CE2503E-15EB-4F2D-AE89-2D349FCBCB7A}.job
[2012/01/04 18:32:25 | 000,000,288 | ---- | C] () -- C:\Users\Erendira Jimenez\AppData\Roaming\.backup.dm
[2012/01/04 08:45:32 | 000,000,680 | ---- | C] () -- C:\Users\Erendira Jimenez\AppData\Local\d3d9caps.dat
[2012/01/03 15:04:46 | 000,005,300 | ---- | C] () -- C:\history.xml
[2012/01/03 15:01:08 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_avchv_01009.Wdf
[2012/01/03 15:01:07 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2012/01/03 15:00:32 | 000,003,120 | ---- | C] () -- C:\Windows\FDK47J7J.ocx
[2012/01/03 14:59:50 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Inbox_Critical.Wdf
[2012/01/03 14:58:47 | 000,000,385 | ---- | C] () -- C:\Windows\System32\user_gensett.xml
[2012/01/03 14:52:43 | 000,192,512 | ---- | C] () -- C:\txmlutil.dll
[2012/01/03 14:52:43 | 000,081,920 | ---- | C] () -- C:\bdss.exe
[2012/01/03 14:52:43 | 000,001,456 | ---- | C] () -- C:\v_live_s.xml
[2012/01/03 14:52:43 | 000,001,009 | ---- | C] () -- C:\bdch.ini
[2012/01/03 14:52:43 | 000,000,584 | ---- | C] () -- C:\versions.dat.4FB1D4991544C820812670B4D2A6ED09
[2012/01/03 14:52:43 | 000,000,495 | ---- | C] () -- C:\versions.id.4FB1D4991544C820812670B4D2A6ED09
[2012/01/03 14:52:42 | 000,142,848 | ---- | C] () -- C:\libfn.dll
[2012/01/03 14:52:42 | 000,135,680 | ---- | C] () -- C:\OnlineGames.exe
[2012/01/03 14:52:42 | 000,077,824 | ---- | C] () -- C:\bdupd.dll
[2012/01/03 14:52:42 | 000,053,248 | ---- | C] () -- C:\avxdisk.dll
[2012/01/03 14:52:42 | 000,027,136 | ---- | C] () -- C:\avxt.dll
[2012/01/03 14:52:42 | 000,010,240 | ---- | C] () -- C:\avxs.dll
[2012/01/03 14:52:42 | 000,001,507 | ---- | C] () -- C:\bdsubmit.ini
[2012/01/03 14:52:42 | 000,000,636 | ---- | C] () -- C:\bdc.ini.bak
[2012/01/03 14:52:42 | 000,000,584 | ---- | C] () -- C:\bdc.ini
[2012/01/03 14:52:42 | 000,000,298 | ---- | C] () -- C:\plugins.htm
[2012/01/03 14:35:18 | 000,150,317 | ---- | C] () -- C:\ProgramData\1325622406.bdinstall.bin
[2012/01/03 14:34:14 | 002,294,848 | -H-- | C] () -- C:\bdrescue.vm
[2011/12/29 12:42:13 | 000,010,272 | ---- | C] () -- C:\Users\Erendira Jimenez\Documents\Anu.odt
[2011/12/27 14:15:44 | 000,152,909 | ---- | C] () -- C:\ProgramData\1325016466.bdinstall.bin
[2011/12/27 14:14:59 | 027,319,487 | -H-- | C] () -- C:\bdrescue.gz
[2011/12/27 14:14:59 | 000,217,769 | -H-- | C] () -- C:\bdrescue
[2011/12/27 14:14:59 | 000,009,216 | -H-- | C] () -- C:\bdrescue.mbr
[2011/12/27 14:14:59 | 000,000,268 | -H-- | C] () -- C:\bdr-conf
[2011/12/27 14:11:22 | 000,001,984 | ---- | C] () -- C:\Users\Public\Desktop\Defender Pro 15-in-1.lnk
[2011/12/26 22:37:38 | 000,001,802 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/12/26 21:53:02 | 000,000,312 | ---- | C] () -- C:\ProgramData\~gxdqgnX3qzcjYy
[2011/12/26 21:53:02 | 000,000,224 | ---- | C] () -- C:\ProgramData\~gxdqgnX3qzcjYyr
[2011/12/26 21:52:53 | 000,000,448 | ---- | C] () -- C:\ProgramData\gxdqgnX3qzcjYy
[2011/12/26 21:37:19 | 000,011,196 | -HS- | C] () -- C:\ProgramData\r05y6ic803q5dt00144apah48uul122qh4v8
[2011/08/13 08:28:29 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011/08/13 08:28:29 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2011/08/12 16:42:10 | 000,075,264 | ---- | C] () -- C:\Windows\System32\drivers\dfsc.sys
[2011/06/17 19:54:16 | 000,021,824 | ---- | C] () -- C:\Windows\System32\bdsandboxuh.dll
[2011/05/18 15:52:39 | 000,001,940 | ---- | C] () -- C:\Users\Erendira Jimenez\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/04/18 20:59:18 | 000,066,560 | ---- | C] () -- C:\Windows\System32\drivers\smb.sys
[2010/09/23 05:23:49 | 000,000,552 | ---- | C] () -- C:\Users\Erendira Jimenez\AppData\Local\d3d8caps.dat
[2010/06/10 08:24:55 | 000,000,184 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.DLL
[2007/11/17 19:22:20 | 000,031,007 | ---- | C] () -- C:\Users\Erendira Jimenez\AppData\Roaming\UserTile.png
[2007/11/10 23:02:57 | 000,004,164 | ---- | C] () -- C:\Users\Erendira Jimenez\AppData\Roaming\wklnhst.dat
[2007/11/10 10:04:34 | 000,029,696 | ---- | C] () -- C:\Users\Erendira Jimenez\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/03/19 04:04:58 | 000,003,584 | ---- | C] () -- C:\Windows\System32\namResES.dll
[2007/03/19 04:04:58 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResIT.dll
[2007/03/19 04:04:58 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResFR.dll
[2007/03/19 04:04:58 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResENG.dll
[2007/03/19 04:04:58 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResDE.dll
[2007/03/19 04:04:56 | 000,003,584 | ---- | C] () -- C:\Windows\System32\namResPTB.dll
[2007/03/19 04:04:56 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResZHC.dll
[2007/03/19 04:04:56 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResKO.dll
[2007/03/19 04:04:56 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResJA.dll
[2007/03/19 04:04:54 | 000,022,016 | ---- | C] () -- C:\Windows\System32\nam_page.dll
[2007/03/19 04:04:54 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResZHT.dll
[2006/11/10 07:26:12 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2006/11/02 06:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 06:47:37 | 000,300,592 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 06:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 04:33:01 | 005,184,104 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 04:33:01 | 001,693,866 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 04:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 04:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 04:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 04:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 02:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 02:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 01:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 01:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2006/10/28 23:06:34 | 000,092,160 | ---- | M] (SOFTWIN SRL) -- C:\bdc.exe
[2007/01/19 16:12:56 | 000,081,920 | ---- | M] () -- C:\bdss.exe
[2009/03/17 17:46:22 | 000,933,888 | ---- | M] (BitDefender S.R.L.) -- C:\bdsubwiz.exe
[2009/03/24 13:11:44 | 000,415,024 | ---- | M] (BitDefender SRL) -- C:\livesrv.exe
[2009/01/26 19:08:44 | 000,135,680 | ---- | M] () -- C:\OnlineGames.exe
[2009/03/16 13:27:04 | 000,139,264 | ---- | M] (BitDefender SRL) -- C:\upgrepl.exe
[2012/01/18 17:53:00 | 000,302,592 | ---- | M] () -- C:\vhx17wux.exe


< MD5 for: EXPLORER.EXE >
[2008/10/29 00:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 00:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\explorer.exe
[2008/10/29 00:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/29 21:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2007/11/17 03:07:16 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2007/11/17 03:07:16 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2009/04/11 00:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SoftwareDistribution\Download\bcfed137e95e2bc1b83ef80262a82b16\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/27 20:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006/11/02 03:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008/01/19 01:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\SoftwareDistribution\Download\b2ee164db645e6bc8d77bb51f082e3b3\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
[2008/01/19 01:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: SVCHOST.EXE >
[2006/11/02 03:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=10DA15933D582D2FEDCF705EFE394B09 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6000.16386_none_b38497a50862ad11\svchost.exe
[2008/01/19 01:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\SoftwareDistribution\Download\b2ee164db645e6bc8d77bb51f082e3b3\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
[2008/01/19 01:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008/01/19 01:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/01/19 01:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SoftwareDistribution\Download\b2ee164db645e6bc8d77bb51f082e3b3\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2008/01/19 01:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/19 01:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006/11/02 03:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/04/11 00:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SoftwareDistribution\Download\bcfed137e95e2bc1b83ef80262a82b16\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006/11/02 03:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008/01/19 01:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\SoftwareDistribution\Download\b2ee164db645e6bc8d77bb51f082e3b3\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
[2008/01/19 01:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\System32\winlogon.exe
[2008/01/19 01:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/01/14 12:49:30 | 000,715,216 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/01/14 12:49:30 | 000,715,216 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/01/14 12:49:30 | 000,715,216 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/01/14 12:49:32 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/01/14 12:49:32 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/01/14 12:49:32 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/05/27 22:32:51 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/05/27 22:32:51 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/05/27 22:32:51 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/05/28 00:09:21 | 000,638,232 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Users\Jazmin\AppData\Local\imx.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe"

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/01/14 12:49:30 | 000,715,216 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/01/14 12:49:30 | 000,715,216 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/01/14 12:49:30 | 000,715,216 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/01/14 12:49:32 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/01/14 12:49:32 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/01/14 12:49:32 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/05/27 22:32:51 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/05/27 22:32:51 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/05/27 22:32:51 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/05/28 00:09:21 | 000,638,232 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Users\Jazmin\AppData\Local\imx.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe"

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\$NtUninstallKB26185$] -> Error: Cannot create file handle -> Unknown point type

========== Alternate Data Streams ==========

@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:A31FAD21

< End of report >

[Millielin]

