Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Trojan horse Agent.4.BC


  • This topic is locked This topic is locked
17 replies to this topic

#1 fmg00

fmg00

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:56 AM

Posted 31 January 2010 - 09:59 PM

Hi, my computer got infected. I used Malwarebytes, spybot, ad-aware, eset online, avg free 9 full scan and they all reported and apparently removed the trojans, but in c:\windows\temp several folders with random names (e.g. bioj.tmp) keep appearing, so there is something not healed yet. AVG last report was Trojan horse Agent.4.BC svchost.exe file.
I'm using Windows 7 RC. Hope someone could help me out.

Thanks!


DDS (Ver_09-12-01.01) - NTFSx86
Run by Paco at 20:43:21.08 on 31-Jan-10
Internet Explorer: 8.0.7100.0 BrowserJavaVersion: 1.6.0_17
Microsoft Windows 7 Ultimate 6.1.7100.0.1252.1.1033.18.2550.926 [GMT -6:00]

SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\fsproflt.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\vmnat.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\VMware\VMware Player\vmware-authd.exe
C:\Windows\system32\vmnetdhcp.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\My Lockbox\mylbx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Adobe\Adobe Photoshop CS4\Photoshop.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Maxthon2\Maxthon.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\AVG\AVG9\avgui.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\Paco\Desktop\dds.pif
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: IeCatch5 Class: {2f364306-aa45-47b5-9f9d-39a8b94e7ef7} - c:\progra~1\flashget\jccatch.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: gFlash Class: {f156768e-81ef-470c-9057-481ba8380dba} - c:\progra~1\flashget\getflash.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Hotspot Shield Class: {f9e4a054-e9b1-4bc3-83a3-76a1ae736170} - c:\program files\hotspot shield\hssie\HssIE.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: FlashGet Bar: {e0e899ab-f487-11d5-8d29-0050ba6940e3} - c:\progra~1\flashget\fgiebar.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
mRun: [mylbx] c:\program files\my lockbox\mylbx.exe /a
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\avgfre~1.lnk - c:\program files\avg\avg9\avgtray.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: &ieSpell Options - c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Check &Spelling - c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: Download All by FlashGet - c:\program files\flashget\jc_all.htm
IE: Download using FlashGet - c:\program files\flashget\jc_link.htm
IE: E&xportar a Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: Lookup on Merriam Webster - file://c:\program files\iespell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files\iespell\wikipedia.HTM
IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - c:\progra~1\flashget\flashget.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
LSP: c:\program files\vmware\vmware player\vsocklib.dll
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {72BFBC0F-3C1E-48A6-B50A-0364572E5F6F} - hxxp://201.144.111.147/WebGuard_Login.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {7B43048F-DA7A-458F-AF35-D825BDBB6816} - hxxp://192.168.2.150/codebase/NetVideoOCX.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - hxxp://201.139.8.22/activex/AxisCamControl.cab
DPF: {ADACAA8F-3595-47FE-9C31-9C7471B9BEC7} - hxxp://improba.sytes.net/cab/OCXChecker_8000.cab
DPF: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_12-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {DBAFE6AD-DC14-45DF-A3F7-F8832289A1CD} - hxxp://improba.sytes.net/cab/DownloadFile_8000.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\users\paco\appdata\roaming\mozilla\firefox\profiles\7rohn5hu.default\
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\users\paco\appdata\local\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\users\paco\appdata\local\yahoo!\browserplus\2.4.21\plugins\npybrowserplus_2.4.21.dll
FF - plugin: c:\users\paco\appdata\roaming\mozilla\firefox\profiles\7rohn5hu.default\extensions\logmeinclient@logmein.com\plugins\npRACtrl.dll
FF - plugin: c:\users\paco\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [2009-1-7 20744]
R0 FSProFilter;FSPro File Filter;c:\windows\system32\drivers\FSPFltd.sys [2009-7-6 43792]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-5-5 333192]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-5-5 28424]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-5-5 360584]
R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2009/05/06 21:39:04];c:\program files\cyberlink\powerdvd9\000.fcl [2009-2-28 87536]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2009-12-21 285392]
R2 fsproflt;FSPro Filter Service;c:\windows\system32\fsproflt.exe [2009-7-6 142648]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\logmein hamachi\hamachi-2.exe [2009-10-29 1074568]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-1-25 1153368]
R2 WMDrive;WMDrive;c:\windows\system32\drivers\WMDrive.sys [2009-9-23 32384]
R2 XRNBO;XRNBO;c:\windows\system32\drivers\XRNBO.sys [2009-5-24 177152]
R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-4-8 4231168]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-4-21 229888]
S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [2008-12-7 30088]
S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [2008-7-2 26248]
S3 PortTalk;PortTalk;c:\windows\system32\drivers\porttalk.sys [2009-5-24 3567]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-4-21 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-4-21 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-4-21 661504]
S4 OracleDBConsoleOLTP;OracleDBConsoleOLTP;c:\oracle\product\11.1.0\db_1\bin\nmesrvc.exe --> c:\oracle\product\11.1.0\db_1\bin\nmesrvc.exe [?]

============== File Associations ===============

vbefile\shell\open2\command="%SystemRoot%\System32\CScript.exe" "%1" %*
vbsfile\shell\open2\command="%SystemRoot%\System32\CScript.exe" "%1" %*
jsefile\shell\open2\command=c:\windows\system32\CScript.exe "%1" %*

=============== Created Last 30 ================

2010-01-31 20:32:34 0 d-----w- c:\program files\ESET
2010-01-31 05:39:14 0 d-----w- c:\programdata\Thinstall
2010-01-31 05:39:06 0 d-----w- c:\program files\TuneUp Utilities (VMware ThinApp)
2010-01-31 05:34:33 0 d-----w- c:\program files\Uninstall Winner
2010-01-31 05:26:05 0 d-----w- c:\users\paco\appdata\roaming\Thinstall
2010-01-31 04:52:30 0 d-sh--w- C:\$RECYCLE.BIN
2010-01-30 06:24:24 0 d-----w- c:\programdata\Lavasoft
2010-01-28 03:31:20 0 d-----w- c:\temp\VisualBoy
2010-01-26 21:13:42 0 d-----w- c:\users\paco\appdata\roaming\Windows SideBar
2010-01-26 04:37:24 0 d-----w- c:\program files\CCleaner
2010-01-26 03:53:22 98816 ----a-w- c:\windows\sed.exe
2010-01-26 03:53:22 77312 ----a-w- c:\windows\MBR.exe
2010-01-26 03:53:22 261632 ----a-w- c:\windows\PEV.exe
2010-01-26 03:53:22 161792 ----a-w- c:\windows\SWREG.exe
2010-01-26 02:58:31 0 d-----w- c:\programdata\Spybot - Search & Destroy
2010-01-26 02:58:31 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-01-26 02:55:52 0 d-----w- c:\program files\Trend Micro
2010-01-26 02:45:18 0 d-----w- c:\windows\pss
2010-01-26 01:52:54 4199784 ----a-w- c:\windows\system32\cdintf400.dll
2010-01-26 01:51:30 0 d-----w- c:\program files\common files\Intuit
2010-01-26 01:51:27 0 d-----w- c:\users\paco\appdata\roaming\Intuit
2010-01-26 01:51:14 120 ----a-w- c:\windows\QUICKEN.INI
2010-01-26 01:50:48 0 d-----w- c:\programdata\Intuit
2010-01-21 18:50:30 0 d-----w- C:\dell
2010-01-21 02:34:52 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2010-01-21 02:34:35 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll
2010-01-21 02:33:26 0 d-----w- c:\program files\Winamp Detect
2010-01-19 21:10:43 0 d-----w- c:\program files\iPhone Explorer
2010-01-19 06:40:05 32 ----a-w- c:\windows\0
2010-01-19 06:40:05 0 ----a-w- c:\windows\system32\0
2010-01-13 00:39:21 0 d-----w- c:\users\paco\appdata\roaming\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
2010-01-13 00:39:17 0 d-----w- c:\program files\TweetDeck
2010-01-11 16:24:59 0 d-----w- c:\programdata\NOS
2010-01-10 23:15:03 0 d-----w- c:\program files\Loonies
2010-01-10 23:12:38 0 d-----w- c:\program files\DOSBox-0.73
2010-01-10 23:10:42 0 d--h--w- c:\windows\PIF
2010-01-07 20:52:33 0 d-----w- c:\program files\ClientSoftware(v4.01MD)
2010-01-07 19:58:07 0 d-----w- c:\program files\LogMeTT

==================== Find3M ====================

2010-02-01 00:50:11 32 ----a-w- c:\windows\system32\drivers\mshcmd.sys.
2010-01-20 04:45:42 238224 ---ha-w- c:\windows\system32\mlfcache.dat
2010-01-14 17:12:06 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-07 22:07:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 22:07:04 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-06 23:23:32 142648 ----a-w- c:\windows\system32\fsproflt.exe
2009-12-21 16:09:53 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-12-21 16:09:53 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-12-21 16:09:47 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-11-11 01:30:10 7276 ----a-r- c:\windows\fonts\TSPECIAL1.TTF
2009-04-22 09:01:08 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-04-22 09:01:08 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-04-22 09:01:08 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-04-22 09:01:08 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-04-22 04:38:41 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-04-22 04:38:41 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-04-22 04:38:39 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-04-22 04:38:39 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-03-27 04:24:20 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2009-05-06 03:46:53 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-04-22 05:19:40 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7100.0_none_624b25e9a4cb0444\WinMail.exe

============= FINISH: 20:44:32.42 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:07:56 AM

Posted 08 February 2010 - 12:10 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 fmg00

fmg00
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:56 AM

Posted 08 February 2010 - 11:13 PM

Hi, I've changed from Avg to Avast and the message I get is file blocked when created svchost.exe Win32-Trojan gen in c:\Windows\Temp\rpbf.tmp It appears every half an hour or so, and it creates a different .tmp folder.

Thanks for your help!


DDS (Ver_09-12-01.01) - NTFSx86
Run by Paco at 17:37:03.50 on 08-Feb-10
Internet Explorer: 8.0.7100.0 BrowserJavaVersion: 1.6.0_17
Microsoft Windows 7 Ultimate 6.1.7100.0.1252.1.1033.18.2550.1534 [GMT -6:00]

SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\My Lockbox\mylbx.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\fsproflt.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\vmnat.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\VMware\VMware Player\vmware-authd.exe
C:\Windows\system32\vmnetdhcp.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\calc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\ctfmon.exe
C:\Users\Paco\Desktop\dds.pif
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Hotspot Shield Class: {f9e4a054-e9b1-4bc3-83a3-76a1ae736170} - c:\program files\hotspot shield\hssie\HssIE.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: {E0E899AB-F487-11D5-8D29-0050BA6940E3} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
mRun: [mylbx] c:\program files\my lockbox\mylbx.exe /a
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
dRun: [reader_s] c:\windows\system32\config\systemprofile\reader_s.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\avgfre~1.lnk - c:\program files\avg\avg9\avgtray.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xportar a Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: Lookup on Merriam Webster - file://c:\program files\iespell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files\iespell\wikipedia.HTM
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: c:\program files\vmware\vmware player\vsocklib.dll
DPF: {063F7D71-5E0B-48F2-87D5-F63C5917947E} - hxxps://www.blink.com/accival/aosmgr.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {72BFBC0F-3C1E-48A6-B50A-0364572E5F6F} - hxxp://201.144.111.147/WebGuard_Login.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {7B43048F-DA7A-458F-AF35-D825BDBB6816} - hxxp://192.168.2.150/codebase/NetVideoOCX.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - hxxp://201.139.8.22/activex/AxisCamControl.cab
DPF: {ADACAA8F-3595-47FE-9C31-9C7471B9BEC7} - hxxp://improba.sytes.net/cab/OCXChecker_8000.cab
DPF: {C9A25090-D6C4-4D33-87ED-53AA0C3ECE65} - hxxp://download6.quickheal.com/onlnscan/activex/nt/onlnscan.cab
DPF: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_12-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {DBAFE6AD-DC14-45DF-A3F7-F8832289A1CD} - hxxp://improba.sytes.net/cab/DownloadFile_8000.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\users\paco\appdata\roaming\mozilla\firefox\profiles\7rohn5hu.default\
FF - plugin: c:\program files\ahnlab\asp\components\aosmgr\conflict_228\npaosmgr.dll
FF - plugin: c:\program files\ahnlab\asp\mykeydefense 2.5\npmkd25aos.dll
FF - plugin: c:\program files\ahnlab\asp\mykeydefense 2.5\npmkd25sp.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\users\paco\appdata\local\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\users\paco\appdata\local\yahoo!\browserplus\2.4.21\plugins\npybrowserplus_2.4.21.dll
FF - plugin: c:\users\paco\appdata\roaming\mozilla\firefox\profiles\7rohn5hu.default\extensions\logmeinclient@logmein.com\plugins\npRACtrl.dll
FF - plugin: c:\users\paco\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [2009-1-7 20744]
R0 FSProFilter;FSPro File Filter;c:\windows\system32\drivers\FSPFltd.sys [2009-7-6 43792]
R1 AMonTDLH;AMonTDLH;c:\windows\system32\drivers\AmonTDLh.sys [2010-2-7 87648]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-2-4 163280]
R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2009/05/06 21:39:04];c:\program files\cyberlink\powerdvd9\000.fcl [2009-2-28 87536]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-2-4 19024]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-2-4 51792]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-2-4 40384]
R2 fsproflt;FSPro Filter Service;c:\windows\system32\fsproflt.exe [2009-7-6 142648]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\logmein hamachi\hamachi-2.exe [2009-10-29 1074568]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-1-25 1153368]
R2 WMDrive;WMDrive;c:\windows\system32\drivers\WMDrive.sys [2009-9-23 32384]
R2 XRNBO;XRNBO;c:\windows\system32\drivers\XRNBO.sys [2009-5-24 177152]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-2-4 40384]
R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-4-8 4231168]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-2-4 40384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-4-21 229888]
S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [2008-12-7 30088]
S3 CdmDrvNt;CdmDrvNt;c:\windows\system32\drivers\CdmDrvNt.sys [2010-2-7 19616]
S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [2008-7-2 26248]
S3 MfFWEnt;MfFWEnt;c:\program files\ahnlab\asp\myfirewall 4.0\mffwent.sys [2010-2-7 101336]
S3 MfIPSEnt;MfIPSEnt;c:\program files\ahnlab\asp\myfirewall 4.0\mfipsent.sys [2010-2-7 121504]
S3 Mkd2Bthf;Mkd2Bthf;c:\windows\system32\drivers\Mkd2BthF.sys [2010-2-7 81016]
S3 Mkd2kfNt;Mkd2kfNt;c:\windows\system32\drivers\Mkd2kfNT.sys [2010-2-7 141176]
S3 Mkd2Nadr;Mkd2Nadr;c:\windows\system32\drivers\Mkd2Nadr.sys [2010-2-7 86136]
S3 PortTalk;PortTalk;c:\windows\system32\drivers\porttalk.sys [2009-5-24 3567]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-4-21 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-4-21 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-4-21 661504]
S4 OracleDBConsoleOLTP;OracleDBConsoleOLTP;c:\oracle\product\11.1.0\db_1\bin\nmesrvc.exe --> c:\oracle\product\11.1.0\db_1\bin\nmesrvc.exe [?]

============== File Associations ===============

vbefile\shell\open2\command="%SystemRoot%\System32\CScript.exe" "%1" %*
vbsfile\shell\open2\command="%SystemRoot%\System32\CScript.exe" "%1" %*
jsefile\shell\open2\command=c:\windows\system32\CScript.exe "%1" %*

=============== Created Last 30 ================

2010-02-08 03:10:56 77921 ----a-w- c:\windows\system32\v3w32se2.dll
2010-02-08 03:10:15 86136 ----a-w- c:\windows\system32\drivers\Mkd2Nadr.sys
2010-02-08 03:10:15 81016 ----a-w- c:\windows\system32\drivers\Mkd2BthF.sys
2010-02-08 03:10:15 141176 ----a-w- c:\windows\system32\drivers\Mkd2kfNT.sys
2010-02-08 03:10:14 87648 ----a-w- c:\windows\system32\drivers\AmonTDLh.sys
2010-02-08 03:10:14 19616 ----a-w- c:\windows\system32\drivers\CdmDrvNt.sys
2010-02-08 03:10:14 0 d-----w- c:\users\paco\appdata\roaming\AhnLab
2010-02-08 03:00:25 0 d-----w- c:\program files\AhnLab
2010-02-04 22:48:21 51792 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-02-04 22:47:25 0 d-----w- c:\programdata\Alwil Software
2010-02-04 22:32:36 0 d-----w- c:\program files\SpywareBlaster
2010-02-03 17:55:04 0 d-----w- C:\DownLoad
2010-02-01 02:58:23 0 d-----w- c:\users\paco\appdata\roaming\ieSpell
2010-01-31 20:32:34 0 d-----w- c:\program files\ESET
2010-01-31 05:39:14 0 d-----w- c:\programdata\Thinstall
2010-01-31 05:39:06 0 d-----w- c:\program files\TuneUp Utilities (VMware ThinApp)
2010-01-31 05:34:33 0 d-----w- c:\program files\Uninstall Winner
2010-01-31 05:26:05 0 d-----w- c:\users\paco\appdata\roaming\Thinstall
2010-01-31 04:52:30 0 d-sh--w- C:\$RECYCLE.BIN
2010-01-30 06:24:24 0 d-----w- c:\programdata\Lavasoft
2010-01-28 03:31:20 0 d-----w- c:\temp\VisualBoy
2010-01-26 21:13:42 0 d-----w- c:\users\paco\appdata\roaming\Windows SideBar
2010-01-26 04:37:24 0 d-----w- c:\program files\CCleaner
2010-01-26 03:53:22 98816 ----a-w- c:\windows\sed.exe
2010-01-26 03:53:22 161792 ----a-w- c:\windows\SWREG.exe
2010-01-26 02:58:31 0 d-----w- c:\programdata\Spybot - Search & Destroy
2010-01-26 02:58:31 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-01-26 02:55:52 0 d-----w- c:\program files\Trend Micro
2010-01-26 02:45:18 0 d-----w- c:\windows\pss
2010-01-26 01:52:54 4199784 ----a-w- c:\windows\system32\cdintf400.dll
2010-01-26 01:51:30 0 d-----w- c:\program files\common files\Intuit
2010-01-26 01:51:27 0 d-----w- c:\users\paco\appdata\roaming\Intuit
2010-01-26 01:50:48 0 d-----w- c:\programdata\Intuit
2010-01-21 18:50:30 0 d-----w- C:\dell
2010-01-21 02:34:52 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2010-01-21 02:34:35 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll
2010-01-21 02:33:26 0 d-----w- c:\program files\Winamp Detect
2010-01-19 21:10:43 0 d-----w- c:\program files\iPhone Explorer
2010-01-19 06:40:05 32 ----a-w- c:\windows\0
2010-01-19 06:40:05 0 ----a-w- c:\windows\system32\0
2010-01-13 00:39:21 0 d-----w- c:\users\paco\appdata\roaming\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
2010-01-13 00:39:17 0 d-----w- c:\program files\TweetDeck
2010-01-11 16:24:59 0 d-----w- c:\programdata\NOS
2010-01-10 23:15:03 0 d-----w- c:\program files\Loonies
2010-01-10 23:12:38 0 d-----w- c:\program files\DOSBox-0.73
2010-01-10 23:10:42 0 d--h--w- c:\windows\PIF

==================== Find3M ====================

2010-02-06 20:45:04 238224 ---ha-w- c:\windows\system32\mlfcache.dat
2010-02-05 15:34:52 32 ----a-w- c:\windows\system32\drivers\mshcmd.sys.
2010-01-14 17:12:06 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-07 22:07:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 22:07:04 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-06 23:23:32 142648 ----a-w- c:\windows\system32\fsproflt.exe
2009-11-11 01:30:10 7276 ----a-r- c:\windows\fonts\TSPECIAL1.TTF
2009-04-22 09:01:08 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-04-22 09:01:08 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-04-22 09:01:08 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-04-22 09:01:08 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-04-22 04:38:41 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-04-22 04:38:41 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-04-22 04:38:39 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-04-22 04:38:39 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-03-27 04:24:20 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2009-05-06 03:46:53 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-04-22 05:19:40 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7100.0_none_624b25e9a4cb0444\WinMail.exe

============= FINISH: 17:39:16.91 ===============

Attached Files



#4 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:01:56 PM

Posted 10 February 2010 - 12:14 AM

Hello, fmg00
Welcome to the Bleeping Computer Forums. My name is Thomas (Tom is fine), and I will be helping you fixing your problems.

If you do not make a reply in 5 days, we will have to close your topic.

You may want to keep the link to this topic in your favourites. Alternatively, you can click the button at the top bar of this topic and Track this Topic. The topics you are tracking can be found here.

Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
  • Please reply using the button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just post back here so that we know you're still here.
  • Please set your system to show all files.
    Click Start, open My Computer, select the Tools menu and click Folder Options.
    Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
    Uncheck: Hide file extensions for known file types
    Uncheck the Hide protected operating system files (recommended) option.
    Click Yes to confirm.


  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    safebootminimal
    safebootnetwork
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
  5. Push the Quick Scan button.
  6. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#5 fmg00

fmg00
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:56 AM

Posted 10 February 2010 - 12:55 AM

Hi Tom, I appreciate your help. Here are the logs

OTL logfile created on: 09-Feb-10 11:24:06 PM - Run 1
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Users\Paco\Desktop
Ultimate Edition (Version = 6.1.7100) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7100.0)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd-MMM-yy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 61.00% Memory free
5.00 Gb Paging File | 3.00 Gb Available in Paging File | 70.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 58.50 Gb Total Space | 3.43 Gb Free Space | 5.87% Space Free | Partition Type: NTFS
Drive D: | 24.41 Gb Total Space | 7.18 Gb Free Space | 29.41% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 28.78 Gb Total Space | 6.01 Gb Free Space | 20.88% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded

Computer Name: INST-LPSIST
Current User Name: Paco
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010-02-09 23:20:17 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Users\Paco\Desktop\OTL.exe
PRC - [2010-02-09 14:04:18 | 000,023,040 | ---- | M] () -- C:\Windows\temp\wqne.tmp\svchost.exe
PRC - [2010-02-08 17:51:45 | 000,044,032 | ---- | M] () -- C:\Windows\System32\sysservice.exe
PRC - [2010-01-28 16:09:31 | 002,757,512 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010-01-28 16:09:28 | 000,040,384 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010-01-26 13:13:52 | 001,214,128 | ---- | M] (FSPro Labs) -- C:\Program Files\My Lockbox\mylbx.exe
PRC - [2010-01-06 17:23:32 | 000,142,648 | ---- | M] (FSPro Labs) -- C:\Windows\System32\fsproflt.exe
PRC - [2009-12-12 15:09:02 | 000,289,584 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe
PRC - [2009-12-07 01:53:04 | 003,679,664 | ---- | M] (Maxthon International ltd.) -- C:\Program Files\Maxthon2\Maxthon.exe
PRC - [2009-11-12 16:33:00 | 000,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009-10-29 12:27:54 | 001,074,568 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
PRC - [2009-06-05 10:48:14 | 000,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009-04-21 23:19:35 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009-04-21 23:19:02 | 002,607,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009-03-26 21:57:52 | 000,326,192 | ---- | M] (VMware, Inc.) -- C:\Windows\System32\vmnetdhcp.exe
PRC - [2009-03-26 21:57:36 | 000,399,920 | ---- | M] (VMware, Inc.) -- C:\Windows\System32\vmnat.exe
PRC - [2009-03-26 21:57:32 | 000,113,200 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Player\vmware-authd.exe
PRC - [2009-01-26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008-12-12 10:17:38 | 000,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008-10-20 21:18:26 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2007-01-30 04:23:52 | 000,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\XAudio.exe


========== Modules (SafeList) ==========

MOD - [2010-02-09 23:20:17 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Users\Paco\Desktop\OTL.exe
MOD - [2009-05-13 00:15:18 | 001,679,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7100.19_none_b6a32c7c247ee542\comctl32.dll
MOD - [2009-04-21 23:22:04 | 000,099,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009-04-21 23:21:49 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009-04-21 23:21:46 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
MOD - [2009-04-21 23:21:43 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009-04-21 23:21:19 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
MOD - [2009-04-21 23:20:43 | 000,280,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009-04-21 23:20:19 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009-04-21 23:20:14 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009-04-21 23:20:07 | 000,036,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009-04-21 23:20:00 | 000,145,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (OracleDBConsoleOLTP)
SRV - [2010-01-28 16:09:28 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010-01-28 16:09:28 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010-01-28 16:09:28 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010-01-06 17:23:32 | 000,142,648 | ---- | M] (FSPro Labs) [Auto | Running] -- C:\Windows\System32\fsproflt.exe -- (fsproflt)
SRV - [2009-11-12 16:33:00 | 000,545,568 | ---- | M] (Apple Inc.) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009-10-29 12:27:54 | 001,074,568 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2009-09-15 14:29:04 | 000,057,640 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Hotspot Shield\bin\HssTrayService.exe -- (HssTrayService)
SRV - [2009-09-15 14:28:52 | 000,204,848 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Hotspot Shield\bin\openvpnas.exe -- (HotspotShieldService)
SRV - [2009-07-08 15:53:41 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009-07-01 15:47:57 | 000,085,096 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2009-06-05 10:48:14 | 000,144,712 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009-05-21 19:25:32 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009-04-21 23:22:25 | 000,185,344 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009-04-21 23:22:12 | 000,151,040 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009-04-21 23:22:10 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009-04-21 23:22:07 | 000,037,888 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009-04-21 23:22:02 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009-04-21 23:21:49 | 000,025,600 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009-04-21 23:21:46 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009-04-21 23:21:43 | 000,164,864 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009-04-21 23:21:42 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009-04-21 23:21:42 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009-04-21 23:21:42 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009-04-21 23:21:40 | 001,004,032 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009-04-21 23:20:52 | 000,680,448 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009-04-21 23:20:30 | 000,797,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009-04-21 23:20:14 | 000,252,928 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009-04-21 23:20:13 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009-04-21 23:19:55 | 000,076,288 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009-04-21 23:19:54 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV)
SRV - [2009-04-21 23:19:51 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009-04-21 23:19:20 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
SRV - [2009-03-26 21:57:52 | 000,326,192 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\System32\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2009-03-26 21:57:36 | 000,399,920 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\System32\vmnat.exe -- (VMware NAT Service)
SRV - [2009-03-26 21:57:32 | 000,113,200 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\VMware\VMware Player\vmware-authd.exe -- (VMAuthdService)
SRV - [2009-01-26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008-12-12 10:17:38 | 000,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008-12-01 10:49:02 | 000,191,024 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files\VMware\VMware Player\vmware-ufad.exe -- (ufad-ws60)
SRV - [2008-11-04 00:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008-10-20 21:18:26 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2007-01-30 04:23:52 | 000,386,560 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\System32\drivers\XAudio.exe -- (XAudioService)
SRV - [2006-10-26 13:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A9 4D B9 C5 FD CD C9 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: LogMeInClient@logmein.com:1.0.0.496
FF - prefs.js..extensions.enabledItems: multipletab@piro.sakura.ne.jp:0.5.2010020301
FF - prefs.js..extensions.enabledItems: quickdrag@mozilla.ktechcomputing.com:2.0.2.1
FF - prefs.js..extensions.enabledItems: undoclosedtabsbutton@supernova00.biz:3.6.2

FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-01-25 17:39:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-01-25 17:39:52 | 000,000,000 | ---D | M]

[2009-05-18 04:34:42 | 000,000,000 | ---D | M] -- C:\Users\Paco\AppData\Roaming\Mozilla\Extensions
[2010-02-09 22:33:00 | 000,000,000 | ---D | M] -- C:\Users\Paco\AppData\Roaming\Mozilla\Firefox\Profiles\7rohn5hu.default\extensions
[2010-01-07 16:02:03 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Paco\AppData\Roaming\Mozilla\Firefox\Profiles\7rohn5hu.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010-01-25 17:43:28 | 000,000,000 | ---D | M] -- C:\Users\Paco\AppData\Roaming\Mozilla\Firefox\Profiles\7rohn5hu.default\extensions\LogMeInClient@logmein.com
[2010-02-07 22:11:33 | 000,000,000 | ---D | M] -- C:\Users\Paco\AppData\Roaming\Mozilla\Firefox\Profiles\7rohn5hu.default\extensions\multipletab@piro.sakura.ne.jp
[2009-11-15 16:19:48 | 000,000,000 | ---D | M] -- C:\Users\Paco\AppData\Roaming\Mozilla\Firefox\Profiles\7rohn5hu.default\extensions\quickdrag@mozilla.ktechcomputing.com
[2010-02-07 22:11:33 | 000,000,000 | ---D | M] -- C:\Users\Paco\AppData\Roaming\Mozilla\Firefox\Profiles\7rohn5hu.default\extensions\undoclosedtabsbutton@supernova00.biz
[2010-02-09 22:33:00 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010-01-13 16:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll

O1 HOSTS File: ([2010-01-31 18:45:27 | 000,373,738 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 12877 more lines...
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\hssie\HssIE.dll (AnchorFree Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [Microsoft Startup Manager] C:\Windows\System32\sysservice.exe ()
O4 - HKLM..\Run: [mylbx] C:\Program Files\My Lockbox\mylbx.exe (FSPro Labs)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xportar a Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\VMware\VMware Player\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\VMware\VMware Player\vsocklib.dll (VMware, Inc.)
O15 - HKLM\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 64 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {063F7D71-5E0B-48F2-87D5-F63C5917947E} https://www.blink.com/accival/aosmgr.cab (Aosmgr Control)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Reg Error: Key error.)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {72BFBC0F-3C1E-48A6-B50A-0364572E5F6F} http://201.144.111.147/WebGuard_Login.cab (Reg Error: Key error.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {7B43048F-DA7A-458F-AF35-D825BDBB6816} http://192.168.2.150/codebase/NetVideoOCX.cab (NetVideoOCX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} http://201.139.8.22/activex/AxisCamControl.cab (Reg Error: Key error.)
O16 - DPF: {ADACAA8F-3595-47FE-9C31-9C7471B9BEC7} http://improba.sytes.net/cab/OCXChecker_8000.cab (Reg Error: Key error.)
O16 - DPF: {C9A25090-D6C4-4D33-87ED-53AA0C3ECE65} http://download6.quickheal.com/onlnscan/ac...nt/onlnscan.cab (Quick Heal Online Scan)
O16 - DPF: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_12)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DBAFE6AD-DC14-45DF-A3F7-F8832289A1CD} http://improba.sytes.net/cab/DownloadFile_8000.cab (Reg Error: Key error.)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (rundll32.exe) - File not found
O20 - HKLM Winlogon: Shell - (mouj.yjo) - C:\Windows\System32\mouj.yjo ()
O20 - HKLM Winlogon: Shell - (jdhyiu) - File not found
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-03-20 09:42:25 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009-07-01 15:46:43 | 000,000,000 | ---D | M] - D:\Autocad2009 -- [ NTFS ]
O32 - AutoRun File - [2010-01-28 01:30:11 | 000,000,000 | ---D | M] - H:\Autodesk AutoCAD 2010 -- [ NTFS ]
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\MENU.EXE -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2009-04-22 00:17:33 | 000,000,000 | ---D | M]
NetSvcs: Irmon - C:\Windows\System32\irmon.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation)
NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation)

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Power - C:\Windows\System32\umpo.dll (Microsoft Corporation)
SafeBootMin: Primary disk - Driver Group
SafeBootMin: RpcEptMapper - C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: Dhcp - C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: Hamachi2Svc - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: ndiscap - C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Power - C:\Windows\System32\umpo.dll (Microsoft Corporation)
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: RpcEptMapper - C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