OTL Extras logfile created on: 1/18/2012 5:55:20 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Erendira Jimenez\Documents
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.94 Gb Total Physical Memory | 1.30 Gb Available Physical Memory | 67.09% Memory free
4.10 Gb Paging File | 3.65 Gb Available in Paging File | 88.99% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 455.72 Gb Total Space | 341.82 Gb Free Space | 75.01% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 3.80 Gb Free Space | 37.97% Space Free | Partition Type: NTFS
Drive E: | 496.34 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: MEDUSA | User Name: Erendira Jimenez | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"FirstRunDisabled" = 0
"UacDisableNotify" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{23C3E052-E0BC-4EFD-8C7C-5F024BFCE2FF}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{4F66C0C2-F6C9-4A38-8B25-59BBF68FA17D}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe |
"{5073B1D6-668A-4846-941C-FD5464C31A92}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe |
"{60E91863-8410-48F7-91E1-B0F0DD788A17}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 2050 j510 series\bin\usbsetup.exe |
"{7247D11F-857B-4B96-A641-F4ED35C76F81}" = protocol=17 | dir=in | app=c:\program files\defender pro\defender pro\dpreg.exe |
"{72E9F7BE-744E-481E-830E-C3DF939CCE5F}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{7733B9AD-035A-4C7C-9539-FC8CAC128268}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe |
"{86F28897-4FE5-4585-98D2-7E2AED6B4C64}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 2050 j510 series\bin\usbsetup.exe |
"{876C4A0B-AA31-46F2-BFCC-2681C148BEC9}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{90EA7970-E53F-4C64-BC1F-E4C53C6E90AE}" = protocol=6 | dir=in | app=c:\program files\defender pro\defender pro\dpreg.exe |
"{A9CBF098-0183-4CF9-83A5-6B564B916135}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe |
"{C9F8BDA5-9D27-48F8-AB0B-49F4E12FE7D5}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"{CFE0C51D-1AFB-4FFD-BF74-4B41FA12912B}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{D17D9A7B-883B-457F-8C94-41AEEB761DF3}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{E0517A43-4730-42DC-94B4-CD2748ACD374}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{E6754F39-F666-4B53-B026-8DC381CB2D86}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{E83F69BB-ED7F-47D4-A357-245F0E038803}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"{F1A82B90-D161-4FFF-804E-2CB8C1472F1D}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"TCP Query User{209ABBFB-DF51-4FEA-A964-424C4AB291D5}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"UDP Query User{0A66A05C-8432-4201-9DDE-FFCFCD3A9D1B}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{13BA7B44-B712-4DEE-A7B8-1DD564F37AE5}" = Dell System Customization Wizard
"{1D868954-1083-4BBA-8379-C7A9B2705CBA}_is1" = FanFictionDownloader version 0.4.0
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java™ 6 Update 26
"{29498512-A137-4478-8691-922829F108DC}" = HP Deskjet 2050 J510 series Product Improvement Study
"{29ED20C9-5E15-4969-9279-25BF3727A3DA}" = iTunes
"{2AB9289D-6432-4CC0-8869-A195C3F0CFCC}" = Defender Pro 15-in-1
"{2BC74395-9275-427B-8A5B-05C14DE7A1C2}" = calibre
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java™ SE Runtime Environment 6
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E25E350-949F-4DB7-8288-2A60E018B4C1}" = Games, Music, & Photos Launcher
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5A13987D-55F4-4271-A40E-76AC9B1B38FD}" = OpenOffice.org 3.2
"{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}" = User's Guides
"{5E68BB65-4059-4FE5-AAC4-0CD1D79BBDE2}" = EarthLink Setup Files
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7A3DF2E2-CF13-44FB-A93E-F71D5381DB3F}" = HP Deskjet 2050 J510 series Help
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{89CEAE14-DD0F-448E-9554-15781EC9DB24}" = Product Documentation Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 4.1.2
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A00B9A50-3090-4CFF-9CDA-82DA0BEDAA21}" = Apple Mobile Device Support
"{A654A805-41D9-40C7-AA46-4AF04F044D61}" = Adobe® Photoshop® Album Starter Edition 3.2
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X (10.0.1)
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B8C54AB1-7E1A-40E8-B794-EDB6E8921F3A}" = Dell Support Center
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CCFF1E13-77A2-4032-8B12-7566982A27DF}" = Internet Service Offers Launcher
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E654D1E3-B18B-4953-BFBC-F16227323E05}" = HP Deskjet 2050 J510 series Basic Device Software
"{EFAD4066-CAF3-4B27-9669-12EED352C376}" = NVIDIANetworkDiagnostic
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem Diagnostic Tool
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe® Photoshop® Album Starter Edition 3.2" = Adobe® Photoshop® Album Starter Edition 3.2
"ATT-HSI" = ATT-HSI
"CCleaner" = CCleaner
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 PCI V.92 Modem
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows
"Defender Pro" = Defender Pro 15-in-1
"GoldWave v5.58" = GoldWave v5.58
"HP Photo Creations" = HP Photo Creations
"InstallShield_{EFAD4066-CAF3-4B27-9669-12EED352C376}" = NVIDIANetworkDiagnostic
"KeyFinder_is1" = Magical Jelly Bean KeyFinder
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 9.0.1 (x86 en-US)" = Mozilla Firefox 9.0.1 (x86 en-US)
"NVIDIA Drivers" = NVIDIA Drivers
"uTorrent" = µTorrent
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
"YTdetect" = Yahoo! Detect

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

[Millielin]

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-01-20 19:26:12
Windows 6.0.6001 Service Pack 1 Harddisk0\DR0 -> \Device\00000055 ST350063 rev.3.AD
Running: vhx17wux.exe; Driver: C:\Users\ERENDI~1\AppData\Local\Temp\fwldypog.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \Driver\00005956 \GLOBAL??\404c2605 86B07880

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0x2E 0xE8 0xE1 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x71 0x3B 0x04 0x66 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0x25 0xDA 0xEC 0x7E ...
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x86 0x8C 0x21 0x01 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xF5 0x1D 0x4D 0x73 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xB0 0x18 0xED 0xA7 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0xFB 0xA7 0x78 0xE6 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x01 0x3A 0x48 0xFC ...
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0xB2 0x46 0x9A 0xE2 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0xB1 0xCD 0x45 0x5A ...
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0xE3 0x0E 0x66 0xD5 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0x6C 0x43 0x2D 0x1E ...

---- Files - GMER 1.0.15 ----

File C:\Windows\$NtUninstallKB26185$\1078732293 0 bytes
File C:\Windows\$NtUninstallKB26185$\1078732293\L 0 bytes
File C:\Windows\$NtUninstallKB26185$\1078732293\U 0 bytes
File C:\Windows\$NtUninstallKB26185$\3221870710 0 bytes

---- EOF - GMER 1.0.15 ----

[maliprog]

Hi Millielin,

You have very nasty infection. We have work to do...

Step 1

Download and Install Combofix

Download ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop *

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

• Double click on ComboFix.exe & follow the prompts.
• Accept the disclaimer and allow to update if it asks
  
  
  
  
• When finished, it shall produce a log for you.
• Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

Step 2


Please read carefully and follow these steps.

Download TDSSKiller.zip from Kaspersky and save it to your Desktop.

• Extract the zip file to its own folder.
• Double click TDSSKiller.exe to run the program (Run as Administrator for Vista/Windows 7).
• Click Start scan to start scanning.
• If infection is detected, the default setting for "action" should be Cure
  
  • (If suspicious file is detected please click on it and change it to Skip).
• Click Continue button
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
• If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.

Step 3


Download aswMBR.exe ( 511KB ) to your desktop.

• Double click the aswMBR.exe to run it
• Click the "Scan" button to start scan
• On completion of the scan click save log, save it to your desktop and post aswMBR.txt in your next reply
• Also, ZIP MBR.dat it creates and attach it to your next reply

Step 4


Please don't forget to include these items in your reply:

• Combofix log
• TDSSKiller log
• aswMBR log

It would be helpful if you could post each log in separate post

[Millielin]

Thank you though I'm having some issue disabling Defender Pro 15 in 1. I checked the list and it wasn't on there so I'm not quite sure how. I tried doing what you stated above but it didn't work and it won't let me open it.

[maliprog]

Please delete your version of Combofix (Right mouse click on it then choose Delete)

Download Combofix from the link below but rename it to svchost.exe before saving it to your desktop. To do this you must right click on link and choose Save as... . Now enter svchost.exe for the name and save it to your desktop.


Combofix

==================================


Double click on the renamed ComboFix.exe & follow the prompts.

• When finished, it will produce a report for you.
• Please post the C:\ComboFix.txt so we can continue cleaning the system.

If you fail to run it please try to download it again but this time save it as explorer.scr and try to run it again.

[Millielin]