========== Files/Folders - Created Within 14 Days ==========

File not found -- C:\Windows\System32\drivers\mshcmd.sys.
[2010-02-09 23:19:59 | 000,549,376 | ---- | C] (OldTimer Tools) -- C:\Users\Paco\Desktop\OTL.exe
[2010-02-08 23:06:05 | 000,000,000 | ---D | C] -- C:\hp
[2010-02-07 21:10:56 | 000,077,921 | ---- | C] (Ahnlab, Inc.) -- C:\Windows\System32\v3w32se2.dll
[2010-02-07 21:10:15 | 000,141,176 | ---- | C] (AhnLab, Inc.) -- C:\Windows\System32\drivers\Mkd2kfNT.sys
[2010-02-07 21:10:15 | 000,086,136 | ---- | C] (AhnLab, Inc.) -- C:\Windows\System32\drivers\Mkd2Nadr.sys
[2010-02-07 21:10:15 | 000,081,016 | ---- | C] (AhnLab, Inc.) -- C:\Windows\System32\drivers\Mkd2BthF.sys
[2010-02-07 21:10:14 | 000,087,648 | ---- | C] (AhnLab, Inc.) -- C:\Windows\System32\drivers\AmonTDLh.sys
[2010-02-07 21:10:14 | 000,019,616 | ---- | C] (AhnLab, Inc.) -- C:\Windows\System32\drivers\CdmDrvNt.sys
[2010-02-07 21:10:14 | 000,000,000 | ---D | C] -- C:\Users\Paco\AppData\Roaming\AhnLab
[2010-02-07 21:00:25 | 000,000,000 | ---D | C] -- C:\Program Files\AhnLab
[2010-02-04 16:48:26 | 000,163,280 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswSP.sys
[2010-02-04 16:48:26 | 000,019,024 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2010-02-04 16:48:25 | 000,023,376 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2010-02-04 16:48:24 | 000,046,672 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2010-02-04 16:48:21 | 000,051,792 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2010-02-04 16:47:29 | 000,152,672 | ---- | C] (ALWIL Software) -- C:\Windows\System32\aswBoot.exe
[2010-02-04 16:47:29 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\Windows\System32\avastSS.scr
[2010-02-04 16:47:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
[2010-02-04 16:47:25 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010-02-04 16:32:36 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2010-01-31 20:58:23 | 000,000,000 | ---D | C] -- C:\Users\Paco\AppData\Roaming\ieSpell
[2010-01-31 14:32:34 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010-01-30 23:39:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Thinstall
[2010-01-30 23:39:06 | 000,000,000 | ---D | C] -- C:\Program Files\TuneUp Utilities (VMware ThinApp)
[2010-01-30 23:34:33 | 000,000,000 | ---D | C] -- C:\Program Files\Uninstall Winner
[2010-01-30 23:30:58 | 000,000,000 | ---D | C] -- C:\Users\Paco\Documents\Uninstall_Tool_v2.8.1_build_5023__Portable
[2010-01-30 23:26:16 | 000,000,000 | ---D | C] -- C:\Users\Paco\Documents\Absolute_Uninstaller_Pro_5.0.1.3_Portable
[2010-01-30 23:26:05 | 000,000,000 | ---D | C] -- C:\Users\Paco\AppData\Roaming\Thinstall
[2010-01-30 23:26:04 | 000,000,000 | ---D | C] -- C:\Users\Paco\AppData\Local\Thinstall
[2010-01-30 22:52:30 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010-01-30 22:52:26 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010-01-30 22:52:26 | 000,000,000 | ---D | C] -- C:\Users\Paco\AppData\Local\temp
[2010-01-30 22:31:46 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010-01-30 22:31:27 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010-01-30 22:31:24 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2010-01-30 00:24:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2010-01-29 23:26:30 | 000,074,328 | ---- | C] (COMODO) -- C:\Windows\System32\drivers\inspect.sys
[2009-12-04 19:36:17 | 000,018,944 | ---- | C] ( ) -- C:\Windows\System32\implode.dll

========== Files - Modified Within 14 Days ==========

File not found -- C:\Windows\System32\drivers\mshcmd.sys.
[2010-02-09 23:28:36 | 010,485,760 | -HS- | M] () -- C:\Users\Paco\NTUSER.DAT
[2010-02-09 23:20:17 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Users\Paco\Desktop\OTL.exe
[2010-02-09 23:17:59 | 000,000,513 | ---- | M] () -- C:\Windows\System32\sysservice.dll
[2010-02-09 22:42:10 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-551103025-3862300461-6324029-1000Core.job
[2010-02-09 22:33:04 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-551103025-3862300461-6324029-1000UA.job
[2010-02-09 19:47:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010-02-09 14:04:19 | 000,029,184 | ---- | M] () -- C:\Windows\System32\mouj.yjo
[2010-02-09 13:46:08 | 000,013,408 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010-02-09 13:46:08 | 000,013,408 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010-02-08 23:22:21 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010-02-08 23:21:48 | 2005,491,712 | -HS- | M] () -- C:\hiberfil.sys
[2010-02-08 23:20:50 | 001,891,847 | -H-- | M] () -- C:\Users\Paco\AppData\Local\IconCache.db
[2010-02-08 17:52:06 | 000,000,000 | ---- | M] () -- C:\Users\Paco\defogger_reenable
[2010-02-08 17:51:45 | 000,044,032 | ---- | M] () -- C:\Windows\System32\sysservice.exe
[2010-02-08 17:51:18 | 000,735,514 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010-02-08 17:51:18 | 000,629,716 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010-02-08 17:51:18 | 000,109,782 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010-02-08 17:51:05 | 000,050,477 | ---- | M] () -- C:\Users\Paco\Desktop\Defogger.exe
[2010-02-08 17:30:57 | 000,524,288 | ---- | M] () -- C:\Users\Paco\Desktop\dds.pif
[2010-02-07 21:10:56 | 000,077,921 | ---- | M] (Ahnlab, Inc.) -- C:\Windows\System32\v3w32se2.dll
[2010-02-06 14:45:04 | 000,238,224 | -H-- | M] () -- C:\Windows\System32\mlfcache.dat
[2010-02-06 12:50:35 | 000,364,673 | ---- | M] () -- C:\Users\Paco\Documents\CV Francisco Martinez G.pdf
[2010-02-06 12:50:21 | 000,095,695 | ---- | M] () -- C:\Users\Paco\Documents\CV FMG.docx
[2010-02-04 16:48:27 | 000,001,961 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2010-02-04 16:48:21 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2010-02-04 16:32:40 | 000,000,929 | ---- | M] () -- C:\Users\Paco\Desktop\SpywareBlaster.lnk
[2010-02-03 23:57:03 | 000,007,168 | ---- | M] () -- C:\Users\Paco\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-02-02 13:55:54 | 000,002,050 | -H-- | M] () -- C:\Users\Paco\Documents\Default.rdp
[2010-02-01 22:17:50 | 002,421,312 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010-02-01 21:48:03 | 000,146,432 | ---- | M] () -- C:\Users\Paco\AppData\Local\GDIPFONTCACHEV1.DAT
[2010-01-31 18:45:27 | 000,373,738 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010-01-30 23:38:53 | 052,044,795 | ---- | M] () -- C:\Users\Paco\Documents\SPVN.Portable.TU.U.2010.V9.0.2000.17.Final.rar
[2010-01-30 23:34:00 | 001,553,791 | ---- | M] () -- C:\Users\Paco\Documents\Uninstall.Winner by rennee.rar
[2010-01-30 23:30:40 | 002,646,241 | ---- | M] () -- C:\Users\Paco\Documents\Uninstall_Tool_v2.8.1_build_5023__Portable.rar
[2010-01-30 22:46:42 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010-01-30 21:29:18 | 000,000,032 | ---- | M] () -- C:\Windows\0
[2010-01-29 23:26:24 | 000,074,328 | ---- | M] (COMODO) -- C:\Windows\System32\drivers\inspect.sys
[2010-01-29 00:22:39 | 000,002,245 | ---- | M] () -- C:\Users\Paco\Desktop\Google Chrome.lnk
[2010-01-28 16:09:46 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\Windows\System32\avastSS.scr
[2010-01-28 16:09:26 | 000,152,672 | ---- | M] (ALWIL Software) -- C:\Windows\System32\aswBoot.exe
[2010-01-28 15:57:55 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2010-01-28 15:57:34 | 000,163,280 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswSP.sys
[2010-01-28 15:54:42 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2010-01-28 15:54:27 | 000,051,792 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2010-01-28 15:54:05 | 000,019,024 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswFsBlk.sys

========== Files Created - No Company Name ==========

[2010-02-09 14:04:28 | 000,029,184 | ---- | C] () -- C:\Windows\System32\mouj.yjo
[2010-02-08 23:08:02 | 000,045,056 | ---- | C] () -- C:\Windows\System32\hpBat.cpl
[2010-02-08 17:53:55 | 000,293,376 | ---- | C] () -- C:\Users\Paco\Desktop\gmer.exe
[2010-02-08 17:52:06 | 000,000,000 | ---- | C] () -- C:\Users\Paco\defogger_reenable
[2010-02-08 17:51:50 | 000,000,513 | ---- | C] () -- C:\Windows\System32\sysservice.dll
[2010-02-08 17:51:47 | 000,044,032 | ---- | C] () -- C:\Windows\System32\sysservice.exe
[2010-02-08 17:51:04 | 000,050,477 | ---- | C] () -- C:\Users\Paco\Desktop\Defogger.exe
[2010-02-08 17:30:45 | 000,524,288 | ---- | C] () -- C:\Users\Paco\Desktop\dds.pif
[2010-02-04 16:48:27 | 000,001,961 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2010-02-04 16:32:40 | 000,000,929 | ---- | C] () -- C:\Users\Paco\Desktop\SpywareBlaster.lnk
[2010-01-30 23:34:50 | 052,044,795 | ---- | C] () -- C:\Users\Paco\Documents\SPVN.Portable.TU.U.2010.V9.0.2000.17.Final.rar
[2010-01-30 23:33:39 | 001,553,791 | ---- | C] () -- C:\Users\Paco\Documents\Uninstall.Winner by rennee.rar
[2010-01-30 23:30:27 | 002,646,241 | ---- | C] () -- C:\Users\Paco\Documents\Uninstall_Tool_v2.8.1_build_5023__Portable.rar
[2010-01-29 11:20:47 | 000,364,673 | ---- | C] () -- C:\Users\Paco\Documents\CV Francisco Martinez G.pdf
[2010-01-25 22:48:25 | 000,000,017 | ---- | C] () -- C:\Users\Paco\AppData\Local\resmon.resmoncfg
[2010-01-25 21:34:06 | 000,000,036 | ---- | C] () -- C:\Users\Paco\AppData\Local\housecall.guid.cache
[2009-12-17 19:06:41 | 000,000,301 | ---- | C] () -- C:\Windows\Sierra.ini
[2009-12-14 13:10:55 | 000,000,309 | ---- | C] () -- C:\Windows\SoftWriting.ini
[2009-12-04 19:36:39 | 000,000,144 | ---- | C] () -- C:\Windows\ODBC.INI
[2009-12-04 19:36:20 | 000,251,904 | ---- | C] () -- C:\Windows\System32\orant71.dll
[2009-12-04 19:36:18 | 000,903,168 | ---- | C] () -- C:\Windows\System32\mitmdl30.dll
[2009-12-04 19:36:18 | 000,019,456 | ---- | C] () -- C:\Windows\System32\lfwpg60n.dll
[2009-12-04 19:36:18 | 000,019,456 | ---- | C] () -- C:\Windows\System32\lfwmf60n.dll
[2009-12-04 19:36:17 | 000,176,128 | ---- | C] () -- C:\Windows\System32\lffax60n.dll
[2009-12-04 19:36:17 | 000,141,824 | ---- | C] () -- C:\Windows\System32\lfcmp60n.dll
[2009-12-04 19:36:17 | 000,110,080 | ---- | C] () -- C:\Windows\System32\lfpng60n.dll
[2009-12-04 19:36:17 | 000,046,080 | ---- | C] () -- C:\Windows\System32\lftif60n.dll
[2009-12-04 19:36:17 | 000,023,552 | ---- | C] () -- C:\Windows\System32\lfpcx60n.dll
[2009-12-04 19:36:17 | 000,022,528 | ---- | C] () -- C:\Windows\System32\lfpct60n.dll
[2009-12-04 19:36:17 | 000,022,528 | ---- | C] () -- C:\Windows\System32\lfeps60n.dll
[2009-12-04 19:36:17 | 000,022,016 | ---- | C] () -- C:\Windows\System32\lfbmp60n.dll
[2009-12-04 19:36:17 | 000,020,480 | ---- | C] () -- C:\Windows\System32\lfpsd60n.dll
[2009-12-04 19:36:17 | 000,019,968 | ---- | C] () -- C:\Windows\System32\lftga60n.dll
[2009-12-04 19:36:17 | 000,018,432 | ---- | C] () -- C:\Windows\System32\lfmsp60n.dll
[2009-12-04 19:36:17 | 000,017,920 | ---- | C] () -- C:\Windows\System32\lfmac60n.dll
[2009-10-22 12:53:28 | 000,000,092 | ---- | C] () -- C:\Users\Paco\AppData\Local\fusioncache.dat
[2009-10-18 10:05:28 | 000,007,168 | ---- | C] () -- C:\Users\Paco\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009-09-10 09:29:50 | 001,761,280 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2009-07-27 20:31:54 | 000,000,083 | -HS- | C] () -- C:\ProgramData\.zreglib
[2009-07-06 12:40:36 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2009-06-21 22:19:55 | 000,168,448 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2009-06-21 22:19:54 | 000,795,648 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009-06-21 22:19:53 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2009-06-21 22:19:53 | 000,130,048 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009-06-21 22:19:52 | 000,084,480 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009-06-21 22:19:52 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2009-06-19 19:56:07 | 000,055,856 | ---- | C] () -- C:\Windows\System32\vnetinst.dll
[2009-05-24 21:10:36 | 000,177,152 | ---- | C] () -- C:\Windows\System32\drivers\XRNBO.sys
[2009-05-11 08:39:16 | 000,000,323 | ---- | C] () -- C:\Windows\PidList.ini
[2009-05-10 22:16:25 | 000,000,049 | -H-- | C] () -- C:\Users\Paco\AppData\Roaming\MaxBulk registration.ini
[2009-05-10 12:44:59 | 000,000,115 | ---- | C] () -- C:\Windows\multiview.ini
[2009-05-10 11:46:10 | 000,000,600 | ---- | C] () -- C:\Users\Paco\AppData\Roaming\winscp.rnd
[2009-04-21 21:50:07 | 000,073,216 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009-04-21 21:40:32 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2008-12-29 08:13:30 | 000,028,544 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys
[2008-12-07 12:44:54 | 000,030,088 | ---- | C] () -- C:\Windows\System32\drivers\btnetBus.sys
[2008-10-24 15:16:36 | 000,040,960 | ---- | C] () -- C:\Windows\System32\Language.dll
[2008-09-19 22:28:08 | 000,307,200 | ---- | C] () -- C:\Windows\System32\ShowHCRemCfgWnd.dll
[2008-09-19 21:54:20 | 000,032,768 | ---- | C] () -- C:\Windows\System32\RemoteCfgRes_TRAD.dll
[2008-09-19 21:45:22 | 000,045,056 | ---- | C] () -- C:\Windows\System32\RemoteCfgRes_ENG.dll
[2008-09-19 21:45:18 | 000,032,768 | ---- | C] () -- C:\Windows\System32\RemoteCfgRes_CHI.dll
[2008-08-11 14:02:24 | 000,421,944 | ---- | C] () -- C:\Windows\System32\playm4.dll
[2008-07-30 14:36:00 | 000,356,352 | ---- | C] () -- C:\Windows\System32\HCNetSDK.dll
[2007-08-06 10:07:30 | 000,008,784 | ---- | C] () -- C:\Windows\System32\ractrlkeyhook.dll
[2006-03-09 15:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll

========== LOP Check ==========

[2010-02-07 21:10:14 | 000,000,000 | ---D | M] -- C:\Users\Paco\AppData\Roaming\AhnLab
[2009-07-15 14:05:25 | 000,000,000 | ---D | M] -- C:\Users\Paco\AppData\Roaming\Autodesk
[2009-05-08 16:43:42 | 000,000,000 | ---D | M] -- C:\Users\Paco\AppData\Roaming\Docx2Rtf
[2009-07-23 15:35:06 | 000,000,000 | ---D | M] -- C:\Users\Paco\AppData\Roaming\FileZilla
[2010-01-31 20:58:23 | 000,000,000 | ---D | M] -- C:\Users\Paco\AppData\Roaming\ieSpell
[2009-05-10 01:51:49 | 000,000,000 | ---D | M] -- C:\Users\Paco\AppData\Roaming\IrfanView
[2009-05-10 22:16:02 | 000,000,000 | ---D | M] -- C:\Users\Paco\AppData\Roaming\Maxprog
[2010-02-09 21:34:24 | 000,000,000 | ---D | M] -- C:\Users\Paco\AppData\Roaming\MxBoost
[2009-05-08 16:44:38 | 000,000,000 | ---D | M] -- C:\Users\Paco\AppData\Roaming\NwDocx
[2009-05-10 13:32:23 | 000,000,000 | ---D | M] -- C:\Users\Paco\AppData\Roaming\postgresql
[2009-10-04 18:44:50 | 000,000,000 | ---D | M] -- C:\Users\Paco\AppData\Roaming\Teleca
[2010-01-30 23:39:25 | 000,000,000 | ---D | M] -- C:\Users\Paco\AppData\Roaming\Thinstall
[2009-10-07 11:48:35 | 000,000,000 | ---D | M] -- C:\Users\Paco\AppData\Roaming\TweetDeckFast.F9107117265DB7542C1A806C8DB837742CE14C21.1
[2010-01-12 18:39:21 | 000,000,000 | ---D | M] -- C:\Users\Paco\AppData\Roaming\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
[2010-02-09 23:29:17 | 000,000,000 | ---D | M] -- C:\Users\Paco\AppData\Roaming\uTorrent
[2010-01-26 15:13:42 | 000,000,000 | ---D | M] -- C:\Users\Paco\AppData\Roaming\Windows SideBar
[2009-04-22 02:27:21 | 000,031,418 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2009-04-21 23:24:12 | 000,053,328 | ---- | M] (Microsoft Corporation) MD5=7DFFC1CD425BCD998D9FDA0192383A19 -- C:\Windows\ERDNT\cache\AGP440.sys
[2009-04-21 23:24:12 | 000,053,328 | ---- | M] (Microsoft Corporation) MD5=7DFFC1CD425BCD998D9FDA0192383A19 -- C:\Windows\System32\drivers\AGP440.sys
[2009-04-21 23:24:12 | 000,053,328 | ---- | M] (Microsoft Corporation) MD5=7DFFC1CD425BCD998D9FDA0192383A19 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_e13b2b757efc5205\AGP440.sys
[2009-04-21 23:24:12 | 000,053,328 | ---- | M] (Microsoft Corporation) MD5=7DFFC1CD425BCD998D9FDA0192383A19 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7100.0_none_2b05e59d13c6aac3\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009-04-21 23:24:04 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=80C40F7FDFC376E4C5FEEC28B41C119E -- C:\Windows\ERDNT\cache\atapi.sys
[2009-04-21 23:24:04 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=80C40F7FDFC376E4C5FEEC28B41C119E -- C:\Windows\System32\drivers\atapi.sys
[2009-04-21 23:24:04 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=80C40F7FDFC376E4C5FEEC28B41C119E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_b27d5421375ad1cd\atapi.sys
[2009-04-21 23:24:04 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=80C40F7FDFC376E4C5FEEC28B41C119E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7100.0_none_4e2b207b769f9fe5\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2009-04-21 23:20:04 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=EC9930C8CDF46295A1354256435CB5DE -- C:\Windows\ERDNT\cache\cngaudit.dll
[2009-04-21 23:20:04 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=EC9930C8CDF46295A1354256435CB5DE -- C:\Windows\System32\cngaudit.dll
[2009-04-21 23:20:04 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=EC9930C8CDF46295A1354256435CB5DE -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7100.0_none_5956e38684aa4f03\cngaudit.dll

< MD5 for: IASTORV.SYS >
[2009-04-21 23:24:21 | 000,332,368 | ---- | M] (Intel Corporation) MD5=AC958B65CDE27ADFDEC628BF7ECCEB8C -- C:\Windows\System32\drivers\iaStorV.sys
[2009-04-21 23:24:21 | 000,332,368 | ---- | M] (Intel Corporation) MD5=AC958B65CDE27ADFDEC628BF7ECCEB8C -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys
[2009-04-21 23:24:21 | 000,332,368 | ---- | M] (Intel Corporation) MD5=AC958B65CDE27ADFDEC628BF7ECCEB8C -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7100.0_none_20044ad9dcddcbd8\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009-04-21 23:21:18 | 000,561,152 | ---- | M] (Microsoft Corporation) MD5=A3EA8619FBBC2D270D79C241CE426618 -- C:\Windows\ERDNT\cache\netlogon.dll
[2009-04-21 23:21:18 | 000,561,152 | ---- | M] (Microsoft Corporation) MD5=A3EA8619FBBC2D270D79C241CE426618 -- C:\Windows\System32\netlogon.dll
[2009-04-21 23:21:18 | 000,561,152 | ---- | M] (Microsoft Corporation) MD5=A3EA8619FBBC2D270D79C241CE426618 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7100.0_none_6eaaafa48d0fb9a0\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2009-04-21 23:24:17 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=93CF6F974095F7D146AA273F3BF418D7 -- C:\Windows\System32\drivers\nvstor.sys
[2009-04-21 23:24:17 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=93CF6F974095F7D146AA273F3BF418D7 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_4d1b6b7b67c54c8c\nvstor.sys
[2009-04-21 23:24:17 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=93CF6F974095F7D146AA273F3BF418D7 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7100.0_none_aacdbb89141475b0\nvstor.sys

< MD5 for: SCECLI.DLL >
[2009-04-21 23:21:47 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=686BAFE6AF35AF1C8D5EB536A8500430 -- C:\Windows\ERDNT\cache\scecli.dll
[2009-04-21 23:21:47 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=686BAFE6AF35AF1C8D5EB536A8500430 -- C:\Windows\System32\scecli.dll
[2009-04-21 23:21:47 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=686BAFE6AF35AF1C8D5EB536A8500430 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7100.0_none_a900dabd2e31405b\scecli.dll

< %systemroot%\*. /mp /s >

< End of report >


OTL Extras logfile created on: 09-Feb-10 11:24:06 PM - Run 1
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Users\Paco\Desktop
Ultimate Edition (Version = 6.1.7100) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7100.0)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd-MMM-yy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 61.00% Memory free
5.00 Gb Paging File | 3.00 Gb Available in Paging File | 70.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 58.50 Gb Total Space | 3.43 Gb Free Space | 5.87% Space Free | Partition Type: NTFS
Drive D: | 24.41 Gb Total Space | 7.18 Gb Free Space | 29.41% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 28.78 Gb Total Space | 6.01 Gb Free Space | 20.88% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded

Computer Name: INST-LPSIST
Current User Name: Paco
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.reg [@ = Regedit.Document] -- Reg Error: Key error. File not found

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Windows\system32\sysservice.exe" = C:\Windows\system32\sysservice.exe:*:Enabled:DNS client -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{064CF445-2F23-4F63-A98E-F76F5B305CF8}" = TuneUp Utilities (VMware ThinApp)
"{067EC517-9731-43FD-B4D5-296EE0027BBB}" = LogMeIn Hamachi
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0B143533-B58A-48D6-B972-1187F398FC63}" = Foxit Editor
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0E0DF90C-D0BA-4C89-9262-AD78D1A3DE51}" = HP USB Disk Storage Format Tool
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4
"{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{2133CB3F-F891-4081-8681-FEE2B2419FF4}" = Orb Runtime libraries
"{2168245A-B5AD-40D8-A641-48E3E070B5B6}" = Adobe Flash CS4 STI-en
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2613BAFB-DA85-4371-91DC-72A82B196BD1}" = Precios2008
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 17
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{3248F0A8-6813-11D6-A77B-00B0D0150120}" = J2SE Runtime Environment 5.0 Update 12
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{428FDF9F-E010-4C4C-A8BB-156960AFCA1C}" = Adobe Fireworks CS4
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{482A01F8-A9C9-4DB6-84DE-265A2B763F20}_is1" = LogMeTT 2.9.7
"{48FB7C81-0EF5-4857-8849-DD526BAC7A36}" = Java Advanced Imaging 1.1.3 for JRE
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4
"{5299C5E1-70F9-3D1D-A1FA-BDECA4EC8015}" = Google Talk Plugin
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{5783F2D7-7001-0409-0002-0060B0CE6BBA}" = AutoCAD 2009 - English
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{61D6891E-E822-4448-9F9A-0AAAAEB6AF6C}" = Adobe Creative Suite 4 Master Collection
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69DAC00A-7665-4E9B-B441-093D40736429}" = HP BatteryCheck 2.10 A2
"{755C5628-7C85-C99A-4035-1B89D6D43BD8}" = TweetDeck
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{793D1D88-6141-43DE-BE58-59BCE31B4090}" = Adobe Flash CS4 Extension - Flash Lite STI en
"{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7FD8B0C1-CDDA-4B4D-A577-B2E3570EA3A3}_is1" = iPhone Explorer 0.990
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D976BE0-3A25-4EDF-9BB4-86AC2D01CBE7}" = Spanish interface language for ABBYY FineReader 8.0 Professional Edition
"{90120000-0015-0C0A-0000-0000000FF1CE}" = Microsoft Office Access MUI (Spanish) 2007
"{90120000-0016-0C0A-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Spanish) 2007
"{90120000-0018-0C0A-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Spanish) 2007
"{90120000-0019-0C0A-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Spanish) 2007
"{90120000-001A-0C0A-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Spanish) 2007
"{90120000-001B-0C0A-0000-0000000FF1CE}" = Microsoft Office Word MUI (Spanish) 2007
"{90120000-001F-0403-0000-0000000FF1CE}" = Microsoft Office Proof (Catalan) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0416-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Brazil)) 2007
"{90120000-001F-042D-0000-0000000FF1CE}" = Microsoft Office Proof (Basque) 2007
"{90120000-001F-0456-0000-0000000FF1CE}" = Microsoft Office Proof (Galician) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0C0A-0000-0000000FF1CE}" = Microsoft Office Proofing (Spanish) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0C0A-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Spanish) 2007
"{90120000-006E-0C0A-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Spanish) 2007
"{90120000-00A1-0C0A-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Spanish) 2007
"{90120000-00BA-0C0A-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Spanish) 2007
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A53A11EA-0095-493F-86FA-A15E8A86A405}" = VMware Player
"{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AAF80000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 8.0 Professional Edition
"{AC76BA86-1033-F400-7760-000000000004}_911" = Adobe Acrobat 9.1.1 - CPSID_49013
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{B23C3CB7-5E2F-4D1F-857B-65EC0A12BE72}" = ClientSoftware(v4.01MD)
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B7C076CA-126E-497C-8724-B589F54031AF}" = HDD Regenerator
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{C249E68E-BE69-41F6-B2B0-EACEE04C41B0}" = Precios2008
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E31FB69B-FE13-4652-92A9-E7E2ED67E371}" = Sybase PowerBuilder 11.5
"{E56D39F8-2A9F-44B4-B068-A72E45A073E6}" = Safari
"{E83A7FBC-61E5-4E97-9510-DEDC084C2C8D}" = Spanish language for ABBYY FineReader 8.0 Professional Edition
"{E8EE9410-8AC4-4F43-A626-DDECA75C79F3}" = Adobe Setup
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_b2d6abde968e6f277ddbfd501383e02" = Adobe Creative Suite 4 Master Collection
"AhnLab Online Security" = AhnLab Online Security
"AnyDVD" = AnyDVD
"AutoCAD 2009 - English" = AutoCAD 2009 - English
"avast5" = avast! Free Antivirus
"CCleaner" = CCleaner
"CloneDVD2" = CloneDVD2
"CNXT_HDAUDIO" = Conexant HD Audio
"CNXT_MODEM_PCI_VEN_14F1&DEV_5045_wis30A5z" = Soft Data Fax Modem with SmartCP
"Comical_is1" = Comical 0.8
"DOSShell" = DOSShell 1.5
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ESET Online Scanner" = ESET Online Scanner v3
"FileZilla Client" = FileZilla Client 3.2.6
"Gabriel Knight 3" = Gabriel Knight 3
"HDMI" = Intel® Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"HotspotShield" = Hotspot Shield 1.30
"InstallShield_{48FB7C81-0EF5-4857-8849-DD526BAC7A36}" = Java Advanced Imaging 1.1.3 for JRE
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"IrfanView" = IrfanView (remove only)
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.8.0 (Full)
"LogMeIn Hamachi" = LogMeIn Hamachi
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MaxBulk Mailer_is1" = MaxBulk Mailer 6.3.0
"Maxthon2" = Maxthon2
"Maxthon3" = Maxthon 3
"Mozilla Firefox (3.6)" = Mozilla Firefox (3.6)
"My Lockbox_is1" = My Lockbox 1.6 for Windows 2000/XP
"No-IP.com DUC" = No-IP.com DUC (remove only)
"Orcad Family Release 9.2 Standalone" = Orcad Family Release 9.2 Standalone
"PowerISO" = PowerISO
"PROSet" = Intel® Network Connections Drivers
"RemoteDesktopManager" = Remote Desktop Manager 5.0.2.0 (remove only)
"SimpleOCR 3.1" = SimpleOCR 3.1
"SpywareBlaster_is1" = SpywareBlaster 4.2
"ST6UNST #1" = pakExtract
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"The Beast Within_is1" = The Beast Within English
"UltraISO_is1" = UltraISO Premium V9.0
"Uninstall Winner_is1" = Uninstall Winner 2.3
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"winscp3_is1" = WinSCP 4.2.1 beta

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"uTorrent" = µTorrent
"Winamp Detect" = Winamp Detector Plug-in
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

#6 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:01:56 PM

Posted 10 February 2010 - 03:31 PM

Hi,


Please go here and have a look how you can disable your security software.

Download Combofix from any of the links below but rename it to before saving it to your desktop.

Link 1
Link 2



--------------------------------------------------------------------

Double click on the renamed Combofix.exe & follow the prompts.
    When finished, it will produce a report for you.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#7 fmg00

fmg00
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:56 AM

Posted 10 February 2010 - 09:54 PM

Hi Tom, here's my combofix log

Thanks again!

ComboFix 10-02-10.01 - Paco 10-Feb-10 18:03:50.3.2 - x86
Microsoft Windows 7 Ultimate 6.1.7100.0.1252.1.1033.18.2550.1804 [GMT -6:00]
Running from: c:\users\Paco\Desktop\schrauber.exe
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\sysservice.dll
c:\windows\system32\sysservice.exe

Infected copy of c:\windows\system32\DRIVERS\atapi.sys was found and disinfected
Restored copy from - Kitty ate it tongue.gif
.
((((((((((((((((((((((((( Files Created from 2010-01-11 to 2010-02-11 )))))))))))))))))))))))))))))))
.