ComboFix Log

ComboFix 12-01-21.02 - Erendira Jimenez 01/22/2012 12:02:20.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1982.835 [GMT -6:00]
Running from: c:\users\Erendira Jimenez\Desktop\ComboFix.exe
AV: Defender Pro Antivirus *Enabled/Updated* {50909708-FF80-02AF-F814-B28405891E92}
FW: Defender Pro Firewall *Disabled* {68AB162D-B5EF-03F7-D34B-1BB1FB5A59E9}
SP: Defender Pro Antispyware *Enabled/Updated* {EBF176EC-D9BA-0D21-C2A4-89F67E0E542F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Search Toolbar
c:\program files\Search Toolbar\icon.ico
c:\program files\Search Toolbar\SearchToolbarUninstall.exe
c:\program files\Search Toolbar\SearchToolbarUpdater.exe
c:\programdata\~gxdqgnX3qzcjYy
c:\programdata\~gxdqgnX3qzcjYyr
c:\programdata\gxdqgnX3qzcjYy
c:\programdata\Tarma Installer
c:\users\Jazmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Fix
c:\windows\$NtUninstallKB26185$
c:\windows\$NtUninstallKB26185$\3221870710
c:\windows\system32\spsys.log
.
.
((((((((((((((((((((((((( Files Created from 2011-12-22 to 2012-01-22 )))))))))))))))))))))))))))))))
.
.
2012-01-22 18:20 . 2012-01-22 18:20 -------- d-----w- c:\users\Jazmin\AppData\Local\temp
2012-01-22 18:20 . 2012-01-22 18:20 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-22 18:20 . 2012-01-22 18:27 -------- d-----w- c:\users\Erendira Jimenez\AppData\Local\temp
2012-01-22 18:20 . 2012-01-22 18:20 -------- d-----w- c:\users\Luisa\AppData\Local\temp
2012-01-22 18:20 . 2012-01-22 18:20 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-01-22 18:20 . 2012-01-22 18:20 -------- d-----w- c:\users\Francisco\AppData\Local\temp
2012-01-22 18:20 . 2012-01-22 18:20 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-01-19 00:15 . 2012-01-19 00:15 -------- d-----w- c:\users\Erendira Jimenez\AppData\Local\CrashDumps
2012-01-18 23:53 . 2012-01-18 23:53 302592 ----a-w- C:\vhx17wux.exe
2012-01-14 18:49 . 2012-01-14 18:49 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll
2012-01-14 18:49 . 2012-01-14 18:49 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll
2012-01-14 18:49 . 2012-01-14 18:49 43992 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll
2012-01-14 18:49 . 2012-01-14 18:49 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll
2012-01-13 22:53 . 2012-01-13 22:53 -------- d-----w- c:\program files\Magical Jelly Bean
2012-01-05 00:31 . 2012-01-05 00:31 -------- d-----w- c:\users\Erendira Jimenez\AppData\Local\Proxure
2012-01-05 00:30 . 2012-01-05 00:30 -------- d-----w- c:\programdata\ClubSanDisk
2012-01-03 20:59 . 2009-07-14 17:45 38480 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-01-03 20:59 . 2009-07-14 17:45 445008 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-01-03 20:35 . 2012-01-03 20:35 150317 ----a-w- c:\programdata\1325622406.bdinstall.bin
2012-01-02 21:17 . 2012-01-02 21:17 -------- d-----w- c:\users\Luisa\AppData\Roaming\Defender Pro
2012-01-02 21:13 . 2012-01-02 21:13 -------- d-----w- c:\programdata\Office Genuine Advantage
2011-12-30 19:21 . 2011-12-30 20:47 -------- d-----w- c:\program files\EA GAMES
2011-12-27 20:59 . 2011-12-27 20:59 -------- d-----w- c:\users\Jazmin\AppData\Roaming\SUPERAntiSpyware.com
2011-12-27 20:41 . 2011-12-27 20:41 -------- d-----w- c:\users\Jazmin\AppData\Roaming\BitDefender
2011-12-27 20:40 . 2011-12-27 20:40 -------- d-----w- c:\users\Jazmin\AppData\Roaming\Defender Pro
2011-12-27 20:17 . 2011-12-27 20:17 -------- d-----w- c:\users\Erendira Jimenez\AppData\Roaming\BitDefender
2011-12-27 20:15 . 2011-12-27 20:15 152909 ----a-w- c:\programdata\1325016466.bdinstall.bin
2011-12-27 20:14 . 2011-12-27 20:14 -------- d-----w- c:\programdata\Bitdefender
2011-12-27 20:12 . 2012-01-03 20:18 -------- d-----w- c:\users\Erendira Jimenez\{67261125-7228-4c07-84ae-eaff1bc24e84}
2011-12-27 20:11 . 2011-12-27 20:11 -------- d-----w- c:\users\Erendira Jimenez\AppData\Roaming\Defender Pro
2011-12-27 20:10 . 2011-12-27 20:10 -------- d-----w- c:\programdata\Defender Pro
2011-12-27 20:09 . 2011-12-27 20:09 -------- d-----w- c:\users\Erendira Jimenez\AppData\Roaming\QuickScan
2011-12-27 20:08 . 2011-07-23 02:20 311248 ------w- c:\windows\system32\drivers\trufos.sys
2011-12-27 20:08 . 2011-12-27 20:11 -------- d-----w- c:\program files\Defender Pro
2011-12-27 20:08 . 2011-03-24 21:36 353096 ----a-w- c:\windows\system32\drivers\bdfsfltr.sys
2011-12-27 20:07 . 2011-12-27 20:08 -------- d-----w- c:\program files\Common Files\Defender Pro
2011-12-27 04:37 . 2012-01-03 20:20 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-12-27 04:28 . 2011-12-27 04:28 -------- d--h--w- c:\programdata\Common Files
2011-12-27 04:27 . 2011-12-27 19:57 -------- d-----w- c:\programdata\MFAData
2011-12-27 03:37 . 2012-01-08 20:40 -------- d--h--w- c:\users\Jazmin\AppData\Local\MicrosoftNT
2011-12-25 16:46 . 2011-12-26 16:08 -------- d--h--w- c:\users\Jazmin\AppData\Local\CrashDumps
2011-12-23 20:07 . 2011-07-06 18:44 27888 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-15 22:33 . 2011-12-15 22:33 677136 ---ha-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-11-08 00:49 . 2011-08-11 16:15 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-14 18:49 . 2011-04-05 22:39 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
2011-07-15 04:46 195360 ----a-w- c:\program files\Yontoo Layers Client\YontooIEClient.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox1]
@="{152C96EB-288E-4EDC-B7C6-D21F8250ADF3}"
[HKEY_CLASSES_ROOT\CLSID\{152C96EB-288E-4EDC-B7C6-D21F8250ADF3}]
2011-07-22 23:24 234480 ----a-w- c:\program files\Defender Pro\Defender Pro Safebox\safeboxshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox2]
@="{342DAA0B-D796-460D-8566-901E08A1CCAD}"
[HKEY_CLASSES_ROOT\CLSID\{342DAA0B-D796-460D-8566-901E08A1CCAD}]
2011-07-22 23:24 234480 ----a-w- c:\program files\Defender Pro\Defender Pro Safebox\safeboxshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox3]
@="{57595DAE-1AE1-4D97-A49E-67CBB53B52DF}"
[HKEY_CLASSES_ROOT\CLSID\{57595DAE-1AE1-4D97-A49E-67CBB53B52DF}]
2011-07-22 23:24 234480 ----a-w- c:\program files\Defender Pro\Defender Pro Safebox\safeboxshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox4]
@="{33816773-98AE-4723-ADE0-EBE54C8B5A67}"
[HKEY_CLASSES_ROOT\CLSID\{33816773-98AE-4723-ADE0-EBE54C8B5A67}]
2011-07-22 23:24 234480 ----a-w- c:\program files\Defender Pro\Defender Pro Safebox\safeboxshell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2010-06-01 5252408]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-10-17 4615552]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-15 4390912]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-09 421736]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
"BDAgent"="c:\program files\Defender Pro\Defender Pro\bdagent.exe" [2011-08-02 1053336]
.
c:\users\Luisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
.
c:\users\Erendira Jimenez\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Jazmin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\users\Jazmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Jazmin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]
path=c:\users\Jazmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
backup=c:\windows\pss\OpenOffice.org 3.2.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
2007-07-30 19:40 16384 ---ha-w- c:\dell\dsca.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter]
2007-05-25 06:03 17920 ---ha-w- c:\dell\E-Center\EULALauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
2006-09-26 00:52 50736 ----a-w- c:\program files\Common Files\AOL\1194712511\ee\aolsoftware.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-10-09 23:06 421736 ------w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-07-05 23:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SBC_McciTrayApp]
2007-02-28 19:35 1011200 ---ha-w- c:\program files\SBC\update\SST.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-10 c:\windows\Tasks\0.job
- c:\program files\internet explorer\iexplore.exe [2011-08-12 06:09]
.
2012-01-22 c:\windows\Tasks\User_Feed_Synchronization-{4FFC155B-4C10-41CE-9D96-2859B7360DE1}.job
- c:\windows\system32\msfeedssync.exe [2011-08-12 04:32]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Erendira Jimenez\AppData\Roaming\Mozilla\Firefox\Profiles\db8lrqx1.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-Google Desktop Search - c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-22 12:26
Windows 6.0.6001 Service Pack 1 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\.dfsc]
"ImagePath"="\?"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\.smb]
"ImagePath"="\?"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Defender Pro\Defender Pro\vsserv.exe
c:\windows\system32\nvvsvc.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
C:\livesrv.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\Defender Pro\Defender Pro\updatesrv.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Spybot - Search & Destroy\SDWinSec.exe
c:\program files\Defender Pro\Defender Pro\pchooklaunch32.exe
c:\windows\RtHDVCpl.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\ehome\ehmsas.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Yahoo!\Messenger\ymsgr_tray.exe
.
**************************************************************************
.
Completion time: 2012-01-22 12:35:13 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-22 18:35
.
Pre-Run: 363,566,804,992 bytes free
Post-Run: 363,682,529,280 bytes free
.
- - End Of File - - 69DB2C24766DF50710C95E6F8F183A12

[Millielin]

TDSS Killer Log

12:53:26.0532 4720 TDSS rootkit removing tool 2.7.6.0 Jan 19 2012 13:09:04
12:53:27.0153 4720 ============================================================
12:53:27.0154 4720 Current date / time: 2012/01/22 12:53:27.0153
12:53:27.0154 4720 SystemInfo:
12:53:27.0154 4720
12:53:27.0154 4720 OS Version: 6.0.6001 ServicePack: 1.0
12:53:27.0154 4720 Product type: Workstation
12:53:27.0154 4720 ComputerName: MEDUSA
12:53:27.0154 4720 UserName: Erendira Jimenez
12:53:27.0154 4720 Windows directory: C:\Windows
12:53:27.0154 4720 System windows directory: C:\Windows
12:53:27.0154 4720 Processor architecture: Intel x86
12:53:27.0154 4720 Number of processors: 2
12:53:27.0154 4720 Page size: 0x1000
12:53:27.0154 4720 Boot type: Normal boot
12:53:27.0154 4720 ============================================================
12:53:27.0729 4720 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
12:53:27.0839 4720 Initialize success
12:53:37.0496 4196 ============================================================
12:53:37.0497 4196 Scan started
12:53:37.0497 4196 Mode: Manual;
12:53:37.0497 4196 ============================================================
12:53:37.0926 4196 .dfsc - ok
12:53:38.0014 4196 .smb - ok
12:53:38.0121 4196 ACPI (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys
12:53:38.0124 4196 ACPI - ok
12:53:38.0191 4196 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
12:53:38.0194 4196 adp94xx - ok
12:53:38.0234 4196 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
12:53:38.0237 4196 adpahci - ok
12:53:38.0289 4196 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
12:53:38.0290 4196 adpu160m - ok
12:53:38.0368 4196 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
12:53:38.0369 4196 adpu320 - ok
12:53:38.0432 4196 AFD (48eb99503533c27ac6135648e5474457) C:\Windows\system32\drivers\afd.sys
12:53:38.0435 4196 AFD - ok
12:53:38.0473 4196 agp440 (8b10ce1c1f9f1d47e4deb1a547a00cd4) C:\Windows\system32\drivers\agp440.sys
12:53:38.0474 4196 agp440 - ok
12:53:38.0513 4196 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
12:53:38.0514 4196 aic78xx - ok
12:53:38.0543 4196 aliide (dc67a153fdb8105b25d05334b5e1d8e2) C:\Windows\system32\drivers\aliide.sys
12:53:38.0545 4196 aliide - ok
12:53:38.0559 4196 amdagp (848f27e5b27c1c253f6cefdc1a5d8f21) C:\Windows\system32\drivers\amdagp.sys
12:53:38.0560 4196 amdagp - ok
12:53:38.0591 4196 amdide (835c4c3355088298a5ebd818fa31430f) C:\Windows\system32\drivers\amdide.sys
12:53:38.0592 4196 amdide - ok
12:53:38.0625 4196 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
12:53:38.0626 4196 AmdK7 - ok
12:53:38.0682 4196 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys
12:53:38.0683 4196 AmdK8 - ok
12:53:38.0750 4196 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
12:53:38.0752 4196 arc - ok
12:53:38.0805 4196 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
12:53:38.0806 4196 arcsas - ok
12:53:38.0857 4196 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
12:53:38.0858 4196 AsyncMac - ok
12:53:38.0891 4196 atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys
12:53:38.0892 4196 atapi - ok
12:53:38.0965 4196 avc3 (1496fcd72048309b7320d4894905e1a5) C:\Windows\system32\DRIVERS\avc3.sys
12:53:38.0971 4196 avc3 - ok
12:53:39.0020 4196 avchv (2ecd68f363cacc2b1eae7db5130f2a48) C:\Windows\system32\DRIVERS\avchv.sys
12:53:39.0024 4196 avchv - ok
12:53:39.0062 4196 avckf (364d8ecfdd7ece363a6e7fa14d72a48f) C:\Windows\system32\DRIVERS\avckf.sys
12:53:39.0067 4196 avckf - ok
12:53:39.0142 4196 BdfNdisf (5506176f2b8322db04f802a4403436ad) c:\program files\common files\defender pro\defender pro firewall\bdfndisf6.sys
12:53:39.0144 4196 BdfNdisf - ok
12:53:39.0184 4196 bdfsfltr (c3e025d46368e3d18085eef26ef6f6a1) C:\Windows\system32\DRIVERS\bdfsfltr.sys
12:53:39.0188 4196 bdfsfltr - ok
12:53:39.0201 4196 bdftdif (53bde5c9c7d7fcbbcfbfcca74a33a0a5) C:\Program Files\Common Files\Defender Pro\Defender Pro Firewall\bdftdif.sys
12:53:39.0204 4196 bdftdif - ok
12:53:39.0233 4196 bdsandbox (08e79e1e260e223f3602292cfc73213b) C:\Windows\system32\drivers\bdsandbox.sys
12:53:39.0234 4196 bdsandbox - ok
12:53:39.0268 4196 BDVEDISK (375cd0b9f433465ec6f50d4df44e9448) C:\Windows\system32\DRIVERS\bdvedisk.sys
12:53:39.0270 4196 BDVEDISK - ok
12:53:39.0322 4196 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
12:53:39.0323 4196 Beep - ok
12:53:39.0361 4196 blbdrive - ok
12:53:39.0440 4196 bowser (8153396d5551276227fa146900f734e6) C:\Windows\system32\DRIVERS\bowser.sys
12:53:39.0441 4196 bowser - ok
12:53:39.0853 4196 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
12:53:39.0854 4196 BrFiltLo - ok
12:53:39.0915 4196 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
12:53:39.0916 4196 BrFiltUp - ok
12:53:39.0953 4196 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
12:53:39.0954 4196 Brserid - ok
12:53:40.0005 4196 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
12:53:40.0006 4196 BrSerWdm - ok
12:53:40.0034 4196 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
12:53:40.0035 4196 BrUsbMdm - ok
12:53:40.0058 4196 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
12:53:40.0059 4196 BrUsbSer - ok
12:53:40.0090 4196 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
12:53:40.0091 4196 BTHMODEM - ok
12:53:40.0196 4196 catchme - ok
12:53:40.0250 4196 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
12:53:40.0252 4196 cdfs - ok
12:53:40.0292 4196 cdrom (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys
12:53:40.0294 4196 cdrom - ok
12:53:40.0344 4196 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
12:53:40.0347 4196 circlass - ok
12:53:40.0401 4196 CLFS (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys
12:53:40.0407 4196 CLFS - ok
12:53:40.0472 4196 cmdide (e79cbb2195e965f6e3256e2c1b23fd1c) C:\Windows\system32\drivers\cmdide.sys
12:53:40.0474 4196 cmdide - ok
12:53:40.0502 4196 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
12:53:40.0503 4196 Compbatt - ok
12:53:40.0521 4196 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
12:53:40.0522 4196 crcdisk - ok
12:53:40.0555 4196 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
12:53:40.0556 4196 Crusoe - ok
12:53:40.0596 4196 DfsC - ok
12:53:40.0662 4196 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys
12:53:40.0664 4196 disk - ok
12:53:40.0735 4196 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
12:53:40.0736 4196 drmkaud - ok
12:53:40.0812 4196 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
12:53:40.0812 4196 DSproct - ok
12:53:40.0853 4196 dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\Windows\system32\DRIVERS\dsunidrv.sys
12:53:40.0854 4196 dsunidrv - ok
12:53:40.0907 4196 DXGKrnl (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys
12:53:40.0912 4196 DXGKrnl - ok
12:53:40.0934 4196 dyihcw - ok
12:53:40.0980 4196 e1express (7505290504c8e2d172fa378cc0497bcc) C:\Windows\system32\DRIVERS\e1e6032.sys
12:53:40.0982 4196 e1express - ok
12:53:41.0032 4196 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
12:53:41.0034 4196 E1G60 - ok
12:53:41.0096 4196 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys
12:53:41.0097 4196 Ecache - ok
12:53:41.0157 4196 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
12:53:41.0160 4196 elxstor - ok
12:53:41.0239 4196 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys
12:53:41.0241 4196 exfat - ok
12:53:41.0298 4196 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys
12:53:41.0300 4196 fastfat - ok
12:53:41.0328 4196 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
12:53:41.0329 4196 fdc - ok
12:53:41.0379 4196 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
12:53:41.0380 4196 FileInfo - ok
12:53:41.0412 4196 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
12:53:41.0413 4196 Filetrace - ok
12:53:41.0452 4196 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
12:53:41.0453 4196 flpydisk - ok
12:53:41.0488 4196 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys
12:53:41.0491 4196 FltMgr - ok
12:53:41.0512 4196 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
12:53:41.0513 4196 Fs_Rec - ok
12:53:41.0545 4196 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
12:53:41.0547 4196 gagp30kx - ok
12:53:41.0598 4196 GEARAspiWDM (5ae3a887ece5bbb72cfab273c2fd1cfa) C:\Windows\system32\Drivers\GEARAspiWDM.sys
12:53:41.0599 4196 GEARAspiWDM - ok
12:53:41.0637 4196 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys
12:53:41.0638 4196 HDAudBus - ok
12:53:41.0672 4196 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
12:53:41.0673 4196 HidBth - ok
12:53:41.0710 4196 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
12:53:41.0712 4196 HidIr - ok
12:53:41.0749 4196 HidUsb (854ca287ab7faf949617a788306d967e) C:\Windows\system32\DRIVERS\hidusb.sys
12:53:41.0750 4196 HidUsb - ok
12:53:41.0782 4196 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
12:53:41.0783 4196 HpCISSs - ok
12:53:41.0855 4196 HSF_DPV (53229dcf431d76434816cd29251168a0) C:\Windows\system32\DRIVERS\HSX_DPV.sys
12:53:41.0865 4196 HSF_DPV - ok
12:53:41.0887 4196 HSXHWBS2 (ed98350ecd4a5a9c9f1e641c09872bb2) C:\Windows\system32\DRIVERS\HSXHWBS2.sys
12:53:41.0891 4196 HSXHWBS2 - ok
12:53:41.0932 4196 HTTP (96e241624c71211a79c84f50a8e71cab) C:\Windows\system32\drivers\HTTP.sys
12:53:41.0936 4196 HTTP - ok
12:53:41.0963 4196 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
12:53:41.0965 4196 i2omp - ok
12:53:42.0033 4196 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
12:53:42.0036 4196 i8042prt - ok
12:53:42.0078 4196 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
12:53:42.0084 4196 iaStorV - ok
12:53:42.0145 4196 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
12:53:42.0146 4196 iirsp - ok
12:53:42.0249 4196 IntcAzAudAddService (4a705bf2a6f7972f2f2ad8a0d8079f95) C:\Windows\system32\drivers\RTKVHDA.sys
12:53:42.0265 4196 IntcAzAudAddService - ok
12:53:42.0300 4196 intelide (0084046c084d68e494f8cf36bcf08186) C:\Windows\system32\drivers\intelide.sys
12:53:42.0301 4196 intelide - ok
12:53:42.0337 4196 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys
12:53:42.0338 4196 intelppm - ok
12:53:42.0415 4196 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:53:42.0416 4196 IpFilterDriver - ok
12:53:42.0447 4196 IpInIp - ok
12:53:42.0469 4196 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
12:53:42.0471 4196 IPMIDRV - ok
12:53:42.0500 4196 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
12:53:42.0502 4196 IPNAT - ok
12:53:42.0574 4196 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
12:53:42.0576 4196 IRENUM - ok
12:53:42.0619 4196 isapnp (2f8ece2699e7e2070545e9b0960a8ed2) C:\Windows\system32\drivers\isapnp.sys
12:53:42.0620 4196 isapnp - ok
12:53:42.0665 4196 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys
12:53:42.0667 4196 iScsiPrt - ok
12:53:42.0711 4196 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
12:53:42.0712 4196 iteatapi - ok
12:53:42.0767 4196 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
12:53:42.0768 4196 iteraid - ok
12:53:42.0809 4196 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
12:53:42.0811 4196 kbdclass - ok
12:53:42.0827 4196 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys
12:53:42.0829 4196 kbdhid - ok
12:53:42.0879 4196 KSecDD (7a0cf7908b6824d6a2a1d313e5ae3dca) C:\Windows\system32\Drivers\ksecdd.sys
12:53:42.0884 4196 KSecDD - ok
12:53:42.0958 4196 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
12:53:42.0960 4196 lltdio - ok
12:53:43.0019 4196 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
12:53:43.0020 4196 LSI_FC - ok
12:53:43.0040 4196 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
12:53:43.0041 4196 LSI_SAS - ok
12:53:43.0088 4196 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
12:53:43.0090 4196 LSI_SCSI - ok
12:53:43.0148 4196 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
12:53:43.0150 4196 luafv - ok
12:53:43.0183 4196 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
12:53:43.0184 4196 mdmxsdk - ok
12:53:43.0224 4196 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
12:53:43.0226 4196 megasas - ok
12:53:43.0277 4196 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
12:53:43.0279 4196 Modem - ok
12:53:43.0316 4196 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
12:53:43.0318 4196 monitor - ok
12:53:43.0363 4196 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
12:53:43.0363 4196 mouclass - ok
12:53:43.0385 4196 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
12:53:43.0386 4196 mouhid - ok
12:53:43.0448 4196 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
12:53:43.0450 4196 MountMgr - ok
12:53:43.0495 4196 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
12:53:43.0496 4196 mpio - ok
12:53:43.0544 4196 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
12:53:43.0545 4196 mpsdrv - ok
12:53:43.0572 4196 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
12:53:43.0573 4196 Mraid35x - ok
12:53:43.0637 4196 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
12:53:43.0639 4196 MREMP50 - ok
12:53:43.0644 4196 MREMPR5 - ok
12:53:43.0651 4196 MRENDIS5 - ok
12:53:43.0664 4196 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
12:53:43.0665 4196 MRESP50 - ok
12:53:43.0707 4196 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys
12:53:43.0711 4196 MRxDAV - ok
12:53:43.0735 4196 mrxsmb (5734a0f2be7e495f7d3ed6efd4b9f5a1) C:\Windows\system32\DRIVERS\mrxsmb.sys
12:53:43.0737 4196 mrxsmb - ok
12:53:43.0762 4196 mrxsmb10 (6b5fa5adfacac9dbbe0991f4566d7d55) C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:53:43.0766 4196 mrxsmb10 - ok
12:53:43.0779 4196 mrxsmb20 (5c80d8159181c7abf1b14ba703b01e0b) C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:53:43.0781 4196 mrxsmb20 - ok
12:53:43.0816 4196 msahci (d420bc42a637ac3cc4f411220549c0dc) C:\Windows\system32\drivers\msahci.sys
12:53:43.0817 4196 msahci - ok
12:53:43.0848 4196 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
12:53:43.0849 4196 msdsm - ok
12:53:43.0918 4196 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
12:53:43.0919 4196 Msfs - ok
12:53:43.0956 4196 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
12:53:43.0957 4196 msisadrv - ok
12:53:43.0994 4196 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
12:53:43.0995 4196 MSKSSRV - ok