2010-02-11 00:16 . 2010-02-11 00:16 -------- d-----w- c:\users\Paco\AppData\Local\temp
2010-02-11 00:16 . 2010-02-11 00:16 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-02-11 00:16 . 2010-02-11 00:16 -------- d-----w- c:\users\postgres\AppData\Local\temp
2010-02-11 00:16 . 2010-02-11 00:16 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-02-11 00:02 . 2010-02-11 00:02 -------- d-----w- C:\32788R22FWJFW
2010-02-10 23:59 . 2010-02-10 23:59 -------- d-----w- C:\Device
2010-02-09 05:08 . 2006-05-25 17:05 90112 ----a-w- c:\windows\system32\hpqnt.dll
2010-02-09 05:06 . 2010-02-09 05:06 -------- d-----w- C:\hp
2010-02-08 03:10 . 2010-02-08 03:10 77921 ----a-w- c:\windows\system32\v3w32se2.dll
2010-02-08 03:10 . 2009-10-07 09:05 86136 ----a-w- c:\windows\system32\drivers\Mkd2Nadr.sys
2010-02-08 03:10 . 2009-10-07 09:05 81016 ----a-w- c:\windows\system32\drivers\Mkd2BthF.sys
2010-02-08 03:10 . 2009-10-07 09:05 141176 ----a-w- c:\windows\system32\drivers\Mkd2kfNT.sys
2010-02-08 03:10 . 2010-02-08 03:10 -------- d-----w- c:\users\Paco\AppData\Roaming\AhnLab
2010-02-08 03:10 . 2009-12-18 08:27 87648 ----a-w- c:\windows\system32\drivers\AmonTDLh.sys
2010-02-08 03:10 . 2009-07-21 01:13 19616 ----a-w- c:\windows\system32\drivers\CdmDrvNt.sys
2010-02-08 03:00 . 2010-02-08 03:00 -------- d-----w- c:\program files\AhnLab
2010-02-05 19:10 . 2007-05-24 03:22 89600 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\HPZPPLHN.DLL
2010-02-04 22:48 . 2010-01-28 21:57 163280 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-02-04 22:48 . 2010-01-28 21:54 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-02-04 22:48 . 2010-01-28 21:54 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-02-04 22:48 . 2010-01-28 21:57 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-02-04 22:48 . 2010-01-28 21:54 51792 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-02-04 22:47 . 2010-01-28 22:09 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-02-04 22:47 . 2010-01-28 22:09 152672 ----a-w- c:\windows\system32\aswBoot.exe
2010-02-04 22:47 . 2010-02-04 22:47 -------- d-----w- c:\programdata\Alwil Software
2010-02-04 22:47 . 2010-02-04 22:47 -------- d-----w- c:\program files\Alwil Software
2010-02-04 22:32 . 2010-02-04 22:33 -------- d-----w- c:\program files\SpywareBlaster
2010-02-01 02:58 . 2010-02-01 02:58 -------- d-----w- c:\users\Paco\AppData\Roaming\ieSpell
2010-01-31 20:32 . 2010-01-31 20:32 -------- d-----w- c:\program files\ESET
2010-01-31 05:39 . 2010-01-31 05:39 -------- d-----w- c:\programdata\Thinstall
2010-01-31 05:39 . 2010-01-31 05:39 -------- d-----w- c:\program files\TuneUp Utilities (VMware ThinApp)
2010-01-31 05:34 . 2010-01-31 05:36 -------- d-----w- c:\program files\Uninstall Winner
2010-01-31 05:26 . 2010-01-31 05:39 -------- d-----w- c:\users\Paco\AppData\Roaming\Thinstall
2010-01-31 05:26 . 2010-01-31 05:26 -------- d-----w- c:\users\Paco\AppData\Local\Thinstall
2010-01-30 06:24 . 2010-01-31 03:23 -------- d-----w- c:\programdata\Lavasoft
2010-01-30 05:26 . 2010-01-30 05:26 74328 ----a-w- c:\windows\system32\drivers\inspect.sys
2010-01-28 03:31 . 2010-01-28 03:31 -------- d-----w- c:\temp\VisualBoy
2010-01-26 21:13 . 2010-01-26 21:13 -------- d-----w- c:\users\Paco\AppData\Roaming\Windows SideBar
2010-01-26 04:37 . 2010-01-26 04:37 -------- d-----w- c:\program files\CCleaner
2010-01-26 02:58 . 2010-02-02 04:35 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-01-26 02:58 . 2010-01-26 03:00 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-01-26 02:55 . 2010-01-26 02:55 -------- d-----w- c:\program files\Trend Micro
2010-01-26 01:52 . 2009-09-08 18:42 4199784 ----a-w- c:\windows\system32\cdintf400.dll
2010-01-26 01:52 . 2009-09-08 17:40 26472 ----a-w- c:\programdata\Intuit\Quicken\Sku\RPM\Custom\billmind.exe
2010-01-26 01:52 . 2009-09-08 17:40 26472 ----a-w- c:\programdata\Intuit\Quicken\Sku\Premier\Custom\billmind.exe
2010-01-26 01:52 . 2009-09-08 17:40 26472 ----a-w- c:\programdata\Intuit\Quicken\Sku\Hab\Custom\billmind.exe
2010-01-26 01:52 . 2009-09-08 17:40 26472 ----a-w- c:\programdata\Intuit\Quicken\Sku\Deluxe\Custom\billmind.exe
2010-01-26 01:51 . 2010-01-26 01:51 -------- d-----w- c:\program files\Common Files\Intuit
2010-01-26 01:51 . 2010-01-26 01:51 -------- d-----w- c:\users\Paco\AppData\Roaming\Intuit
2010-01-26 01:50 . 2010-01-26 01:50 -------- d-----w- c:\programdata\Intuit
2010-01-25 23:43 . 2010-01-22 18:13 3858432 ----a-w- c:\users\Paco\AppData\Roaming\Mozilla\Firefox\Profiles\7rohn5hu.default\extensions\LogMeInClient@logmein.com\plugins\npRACtrl.dll
2010-01-25 23:43 . 2010-01-22 17:49 8520 ----a-w- c:\users\Paco\AppData\Roaming\Mozilla\Firefox\Profiles\7rohn5hu.default\extensions\LogMeInClient@logmein.com\plugins\ractrlkeyhook.dll
2010-01-25 23:43 . 2010-01-22 17:49 70984 ----a-w- c:\users\Paco\AppData\Roaming\Mozilla\Firefox\Profiles\7rohn5hu.default\extensions\LogMeInClient@logmein.com\plugins\LMIProxyHelper.exe
2010-01-25 23:43 . 2010-01-22 17:46 574768 ----a-w- c:\users\Paco\AppData\Roaming\Mozilla\Firefox\Profiles\7rohn5hu.default\extensions\LogMeInClient@logmein.com\plugins\LMIGuardianDll.dll
2010-01-25 23:43 . 2010-01-22 17:46 15664 ----a-w- c:\users\Paco\AppData\Roaming\Mozilla\Firefox\Profiles\7rohn5hu.default\extensions\LogMeInClient@logmein.com\plugins\LMIGuardianEvt.dll
2010-01-25 23:43 . 2010-01-22 17:46 83256 ----a-w- c:\users\Paco\AppData\Roaming\Mozilla\Firefox\Profiles\7rohn5hu.default\extensions\LogMeInClient@logmein.com\plugins\LMIGuardian.exe
2010-01-21 18:50 . 2010-01-21 19:05 -------- d-----w- C:\dell
2010-01-21 02:34 . 2009-09-04 23:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2010-01-21 02:34 . 2006-09-28 22:05 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll
2010-01-21 02:33 . 2010-01-21 02:33 -------- d-----w- c:\program files\Winamp Detect
2010-01-20 00:43 . 2010-01-20 00:43 -------- d-----w- c:\users\Paco\AppData\Local\myPod_Apps
2010-01-19 21:10 . 2010-01-19 21:10 -------- d-----w- c:\program files\iPhone Explorer
2010-01-13 00:39 . 2010-01-13 00:39 -------- d-----w- c:\users\Paco\AppData\Roaming\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
2010-01-13 00:39 . 2010-01-13 00:39 -------- d-----w- c:\program files\TweetDeck

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-11 00:00 . 2009-06-20 01:54 -------- d-----w- c:\programdata\VMware
2010-02-10 23:59 . 2009-05-20 17:19 -------- d-----w- c:\users\Paco\AppData\Roaming\Skype
2010-02-10 23:53 . 2009-05-06 04:47 -------- d-----w- c:\users\Paco\AppData\Roaming\MxBoost
2010-02-10 22:50 . 2009-05-07 02:04 -------- d-----w- c:\users\Paco\AppData\Roaming\uTorrent
2010-02-10 22:36 . 2009-05-20 17:22 -------- d-----w- c:\users\Paco\AppData\Roaming\skypePM
2010-02-10 15:03 . 2009-06-20 02:26 -------- d-----w- c:\users\Paco\AppData\Roaming\VMware
2010-02-09 05:07 . 2009-05-26 01:25 -------- d-----w- c:\program files\Hewlett-Packard
2010-02-09 05:07 . 2009-05-07 02:38 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-06 20:45 . 2009-08-27 04:01 238224 ---ha-w- c:\windows\system32\mlfcache.dat
2010-02-03 20:56 . 2010-01-07 20:52 -------- d-----w- c:\program files\ClientSoftware(v4.01MD)
2010-02-02 03:48 . 2009-10-05 00:31 146432 ----a-w- c:\users\Paco\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-02 03:15 . 2009-05-24 17:09 -------- d-----w- c:\program files\FlashGet
2010-02-01 21:23 . 2009-06-09 03:24 -------- d-----w- c:\users\Paco\AppData\Roaming\Apple Computer
2010-02-01 02:07 . 2009-12-21 17:53 -------- d-----w- c:\program files\Maxthon2
2010-01-31 22:07 . 2009-07-06 21:12 -------- d-----w- c:\program files\My Lockbox
2010-01-31 05:26 . 2009-11-06 16:42 524288 ----a-w- c:\users\Paco\AppData\Roaming\Thinstall\Absolute Uninstaller Pro v5.0.1.3\%ProgramFilesDir%\Absolute Uninstaller Pro\ArrmD12.dll
2010-01-31 03:40 . 2009-12-21 04:12 -------- d-----w- c:\program files\Google
2010-01-31 03:39 . 2009-09-30 14:01 -------- d-----w- c:\program files\Orb Networks
2010-01-31 03:27 . 2009-05-25 05:32 -------- d-----w- c:\users\Paco\AppData\Roaming\Move Networks
2010-01-26 02:28 . 2009-11-29 20:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-26 02:27 . 2009-12-21 04:51 5115824 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-22 15:53 . 2009-05-06 05:08 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-21 02:40 . 2009-05-18 13:59 -------- d-----w- c:\program files\Winamp
2010-01-19 15:41 . 2009-05-06 05:07 -------- d-----w- c:\program files\Windows Live
2010-01-18 03:09 . 2009-05-06 17:36 -------- d-----w- c:\programdata\Microsoft Help
2010-01-16 04:46 . 2009-05-06 18:18 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-01-16 04:46 . 2009-10-27 01:38 38784 ----a-w- c:\users\Paco\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-01-16 04:46 . 2009-10-09 19:35 38784 ----a-w- c:\users\Default\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-01-14 17:12 . 2009-10-02 22:45 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-12 16:08 . 2010-01-11 16:24 -------- d-----w- c:\programdata\NOS
2010-01-12 03:08 . 2010-01-10 23:12 -------- d-----w- c:\program files\DOSBox-0.73
2010-01-11 16:24 . 2010-01-11 16:24 -------- d-----w- c:\program files\NOS
2010-01-10 23:15 . 2010-01-10 23:15 -------- d-----w- c:\program files\Loonies
2010-01-07 22:07 . 2009-11-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 22:07 . 2009-11-29 20:39 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-07 20:51 . 2010-01-07 20:51 -------- d-----w- c:\users\Paco\AppData\Roaming\InstallShield
2010-01-07 19:58 . 2010-01-07 19:58 -------- d-----w- c:\program files\LogMeTT
2010-01-06 23:23 . 2009-07-06 21:12 142648 ----a-w- c:\windows\system32\fsproflt.exe
2010-01-03 02:45 . 2009-05-11 00:14 -------- d-----w- c:\program files\Java
2009-12-27 20:13 . 2009-12-27 20:12 -------- d-----w- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-12-27 20:13 . 2009-12-27 20:12 -------- d-----w- c:\program files\iTunes
2009-12-27 20:12 . 2009-12-27 20:12 -------- d-----w- c:\program files\iPod
2009-12-27 20:12 . 2009-06-09 03:21 -------- d-----w- c:\program files\Common Files\Apple
2009-12-27 20:11 . 2009-12-27 20:10 -------- d-----w- c:\program files\QuickTime
2009-12-27 20:02 . 2009-12-27 20:02 79144 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-12-27 19:28 . 2009-12-27 19:28 1956072 ----a-w- c:\users\Paco\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
2009-12-21 17:29 . 2009-06-24 03:40 -------- d-----w- c:\program files\Maxthon3
2009-12-21 16:10 . 2009-05-06 04:14 -------- d-----w- c:\program files\AVG
2009-12-21 04:41 . 2009-12-21 04:41 -------- d-----w- c:\program files\Microsoft
2009-12-21 04:41 . 2009-12-21 04:41 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-12-21 04:11 . 2009-12-21 03:55 -------- d-----w- c:\programdata\WindowsLiveInstaller
2009-12-21 03:55 . 2009-12-21 03:52 -------- d-----w- c:\programdata\WLInstaller
2009-12-18 01:06 . 2009-12-18 01:06 -------- d-----w- c:\program files\Sierra On-Line
2009-12-17 06:53 . 2009-10-26 15:27 -------- d-----w- c:\program files\Comical
2009-12-14 19:39 . 2009-05-06 18:17 -------- d-----w- c:\program files\Common Files\Adobe
2009-12-14 19:38 . 2009-12-14 19:38 29926 ----a-r- c:\users\Paco\AppData\Roaming\Microsoft\Installer\{8D976BE0-3A25-4EDF-9BB4-86AC2D01CBE7}\ARPPRODUCTICON.exe
2009-12-14 19:35 . 2009-12-14 19:35 29926 ----a-r- c:\users\Paco\AppData\Roaming\Microsoft\Installer\{E83A7FBC-61E5-4E97-9510-DEDC084C2C8D}\ARPPRODUCTICON.exe
2009-12-14 19:33 . 2009-12-14 19:33 -------- d-----w- c:\users\Paco\AppData\Roaming\ABBYY
2009-12-14 19:11 . 2009-12-14 19:10 -------- d-----w- c:\program files\SimpleOCR
2009-12-13 22:28 . 2009-12-13 22:28 -------- d-----w- c:\program files\SIERRA
2009-12-04 16:03 . 2009-12-04 16:03 251376 ----a-w- c:\users\Paco\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2009-03-27 04:24 . 2009-04-22 05:58 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-04-22 05:19 . 2009-04-22 03:40 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7100.0_none_624b25e9a4cb0444\WinMail.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
2009-05-30 15:06 218160 ----a-w- c:\program files\Hotspot Shield\hssie\HssIE.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SharingPrivate]
@="{08244EE6-92F0-47f2-9FC9-929BAA2E7235}"
[HKEY_CLASSES_ROOT\CLSID\{08244EE6-92F0-47f2-9FC9-929BAA2E7235}]
2009-04-22 05:21 441856 ----a-w- c:\windows\System32\ntshrui.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-22 1174016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mylbx"="c:\program files\My Lockbox\mylbx.exe" [2010-01-26 1214128]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-01-28 2757512]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

R0 amdxata;amdxata;c:\windows\System32\drivers\amdxata.sys [21-Apr-09 8:07 PM 23120]
R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\System32\drivers\BtHidBus.sys [07-Jan-09 11:39 PM 20744]
R0 CLFS;Common Log (CLFS);c:\windows\System32\clfs.sys [21-Apr-09 9:08 PM 249424]
R0 CNG;CNG;c:\windows\System32\drivers\cng.sys [21-Apr-09 9:31 PM 369056]
R0 FileInfo;File Information FS MiniFilter;c:\windows\System32\drivers\fileinfo.sys [21-Apr-09 9:19 PM 58448]
R0 FSProFilter;FSPro File Filter;c:\windows\System32\drivers\FSPFltd.sys [06-Jul-09 3:12 PM 43792]
R0 fvevol;Bitlocker Drive Encryption Filter Driver;c:\windows\System32\drivers\fvevol.sys [21-Apr-09 9:10 PM 194488]
R0 hwpolicy;Hardware Policy Driver;c:\windows\System32\drivers\hwpolicy.sys [21-Apr-09 9:08 PM 13904]
R0 KSecPkg;KSecPkg;c:\windows\System32\drivers\ksecpkg.sys [21-Apr-09 9:32 PM 133200]
R0 msahci;msahci;c:\windows\System32\drivers\msahci.sys [21-Apr-09 9:44 PM 27728]
R0 msisadrv;msisadrv;c:\windows\System32\drivers\msisadrv.sys [21-Apr-09 9:08 PM 13904]
R0 pcw;Performance Counters for Windows Driver;c:\windows\System32\drivers\pcw.sys [21-Apr-09 9:08 PM 42576]
R0 rdyboost;ReadyBoost;c:\windows\System32\drivers\rdyboost.sys [21-Apr-09 9:19 PM 173648]
R0 spldr;Security Processor Loader Driver;c:\windows\System32\drivers\spldr.sys [21-Apr-09 6:36 PM 17488]
R0 storflt;Disk Virtual Machine Bus Acceleration Filter Driver;c:\windows\System32\drivers\vmstorfl.sys [22-Apr-09 4:23 AM 40912]
R0 vdrvroot;Microsoft Virtual Drive Enumerator Driver;c:\windows\System32\drivers\vdrvroot.sys [21-Apr-09 9:44 PM 32848]
R0 volmgr;Volume Manager Driver;c:\windows\System32\drivers\volmgr.sys [21-Apr-09 9:08 PM 52304]
R0 volmgrx;Dynamic Volume Manager;c:\windows\System32\drivers\volmgrx.sys [21-Apr-09 9:09 PM 297040]
R1 AMonTDLH;AMonTDLH;c:\windows\System32\drivers\AmonTDLh.sys [07-Feb-10 9:10 PM 87648]
R1 aswSP;aswSP;c:\windows\System32\drivers\aswSP.sys [04-Feb-10 4:48 PM 163280]
R1 blbdrive;blbdrive;c:\windows\System32\drivers\blbdrive.sys [21-Apr-09 9:20 PM 35328]
R1 CSC;Offline Files Driver;c:\windows\System32\drivers\csc.sys [21-Apr-09 9:12 PM 387584]
R1 DfsC;DFS Namespace Client Driver;c:\windows\System32\drivers\dfsc.sys [21-Apr-09 9:11 PM 78336]
R1 discache;System Attribute Cache;c:\windows\System32\drivers\discache.sys [21-Apr-09 9:21 PM 32768]
R1 nsiproxy;NSI proxy service driver.;c:\windows\System32\drivers\nsiproxy.sys [21-Apr-09 9:09 PM 16896]
R1 RDPENCDD;RDP Encoder Mirror Driver;c:\windows\System32\drivers\RDPENCDD.sys [21-Apr-09 10:00 PM 6656]
R1 RDPREFMP;Reflector Display Driver used to gain access to graphics data;c:\windows\System32\drivers\RDPREFMP.sys [21-Apr-09 10:00 PM 7168]
R1 tdx;NetIO Legacy TDI Support Driver;c:\windows\System32\drivers\tdx.sys [21-Apr-09 9:09 PM 74240]
R1 Wanarpv6;Remote Access IPv6 ARP Driver;c:\windows\System32\drivers\wanarp.sys [21-Apr-09 9:53 PM 63488]
R1 WfpLwf;WFP Lightweight Filter;c:\windows\System32\drivers\wfplwf.sys [21-Apr-09 9:52 PM 9728]
R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2009/05/06 21:39];c:\program files\CyberLink\PowerDVD9\000.fcl [28-Feb-09 6:40 PM 87536]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [04-Feb-10 4:48 PM 19024]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [04-Feb-10 4:48 PM 51792]
R2 AudioEndpointBuilder;Windows Audio Endpoint Builder;c:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [21-Apr-09 9:16 PM 20992]
R2 BFE;Base Filtering Engine;c:\windows\system32\svchost.exe -k LocalServiceNoNetwork [21-Apr-09 9:16 PM 20992]
R2 CscService;Offline Files;c:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [21-Apr-09 9:16 PM 20992]
R2 DPS;Diagnostic Policy Service;c:\windows\System32\svchost.exe -k LocalServiceNoNetwork [21-Apr-09 9:16 PM 20992]
R2 FDResPub;Function Discovery Resource Publication;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [21-Apr-09 9:16 PM 20992]
R2 fsproflt;FSPro Filter Service;c:\windows\System32\fsproflt.exe [06-Jul-09 3:12 PM 142648]
R2 gpsvc;Group Policy Client;c:\windows\system32\svchost.exe -k netsvcs [21-Apr-09 9:16 PM 20992]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [29-Oct-09 12:27 PM 1074568]
R2 IKEEXT;IKE and AuthIP IPsec Keying Modules;c:\windows\system32\svchost.exe -k netsvcs [21-Apr-09 9:16 PM 20992]
R2 iphlpsvc;IP Helper;c:\windows\System32\svchost.exe -k NetSvcs [21-Apr-09 9:16 PM 20992]
R2 lltdio;Link-Layer Topology Discovery Mapper I/O Driver;c:\windows\System32\drivers\lltdio.sys [21-Apr-09 9:51 PM 48128]
R2 luafv;UAC File Virtualization;c:\windows\System32\drivers\luafv.sys [21-Apr-09 9:13 PM 86528]
R2 MpsSvc;Windows Firewall;c:\windows\system32\svchost.exe -k LocalServiceNoNetwork [21-Apr-09 9:16 PM 20992]
R2 NlaSvc;Network Location Awareness;c:\windows\System32\svchost.exe -k NetworkService [21-Apr-09 9:16 PM 20992]
R2 nsi;Network Store Interface Service;c:\windows\system32\svchost.exe -k LocalService [21-Apr-09 9:16 PM 20992]
R2 PEAUTH;PEAUTH;c:\windows\System32\drivers\PEAuth.sys [21-Apr-09 9:33 PM 586752]
R2 Power;Power;c:\windows\system32\svchost.exe -k DcomLaunch [21-Apr-09 9:16 PM 20992]
R2 ProfSvc;User Profile Service;c:\windows\system32\svchost.exe -k netsvcs [21-Apr-09 9:16 PM 20992]
R2 RpcEptMapper;RPC Endpoint Mapper;c:\windows\system32\svchost.exe -k RPCSS [21-Apr-09 9:16 PM 20992]
R2 SysMain;Superfetch;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [21-Apr-09 9:16 PM 20992]
R2 tcpipreg;TCP/IP Registry Compatibility;c:\windows\System32\drivers\tcpipreg.sys [21-Apr-09 9:52 PM 34816]
R2 UxSms;Desktop Window Manager Session Manager;c:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [21-Apr-09 9:16 PM 20992]
R2 vmci;VMware vmci;c:\windows\System32\drivers\vmci.sys [26-Mar-09 9:58 PM 54960]
R2 WinDefend;Windows Defender;c:\windows\System32\svchost.exe -k secsvcs [21-Apr-09 9:16 PM 20992]
R2 Wlansvc;WLAN AutoConfig;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [21-Apr-09 9:16 PM 20992]
R2 WMDrive;WMDrive;c:\windows\System32\drivers\WMDrive.sys [23-Sep-09 12:40 PM 32384]
R2 XRNBO;XRNBO;c:\windows\System32\drivers\XRNBO.sys [24-May-09 9:10 PM 177152]
R3 1394ohci;1394 OHCI Compliant Host Controller;c:\windows\System32\drivers\1394ohci.sys [21-Apr-09 9:50 PM 162816]
R3 bowser;Browser Support Driver;c:\windows\System32\drivers\bowser.sys [21-Apr-09 9:11 PM 69632]
R3 CompositeBus;Composite Bus Enumerator Driver;c:\windows\System32\drivers\CompositeBus.sys [21-Apr-09 9:43 PM 31232]
R3 DXGKrnl;LDDM Graphics Subsystem;c:\windows\System32\drivers\dxgkrnl.sys [21-Apr-09 9:23 PM 720384]
R3 KeyIso;CNG Key Isolation;c:\windows\System32\lsass.exe [21-Apr-09 9:09 PM 22528]
R3 monitor;Microsoft Monitor Class Function Driver Service;c:\windows\System32\drivers\monitor.sys [21-Apr-09 9:23 PM 23552]
R3 mpsdrv;Windows Firewall Authorization Driver;c:\windows\System32\drivers\mpsdrv.sys [21-Apr-09 9:51 PM 60416]
R3 mrxsmb10;SMB 1.x MiniRedirector;c:\windows\System32\drivers\mrxsmb10.sys [21-Apr-09 9:11 PM 220672]
R3 mrxsmb20;SMB 2.0 MiniRedirector;c:\windows\System32\drivers\mrxsmb20.sys [21-Apr-09 9:11 PM 94720]
R3 NativeWifiP;NativeWiFi Filter;c:\windows\System32\drivers\nwifi.sys [21-Apr-09 9:50 PM 267264]
R3 netprofm;Network List Service;c:\windows\System32\svchost.exe -k LocalService [21-Apr-09 9:16 PM 20992]
R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\System32\drivers\netw5v32.sys [08-Apr-09 8:09 PM 4231168]
R3 PcaSvc;Program Compatibility Assistant Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [21-Apr-09 9:16 PM 20992]
R3 RasAgileVpn;WAN Miniport (IKEv2);c:\windows\System32\drivers\agilevpn.sys [21-Apr-09 9:53 PM 49152]
R3 rdpbus;Remote Desktop Device Redirector Bus Driver;c:\windows\System32\drivers\rdpbus.sys [21-Apr-09 10:01 PM 18432]
R3 srv2;Server SMB 2.xxx Driver;c:\windows\System32\drivers\srv2.sys [20-Oct-09 10:12 PM 306688]
R3 srvnet;srvnet;c:\windows\System32\drivers\srvnet.sys [21-Apr-09 9:12 PM 113664]
R3 tunnel;Microsoft Tunnel Miniport Adapter Driver;c:\windows\System32\drivers\tunnel.sys [21-Apr-09 9:52 PM 108032]
R3 umbus;UMBus Enumerator Driver;c:\windows\System32\drivers\umbus.sys [13-May-09 10:33 PM 39936]
R3 WdiServiceHost;Diagnostic Service Host;c:\windows\System32\svchost.exe -k LocalService [21-Apr-09 9:16 PM 20992]
R3 WdiSystemHost;Diagnostic System Host;c:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [21-Apr-09 9:16 PM 20992]
S2 MMCSS;Multimedia Class Scheduler;c:\windows\system32\svchost.exe -k netsvcs [21-Apr-09 9:16 PM 20992]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [25-Jan-10 8:58 PM 1153368]
S2 sppsvc;Software Protection;c:\windows\System32\sppsvc.exe [21-Apr-09 10:44 PM 3179520]
S3 AcpiPmi;ACPI Power Meter Driver;c:\windows\System32\drivers\acpipmi.sys [21-Apr-09 9:13 PM 9728]
S3 adp94xx;adp94xx;c:\windows\System32\drivers\adp94xx.sys [20-Mar-09 9:22 AM 422992]
S3 adpahci;adpahci;c:\windows\System32\drivers\adpahci.sys [21-Apr-09 8:07 PM 297552]
S3 amdsata;amdsata;c:\windows\System32\drivers\amdsata.sys [20-Mar-09 9:23 AM 77904]
S3 amdsbs;amdsbs;c:\windows\System32\drivers\amdsbs.sys [27-Mar-09 10:45 PM 159312]
S3 AppID;AppID Driver;c:\windows\System32\drivers\appid.sys [21-Apr-09 9:35 PM 50176]
S3 AppIDSvc;Application Identity;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [21-Apr-09 9:16 PM 20992]
S3 Appinfo;Application Information;c:\windows\system32\svchost.exe -k netsvcs [21-Apr-09 9:16 PM 20992]
S3 arcsas;arcsas;c:\windows\System32\drivers\arcsas.sys [21-Apr-09 8:07 PM 86608]
S3 b06bdrv;Broadcom NetXtreme II VBD;c:\windows\System32\drivers\bxvbdx.sys [20-Mar-09 9:22 AM 430080]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [21-Apr-09 8:01 PM 229888]
S3 BDESVC;BitLocker Drive Encryption Service;c:\windows\System32\svchost.exe -k netsvcs [21-Apr-09 9:16 PM 20992]
S3 BrFiltLo;Brother USB Mass-Storage Lower Filter Driver;c:\windows\System32\drivers\BrFiltLo.sys [21-Apr-09 10:55 PM 13568]
S3 BrFiltUp;Brother USB Mass-Storage Upper Filter Driver;c:\windows\System32\drivers\BrFiltUp.sys [21-Apr-09 10:56 PM 5248]
S3 Brserid;Brother MFC Serial Port Interface Driver (WDM);c:\windows\System32\drivers\BrSerId.sys [21-Apr-09 10:53 PM 272128]
S3 BrSerWdm;Brother WDM Serial driver;c:\windows\System32\drivers\BrSerWdm.sys [21-Apr-09 10:55 PM 62336]
S3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\System32\drivers\BrUsbMdm.sys [21-Apr-09 10:55 PM 12160]
S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\System32\drivers\btnetBus.sys [07-Dec-08 12:44 PM 30088]
S3 CdmDrvNt;CdmDrvNt;c:\windows\System32\drivers\CdmDrvNt.sys [07-Feb-10 9:10 PM 19616]
S3 CertPropSvc;Certificate Propagation;c:\windows\system32\svchost.exe -k netsvcs [21-Apr-09 9:16 PM 20992]
S3 circlass;Consumer IR Devices;c:\windows\System32\drivers\circlass.sys [21-Apr-09 9:49 PM 37888]
S3 defragsvc;Disk Defragmenter;c:\windows\system32\svchost.exe -k defragsvc [21-Apr-09 9:16 PM 20992]
S3 ebdrv;Broadcom NetXtreme II 10 GigE VBD;c:\windows\System32\drivers\evbdx.sys [20-Mar-09 9:22 AM 3100160]
S3 elxstor;elxstor;c:\windows\System32\drivers\elxstor.sys [20-Mar-09 9:23 AM 453712]
S3 fdPHost;Function Discovery Provider Host;c:\windows\system32\svchost.exe -k LocalService [21-Apr-09 9:16 PM 20992]
S3 Filetrace;Filetrace;c:\windows\System32\drivers\filetrace.sys [21-Apr-09 9:12 PM 28160]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [21-Apr-09 9:16 PM 20992]
S3 FsDepends;File System Dependency Minifilter;c:\windows\System32\drivers\fsdepends.sys [21-Apr-09 9:12 PM 45648]
S3 hcw85cir;Hauppauge Consumer Infrared Receiver;c:\windows\System32\drivers\hcw85cir.sys [21-Apr-09 8:52 PM 26624]
S3 HomeGroupListener;HomeGroup Listener;c:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [21-Apr-09 9:16 PM 20992]
S3 HomeGroupProvider;HomeGroup Provider;c:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted [21-Apr-09 9:16 PM 20992]
S3 HpSAMD;HpSAMD;c:\windows\System32\drivers\HpSAMD.sys [21-Apr-09 8:07 PM 67152]
S3 iaStorV;iaStorV;c:\windows\System32\drivers\iaStorV.sys [14-Apr-09 8:30 PM 332368]
S3 IPBusEnum;PnP-X IP Bus Enumerator;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [21-Apr-09 9:16 PM 20992]
S3 IPMIDRV;IPMIDRV;c:\windows\System32\drivers\IPMIDrv.sys [21-Apr-09 9:28 PM 65536]
S3 iScsiPrt;iScsiPort Driver;c:\windows\System32\drivers\msiscsi.sys [21-Apr-09 9:44 PM 186960]
S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\System32\drivers\IvtBtBus.sys [02-Jul-08 2:58 PM 26248]
S3 KtmRm;KtmRm for Distributed Transaction Coordinator;c:\windows\System32\svchost.exe -k NetworkServiceAndNoImpersonation [21-Apr-09 9:16 PM 20992]
S3 lltdsvc;Link-Layer Topology Discovery Mapper;c:\windows\System32\svchost.exe -k LocalService [21-Apr-09 9:16 PM 20992]
S3 LSI_FC;LSI_FC;c:\windows\System32\drivers\lsi_fc.sys [21-Apr-09 8:07 PM 95824]
S3 LSI_SAS;LSI_SAS;c:\windows\System32\drivers\lsi_sas.sys [21-Apr-09 8:07 PM 89168]
S3 LSI_SAS2;LSI_SAS2;c:\windows\System32\drivers\lsi_sas2.sys [21-Apr-09 8:07 PM 54864]
S3 LSI_SCSI;LSI_SCSI;c:\windows\System32\drivers\lsi_scsi.sys [21-Apr-09 8:07 PM 96848]
S3 megasas;megasas;c:\windows\System32\drivers\megasas.sys [20-Mar-09 9:23 AM 30800]
S3 MfFWEnt;MfFWEnt;c:\program files\AhnLab\ASP\MyFirewall 4.0\mffwent.sys [07-Feb-10 9:10 PM 101336]
S3 MfIPSEnt;MfIPSEnt;c:\program files\AhnLab\ASP\MyFirewall 4.0\mfipsent.sys [07-Feb-10 9:10 PM 121504]
S3 Mkd2Bthf;Mkd2Bthf;c:\windows\System32\drivers\Mkd2BthF.sys [07-Feb-10 9:10 PM 81016]
S3 Mkd2kfNt;Mkd2kfNt;c:\windows\System32\drivers\Mkd2kfNT.sys [07-Feb-10 9:10 PM 141176]
S3 Mkd2Nadr;Mkd2Nadr;c:\windows\System32\drivers\Mkd2Nadr.sys [07-Feb-10 9:10 PM 86136]
S3 mpio;mpio;c:\windows\System32\drivers\mpio.sys [21-Apr-09 9:44 PM 130640]
S3 msdsm;msdsm;c:\windows\System32\drivers\msdsm.sys [21-Apr-09 9:44 PM 115792]
S3 mshidkmdf;Pass-through HID to KMDF Filter Driver;c:\windows\System32\drivers\mshidkmdf.sys [21-Apr-09 9:49 PM 4096]
S3 MSiSCSI;Microsoft iSCSI Initiator Service;c:\windows\system32\svchost.exe -k netsvcs [21-Apr-09 9:16 PM 20992]
S3 MsRPC;MsRPC;c:\windows\System32\drivers\msrpc.sys [21-Apr-09 9:09 PM 162896]
S3 MTConfig;Microsoft Input Configuration Driver;c:\windows\System32\drivers\MTConfig.sys [21-Apr-09 9:45 PM 12288]
S3 NdisCap;NDIS Capture LightWeight Filter;c:\windows\System32\drivers\ndiscap.sys [21-Apr-09 9:51 PM 27136]
S3 nfrd960;nfrd960;c:\windows\System32\drivers\nfrd960.sys [21-Apr-09 8:07 PM 44624]
S3 nvstor;nvstor;c:\windows\System32\drivers\nvstor.sys [14-Apr-09 8:30 PM 142416]
S3 PeerDistSvc;BranchCache;c:\windows\System32\svchost.exe -k PeerDist [21-Apr-09 9:16 PM 20992]
S3 pla;Performance Logs & Alerts;c:\windows\System32\svchost.exe -k LocalServiceNoNetwork [21-Apr-09 9:16 PM 20992]
S3 PNRPAutoReg;PNRP Machine Name Publication Service;c:\windows\System32\svchost.exe -k LocalServicePeerNet [21-Apr-09 9:16 PM 20992]
S3 PortTalk;PortTalk;c:\windows\System32\drivers\porttalk.sys [24-May-09 12:12 PM 3567]
S3 ql2300;ql2300;c:\windows\System32\drivers\ql2300.sys [20-Mar-09 9:23 AM 1383504]
S3 ql40xx;ql40xx;c:\windows\System32\drivers\ql40xx.sys [21-Apr-09 8:07 PM 105552]
S3 s3cap;s3cap;c:\windows\System32\drivers\vms3cap.sys [22-Apr-09 4:23 AM 5632]
S3 scfilter;Smart card PnP Class Filter Driver;c:\windows\System32\drivers\scfilter.sys [21-Apr-09 9:32 PM 26624]
S3 SCPolicySvc;Smart Card Removal Policy;c:\windows\system32\svchost.exe -k netsvcs [21-Apr-09 9:16 PM 20992]
S3 SDRSVC;Windows Backup;c:\windows\system32\svchost.exe -k SDRSVC [21-Apr-09 9:16 PM 20992]
S3 SensrSvc;Adaptive Brightness;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [21-Apr-09 9:16 PM 20992]
S3 SessionEnv;Remote Desktop Configuration;c:\windows\System32\svchost.exe -k netsvcs [21-Apr-09 9:16 PM 20992]
S3 sffp_mmc;SFF Storage Protocol Driver for MMC;c:\windows\System32\drivers\sffp_mmc.sys [21-Apr-09 9:44 PM 12288]
S3 SiSRaid4;SiSRaid4;c:\windows\System32\drivers\sisraid4.sys [21-Apr-09 8:07 PM 77904]
S3 Smb;Message-oriented TCP/IP and TCP/IPv6 Protocol (SMB session);c:\windows\System32\drivers\smb.sys [21-Apr-09 9:52 PM 71168]
S3 sppuinotify;SPP Notification Service;c:\windows\system32\svchost.exe -k LocalService [21-Apr-09 9:16 PM 20992]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\System32\drivers\VSTAZL3.SYS [21-Apr-09 8:11 PM 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\System32\drivers\VSTDPV3.SYS [21-Apr-09 8:11 PM 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\System32\drivers\VSTCNXT3.SYS [21-Apr-09 8:11 PM 661504]
S3 stexstor;stexstor;c:\windows\System32\drivers\stexstor.sys [21-Apr-09 8:07 PM 21072]
S3 storvsc;storvsc;c:\windows\System32\drivers\storvsc.sys [22-Apr-09 4:23 AM 28240]
S3 TabletInputService;Tablet PC Input Service;c:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [21-Apr-09 9:16 PM 20992]
S3 TBS;TPM Base Services;c:\windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [21-Apr-09 9:16 PM 20992]
S3 THREADORDER;Thread Ordering Server;c:\windows\system32\svchost.exe -k LocalService [21-Apr-09 9:16 PM 20992]
S3 TrustedInstaller;Windows Modules Installer;c:\windows\servicing\TrustedInstaller.exe [21-Apr-09 9:20 PM 204800]
S3 tssecsrv;Remote Desktop Services Security Filter Driver;c:\windows\System32\drivers\tssecsrv.sys [21-Apr-09 10:00 PM 30208]
S3 UI0Detect;Interactive Services Detection;c:\windows\System32\UI0Detect.exe [21-Apr-09 9:35 PM 35840]
S3 uliagpkx;Uli AGP Bus Filter;c:\windows\System32\drivers\ULIAGPKX.SYS [21-Apr-09 9:23 PM 57424]
S3 UmRdpService;Remote Desktop Services UserMode Port Redirector;c:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [21-Apr-09 9:16 PM 20992]
S3 usbcir;eHome Infrared Receiver (USBCIR);c:\windows\System32\drivers\usbcir.sys [21-Apr-09 9:49 PM 86016]
S3 VaultSvc;Credential Manager;c:\windows\System32\lsass.exe [21-Apr-09 9:09 PM 22528]
S3 vhdmp;vhdmp;c:\windows\System32\drivers\vhdmp.sys [21-Apr-09 9:44 PM 158288]
S3 ViaC7;VIA C7 Processor Driver;c:\windows\System32\drivers\viac7.sys [21-Apr-09 9:08 PM 52736]
S3 vmbus;vmbus;c:\windows\System32\drivers\vmbus.sys [22-Apr-09 4:23 AM 175824]
S3 VMBusHID;VMBusHID;c:\windows\System32\drivers\VMBusHID.sys [22-Apr-09 4:23 AM 17920]
S3 vsmraid;vsmraid;c:\windows\System32\drivers\vsmraid.sys [20-Mar-09 9:23 AM 141904]
S3 vwifibus;Virtual WiFi Bus Driver;c:\windows\System32\drivers\vwifibus.sys [21-Apr-09 9:50 PM 19968]
S3 WacomPen;Wacom Serial Pen HID Driver;c:\windows\System32\drivers\wacompen.sys [21-Apr-09 9:45 PM 21632]
S3 wbengine;Block Level Backup Engine Service;c:\windows\System32\wbengine.exe [21-Apr-09 9:21 PM 1203200]
S3 WbioSrvc;Windows Biometric Service;c:\windows\system32\svchost.exe -k WbioSvcGroup [21-Apr-09 9:16 PM 20992]
S3 wcncsvc;Windows Connect Now - Config Registrar;c:\windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [21-Apr-09 9:16 PM 20992]
S3 WcsPlugInService;Windows Color System;c:\windows\system32\svchost.exe -k wcssvc [21-Apr-09 9:16 PM 20992]
S3 Wd;Wd;c:\windows\System32\drivers\wd.sys [21-Apr-09 9:08 PM 19024]
S3 Wecsvc;Windows Event Collector;c:\windows\system32\svchost.exe -k NetworkService [21-Apr-09 9:16 PM 20992]
S3 wercplsupport;Problem Reports and Solutions Control Panel Support;c:\windows\System32\svchost.exe -k netsvcs [21-Apr-09 9:16 PM 20992]
S3 WerSvc;Windows Error Reporting Service;c:\windows\System32\svchost.exe -k WerSvcGroup [21-Apr-09 9:16 PM 20992]
S3 WIMMount;WIMMount;c:\windows\System32\drivers\wimmount.sys [21-Apr-09 9:15 PM 19024]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\System32\svchost.exe -k NetworkService [21-Apr-09 9:16 PM 20992]
S3 WPCSvc;Parental Controls;c:\windows\system32\svchost.exe -k LocalServiceNetworkRestricted [21-Apr-09 9:16 PM 20992]
S3 WPDBusEnum;Portable Device Enumerator Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [21-Apr-09 9:16 PM 20992]
S3 WwanSvc;WWAN AutoConfig;c:\windows\system32\svchost.exe -k LocalServiceNoNetwork [21-Apr-09 9:16 PM 20992]
S4 Mcx2Svc;Media Center Extender Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [21-Apr-09 9:16 PM 20992]
S4 OracleDBConsoleOLTP;OracleDBConsoleOLTP;c:\oracle\product\11.1.0\db_1\bin\nmesrvc.exe --> c:\oracle\product\11.1.0\db_1\bin\nmesrvc.exe [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
RPCSS REG_MULTI_SZ RpcEptMapper RpcSs
defragsvc REG_MULTI_SZ defragsvc
WerSvcGroup REG_MULTI_SZ wersvc
LocalServiceNoNetwork REG_MULTI_SZ DPS PLA BFE mpssvc WwanSvc
swprv REG_MULTI_SZ swprv
LocalServicePeerNet REG_MULTI_SZ PNRPSvc p2pimsvc p2psvc PnrpAutoReg
NetworkServiceAndNoImpersonation REG_MULTI_SZ KtmRm
regsvc REG_MULTI_SZ RemoteRegistry
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS AppIDSvc FontCache fdrespub QWAVE wcncsvc Mcx2Svc SensrSvc
DcomLaunch REG_MULTI_SZ Power PlugPlay DcomLaunch
NetworkServiceNetworkRestricted REG_MULTI_SZ PolicyAgent
sdrsvc REG_MULTI_SZ sdrsvc
WbioSvcGroup REG_MULTI_SZ WbioSrvc
wcssvc REG_MULTI_SZ WcsPlugInService
secsvcs REG_MULTI_SZ WinDefend
AxInstSVGroup REG_MULTI_SZ AxInstSV
PeerDist REG_MULTI_SZ PeerDistSvc
getPlusHelper REG_MULTI_SZ getPlusHelper