12:53:44.0022 4196 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
12:53:44.0023 4196 MSPCLOCK - ok
12:53:44.0050 4196 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
12:53:44.0051 4196 MSPQM - ok
12:53:44.0086 4196 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys
12:53:44.0089 4196 MsRPC - ok
12:53:44.0107 4196 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
12:53:44.0109 4196 mssmbios - ok
12:53:44.0142 4196 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
12:53:44.0143 4196 MSTEE - ok
12:53:44.0183 4196 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys
12:53:44.0184 4196 Mup - ok
12:53:44.0260 4196 NativeWifiP (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys
12:53:44.0263 4196 NativeWifiP - ok
12:53:44.0317 4196 NDIS (9bdc71790fa08f0a0b5f10462b1bd0b1) C:\Windows\system32\drivers\ndis.sys
12:53:44.0321 4196 NDIS - ok
12:53:44.0376 4196 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
12:53:44.0377 4196 NdisTapi - ok
12:53:44.0421 4196 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
12:53:44.0422 4196 Ndisuio - ok
12:53:44.0458 4196 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys
12:53:44.0460 4196 NdisWan - ok
12:53:44.0509 4196 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
12:53:44.0510 4196 NDProxy - ok
12:53:44.0529 4196 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
12:53:44.0530 4196 NetBIOS - ok
12:53:44.0561 4196 netbt (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys
12:53:44.0564 4196 netbt - ok
12:53:44.0624 4196 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
12:53:44.0625 4196 nfrd960 - ok
12:53:44.0669 4196 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys
12:53:44.0670 4196 Npfs - ok
12:53:44.0711 4196 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
12:53:44.0712 4196 nsiproxy - ok
12:53:44.0770 4196 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys
12:53:44.0812 4196 Ntfs - ok
12:53:44.0880 4196 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
12:53:44.0881 4196 ntrigdigi - ok
12:53:45.0235 4196 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
12:53:45.0236 4196 Null - ok
12:53:45.0289 4196 NVENETFD (a1108084b0d2fc43dcc401735770e2a3) C:\Windows\system32\DRIVERS\nvmfdx32.sys
12:53:45.0298 4196 NVENETFD - ok
12:53:45.0550 4196 nvlddmkm (e572ebf0a86a76e7cfcaab00648f0f83) C:\Windows\system32\DRIVERS\nvlddmkm.sys
12:53:45.0627 4196 nvlddmkm - ok
12:53:45.0682 4196 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
12:53:45.0683 4196 nvraid - ok
12:53:45.0715 4196 nvstor (4a5fcab82d9bf6af8a023a66802fe9e9) C:\Windows\system32\drivers\nvstor.sys
12:53:45.0717 4196 nvstor - ok
12:53:45.0774 4196 nv_agp (055081fd5076401c1ee1bcab08d81911) C:\Windows\system32\drivers\nv_agp.sys
12:53:45.0775 4196 nv_agp - ok
12:53:45.0786 4196 NwlnkFlt - ok
12:53:45.0800 4196 NwlnkFwd - ok
12:53:45.0846 4196 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
12:53:45.0847 4196 ohci1394 - ok
12:53:45.0877 4196 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
12:53:45.0879 4196 Parport - ok
12:53:45.0915 4196 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys
12:53:45.0916 4196 partmgr - ok
12:53:45.0933 4196 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
12:53:45.0934 4196 Parvdm - ok
12:53:45.0989 4196 pci (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys
12:53:45.0991 4196 pci - ok
12:53:46.0026 4196 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
12:53:46.0027 4196 pciide - ok
12:53:46.0065 4196 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
12:53:46.0067 4196 pcmcia - ok
12:53:46.0118 4196 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
12:53:46.0161 4196 PEAUTH - ok
12:53:46.0228 4196 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
12:53:46.0229 4196 PptpMiniport - ok
12:53:46.0247 4196 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
12:53:46.0249 4196 Processor - ok
12:53:46.0311 4196 PSched (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys
12:53:46.0313 4196 PSched - ok
12:53:46.0376 4196 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
12:53:46.0383 4196 ql2300 - ok
12:53:46.0411 4196 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
12:53:46.0413 4196 ql40xx - ok
12:53:46.0441 4196 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
12:53:46.0442 4196 QWAVEdrv - ok
12:53:46.0562 4196 R300 (e642b131fb74caf4bb8a014f31113142) C:\Windows\system32\DRIVERS\atikmdag.sys
12:53:46.0577 4196 R300 - ok
12:53:46.0626 4196 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
12:53:46.0627 4196 RasAcd - ok
12:53:46.0664 4196 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
12:53:46.0666 4196 Rasl2tp - ok
12:53:46.0708 4196 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys
12:53:46.0711 4196 RasPppoe - ok
12:53:46.0737 4196 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys
12:53:46.0738 4196 RasSstp - ok
12:53:46.0778 4196 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys
12:53:46.0781 4196 rdbss - ok
12:53:46.0821 4196 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
12:53:46.0823 4196 RDPCDD - ok
12:53:46.0869 4196 rdpdr (0245418224cfa77bf4b41c2fe0622258) C:\Windows\system32\drivers\rdpdr.sys
12:53:46.0872 4196 rdpdr - ok
12:53:46.0883 4196 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
12:53:46.0884 4196 RDPENCDD - ok
12:53:46.0927 4196 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys
12:53:46.0930 4196 RDPWD - ok
12:53:47.0001 4196 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
12:53:47.0002 4196 rspndr - ok
12:53:47.0060 4196 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
12:53:47.0061 4196 SASDIFSV - ok
12:53:47.0083 4196 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
12:53:47.0085 4196 SASKUTIL - ok
12:53:47.0124 4196 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
12:53:47.0125 4196 sbp2port - ok
12:53:47.0185 4196 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
12:53:47.0186 4196 secdrv - ok
12:53:47.0222 4196 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
12:53:47.0223 4196 Serenum - ok
12:53:47.0254 4196 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
12:53:47.0255 4196 Serial - ok
12:53:47.0304 4196 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
12:53:47.0306 4196 sermouse - ok
12:53:47.0363 4196 sffdisk (51cf56aa8bcc241f134b420b8f850406) C:\Windows\system32\drivers\sffdisk.sys
12:53:47.0364 4196 sffdisk - ok
12:53:47.0393 4196 sffp_mmc (96ded8b20c734ac41641ce275250e55d) C:\Windows\system32\drivers\sffp_mmc.sys
12:53:47.0394 4196 sffp_mmc - ok
12:53:47.0417 4196 sffp_sd (8b08cab1267b2c377883fc9e56981f90) C:\Windows\system32\drivers\sffp_sd.sys
12:53:47.0419 4196 sffp_sd - ok
12:53:47.0472 4196 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
12:53:47.0474 4196 sfloppy - ok
12:53:47.0525 4196 sisagp (08072b2fb92477fc813271a84b3a8698) C:\Windows\system32\drivers\sisagp.sys
12:53:47.0528 4196 sisagp - ok
12:53:47.0566 4196 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
12:53:47.0569 4196 SiSRaid2 - ok
12:53:47.0620 4196 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
12:53:47.0623 4196 SiSRaid4 - ok
12:53:47.0671 4196 Smb - ok
12:53:47.0751 4196 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
12:53:47.0753 4196 spldr - ok
12:53:47.0804 4196 srv (2252aef839b1093d16761189f45af885) C:\Windows\system32\DRIVERS\srv.sys
12:53:47.0822 4196 srv - ok
12:53:47.0882 4196 srv2 (b7ff59408034119476b00a81bb53d5d1) C:\Windows\system32\DRIVERS\srv2.sys
12:53:47.0887 4196 srv2 - ok
12:53:47.0922 4196 srvnet (2accc9b12af02030f531e6cca6f8b76e) C:\Windows\system32\DRIVERS\srvnet.sys
12:53:47.0925 4196 srvnet - ok
12:53:47.0997 4196 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
12:53:47.0999 4196 swenum - ok
12:53:48.0052 4196 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
12:53:48.0055 4196 Symc8xx - ok
12:53:48.0115 4196 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
12:53:48.0117 4196 Sym_hi - ok
12:53:48.0159 4196 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
12:53:48.0161 4196 Sym_u3 - ok
12:53:48.0284 4196 Tcpip (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\drivers\tcpip.sys
12:53:48.0291 4196 Tcpip - ok
12:53:48.0358 4196 Tcpip6 (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\DRIVERS\tcpip.sys
12:53:48.0365 4196 Tcpip6 - ok
12:53:48.0399 4196 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys
12:53:48.0400 4196 tcpipreg - ok
12:53:48.0446 4196 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
12:53:48.0447 4196 TDPIPE - ok
12:53:48.0499 4196 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
12:53:48.0501 4196 TDTCP - ok
12:53:48.0544 4196 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys
12:53:48.0546 4196 tdx - ok
12:53:48.0602 4196 TermDD (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys
12:53:48.0603 4196 TermDD - ok
12:53:48.0659 4196 trufos (e12ecd623d647d02e21f34356b87e8b0) C:\Windows\system32\DRIVERS\trufos.sys
12:53:48.0663 4196 trufos - ok
12:53:48.0701 4196 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
12:53:48.0702 4196 tssecsrv - ok
12:53:48.0754 4196 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
12:53:48.0755 4196 tunmp - ok
12:53:48.0767 4196 tunnel (6042505ff6fa9ac1ef7684d0e03b6940) C:\Windows\system32\DRIVERS\tunnel.sys
12:53:48.0768 4196 tunnel - ok
12:53:48.0806 4196 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
12:53:48.0807 4196 uagp35 - ok
12:53:48.0847 4196 udfs (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys
12:53:48.0851 4196 udfs - ok
12:53:48.0885 4196 uliagpkx (6d72ef05921abdf59fc45c7ebfe7e8dd) C:\Windows\system32\drivers\uliagpkx.sys
12:53:48.0887 4196 uliagpkx - ok
12:53:48.0922 4196 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
12:53:48.0925 4196 uliahci - ok
12:53:48.0953 4196 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
12:53:48.0955 4196 UlSata - ok
12:53:48.0994 4196 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
12:53:48.0996 4196 ulsata2 - ok
12:53:49.0055 4196 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
12:53:49.0056 4196 umbus - ok
12:53:49.0135 4196 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
12:53:49.0136 4196 USBAAPL - ok
12:53:49.0200 4196 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
12:53:49.0201 4196 usbccgp - ok
12:53:49.0254 4196 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
12:53:49.0255 4196 usbcir - ok
12:53:49.0308 4196 usbehci (cebe90821810e76320155beba722fcf9) C:\Windows\system32\DRIVERS\usbehci.sys
12:53:49.0310 4196 usbehci - ok
12:53:49.0351 4196 usbhub (cc6b28e4ce39951357963119ce47b143) C:\Windows\system32\DRIVERS\usbhub.sys
12:53:49.0355 4196 usbhub - ok
12:53:49.0388 4196 usbohci (7bdb7b0e7d45ac0402d78b90789ef47c) C:\Windows\system32\DRIVERS\usbohci.sys
12:53:49.0390 4196 usbohci - ok
12:53:49.0432 4196 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
12:53:49.0433 4196 usbprint - ok
12:53:49.0496 4196 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
12:53:49.0497 4196 usbscan - ok
12:53:49.0533 4196 USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:53:49.0536 4196 USBSTOR - ok
12:53:49.0574 4196 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys
12:53:49.0577 4196 usbuhci - ok
12:53:49.0636 4196 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
12:53:49.0638 4196 vga - ok
12:53:49.0696 4196 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
12:53:49.0697 4196 VgaSave - ok
12:53:49.0725 4196 viaagp (d5929a28bdff4367a12caf06af901971) C:\Windows\system32\drivers\viaagp.sys
12:53:49.0727 4196 viaagp - ok
12:53:49.0760 4196 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
12:53:49.0762 4196 ViaC7 - ok
12:53:49.0788 4196 viaide (f3b4762eb85a2aff4999401f14c3262b) C:\Windows\system32\drivers\viaide.sys
12:53:49.0789 4196 viaide - ok
12:53:49.0842 4196 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
12:53:49.0844 4196 volmgr - ok
12:53:49.0889 4196 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys
12:53:49.0894 4196 volmgrx - ok
12:53:49.0934 4196 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys
12:53:49.0938 4196 volsnap - ok
12:53:49.0972 4196 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
12:53:49.0974 4196 vsmraid - ok
12:53:50.0021 4196 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
12:53:50.0022 4196 WacomPen - ok
12:53:50.0059 4196 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
12:53:50.0061 4196 Wanarp - ok
12:53:50.0073 4196 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
12:53:50.0074 4196 Wanarpv6 - ok
12:53:50.0120 4196 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\Windows\system32\DRIVERS\wanatw4.sys
12:53:50.0122 4196 wanatw - ok
12:53:50.0156 4196 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
12:53:50.0157 4196 Wd - ok
12:53:50.0204 4196 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
12:53:50.0211 4196 Wdf01000 - ok
12:53:50.0267 4196 winachsf (6d2350bb6e77e800fc4be4e5b7a2e89a) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
12:53:50.0273 4196 winachsf - ok
12:53:50.0326 4196 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
12:53:50.0328 4196 WmiAcpi - ok
12:53:50.0387 4196 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys
12:53:50.0388 4196 WpdUsb - ok
12:53:50.0448 4196 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
12:53:50.0449 4196 ws2ifsl - ok
12:53:50.0536 4196 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
12:53:50.0538 4196 WUDFRd - ok
12:53:50.0578 4196 XAudio (5a7ff9a18ff6d7e0527fe3abf9204ef8) C:\Windows\system32\DRIVERS\xaudio.sys
12:53:50.0580 4196 XAudio - ok
12:53:50.0619 4196 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
12:53:50.0668 4196 \Device\Harddisk0\DR0 - ok
12:53:50.0684 4196 Boot (0x1200) (433f273fcb4a08c35a865cace9388c7f) \Device\Harddisk0\DR0\Partition0
12:53:50.0685 4196 \Device\Harddisk0\DR0\Partition0 - ok
12:53:50.0696 4196 Boot (0x1200) (95822fe03fba4ec437adc324ac9952d3) \Device\Harddisk0\DR0\Partition1
12:53:50.0696 4196 \Device\Harddisk0\DR0\Partition1 - ok
12:53:50.0697 4196 ============================================================
12:53:50.0697 4196 Scan finished
12:53:50.0697 4196 ============================================================
12:53:50.0718 4216 Detected object count: 0
12:53:50.0718 4216 Actual detected object count: 0

[Millielin]

AswMBR Log

aswMBR version 0.9.9.1297 Copyright© 2011 AVAST Software
Run date: 2012-01-22 12:45:45
-----------------------------
12:45:45.681 OS Version: Windows 6.0.6001 Service Pack 1
12:45:45.681 Number of processors: 2 586 0x6B02
12:45:45.683 ComputerName: MEDUSA UserName:
12:45:47.274 Initialize success
12:46:11.496 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000056
12:46:11.501 Disk 0 Vendor: ST350063 3.AD Size: 476940MB BusType: 8
12:46:11.520 Disk 0 MBR read successfully
12:46:11.525 Disk 0 MBR scan
12:46:11.531 Disk 0 Windows VISTA default MBR code
12:46:11.538 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
12:46:11.550 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10240 MB offset 81920
12:46:11.567 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 466659 MB offset 21053440
12:46:11.587 Disk 0 scanning sectors +976771072
12:46:11.659 Disk 0 scanning C:\Windows\system32\drivers
12:46:20.109 Service scanning
12:46:20.692 Service .dfsc \? **LOCKED** 123
12:46:20.703 Service .smb \? **LOCKED** 123
12:46:21.534 Modules scanning
12:46:27.091 Disk 0 trace - called modules:
12:46:27.112 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll storport.sys nvstor.sys
12:46:27.117 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8542d248]
12:46:27.123 3 CLASSPNP.SYS[881a5745] -> nt!IofCallDriver -> [0x843feb68]
12:46:27.129 5 acpi.sys[828156a0] -> nt!IofCallDriver -> \Device\00000056[0x84e2e890]
12:46:27.134 Scan finished successfully
12:48:46.314 Disk 0 MBR has been saved successfully to "C:\Users\Erendira Jimenez\Documents\MBR.dat"
12:48:46.322 The log file has been saved successfully to "C:\Users\Erendira Jimenez\Documents\aswMBR.txt"

Attached Files

•  MBR.zip   564bytes   187 downloads

[maliprog]

How is your system now? Problems? Let's remove leftovers with Kaspersky:

Step 1

Download Virus Removal Tool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

Click the cog in the upper right



Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan


Allow Virus Removal Tool to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threads report from the left and press Save button
Save it to your desktop and attach to your next post


Step 2

• Run OTL.
• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
• When the scan completes, it will open notepad window. OTL.Txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of this file, and post it with your next reply.

Step 3


Please don't forget to include these items in your reply:

• VRT log
• OTL log

It would be helpful if you could post each log in separate post

[Millielin]

My computer is working a lot better thanks to your help. I no longer need safe mode to log in and my computer no longer takes me to the Windows Validation page.

VRT Log

Status: Disinfected (events: 2)
1/23/2012 3:02:43 PM Disinfected Trojan program Exploit.Java.CVE-2011-3544.bp C:\Documents and Settings\Jazmin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19\6100f813-7d564117 High
1/23/2012 3:02:43 PM Disinfected Trojan program Exploit.Java.CVE-2011-3544.bp C:\Documents and Settings\Jazmin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19\6100f813-7d564117/notana.class High
Status: Deleted (events: 2)
1/23/2012 3:03:58 PM Deleted Trojan program Exploit.Java.CVE-2010-4452.a C:\Documents and Settings\Jazmin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\7d358f61-1e8fca34 High
1/23/2012 3:03:59 PM Deleted Trojan program Exploit.Java.CVE-2010-4452.a C:\Documents and Settings\Jazmin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51\43023c73-30ee46f5 High

[Millielin]

OTL Log

OTL logfile created on: 1/24/2012 4:32:45 PM - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = c:\users\Erendira Jimenez\Documents
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.94 Gb Total Physical Memory | 0.99 Gb Available Physical Memory | 51.21% Memory free
4.11 Gb Paging File | 2.94 Gb Available in Paging File | 71.60% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 455.72 Gb Total Space | 336.67 Gb Free Space | 73.88% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 3.80 Gb Free Space | 37.97% Space Free | Partition Type: NTFS
Drive E: | 496.34 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: MEDUSA | User Name: Erendira Jimenez | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/18 17:52:17 | 000,584,192 | ---- | M] (OldTimer Tools) -- c:\Users\Erendira Jimenez\Documents\OTL.scr
PRC - [2012/01/14 12:49:32 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/10/17 11:18:23 | 004,615,552 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2011/08/11 17:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2011/08/02 13:21:52 | 001,506,536 | ---- | M] (Defender Pro) -- C:\Program Files\Defender Pro\Defender Pro\vsserv.exe
PRC - [2011/08/02 13:21:48 | 000,050,128 | ---- | M] (Defender Pro) -- C:\Program Files\Defender Pro\Defender Pro\updatesrv.exe
PRC - [2011/08/02 13:21:04 | 000,065,560 | ---- | M] (Defender Pro) -- C:\Program Files\Defender Pro\Defender Pro\pchooklaunch32.exe
PRC - [2011/08/02 13:19:56 | 001,053,336 | ---- | M] (Defender Pro) -- C:\Program Files\Defender Pro\Defender Pro\bdagent.exe
PRC - [2009/03/24 13:11:44 | 000,415,024 | ---- | M] (BitDefender SRL) -- C:\livesrv.exe
PRC - [2009/01/26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/10/29 00:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2007/03/15 07:32:14 | 004,390,912 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/03/09 11:09:58 | 000,063,712 | -H-- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe


========== Modules (No Company Name) ==========

MOD - [2012/01/24 15:55:21 | 000,063,488 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
MOD - [2012/01/24 15:55:21 | 000,052,736 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
MOD - [2012/01/14 12:49:32 | 002,124,760 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/12/26 22:39:30 | 000,117,760 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
MOD - [2011/12/26 22:39:30 | 000,052,224 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
MOD - [2011/11/07 18:49:48 | 008,522,400 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
MOD - [2011/09/27 06:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 06:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/08/02 12:47:52 | 000,186,880 | ---- | M] () -- C:\Program Files\Defender Pro\Defender Pro\UI\popup.ui
MOD - [2011/07/22 17:53:36 | 000,126,360 | ---- | M] () -- C:\Program Files\Defender Pro\Defender Pro\popup.dll
MOD - [2011/07/22 12:39:24 | 000,109,856 | ---- | M] () -- C:\Program Files\Defender Pro\Defender Pro\connector.dll
MOD - [2011/07/22 12:38:50 | 000,151,592 | ---- | M] () -- C:\Program Files\Defender Pro\Defender Pro\framework.dll
MOD - [2011/07/22 12:37:56 | 000,202,032 | ---- | M] () -- C:\Program Files\Defender Pro\Defender Pro\txmlutil.dll
MOD - [2010/06/01 09:17:46 | 000,929,792 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\yui.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/08/11 17:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/08/02 13:21:52 | 001,506,536 | ---- | M] (Defender Pro) [Auto | Running] -- C:\Program Files\Defender Pro\Defender Pro\vsserv.exe -- (VSSERV)
SRV - [2011/08/02 13:21:48 | 000,050,128 | ---- | M] (Defender Pro) [Auto | Running] -- C:\Program Files\Defender Pro\Defender Pro\updatesrv.exe -- (UPDATESRV)
SRV - [2011/08/02 13:19:54 | 000,307,544 | ---- | M] (Defender Pro) [On_Demand | Stopped] -- C:\Program Files\Common Files\Defender Pro\Defender Pro Arrakis Server\bin\arrakis3.exe -- (Update Server)
SRV - [2009/08/24 06:16:12 | 000,378,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2009/03/24 13:11:44 | 000,415,024 | ---- | M] (BitDefender SRL) [Auto | Running] -- C:\livesrv.exe -- (LIVESRV)
SRV - [2009/01/26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Disabled | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2007/03/19 11:44:44 | 000,070,656 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2006/10/23 06:50:35 | 000,046,640 | ---- | M] (AOL LLC) [Disabled | Stopped] -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS)


========== Driver Services (SafeList) ==========

DRV - [2012/01/23 04:43:47 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\23066451.sys -- (23066451)
DRV - [2011/07/22 20:20:05 | 000,311,248 | ---- | M] (BitDefender S.R.L.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\trufos.sys -- (trufos)
DRV - [2011/07/22 10:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/15 16:11:48 | 000,451,864 | ---- | M] (BitDefender) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\avckf.sys -- (avckf)
DRV - [2011/07/15 16:11:46 | 000,596,600 | ---- | M] (BitDefender) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\avc3.sys -- (avc3)
DRV - [2011/07/15 16:11:46 | 000,240,184 | ---- | M] (BitDefender) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avchv.sys -- (avchv)
DRV - [2011/07/12 15:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/06/17 19:54:44 | 000,063,568 | ---- | M] (Windows ® Win 7 DDK provider) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\bdsandbox.sys -- (bdsandbox)
DRV - [2011/03/24 15:36:18 | 000,353,096 | ---- | M] (BitDefender) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\bdfsfltr.sys -- (bdfsfltr)
DRV - [2011/03/01 17:45:36 | 000,074,320 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- c:\Program Files\Common Files\Defender Pro\Defender Pro Firewall\bdfndisf6.sys -- (BdfNdisf)
DRV - [2011/03/01 17:45:32 | 000,130,640 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Program Files\Common Files\Defender Pro\Defender Pro Firewall\bdftdif.sys -- (bdftdif)
DRV - [2010/01/19 19:32:40 | 000,085,128 | ---- | M] (BitDefender) [Kernel | System | Running] -- C:\Windows\System32\drivers\bdvedisk.sys -- (BDVEDISK)
DRV - [2009/08/14 07:45:24 | 000,021,248 | -H-- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2009/08/14 07:45:24 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2009/07/14 17:54:00 | 009,557,216 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007/03/15 07:57:30 | 001,059,112 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2007/02/25 11:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2006/11/02 01:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/11/02 01:30:55 | 000,200,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2006/11/01 14:18:15 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2006/10/18 12:08:18 | 000,258,048 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/08/04 18:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Motive, Inc.)
FF - HKLM\Software\MozillaPlugins\[email protected]/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Yahoo!\Common\npyaxmpb.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/14 12:49:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/03 14:18:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\Defender Pro\Defender Pro\bdtbext\ [2012/01/03 14:31:39 | 000,000,000 | ---D | M]

[2011/02/23 22:46:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Erendira Jimenez\AppData\Roaming\Mozilla\Extensions
[2011/12/12 21:07:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Erendira Jimenez\AppData\Roaming\Mozilla\Firefox\Profiles\db8lrqx1.default\extensions
[2011/02/25 09:00:34 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Erendira Jimenez\AppData\Roaming\Mozilla\Firefox\Profiles\db8lrqx1.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/12/12 21:07:10 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Erendira Jimenez\AppData\Roaming\Mozilla\Firefox\Profiles\db8lrqx1.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/03/21 13:12:22 | 000,000,000 | ---D | M] (Search Toolbar) -- C:\Users\Erendira Jimenez\AppData\Roaming\Mozilla\Firefox\Profiles\db8lrqx1.default\extensions\[email protected]
[2011/03/21 13:12:22 | 000,001,919 | ---- | M] () -- C:\Users\Erendira Jimenez\AppData\Roaming\Mozilla\Firefox\Profiles\db8lrqx1.default\searchplugins\bing-zugo.xml
[2012/01/14 12:49:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
() (No name found) -- C:\USERS\ERENDIRA JIMENEZ\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DB8LRQX1.DEFAULT\EXTENSIONS\[email protected]
[2012/01/14 12:49:33 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/10/06 19:18:35 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2011/05/04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/10/06 19:18:37 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2011/12/26 23:10:21 | 000,003,747 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/01/14 12:49:30 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/01/14 12:49:30 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========