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
AeLookupSvc
CertPropSvc
SCPolicySvc
lanmanserver
gpsvc
IKEEXT
AudioSrv
FastUserSwitchingCompatibility
Nla
NWCWorkstation
SRService
Wmi
WmdmPmSp
TermService
wuauserv
BITS
ShellHWDetection
LogonHours
PCAudit
helpsvc
uploadmgr
iphlpsvc
seclogon
AppInfo
msiscsi
MMCSS
EapHost
wercplsupport
ProfSvc
hkmsvc
winmgmt
SessionEnv
schedule
browser
BDESVC
Themes
AppMgmt

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalSystemNetworkRestricted
homegrouplistener


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
WdiServiceHost
sppuinotify

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetworkService
lanmanworkstation

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalServiceNetworkRestricted
BthHFSrv
homegroupprovider

.
Contents of the 'Scheduled Tasks' folder

2010-02-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-551103025-3862300461-6324029-1000Core.job
- c:\users\Paco\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-21 04:28]

2010-02-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-551103025-3862300461-6324029-1000UA.job
- c:\users\Paco\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-21 04:28]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xportar a Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Lookup on Merriam Webster - file://c:\program files\ieSpell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files\ieSpell\wikipedia.HTM
LSP: c:\program files\VMware\VMware Player\vsocklib.dll
DPF: {72BFBC0F-3C1E-48A6-B50A-0364572E5F6F} - hxxp://201.144.111.147/WebGuard_Login.cab
DPF: {7B43048F-DA7A-458F-AF35-D825BDBB6816} - hxxp://192.168.2.150/codebase/NetVideoOCX.cab
DPF: {ADACAA8F-3595-47FE-9C31-9C7471B9BEC7} - hxxp://improba.sytes.net/cab/OCXChecker_8000.cab
DPF: {C9A25090-D6C4-4D33-87ED-53AA0C3ECE65} - hxxp://download6.quickheal.com/onlnscan/activex/nt/onlnscan.cab
DPF: {DBAFE6AD-DC14-45DF-A3F7-F8832289A1CD} - hxxp://improba.sytes.net/cab/DownloadFile_8000.cab
FF - ProfilePath - c:\users\Paco\AppData\Roaming\Mozilla\Firefox\Profiles\7rohn5hu.default\
FF - plugin: c:\program files\AhnLab\ASP\Components\aosmgr\conflict_228\npaosmgr.dll
FF - plugin: c:\program files\AhnLab\ASP\MyKeyDefense 2.5\npmkd25aos.dll
FF - plugin: c:\program files\AhnLab\ASP\MyKeyDefense 2.5\npmkd25sp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: c:\users\Paco\AppData\Local\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\users\Paco\AppData\Local\Yahoo!\BrowserPlus\2.4.21\Plugins\npybrowserplus_2.4.21.dll
FF - plugin: c:\users\Paco\AppData\Roaming\Mozilla\Firefox\Profiles\7rohn5hu.default\extensions\LogMeInClient@logmein.com\plugins\npRACtrl.dll
FF - plugin: c:\users\Paco\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
.
------- File Associations -------
.
vbefile\shell\open2\command="%SystemRoot%\System32\CScript.exe" "%1" %*
vbsfile\shell\open2\command="%SystemRoot%\System32\CScript.exe" "%1" %*
jsefile\shell\open2\command=c:\windows\System32\CScript.exe "%1" %*
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-10 18:16
Windows 6.1.7100 NTFS

detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-10 18:16
Windows 6.1.7100 NTFS

detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-10 18:16
Windows 6.1.7100 NTFS

detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-10 18:16
Windows 6.1.7100 NTFS

detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-10 18:16
Windows 6.1.7100 NTFS

detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-10 18:16
Windows 6.1.7100 NTFS

detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-10 18:16
Windows 6.1.7100 NTFS

detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-10 18:16
Windows 6.1.7100 NTFS

detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-10 18:16
Windows 6.1.7100 NTFS

detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-10 18:16
Windows 6.1.7100 NTFS

detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-10 18:16
Windows 6.1.7100 NTFS

detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: >>UNKNOWN [0x82E1A000]<< >>UNKNOWN [0x8A384000]<< >>UNKNOWN [0x8A408000]<< >>UNKNOWN [0x89E00000]<< >>UNKNOWN [0x83229000]<< >>UNKNOWN [0x89FC1000]<< >>UNKNOWN [0x89E23000]<< >>UNKNOWN [0x89DAF000]<< >>UNKNOWN [0x89FF7000]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
IoDeviceObjectType -> DumpProcedure -> 0xe5726854
SecurityProcedure -> 0x1
QueryNameProcedure -> 0x8ae05c3e
user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD9\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f5,df,bf,22,d2,a6,bd,40,bf,80,6f,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f5,df,bf,22,d2,a6,bd,40,bf,80,6f,\

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2010-02-10 18:21:03
ComboFix-quarantined-files.txt 2010-02-11 00:20
ComboFix2.txt 2010-01-31 04:52

Pre-Run: 3,622,535,168 bytes free
Post-Run: 3,606,810,624 bytes free

- - End Of File - - 9633E1201BE69A472BD1CABCCDFFF114


#8 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:01:56 PM

Posted 13 February 2010 - 06:39 AM

Please delete your copy of Combofix and download a fresh one, let it run and post back with the logfile please smile.gif.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#9 fmg00

fmg00
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:56 AM

Posted 13 February 2010 - 10:26 AM

Hi Tom, Heres the new log

ComboFix 10-02-12.01 - Paco 13-Feb-10 9:02.4.2 - x86
Microsoft Windows 7 Ultimate 6.1.7100.0.1252.1.1033.18.2550.1556 [GMT -6:00]
Running from: c:\users\Paco\Desktop\schrauber.exe
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\mouj.yjo

.
((((((((((((((((((((((((( Files Created from 2010-01-13 to 2010-02-13 )))))))))))))))))))))))))))))))
.

2010-02-13 15:14 . 2010-02-13 15:15 -------- d-----w- c:\users\Paco\AppData\Local\temp
2010-02-13 15:14 . 2010-02-13 15:14 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-02-13 15:14 . 2010-02-13 15:14 -------- d-----w- c:\users\postgres\AppData\Local\temp
2010-02-13 15:14 . 2010-02-13 15:14 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-02-13 15:00 . 2010-02-13 15:00 -------- d-----w- C:\32788R22FWJFW
2010-02-10 23:59 . 2010-02-10 23:59 -------- d-----w- C:\Device
2010-02-09 05:08 . 2006-05-25 17:05 90112 ----a-w- c:\windows\system32\hpqnt.dll
2010-02-09 05:06 . 2010-02-09 05:06 -------- d-----w- C:\hp
2010-02-08 03:10 . 2010-02-08 03:10 77921 ----a-w- c:\windows\system32\v3w32se2.dll
2010-02-08 03:10 . 2009-10-07 09:05 86136 ----a-w- c:\windows\system32\drivers\Mkd2Nadr.sys
2010-02-08 03:10 . 2009-10-07 09:05 81016 ----a-w- c:\windows\system32\drivers\Mkd2BthF.sys
2010-02-08 03:10 . 2009-10-07 09:05 141176 ----a-w- c:\windows\system32\drivers\Mkd2kfNT.sys
2010-02-08 03:10 . 2010-02-08 03:10 -------- d-----w- c:\users\Paco\AppData\Roaming\AhnLab
2010-02-08 03:10 . 2009-12-18 08:27 87648 ----a-w- c:\windows\system32\drivers\AmonTDLh.sys
2010-02-08 03:10 . 2009-07-21 01:13 19616 ----a-w- c:\windows\system32\drivers\CdmDrvNt.sys
2010-02-08 03:00 . 2010-02-08 03:00 -------- d-----w- c:\program files\AhnLab
2010-02-05 19:10 . 2007-05-24 03:22 89600 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\HPZPPLHN.DLL
2010-02-04 22:48 . 2010-02-11 18:42 162512 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-02-04 22:48 . 2010-02-11 18:38 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-02-04 22:48 . 2010-02-11 18:39 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-02-04 22:48 . 2010-02-11 18:42 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-02-04 22:48 . 2010-02-11 18:38 51792 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-02-04 22:47 . 2010-02-11 18:53 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-02-04 22:47 . 2010-02-11 18:53 153184 ----a-w- c:\windows\system32\aswBoot.exe
2010-02-04 22:47 . 2010-02-04 22:47 -------- d-----w- c:\programdata\Alwil Software
2010-02-04 22:47 . 2010-02-04 22:47 -------- d-----w- c:\program files\Alwil Software
2010-02-04 22:32 . 2010-02-04 22:33 -------- d-----w- c:\program files\SpywareBlaster
2010-02-01 02:58 . 2010-02-01 02:58 -------- d-----w- c:\users\Paco\AppData\Roaming\ieSpell
2010-01-31 20:32 . 2010-01-31 20:32 -------- d-----w- c:\program files\ESET
2010-01-31 05:39 . 2010-01-31 05:39 -------- d-----w- c:\programdata\Thinstall
2010-01-31 05:39 . 2010-01-31 05:39 -------- d-----w- c:\program files\TuneUp Utilities (VMware ThinApp)
2010-01-31 05:34 . 2010-01-31 05:36 -------- d-----w- c:\program files\Uninstall Winner
2010-01-31 05:26 . 2010-01-31 05:39 -------- d-----w- c:\users\Paco\AppData\Roaming\Thinstall
2010-01-31 05:26 . 2010-01-31 05:26 -------- d-----w- c:\users\Paco\AppData\Local\Thinstall
2010-01-30 06:24 . 2010-01-31 03:23 -------- d-----w- c:\programdata\Lavasoft
2010-01-30 05:26 . 2010-01-30 05:26 74328 ----a-w- c:\windows\system32\drivers\inspect.sys
2010-01-28 03:31 . 2010-01-28 03:31 -------- d-----w- c:\temp\VisualBoy
2010-01-26 21:13 . 2010-01-26 21:13 -------- d-----w- c:\users\Paco\AppData\Roaming\Windows SideBar
2010-01-26 04:37 . 2010-01-26 04:37 -------- d-----w- c:\program files\CCleaner
2010-01-26 02:58 . 2010-02-02 04:35 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-01-26 02:58 . 2010-01-26 03:00 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-01-26 02:55 . 2010-01-26 02:55 -------- d-----w- c:\program files\Trend Micro
2010-01-26 01:52 . 2009-09-08 18:42 4199784 ----a-w- c:\windows\system32\cdintf400.dll
2010-01-26 01:52 . 2009-09-08 17:40 26472 ----a-w- c:\programdata\Intuit\Quicken\Sku\RPM\Custom\billmind.exe
2010-01-26 01:52 . 2009-09-08 17:40 26472 ----a-w- c:\programdata\Intuit\Quicken\Sku\Premier\Custom\billmind.exe
2010-01-26 01:52 . 2009-09-08 17:40 26472 ----a-w- c:\programdata\Intuit\Quicken\Sku\Hab\Custom\billmind.exe
2010-01-26 01:52 . 2009-09-08 17:40 26472 ----a-w- c:\programdata\Intuit\Quicken\Sku\Deluxe\Custom\billmind.exe
2010-01-26 01:51 . 2010-01-26 01:51 -------- d-----w- c:\program files\Common Files\Intuit
2010-01-26 01:51 . 2010-01-26 01:51 -------- d-----w- c:\users\Paco\AppData\Roaming\Intuit
2010-01-26 01:50 . 2010-01-26 01:50 -------- d-----w- c:\programdata\Intuit
2010-01-25 23:43 . 2010-01-22 18:13 3858432 ----a-w- c:\users\Paco\AppData\Roaming\Mozilla\Firefox\Profiles\7rohn5hu.default\extensions\LogMeInClient@logmein.com\plugins\npRACtrl.dll
2010-01-25 23:43 . 2010-01-22 17:49 8520 ----a-w- c:\users\Paco\AppData\Roaming\Mozilla\Firefox\Profiles\7rohn5hu.default\extensions\LogMeInClient@logmein.com\plugins\ractrlkeyhook.dll
2010-01-25 23:43 . 2010-01-22 17:49 70984 ----a-w- c:\users\Paco\AppData\Roaming\Mozilla\Firefox\Profiles\7rohn5hu.default\extensions\LogMeInClient@logmein.com\plugins\LMIProxyHelper.exe
2010-01-25 23:43 . 2010-01-22 17:46 574768 ----a-w- c:\users\Paco\AppData\Roaming\Mozilla\Firefox\Profiles\7rohn5hu.default\extensions\LogMeInClient@logmein.com\plugins\LMIGuardianDll.dll
2010-01-25 23:43 . 2010-01-22 17:46 15664 ----a-w- c:\users\Paco\AppData\Roaming\Mozilla\Firefox\Profiles\7rohn5hu.default\extensions\LogMeInClient@logmein.com\plugins\LMIGuardianEvt.dll
2010-01-25 23:43 . 2010-01-22 17:46 83256 ----a-w- c:\users\Paco\AppData\Roaming\Mozilla\Firefox\Profiles\7rohn5hu.default\extensions\LogMeInClient@logmein.com\plugins\LMIGuardian.exe
2010-01-21 18:50 . 2010-01-21 19:05 -------- d-----w- C:\dell
2010-01-21 02:34 . 2009-09-04 23:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2010-01-21 02:34 . 2006-09-28 22:05 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll
2010-01-21 02:33 . 2010-01-21 02:33 -------- d-----w- c:\program files\Winamp Detect
2010-01-20 00:43 . 2010-01-20 00:43 -------- d-----w- c:\users\Paco\AppData\Local\myPod_Apps
2010-01-19 21:10 . 2010-01-19 21:10 -------- d-----w- c:\program files\iPhone Explorer

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-13 14:58 . 2009-05-06 04:47 -------- d-----w- c:\users\Paco\AppData\Roaming\MxBoost
2010-02-13 14:50 . 2009-05-20 17:19 -------- d-----w- c:\users\Paco\AppData\Roaming\Skype
2010-02-13 14:49 . 2009-05-20 17:22 -------- d-----w- c:\users\Paco\AppData\Roaming\skypePM
2010-02-12 18:49 . 2009-06-20 01:54 -------- d-----w- c:\programdata\VMware
2010-02-12 18:43 . 2009-06-20 02:26 -------- d-----w- c:\users\Paco\AppData\Roaming\VMware
2010-02-12 05:10 . 2009-05-07 02:04 -------- d-----w- c:\users\Paco\AppData\Roaming\uTorrent
2010-02-12 02:51 . 2009-05-06 17:36 -------- d-----w- c:\programdata\Microsoft Help
2010-02-12 02:45 . 2009-05-07 02:04 -------- d-----w- c:\program files\uTorrent
2010-02-09 05:07 . 2009-05-26 01:25 -------- d-----w- c:\program files\Hewlett-Packard
2010-02-09 05:07 . 2009-05-07 02:38 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-06 20:45 . 2009-08-27 04:01 238224 ---ha-w- c:\windows\system32\mlfcache.dat
2010-02-03 20:56 . 2010-01-07 20:52 -------- d-----w- c:\program files\ClientSoftware(v4.01MD)
2010-02-02 03:48 . 2009-10-05 00:31 146432 ----a-w- c:\users\Paco\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-02 03:15 . 2009-05-24 17:09 -------- d-----w- c:\program files\FlashGet
2010-02-01 21:23 . 2009-06-09 03:24 -------- d-----w- c:\users\Paco\AppData\Roaming\Apple Computer
2010-02-01 02:07 . 2009-12-21 17:53 -------- d-----w- c:\program files\Maxthon2
2010-01-31 22:07 . 2009-07-06 21:12 -------- d-----w- c:\program files\My Lockbox
2010-01-31 05:26 . 2009-11-06 16:42 524288 ----a-w- c:\users\Paco\AppData\Roaming\Thinstall\Absolute Uninstaller Pro v5.0.1.3\%ProgramFilesDir%\Absolute Uninstaller Pro\ArrmD12.dll
2010-01-31 03:40 . 2009-12-21 04:12 -------- d-----w- c:\program files\Google
2010-01-31 03:39 . 2009-09-30 14:01 -------- d-----w- c:\program files\Orb Networks
2010-01-31 03:27 . 2009-05-25 05:32 -------- d-----w- c:\users\Paco\AppData\Roaming\Move Networks
2010-01-26 02:28 . 2009-11-29 20:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-26 02:27 . 2009-12-21 04:51 5115824 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-22 15:53 . 2009-05-06 05:08 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-21 02:40 . 2009-05-18 13:59 -------- d-----w- c:\program files\Winamp
2010-01-19 15:41 . 2009-05-06 05:07 -------- d-----w- c:\program files\Windows Live
2010-01-16 04:46 . 2009-05-06 18:18 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-01-16 04:46 . 2009-10-27 01:38 38784 ----a-w- c:\users\Paco\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-01-16 04:46 . 2009-10-09 19:35 38784 ----a-w- c:\users\Default\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-01-14 17:12 . 2009-10-02 22:45 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-13 00:39 . 2010-01-13 00:39 -------- d-----w- c:\users\Paco\AppData\Roaming\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
2010-01-13 00:39 . 2010-01-13 00:39 -------- d-----w- c:\program files\TweetDeck
2010-01-12 16:08 . 2010-01-11 16:24 -------- d-----w- c:\programdata\NOS
2010-01-12 03:08 . 2010-01-10 23:12 -------- d-----w- c:\program files\DOSBox-0.73
2010-01-11 16:24 . 2010-01-11 16:24 -------- d-----w- c:\program files\NOS
2010-01-10 23:15 . 2010-01-10 23:15 -------- d-----w- c:\program files\Loonies
2010-01-07 22:07 . 2009-11-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 22:07 . 2009-11-29 20:39 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-07 20:51 . 2010-01-07 20:51 -------- d-----w- c:\users\Paco\AppData\Roaming\InstallShield
2010-01-07 19:58 . 2010-01-07 19:58 -------- d-----w- c:\program files\LogMeTT
2010-01-06 23:23 . 2009-07-06 21:12 142648 ----a-w- c:\windows\system32\fsproflt.exe
2010-01-03 02:45 . 2009-05-11 00:14 -------- d-----w- c:\program files\Java
2009-12-27 20:13 . 2009-12-27 20:12 -------- d-----w- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-12-27 20:13 . 2009-12-27 20:12 -------- d-----w- c:\program files\iTunes
2009-12-27 20:12 . 2009-12-27 20:12 -------- d-----w- c:\program files\iPod
2009-12-27 20:12 . 2009-06-09 03:21 -------- d-----w- c:\program files\Common Files\Apple
2009-12-27 20:11 . 2009-12-27 20:10 -------- d-----w- c:\program files\QuickTime
2009-12-27 20:02 . 2009-12-27 20:02 79144 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-12-27 19:28 . 2009-12-27 19:28 1956072 ----a-w- c:\users\Paco\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
2009-12-21 17:29 . 2009-06-24 03:40 -------- d-----w- c:\program files\Maxthon3
2009-12-21 16:10 . 2009-05-06 04:14 -------- d-----w- c:\program files\AVG
2009-12-21 04:41 . 2009-12-21 04:41 -------- d-----w- c:\program files\Microsoft
2009-12-21 04:41 . 2009-12-21 04:41 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-12-21 04:11 . 2009-12-21 03:55 -------- d-----w- c:\programdata\WindowsLiveInstaller
2009-12-21 03:55 . 2009-12-21 03:52 -------- d-----w- c:\programdata\WLInstaller
2009-12-18 01:06 . 2009-12-18 01:06 -------- d-----w- c:\program files\Sierra On-Line
2009-12-17 06:53 . 2009-10-26 15:27 -------- d-----w- c:\program files\Comical
2009-12-14 19:38 . 2009-12-14 19:38 29926 ----a-r- c:\users\Paco\AppData\Roaming\Microsoft\Installer\{8D976BE0-3A25-4EDF-9BB4-86AC2D01CBE7}\ARPPRODUCTICON.exe
2009-12-14 19:35 . 2009-12-14 19:35 29926 ----a-r- c:\users\Paco\AppData\Roaming\Microsoft\Installer\{E83A7FBC-61E5-4E97-9510-DEDC084C2C8D}\ARPPRODUCTICON.exe
2009-12-04 16:03 . 2009-12-04 16:03 251376 ----a-w- c:\users\Paco\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2009-03-27 04:24 . 2009-04-22 05:58 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-04-22 05:19 . 2009-04-22 03:40 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7100.0_none_624b25e9a4cb0444\WinMail.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
2009-05-30 15:06 218160 ----a-w- c:\program files\Hotspot Shield\hssie\HssIE.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SharingPrivate]
@="{08244EE6-92F0-47f2-9FC9-929BAA2E7235}"
[HKEY_CLASSES_ROOT\CLSID\{08244EE6-92F0-47f2-9FC9-929BAA2E7235}]
2009-04-22 05:21 441856 ----a-w- c:\windows\System32\ntshrui.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-22 1174016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mylbx"="c:\program files\My Lockbox\mylbx.exe" [2010-01-26 1214128]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-02-11 2756488]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