O1 HOSTS File: ([2012/01/22 12:26:25 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers Client\YontooIEClient.dll (Yontoo LLC)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BDAgent] C:\Program Files\Defender Pro\Defender Pro\bdagent.exe (Defender Pro)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Users\Erendira Jimenez\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\Erendira Jimenez\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_01352562.lnk = C:\Users\Erendira Jimenez\AppData\Local\temp\_uninst_01352562.bat ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} http://download.micr...helpcontrol.cab (Microsoft Genuine Advantage Self Support Tool)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail....NPUplden-us.cab (MSN Photo Upload Tool)
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} http://cdnimg.piczo....st_uploader.cab (Image Uploader Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx2.hotmail....NPUplden-us.cab (Windows Live Hotmail Photo Upload Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2417E80F-3348-4F93-8BFF-9691FF0E00A4}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop BackupWallPaper: C:\Users\Erendira Jimenez\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O29 - HKLM SecurityProviders - (credssp.dll) -credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 15:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2011/08/11 12:22:22 | 000,000,036 | R--- | M] () - E:\Autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/23 18:37:30 | 000,000,000 | ---D | C] -- C:\ProgramData\GoldWave
[2012/01/23 11:52:24 | 000,133,208 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\System32\drivers\23066451.sys
[2012/01/22 20:53:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2012/01/22 12:39:42 | 002,054,448 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Erendira Jimenez\Desktop\TDSSKiller.exe
[2012/01/22 12:26:42 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/01/22 12:20:36 | 000,000,000 | ---D | C] -- C:\Users\Erendira Jimenez\AppData\Local\temp
[2012/01/22 11:36:12 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/01/22 11:36:12 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/01/22 11:36:11 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/01/22 11:36:03 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/01/22 11:28:20 | 004,388,509 | R--- | C] (Swearware) -- C:\Users\Erendira Jimenez\Desktop\ComboFix.exe
[2012/01/21 20:10:40 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/01/21 19:19:48 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/01/21 19:10:05 | 004,713,472 | ---- | C] (AVAST Software) -- C:\Users\Erendira Jimenez\Desktop\aswMBR.exe
[2012/01/20 18:25:37 | 000,000,000 | ---D | C] -- C:\Users\Erendira Jimenez\Documents\F
[2012/01/19 21:13:04 | 000,000,000 | ---D | C] -- C:\Users\Erendira Jimenez\Documents\images
[2012/01/18 18:15:33 | 000,000,000 | ---D | C] -- C:\Users\Erendira Jimenez\AppData\Local\CrashDumps
[2012/01/18 17:52:16 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Erendira Jimenez\Documents\OTL.scr
[2012/01/16 17:34:32 | 000,000,000 | ---D | C] -- C:\Users\Erendira Jimenez\Documents\bootloader
[2012/01/15 19:21:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Windows Genuine Advantage
[2012/01/13 19:01:14 | 000,000,000 | ---D | C] -- C:\Users\Erendira Jimenez\Documents\Shimeji Halloween
[2012/01/13 16:53:35 | 000,000,000 | ---D | C] -- C:\Program Files\Magical Jelly Bean
[2012/01/13 16:53:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeyFinder
[2012/01/13 16:52:41 | 001,174,617 | ---- | C] (Magical Jelly Bean ) -- C:\Users\Erendira Jimenez\Documents\KeyFinderInstaller.exe
[2012/01/04 18:31:39 | 000,000,000 | ---D | C] -- C:\Users\Erendira Jimenez\AppData\Local\Proxure
[2012/01/04 18:30:36 | 000,000,000 | ---D | C] -- C:\ProgramData\ClubSanDisk
[2012/01/03 14:52:43 | 000,933,888 | ---- | C] (BitDefender S.R.L.) -- C:\bdsubwiz.exe
[2012/01/03 14:52:43 | 000,933,888 | ---- | C] (BitDefender S.R.L.) -- C:\bdGUICtl.dll
[2012/01/03 14:52:43 | 000,593,920 | ---- | C] (BitDefender S.R.L. http://www.bitdefender.com) -- C:\WSLib.dll
[2012/01/03 14:52:43 | 000,415,024 | ---- | C] (BitDefender SRL) -- C:\livesrv.exe
[2012/01/03 14:52:43 | 000,139,264 | ---- | C] (BitDefender SRL) -- C:\upgrepl.exe
[2012/01/03 14:52:43 | 000,094,208 | ---- | C] (BitDefender S.R.L. http://www.bitdefender.com) -- C:\WSPack.dll
[2012/01/03 14:52:43 | 000,086,016 | ---- | C] (BitDefender S.R.L.) -- C:\txmlx.dll
[2012/01/03 14:52:43 | 000,086,016 | ---- | C] (BitDefender S.R.L. http://www.bitdefender.com) -- C:\WSUtils.dll
[2012/01/03 14:52:43 | 000,077,824 | ---- | C] (BitDefender S.R.L.) -- C:\BDUtils.dll
[2012/01/03 14:52:43 | 000,040,960 | ---- | C] (BitDefender LLC) -- C:\npcomm.dll
[2012/01/03 14:52:43 | 000,024,576 | ---- | C] (BitDefender S.R.L.) -- C:\bdch.dll
[2012/01/03 14:52:42 | 000,192,512 | ---- | C] (BitDefender S.R.L.) -- C:\bdsubmit.dll
[2012/01/03 14:52:42 | 000,102,400 | ---- | C] (BitDefender) -- C:\bdcore.dll
[2012/01/03 14:52:42 | 000,092,160 | ---- | C] (SOFTWIN SRL) -- C:\bdc.exe
[2012/01/03 14:52:27 | 000,000,000 | ---D | C] -- C:\Plugins
[2012/01/03 14:52:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\BitDefender
[2012/01/03 14:31:21 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2012/01/02 15:13:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Office Genuine Advantage
[2012/01/01 19:43:05 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\sun
[2012/01/01 19:30:47 | 000,000,000 | ---D | C] -- C:\Users\Erendira Jimenez\Desktop\OpenOffice.org 3.3 (en-US) Installation Files
[2011/12/30 13:56:21 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\EA Games
[2011/12/30 13:38:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES
[2011/12/30 13:21:57 | 000,000,000 | ---D | C] -- C:\Program Files\EA GAMES
[2011/12/27 14:17:13 | 000,000,000 | ---D | C] -- C:\Users\Erendira Jimenez\AppData\Roaming\BitDefender
[2011/12/27 14:14:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Bitdefender
[2011/12/27 14:12:31 | 000,000,000 | ---D | C] -- C:\Users\Erendira Jimenez\{67261125-7228-4c07-84ae-eaff1bc24e84}
[2011/12/27 14:11:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Defender Pro
[2011/12/27 14:11:18 | 000,000,000 | ---D | C] -- C:\Users\Erendira Jimenez\AppData\Roaming\Defender Pro
[2011/12/27 14:10:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Defender Pro
[2011/12/27 14:09:34 | 000,000,000 | ---D | C] -- C:\Users\Erendira Jimenez\AppData\Roaming\QuickScan
[2011/12/27 14:08:14 | 000,311,248 | ---- | C] (BitDefender S.R.L.) -- C:\Windows\System32\drivers\trufos.sys
[2011/12/27 14:08:10 | 000,000,000 | ---D | C] -- C:\Program Files\Defender Pro
[2011/12/27 14:08:09 | 000,353,096 | ---- | C] (BitDefender) -- C:\Windows\System32\drivers\bdfsfltr.sys
[2011/12/27 14:07:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Defender Pro
[2011/12/26 22:37:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011/12/26 22:37:35 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/12/26 22:28:06 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2011/12/26 22:27:07 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/24 16:37:58 | 000,000,414 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{4FFC155B-4C10-41CE-9D96-2859B7360DE1}.job
[2012/01/24 16:24:10 | 000,010,955 | ---- | M] () -- C:\history.xml
[2012/01/24 16:23:30 | 000,001,456 | ---- | M] () -- C:\v_live_s.xml
[2012/01/24 15:53:04 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/24 15:53:03 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/24 15:52:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/24 15:52:38 | 2078,793,728 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/23 18:23:14 | 005,339,564 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/01/23 18:23:14 | 001,747,644 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/01/23 11:53:46 | 000,000,816 | ---- | M] () -- C:\Users\Erendira Jimenez\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_01352562.lnk
[2012/01/23 04:43:47 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\System32\drivers\23066451.sys
[2012/01/22 20:19:28 | 115,325,848 | ---- | M] () -- C:\Users\Erendira Jimenez\Desktop\setup_11.0.0.1245.x01_2012_01_23_04_43.exe
[2012/01/22 13:24:26 | 000,000,564 | ---- | M] () -- C:\Users\Erendira Jimenez\Documents\MBR.zip
[2012/01/22 12:48:46 | 000,000,512 | ---- | M] () -- C:\Users\Erendira Jimenez\Documents\MBR.dat
[2012/01/22 12:26:25 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/01/22 11:28:21 | 004,388,509 | R--- | M] (Swearware) -- C:\Users\Erendira Jimenez\Desktop\ComboFix.exe
[2012/01/22 08:48:00 | 000,003,120 | ---- | M] () -- C:\Windows\FDK47J7J.ocx
[2012/01/21 19:28:02 | 000,000,680 | ---- | M] () -- C:\Users\Erendira Jimenez\AppData\Local\d3d9caps.dat
[2012/01/21 19:10:48 | 004,713,472 | ---- | M] (AVAST Software) -- C:\Users\Erendira Jimenez\Desktop\aswMBR.exe
[2012/01/21 19:10:03 | 002,035,725 | ---- | M] () -- C:\Users\Erendira Jimenez\Desktop\tdsskiller.zip
[2012/01/19 13:10:18 | 002,054,448 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Erendira Jimenez\Desktop\TDSSKiller.exe
[2012/01/18 18:17:56 | 219,991,544 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/01/18 17:53:00 | 000,302,592 | ---- | M] () -- C:\vhx17wux.exe
[2012/01/18 17:52:17 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Erendira Jimenez\Documents\OTL.scr
[2012/01/16 22:19:35 | 000,004,164 | ---- | M] () -- C:\Users\Erendira Jimenez\AppData\Roaming\wklnhst.dat
[2012/01/16 17:34:13 | 000,132,466 | ---- | M] () -- C:\Users\Erendira Jimenez\Documents\bootloader.zip
[2012/01/15 19:30:35 | 001,439,447 | ---- | M] () -- C:\Users\Erendira Jimenez\Documents\Windows6.1-KB971033-x86.MSU
[2012/01/15 18:35:49 | 000,003,120 | ---- | M] () -- C:\Windows\System32\FEHXUQ9Q.ocx
[2012/01/13 19:00:55 | 006,308,636 | ---- | M] () -- C:\Users\Erendira Jimenez\Documents\Shimeji Halloween.rar
[2012/01/13 16:52:57 | 001,174,617 | ---- | M] (Magical Jelly Bean ) -- C:\Users\Erendira Jimenez\Documents\KeyFinderInstaller.exe
[2012/01/04 18:32:25 | 000,000,288 | ---- | M] () -- C:\Users\Erendira Jimenez\AppData\Roaming\.backup.dm
[2012/01/03 20:08:37 | 000,011,196 | -HS- | M] () -- C:\ProgramData\r05y6ic803q5dt00144apah48uul122qh4v8
[2012/01/03 15:01:08 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_avchv_01009.Wdf
[2012/01/03 15:01:07 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2012/01/03 14:58:47 | 000,000,385 | ---- | M] () -- C:\Windows\System32\user_gensett.xml
[2012/01/03 14:53:59 | 000,000,584 | ---- | M] () -- C:\bdc.ini
[2012/01/03 14:35:18 | 000,150,317 | ---- | M] () -- C:\ProgramData\1325622406.bdinstall.bin
[2012/01/03 14:34:15 | 000,000,268 | -H-- | M] () -- C:\bdr-conf
[2012/01/03 14:31:55 | 000,001,984 | ---- | M] () -- C:\Users\Public\Desktop\Defender Pro 15-in-1.lnk
[2011/12/31 23:22:18 | 000,023,706 | ---- | M] () -- C:\Users\Erendira Jimenez\Documents\100 books to read before you die.odt
[2011/12/29 12:42:16 | 000,010,272 | ---- | M] () -- C:\Users\Erendira Jimenez\Documents\Anu.odt
[2011/12/27 14:15:44 | 000,152,909 | ---- | M] () -- C:\ProgramData\1325016466.bdinstall.bin
[2011/12/26 22:37:39 | 000,001,802 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/23 11:53:46 | 000,000,816 | ---- | C] () -- C:\Users\Erendira Jimenez\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_01352562.lnk
[2012/01/22 20:02:40 | 115,325,848 | ---- | C] () -- C:\Users\Erendira Jimenez\Desktop\setup_11.0.0.1245.x01_2012_01_23_04_43.exe
[2012/01/22 13:24:26 | 000,000,564 | ---- | C] () -- C:\Users\Erendira Jimenez\Documents\MBR.zip
[2012/01/22 12:48:46 | 000,000,512 | ---- | C] () -- C:\Users\Erendira Jimenez\Documents\MBR.dat
[2012/01/22 11:36:12 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/01/22 11:36:12 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/01/22 11:36:11 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/01/22 11:36:11 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/01/22 11:36:11 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/01/22 08:48:00 | 000,003,120 | ---- | C] () -- C:\Windows\FDK47J7J.ocx
[2012/01/22 08:47:15 | 2078,793,728 | -HS- | C] () -- C:\hiberfil.sys
[2012/01/21 19:09:51 | 002,035,725 | ---- | C] () -- C:\Users\Erendira Jimenez\Desktop\tdsskiller.zip
[2012/01/21 12:41:26 | 000,000,414 | -H-- | C] () -- C:\Windows\tasks\User_Feed_Synchronization-{4FFC155B-4C10-41CE-9D96-2859B7360DE1}.job
[2012/01/19 21:13:04 | 000,004,918 | ---- | C] () -- C:\Users\Erendira Jimenez\Documents\index.html
[2012/01/18 18:17:28 | 219,991,544 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/01/18 17:53:00 | 000,302,592 | ---- | C] () -- C:\vhx17wux.exe
[2012/01/16 17:34:11 | 000,132,466 | ---- | C] () -- C:\Users\Erendira Jimenez\Documents\bootloader.zip
[2012/01/15 19:30:20 | 001,439,447 | ---- | C] () -- C:\Users\Erendira Jimenez\Documents\Windows6.1-KB971033-x86.MSU
[2012/01/15 18:35:49 | 000,003,120 | ---- | C] () -- C:\Windows\System32\FEHXUQ9Q.ocx
[2012/01/13 18:59:29 | 006,308,636 | ---- | C] () -- C:\Users\Erendira Jimenez\Documents\Shimeji Halloween.rar
[2012/01/04 18:32:25 | 000,000,288 | ---- | C] () -- C:\Users\Erendira Jimenez\AppData\Roaming\.backup.dm
[2012/01/04 08:45:32 | 000,000,680 | ---- | C] () -- C:\Users\Erendira Jimenez\AppData\Local\d3d9caps.dat
[2012/01/03 15:04:46 | 000,010,955 | ---- | C] () -- C:\history.xml
[2012/01/03 15:01:08 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_avchv_01009.Wdf
[2012/01/03 15:01:07 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2012/01/03 14:59:50 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Inbox_Critical.Wdf
[2012/01/03 14:58:47 | 000,000,385 | ---- | C] () -- C:\Windows\System32\user_gensett.xml
[2012/01/03 14:52:43 | 000,192,512 | ---- | C] () -- C:\txmlutil.dll
[2012/01/03 14:52:43 | 000,081,920 | ---- | C] () -- C:\bdss.exe
[2012/01/03 14:52:43 | 000,001,456 | ---- | C] () -- C:\v_live_s.xml
[2012/01/03 14:52:43 | 000,001,009 | ---- | C] () -- C:\bdch.ini
[2012/01/03 14:52:43 | 000,000,584 | ---- | C] () -- C:\versions.dat.4FB1D4991544C820812670B4D2A6ED09
[2012/01/03 14:52:43 | 000,000,495 | ---- | C] () -- C:\versions.id.4FB1D4991544C820812670B4D2A6ED09
[2012/01/03 14:52:42 | 000,142,848 | ---- | C] () -- C:\libfn.dll
[2012/01/03 14:52:42 | 000,135,680 | ---- | C] () -- C:\OnlineGames.exe
[2012/01/03 14:52:42 | 000,077,824 | ---- | C] () -- C:\bdupd.dll
[2012/01/03 14:52:42 | 000,053,248 | ---- | C] () -- C:\avxdisk.dll
[2012/01/03 14:52:42 | 000,027,136 | ---- | C] () -- C:\avxt.dll
[2012/01/03 14:52:42 | 000,010,240 | ---- | C] () -- C:\avxs.dll
[2012/01/03 14:52:42 | 000,001,507 | ---- | C] () -- C:\bdsubmit.ini
[2012/01/03 14:52:42 | 000,000,636 | ---- | C] () -- C:\bdc.ini.bak
[2012/01/03 14:52:42 | 000,000,584 | ---- | C] () -- C:\bdc.ini
[2012/01/03 14:52:42 | 000,000,298 | ---- | C] () -- C:\plugins.htm
[2012/01/03 14:35:18 | 000,150,317 | ---- | C] () -- C:\ProgramData\1325622406.bdinstall.bin
[2012/01/03 14:34:14 | 002,294,848 | -H-- | C] () -- C:\bdrescue.vm
[2011/12/29 12:42:13 | 000,010,272 | ---- | C] () -- C:\Users\Erendira Jimenez\Documents\Anu.odt
[2011/12/27 14:15:44 | 000,152,909 | ---- | C] () -- C:\ProgramData\1325016466.bdinstall.bin
[2011/12/27 14:14:59 | 027,319,487 | -H-- | C] () -- C:\bdrescue.gz
[2011/12/27 14:14:59 | 000,217,769 | -H-- | C] () -- C:\bdrescue
[2011/12/27 14:14:59 | 000,009,216 | -H-- | C] () -- C:\bdrescue.mbr
[2011/12/27 14:14:59 | 000,000,268 | -H-- | C] () -- C:\bdr-conf
[2011/12/27 14:11:22 | 000,001,984 | ---- | C] () -- C:\Users\Public\Desktop\Defender Pro 15-in-1.lnk
[2011/12/26 22:37:38 | 000,001,802 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/12/26 21:37:19 | 000,011,196 | -HS- | C] () -- C:\ProgramData\r05y6ic803q5dt00144apah48uul122qh4v8
[2011/08/13 08:28:29 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011/08/13 08:28:29 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2011/06/17 19:54:16 | 000,021,824 | ---- | C] () -- C:\Windows\System32\bdsandboxuh.dll
[2011/05/18 15:52:39 | 000,001,940 | ---- | C] () -- C:\Users\Erendira Jimenez\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010/09/23 05:23:49 | 000,000,552 | ---- | C] () -- C:\Users\Erendira Jimenez\AppData\Local\d3d8caps.dat
[2010/06/10 08:24:55 | 000,000,184 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.DLL
[2007/11/17 19:22:20 | 000,031,007 | ---- | C] () -- C:\Users\Erendira Jimenez\AppData\Roaming\UserTile.png
[2007/11/10 23:02:57 | 000,004,164 | ---- | C] () -- C:\Users\Erendira Jimenez\AppData\Roaming\wklnhst.dat
[2007/11/10 10:04:34 | 000,029,696 | ---- | C] () -- C:\Users\Erendira Jimenez\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/03/19 04:04:58 | 000,003,584 | ---- | C] () -- C:\Windows\System32\namResES.dll
[2007/03/19 04:04:58 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResIT.dll
[2007/03/19 04:04:58 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResFR.dll
[2007/03/19 04:04:58 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResENG.dll
[2007/03/19 04:04:58 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResDE.dll
[2007/03/19 04:04:56 | 000,003,584 | ---- | C] () -- C:\Windows\System32\namResPTB.dll
[2007/03/19 04:04:56 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResZHC.dll
[2007/03/19 04:04:56 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResKO.dll
[2007/03/19 04:04:56 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResJA.dll
[2007/03/19 04:04:54 | 000,022,016 | ---- | C] () -- C:\Windows\System32\nam_page.dll
[2007/03/19 04:04:54 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResZHT.dll
[2006/11/10 07:26:12 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2006/11/02 06:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 06:47:37 | 000,300,592 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 06:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 04:33:01 | 005,339,564 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 04:33:01 | 001,747,644 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 04:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 04:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 04:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 04:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 02:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 02:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 01:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 01:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== LOP Check ==========

[2011/06/27 18:19:23 | 000,000,000 | ---D | M] -- C:\Users\Erendira Jimenez\AppData\Roaming\Amazon
[2011/12/27 14:17:13 | 000,000,000 | ---D | M] -- C:\Users\Erendira Jimenez\AppData\Roaming\BitDefender
[2011/07/17 21:09:04 | 000,000,000 | ---D | M] -- C:\Users\Erendira Jimenez\AppData\Roaming\calibre
[2011/12/27 14:11:18 | 000,000,000 | ---D | M] -- C:\Users\Erendira Jimenez\AppData\Roaming\Defender Pro
[2008/01/18 23:11:42 | 000,000,000 | ---D | M] -- C:\Users\Erendira Jimenez\AppData\Roaming\Leadertech
[2008/04/26 16:15:06 | 000,000,000 | ---D | M] -- C:\Users\Erendira Jimenez\AppData\Roaming\LimeWire
[2010/10/15 18:46:17 | 000,000,000 | ---D | M] -- C:\Users\Erendira Jimenez\AppData\Roaming\OpenOffice.org
[2011/04/11 17:42:06 | 000,000,000 | ---D | M] -- C:\Users\Erendira Jimenez\AppData\Roaming\Photo DVD Maker
[2011/12/27 14:09:34 | 000,000,000 | ---D | M] -- C:\Users\Erendira Jimenez\AppData\Roaming\QuickScan
[2010/06/14 19:46:58 | 000,000,000 | ---D | M] -- C:\Users\Erendira Jimenez\AppData\Roaming\Template
[2011/07/24 11:08:55 | 000,000,000 | ---D | M] -- C:\Users\Erendira Jimenez\AppData\Roaming\Tific
[2011/08/11 15:42:30 | 000,000,000 | ---D | M] -- C:\Users\Erendira Jimenez\AppData\Roaming\uTorrent
[2011/08/10 12:36:56 | 000,000,216 | ---- | M] () -- C:\Windows\Tasks\0.job
[2012/01/24 06:45:14 | 000,032,572 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/01/24 16:37:58 | 000,000,414 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{4FFC155B-4C10-41CE-9D96-2859B7360DE1}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 16 bytes -> C:\Users\Erendira Jimenez\Desktop\ComboFix.exe:BDU
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:A31FAD21

< End of report >

[maliprog]

There is still some leftovers I would like to remove.

Step 1

NOTE: This fix is custom made for this system only and for current system state! Don't try to run it on another system!

Please close all running programs and Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTL
  [2011/08/10 12:36:56 | 000,000,216 | ---- | M] () -- C:\Windows\Tasks\0.job
  [2011/12/26 21:37:19 | 000,011,196 | -HS- | C] () -- C:\ProgramData\r05y6ic803q5dt00144apah48uul122qh4v8
  
  :Files
  C:\ProgramData\r05y6ic803q5dt00144apah48uul122qh4v8
  
  :Commands
  [purity]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• Post the fix log it produces in your next reply or you can find it in C:\_OTL\MovedFiles

Step 2


Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish, so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

Step 3


Please don't forget to include these items in your reply:

• OTL fix log
• Malwarebytes log

It would be helpful if you could post each log in separate post