R0 amdxata;amdxata;c:\windows\System32\drivers\amdxata.sys [21-Apr-09 8:07 PM 23120]
R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\System32\drivers\BtHidBus.sys [07-Jan-09 11:39 PM 20744]
R0 CLFS;Common Log (CLFS);c:\windows\System32\clfs.sys [21-Apr-09 9:08 PM 249424]
R0 CNG;CNG;c:\windows\System32\drivers\cng.sys [21-Apr-09 9:31 PM 369056]
R0 FileInfo;File Information FS MiniFilter;c:\windows\System32\drivers\fileinfo.sys [21-Apr-09 9:19 PM 58448]
R0 FSProFilter;FSPro File Filter;c:\windows\System32\drivers\FSPFltd.sys [06-Jul-09 3:12 PM 43792]
R0 fvevol;Bitlocker Drive Encryption Filter Driver;c:\windows\System32\drivers\fvevol.sys [21-Apr-09 9:10 PM 194488]
R0 hwpolicy;Hardware Policy Driver;c:\windows\System32\drivers\hwpolicy.sys [21-Apr-09 9:08 PM 13904]
R0 KSecPkg;KSecPkg;c:\windows\System32\drivers\ksecpkg.sys [21-Apr-09 9:32 PM 133200]
R0 msahci;msahci;c:\windows\System32\drivers\msahci.sys [21-Apr-09 9:44 PM 27728]
R0 msisadrv;msisadrv;c:\windows\System32\drivers\msisadrv.sys [21-Apr-09 9:08 PM 13904]
R0 pcw;Performance Counters for Windows Driver;c:\windows\System32\drivers\pcw.sys [21-Apr-09 9:08 PM 42576]
R0 rdyboost;ReadyBoost;c:\windows\System32\drivers\rdyboost.sys [21-Apr-09 9:19 PM 173648]
R0 spldr;Security Processor Loader Driver;c:\windows\System32\drivers\spldr.sys [21-Apr-09 6:36 PM 17488]
R0 storflt;Disk Virtual Machine Bus Acceleration Filter Driver;c:\windows\System32\drivers\vmstorfl.sys [22-Apr-09 4:23 AM 40912]
R0 vdrvroot;Microsoft Virtual Drive Enumerator Driver;c:\windows\System32\drivers\vdrvroot.sys [21-Apr-09 9:44 PM 32848]
R0 volmgr;Volume Manager Driver;c:\windows\System32\drivers\volmgr.sys [21-Apr-09 9:08 PM 52304]
R0 volmgrx;Dynamic Volume Manager;c:\windows\System32\drivers\volmgrx.sys [21-Apr-09 9:09 PM 297040]
R1 AMonTDLH;AMonTDLH;c:\windows\System32\drivers\AmonTDLh.sys [07-Feb-10 9:10 PM 87648]
R1 aswSP;aswSP;c:\windows\System32\drivers\aswSP.sys [04-Feb-10 4:48 PM 162512]
R1 blbdrive;blbdrive;c:\windows\System32\drivers\blbdrive.sys [21-Apr-09 9:20 PM 35328]
R1 CSC;Offline Files Driver;c:\windows\System32\drivers\csc.sys [21-Apr-09 9:12 PM 387584]
R1 DfsC;DFS Namespace Client Driver;c:\windows\System32\drivers\dfsc.sys [21-Apr-09 9:11 PM 78336]
R1 discache;System Attribute Cache;c:\windows\System32\drivers\discache.sys [21-Apr-09 9:21 PM 32768]
R1 nsiproxy;NSI proxy service driver.;c:\windows\System32\drivers\nsiproxy.sys [21-Apr-09 9:09 PM 16896]
R1 RDPENCDD;RDP Encoder Mirror Driver;c:\windows\System32\drivers\RDPENCDD.sys [21-Apr-09 10:00 PM 6656]
R1 RDPREFMP;Reflector Display Driver used to gain access to graphics data;c:\windows\System32\drivers\RDPREFMP.sys [21-Apr-09 10:00 PM 7168]
R1 tdx;NetIO Legacy TDI Support Driver;c:\windows\System32\drivers\tdx.sys [21-Apr-09 9:09 PM 74240]
R1 Wanarpv6;Remote Access IPv6 ARP Driver;c:\windows\System32\drivers\wanarp.sys [21-Apr-09 9:53 PM 63488]
R1 WfpLwf;WFP Lightweight Filter;c:\windows\System32\drivers\wfplwf.sys [21-Apr-09 9:52 PM 9728]
R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2009/05/06 21:39];c:\program files\CyberLink\PowerDVD9\000.fcl [28-Feb-09 6:40 PM 87536]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [04-Feb-10 4:48 PM 19024]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [04-Feb-10 4:48 PM 51792]
R2 AudioEndpointBuilder;Windows Audio Endpoint Builder;c:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [21-Apr-09 9:16 PM 20992]
R2 BFE;Base Filtering Engine;c:\windows\system32\svchost.exe -k LocalServiceNoNetwork [21-Apr-09 9:16 PM 20992]
R2 CscService;Offline Files;c:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [21-Apr-09 9:16 PM 20992]
R2 DPS;Diagnostic Policy Service;c:\windows\System32\svchost.exe -k LocalServiceNoNetwork [21-Apr-09 9:16 PM 20992]
R2 FDResPub;Function Discovery Resource Publication;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [21-Apr-09 9:16 PM 20992]
R2 fsproflt;FSPro Filter Service;c:\windows\System32\fsproflt.exe [06-Jul-09 3:12 PM 142648]
R2 gpsvc;Group Policy Client;c:\windows\system32\svchost.exe -k netsvcs [21-Apr-09 9:16 PM 20992]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [29-Oct-09 12:27 PM 1074568]
R2 IKEEXT;IKE and AuthIP IPsec Keying Modules;c:\windows\system32\svchost.exe -k netsvcs [21-Apr-09 9:16 PM 20992]
R2 iphlpsvc;IP Helper;c:\windows\System32\svchost.exe -k NetSvcs [21-Apr-09 9:16 PM 20992]
R2 lltdio;Link-Layer Topology Discovery Mapper I/O Driver;c:\windows\System32\drivers\lltdio.sys [21-Apr-09 9:51 PM 48128]
R2 luafv;UAC File Virtualization;c:\windows\System32\drivers\luafv.sys [21-Apr-09 9:13 PM 86528]
R2 MpsSvc;Windows Firewall;c:\windows\system32\svchost.exe -k LocalServiceNoNetwork [21-Apr-09 9:16 PM 20992]
R2 NlaSvc;Network Location Awareness;c:\windows\System32\svchost.exe -k NetworkService [21-Apr-09 9:16 PM 20992]
R2 nsi;Network Store Interface Service;c:\windows\system32\svchost.exe -k LocalService [21-Apr-09 9:16 PM 20992]
R2 PEAUTH;PEAUTH;c:\windows\System32\drivers\PEAuth.sys [21-Apr-09 9:33 PM 586752]
R2 Power;Power;c:\windows\system32\svchost.exe -k DcomLaunch [21-Apr-09 9:16 PM 20992]
R2 ProfSvc;User Profile Service;c:\windows\system32\svchost.exe -k netsvcs [21-Apr-09 9:16 PM 20992]
R2 RpcEptMapper;RPC Endpoint Mapper;c:\windows\system32\svchost.exe -k RPCSS [21-Apr-09 9:16 PM 20992]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [25-Jan-10 8:58 PM 1153368]
R2 SysMain;Superfetch;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [21-Apr-09 9:16 PM 20992]
R2 tcpipreg;TCP/IP Registry Compatibility;c:\windows\System32\drivers\tcpipreg.sys [21-Apr-09 9:52 PM 34816]
R2 UxSms;Desktop Window Manager Session Manager;c:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [21-Apr-09 9:16 PM 20992]
R2 vmci;VMware vmci;c:\windows\System32\drivers\vmci.sys [26-Mar-09 9:58 PM 54960]
R2 WinDefend;Windows Defender;c:\windows\System32\svchost.exe -k secsvcs [21-Apr-09 9:16 PM 20992]
R2 Wlansvc;WLAN AutoConfig;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [21-Apr-09 9:16 PM 20992]
R2 WMDrive;WMDrive;c:\windows\System32\drivers\WMDrive.sys [23-Sep-09 12:40 PM 32384]
R2 XRNBO;XRNBO;c:\windows\System32\drivers\XRNBO.sys [24-May-09 9:10 PM 177152]
R3 1394ohci;1394 OHCI Compliant Host Controller;c:\windows\System32\drivers\1394ohci.sys [21-Apr-09 9:50 PM 162816]
R3 bowser;Browser Support Driver;c:\windows\System32\drivers\bowser.sys [21-Apr-09 9:11 PM 69632]
R3 CompositeBus;Composite Bus Enumerator Driver;c:\windows\System32\drivers\CompositeBus.sys [21-Apr-09 9:43 PM 31232]
R3 DXGKrnl;LDDM Graphics Subsystem;c:\windows\System32\drivers\dxgkrnl.sys [21-Apr-09 9:23 PM 720384]
R3 fdPHost;Function Discovery Provider Host;c:\windows\system32\svchost.exe -k LocalService [21-Apr-09 9:16 PM 20992]
R3 HomeGroupListener;HomeGroup Listener;c:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [21-Apr-09 9:16 PM 20992]
R3 HomeGroupProvider;HomeGroup Provider;c:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted [21-Apr-09 9:16 PM 20992]
R3 KeyIso;CNG Key Isolation;c:\windows\System32\lsass.exe [21-Apr-09 9:09 PM 22528]
R3 monitor;Microsoft Monitor Class Function Driver Service;c:\windows\System32\drivers\monitor.sys [21-Apr-09 9:23 PM 23552]
R3 mpsdrv;Windows Firewall Authorization Driver;c:\windows\System32\drivers\mpsdrv.sys [21-Apr-09 9:51 PM 60416]
R3 mrxsmb10;SMB 1.x MiniRedirector;c:\windows\System32\drivers\mrxsmb10.sys [21-Apr-09 9:11 PM 220672]
R3 mrxsmb20;SMB 2.0 MiniRedirector;c:\windows\System32\drivers\mrxsmb20.sys [21-Apr-09 9:11 PM 94720]
R3 NativeWifiP;NativeWiFi Filter;c:\windows\System32\drivers\nwifi.sys [21-Apr-09 9:50 PM 267264]
R3 netprofm;Network List Service;c:\windows\System32\svchost.exe -k LocalService [21-Apr-09 9:16 PM 20992]
R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\System32\drivers\netw5v32.sys [08-Apr-09 8:09 PM 4231168]
R3 PcaSvc;Program Compatibility Assistant Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [21-Apr-09 9:16 PM 20992]
R3 RasAgileVpn;WAN Miniport (IKEv2);c:\windows\System32\drivers\agilevpn.sys [21-Apr-09 9:53 PM 49152]
R3 rdpbus;Remote Desktop Device Redirector Bus Driver;c:\windows\System32\drivers\rdpbus.sys [21-Apr-09 10:01 PM 18432]
R3 srv2;Server SMB 2.xxx Driver;c:\windows\System32\drivers\srv2.sys [20-Oct-09 10:12 PM 306688]
R3 srvnet;srvnet;c:\windows\System32\drivers\srvnet.sys [21-Apr-09 9:12 PM 113664]
R3 tunnel;Microsoft Tunnel Miniport Adapter Driver;c:\windows\System32\drivers\tunnel.sys [21-Apr-09 9:52 PM 108032]
R3 umbus;UMBus Enumerator Driver;c:\windows\System32\drivers\umbus.sys [13-May-09 10:33 PM 39936]
R3 wcncsvc;Windows Connect Now - Config Registrar;c:\windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [21-Apr-09 9:16 PM 20992]
R3 WdiServiceHost;Diagnostic Service Host;c:\windows\System32\svchost.exe -k LocalService [21-Apr-09 9:16 PM 20992]
S2 MMCSS;Multimedia Class Scheduler;c:\windows\system32\svchost.exe -k netsvcs [21-Apr-09 9:16 PM 20992]
S2 sppsvc;Software Protection;c:\windows\System32\sppsvc.exe [21-Apr-09 10:44 PM 3179520]
S3 AcpiPmi;ACPI Power Meter Driver;c:\windows\System32\drivers\acpipmi.sys [21-Apr-09 9:13 PM 9728]
S3 adp94xx;adp94xx;c:\windows\System32\drivers\adp94xx.sys [20-Mar-09 9:22 AM 422992]
S3 adpahci;adpahci;c:\windows\System32\drivers\adpahci.sys [21-Apr-09 8:07 PM 297552]
S3 amdsata;amdsata;c:\windows\System32\drivers\amdsata.sys [20-Mar-09 9:23 AM 77904]
S3 amdsbs;amdsbs;c:\windows\System32\drivers\amdsbs.sys [27-Mar-09 10:45 PM 159312]
S3 AppID;AppID Driver;c:\windows\System32\drivers\appid.sys [21-Apr-09 9:35 PM 50176]
S3 AppIDSvc;Application Identity;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [21-Apr-09 9:16 PM 20992]
S3 Appinfo;Application Information;c:\windows\system32\svchost.exe -k netsvcs [21-Apr-09 9:16 PM 20992]
S3 arcsas;arcsas;c:\windows\System32\drivers\arcsas.sys [21-Apr-09 8:07 PM 86608]
S3 b06bdrv;Broadcom NetXtreme II VBD;c:\windows\System32\drivers\bxvbdx.sys [20-Mar-09 9:22 AM 430080]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [21-Apr-09 8:01 PM 229888]
S3 BDESVC;BitLocker Drive Encryption Service;c:\windows\System32\svchost.exe -k netsvcs [21-Apr-09 9:16 PM 20992]
S3 BrFiltLo;Brother USB Mass-Storage Lower Filter Driver;c:\windows\System32\drivers\BrFiltLo.sys [21-Apr-09 10:55 PM 13568]
S3 BrFiltUp;Brother USB Mass-Storage Upper Filter Driver;c:\windows\System32\drivers\BrFiltUp.sys [21-Apr-09 10:56 PM 5248]
S3 Brserid;Brother MFC Serial Port Interface Driver (WDM);c:\windows\System32\drivers\BrSerId.sys [21-Apr-09 10:53 PM 272128]
S3 BrSerWdm;Brother WDM Serial driver;c:\windows\System32\drivers\BrSerWdm.sys [21-Apr-09 10:55 PM 62336]
S3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\System32\drivers\BrUsbMdm.sys [21-Apr-09 10:55 PM 12160]
S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\System32\drivers\btnetBus.sys [07-Dec-08 12:44 PM 30088]
S3 CdmDrvNt;CdmDrvNt;c:\windows\System32\drivers\CdmDrvNt.sys [07-Feb-10 9:10 PM 19616]
S3 CertPropSvc;Certificate Propagation;c:\windows\system32\svchost.exe -k netsvcs [21-Apr-09 9:16 PM 20992]
S3 circlass;Consumer IR Devices;c:\windows\System32\drivers\circlass.sys [21-Apr-09 9:49 PM 37888]
S3 defragsvc;Disk Defragmenter;c:\windows\system32\svchost.exe -k defragsvc [21-Apr-09 9:16 PM 20992]
S3 ebdrv;Broadcom NetXtreme II 10 GigE VBD;c:\windows\System32\drivers\evbdx.sys [20-Mar-09 9:22 AM 3100160]
S3 elxstor;elxstor;c:\windows\System32\drivers\elxstor.sys [20-Mar-09 9:23 AM 453712]
S3 Filetrace;Filetrace;c:\windows\System32\drivers\filetrace.sys [21-Apr-09 9:12 PM 28160]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [21-Apr-09 9:16 PM 20992]
S3 FsDepends;File System Dependency Minifilter;c:\windows\System32\drivers\fsdepends.sys [21-Apr-09 9:12 PM 45648]
S3 hcw85cir;Hauppauge Consumer Infrared Receiver;c:\windows\System32\drivers\hcw85cir.sys [21-Apr-09 8:52 PM 26624]
S3 HpSAMD;HpSAMD;c:\windows\System32\drivers\HpSAMD.sys [21-Apr-09 8:07 PM 67152]
S3 iaStorV;iaStorV;c:\windows\System32\drivers\iaStorV.sys [14-Apr-09 8:30 PM 332368]
S3 IPBusEnum;PnP-X IP Bus Enumerator;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [21-Apr-09 9:16 PM 20992]
S3 IPMIDRV;IPMIDRV;c:\windows\System32\drivers\IPMIDrv.sys [21-Apr-09 9:28 PM 65536]
S3 iScsiPrt;iScsiPort Driver;c:\windows\System32\drivers\msiscsi.sys [21-Apr-09 9:44 PM 186960]
S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\System32\drivers\IvtBtBus.sys [02-Jul-08 2:58 PM 26248]
S3 KtmRm;KtmRm for Distributed Transaction Coordinator;c:\windows\System32\svchost.exe -k NetworkServiceAndNoImpersonation [21-Apr-09 9:16 PM 20992]
S3 lltdsvc;Link-Layer Topology Discovery Mapper;c:\windows\System32\svchost.exe -k LocalService [21-Apr-09 9:16 PM 20992]
S3 LSI_FC;LSI_FC;c:\windows\System32\drivers\lsi_fc.sys [21-Apr-09 8:07 PM 95824]
S3 LSI_SAS;LSI_SAS;c:\windows\System32\drivers\lsi_sas.sys [21-Apr-09 8:07 PM 89168]
S3 LSI_SAS2;LSI_SAS2;c:\windows\System32\drivers\lsi_sas2.sys [21-Apr-09 8:07 PM 54864]
S3 LSI_SCSI;LSI_SCSI;c:\windows\System32\drivers\lsi_scsi.sys [21-Apr-09 8:07 PM 96848]
S3 megasas;megasas;c:\windows\System32\drivers\megasas.sys [20-Mar-09 9:23 AM 30800]
S3 MfFWEnt;MfFWEnt;c:\program files\AhnLab\ASP\MyFirewall 4.0\mffwent.sys [07-Feb-10 9:10 PM 101336]
S3 MfIPSEnt;MfIPSEnt;c:\program files\AhnLab\ASP\MyFirewall 4.0\mfipsent.sys [07-Feb-10 9:10 PM 121504]
S3 Mkd2Bthf;Mkd2Bthf;c:\windows\System32\drivers\Mkd2BthF.sys [07-Feb-10 9:10 PM 81016]
S3 Mkd2kfNt;Mkd2kfNt;c:\windows\System32\drivers\Mkd2kfNT.sys [07-Feb-10 9:10 PM 141176]
S3 Mkd2Nadr;Mkd2Nadr;c:\windows\System32\drivers\Mkd2Nadr.sys [07-Feb-10 9:10 PM 86136]
S3 mpio;mpio;c:\windows\System32\drivers\mpio.sys [21-Apr-09 9:44 PM 130640]
S3 msdsm;msdsm;c:\windows\System32\drivers\msdsm.sys [21-Apr-09 9:44 PM 115792]
S3 mshidkmdf;Pass-through HID to KMDF Filter Driver;c:\windows\System32\drivers\mshidkmdf.sys [21-Apr-09 9:49 PM 4096]
S3 MSiSCSI;Microsoft iSCSI Initiator Service;c:\windows\system32\svchost.exe -k netsvcs [21-Apr-09 9:16 PM 20992]
S3 MsRPC;MsRPC;c:\windows\System32\drivers\msrpc.sys [21-Apr-09 9:09 PM 162896]
S3 MTConfig;Microsoft Input Configuration Driver;c:\windows\System32\drivers\MTConfig.sys [21-Apr-09 9:45 PM 12288]
S3 NdisCap;NDIS Capture LightWeight Filter;c:\windows\System32\drivers\ndiscap.sys [21-Apr-09 9:51 PM 27136]
S3 nfrd960;nfrd960;c:\windows\System32\drivers\nfrd960.sys [21-Apr-09 8:07 PM 44624]
S3 nvstor;nvstor;c:\windows\System32\drivers\nvstor.sys [14-Apr-09 8:30 PM 142416]
S3 PeerDistSvc;BranchCache;c:\windows\System32\svchost.exe -k PeerDist [21-Apr-09 9:16 PM 20992]
S3 pla;Performance Logs & Alerts;c:\windows\System32\svchost.exe -k LocalServiceNoNetwork [21-Apr-09 9:16 PM 20992]
S3 PNRPAutoReg;PNRP Machine Name Publication Service;c:\windows\System32\svchost.exe -k LocalServicePeerNet [21-Apr-09 9:16 PM 20992]
S3 PortTalk;PortTalk;c:\windows\System32\drivers\porttalk.sys [24-May-09 12:12 PM 3567]
S3 ql2300;ql2300;c:\windows\System32\drivers\ql2300.sys [20-Mar-09 9:23 AM 1383504]
S3 ql40xx;ql40xx;c:\windows\System32\drivers\ql40xx.sys [21-Apr-09 8:07 PM 105552]
S3 s3cap;s3cap;c:\windows\System32\drivers\vms3cap.sys [22-Apr-09 4:23 AM 5632]
S3 scfilter;Smart card PnP Class Filter Driver;c:\windows\System32\drivers\scfilter.sys [21-Apr-09 9:32 PM 26624]
S3 SCPolicySvc;Smart Card Removal Policy;c:\windows\system32\svchost.exe -k netsvcs [21-Apr-09 9:16 PM 20992]
S3 SDRSVC;Windows Backup;c:\windows\system32\svchost.exe -k SDRSVC [21-Apr-09 9:16 PM 20992]
S3 SensrSvc;Adaptive Brightness;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [21-Apr-09 9:16 PM 20992]
S3 SessionEnv;Remote Desktop Configuration;c:\windows\System32\svchost.exe -k netsvcs [21-Apr-09 9:16 PM 20992]
S3 sffp_mmc;SFF Storage Protocol Driver for MMC;c:\windows\System32\drivers\sffp_mmc.sys [21-Apr-09 9:44 PM 12288]
S3 SiSRaid4;SiSRaid4;c:\windows\System32\drivers\sisraid4.sys [21-Apr-09 8:07 PM 77904]
S3 Smb;Message-oriented TCP/IP and TCP/IPv6 Protocol (SMB session);c:\windows\System32\drivers\smb.sys [21-Apr-09 9:52 PM 71168]
S3 sppuinotify;SPP Notification Service;c:\windows\system32\svchost.exe -k LocalService [21-Apr-09 9:16 PM 20992]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\System32\drivers\VSTAZL3.SYS [21-Apr-09 8:11 PM 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\System32\drivers\VSTDPV3.SYS [21-Apr-09 8:11 PM 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\System32\drivers\VSTCNXT3.SYS [21-Apr-09 8:11 PM 661504]
S3 stexstor;stexstor;c:\windows\System32\drivers\stexstor.sys [21-Apr-09 8:07 PM 21072]
S3 storvsc;storvsc;c:\windows\System32\drivers\storvsc.sys [22-Apr-09 4:23 AM 28240]
S3 TabletInputService;Tablet PC Input Service;c:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [21-Apr-09 9:16 PM 20992]
S3 TBS;TPM Base Services;c:\windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [21-Apr-09 9:16 PM 20992]
S3 THREADORDER;Thread Ordering Server;c:\windows\system32\svchost.exe -k LocalService [21-Apr-09 9:16 PM 20992]
S3 TrustedInstaller;Windows Modules Installer;c:\windows\servicing\TrustedInstaller.exe [21-Apr-09 9:20 PM 204800]
S3 tssecsrv;Remote Desktop Services Security Filter Driver;c:\windows\System32\drivers\tssecsrv.sys [21-Apr-09 10:00 PM 30208]
S3 UI0Detect;Interactive Services Detection;c:\windows\System32\UI0Detect.exe [21-Apr-09 9:35 PM 35840]
S3 uliagpkx;Uli AGP Bus Filter;c:\windows\System32\drivers\ULIAGPKX.SYS [21-Apr-09 9:23 PM 57424]
S3 UmRdpService;Remote Desktop Services UserMode Port Redirector;c:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [21-Apr-09 9:16 PM 20992]
S3 usbcir;eHome Infrared Receiver (USBCIR);c:\windows\System32\drivers\usbcir.sys [21-Apr-09 9:49 PM 86016]
S3 VaultSvc;Credential Manager;c:\windows\System32\lsass.exe [21-Apr-09 9:09 PM 22528]
S3 vhdmp;vhdmp;c:\windows\System32\drivers\vhdmp.sys [21-Apr-09 9:44 PM 158288]
S3 ViaC7;VIA C7 Processor Driver;c:\windows\System32\drivers\viac7.sys [21-Apr-09 9:08 PM 52736]
S3 vmbus;vmbus;c:\windows\System32\drivers\vmbus.sys [22-Apr-09 4:23 AM 175824]
S3 VMBusHID;VMBusHID;c:\windows\System32\drivers\VMBusHID.sys [22-Apr-09 4:23 AM 17920]
S3 vsmraid;vsmraid;c:\windows\System32\drivers\vsmraid.sys [20-Mar-09 9:23 AM 141904]
S3 vwifibus;Virtual WiFi Bus Driver;c:\windows\System32\drivers\vwifibus.sys [21-Apr-09 9:50 PM 19968]
S3 WacomPen;Wacom Serial Pen HID Driver;c:\windows\System32\drivers\wacompen.sys [21-Apr-09 9:45 PM 21632]
S3 wbengine;Block Level Backup Engine Service;c:\windows\System32\wbengine.exe [21-Apr-09 9:21 PM 1203200]
S3 WbioSrvc;Windows Biometric Service;c:\windows\system32\svchost.exe -k WbioSvcGroup [21-Apr-09 9:16 PM 20992]
S3 WcsPlugInService;Windows Color System;c:\windows\system32\svchost.exe -k wcssvc [21-Apr-09 9:16 PM 20992]
S3 Wd;Wd;c:\windows\System32\drivers\wd.sys [21-Apr-09 9:08 PM 19024]
S3 WdiSystemHost;Diagnostic System Host;c:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [21-Apr-09 9:16 PM 20992]
S3 Wecsvc;Windows Event Collector;c:\windows\system32\svchost.exe -k NetworkService [21-Apr-09 9:16 PM 20992]
S3 wercplsupport;Problem Reports and Solutions Control Panel Support;c:\windows\System32\svchost.exe -k netsvcs [21-Apr-09 9:16 PM 20992]
S3 WerSvc;Windows Error Reporting Service;c:\windows\System32\svchost.exe -k WerSvcGroup [21-Apr-09 9:16 PM 20992]
S3 WIMMount;WIMMount;c:\windows\System32\drivers\wimmount.sys [21-Apr-09 9:15 PM 19024]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\System32\svchost.exe -k NetworkService [21-Apr-09 9:16 PM 20992]
S3 WPCSvc;Parental Controls;c:\windows\system32\svchost.exe -k LocalServiceNetworkRestricted [21-Apr-09 9:16 PM 20992]
S3 WPDBusEnum;Portable Device Enumerator Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [21-Apr-09 9:16 PM 20992]
S3 WwanSvc;WWAN AutoConfig;c:\windows\system32\svchost.exe -k LocalServiceNoNetwork [21-Apr-09 9:16 PM 20992]
S4 Mcx2Svc;Media Center Extender Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [21-Apr-09 9:16 PM 20992]
S4 OracleDBConsoleOLTP;OracleDBConsoleOLTP;c:\oracle\product\11.1.0\db_1\bin\nmesrvc.exe --> c:\oracle\product\11.1.0\db_1\bin\nmesrvc.exe [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
RPCSS REG_MULTI_SZ RpcEptMapper RpcSs
defragsvc REG_MULTI_SZ defragsvc
WerSvcGroup REG_MULTI_SZ wersvc
LocalServiceNoNetwork REG_MULTI_SZ DPS PLA BFE mpssvc WwanSvc
swprv REG_MULTI_SZ swprv
LocalServicePeerNet REG_MULTI_SZ PNRPSvc p2pimsvc p2psvc PnrpAutoReg
NetworkServiceAndNoImpersonation REG_MULTI_SZ KtmRm
regsvc REG_MULTI_SZ RemoteRegistry
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS AppIDSvc FontCache fdrespub QWAVE wcncsvc Mcx2Svc SensrSvc
DcomLaunch REG_MULTI_SZ Power PlugPlay DcomLaunch
NetworkServiceNetworkRestricted REG_MULTI_SZ PolicyAgent
sdrsvc REG_MULTI_SZ sdrsvc
WbioSvcGroup REG_MULTI_SZ WbioSrvc
wcssvc REG_MULTI_SZ WcsPlugInService
secsvcs REG_MULTI_SZ WinDefend
AxInstSVGroup REG_MULTI_SZ AxInstSV
PeerDist REG_MULTI_SZ PeerDistSvc
getPlusHelper REG_MULTI_SZ getPlusHelper

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
AeLookupSvc
CertPropSvc
SCPolicySvc
lanmanserver
gpsvc
IKEEXT
AudioSrv
FastUserSwitchingCompatibility
Nla
NWCWorkstation
SRService
Wmi
WmdmPmSp
TermService
wuauserv
BITS
ShellHWDetection
LogonHours
PCAudit
helpsvc
uploadmgr
iphlpsvc
seclogon
AppInfo
msiscsi
MMCSS
EapHost
wercplsupport
ProfSvc
hkmsvc
winmgmt
SessionEnv
schedule
browser
BDESVC
Themes
AppMgmt

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalSystemNetworkRestricted
homegrouplistener


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
WdiServiceHost
sppuinotify

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetworkService
lanmanworkstation

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalServiceNetworkRestricted
BthHFSrv
homegroupprovider

.
Contents of the 'Scheduled Tasks' folder

2010-02-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-551103025-3862300461-6324029-1000Core.job
- c:\users\Paco\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-21 04:28]

2010-02-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-551103025-3862300461-6324029-1000UA.job
- c:\users\Paco\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-21 04:28]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xportar a Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Lookup on Merriam Webster - file://c:\program files\ieSpell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files\ieSpell\wikipedia.HTM
LSP: c:\program files\VMware\VMware Player\vsocklib.dll
DPF: {72BFBC0F-3C1E-48A6-B50A-0364572E5F6F} - hxxp://201.144.111.147/WebGuard_Login.cab
DPF: {7B43048F-DA7A-458F-AF35-D825BDBB6816} - hxxp://192.168.2.150/codebase/NetVideoOCX.cab
DPF: {ADACAA8F-3595-47FE-9C31-9C7471B9BEC7} - hxxp://improba.sytes.net/cab/OCXChecker_8000.cab
DPF: {C9A25090-D6C4-4D33-87ED-53AA0C3ECE65} - hxxp://download6.quickheal.com/onlnscan/activex/nt/onlnscan.cab
DPF: {DBAFE6AD-DC14-45DF-A3F7-F8832289A1CD} - hxxp://improba.sytes.net/cab/DownloadFile_8000.cab
FF - ProfilePath - c:\users\Paco\AppData\Roaming\Mozilla\Firefox\Profiles\7rohn5hu.default\
FF - plugin: c:\program files\AhnLab\ASP\Components\aosmgr\conflict_228\npaosmgr.dll
FF - plugin: c:\program files\AhnLab\ASP\MyKeyDefense 2.5\npmkd25aos.dll
FF - plugin: c:\program files\AhnLab\ASP\MyKeyDefense 2.5\npmkd25sp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: c:\users\Paco\AppData\Local\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\users\Paco\AppData\Local\Yahoo!\BrowserPlus\2.4.21\Plugins\npybrowserplus_2.4.21.dll
FF - plugin: c:\users\Paco\AppData\Roaming\Mozilla\Firefox\Profiles\7rohn5hu.default\extensions\LogMeInClient@logmein.com\plugins\npRACtrl.dll
FF - plugin: c:\users\Paco\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
.
------- File Associations -------
.
vbefile\shell\open2\command="%SystemRoot%\System32\CScript.exe" "%1" %*
vbsfile\shell\open2\command="%SystemRoot%\System32\CScript.exe" "%1" %*
jsefile\shell\open2\command=c:\windows\System32\CScript.exe "%1" %*
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-13 09:15
Windows 6.1.7100 NTFS

detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-13 09:15
Windows 6.1.7100 NTFS

detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-13 09:15
Windows 6.1.7100 NTFS

detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-13 09:15
Windows 6.1.7100 NTFS

detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-13 09:15
Windows 6.1.7100 NTFS

detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-13 09:15
Windows 6.1.7100 NTFS

detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-13 09:15
Windows 6.1.7100 NTFS

detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-13 09:15
Windows 6.1.7100 NTFS

detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-13 09:15
Windows 6.1.7100 NTFS

detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-13 09:15
Windows 6.1.7100 NTFS

detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-13 09:15
Windows 6.1.7100 NTFS

detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: >>UNKNOWN [0x82E0E000]<< >>UNKNOWN [0x8A3AB000]<< >>UNKNOWN [0x8A400000]<< >>UNKNOWN [0x89F69000]<< >>UNKNOWN [0x8321D000]<< >>UNKNOWN [0x89F3C000]<< >>UNKNOWN [0x89F8C000]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
IoDeviceObjectType -> DumpProcedure -> 0xe5726854
SecurityProcedure -> 0x1
QueryNameProcedure -> 0x8ae05c3e
user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD9\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f5,df,bf,22,d2,a6,bd,40,bf,80,6f,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f5,df,bf,22,d2,a6,bd,40,bf,80,6f,\

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2010-02-13 09:20:07
ComboFix-quarantined-files.txt 2010-02-13 15:20
ComboFix2.txt 2010-02-11 00:21
ComboFix3.txt 2010-01-31 04:52

Pre-Run: 2,898,915,328 bytes free
Post-Run: 2,883,801,088 bytes free

- - End Of File - - 0CF37D70E4375DCEE341091343317120


#10 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:01:56 PM

Posted 13 February 2010 - 03:02 PM

Hi,

Please update your version of Malwarebytes and run a quick scan, post back with the content of the logfile.


  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    safebootminimal
    safebootnetwork
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
  5. Push the Quick Scan button.
  6. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#11 fmg00

fmg00
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:56 AM

Posted 13 February 2010 - 06:54 PM

Hi Tom, only the otl.txt was created

Malwarebytes' Anti-Malware 1.44
Database version: 3734
Windows 6.1.7100
Internet Explorer 8.0.7100.0

13-Feb-10 2:52:09 PM
mbam-log-2010-02-13 (14-52-09).txt

Scan type: Quick Scan
Objects scanned: 118333
Time elapsed: 7 minute(s), 48 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

OTL logfile created on: 13-Feb-10 5:37:15 PM - Run 3
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Users\Paco\Desktop
Ultimate Edition (Version = 6.1.7100) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7100.0)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd-MMM-yy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 43.00% Memory free
5.00 Gb Paging File | 3.00 Gb Available in Paging File | 64.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 58.50 Gb Total Space | 2.84 Gb Free Space | 4.86% Space Free | Partition Type: NTFS
Drive D: | 24.41 Gb Total Space | 7.18 Gb Free Space | 29.41% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 28.78 Gb Total Space | 4.11 Gb Free Space | 14.28% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded

Computer Name: INST-LPSIST
Current User Name: Paco
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010-02-13 14:54:54 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Users\Paco\Desktop\OTL.exe
PRC - [2010-02-11 12:53:42 | 002,756,488 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010-02-11 12:53:39 | 000,040,384 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010-01-26 13:13:52 | 001,214,128 | ---- | M] (FSPro Labs) -- C:\Program Files\My Lockbox\mylbx.exe
PRC - [2010-01-06 17:23:32 | 000,142,648 | ---- | M] (FSPro Labs) -- C:\Windows\System32\fsproflt.exe
PRC - [2009-12-07 01:53:04 | 003,679,664 | ---- | M] (Maxthon International ltd.) -- C:\Program Files\Maxthon2\Maxthon.exe
PRC - [2009-11-12 16:33:04 | 010,358,048 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe
PRC - [2009-11-12 16:33:00 | 000,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009-10-29 12:27:54 | 001,074,568 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
PRC - [2009-10-09 13:11:12 | 025,623,336 | R--- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Phone\Skype.exe
PRC - [2009-10-09 13:11:12 | 000,078,008 | R--- | M] (Skype Technologies) -- C:\Program Files\Skype\Plugin Manager\skypePM.exe
PRC - [2009-08-17 22:48:08 | 018,341,216 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\EXCEL.EXE
PRC - [2009-06-05 10:48:14 | 000,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009-04-21 23:19:35 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009-04-21 23:19:02 | 002,607,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009-03-26 21:57:52 | 000,326,192 | ---- | M] (VMware, Inc.) -- C:\Windows\System32\vmnetdhcp.exe
PRC - [2009-03-26 21:57:36 | 000,399,920 | ---- | M] (VMware, Inc.) -- C:\Windows\System32\vmnat.exe
PRC - [2009-03-26 21:57:32 | 000,113,200 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Player\vmware-authd.exe
PRC - [2009-01-26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008-12-12 10:17:38 | 000,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008-10-20 21:18:26 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe


========== Modules (SafeList) ==========

MOD - [2010-02-13 14:54:54 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Users\Paco\Desktop\OTL.exe
MOD - [2009-05-13 00:15:18 | 001,679,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7100.19_none_b6a32c7c247ee542\comctl32.dll
MOD - [2009-04-21 23:22:04 | 000,099,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009-04-21 23:21:49 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009-04-21 23:21:46 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
MOD - [2009-04-21 23:21:43 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009-04-21 23:21:19 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
MOD - [2009-04-21 23:20:43 | 000,280,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009-04-21 23:20:19 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009-04-21 23:20:14 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009-04-21 23:20:07 | 000,036,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009-04-21 23:20:00 | 000,145,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (OracleDBConsoleOLTP)
SRV - [2010-02-11 12:53:39 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010-02-11 12:53:39 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010-02-11 12:53:39 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010-01-06 17:23:32 | 000,142,648 | ---- | M] (FSPro Labs) [Auto | Running] -- C:\Windows\System32\fsproflt.exe -- (fsproflt)
SRV - [2009-11-12 16:33:00 | 000,545,568 | ---- | M] (Apple Inc.) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009-10-29 12:27:54 | 001,074,568 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2009-09-15 14:29:04 | 000,057,640 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Hotspot Shield\bin\HssTrayService.exe -- (HssTrayService)
SRV - [2009-09-15 14:28:52 | 000,204,848 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Hotspot Shield\bin\openvpnas.exe -- (HotspotShieldService)
SRV - [2009-07-08 15:53:41 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009-07-01 15:47:57 | 000,085,096 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2009-06-05 10:48:14 | 000,144,712 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009-05-21 19:25:32 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009-04-21 23:22:25 | 000,185,344 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009-04-21 23:22:12 | 000,151,040 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009-04-21 23:22:10 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009-04-21 23:22:07 | 000,037,888 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009-04-21 23:22:02 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009-04-21 23:21:49 | 000,025,600 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009-04-21 23:21:46 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009-04-21 23:21:43 | 000,164,864 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009-04-21 23:21:42 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009-04-21 23:21:42 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009-04-21 23:21:42 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009-04-21 23:21:40 | 001,004,032 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009-04-21 23:20:52 | 000,680,448 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009-04-21 23:20:30 | 000,797,184 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009-04-21 23:20:14 | 000,252,928 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009-04-21 23:20:13 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009-04-21 23:19:55 | 000,076,288 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009-04-21 23:19:54 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV)
SRV - [2009-04-21 23:19:51 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009-04-21 23:19:20 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
SRV - [2009-03-26 21:57:52 | 000,326,192 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\System32\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2009-03-26 21:57:36 | 000,399,920 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\System32\vmnat.exe -- (VMware NAT Service)
SRV - [2009-03-26 21:57:32 | 000,113,200 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\VMware\VMware Player\vmware-authd.exe -- (VMAuthdService)
SRV - [2009-01-26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008-12-12 10:17:38 | 000,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008-12-01 10:49:02 | 000,191,024 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files\VMware\VMware Player\vmware-ufad.exe -- (ufad-ws60)
SRV - [2008-11-04 00:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008-10-20 21:18:26 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2007-01-30 04:23:52 | 000,386,560 | ---- | M] (Conexant Systems, Inc.) [Auto | Stopped] -- C:\Windows\System32\drivers\XAudio.exe -- (XAudioService)
SRV - [2006-10-26 13:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A9 4D B9 C5 FD CD C9 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: LogMeInClient@logmein.com:1.0.0.496
FF - prefs.js..extensions.enabledItems: multipletab@piro.sakura.ne.jp:0.5.2010020301
FF - prefs.js..extensions.enabledItems: quickdrag@mozilla.ktechcomputing.com:2.0.2.1
FF - prefs.js..extensions.enabledItems: undoclosedtabsbutton@supernova00.biz:3.6.2

FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-01-25 17:39:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-01-25 17:39:52 | 000,000,000 | ---D | M]

[2009-05-18 04:34:42 | 000,000,000 | ---D | M] -- C:\Users\Paco\AppData\Roaming\Mozilla\Extensions
[2010-02-11 14:38:57 | 000,000,000 | ---D | M] -- C:\Users\Paco\AppData\Roaming\Mozilla\Firefox\Profiles\7rohn5hu.default\extensions
[2010-01-07 16:02:03 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Paco\AppData\Roaming\Mozilla\Firefox\Profiles\7rohn5hu.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010-01-25 17:43:28 | 000,000,000 | ---D | M] -- C:\Users\Paco\AppData\Roaming\Mozilla\Firefox\Profiles\7rohn5hu.default\extensions\LogMeInClient@logmein.com
[2010-02-07 22:11:33 | 000,000,000 | ---D | M] -- C:\Users\Paco\AppData\Roaming\Mozilla\Firefox\Profiles\7rohn5hu.default\extensions\multipletab@piro.sakura.ne.jp
[2009-11-15 16:19:48 | 000,000,000 | ---D | M] -- C:\Users\Paco\AppData\Roaming\Mozilla\Firefox\Profiles\7rohn5hu.default\extensions\quickdrag@mozilla.ktechcomputing.com
[2010-02-07 22:11:33 | 000,000,000 | ---D | M] -- C:\Users\Paco\AppData\Roaming\Mozilla\Firefox\Profiles\7rohn5hu.default\extensions\undoclosedtabsbutton@supernova00.biz
[2010-02-11 14:38:57 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010-01-13 16:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll

O1 HOSTS File: ([2010-01-31 18:45:27 | 000,373,738 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 12877 more lines...
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\hssie\HssIE.dll (AnchorFree Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [mylbx] C:\Program Files\My Lockbox\mylbx.exe (FSPro Labs)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xportar a Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\VMware\VMware Player\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\VMware\VMware Player\vsocklib.dll (VMware, Inc.)
O15 - HKLM\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 64 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {063F7D71-5E0B-48F2-87D5-F63C5917947E} https://www.blink.com/accival/aosmgr.cab (Aosmgr Control)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Reg Error: Key error.)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {72BFBC0F-3C1E-48A6-B50A-0364572E5F6F} http://201.144.111.147/WebGuard_Login.cab (Reg Error: Key error.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {7B43048F-DA7A-458F-AF35-D825BDBB6816} http://192.168.2.150/codebase/NetVideoOCX.cab (NetVideoOCX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} http://201.139.8.22/activex/AxisCamControl.cab (Reg Error: Key error.)
O16 - DPF: {ADACAA8F-3595-47FE-9C31-9C7471B9BEC7} http://improba.sytes.net/cab/OCXChecker_8000.cab (Reg Error: Key error.)
O16 - DPF: {C9A25090-D6C4-4D33-87ED-53AA0C3ECE65} http://download6.quickheal.com/onlnscan/ac...nt/onlnscan.cab (Quick Heal Online Scan)
O16 - DPF: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_12)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DBAFE6AD-DC14-45DF-A3F7-F8832289A1CD} http://improba.sytes.net/cab/DownloadFile_8000.cab (Reg Error: Key error.)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-03-20 09:42:25 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009-07-01 15:46:43 | 000,000,000 | ---D | M] - D:\Autocad2009 -- [ NTFS ]
O32 - AutoRun File - [2010-01-28 01:30:11 | 000,000,000 | ---D | M] - H:\Autodesk AutoCAD 2010 -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2009-04-22 00:17:33 | 000,000,000 | ---D | M]
NetSvcs: Irmon - C:\Windows\System32\irmon.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation)
NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation)

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: dmadmin - Service
SafeBootMin: dmboot.sys - Driver
SafeBootMin: dmio.sys - Driver
SafeBootMin: dmload.sys - Driver
SafeBootMin: dmserver - Service
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Power - C:\Windows\System32\umpo.dll (Microsoft Corporation)
SafeBootMin: Primary disk - Driver Group
SafeBootMin: RpcEptMapper - C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sr.sys - C:\Windows\System32\wbem\sr.mof ()
SafeBootMin: SRService - Service
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: Dhcp - C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
SafeBootNet: dmadmin - Service
SafeBootNet: dmboot.sys - Driver
SafeBootNet: dmio.sys - Driver
SafeBootNet: dmload.sys - Driver
SafeBootNet: dmserver - Service
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: Hamachi2Svc - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SafeBootNet: HelpSvc - Service
SafeBootNet: ip6fw.sys - Driver
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: ndiscap - C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: NtLmSsp - Service
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Power - C:\Windows\System32\umpo.dll (Microsoft Corporation)
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: RpcEptMapper - C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sr.sys - C:\Windows\System32\wbem\sr.mof ()
SafeBootNet: SRService - Service
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {1a3e09be-1e45-494b-9174-d7385b45bbf5} - Reg Error: Value error.
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

========== Files/Folders - Created Within 14 Days ==========

File not found -- C:\Windows\System32\drivers\mshcmd.sys.
[2010-02-13 14:54:45 | 000,549,376 | ---- | C] (OldTimer Tools) -- C:\Users\Paco\Desktop\OTL.exe
[2010-02-13 09:20:11 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010-02-13 09:20:09 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010-02-13 09:20:09 | 000,000,000 | ---D | C] -- C:\Users\Paco\AppData\Local\temp
[2010-02-13 09:00:12 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010-02-13 09:00:08 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2010-02-10 17:59:01 | 000,000,000 | ---D | C] -- C:\Device
[2010-02-08 23:06:05 | 000,000,000 | ---D | C] -- C:\hp
[2010-02-07 21:10:56 | 000,077,921 | ---- | C] (Ahnlab, Inc.) -- C:\Windows\System32\v3w32se2.dll
[2010-02-07 21:10:15 | 000,141,176 | ---- | C] (AhnLab, Inc.) -- C:\Windows\System32\drivers\Mkd2kfNT.sys
[2010-02-07 21:10:15 | 000,086,136 | ---- | C] (AhnLab, Inc.) -- C:\Windows\System32\drivers\Mkd2Nadr.sys
[2010-02-07 21:10:15 | 000,081,016 | ---- | C] (AhnLab, Inc.) -- C:\Windows\System32\drivers\Mkd2BthF.sys
[2010-02-07 21:10:14 | 000,087,648 | ---- | C] (AhnLab, Inc.) -- C:\Windows\System32\drivers\AmonTDLh.sys
[2010-02-07 21:10:14 | 000,019,616 | ---- | C] (AhnLab, Inc.) -- C:\Windows\System32\drivers\CdmDrvNt.sys
[2010-02-07 21:10:14 | 000,000,000 | ---D | C] -- C:\Users\Paco\AppData\Roaming\AhnLab
[2010-02-07 21:00:25 | 000,000,000 | ---D | C] -- C:\Program Files\AhnLab
[2010-02-04 16:48:26 | 000,162,512 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswSP.sys
[2010-02-04 16:48:26 | 000,019,024 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2010-02-04 16:48:25 | 000,023,376 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2010-02-04 16:48:24 | 000,046,672 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2010-02-04 16:48:21 | 000,051,792 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2010-02-04 16:47:29 | 000,153,184 | ---- | C] (ALWIL Software) -- C:\Windows\System32\aswBoot.exe
[2010-02-04 16:47:29 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\Windows\System32\avastSS.scr
[2010-02-04 16:47:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
[2010-02-04 16:47:25 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010-02-04 16:32:36 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2010-01-31 20:58:23 | 000,000,000 | ---D | C] -- C:\Users\Paco\AppData\Roaming\ieSpell
[2010-01-31 14:32:34 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010-01-30 23:39:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Thinstall
[2010-01-30 23:39:06 | 000,000,000 | ---D | C] -- C:\Program Files\TuneUp Utilities (VMware ThinApp)
[2010-01-30 23:34:33 | 000,000,000 | ---D | C] -- C:\Program Files\Uninstall Winner
[2010-01-30 23:30:58 | 000,000,000 | ---D | C] -- C:\Users\Paco\Documents\Uninstall_Tool_v2.8.1_build_5023__Portable
[2010-01-30 23:26:16 | 000,000,000 | ---D | C] -- C:\Users\Paco\Documents\Absolute_Uninstaller_Pro_5.0.1.3_Portable
[2010-01-30 23:26:05 | 000,000,000 | ---D | C] -- C:\Users\Paco\AppData\Roaming\Thinstall
[2010-01-30 23:26:04 | 000,000,000 | ---D | C] -- C:\Users\Paco\AppData\Local\Thinstall
[2010-01-30 22:31:46 | 000,000,000 | ---D | C] -- C:\Qoobox
[2009-12-04 19:36:17 | 000,018,944 | ---- | C] ( ) -- C:\Windows\System32\implode.dll

========== Files - Modified Within 14 Days ==========

File not found -- C:\Windows\System32\drivers\mshcmd.sys.
[2010-02-13 17:40:03 | 010,485,760 | -HS- | M] () -- C:\Users\Paco\NTUSER.DAT
[2010-02-13 17:33:52 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-551103025-3862300461-6324029-1000UA.job
[2010-02-13 17:33:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010-02-13 14:54:54 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Users\Paco\Desktop\OTL.exe
[2010-02-13 10:44:02 | 000,381,841 | ---- | M] () -- C:\Users\Paco\Desktop\cupon.xps
[2010-02-13 09:15:32 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010-02-13 08:58:34 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-551103025-3862300461-6324029-1000Core.job
[2010-02-13 08:58:28 | 003,857,112 | R--- | M] () -- C:\Users\Paco\Desktop\schrauber.exe
[2010-02-11 20:53:34 | 000,013,408 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010-02-11 20:53:34 | 000,013,408 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010-02-11 20:46:00 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010-02-11 20:45:39 | 2005,491,712 | -HS- | M] () -- C:\hiberfil.sys
[2010-02-11 20:44:34 | 001,892,759 | -H-- | M] () -- C:\Users\Paco\AppData\Local\IconCache.db
[2010-02-11 19:42:59 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2010-02-11 17:35:13 | 000,002,245 | ---- | M] () -- C:\Users\Paco\Desktop\Google Chrome.lnk
[2010-02-11 12:53:57 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\Windows\System32\avastSS.scr
[2010-02-11 12:53:36 | 000,153,184 | ---- | M] (ALWIL Software) -- C:\Windows\System32\aswBoot.exe
[2010-02-11 12:42:34 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2010-02-11 12:42:13 | 000,162,512 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswSP.sys
[2010-02-11 12:39:01 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2010-02-11 12:38:45 | 000,051,792 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2010-02-11 12:38:23 | 000,019,024 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2010-02-10 20:32:17 | 000,735,514 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010-02-10 20:32:17 | 000,629,716 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010-02-10 20:32:17 | 000,109,782 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010-02-08 17:52:06 | 000,000,000 | ---- | M] () -- C:\Users\Paco\defogger_reenable
[2010-02-08 17:51:05 | 000,050,477 | ---- | M] () -- C:\Users\Paco\Desktop\Defogger.exe
[2010-02-07 21:10:56 | 000,077,921 | ---- | M] (Ahnlab, Inc.) -- C:\Windows\System32\v3w32se2.dll
[2010-02-06 14:45:04 | 000,238,224 | -H-- | M] () -- C:\Windows\System32\mlfcache.dat
[2010-02-06 12:50:35 | 000,364,673 | ---- | M] () -- C:\Users\Paco\Documents\CV Francisco Martinez G.pdf
[2010-02-06 12:50:21 | 000,095,695 | ---- | M] () -- C:\Users\Paco\Documents\CV FMG.docx
[2010-02-04 16:48:27 | 000,001,961 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2010-02-04 16:32:40 | 000,000,929 | ---- | M] () -- C:\Users\Paco\Desktop\SpywareBlaster.lnk
[2010-02-03 23:57:03 | 000,007,168 | ---- | M] () -- C:\Users\Paco\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-02-02 13:55:54 | 000,002,050 | -H-- | M] () -- C:\Users\Paco\Documents\Default.rdp
[2010-02-01 22:17:50 | 002,421,312 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010-02-01 21:48:03 | 000,146,432 | ---- | M] () -- C:\Users\Paco\AppData\Local\GDIPFONTCACHEV1.DAT
[2010-01-31 18:45:27 | 000,373,738 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010-01-30 23:38:53 | 052,044,795 | ---- | M] () -- C:\Users\Paco\Documents\SPVN.Portable.TU.U.2010.V9.0.2000.17.Final.rar
[2010-01-30 23:34:00 | 001,553,791 | ---- | M] () -- C:\Users\Paco\Documents\Uninstall.Winner by rennee.rar
[2010-01-30 23:30:40 | 002,646,241 | ---- | M] () -- C:\Users\Paco\Documents\Uninstall_Tool_v2.8.1_build_5023__Portable.rar
[2010-01-30 21:29:18 | 000,000,032 | ---- | M] () -- C:\Windows\0

========== Files Created - No Company Name ==========

[2010-02-13 10:44:00 | 000,381,841 | ---- | C] () -- C:\Users\Paco\Desktop\cupon.xps
[2010-02-13 08:58:14 | 003,857,112 | R--- | C] () -- C:\Users\Paco\Desktop\schrauber.exe
[2010-02-10 17:54:42 | 000,261,632 | ---- | C] () -- C:\Windows\PEV.exe
[2010-02-10 17:54:42 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010-02-08 23:08:02 | 000,045,056 | ---- | C] () -- C:\Windows\System32\hpBat.cpl
[2010-02-08 17:52:06 | 000,000,000 | ---- | C] () -- C:\Users\Paco\defogger_reenable
[2010-02-08 17:51:04 | 000,050,477 | ---- | C] () -- C:\Users\Paco\Desktop\Defogger.exe
[2010-02-04 16:48:27 | 000,001,961 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2010-02-04 16:32:40 | 000,000,929 | ---- | C] () -- C:\Users\Paco\Desktop\SpywareBlaster.lnk
[2010-01-30 23:34:50 | 052,044,795 | ---- | C] () -- C:\Users\Paco\Documents\SPVN.Portable.TU.U.2010.V9.0.2000.17.Final.rar
[2010-01-30 23:33:39 | 001,553,791 | ---- | C] () -- C:\Users\Paco\Documents\Uninstall.Winner by rennee.rar
[2010-01-30 23:30:27 | 002,646,241 | ---- | C] () -- C:\Users\Paco\Documents\Uninstall_Tool_v2.8.1_build_5023__Portable.rar
[2010-01-25 22:48:25 | 000,000,017 | ---- | C] () -- C:\Users\Paco\AppData\Local\resmon.resmoncfg
[2010-01-25 21:34:06 | 000,000,036 | ---- | C] () -- C:\Users\Paco\AppData\Local\housecall.guid.cache
[2009-12-17 19:06:41 | 000,000,301 | ---- | C] () -- C:\Windows\Sierra.ini
[2009-12-14 13:10:55 | 000,000,309 | ---- | C] () -- C:\Windows\SoftWriting.ini
[2009-12-04 19:36:39 | 000,000,144 | ---- | C] () -- C:\Windows\ODBC.INI
[2009-12-04 19:36:20 | 000,251,904 | ---- | C] () -- C:\Windows\System32\orant71.dll
[2009-12-04 19:36:18 | 000,903,168 | ---- | C] () -- C:\Windows\System32\mitmdl30.dll
[2009-12-04 19:36:18 | 000,019,456 | ---- | C] () -- C:\Windows\System32\lfwpg60n.dll
[2009-12-04 19:36:18 | 000,019,456 | ---- | C] () -- C:\Windows\System32\lfwmf60n.dll
[2009-12-04 19:36:17 | 000,176,128 | ---- | C] () -- C:\Windows\System32\lffax60n.dll
[2009-12-04 19:36:17 | 000,141,824 | ---- | C] () -- C:\Windows\System32\lfcmp60n.dll
[2009-12-04 19:36:17 | 000,110,080 | ---- | C] () -- C:\Windows\System32\lfpng60n.dll
[2009-12-04 19:36:17 | 000,046,080 | ---- | C] () -- C:\Windows\System32\lftif60n.dll
[2009-12-04 19:36:17 | 000,023,552 | ---- | C] () -- C:\Windows\System32\lfpcx60n.dll
[2009-12-04 19:36:17 | 000,022,528 | ---- | C] () -- C:\Windows\System32\lfpct60n.dll
[2009-12-04 19:36:17 | 000,022,528 | ---- | C] () -- C:\Windows\System32\lfeps60n.dll
[2009-12-04 19:36:17 | 000,022,016 | ---- | C] () -- C:\Windows\System32\lfbmp60n.dll
[2009-12-04 19:36:17 | 000,020,480 | ---- | C] () -- C:\Windows\System32\lfpsd60n.dll
[2009-12-04 19:36:17 | 000,019,968 | ---- | C] () -- C:\Windows\System32\lftga60n.dll
[2009-12-04 19:36:17 | 000,018,432 | ---- | C] () -- C:\Windows\System32\lfmsp60n.dll
[2009-12-04 19:36:17 | 000,017,920 | ---- | C] () -- C:\Windows\System32\lfmac60n.dll
[2009-10-22 12:53:28 | 000,000,092 | ---- | C] () -- C:\Users\Paco\AppData\Local\fusioncache.dat
[2009-10-18 10:05:28 | 000,007,168 | ---- | C] () -- C:\Users\Paco\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009-09-10 09:29:50 | 001,761,280 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2009-07-27 20:31:54 | 000,000,083 | -HS- | C] () -- C:\ProgramData\.zreglib
[2009-07-06 12:40:36 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2009-06-21 22:19:55 | 000,168,448 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2009-06-21 22:19:54 | 000,795,648 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009-06-21 22:19:53 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2009-06-21 22:19:53 | 000,130,048 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009-06-21 22:19:52 | 000,084,480 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009-06-21 22:19:52 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2009-06-19 19:56:07 | 000,055,856 | ---- | C] () -- C:\Windows\System32\vnetinst.dll
[2009-05-24 21:10:36 | 000,177,152 | ---- | C] () -- C:\Windows\System32\drivers\XRNBO.sys
[2009-05-11 08:39:16 | 000,000,323 | ---- | C] () -- C:\Windows\PidList.ini
[2009-05-10 22:16:25 | 000,000,049 | -H-- | C] () -- C:\Users\Paco\AppData\Roaming\MaxBulk registration.ini
[2009-05-10 12:44:59 | 000,000,115 | ---- | C] () -- C:\Windows\multiview.ini
[2009-05-10 11:46:10 | 000,000,600 | ---- | C] () -- C:\Users\Paco\AppData\Roaming\winscp.rnd
[2009-04-21 21:50:07 | 000,073,216 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009-04-21 21:40:32 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2008-12-29 08:13:30 | 000,028,544 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys
[2008-12-07 12:44:54 | 000,030,088 | ---- | C] () -- C:\Windows\System32\drivers\btnetBus.sys
[2008-10-24 15:16:36 | 000,040,960 | ---- | C] () -- C:\Windows\System32\Language.dll
[2008-09-19 22:28:08 | 000,307,200 | ---- | C] () -- C:\Windows\System32\ShowHCRemCfgWnd.dll
[2008-09-19 21:54:20 | 000,032,768 | ---- | C] () -- C:\Windows\System32\RemoteCfgRes_TRAD.dll
[2008-09-19 21:45:22 | 000,045,056 | ---- | C] () -- C:\Windows\System32\RemoteCfgRes_ENG.dll
[2008-09-19 21:45:18 | 000,032,768 | ---- | C] () -- C:\Windows\System32\RemoteCfgRes_CHI.dll
[2008-08-11 14:02:24 | 000,421,944 | ---- | C] () -- C:\Windows\System32\playm4.dll
[2008-07-30 14:36:00 | 000,356,352 | ---- | C] () -- C:\Windows\System32\HCNetSDK.dll
[2007-08-06 10:07:30 | 000,008,784 | ---- | C] () -- C:\Windows\System32\ractrlkeyhook.dll
[2006-03-09 15:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll

========== LOP Check ==========

[2010-02-07 21:10:14 | 000,000,000 | ---D | M] -- C:\Users\Paco\AppData\Roaming\AhnLab
[2009-07-15 14:05:25 | 000,000,000 | ---D | M] -- C:\Users\Paco\AppData\Roaming\Autodesk
[2009-05-08 16:43:42 | 000,000,000 | ---D | M] -- C:\Users\Paco\AppData\Roaming\Docx2Rtf
[2009-07-23 15:35:06 | 000,000,000 | ---D | M] -- C:\Users\Paco\AppData\Roaming\FileZilla
[2010-01-31 20:58:23 | 000,000,000 | ---D | M] -- C:\Users\Paco\AppData\Roaming\ieSpell
[2009-05-10 01:51:49 | 000,000,000 | ---D | M] -- C:\Users\Paco\AppData\Roaming\IrfanView
[2009-05-10 22:16:02 | 000,000,000 | ---D | M] -- C:\Users\Paco\AppData\Roaming\Maxprog
[2010-02-13 09:22:15 | 000,000,000 | ---D | M] -- C:\Users\Paco\AppData\Roaming\MxBoost
[2009-05-08 16:44:38 | 000,000,000 | ---D | M] -- C:\Users\Paco\AppData\Roaming\NwDocx
[2009-05-10 13:32:23 | 000,000,000 | ---D | M] -- C:\Users\Paco\AppData\Roaming\postgresql
[2009-10-04 18:44:50 | 000,000,000 | ---D | M] -- C:\Users\Paco\AppData\Roaming\Teleca
[2010-01-30 23:39:25 | 000,000,000 | ---D | M] -- C:\Users\Paco\AppData\Roaming\Thinstall
[2009-10-07 11:48:35 | 000,000,000 | ---D | M] -- C:\Users\Paco\AppData\Roaming\TweetDeckFast.F9107117265DB7542C1A806C8DB837742CE14C21.1
[2010-01-12 18:39:21 | 000,000,000 | ---D | M] -- C:\Users\Paco\AppData\Roaming\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
[2010-02-13 14:41:54 | 000,000,000 | ---D | M] -- C:\Users\Paco\AppData\Roaming\uTorrent
[2010-01-26 15:13:42 | 000,000,000 | ---D | M] -- C:\Users\Paco\AppData\Roaming\Windows SideBar
[2009-04-22 02:27:21 | 000,032,436 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2009-04-21 23:24:12 | 000,053,328 | ---- | M] (Microsoft Corporation) MD5=7DFFC1CD425BCD998D9FDA0192383A19 -- C:\Windows\ERDNT\cache\AGP440.sys
[2009-04-21 23:24:12 | 000,053,328 | ---- | M] (Microsoft Corporation) MD5=7DFFC1CD425BCD998D9FDA0192383A19 -- C:\Windows\System32\drivers\AGP440.sys
[2009-04-21 23:24:12 | 000,053,328 | ---- | M] (Microsoft Corporation) MD5=7DFFC1CD425BCD998D9FDA0192383A19 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_e13b2b757efc5205\AGP440.sys
[2009-04-21 23:24:12 | 000,053,328 | ---- | M] (Microsoft Corporation) MD5=7DFFC1CD425BCD998D9FDA0192383A19 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7100.0_none_2b05e59d13c6aac3\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009-04-21 23:24:04 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=80C40F7FDFC376E4C5FEEC28B41C119E -- C:\Windows\ERDNT\cache\atapi.sys
[2009-04-21 23:24:04 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=80C40F7FDFC376E4C5FEEC28B41C119E -- C:\Windows\System32\drivers\atapi.sys
[2009-04-21 23:24:04 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=80C40F7FDFC376E4C5FEEC28B41C119E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_b27d5421375ad1cd\atapi.sys
[2009-04-21 23:24:04 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=80C40F7FDFC376E4C5FEEC28B41C119E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7100.0_none_4e2b207b769f9fe5\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2009-04-21 23:20:04 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=EC9930C8CDF46295A1354256435CB5DE -- C:\Windows\ERDNT\cache\cngaudit.dll
[2009-04-21 23:20:04 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=EC9930C8CDF46295A1354256435CB5DE -- C:\Windows\System32\cngaudit.dll
[2009-04-21 23:20:04 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=EC9930C8CDF46295A1354256435CB5DE -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7100.0_none_5956e38684aa4f03\cngaudit.dll

< MD5 for: IASTORV.SYS >
[2009-04-21 23:24:21 | 000,332,368 | ---- | M] (Intel Corporation) MD5=AC958B65CDE27ADFDEC628BF7ECCEB8C -- C:\Windows\System32\drivers\iaStorV.sys
[2009-04-21 23:24:21 | 000,332,368 | ---- | M] (Intel Corporation) MD5=AC958B65CDE27ADFDEC628BF7ECCEB8C -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys
[2009-04-21 23:24:21 | 000,332,368 | ---- | M] (Intel Corporation) MD5=AC958B65CDE27ADFDEC628BF7ECCEB8C -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7100.0_none_20044ad9dcddcbd8\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009-04-21 23:21:18 | 000,561,152 | ---- | M] (Microsoft Corporation) MD5=A3EA8619FBBC2D270D79C241CE426618 -- C:\Windows\ERDNT\cache\netlogon.dll
[2009-04-21 23:21:18 | 000,561,152 | ---- | M] (Microsoft Corporation) MD5=A3EA8619FBBC2D270D79C241CE426618 -- C:\Windows\System32\netlogon.dll
[2009-04-21 23:21:18 | 000,561,152 | ---- | M] (Microsoft Corporation) MD5=A3EA8619FBBC2D270D79C241CE426618 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7100.0_none_6eaaafa48d0fb9a0\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2009-04-21 23:24:17 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=93CF6F974095F7D146AA273F3BF418D7 -- C:\Windows\System32\drivers\nvstor.sys
[2009-04-21 23:24:17 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=93CF6F974095F7D146AA273F3BF418D7 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_4d1b6b7b67c54c8c\nvstor.sys
[2009-04-21 23:24:17 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=93CF6F974095F7D146AA273F3BF418D7 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7100.0_none_aacdbb89141475b0\nvstor.sys

< MD5 for: SCECLI.DLL >
[2009-04-21 23:21:47 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=686BAFE6AF35AF1C8D5EB536A8500430 -- C:\Windows\ERDNT\cache\scecli.dll
[2009-04-21 23:21:47 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=686BAFE6AF35AF1C8D5EB536A8500430 -- C:\Windows\System32\scecli.dll
[2009-04-21 23:21:47 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=686BAFE6AF35AF1C8D5EB536A8500430 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7100.0_none_a900dabd2e31405b\scecli.dll

< %systemroot%\*. /mp /s >

< End of report >




#12 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:01:56 PM

Posted 13 February 2010 - 07:35 PM

Hi,

How is it running now?


I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the icon on your desktop.
  • Check
  • Click the button.
  • Accept any security warnings from your browser.
  • Check
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push
  • Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the button.
  • Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt




Please run OTL one more time, set the "Extra Registry" tab to " Use Safe List" and hit the run scan button, post back with the 2 logfiles.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#13 fmg00

fmg00
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:56 AM

Posted 16 February 2010 - 04:16 PM

Hi Tom, sorry for the delay. I'll be posting the logs later this day.
My computer is running so much better btw, no more reports from avast.



#14 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:01:56 PM

Posted 17 February 2010 - 03:30 PM

OK smile.gif
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#15 fmg00

fmg00
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:56 AM

Posted 17 February 2010 - 06:23 PM

Hi, Tom, here are the logs

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# Maxthon.exe=2, 5, 11, 3390
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=7b9dbc8b25dd12459da98179ebeda788
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-01-31 10:01:51
# local_time=2010-01-31 04:01:51 (-0600, Central Standard Time (Mexico))
# country="United States"
# lang=1033
# osver=6.1.7100 NT
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1024 16777215 100 0 2640788 2640788 0 0
# compatibility_mode=5893 16776573 100 94 0 23672246 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=227411
# found=2
# cleaned=2
# scan_time=4724
C:\Program Files\Internet Explorer\js.mui probably a variant of Win32/TrojanDownloader.Unruy.AZ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Program Files\My Lockbox\mylbx.exe a variant of Win32/Induc.A virus (deleted - quarantined) 00000000000000000000000000000000 C
# version=7
# Maxthon.exe=2, 5, 11, 3390
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=7b9dbc8b25dd12459da98179ebeda788
# end=stopped
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-02-14 04:51:59
# local_time=2010-02-13 10:51:59 (-0600, Central Standard Time (Mexico))
# country="United States"
# lang=1033
# osver=6.1.7100 NT
# compatibility_mode=512 16777215 100 0 715350 715350 0 0
# compatibility_mode=768 16777215 100 0 701457 701457 0 0
# compatibility_mode=1024 16777215 100 0 3778101 3778101 0 0
# compatibility_mode=5893 16776573 100 94 0 24809559 0 0
# compatibility_mode=8192 67108863 100 0 1055148 1055148 0 0
# scanned=227262
# found=2
# cleaned=2
# scan_time=15217
C:\Qoobox\Quarantine\C\Windows\System32\mouj.yjo.vir Win32/TrojanDownloader.Agent.PST trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Windows\System32\drivers\atapi.sys.vir Win32/Olmarik.SJ virus (deleted - quarantined) 00000000000000000000000000000000 C
esets_scanner_update returned -1 esets_gle=53251
# version=7
# Maxthon.exe=2, 5, 11, 3390
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=7b9dbc8b25dd12459da98179ebeda788
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-02-14 08:46:53
# local_time=2010-02-14 02:46:53 (-0600, Central Standard Time (Mexico))
# country="United States"
# lang=1033
# osver=6.1.7100 NT
# compatibility_mode=512 16777215 100 0 730733 730733 0 0
# compatibility_mode=768 16777215 100 0 716840 716840 0 0
# compatibility_mode=1024 16777215 100 0 3793484 3793484 0 0
# compatibility_mode=5893 16776573 100 94 0 24824942 0 0
# compatibility_mode=8192 67108863 100 0 1070531 1070531 0 0
# scanned=227997
# found=0
# cleaned=0
# scan_time=13927


OTL logfile created on: 17-Feb-10 4:38:46 PM - Run 5
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Users\Paco\Desktop
Ultimate Edition (Version = 6.1.7100) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7100.0)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd-MMM-yy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 44.00% Memory free
5.00 Gb Paging File | 3.00 Gb Available in Paging File | 65.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 58.50 Gb Total Space | 2.60 Gb Free Space | 4.45% Space Free | Partition Type: NTFS
Drive D: | 24.41 Gb Total Space | 7.97 Gb Free Space | 32.66% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 28.78 Gb Total Space | 4.45 Gb Free Space | 15.46% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded

Computer Name: INST-LPSIST
Current User Name: Paco
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010-02-17 16:32:51 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Users\Paco\Desktop\OTL.exe
PRC - [2010-02-11 12:53:42 | 002,756,488 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010-02-11 12:53:39 | 000,040,384 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010-02-03 04:40:16 | 000,073,960 | ---- | M] (tzuk) -- C:\Program Files\Sandboxie\SbieSvc.exe
PRC - [2010-01-26 13:13:52 | 001,214,128 | ---- | M] (FSPro Labs) -- C:\Program Files\My Lockbox\mylbx.exe
PRC - [2010-01-06 17:23:32 | 000,142,648 | ---- | M] (FSPro Labs) -- C:\Windows\System32\fsproflt.exe
PRC - [2009-12-07 01:53:04 | 003,679,664 | ---- | M] (Maxthon International ltd.) -- C:\Program Files\Maxthon2\Maxthon.exe
PRC - [2009-11-12 16:33:00 | 000,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009-10-29 12:27:54 | 001,074,568 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
PRC - [2009-10-09 13:11:12 | 025,623,336 | R--- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Phone\Skype.exe
PRC - [2009-10-09 13:11:12 | 000,078,008 | R--- | M] (Skype Technologies) -- C:\Program Files\Skype\Plugin Manager\skypePM.exe
PRC - [2009-09-30 19:58:42 | 000,026,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Contacts\wlcomm.exe
PRC - [2009-06-05 10:48:14 | 000,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009-04-21 23:19:35 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009-04-21 23:19:20 | 003,179,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sppsvc.exe
PRC - [2009-04-21 23:19:02 | 002,607,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009-03-26 21:57:52 | 000,326,192 | ---- | M] (VMware, Inc.) -- C:\Windows\System32\vmnetdhcp.exe
PRC - [2009-03-26 21:57:36 | 000,399,920 | ---- | M] (VMware, Inc.) -- C:\Windows\System32\vmnat.exe
PRC - [2009-03-26 21:57:32 | 000,113,200 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Player\vmware-authd.exe
PRC - [2009-03-17 08:39:26 | 005,314,560 | ---- | M] (mpc-hc@Sourceforge) -- C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe
PRC - [2009-01-26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008-12-12 10:17:38 | 000,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008-10-20 21:18:26 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe


========== Modules (SafeList) ==========

MOD - [2010-02-17 16:32:51 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Users\Paco\Desktop\OTL.exe
MOD - [2009-05-13 00:15:18 | 001,679,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7100.19_none_b6a32c7c247ee542\comctl32.dll
MOD - [2009-04-21 23:22:04 | 000,099,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009-04-21 23:21:49 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009-04-21 23:21:46 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
MOD - [2009-04-21 23:21:43 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009-04-21 23:21:19 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
MOD - [2009-04-21 23:20:43 | 000,280,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009-04-21 23:20:19 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009-04-21 23:20:14 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009-04-21 23:20:07 | 000,036,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009-04-21 23:20:00 | 000,145,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (OracleDBConsoleOLTP)
SRV - [2010-02-11 12:53:39 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010-02-11 12:53:39 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010-02-11 12:53:39 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010-02-03 04:40:16 | 000,073,960 | ---- | M] (tzuk) [Auto | Running] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV - [2010-01-06 17:23:32 | 000,142,648 | ---- | M] (FSPro Labs) [Auto | Running] -- C:\Windows\System32\fsproflt.exe -- (fsproflt)
SRV - [2009-11-12 16:33:00 | 000,545,568 | ---- | M] (Apple Inc.) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009-10-29 12:27:54 | 001,074,568 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2009-09-15 14:29:04 | 000,057,640 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Hotspot Shield\bin\HssTrayService.exe -- (HssTrayService)
SRV - [2009-09-15 14:28:52 | 000,204,848 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Hotspot Shield\bin\openvpnas.exe -- (HotspotShieldService)
SRV - [2009-07-08 15:53:41 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009-07-01 15:47:57 | 000,085,096 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2009-06-05 10:48:14 | 000,144,712 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009-05-21 19:25:32 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009-04-21 23:22:25 | 000,185,344 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009-04-21 23:22:12 | 000,151,040 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009-04-21 23:22:10 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009-04-21 23:22:07 | 000,037,888 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009-04-21 23:22:02 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009-04-21 23:21:49 | 000,025,600 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009-04-21 23:21:46 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009-04-21 23:21:43 | 000,164,864 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009-04-21 23:21:42 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009-04-21 23:21:42 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009-04-21 23:21:42 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009-04-21 23:21:40 | 001,004,032 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009-04-21 23:20:52 | 000,680,448 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009-04-21 23:20:30 | 000,797,184 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009-04-21 23:20:14 | 000,252,928 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009-04-21 23:20:13 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009-04-21 23:19:55 | 000,076,288 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009-04-21 23:19:54 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV)
SRV - [2009-04-21 23:19:51 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009-04-21 23:19:20 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
SRV - [2009-03-26 21:57:52 | 000,326,192 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\System32\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2009-03-26 21:57:36 | 000,399,920 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\System32\vmnat.exe -- (VMware NAT Service)
SRV - [2009-03-26 21:57:32 | 000,113,200 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\VMware\VMware Player\vmware-authd.exe -- (VMAuthdService)
SRV - [2009-01-26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008-12-12 10:17:38 | 000,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008-12-01 10:49:02 | 000,191,024 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files\VMware\VMware Player\vmware-ufad.exe -- (ufad-ws60)
SRV - [2008-11-04 00:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008-10-20 21:18:26 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2007-01-30 04:23:52 | 000,386,560 | ---- | M] (Conexant Systems, Inc.) [Auto | Stopped] -- C:\Windows\System32\drivers\XAudio.exe -- (XAudioService)
SRV - [2006-10-26 13:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - [2010-02-11 12:42:34 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010-02-11 12:42:13 | 000,162,512 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010-02-11 12:39:01 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010-02-11 12:38:45 | 000,051,792 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2010-02-11 12:38:23 | 000,019,024 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010-02-03 04:40:08 | 000,115,432 | ---- | M] (tzuk) [Kernel | On_Demand | Running] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV - [2009-12-21 00:14:00 | 000,121,504 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\AhnLab\ASP\MyFirewall 4.0\mfipsent.sys -- (MfIPSEnt)
DRV - [2009-12-21 00:14:00 | 000,101,336 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\AhnLab\ASP\MyFirewall 4.0\mffwent.sys -- (MfFWEnt)
DRV - [2009-12-18 02:27:00 | 000,087,648 | ---- | M] (AhnLab, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\AmonTDLh.sys -- (AMonTDLH)
DRV - [2009-10-07 03:05:00 | 000,141,176 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Mkd2kfNT.sys -- (Mkd2kfNt)
DRV - [2009-10-07 03:05:00 | 000,086,136 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Mkd2Nadr.sys -- (Mkd2Nadr)
DRV - [2009-10-07 03:05:00 | 000,081,016 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Mkd2BthF.sys -- (Mkd2Bthf)
DRV - [2009-09-23 12:40:52 | 000,032,384 | ---- | M] (WinMount International Inc) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\WMDrive.sys -- (WMDrive)
DRV - [2009-09-11 17:00:26 | 004,805,120 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2009-09-10 09:29:50 | 001,761,280 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2009-08-28 19:42:52 | 000,040,448 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbaapl.sys -- (USBAAPL)
DRV - [2009-08-05 12:01:34 | 000,104,512 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2009-07-20 19:13:00 | 000,019,616 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CdmDrvNt.sys -- (CdmDrvNt)
DRV - [2009-05-24 21:10:36 | 000,177,152 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XRNBO.sys -- (XRNBO)
DRV - [2009-05-18 14:17:00 | 000,026,600 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009-05-14 12:08:40 | 000,027,136 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tapvpn.sys -- (tapvpn)
DRV - [2009-04-23 10:15:06 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2009-04-21 23:24:35 | 000,422,992 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
DRV - [2009-04-21 23:24:29 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
DRV - [2009-04-21 23:24:23 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
DRV - [2009-04-21 23:24:21 | 000,332,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
DRV - [2009-04-21 23:24:21 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV - [2009-04-21 23:24:21 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2009-04-21 23:24:20 | 000,236,112 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
DRV - [2009-04-21 23:24:19 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
DRV - [2009-04-21 23:24:17 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
DRV - [2009-04-21 23:24:16 | 000,133,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2009-04-21 23:24:14 | 000,117,328 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
DRV - [2009-04-21 23:24:14 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
DRV - [2009-04-21 23:24:13 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2009-04-21 23:24:13 | 000,077,904 | ---- | M] (AMD) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
DRV - [2009-04-21 23:24:12 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
DRV - [2009-04-21 23:24:12 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
DRV - [2009-04-21 23:24:08 | 000,070,736 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
DRV - [2009-04-21 23:24:08 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
DRV - [2009-04-21 23:24:06 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV - [2009-04-21 23:24:05 | 000,045,648 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV - [2009-04-21 23:24:05 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV - [2009-04-21 23:24:04 | 000,042,576 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
DRV - [2009-04-21 23:24:04 | 000,023,120 | ---- | M] (AMD) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)
DRV - [2009-04-21 23:24:04 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
DRV - [2009-04-21 23:24:04 | 000,014,416 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
DRV - [2009-04-21 23:24:02 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV - [2009-04-21 23:23:59 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
DRV - [2009-04-21 23:23:56 | 001,383,504 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV - [2009-04-21 23:23:55 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009-04-21 23:23:55 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV - [2009-04-21 23:23:53 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV - [2009-04-21 23:23:52 | 000,158,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
DRV - [2009-04-21 23:23:52 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
DRV - [2009-04-21 23:23:49 | 000,105,552 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
DRV - [2009-04-21 23:23:49 | 000,077,904 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
DRV - [2009-04-21 23:23:47 | 000,040,912 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009-04-21 23:23:45 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
DRV - [2009-04-21 23:23:44 | 000,032,848 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
DRV - [2009-04-21 23:23:44 | 000,028,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009-04-21 23:23:43 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV - [2009-04-21 23:23:43 | 000,019,024 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009-04-21 23:23:42 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
DRV - [2009-04-21 23:23:29 | 000,369,056 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
DRV - [2009-04-21 22:53:34 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2009-04-21 22:01:13 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus)
DRV - [2009-04-21 22:00:12 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV - [2009-04-21 21:53:30 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV - [2009-04-21 21:52:25 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV - [2009-04-21 21:51:14 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV - [2009-04-21 21:50:28 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009-04-21 21:50:20 | 000,162,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\1394ohci.sys -- (1394ohci)
DRV - [2009-04-21 21:50:00 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)
DRV - [2009-04-21 21:49:36 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009-04-21 21:49:31 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV - [2009-04-21 21:45:25 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV - [2009-04-21 21:43:54 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
DRV - [2009-04-21 21:35:06 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
DRV - [2009-04-21 21:32:05 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV - [2009-04-21 21:26:30 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009-04-21 21:26:29 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009-04-21 21:21:35 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2009-04-21 21:16:45 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HidBatt.sys -- (HidBatt)
DRV - [2009-04-21 21:13:47 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
DRV - [2009-04-21 21:08:28 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)
DRV - [2009-04-21 20:52:05 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009-04-21 20:51:17 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2009-04-21 20:51:17 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2009-04-21 20:51:16 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2009-04-21 20:51:15 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
DRV - [2009-04-21 20:51:15 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
DRV - [2009-04-21 20:11:52 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTDPV3.SYS -- (SrvHsfV92)
DRV - [2009-04-21 20:11:52 | 000,661,504 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTCNXT3.SYS -- (SrvHsfWinac)
DRV - [2009-04-21 20:11:52 | 000,207,360 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (SrvHsfHDA)
DRV - [2009-04-21 20:01:10 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel®
DRV - [2009-04-21 20:01:07 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
DRV - [2009-04-21 20:01:07 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
DRV - [2009-04-21 20:01:07 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2009-04-21 18:51:15 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv)
DRV - [2009-04-20 14:38:54 | 000,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2009-03-26 21:58:38 | 000,054,960 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmci.sys -- (vmci)
DRV - [2009-03-26 21:58:38 | 000,023,216 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VMkbd.sys -- (vmkbd)
DRV - [2009-03-26 21:58:36 | 000,857,520 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmx86.sys -- (vmx86)
DRV - [2009-03-26 21:58:34 | 000,032,304 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hcmon.sys -- (hcmon)
DRV - [2009-03-26 21:58:34 | 000,026,288 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV - [2009-03-26 16:31:12 | 000,031,280 | R--- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV - [2009-03-26 16:31:12 | 000,031,280 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmusb.sys -- (vmusb)
DRV - [2009-03-26 16:31:12 | 000,016,560 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV - [2009-03-15 04:25:46 | 000,056,268 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2009-02-28 18:40:18 | 000,087,536 | ---- | M] (CyberLink Corp.) [2009/05/06 21:39:04] [Kernel | Auto | Running] -- C:\Program Files\CyberLink\PowerDVD9\000.fcl -- ({B154377D-700F-42cc-9474-23858FBDF4BD})
DRV - [2009-02-24 17:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2009-02-17 11:11:30 | 000,024,232 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV - [2009-01-18 09:19:10 | 000,003,567 | ---- | M] (Beyond Logic http://www.beyondlogic.org) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\porttalk.sys -- (PortTalk)
DRV - [2009-01-07 23:39:36 | 000,020,744 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\BtHidBus.sys -- (BtHidBus)
DRV - [2008-12-07 12:44:54 | 000,030,088 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btnetBus.sys -- (btnetBUs)
DRV - [2008-12-01 10:47:08 | 000,022,448 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Program Files\VMware\VMware Player\vstor2-ws60.sys -- (vstor2-ws60)
DRV - [2008-11-05 13:20:24 | 000,048,128 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2008-10-11 05:56:00 | 000,045,056 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2008-07-29 05:41:36 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2008-07-02 14:58:48 | 000,026,248 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\IvtBtBus.sys -- (IvtBtBUs)
DRV - [2008-06-05 18:37:54 | 000,043,792 | ---- | M] (FSPro Labs) [File_System | Boot | Running] -- C:\Windows\System32\Drivers\FSPFltd.sys -- (FSProFilter)
DRV - [2007-11-16 18:55:00 | 000,165,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e100b325.sys -- (E100B) Intel®
DRV - [2007-09-15 01:50:56 | 000,191,408 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2007-04-24 10:33:46 | 000,100,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s125mgmt.sys -- (s125mgmt) Sony Ericsson Device 125 USB WMC Device Management Drivers (WDM)
DRV - [2007-04-24 10:33:46 | 000,098,696 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s125obex.sys -- (s125obex)
DRV - [2007-04-24 10:33:44 | 000,108,680 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s125mdm.sys -- (s125mdm)
DRV - [2007-04-24 10:33:42 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s125mdfl.sys -- (s125mdfl)
DRV - [2007-04-24 10:33:34 | 000,083,336 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s125bus.sys -- (s125bus) Sony Ericsson Device 125 driver (WDM)
DRV - [2007-03-22 14:59:46 | 000,625,664 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDAud.sys -- (HdAudAddService)
DRV - [2007-03-01 06:17:36 | 000,984,064 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2007-03-01 06:16:14 | 000,208,384 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2007-03-01 06:16:04 | 000,660,480 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2007-01-30 04:23:30 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2006-06-19 05:26:58 | 000,012,672 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\mdmxsdk.sys -- (mdmxsdk)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A9 4D B9 C5 FD CD C9 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: LogMeInClient@logmein.com:1.0.0.496
FF - prefs.js..extensions.enabledItems: multipletab@piro.sakura.ne.jp:0.5.2010020301
FF - prefs.js..extensions.enabledItems: quickdrag@mozilla.ktechcomputing.com:2.0.2.1
FF - prefs.js..extensions.enabledItems: undoclosedtabsbutton@supernova00.biz:3.6.2

FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-01-25 17:39:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-01-25 17:39:52 | 000,000,000 | ---D | M]

[2009-05-18 04:34:42 | 000,000,000 | ---D | M] -- C:\Users\Paco\AppData\Roaming\Mozilla\Extensions
[2010-02-15 21:57:01 | 000,000,000 | ---D | M] -- C:\Users\Paco\AppData\Roaming\Mozilla\Firefox\Profiles\7rohn5hu.default\extensions
[2010-01-07 16:02:03 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Paco\AppData\Roaming\Mozilla\Firefox\Profiles\7rohn5hu.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010-01-25 17:43:28 | 000,000,000 | ---D | M] -- C:\Users\Paco\AppData\Roaming\Mozilla\Firefox\Profiles\7rohn5hu.default\extensions\LogMeInClient@logmein.com
[2010-02-07 22:11:33 | 000,000,000 | ---D | M] -- C:\Users\Paco\AppData\Roaming\Mozilla\Firefox\Profiles\7rohn5hu.default\extensions\multipletab@piro.sakura.ne.jp
[2009-11-15 16:19:48 | 000,000,000 | ---D | M] -- C:\Users\Paco\AppData\Roaming\Mozilla\Firefox\Profiles\7rohn5hu.default\extensions\quickdrag@mozilla.ktechcomputing.com
[2010-02-07 22:11:33 | 000,000,000 | ---D | M] -- C:\Users\Paco\AppData\Roaming\Mozilla\Firefox\Profiles\7rohn5hu.default\extensions\undoclosedtabsbutton@supernova00.biz
[2010-02-15 21:57:01 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010-01-13 16:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll

O1 HOSTS File: ([2010-01-31 18:45:27 | 000,373,738 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 12877 more lines...
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\hssie\HssIE.dll (AnchorFree Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [mylbx] C:\Program Files\My Lockbox\mylbx.exe (FSPro Labs)
O4 - HKCU..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (tzuk)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xportar a Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\VMware\VMware Player\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\VMware\VMware Player\vsocklib.dll (VMware, Inc.)
O15 - HKLM\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 64 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {063F7D71-5E0B-48F2-87D5-F63C5917947E} https://www.blink.com/accival/aosmgr.cab (Aosmgr Control)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Reg Error: Key error.)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {72BFBC0F-3C1E-48A6-B50A-0364572E5F6F} http://201.144.111.147/WebGuard_Login.cab (Reg Error: Key error.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {7B43048F-DA7A-458F-AF35-D825BDBB6816} http://192.168.2.150/codebase/NetVideoOCX.cab (NetVideoOCX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} http://201.139.8.22/activex/AxisCamControl.cab (Reg Error: Key error.)
O16 - DPF: {ADACAA8F-3595-47FE-9C31-9C7471B9BEC7} http://improba.sytes.net/cab/OCXChecker_8000.cab (Reg Error: Key error.)
O16 - DPF: {C9A25090-D6C4-4D33-87ED-53AA0C3ECE65} http://download6.quickheal.com/onlnscan/ac...nt/onlnscan.cab (Quick Heal Online Scan)
O16 - DPF: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_12)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DBAFE6AD-DC14-45DF-A3F7-F8832289A1CD} http://improba.sytes.net/cab/DownloadFile_8000.cab (Reg Error: Key error.)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-03-20 09:42:25 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010-02-14 03:29:32 | 000,000,000 | ---D | M] - D:\Autocad2009 -- [ NTFS ]
O32 - AutoRun File - [2010-01-28 01:30:11 | 000,000,000 | ---D | M] - H:\Autodesk AutoCAD 2010 -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2009-04-22 00:17:33 | 000,000,000 | ---D | M]
NetSvcs: Irmon - C:\Windows\System32\irmon.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation)
NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation)

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: dmadmin - Service
SafeBootMin: dmboot.sys - Driver
SafeBootMin: dmio.sys - Driver
SafeBootMin: dmload.sys - Driver
SafeBootMin: dmserver - Service
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Power - C:\Windows\System32\umpo.dll (Microsoft Corporation)
SafeBootMin: Primary disk - Driver Group
SafeBootMin: RpcEptMapper - C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sr.sys - C:\Windows\System32\wbem\sr.mof ()
SafeBootMin: SRService - Service
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: Dhcp - C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
SafeBootNet: dmadmin - Service
SafeBootNet: dmboot.sys - Driver
SafeBootNet: dmio.sys - Driver
SafeBootNet: dmload.sys - Driver
SafeBootNet: dmserver - Service
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: Hamachi2Svc - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SafeBootNet: HelpSvc - Service
SafeBootNet: ip6fw.sys - Driver
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: ndiscap - C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: NtLmSsp - Service
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Power - C:\Windows\System32\umpo.dll (Microsoft Corporation)
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: RpcEptMapper - C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sr.sys - C:\Windows\System32\wbem\sr.mof ()
SafeBootNet: SRService - Service
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {1a3e09be-1e45-494b-9174-d7385b45bbf5} - Reg Error: Value error.
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

========== Files/Folders - Created Within 30 Days ==========

File not found -- C:\Windows\System32\drivers\mshcmd.sys.
[2010-02-17 16:32:27 | 000,549,376 | ---- | C] (OldTimer Tools) -- C:\Users\Paco\Desktop\OTL.exe
[2010-02-15 14:35:16 | 000,000,000 | R--D | C] -- C:\Sandbox
[2010-02-15 14:34:47 | 000,000,000 | ---D | C] -- C:\Program Files\Sandboxie
[2010-02-15 14:09:55 | 000,000,000 | ---D | C] -- C:\Users\Paco\AppData\Roaming\LiveSoftware
[2010-02-15 14:09:46 | 000,000,000 | -H-D | C] -- C:\ProgramData\~0
[2010-02-13 09:20:11 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010-02-13 09:20:09 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010-02-13 09:20:09 | 000,000,000 | ---D | C] -- C:\Users\Paco\AppData\Local\temp
[2010-02-13 09:00:12 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010-02-13 09:00:08 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2010-02-10 17:59:01 | 000,000,000 | ---D | C] -- C:\Device
[2010-02-08 23:08:02 | 000,090,112 | ---- | C] (Hewlett-Packard Development Company, L.P.) -- C:\Windows\System32\hpqnt.dll
[2010-02-08 23:06:05 | 000,000,000 | ---D | C] -- C:\hp
[2010-02-07 21:10:56 | 000,077,921 | ---- | C] (Ahnlab, Inc.) -- C:\Windows\System32\v3w32se2.dll
[2010-02-07 21:10:15 | 000,141,176 | ---- | C] (AhnLab, Inc.) -- C:\Windows\System32\drivers\Mkd2kfNT.sys
[2010-02-07 21:10:15 | 000,086,136 | ---- | C] (AhnLab, Inc.) -- C:\Windows\System32\drivers\Mkd2Nadr.sys
[2010-02-07 21:10:15 | 000,081,016 | ---- | C] (AhnLab, Inc.) -- C:\Windows\System32\drivers\Mkd2BthF.sys
[2010-02-07 21:10:14 | 000,087,648 | ---- | C] (AhnLab, Inc.) -- C:\Windows\System32\drivers\AmonTDLh.sys
[2010-02-07 21:10:14 | 000,019,616 | ---- | C] (AhnLab, Inc.) -- C:\Windows\System32\drivers\CdmDrvNt.sys
[2010-02-07 21:10:14 | 000,000,000 | ---D | C] -- C:\Users\Paco\AppData\Roaming\AhnLab
[2010-02-07 21:00:25 | 000,000,000 | ---D | C] -- C:\Program Files\AhnLab
[2010-02-04 16:48:26 | 000,162,512 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswSP.sys
[2010-02-04 16:48:26 | 000,019,024 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2010-02-04 16:48:25 | 000,023,376 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2010-02-04 16:48:24 | 000,046,672 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2010-02-04 16:48:21 | 000,051,792 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2010-02-04 16:47:29 | 000,153,184 | ---- | C] (ALWIL Software) -- C:\Windows\System32\aswBoot.exe
[2010-02-04 16:47:29 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\Windows\System32\avastSS.scr
[2010-02-04 16:47:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
[2010-02-04 16:47:25 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010-02-04 16:32:36 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2010-01-31 20:58:23 | 000,000,000 | ---D | C] -- C:\Users\Paco\AppData\Roaming\ieSpell
[2010-01-31 14:32:34 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010-01-30 23:39:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Thinstall
[2010-01-30 23:39:06 | 000,000,000 | ---D | C] -- C:\Program Files\TuneUp Utilities (VMware ThinApp)
[2010-01-30 23:34:33 | 000,000,000 | ---D | C] -- C:\Program Files\Uninstall Winner
[2010-01-30 23:26:05 | 000,000,000 | ---D | C] -- C:\Users\Paco\AppData\Roaming\Thinstall
[2010-01-30 23:26:04 | 000,000,000 | ---D | C] -- C:\Users\Paco\AppData\Local\Thinstall
[2010-01-30 22:31:46 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010-01-30 00:24:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2010-01-29 23:26:30 | 000,074,328 | ---- | C] (COMODO) -- C:\Windows\System32\drivers\inspect.sys
[2010-01-26 15:13:42 | 000,000,000 | ---D | C] -- C:\Users\Paco\AppData\Roaming\Windows SideBar
[2010-01-25 22:37:24 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010-01-25 21:53:22 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010-01-25 21:53:22 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010-01-25 21:53:22 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010-01-25 21:53:10 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010-01-25 20:58:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010-01-25 20:58:31 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010-01-25 20:55:52 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010-01-25 20:45:18 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2010-01-25 19:52:54 | 004,199,784 | ---- | C] (Amyuni Technologies
http://www.amyuni.com) -- C:\Windows\System32\cdintf400.dll
[2010-01-25 19:51:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Intuit
[2010-01-25 19:51:27 | 000,000,000 | ---D | C] -- C:\Users\Paco\AppData\Roaming\Intuit
[2010-01-25 19:50:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Intuit
[2010-01-21 12:50:30 | 000,000,000 | ---D | C] -- C:\dell
[2010-01-20 20:34:52 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_42.dll
[2010-01-20 20:34:35 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_31.dll
[2010-01-20 20:33:26 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp Detect
[2010-01-19 18:43:07 | 000,000,000 | ---D | C] -- C:\Users\Paco\AppData\Local\myPod_Apps
[2010-01-19 15:10:43 | 000,000,000 | ---D | C] -- C:\Program Files\iPhone Explorer
[2010-01-19 00:58:53 | 000,000,000 | ---D | C] -- C:\Users\Paco\Documents\Bluetooth
[2009-12-04 19:36:17 | 000,018,944 | ---- | C] ( ) -- C:\Windows\System32\implode.dll

========== Files - Modified Within 30 Days ==========

File not found -- C:\Windows\System32\drivers\mshcmd.sys.
[2010-02-17 16:41:35 | 010,485,760 | -HS- | M] () -- C:\Users\Paco\NTUSER.DAT
[2010-02-17 16:33:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-551103025-3862300461-6324029-1000UA.job
[2010-02-17 16:32:51 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Users\Paco\Desktop\OTL.exe
[2010-02-17 16:30:03 | 000,013,408 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010-02-17 16:30:03 | 000,013,408 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010-02-17 14:30:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010-02-16 22:33:02 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-551103025-3862300461-6324029-1000Core.job
[2010-02-15 17:17:29 | 000,001,478 | ---- | M] () -- C:\Windows\Sandboxie.ini
[2010-02-15 17:12:51 | 000,084,480 | ---- | M] () -- C:\Users\Paco\Desktop\serv cross line.xls
[2010-02-15 17:10:39 | 000,117,047 | ---- | M] () -- C:\Users\Paco\Desktop\serv cross line.pdf
[2010-02-15 14:34:47 | 000,001,005 | ---- | M] () -- C:\Users\Paco\Desktop\Sandboxed Web Browser.lnk
[2010-02-15 10:02:38 | 000,735,514 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010-02-15 10:02:38 | 000,629,716 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010-02-15 10:02:38 | 000,109,782 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010-02-15 01:34:10 | 000,010,800 | ---- | M] () -- C:\Users\Paco\Documents\Conclusiones FMG.docx
[2010-02-15 01:23:53 | 000,010,756 | ---- | M] () -- C:\Users\Paco\Documents\Conclusiones. FMGdocx.docx
[2010-02-13 09:15:32 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010-02-13 08:58:28 | 003,857,112 | R--- | M] () -- C:\Users\Paco\Desktop\schrauber.exe
[2010-02-11 20:46:00 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010-02-11 20:45:39 | 2005,491,712 | -HS- | M] () -- C:\hiberfil.sys
[2010-02-11 20:44:34 | 001,892,759 | -H-- | M] () -- C:\Users\Paco\AppData\Local\IconCache.db
[2010-02-11 19:42:59 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2010-02-11 17:35:13 | 000,002,245 | ---- | M] () -- C:\Users\Paco\Desktop\Google Chrome.lnk
[2010-02-11 12:53:57 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\Windows\System32\avastSS.scr
[2010-02-11 12:53:36 | 000,153,184 | ---- | M] (ALWIL Software) -- C:\Windows\System32\aswBoot.exe
[2010-02-11 12:42:34 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2010-02-11 12:42:13 | 000,162,512 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswSP.sys
[2010-02-11 12:39:01 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2010-02-11 12:38:45 | 000,051,792 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2010-02-11 12:38:23 | 000,019,024 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2010-02-08 17:52:06 | 000,000,000 | ---- | M] () -- C:\Users\Paco\defogger_reenable
[2010-02-08 17:51:05 | 000,050,477 | ---- | M] () -- C:\Users\Paco\Desktop\Defogger.exe
[2010-02-07 21:10:56 | 000,077,921 | ---- | M] (Ahnlab, Inc.) -- C:\Windows\System32\v3w32se2.dll
[2010-02-06 14:45:04 | 000,238,224 | -H-- | M] () -- C:\Windows\System32\mlfcache.dat
[2010-02-06 12:50:35 | 000,364,673 | ---- | M] () -- C:\Users\Paco\Documents\CV Francisco Martinez G.pdf
[2010-02-06 12:50:21 | 000,095,695 | ---- | M] () -- C:\Users\Paco\Documents\CV FMG.docx
[2010-02-04 16:48:27 | 000,001,961 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2010-02-04 16:32:40 | 000,000,929 | ---- | M] () -- C:\Users\Paco\Desktop\SpywareBlaster.lnk
[2010-02-03 23:57:03 | 000,007,168 | ---- | M] () -- C:\Users\Paco\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-02-02 13:55:54 | 000,002,050 | -H-- | M] () -- C:\Users\Paco\Documents\Default.rdp
[2010-02-01 22:17:50 | 002,421,312 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010-02-01 21:48:03 | 000,146,432 | ---- | M] () -- C:\Users\Paco\AppData\Local\GDIPFONTCACHEV1.DAT
[2010-01-31 18:45:27 | 000,373,738 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010-01-30 21:29:18 | 000,000,032 | ---- | M] () -- C:\Windows\0
[2010-01-29 23:26:24 | 000,074,328 | ---- | M] (COMODO) -- C:\Windows\System32\drivers\inspect.sys
[2010-01-26 17:41:50 | 000,002,763 | ---- | M] () -- C:\Users\Paco\Desktop\CREDENCIALES PRINGSA - Shortcut.lnk
[2010-01-26 17:31:12 | 000,353,768 | ---- | M] () -- C:\Users\Paco\Documents\CV FMG.pdf
[2010-01-25 23:37:53 | 000,000,600 | ---- | M] () -- C:\Users\Paco\AppData\Roaming\winscp.rnd
[2010-01-25 22:48:25 | 000,000,017 | ---- | M] () -- C:\Users\Paco\AppData\Local\resmon.resmoncfg
[2010-01-25 22:37:25 | 000,001,787 | ---- | M] () -- C:\Users\Paco\Desktop\CCleaner.lnk
[2010-01-25 22:24:14 | 000,373,738 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100131-184527.backup
[2010-01-25 21:34:06 | 000,000,036 | ---- | M] () -- C:\Users\Paco\AppData\Local\housecall.guid.cache
[2010-01-25 20:58:37 | 000,001,172 | ---- | M] () -- C:\Users\Paco\Desktop\Spybot - Search & Destroy.lnk
[2010-01-25 20:55:52 | 000,001,995 | ---- | M] () -- C:\Users\Paco\Desktop\HijackThis.lnk
[2010-01-20 20:34:57 | 000,000,893 | ---- | M] () -- C:\Users\Public\Desktop\Winamp.lnk
[2010-01-19 15:10:44 | 000,000,939 | ---- | M] () -- C:\Users\Public\Desktop\iPhone Explorer.lnk
[2010-01-19 09:42:10 | 000,002,130 | ---- | M] () -- C:\Users\Paco\Desktop\Windows Live Mail.lnk
[2010-01-19 00:40:05 | 000,000,000 | ---- | M] () -- C:\Windows\System32\0

========== Files Created - No Company Name ==========

[2010-02-15 17:06:28 | 000,117,047 | ---- | C] () -- C:\Users\Paco\Desktop\serv cross line.pdf
[2010-02-15 17:06:17 | 000,084,480 | ---- | C] () -- C:\Users\Paco\Desktop\serv cross line.xls
[2010-02-15 16:41:47 | 000,041,984 | ---- | C] () -- C:\Users\Paco\Desktop\HOJA DE SERVICIO.xls
[2010-02-15 14:35:10 | 000,001,005 | ---- | C] () -- C:\Users\Paco\Desktop\Sandboxed Web Browser.lnk
[2010-02-15 14:35:08 | 000,001,478 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2010-02-15 01:24:12 | 000,010,800 | ---- | C] () -- C:\Users\Paco\Documents\Conclusiones FMG.docx
[2010-02-15 01:23:52 | 000,010,756 | ---- | C] () -- C:\Users\Paco\Documents\Conclusiones. FMGdocx.docx
[2010-02-13 08:58:14 | 003,857,112 | R--- | C] () -- C:\Users\Paco\Desktop\schrauber.exe
[2010-02-10 17:54:42 | 000,261,632 | ---- | C] () -- C:\Windows\PEV.exe
[2010-02-10 17:54:42 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010-02-08 23:08:02 | 000,045,056 | ---- | C] () -- C:\Windows\System32\hpBat.cpl
[2010-02-08 17:52:06 | 000,000,000 | ---- | C] () -- C:\Users\Paco\defogger_reenable
[2010-02-08 17:51:04 | 000,050,477 | ---- | C] () -- C:\Users\Paco\Desktop\Defogger.exe
[2010-02-04 16:48:27 | 000,001,961 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2010-02-04 16:32:40 | 000,000,929 | ---- | C] () -- C:\Users\Paco\Desktop\SpywareBlaster.lnk
[2010-01-29 11:20:47 | 000,364,673 | ---- | C] () -- C:\Users\Paco\Documents\CV Francisco Martinez G.pdf
[2010-01-26 17:41:50 | 000,002,763 | ---- | C] () -- C:\Users\Paco\Desktop\CREDENCIALES PRINGSA - Shortcut.lnk
[2010-01-26 17:30:17 | 000,353,768 | ---- | C] () -- C:\Users\Paco\Documents\CV FMG.pdf
[2010-01-26 16:02:52 | 000,095,695 | ---- | C] () -- C:\Users\Paco\Documents\CV FMG.docx
[2010-01-26 12:38:33 | 000,001,802 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AVG Free Tray Icon.lnk
[2010-01-25 22:48:25 | 000,000,017 | ---- | C] () -- C:\Users\Paco\AppData\Local\resmon.resmoncfg
[2010-01-25 22:37:25 | 000,001,787 | ---- | C] () -- C:\Users\Paco\Desktop\CCleaner.lnk
[2010-01-25 21:53:22 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010-01-25 21:53:22 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010-01-25 21:53:22 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010-01-25 21:34:06 | 000,000,036 | ---- | C] () -- C:\Users\Paco\AppData\Local\housecall.guid.cache
[2010-01-25 20:58:37 | 000,001,172 | ---- | C] () -- C:\Users\Paco\Desktop\Spybot - Search & Destroy.lnk
[2010-01-25 20:55:52 | 000,001,995 | ---- | C] () -- C:\Users\Paco\Desktop\HijackThis.lnk
[2010-01-19 15:10:44 | 000,000,939 | ---- | C] () -- C:\Users\Public\Desktop\iPhone Explorer.lnk
[2010-01-19 09:42:10 | 000,002,130 | ---- | C] () -- C:\Users\Paco\Desktop\Windows Live Mail.lnk
[2010-01-19 00:40:05 | 000,000,032 | ---- | C] () -- C:\Windows\0
[2010-01-19 00:40:05 | 000,000,000 | ---- | C] () -- C:\Windows\System32\0
[2009-12-17 19:06:41 | 000,000,301 | ---- | C] () -- C:\Windows\Sierra.ini
[2009-12-14 13:10:55 | 000,000,309 | ---- | C] () -- C:\Windows\SoftWriting.ini
[2009-12-04 19:36:39 | 000,000,144 | ---- | C] () -- C:\Windows\ODBC.INI
[2009-12-04 19:36:20 | 000,251,904 | ---- | C] () -- C:\Windows\System32\orant71.dll
[2009-12-04 19:36:18 | 000,903,168 | ---- | C] () -- C:\Windows\System32\mitmdl30.dll
[2009-12-04 19:36:18 | 000,019,456 | ---- | C] () -- C:\Windows\System32\lfwpg60n.dll
[2009-12-04 19:36:18 | 000,019,456 | ---- | C] () -- C:\Windows\System32\lfwmf60n.dll
[2009-12-04 19:36:17 | 000,176,128 | ---- | C] () -- C:\Windows\System32\lffax60n.dll
[2009-12-04 19:36:17 | 000,141,824 | ---- | C] () -- C:\Windows\System32\lfcmp60n.dll
[2009-12-04 19:36:17 | 000,110,080 | ---- | C] () -- C:\Windows\System32\lfpng60n.dll
[2009-12-04 19:36:17 | 000,046,080 | ---- | C] () -- C:\Windows\System32\lftif60n.dll
[2009-12-04 19:36:17 | 000,023,552 | ---- | C] () -- C:\Windows\System32\lfpcx60n.dll
[2009-12-04 19:36:17 | 000,022,528 | ---- | C] () -- C:\Windows\System32\lfpct60n.dll
[2009-12-04 19:36:17 | 000,022,528 | ---- | C] () -- C:\Windows\System32\lfeps60n.dll
[2009-12-04 19:36:17 | 000,022,016 | ---- | C] () -- C:\Windows\System32\lfbmp60n.dll
[2009-12-04 19:36:17 | 000,020,480 | ---- | C] () -- C:\Windows\System32\lfpsd60n.dll
[2009-12-04 19:36:17 | 000,019,968 | ---- | C] () -- C:\Windows\System32\lftga60n.dll
[2009-12-04 19:36:17 | 000,018,432 | ---- | C] () -- C:\Windows\System32\lfmsp60n.dll
[2009-12-04 19:36:17 | 000,017,920 | ---- | C] () -- C:\Windows\System32\lfmac60n.dll
[2009-10-22 12:53:28 | 000,000,092 | ---- | C] () -- C:\Users\Paco\AppData\Local\fusioncache.dat
[2009-10-18 10:05:28 | 000,007,168 | ---- | C] () -- C:\Users\Paco\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009-09-10 09:29:50 | 001,761,280 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2009-07-27 20:31:54 | 000,000,083 | -HS- | C] () -- C:\ProgramData\.zreglib
[2009-07-06 12:40:36 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2009-06-21 22:19:55 | 000,168,448 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2009-06-21 22:19:54 | 000,795,648 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009-06-21 22:19:53 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2009-06-21 22:19:53 | 000,130,048 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009-06-21 22:19:52 | 000,084,480 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009-06-21 22:19:52 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2009-06-19 19:56:07 | 000,055,856 | ---- | C] () -- C:\Windows\System32\vnetinst.dll
[2009-05-24 21:10:36 | 000,177,152 | ---- | C] () -- C:\Windows\System32\drivers\XRNBO.sys
[2009-05-11 08:39:16 | 000,000,323 | ---- | C] () -- C:\Windows\PidList.ini
[2009-05-10 22:16:25 | 000,000,049 | -H-- | C] () -- C:\Users\Paco\AppData\Roaming\MaxBulk registration.ini
[2009-05-10 12:44:59 | 000,000,115 | ---- | C] () -- C:\Windows\multiview.ini
[2009-05-10 11:46:10 | 000,000,600 | ---- | C] () -- C:\Users\Paco\AppData\Roaming\winscp.rnd
[2009-04-21 21:50:07 | 000,073,216 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009-04-21 21:40:32 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2008-12-29 08:13:30 | 000,028,544 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys
[2008-12-07 12:44:54 | 000,030,088 | ---- | C] () -- C:\Windows\System32\drivers\btnetBus.sys
[2008-10-24 15:16:36 | 000,040,960 | ---- | C] () -- C:\Windows\System32\Language.dll
[2008-09-19 22:28:08 | 000,307,200 | ---- | C] () -- C:\Windows\System32\ShowHCRemCfgWnd.dll
[2008-09-19 21:54:20 | 000,032,768 | ---- | C] () -- C:\Windows\System32\RemoteCfgRes_TRAD.dll
[2008-09-19 21:45:22 | 000,045,056 | ---- | C] () -- C:\Windows\System32\RemoteCfgRes_ENG.dll
[2008-09-19 21:45:18 | 000,032,768 | ---- | C] () -- C:\Windows\System32\RemoteCfgRes_CHI.dll
[2008-08-11 14:02:24 | 000,421,944 | ---- | C] () -- C:\Windows\System32\playm4.dll
[2008-07-30 14:36:00 | 000,356,352 | ---- | C] () -- C:\Windows\System32\HCNetSDK.dll
[2007-08-06 10:07:30 | 000,008,784 | ---- | C] () -- C:\Windows\System32\ractrlkeyhook.dll
[2006-03-09 15:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2009-04-21 23:24:12 | 000,053,328 | ---- | M] (Microsoft Corporation) MD5=7DFFC1CD425BCD998D9FDA0192383A19 -- C:\Windows\ERDNT\cache\AGP440.sys
[2009-04-21 23:24:12 | 000,053,328 | ---- | M] (Microsoft Corporation) MD5=7DFFC1CD425BCD998D9FDA0192383A19 -- C:\Windows\System32\drivers\AGP440.sys
[2009-04-21 23:24:12 | 000,053,328 | ---- | M] (Microsoft Corporation) MD5=7DFFC1CD425BCD998D9FDA0192383A19 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_e13b2b757efc5205\AGP440.sys
[2009-04-21 23:24:12 | 000,053,328 | ---- | M] (Microsoft Corporation) MD5=7DFFC1CD425BCD998D9FDA0192383A19 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7100.0_none_2b05e59d13c6aac3\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009-04-21 23:24:04 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=80C40F7FDFC376E4C5FEEC28B41C119E -- C:\Windows\ERDNT\cache\atapi.sys
[2009-04-21 23:24:04 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=80C40F7FDFC376E4C5FEEC28B41C119E -- C:\Windows\System32\drivers\atapi.sys
[2009-04-21 23:24:04 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=80C40F7FDFC376E4C5FEEC28B41C119E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_b27d5421375ad1cd\atapi.sys
[2009-04-21 23:24:04 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=80C40F7FDFC376E4C5FEEC28B41C119E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7100.0_none_4e2b207b769f9fe5\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2009-04-21 23:20:04 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=EC9930C8CDF46295A1354256435CB5DE -- C:\Windows\ERDNT\cache\cngaudit.dll
[2009-04-21 23:20:04 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=EC9930C8CDF46295A1354256435CB5DE -- C:\Windows\System32\cngaudit.dll
[2009-04-21 23:20:04 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=EC9930C8CDF46295A1354256435CB5DE -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7100.0_none_5956e38684aa4f03\cngaudit.dll

< MD5 for: IASTORV.SYS >
[2009-04-21 23:24:21 | 000,332,368 | ---- | M] (Intel Corporation) MD5=AC958B65CDE27ADFDEC628BF7ECCEB8C -- C:\Windows\System32\drivers\iaStorV.sys
[2009-04-21 23:24:21 | 000,332,368 | ---- | M] (Intel Corporation) MD5=AC958B65CDE27ADFDEC628BF7ECCEB8C -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys
[2009-04-21 23:24:21 | 000,332,368 | ---- | M] (Intel Corporation) MD5=AC958B65CDE27ADFDEC628BF7ECCEB8C -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7100.0_none_20044ad9dcddcbd8\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009-04-21 23:21:18 | 000,561,152 | ---- | M] (Microsoft Corporation) MD5=A3EA8619FBBC2D270D79C241CE426618 -- C:\Windows\ERDNT\cache\netlogon.dll
[2009-04-21 23:21:18 | 000,561,152 | ---- | M] (Microsoft Corporation) MD5=A3EA8619FBBC2D270D79C241CE426618 -- C:\Windows\System32\netlogon.dll
[2009-04-21 23:21:18 | 000,561,152 | ---- | M] (Microsoft Corporation) MD5=A3EA8619FBBC2D270D79C241CE426618 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7100.0_none_6eaaafa48d0fb9a0\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2009-04-21 23:24:17 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=93CF6F974095F7D146AA273F3BF418D7 -- C:\Windows\System32\drivers\nvstor.sys
[2009-04-21 23:24:17 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=93CF6F974095F7D146AA273F3BF418D7 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_4d1b6b7b67c54c8c\nvstor.sys
[2009-04-21 23:24:17 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=93CF6F974095F7D146AA273F3BF418D7 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7100.0_none_aacdbb89141475b0\nvstor.sys

< MD5 for: SCECLI.DLL >
[2009-04-21 23:21:47 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=686BAFE6AF35AF1C8D5EB536A8500430 -- C:\Windows\ERDNT\cache\scecli.dll
[2009-04-21 23:21:47 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=686BAFE6AF35AF1C8D5EB536A8500430 -- C:\Windows\System32\scecli.dll
[2009-04-21 23:21:47 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=686BAFE6AF35AF1C8D5EB536A8500430 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7100.0_none_a900dabd2e31405b\scecli.dll

< %systemroot%\*. /mp /s >

< End of report >

OTL Extras logfile created on: 17-Feb-10 4:39:14 PM - Run 5
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Users\Paco\Desktop
Ultimate Edition (Version = 6.1.7100) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7100.0)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd-MMM-yy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 44.00% Memory free
5.00 Gb Paging File | 3.00 Gb Available in Paging File | 65.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 58.50 Gb Total Space | 2.60 Gb Free Space | 4.45% Space Free | Partition Type: NTFS
Drive D: | 24.41 Gb Total Space | 7.97 Gb Free Space | 32.66% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 28.78 Gb Total Space | 4.45 Gb Free Space | 15.46% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded

Computer Name: INST-LPSIST
Current User Name: Paco
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.reg [@ = Regedit.Document] -- Reg Error: Key error. File not found

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Windows\system32\sysservice.exe" = C:\Windows\system32\sysservice.exe:*:Enabled:DNS client -- File not found


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{064CF445-2F23-4F63-A98E-F76F5B305CF8}" = TuneUp Utilities (VMware ThinApp)
"{067EC517-9731-43FD-B4D5-296EE0027BBB}" = LogMeIn Hamachi
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0B143533-B58A-48D6-B972-1187F398FC63}" = Foxit Editor
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0E0DF90C-D0BA-4C89-9262-AD78D1A3DE51}" = HP USB Disk Storage Format Tool
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4
"{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{2133CB3F-F891-4081-8681-FEE2B2419FF4}" = Orb Runtime libraries
"{2168245A-B5AD-40D8-A641-48E3E070B5B6}" = Adobe Flash CS4 STI-en
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2613BAFB-DA85-4371-91DC-72A82B196BD1}" = Precios2008
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 17
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{3248F0A8-6813-11D6-A77B-00B0D0150120}" = J2SE Runtime Environment 5.0 Update 12
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{428FDF9F-E010-4C4C-A8BB-156960AFCA1C}" = Adobe Fireworks CS4
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{482A01F8-A9C9-4DB6-84DE-265A2B763F20}_is1" = LogMeTT 2.9.7
"{48FB7C81-0EF5-4857-8849-DD526BAC7A36}" = Java Advanced Imaging 1.1.3 for JRE
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{5783F2D7-7001-0409-0002-0060B0CE6BBA}" = AutoCAD 2009 - English
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{61D6891E-E822-4448-9F9A-0AAAAEB6AF6C}" = Adobe Creative Suite 4 Master Collection
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69DAC00A-7665-4E9B-B441-093D40736429}" = HP BatteryCheck 2.10 A2
"{755C5628-7C85-C99A-4035-1B89D6D43BD8}" = TweetDeck
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{793D1D88-6141-43DE-BE58-59BCE31B4090}" = Adobe Flash CS4 Extension - Flash Lite STI en
"{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7FD8B0C1-CDDA-4B4D-A577-B2E3570EA3A3}_is1" = iPhone Explorer 0.990
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D976BE0-3A25-4EDF-9BB4-86AC2D01CBE7}" = Spanish interface language for ABBYY FineReader 8.0 Professional Edition
"{90120000-0015-0C0A-0000-0000000FF1CE}" = Microsoft Office Access MUI (Spanish) 2007
"{90120000-0016-0C0A-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Spanish) 2007
"{90120000-0018-0C0A-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Spanish) 2007
"{90120000-0019-0C0A-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Spanish) 2007
"{90120000-001A-0C0A-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Spanish) 2007
"{90120000-001B-0C0A-0000-0000000FF1CE}" = Microsoft Office Word MUI (Spanish) 2007
"{90120000-001F-0403-0000-0000000FF1CE}" = Microsoft Office Proof (Catalan) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0416-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Brazil)) 2007
"{90120000-001F-042D-0000-0000000FF1CE}" = Microsoft Office Proof (Basque) 2007
"{90120000-001F-0456-0000-0000000FF1CE}" = Microsoft Office Proof (Galician) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0C0A-0000-0000000FF1CE}" = Microsoft Office Proofing (Spanish) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0C0A-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Spanish) 2007
"{90120000-006E-0C0A-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Spanish) 2007
"{90120000-00A1-0C0A-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Spanish) 2007
"{90120000-00BA-0C0A-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Spanish) 2007
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A53A11EA-0095-493F-86FA-A15E8A86A405}" = VMware Player
"{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AAF80000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 8.0 Professional Edition
"{AC76BA86-1033-F400-7760-000000000004}_911" = Adobe Acrobat 9.1.1 - CPSID_49013
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{B23C3CB7-5E2F-4D1F-857B-65EC0A12BE72}" = ClientSoftware(v4.01MD)
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B7C076CA-126E-497C-8724-B589F54031AF}" = HDD Regenerator
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BBF6D0CD-A081-369F-B0B8-F168594CBB6B}" = Google Talk Plugin
"{C249E68E-BE69-41F6-B2B0-EACEE04C41B0}" = Precios2008
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E31FB69B-FE13-4652-92A9-E7E2ED67E371}" = Sybase PowerBuilder 11.5
"{E56D39F8-2A9F-44B4-B068-A72E45A073E6}" = Safari
"{E83A7FBC-61E5-4E97-9510-DEDC084C2C8D}" = Spanish language for ABBYY FineReader 8.0 Professional Edition
"{E8EE9410-8AC4-4F43-A626-DDECA75C79F3}" = Adobe Setup
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_b2d6abde968e6f277ddbfd501383e02" = Adobe Creative Suite 4 Master Collection
"AhnLab Online Security" = AhnLab Online Security
"AnyDVD" = AnyDVD
"AutoCAD 2009 - English" = AutoCAD 2009 - English
"avast5" = avast! Free Antivirus
"CCleaner" = CCleaner
"CloneDVD2" = CloneDVD2
"CNXT_HDAUDIO" = Conexant HD Audio
"CNXT_MODEM_PCI_VEN_14F1&DEV_5045_wis30A5z" = Soft Data Fax Modem with SmartCP
"Comical_is1" = Comical 0.8
"DOSShell" = DOSShell 1.5
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ESET Online Scanner" = ESET Online Scanner v3
"FileZilla Client" = FileZilla Client 3.2.6
"Gabriel Knight 3" = Gabriel Knight 3
"HDMI" = Intel® Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"HotspotShield" = Hotspot Shield 1.30
"InstallShield_{48FB7C81-0EF5-4857-8849-DD526BAC7A36}" = Java Advanced Imaging 1.1.3 for JRE
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"IrfanView" = IrfanView (remove only)
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.8.0 (Full)
"LogMeIn Hamachi" = LogMeIn Hamachi
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MaxBulk Mailer_is1" = MaxBulk Mailer 6.3.0
"Maxthon2" = Maxthon2
"Maxthon3" = Maxthon 3
"Mozilla Firefox (3.6)" = Mozilla Firefox (3.6)
"My Lockbox_is1" = My Lockbox 1.6 for Windows 2000/XP
"No-IP.com DUC" = No-IP.com DUC (remove only)
"Orcad Family Release 9.2 Standalone" = Orcad Family Release 9.2 Standalone
"PowerISO" = PowerISO
"PROSet" = Intel® Network Connections Drivers
"RemoteDesktopManager" = Remote Desktop Manager 5.0.2.0 (remove only)
"Sandboxie" = Sandboxie 3.44
"SimpleOCR 3.1" = SimpleOCR 3.1
"SpywareBlaster_is1" = SpywareBlaster 4.2
"ST6UNST #1" = pakExtract
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"The Beast Within_is1" = The Beast Within English
"UltraISO_is1" = UltraISO Premium V9.0
"Uninstall Winner_is1" = Uninstall Winner 2.3
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"winscp3_is1" = WinSCP 4.2.1 beta

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"uTorrent" = µTorrent
"Winamp Detect" = Winamp Detector Plug-in
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users